Skip to main content
Skip table of contents

Azure Registry Mirrors

Configure your cluster to use an existing local registry when attempting to pull images by adding the flag(s) to the dkp create cluster command to pull images from your local registry.

Kubernetes does not natively provide a registry for hosting the container images you will use to run the applications you want to deploy on Kubernetes. Instead, Kubernetes requires you to use an external solution for storing and sharing container images. There are a variety of Kubernetes-compatible registry options that are compatible with DKP.

How Does it Work?

The first time you request an image from your local registry mirror, it pulls the image from the public registry (such as Docker) and stores it locally before handing it back to you. On subsequent requests, the local registry mirror is able to serve the image from its own storage.

Air-gapped vs Non-air-gapped Environments

In a non-air-gapped environment, you have access to the Internet. You retrieve artifacts from specialized repositories dedicated to them, such as Docker images contained in DockerHub and Helm Charts that come from a dedicated Helm Chart repository. You can also create your own local repository to hold the downloaded container images needed or any custom images you’ve created with the Konvoy Image Builder tool.

In an air-gapped environment, you need a local repository to store Helm charts, Docker images, and other artifacts. Private registries provide security and privacy into enterprise container image storage, whether hosted remotely or on-premises locally in an air-gapped environment. DKP in an air-gapped environment requires a local container registry of trusted images to enable production-level Kubernetes cluster management. However, a local registry is an option in a non-air-gapped environment as well for speed and security.

If you want to use images from this local registry to deploy applications inside your Kubernetes cluster, you’ll need to set up a secret for a private registry. The secret contains your login data, which Kubernetes needs to connect to your private repository.

Set the environment variable with your registry information.

CODE
export REGISTRY_URL="<https/http>://<registry-address>:<registry-port>"
export REGISTRY_USERNAME=<username>
export REGISTRY_PASSWORD=<password>
export REGISTRY_CA=<path to the cacert file on the bastion>

Definitions:

  • REGISTRY_URL: the address of an existing local registry accessible in the VPC that the new cluster nodes will be configured to use a mirror registry when pulling images.

Other local registries may use the options below:

  • JFrog - REGISTRY_CA: (optional) the path on the bastion machine to the registry CA. This value is only needed if the registry is using a self-signed certificate and the AMIs are not already configured to trust this CA.

  • REGISTRY_USERNAME: optional-set to a user that has pull access to this registry.

  • REGISTRY_PASSWORD: optional if username is not set.

  • To increase Docker Hub's rate limit use your Docker Hub credentials when creating the cluster, by setting flags --registry-mirror-url=https://registry-1.docker.io --registry-mirror-username=<your-username> --registry-mirror-password=<your-password> when running dkp create cluster.

Use the flag now during dkp create cluster: --registry-mirror-url

Related Topics

More information and detail can be found:

Next Step

If using a Registry Mirror, you need to load the images with Azure Load the Registry.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.