vSphere Registry Mirrors
Configure your cluster to use an existing local registry when attempting to pull images by adding the flag(s) to the dkp create cluster
command to pull images from your local registry.
Kubernetes does not natively provide a registry for hosting the container images you will use to run the applications you want to deploy on Kubernetes. Instead, Kubernetes requires you to use an external solution for storing and sharing container images. There are a variety of Kubernetes-compatible registry options that are compatible with DKP.
How Does it Work?
The first time you request an image from your local registry mirror, it pulls the image from the public registry (such as Docker) and stores it locally before handing it back to you. On subsequent requests, the local registry mirror is able to serve the image from its own storage.
Air-gapped vs Non-air-gapped Environments
In a non-air-gapped environment, you have access to the Internet. You retrieve artifacts from specialized repositories dedicated to them, such as Docker images contained in DockerHub and Helm Charts that come from a dedicated Helm Chart repository. You can also create your own local repository to hold the downloaded container images needed or any custom images you’ve created with the Konvoy Image Builder tool.
In an air-gapped environment, you need a local repository to store Helm charts, Docker images, and other artifacts. Private registries provide security and privacy into enterprise container image storage, whether hosted remotely or on-premises locally in an air-gapped environment. DKP in an air-gapped environment requires a local container registry of trusted images to enable production-level Kubernetes cluster management. However, a local registry is an option in a non-air-gapped environment as well for speed and security.
If you want to use images from this local registry to deploy applications inside your Kubernetes cluster, you’ll need to set up a secret for a private registry. The secret contains your login data, which Kubernetes needs to connect to your private repository.
Related Topics
More information and detail can be found: