Containerized Proxy Deployment Using Internal Registry
It is possible to deploy containerized images in an environment without an internet connection.
In such case, the images can be copied from SUSE registry to an internal registry, or saved to a tar file.
1. Image Copying from SUSE Registry to Internal Registry
Machines must have access to registry.suse.com.
-
On a machine with access to
registry.suse.cominstallskopeo:zypper in skopeo
This can be SUSE Manager Server.
-
Copy images between registries:
for image in httpd salt-broker squid ssh tftpd; do skopeo copy docker://registry.suse.com/suse/manager/5.0/proxy-$image:latest docker://<your_server>/registry.suse.com/suse/manager/5.0/proxy-$image doneFor every
skopeocommand add--dest-tls-verify=falseif the registry is not secured. -
If the registry is unsecured, for example not configured with SSL, add the registry domain to the section
registries.insecureon the containerized proxy virtual machine by editing:/etc/containers/registries.conf
-
To start using the images from the internal registry please adapt the
NAMESPACEvalue in file/etc/sysconfig/uyuni-proxy-systemd-services.config.For the k3s deployment, add
--set repository=<your_server>to the helm install command line.
2. Air-gapped Solution for Podman
This example illustrates deployment of containerized image on a machine with no access to internet.
+ . On a machine with internet access run:
+
for image in httpd salt-broker squid ssh tftpd; do
podman pull registry.suse.com/suse/manager/5.0/proxy-$image
done
podman save -m -o proxy-images.tar \
registry.suse.com/suse/manager/5.0/proxy-httpd \
registry.suse.com/suse/manager/5.0/proxy-salt-broker \
registry.suse.com/suse/manager/5.0/proxy-squid \
registry.suse.com/suse/manager/5.0/proxy-ssh \
registry.suse.com/suse/manager/5.0/proxy-tftpd
+
|
For the k3s deployment, add |
+
. Transfer the proxy-images.tar to the air-gapped proxy.
. To make images available to be started when needed, run the command:
+
podman load -i proxy-images.tar