Containerized Proxy Deployment Using Internal Registry

It is possible to deploy containerized images in an environment without an internet connection. In such case, the images can be copied from SUSE registry to an internal registry, or saved to a tar file.

1. Image Copying from SUSE Registry to Internal Registry

Machines must have access to registry.suse.com.

Procedure: Deploying Proxy from an Internal Image Registry
  1. On a machine with access to registry.suse.com install skopeo:

    zypper in skopeo

    This can be SUSE Manager Server.

  2. Copy images between registries:

    for image in httpd salt-broker squid ssh tftpd; do
        skopeo copy docker://registry.suse.com/suse/manager/5.0/proxy-$image:latest docker://<your_server>/registry.suse.com/suse/manager/5.0/proxy-$image
    done

    For every skopeo command add --dest-tls-verify=false if the registry is not secured.

  3. If the registry is unsecured, for example not configured with SSL, add the registry domain to the section registries.insecure on the containerized proxy virtual machine by editing:

    /etc/containers/registries.conf
  4. To start using the images from the internal registry please adapt the NAMESPACE value in file /etc/sysconfig/uyuni-proxy-systemd-services.config.

    For the k3s deployment, add --set repository=<your_server> to the helm install command line.

2. Air-gapped Solution for Podman

This example illustrates deployment of containerized image on a machine with no access to internet.

Procedure: Deploying Air-gapped Proxy

+ . On a machine with internet access run:

+

for image in httpd salt-broker squid ssh tftpd; do
    podman pull registry.suse.com/suse/manager/5.0/proxy-$image
done

podman save -m -o proxy-images.tar \
    registry.suse.com/suse/manager/5.0/proxy-httpd \
    registry.suse.com/suse/manager/5.0/proxy-salt-broker \
    registry.suse.com/suse/manager/5.0/proxy-squid \
    registry.suse.com/suse/manager/5.0/proxy-ssh \
    registry.suse.com/suse/manager/5.0/proxy-tftpd

+

For the k3s deployment, add --set repository=<your_server> to the helm install command line.

+ . Transfer the proxy-images.tar to the air-gapped proxy. . To make images available to be started when needed, run the command:

+

podman load -i proxy-images.tar