Install k0rdent Using Pull-Through Registry#
In some semi-airgap environments with internal registry it maybe beneficial to use pull-through setup instead of aigap-bundle upload approach. Which may reduce maintenance needs when upgrading while maintaining control and security.
Note
In this guide, Mirantis Secure Registry (MSR) 4.13 is used as an example for the configuration steps. However, the pull-through instructions can be adapted for any container registry that supports proxy caching, such as standalone Harbor, JFrog Artifactory, or Sonatype Nexus.
MSR configuration#
To setup the pull-through proxy on MSR execute the following steps:
- Add new endpoint with the following parameters:
| Parameter | Value |
|---|---|
| Provider Type | Harbor |
| Endpoint Name | Any descriptive name (e.g., mirantis-registry). |
| Description | Optional |
| Endpoint URL | https://registry.mirantis.com |
| Access ID | N/A |
| Access Secret | N/A |
- Create new project with name
mirantis; while creating the project toggle theProxy Cacheoption and select endpoint created in p.1
Note
For more details regarding Proxy cache configuration consult with the MSR documentation
Installation#
With the MSR configured you should be able to pull images using your internal registry.
All image paths from the mirantis registry will be unchanged, howerver the proxy project name must be added before that. For example:
For image:
registry.mirantis.com/k0rdent-enterprise/kcm-controller:1.3.0
Poxified URL will be:
registry.local/mirantis/k0rdent-enterprise/kcm-controller:1.3.0
given that the proxy project name is mirantis and registry url is registry.local.
Thus the installation command will also have the url change:
helm install kcm oci://registry.local/mirantis/k0rdent-enterprise/charts/k0rdent-enterprise --version 1.3.0 -n kcm-system --create-namespace -f kcm-values.yaml
Warning
Before installing k0rdent using this method you must create values file described in airgap istallation section based on your registry URL.
Full component list#
If you are setting up this mechanism on a platform other than MSR or you have an enhanced security policy you may need a comprehensive list of the image used in k0rdent-enterprise.
You can find the complete list of images here:
https://get.mirantis.com/k0rdent-enterprise/1.3.0/full_images_list.txt
You can use this list to verify that your proxy/security rules cover all necessary components for the k0rdent enterprise.