Learn how to mirror an application catalog to a private container registry, using the CLI.

A typical Kubernetes deployment requires many container images to function. When these Kubernetes deployments don't have Internet access, such as those in air-gapped environments, it's time-consuming to move these images from the public container registry to another location that's accessible to the cluster nodes. The ocne catalog mirror command simplifies this process, by enabling users to migrate images used by applications in application catalogs between container registries.

Mirroring an application catalog makes a copy of the container images in an application catalog and copies them to another container registry. You can also create an archive file of the images and save them to the local disk.

The ocne catalog mirror command can clone either all the images that are available in an application catalog, or a subset of images based on a list of applications and their configuration in a cluster configuration file. For example, the following cluster configuration file pulls specific application images and their configuration settings from the default catalog, which uses the Oracle Container Registry:

applications:
  - name: ocne-catalog
  - name: ui

For information on the options available to use in this configuration file, see the applications option in a cluster configuration file in Oracle Cloud Native Environment: Kubernetes Clusters.

The host that runs the CLI must have access to all the relevant container registries, using the Internet, internal networks, or a combination. A private container registry must be on a host that's accessible to all nodes within the cluster.

You can use an existing container registry on the network, or create one for this specific purpose. Oracle provides tools which can be used to create container registries. To use Podman to create a private container registry, see the Oracle Linux: Podman User's Guide.

To pull the images from the default catalog, access to an existing cluster must be set using the kubeconfig file. Creating an ephemeral cluster is an easy method to get access to the default catalog. To start an ephemeral cluster use:

ocne cluster start
export KUBECONFIG=$(ocne cluster show --cluster-name ocne)

If the default catalog isn't deployed to a cluster, or isn't available, the embedded catalog (built into the CLI) is used to mirror the container images.

To see a list of the images that can be mirrored to a private registry, use:

ocne catalog mirror

Some images aren't included when mirroring a catalog, such as flannel and kube-proxy. The excluded images are part of the OCK image, so aren't needed in a catalog mirror.