Using a custom image registry

There might be reasons to pull the container images only from internal image registries, not directly from external registries like Quay.io or GitHub. To do so, follow along with this guide.

Notice

The Microgateway Operator verifies the digest of the Airlock Microgateway images and, therefore, cannot be modified. Since pulling and pushing the images changes the digest, use a tool like CRANE to transfer the images into a custom registry.

We recommend preserving the original image names when copying images to a custom registry.

How to use your custom image registry

Copy the Airlock Microgateway images into your custom image registry.
Image link-list:
- Microgateway Operator – quay.io/airlock/microgateway-operator
- Microgateway CNI plugin – quay.io/airlock/microgateway-cni
- Microgateway Engine – quay.io/airlock/microgateway-engine
- Microgateway Session Agent – quay.io/airlock/microgateway-session-agent
- netcat (Microgateway Network Validator) – cgr.dev/chainguard/netcat
For example, copy a remote image from <SRC> to <DST> while retaining the digest value running:
Terminal box
```
crane copy <SRC> <DST>
```
Adjust the Airlock Microgateway CNI helm chart values, i.e. with a pullsecret (if required) and the repository information, for example:

Terminal box

imagePullSecrets: # in case of a private registry 
- name: <pullsecret for custom-registry:8080> 
 
image:  
  repository: custom-registry:8080/custom-namespace/airlock-microgateway-cni

Adjust the Airlock Microgateway Operator helm chart values, i.e. with a pullsecret (if required) and the repository information, for example:

Terminal box

imagePullSecrets: # in case of a private registry 
- name: <pullsecret for custom-registry:8080>
 
operator:  
  image:  
    repository: custom-registry:8080/custom-namespace/airlock-microgateway-operator 
 
engine:  
  image:  
    repository: custom-registry:8080/custom-namespace/airlock-microgateway-engine 
 
networkValidator:  
  image:  
    repository: custom-registry:8080/custom-namespace/netcat

With the adjustments, the images will be pulled from the custom image registries. The pull secret for the custom registry containing the Engine and Network Validator images must be added to application Pods with injected Airlock Microgateway Engines. Subsequently, the Pods must be restarted to be updated.

Further information and links

Internal links:

Microgateway Operator

External links: