Container images

The Airlock Microgatway container images can be obtained from our Quay.io repositories. The repositories are public, and the images can be pulled without special permissions.

Airlock Microgateway image repositories

Verify the image signature

The Airlock Microgateway images are signed using Cosign, which can be verified easily by running the following command.

 
Terminal box
cosign verify --key https://raw.githubusercontent.com/airlock/microgateway/main/cosign/cosign.pub <image-reference>
 
Info

Verifying the image signature with the cosign.pub key can be automated by a policy controller such as sigstore policy-controller, Kyverno, or Connaisseur.

For more information, see:

Using a custom image registry

There might be reasons to pull the container images only from internal image registries, not directly from external registries like Quay.io or GitHub. To do so, follow along with this guide.

How to use your custom image registry

  1. Copy the Airlock Microgateway images into your custom image registry.

  2. For example, copy a remote image from <SRC> to <DST> while retaining the digest value running:

  3.  
    Terminal box
    crane copy <SRC> <DST>
  4. Adjust the image.repository setting for the Airlock Microgateway Operator Helm chart. For example:
  5.  
    Terminal box
    helm upgrade -i airlock-microgateway \
  oci://quay.io/airlockcharts/microgateway \
  --version 5.0.0 \
  -n airlock-microgateway-system \
  --wait \
  --set operator.image.repository=<MY-REGISTRY>/<MY-REPO>/microgateway-operator \
  --set engine.image.repository=<MY-REGISTRY>/<MY-REPO>/microgateway-engine \
  --set sessionAgent.image.repository=<MY-REGISTRY>/<MY-REPO>/microgateway-session-agent \
  --reuse-values
  6. With the adjustments, the images will be pulled from the custom image registries.

Further information and links

External links: