This topic describes how to configure a private registry and a Windows pause image for an air-gapped environment for Windows worker-based Kubernetes clusters in VMware Tanzu Kubernetes Grid Integrated Edition (TKGI).
To deploy a Windows pod, Kubelet deploys a Windows container image fetched from a Docker registry.
Microsoft restricts distribution of Windows container base images and the fetched Windows container image is typically pulled from the Microsoft Docker registry. This registry is inaccessible from within an air-gapped environment.
To deploy Windows pods in an air-gapped environment you must have a Windows container image in a private Docker registry:
Your private Docker registry must meet the following requirements:
Follow the instructions for the Docker registry you chose to configure an accessible Windows image-supporting registry.
To prepare a Windows pause image for an air-gapped environment, perform the following:
To download a Windows container image from the Microsoft Docker registry, run the following command:
docker pull mcr.microsoft.com/oss/kubernetes/pause:3.6
To tag the Windows container image, run the following command:
docker tag mcr.microsoft.com/oss/kubernetes/pause:3.6 REGISTRY-ROOT/windows/pause:3.6
Where REGISTRY-ROOT
is your private registry’s URI.
To upload the Windows container image to your accessible private registry, run the following command:
docker push PAUSE-IMAGE-URI
Where PAUSE-IMAGE-URI
is the URI to the Windows pause image in your private registry. Specify a pause image URI that follows the pattern: my.private.registry/windows/pause:3.6
.
To configure Tanzu Kubernetes Grid Integrated Edition to fetch your accessible Windows container image when deploying Windows pods, perform the following:
Modify the Kubelet customization - Windows pause image location property to be your pause image URI.
For example:
my.private.registry/windows/pause:3.6
Click Save.