This topic describes configuring a private registry and a Windows pause image for an air-gapped environment for Windows worker-based Kubernetes clusters in Tanzu Kubernetes Grid Integrated Edition (TKGI).
To deploy a Windows pod, Kubelet deploys a Windows container image fetched from a Docker registry.
Microsoft restricts distribution of Windows container base images and the fetched Windows container image is typically pulled from the Microsoft Docker registry. This registry is inaccessible from within an air-gapped environment.
To deploy Windows pods in an air-gapped environment you must have a Windows container image in a private Docker registry:
Your private Docker registry must meet the following requirements:
Follow the instructions for the Docker registry you chose to configure an accessible Windows image-supporting registry.
To prepare a Windows pause image for an air-gapped environment, perform the following:
To download a Windows container image from the Microsoft Docker registry, run the following command:
docker pull mcr.microsoft.com/oss/kubernetes/pause:3.6
To tag the Windows container image, run the following command:
docker tag mcr.microsoft.com/oss/kubernetes/pause:3.6 REGISTRY-ROOT/windows/pause:3.6
REGISTRY-ROOT is your private registry’s URI.
To upload the Windows container image to your accessible private registry, run the following command:
docker push PAUSE-IMAGE-URI
PAUSE-IMAGE-URI is the URI to the Windows pause image in your private registry. Your pause image URI should follow the pattern:
To configure Tanzu Kubernetes Grid Integrated Edition to fetch your accessible Windows container image when deploying Windows pods, perform the following:
Modify the Kubelet customization - Windows pause image location property to be your pause image URI.