You can configure Tanzu Mission Control to pull its agent and extension images from a private, local OCI registry instead of from the Tanzu Mission Control SaaS registry.
A local image registry enables you to configure Tanzu Mission Control to pull its agent and extension images from your private registry (Harbor, for example). You can also perform security and vulnerability scans on all images on your private registry before deploying workloads to your production clusters.
Using your own local image registry makes Tanzu Mission Control SaaS suitable for users that need to perform security and vulnerability scans on all images before deploying to their production clusters. Edge users have more control over when Tanzu Mission Control images are pulled/replicated across the thin network pipes that connect many edge sites to central data centers.
- Use your own local/private OCI image registry.
- Configure Tanzu Mission Control to deploy its agents and extensions from your private registry.
- Run security and vulnerability scans on Tanzu Mission Control cluster components before deploying to your production clusters.
- Control when Tanzu Mission Control agent and extension images are replicated from the Tanzu Mission Control SaaS registry to your private registry (e.g., off-peak for edge locations).
Supported flows include:
- Attach a cluster
- Register a Tanzu Kubernetes Grid management cluster
- Provision/Manage a Tanzu Kubernetes Grid workload cluster
- Configure Policy/IAM
- Configure Data Protection
Supported registry configurations include:
- HTTP, HTTPS
- Internal/Trusted CA Cert (for clusters preconfigured with CA certs by the user)
|Kubernetes Versions 1.23 and later
|LCM of Tanzu Kubernetes Grid clusters
|Tanzu Kubernetes Grid on vSphere v1.6.1 and later
Tanzu Observability and Tanzu Service Mesh are not supported for use with local image registry.