Using a Windows Pause Image for an Air-Gapped Environment

Page last updated:

This topic describes configuring a private registry and a Windows pause image for an air-gapped environment for Windows worker-based Kubernetes clusters in Tanzu Kubernetes Grid Integrated Edition (TKGI).

Overview

To deploy a Windows pod, Kubelet deploys a Windows container image fetched from a Docker registry.

Microsoft restricts distribution of Windows container base images and the fetched Windows container image is typically pulled from the Microsoft Docker registry. This registry is inaccessible from within an air-gapped environment.

To deploy Windows pods in an air-gapped environment you must have a Windows container image in a private Docker registry:

Prepare Your Private Docker Registry

Your private Docker registry must meet the following requirements:

  • The registry must be accessible from your Tanzu Kubernetes Grid Integrated Edition environment.
  • The registry must be configured to support Microsoft Windows images. For an example of a Windows-supporting registry, see Pushing Images in the VMware Harbor documentation.

Follow the instructions for the Docker registry you chose to configure an accessible Windows image-supporting registry.

Prepare a Windows Pause Image for an Air-Gapped Environment

To prepare a Windows pause image for an air-gapped environment, perform the following:

  1. Create an accessible Windows Server 2019 machine in your environment.
  2. Install Docker on this Windows Server 2019 machine.
  3. Configure the machine’s Docker daemon to allow non-redistributable artifacts to be pushed to your private registry. For information about configuring your Docker daemon, see Allow push of nondistributable artifacts in the Docker documentation.
  4. Open a command line on the Windows machine.
  5. To download a Windows container image from the Microsoft Docker registry, run the following command:

    docker pull mcr.microsoft.com/k8s/core/pause:1.3.0
    
  6. To tag the Windows container image, run the following command:

    docker tag mcr.microsoft.com/k8s/core/pause:1.3.0  REGISTRY-ROOT/windows/pause:1.3.0
    

    Where REGISTRY-ROOT is your private registry’s URI.

  7. To upload the Windows container image to your accessible private registry, run the following command:

    docker push  PAUSE-IMAGE-URI
    

    Where PAUSE-IMAGE-URI is the URI to the Windows pause image in your private registry. Your pause image URI should follow the pattern: my.private.registry/windows/pause:1.3.0.

Configure Tanzu Kubernetes Grid Integrated Edition to Use the Windows Pause Image

To configure Tanzu Kubernetes Grid Integrated Edition to fetch your accessible Windows container image when deploying Windows pods, perform the following:

  1. Open the Tanzu Kubernetes Grid Integrated Edition tile.
  2. Click the Windows worker Plan that you want to configure to use your accessible private registry.
  3. Modify the Kubelet customization - Windows pause image location property to be your pause image URI.

    For example:

    my.private.registry/windows/pause:1.3.0
    
  4. Click Save.


Please send any feedback you have to pks-feedback@pivotal.io.