This feature is available for organizational accounts. Learn more

You can set up Minimus images to sync with your organization’s private registry. This is relevant if you have an air gapped environment or if regulations and standards require your team to store all your images in a private registry.

With self-hosting configured, your team will be able to pull Minimus images directly from your organization’s private registry.

Images included

The service will sync all Minimus images included in your subscription. For every image type (for example, Node, Python, etc.), all image versions available from Minimus will be synced.

Online vs. air-gapped registry

The process supports syncing to any private registry, whether it is online or air-gapped. Below is a brief comparison of the process in each situation:

  • If your registry is online and supports external connections, the sync service can be fully automated using a scheduled cron job.
    • Review the Minimus networking requirements to ensure your firewall is configured correctly.
    • Once you set up the service, it will run automatically and keep your private registry up to date.
  • If your registry is air-gapped (aka offline), the sync service can be partially automated using a scheduled cron job. A manual step will be needed to connect to the air-gapped registry and upload the images. See more details below.
Registry ConnectivityExternal ConnectivityAutomationFrequencyTime investment
Online registrySupportedFully supported using cron job schedulingDaily using cron job schedulingOne time set up
Air-gapped registryNot supportedPartially supported using cron job schedulingVaries (depends on the organization)Repeated manual effort involved

Tracking image updates

You can set up actions to receive important security updates. This is particularly recommended if your team pulls images from a private registry, and are less likely to follow updates in the Minimus gallery.

We recommend that you continue to visit the Minimus gallery regularly to receive updates and helpful information about image versions, advisories, and vulnerability fixes.

Set up syncing to an online private registry

1

Prerequisite

Before you begin, install Skopeo on the target host. Skopeo version 1.12 or higher is required. Installation instructions

2

Set up the sync to a registry with internet connectivity

  1. From the left menu, select Manage > Self-hosting. (Or use this direct link.)
  2. Select the tab: Registry with internet connectivity. A form with 3 parts will appear:
    1. Destination details
    2. Sync images
    3. Set up automation
3

Fill in the destination details

  1. Specify your registry URL.
  2. How will you authenticate to the registry? Decide between username & password and an authentication file path.
    1. If you selected username & password, provide them.
    2. If you selected an authentication file path, select the relevant option:
      1. Default file path. Select this option if the path matches one of the defaults:

        ${XDG_RUNTIME_DIR}/containers/auth.json
        $HOME/.docker/config.json
      2. Other file path. Select this option and provide the path.
    3. Select the relevant image architecture: amd64, arm64, or both.
    4. Select Next to continue.
4

Run the commands to sync the images

  1. Download the provided YAML file and save it on a machine where Skopeo is installed.

  2. (Optional) Specify the path to the YAML file to update the placeholder in the code snippet below.

  3. Copy the provided code snippet and run it on your target host. Example command:

    skopeo sync --src yaml --dest docker \
--override-arch amd64 \
{PATH TO YAML} \
https://registry.minime.com

  4. The first time sync should now be done. Your private registry should have copies of all of the images included in your Minimus subscription.

  5. Click Next to set up automation.

5

Set up automation

This step is recommended but not strictly required.

  1. Open the crontab file on the target host to edit it:

    crontab -e

  2. Add the provided cron job entry to run the command every day at midnight. For example:

    0 0 * * * skopeo sync --src yaml --dest docker --override-arch amd64 {REPLACE WITH PATH TO YAML} https://registry.minime.com
6

Good to go!

Your private registry should now sync on a regular schedule and receive Minimus image updates and releases.

Set up syncing for an air-gapped private registry

1

Prerequisite

Before you begin, install Skopeo on your internet-connected machine and the target host in your air-gapped environment. Skopeo version 1.12 or higher is required. Installation instructions

2

Set up the sync to an air-gapped registry

  1. From the left menu, select Manage > Self-hosting. (Or use this direct link.)
  2. Select the tab: Air-gapped registry (no internet). A form with 3 parts will appear:
    1. Destination details
    2. Sync images
    3. Set up automation
3

Fill in the destination details

  1. Specify the path to your Removable drive. The process assumes you will use a removable drive to store the images temporarily.
  2. Air-gapped registry details - Specify the details for Minimus to configure the Skopeo commands for you. Otherwise, you can toggle off this option to skip this step and configure the Skopeo commands independently.
    1. Air-gapped registry URL - Specify the URL for the destination registry.
    2. How will you authenticate to the registry? Decide between username & password and an authentication file path.
      1. If you selected username & password, provide them.
      2. If you selected an authentication file path, select the relevant option:
        1. Default file path. Select this option if the path matches one of the defaults:

          ${XDG_RUNTIME_DIR}/containers/auth.json
          $HOME/.docker/config.json
        2. Other file path. Select this option and provide the path.
      3. Select the relevant image architecture: amd64, arm64, or both.
      4. Select Next to continue.
4

Run the commands to sync the images to the removable drive

  1. Download the provided YAML file and save it on a machine where Skopeo is installed. Connect the removable drive to the machine.

  2. (Optional) Specify the path to the YAML file to update the placeholder in the code snippet below.

  3. Copy the provided code snippet and run it on your target host. Example command:

    skopeo sync --src yaml --dest dir \
--override-arch amd64 \
{PATH TO YAML} \
{PATH TO REMOVABLE DRIVE}

  4. The images should now be on the removable drive, waiting to be transferred to the air-gapped registry.

5

Run the command to sync the images from the removable drive to the air-gapped registry

  1. Move the removable drive to a machine in the air-gapped network.

  2. Copy the provided code snippet and run it on the machine. The command will sync the images from the removable drive to your private registry. Example command:

    skopeo sync --src dir --dest docker \
{PATH TO REMOVABLE DRIVE} \
{URL TO PRIVATE REGISTRY}

  3. The images should now be synced to your air-gapped registry.

  4. Click Next to set up automation.

6

Set up automation

This step is recommended but not required. It can automate the sync to a storage directory on your internet-connected machine. The sync from the removable disk remains manual.

  1. Open the crontab file on the host to edit it:

    crontab -e

  2. Add the provided cron job entry to run the command every day at midnight. For example:

    0 0 * * * skopeo sync --src yaml --dest dir --override-arch amd64 {PATH TO YAML FILE} {PATH TO REMOVABLE DRIVE}
7

Good to go!

Minimus image versions and updates should now sync on a regular schedule to a storage directory, ready to be moved to your private air-gapped registry.

Repeat the above steps to move the images to your removable drive and copy them to your registry. This step is manual and cannot be automated.