Skip to main content

Downloading the Images

The Carbide Secured Registry (CSR) is not intended to be used as the primary registry for running Kubernetes clusters. Instead, follow these steps to download and package the images to move over an airgap to your own registry.

If you're copying images into a connected registry, check the documentation here.

This example uses Hauler, but any tool with the ability to push/pull an OCI image will be adequate.

Downloading Secured Images

NOTE: The following steps are for pulling the multi-arch images. Please see the Hauler Docs for how to specify a specific platform.

Carbide

1. Generate the Hauler manifest for Carbide.

The Hauler manifest is a yaml file which specifies the artifacts to fetch.

cat <<EOF > carbide-images.yaml
apiVersion: content.hauler.cattle.io/v1
kind: Images
metadata:
name: carbide-images
spec:
images:
$(curl -sfL https://raw.githubusercontent.com/rancherfederal/carbide-releases/main/carbide-images.txt | sed '/nats/d' | sed 's/^/ - name: /')
---
apiVersion: content.hauler.cattle.io/v1
kind: Images
metadata:
name: carbide-dependency-images
spec:
images:
$(curl -sfL https://raw.githubusercontent.com/rancherfederal/carbide-releases/main/carbide-images.txt | sed '/rgcr/d' | sed 's/^/ - name: /')
EOF

You can optionally set metadata such as platform specs and public keys in the manifest instead of through command line flags (not shown in this example). For more information on this, check out the Hauler Manifests guide.

2. Fetch the content from the Hauler manifest.

The hauler store sync command syncs the content specified in the manifest with the Hauler store, which can then be copied to your registry.

Setting --store allows you to specify the Hauler store, in this case, carbide-store. You may also specify the desired platform at this step with --platform.

hauler store sync --store carbide-store --files carbide-images.yaml --platform <platform/arch> --key carbide-key.pub

3. Save and output the content from the Hauler store to a tarball.

If you named your store in the previous step, specify which store you'd like to save.

Use --filename to name the tar file output.

hauler store save --store carbide-store --filename carbide-images.tar.zst

Rancher

Carbide customers can also fetch collections from the CSR, which will pull all the required artifacts for a product into the Hauler store.

Installing Rancher requires Cert Manager, which can be pulled from the CSR as well.

1. Log in to the Carbide Secured Registry.

hauler login -u <username> -p <password> rgcrprod.azurecr.us

2. Sync Rancher to your Hauler store.

Specify the --products flag with your desired version.

hauler store sync --store rancher-store --products rancher=v2.8.3 --key carbide-key.pub --platform <platform/arch>

3. Save the Hauler store as a tarball.

hauler store save --store rancher-store --filename rancher-images.tar.zst

Cert Manager

Sync content:

hauler store sync --store certmanager-store --products cert-manager=v1.14.4 --key carbide-key.pub --platform <platform/arch>

Save tarball:

hauler store save --store certmanager-store --filename certmanager-images.tar.zst

RKE2

Sync content:

hauler store sync --store rke2-store --products rke2=v1.27.12+rke2r1 --key carbide-key.pub --platform <platform/arch>

Save tarball:

hauler store save --store rke2-store --filename rke2-images.tar.zst

K3s

Sync content:

hauler store sync --store k3s-store --products k3s=v1.27.12-k3s1 --key carbide-key.pub --platform <platform/arch>

Save tarball:

hauler store save --store k3s-store --filename k3s-images.tar.zst

Harvester

Sync content:

hauler store sync --store harvester-store --products harvester=v1.4.1 --key carbide-key.pub --platform <platform/arch>

Save tarball:

hauler store copy --store harvester-store --filename harvester-images.tar.zst

Longhorn

Sync content:

hauler store sync --store longhorn-store --products longhorn=v1.6.1 --key carbide-key.pub --platform <platform/arch>

Save tarball:

hauler store save --store longhorn-store --filename longhorn-images.tar.zst

NeuVector

Sync content:

hauler store sync --store neuvector-store --products neuvector=v5.3.2 --key carbide-key.pub --platform <platform/arch>

Save tarball:

hauler store save --store neuvector-store --filename neuvector-images.tar.zst

Kubewarden

Sync content:

hauler store sync --store kubewarden-store --products kubewarden=kubewarden-controller-2.0.11 --key carbide-key.pub --platform <platform/arch>

Save tarball:

hauler store save --store kubewarden-store --filename kubewarden-images.tar.zst

See Loading Local Images to Registry for information on loading the images into your airgapped registry.