Skip to main content

Downloading the Images

This page will walk you through locally downloading our secured images from our hardened registry, as well as packaging them to move over an airgap into your registry.

This demonstration will be using hauler, but any tool with the ability to push/pull an oci image will be adequate.

If you're copying images into a connected registry, check the documentation here.

Downloading Secured Images

Carbide

NOTE: We are actively working to improve the collection and formatting of the below procceses. Additionally, please see the Hauler Docs for how to specify a specific platform.

# generate the hauler manifest for carbide
cat <<EOF > carbide-images.yaml
apiVersion: content.hauler.cattle.io/v1alpha1
kind: Images
metadata:
  name: carbide-images
  annotations:
    hauler.dev/key: carbide-key.pub
spec:
  images:
$(curl -sfL https://raw.githubusercontent.com/rancherfederal/carbide-releases/main/carbide-images.txt | sed '/nats/d' | sed 's/^/    - name: /')
---
apiVersion: content.hauler.cattle.io/v1alpha1
kind: Images
metadata:
  name: carbide-dependency-images
spec:
  images:
$(curl -sfL https://raw.githubusercontent.com/rancherfederal/carbide-releases/main/carbide-images.txt | sed '/rgcr/d' | sed 's/^/    - name: /')
EOF

# fetch the content from generated hauler manifest
# verify the location of the key and the platform/architecture
# key verification is not used here due to natsio images not being signed
hauler store sync --store carbide-store --files carbide-images.yaml --platform <platform/arch>

# save and output the content from the hauler store to tarball
hauler store save --store carbide-store --filename carbide-images.tar.zst

K3s

# fetch the content from the carbide secured registry
# verify the version, location of the key, and the platform/architecture
hauler store sync --store k3s-store --products k3s=v1.27.12-k3s1 --key carbide-key.pub --platform <platform/arch>

# save and output the content from the hauler store to tarball
hauler store save --store k3s-store --filename k3s-images.tar.zst

RKE2

# fetch the content from the carbide secured registry
# verify the version, location of the key, and the platform/architecture
hauler store sync --store rke2-store --products rke2=v1.27.12+rke2r1 --key carbide-key.pub --platform <platform/arch>

# save and output the content from the hauler store to tarball
hauler store save --store rke2-store --filename rke2-images.tar.zst

Rancher

Cert Manager

# fetch the content from the carbide secured registry
# verify the version, location of the key, and the platform/architecture
hauler store sync --store certmanager-store --products cert-manager=v1.14.4 --key carbide-key.pub --platform <platform/arch>

# save and output the content from the hauler store to tarball
hauler store save --store certmanager-store --filename certmanager-images.tar.zst

Rancher

# fetch the content from the carbide secured registry
# verify the version, location of the key, and the platform/architecture
hauler store sync --store rancher-store --products rancher=v2.8.3 --key carbide-key.pub --platform <platform/arch>

# save and output the content from the hauler store to tarball
hauler store save --store rancher-store --filename rancher-images.tar.zst

Longhorn

# fetch the content from the carbide secured registry
# verify the version, location of the key, and the platform/architecture
hauler store sync --store longhorn-store --products longhorn=v1.6.1 --key carbide-key.pub --platform <platform/arch>

# save and output the content from the hauler store to tarball
hauler store save --store longhorn-store --filename longhorn-images.tar.zst

NeuVector

# fetch the content from the carbide secured registry
# verify the version, location of the key, and the platform/architecture
hauler store sync --store neuvector-store --products neuvector=v5.3.2 --key carbide-key.pub --platform <platform/arch>

# save and output the content from the hauler store to tarball
hauler store save --store neuvector-store --filename neuvector-images.tar.zst

Kubewarden

# fetch the content from the carbide secured registry
# verify the version, location of the key, and the platform/architecture
hauler store sync --store kubewarden-store --products kubewarden=kubewarden-controller-2.0.11 --key carbide-key.pub --platform <platform/arch>

# save and output the content from the hauler store to tarball
hauler store save --store kubewarden-store --filename kubewarden-images.tar.zst

See Loading Local Images to Registry for information on loading the images into your airgapped registry.