Using ESS with a local registry in air-gapped networks
Using ESS with a local registry in airgapair-gapped networks
In some airgap environments, rather than downloading the airgapped artifacts from the Element EMS service, it may be prefereble to setup your local repository to download the artifacts automatically and make them available to the air-gapped K8s cluster. This article explains the steps required to set this up.
Remote repositories
DuringIn thea installation,connected environment, the ESS Installer downloads artifacts from several remote repositories including:
- gitlab-registry.matrix.org
- docker.io
- ghcr.io
- quay.io
- gcr.io
The exactdigests, locationrepository ofpath, therepository requiredserver artifactsand tag for each artifact are defined in the images_digests.yml file.
An example is below:
images_digests:
adminbot:
access_element_web:
image_digest: sha256:1e7e1503ff73ae01af72dd27d9be387667dbbbcc53870ca02b3b02a1890696a9
image_repository_path: ems-image-store/enterprise/access-token-elementweb
image_repository_server: gitlab-registry.matrix.org
image_tag: v1.11.45
haproxy:
image_digest: sha256:75fc37d6372cc22410bdd6ad0191a8dfeababef2a7d8d585694f21b73c2bb3d6
image_repository_path: library/haproxy
image_repository_server: docker.io
image_tag: 2.8-alpine
pipe:
image_digest: sha256:fdef296a8cc72a6deba2f879ddc8cc94da8a49027c5da6627ababd100efa9e57
image_repository_path: ems-image-store/enterprise/pipe
image_repository_server: gitlab-registry.matrix.org
image_tag: 2.7.0
auditbot:
access_element_web:
image_digest: sha256:1e7e1503ff73ae01af72dd27d9be387667dbbbcc53870ca02b3b02a1890696a9
image_repository_path: ems-image-store/enterprise/access-token-elementweb
image_repository_server: gitlab-registry.matrix.org
image_tag: v1.11.45
haproxy:
image_digest: sha256:75fc37d6372cc22410bdd6ad0191a8dfeababef2a7d8d585694f21b73c2bb3d6
image_repository_path: library/haproxy
image_repository_server: docker.io
image_tag: 2.8-alpine
pipe:
image_digest: sha256:fdef296a8cc72a6deba2f879ddc8cc94da8a49027c5da6627ababd100efa9e57
image_repository_path: ems-image-store/enterprise/pipe
image_repository_server: gitlab-registry.matrix.org
image_tag: 2.7.0
Creating the ConfigMap
In order to override the automatic download of the images from the remote repository by ESS during the install, you will need to inject a new ConfigMap which specifies the local repository to use for each artifact.
You will need to inject a ConfogMapConfigMap with the following structure:
`
data:
images_digests: |
adminbot:
access_element_web:
haproxy:
pipe:
auditbot:
access_element_web:
haproxy:
pipe:
element_call:
element_call:
jwt:
redis:
sfu:
element_web:
element_web:
groupsync:
groupsync:
hookshot:
hookshot:
integrator:
appstore:
integrator:
modular_widgets:
matrix_authentication_service:
init:
matrix_authentication_service:
matrix_content_scanner:
clam_anti_virus:
icap:
matrix_content_scanner:
sliding_sync:
api:
poller:
sydent:
sydent:
sygnal:
sygnal:
synapse:
haproxy:
redis:
synapse:
synapse_admin:
synapse_admin:
well_known_delegation:
well_known_delegation:
Using registry.local as the URL of your local repository, an example manifest would be:
apiVersion: v1
kind: ConfigMap
metadata:
name: <config map name>
namespace: <namespace of your deployment>
data:
images_digests: |
element_web:
element_web:
image_digest: sha256:ee01604ac0ec8ed4b56d96589976bd84b6eaca52e7a506de0444b15a363a6967
image_repository_path: elementdeployment/vectorim/element-web
image_repository_server: localregistry.local
image_tag: v1.11.22
` Steps:
- Modify the images_digest.yml file to create a ConfigMap definition as follows:
- If your registry modifies the package, remove the digest, or create a new one.
- If required, modify the image_repository_path to match your local repository structure.
- Replace the image_repository_server with the URL of your local repository.
- Remove the image_tag (this is automatically added by the Operator)
- Add the
- Create the ConfigMap
- Apply the configmap with
kubectl apply -f images_digest_images_digest_configmap -n <namespace of your deployment>
.