Self-hosted Registry

You can set up Minimus images to sync with your organization’s private registry. This is relevant if you have an air gapped environment or if regulations and standards require your team to store all your images in a private registry.

With self-hosting configured, your team will be able to pull Minimus images directly from your organization’s private registry.

​

Images included

The sync service covers only Minimus images included in your subscription. For every image type (as in Node, Python, etc.), the sync will include all versions available on Minimus.

​

Online vs. air-gapped registries

The sync process will depend on whether your private registry can connect directly with the Minimus registry or not.

• If your registry is online and supports external connections, you can fully automate the sync service using a scheduled cron job. See networking requirements to make sure your firewall is configured correctly. Once you set up the service, it will run automatically and keep your private registry up to date.
• If your registry is air-gapped (aka offline), the service will involve a manual step to upload the images. See the details below.

​

Tracking image updates

You can set up actions to receive important security updates. This is particularly recommended if your team pulls images from a private registry, and are less likely to follow updates in the Minimus gallery.

We recommend that you continue to visit the Minimus gallery regularly to receive updates and helpful information about image versions, advisories, and vulnerability fixes.

​

Set up self-hosting to an online private registry

Before you begin, install Skopeo on the target host. Installation instructions

Note: Required Skopeo version is 1.12 or higher

1. From the left menu, select Manage > Self-hosting. (Or use this direct link.)

2. Is your registry online or air-gapped? Select the option: Registry with internet connectivity.

   A form with 3 parts will appear: destination details, sync images, set up automation.

3. Fill in the destination details:

   1. Specify your registry URL
   2. How will you authenticate to the registry? Decide between username & password and a certificate file.
      1. If you selected username & password, provide them.
      2. If you selected a certificate file, specify the file path. You can skip this step if the path matches one of the defaults:

         ${XDG_RUNTIME_DIR}/containers/auth.json
$HOME/.docker/config.json
      3. Save your inputs.

4. Fill in the form to sync the images:

   1. Download the provided YAML file and save it on the host where Skopeo is installed.

   2. (Optional) Specify the path to the YAML file to update the placeholder in the following code snippet.

   3. Run the provided sync command. Copy the provided code snippet and run it on your target host. Example code:

      Skopeo sync --dest-creds minime:longpassword --src yaml --dest docker {PATH TO YAML} registry.minime.com
      

   4. Click next to progress.

5. Set up automation. This step is recommended but not strictly required.

   1. Open the crontab file on the target host to edit it:

      crontab -e
      

   2. Add the provided cron job entry to run the command every day at midnight. For example:

      0 0 * * * /usr/bin/skopeo sync --src docker --dest docker reg.mini.dev/ registry.local:5000
      

​

Set up self-hosting for an air-gapped private registry

Before you begin, install Skopeo on the target host. Installation instructions

1. From the left menu, select Manage > Self-hosting. (Or use this direct link.)

2. Is your registry online or air-gapped? Select the option: Air-gapped registry (no internet).

   A form with 3 parts will appear: destination details, sync images, set up automation.

3. Fill in the destination details:

   1. Specify the path to your removable drive.
   2. You have the option to input air-gapped registry details so that Minimus can configure the Skopeo commands on your behalf. You can toggle off this section to skip this step and configure the Skopeo commands independently.
      1. Provide the internal URL for your air-gapped registry.
      2. Decide whether to provide username & password or a certificate file
      3. If you selected username & password, provide them.
      4. If you selected a certificate file, specify the file path. You can skip this step if the path matches one of the defaults:

         ${XDG_RUNTIME_DIR}/containers/auth.json
$HOME/.docker/config.json
      5. Save your inputs.

4. Fill in the form to sync the images:

   1. Download the provided YAML file and save it on your internet-connected host (Skopeo must be installed on this host.

   2. (Optional) Specify the path to the YAML file to update the placeholder in the following code snippet.

   3. Run the provided sync command to copy the images to the removable drive:

      Skopeo sync --so yaml --dest dir REPLACE WITH PATH TO YAML /media/usb/
      

   4. Connect the removable drive to your air-gapped environment.

   5. Run the provided sync command to copy the images from the removable drive to your registry. For example:

      skopeo sync --dest-cert-dir /home/auth/ --src dir --dest docker \ /media/usb/ registry.minime.com
      

   6. Click next to progress.

5. Set up partial automation. This step is recommended but not strictly required. It will automate the sync on your internet-connected machine to save you time.

   1. Open the crontab file on the internet-connected host to edit it:

      crontab -e
      

   2. Add the provided cron job entry to run the command every day at midnight. For example:

      0 0 * * * /usr/bin/skopeo sync --src docker --dest docker reg.mini.dev/ registry.local:5000
      

   3. Repeat the above steps to move the images to your removable drive and copy them to your registry. This step is manual and cannot be automated.