Mirror Images
Mirrors Witboost Docker images from the source registry to a target registry. This command automatically extracts the list of images to mirror from a specific witboost version, and mirrors them in the specified target registry.
Prerequisites
- The CLI has internet access, this is mandatory to reach the Agilelab registry
- The CLI has been initialized (i.e.
witboost init)
Mirror Mode Prerequisites
Skopeo Mode (default)
- Skopeo must be installed
Docker Mode (fallback)
- Docker must be installed and running
Usage
witboost mirror-images --witboost-version <version> --target <registry>
Required Options
| Option | Description |
|---|---|
--witboost-version <string> | Witboost version to mirror |
--target <string> | Target registry URL (e.g., registry.company.com) |
Optional Options
| Option | Description | Default |
|---|---|---|
--mode <string> | Mirror mode: skopeo (default) or docker | skopeo |
--target-username <string> | Target registry username | None |
--target-password <string> | Target registry password | None |
--prefix <string> | Image prefix for target registry | None |
--values <string> | Path to values.yaml file to use with helm template | None |
--dry-run | Show what would be mirrored without copying | false |
--insecure | (skopeo mode only) Allow HTTP connections to target registry | false |
--skip-target-validation | (skopeo mode only) Skip target registry connectivity check | false |
--cert-dir <string> | (skopeo mode only) Path to TLS certificates directory | None |
--multi-arch <string> | (skopeo mode only) Multi-architecture support: all, system, or index-only | all |
Examples
Dry run
This options allows to preview the computed names for the target images
witboost-infra mirror-images --witboost-version 1.0.0 --target registry.company.com --dry-run
Basic mirroring
witboost-infra mirror-images --witboost-version 1.0.0 --target registry.company.com
Mirror with prefix
Depending on your registry configuration, you might want to specify a prefix to properly store the images.
witboost-infra mirror-images \
--witboost-version 1.0.0 \
--target registry.company.com \
--prefix foo/bar/witboost
This command will mirror the images under the following path, for example:
registry.agilelab.com/witboost_image:1.0.0 --> registry.company.com/foo/bar/witboost/witboost_image:1.0.0
Mirror with custom values.yaml
When you need to mirror images based on a specific configuration, you can provide a custom values.yaml file:
witboost-infra mirror-images \
--witboost-version 1.0.0 \
--target registry.company.com \
--values /path/to/your/values.yaml
This will use your custom values.yaml file with the helm template command to extract the exact images that would be deployed with your configuration.
Using Docker mode (fallback)
If Skopeo is not available, you can use Docker mode as a fallback:
witboost-infra mirror-images --witboost-version 1.0.0 --target registry.company.com --mode docker
Docker mode requires Docker daemon to be running and will pull images locally before pushing them to the target registry. This mode uses more disk space and may be slower than Skopeo mode.
The authentication is managed by executing a docker login with the provided target credentials. However, if your target requires custom configuration (e.g. insecure registries, certificates etc.) you will need to prepare your local docker configuration (e.g. daemon.json)
Skip validation
Before mirroring images, the cli tries to validate the access to the registry. In some corner cases, some registries configurations could lead this validation to fail, while the mirrorring could work anyways.
In these scenarios, the validation can be skipped with the --skip-target-validation option.
witboost-infra mirror-images \
--witboost-version 1.0.0 \
--target registry.company.com \
--skip-target-validation
AWS ECR
For AWS Elastic Container Registry (ECR), you need to generate temporary credentials using the AWS CLI.
::: warning
In ECR you need to create the repositories beforehand, you can leverage the witboost mirror-images --dry-run command to list all the images that will be mirrored, and the aws create repository to create the corresponding repositories in ECR before starting the mirroring.
If you omit the repositories creation, the mirror command will throw an error saying that the repository does not exist in the registry.
:::
# Get ECR login token and check docker login
aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin 123456789012.dkr.ecr.us-west-2.amazonaws.com
# Mirror with ECR credentials
witboost-infra mirror-images \
--witboost-version 1.0.0 \
--target 123456789012.dkr.ecr.us-west-2.amazonaws.com \
--target-username AWS \
--target-password $(aws ecr get-login-password --region us-west-2)
Note: The --target-password is dynamically generated using aws ecr get-login-password which provides a temporary token valid for 12 hours.
Azure ACR
For Azure Container Registry (ACR), there are several authentication methods you can use, you can find more here.
The following examples uses Individual Microsoft Entra identity as authentication mechanism.
# Get login token
az acr login --name myregistry --expose-token --query accessToken --output tsv
# Mirror with user token
witboost-infra mirror-images \
--witboost-version 1.0.0 \
--target myregistry.azurecr.io \
--target-username 00000000-0000-0000-0000-000000000000 \
--target-password $(az acr login --name myregistry --expose-token --query accessToken --output tsv)