Mirroring quay.io repository

IBM Security® provides scripts you can use to mirror your repository with quay.io.

The App Host is limited to one repository; therefore you cannot connect to your own repository and quay.io, where the apps are located. To use both the apps published in the IBM® App Exchange and your own custom apps, you need to copy the published containers from quay.io to your repository.

You can use the following scripts, both available from here.
  • mirror-all-images.sh, which you use to copy all app container images from quay.io to your private repository.
  • mirror-images.sh, which you use to copy select apps container images from quay.io to your private repository.
Before running either script, review the following:
  • Podman or docker is installed on your system, and the command line JSON processor, jq, is available.
  • The script does not provide a login to your repository. You must log in or have write access to the your container repository before running the script. If root permissions are needed to run these commands, use sudo or su to access the login account.
  • If working with HTTP registry with podman, add insecure_registry as an argument. If working with docker, you might be required to edit /.docker/config.json or an environment variable.
  • Use latest_tag to retrieve only the most recent version of the app instead of all the unique versions that exist on quay.io.
To run the mirror-all-images script, enter the following command along with the name or IP address of your repository and, optionally, the tool you use. If the tool name is not entered, the script attempts to determine which tool exists.
/bin/bash mirror-all-images <name or IP address of replication registry> [docker | podman]
In the following example, the replication repository is fqdn.registry.io and the tool is podman.
/bin/bash mirror-all-images fqdn.registry.io podman 
To run the mirror-images script, you need to add two files, which are used to control the behavior of the script:
  • repo_quay.conf - a list of container names and versions, one per line, to replicate. The format of a line is container_name:x.x.x where x.x.x is the tagged version.
  • preserved_images.conf - a list of container names and versions, one per line, to retain in the local docker or podman image container environment. The format of a line is the same as used in the repo_quay.conf file, container_name:x.x.x.
Use the following command to run the mirror-images script.
/bin/bash mirror-images <name or IP address of replication registry> [docker | podman]
In the following example, the replication repository is fqdn.registry.io and the tool is podman. The repo_quay.conf file lists two apps to replicate and the preserved_images.conf file lists one app to preserve.
/bin/bash mirror-images fqdn.registry.io podman repo_quay.conf
   fn_utilities:1.140
   fn_xforce:1.0.0

preserved_images.conf
   fn_utilities:1.140