We're setting up a server to host Windows containers. This server gets the images from an internal Docker registry we have setup. The issue is that the server is unable to pull down images because it's trying to get a base image from the internet, and the server has no internet connection.
I found a troubleshooting script from Microsoft and notice one passage:
At least one of 'microsoft/windowsservercore' or 'microsoft/nanoserver' should be installed
- Try docker pull microsoft/nanoserver or docker pull microsoft/windowsservercore to pull a Windows container image
Since my PC has internet connection, I downloaded these images, pushed them to the registry, but pulling the images on the new server fails:
The description for Event ID '1' in Source 'docker' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'Error initiating layer download: Get https://go.microsoft.com/fwlink/?linkid=860052: dial tcp 23.207.173.222:443: connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.'
That link it's trying to get is a base image on the internet, but I thought the registry was storing the complete image, so what gives? Is it really not possible to store the base images in a registry?
Doing some reading I found this: https://docs.docker.com/registry/deploying/#considerations-for-air-gapped-registries
Certain images, such as the official Microsoft Windows base images, are not distributable. This means that when you push an image based on one of these images to your private registry, the non-distributable layers are not pushed, but are always fetched from their authorized location. This is fine for internet-connected hosts, but will not work in an air-gapped set-up.
The doc then details how to setup the registry to store non-distributable layers, but they also say to be mindful of the terms of use for non-distributable layers.
So two possible solutions are: