How to Efficiently Copy Docker Images Between Air Gapped Repositories

Navigating image transfers between two air-gapped repositories in Docker can be a challenging task. Traditional methods, such as saving images into disk and transferring them via tarballs, tend to be time-consuming due to redundant layer copying and unnecessary data repetition across layers already existing within the remote repository. However, this complexity doesn’t have to hinder your workflow with modern solutions leveraging OCI Image Layout for optimized transfers:

Optimize Transfer Using Open Container Images (OCI) Format

Instead of using tarballs or other packaged formats that don’t capitalise on deduplication, consider employing the Open Container Interface format to represent your Docker repository as a directory structure with content addressable storage. This method ensures layers are transferred efficiently by only replicating what’s necessary:

  1. Organize Your Repository With OCI Format Using Tools Like oras, skopeo or regclient. These tools allow you to handle image directories and leverage deduplication of layers during transfers effectively, reducing data redundancy: 
        # Copy images using regctl with ORAS (example)
    regctl copy ocidir://source:/path/to-sources @ocidir://destination:/copy --strict -v
    
    # Transfer a directory across an air gap, assuming the source and destination have been set up appropriately.
  2. Reuse Disk Space: To avoid redundant download of existing layers during transfer between repositories that share common base images or frequently used dependencies, always utilize disk space from one repository for both sides in a two-way copy operation (source to target and vice versa): 
         # Example using regclient's `regctl` with synchronized directories across the air gap: 
     
     $ source_repo:/path/to/disk:$tag -> Disk A on Source Location Side   
     ... transfer over Air Gap (securely) here...     
         -- copy back to target repository using similar syntax  
         
    # Target repo now has the same directory structure and layers as in Repo 1: $target_repo:/path/to-disk:$tag -> Disk A on Destination Location Side   
     ```
  3. Optimize Large Scale Transfers With regsync: If you’re dealing with a plethsent of images, the command line tool regsync is tailored for large-scale image synchronizations: 
        # Bulk copy or sync using regclient's `regctl`:
    
   $ source_repo:/path/to/:tag -> Disk A on Source Location Side   (preparation phase before transferring over Air Gap)    
       -- securely synchronize and replace target repository at the same path with a fresh disk image: 
         regclient sync @ocidir://destination:$target_repo:/path/to-disk:$tag    [on destination location]  
           (post copy, ensure consistency across two repositories)    
    ```
  4. Maintaining Consistency Across Air Gap Transfers: To maintain a consistent state of your Docker images between the source and target air gapped locations throughout transfers or synchronization processes involving regsync, it’s crucial to validate that all files, directories, symbolic links are accurately mirrored after each step. This can be achieved by running post-transfer integrity checks with commands like: 
        # Validate and ensure consistency across both locations using a checksum command such as `sha256sum`:  
     sha256sum -c <(diffstat /path/to-disk:$tag --no-links | grep -v '^---' |\ tr '\n' '@@')  # generates SHA sum for each file and compares source with target.   
   ```

By adopting the OCI format, optimizing transfers between air gapped repositories becomes not just possible but efficient — reducing transfer times substantially by eliminating redundant copying of layers while preserving data integrity across your Docker images’ lifecycle within disparate secure locations.

Previous Post
How to Revisit Helm s Installation Advice Viewing
Next Post
Resolving host not found in upstream Error in Ng