Skip to main content
Skip to navigation
Skip to footerdevsecops
Pulling container images on a node that has no internetA kubernetes worker on a default-deny segment cannot reach any upstream registry. All pulls go through a private OCI registry on the same segment, pre-populated from a control plane that can reach the outside. What it is, what each component does, and the four dead ends on the way.
Last modified: ago
Published on:
A private OCI registry and an upstream pull‑through cacheA private OCI registry behind a network and a pull-through cache in front of three public ones. TLS, redirect chains and what each upstream actually does. Production criteria, homelab budget.
Last modified: ago
Published on:
Last modified: ago
Published on: