Using local asset repositories

• To avoid rate limits or network transfer costs.
• To limit exposure to watering-hole attacks.

There can be one repository for images and another for files.

To configure a local image repository, set either or assets.containerProxy in the cluster spec. They both do essentially the same thing, but containerRegistry avoids using characters in the local image names.

Configuring a local file repository

To configure a local file repository, set assets.fileRepository in the cluster spec.

You can copy assets into their repositories either by running kops get assets --copy or through an external process.

For file assets, kOps only supports copying to a repository that is either an S3 or GCS bucket. An S3 bucket must be configured using the . A GCS bucket must be configured with a prefix of https://storage.googleapis.com/.

You can obtain a list of image and file assets used by a particular cluster by running kops get assets. You can get output in table, YAML, or JSON format. You can feed this into a process, external to kOps, for copying the assets to their respective repositories.