Docker Images

Cover

Developing Applications with MariaDB & Containers via Docker

Certified images

All the Docker images used by this operator are based on Red Hat UBI and have been certified by Red Hat. The advantages of using UBI based images are:

  • Immutability: UBI images are built to be secure and stable, reducing the risk of unintended changes or vulnerabilities due to mutable base layers.

  • Small size: The UBI minimal and micro variants used by this operator are designed to be lightweight, containing only the essential packages. This can lead to smaller container image sizes, resulting in faster build times, reduced storage requirements, and quicker image pulls.

  • Security and compliance: Regular CVE scanning and vulnerability patching help maintain compliance with industry standards and security best practices.

  • Enterprise-grade support: UBI images are maintained and supported by Red Hat, ensuring timely security updates and long-term stability.

List of compatible images

MariaDB Enterprise Operator is compatible with the following Docker images:

Component
Image
Supported Tags
CPU Architecture

MariaDB Enterprise Operator (ppc64le support)

docker.mariadb.com/mariadb-enterprise-operator

25.8.0

amd64 arm64 ppc64le

MariaDB Enterprise Operator

docker.mariadb.com/mariadb-enterprise-operator

1.0.0

amd64 arm64

MariaDB Enterprise Server (ppc64le support)

docker.mariadb.com/enterprise-server

11.4.7-4.3 11.4.7-4.2 11.4.7-4.1 11.4 10.6.22-18.1 10.6

amd64 arm64 ppc64le

MariaDB Enterprise Server

docker.mariadb.com/enterprise-server

11.4.5-3 11.4.4-2 10.6.21-17 10.6.20-16.1 10.6.19-15.1 10.6.18-14.2 10.6.17-13.2

amd64 arm64

MaxScale Enterprise (ppc64le support)

docker.mariadb.com/maxscale

25.01.3-1 25.01

amd64 arm64 ppc64le

MaxScale Enterprise

docker.mariadb.com/maxscale-enterprise

25.01.2 25.01.1

amd64 arm64

MaxScale

mariadb/maxscale

24.02.5-ubi 24.02-ubi 23.08.9-ubi 23.08-ubi

amd64 arm64

MariaDB Prometheus Exporter (ppc64le support)

mariadb/mariadb-prometheus-exporter-ubi

1.1.0

amd64 arm64 ppc64le

MariaDB Prometheus Exporter

mariadb/mariadb-prometheus-exporter-ubi

1.0.0

amd64 arm64

MaxScale Prometheus Exporter (ppc64le support)

mariadb/maxscale-prometheus-exporter-ubi

1.1.0

amd64 arm64 ppc64le

MaxScale Prometheus Exporter

mariadb/maxscale-prometheus-exporter-ubi

1.0.0

amd64 arm64

MariaDB Enterprise nslcd sidecar

docker.mariadb.com/nslcd

0.9.10-13

amd64 arm64 ppc64le

Refer to the registry documentation to access docker.mariadb.com with your customer credentials.

Working With Air-Gapped Environments

This section outlines several methods for pulling official MariaDB container images from docker.mariadb.com and making them available in your private container registry. This is often necessary for air-gapped, offline, or secure environments.

Option 1: Direct Pull, Tag, and Push

This method is ideal for a "bastion" or "jump" host that has network access to both the public internet (specifically docker.mariadb.com) and your internal private registry.

  1. Log in to both registries. You will need a MariaDB token for the public registry and your credentials for the private one. Refer to the official documentation.

    # Log in to the official MariaDB registry
    docker login docker.mariadb.com
    
    # Log in to your private registry
    docker login <private-registry-url>
  2. Pull the required image. Pull the official MariaDB Enterprise Operator image from its public registry.

    docker pull docker.mariadb.com/mariadb-enterprise-operator:25.8.0
  3. Tag the image for your private registry. Create a new tag for the image that points to your private registry's URL and desired repository path.

    docker tag docker.mariadb.com/mariadb-enterprise-operator:25.8.0 <private-registry-url>/mariadb/mariadb-enterprise-operator:25.8.0
  4. Push the re-tagged image. Push the newly tagged image to your private registry.

    docker push <private-registry-url>/mariadb/mariadb-enterprise-operator:25.8.0

Option 2: Using a Proxy or Caching Registry

Many modern container registries can be configured to function as a pull-through cache or proxy for public registries. When an internal client requests an image, your registry pulls it from the public source, stores a local copy, and then serves it. This automates the process after initial setup.

You can use Harbor as a pull-through cache (Harbor calls this Replication Rules).

Option 3: Offline Transfer using docker save and docker push

This method is designed for fully air-gapped environments where no single machine has simultaneous access to the internet and the private registry.

On the Internet-Connected Machine

  1. Log in and pull the image.

    docker login docker.mariadb.com
    docker pull docker.mariadb.com/mariadb-enterprise-operator:25.8.0
  2. Save the image to a tar archive. This command packages the image into a single, portable file.

    docker save [docker.mariadb.com/mariadb-enterprise-operator:25.8.0 -o mariadb-enterprise-operator_25.8.0.tar

    Use a tool like scp or sftp or a USB drive to copy the generated .tar archives from the internet-connected machine to your isolated systems.

On the Machine with Private Registry Access

  1. Load the image from the archive.

    docker load -i mariadb-enterprise-operator_25.8.0.tar
  2. Log in to your private registry.

    docker login <private-registry-url>
  3. Tag the loaded image. The image loaded from the tar file will retain its original tag. You must re-tag it for your private registry.

    docker tag docker.mariadb.com/mariadb-enterprise-operator:25.8.0 <private-registry-url>/mariadb/mariadb-enterprise-operator:25.8.0
  4. Push the image to your private registry.

    docker push <private-registry-url>/mariadb/mariadb-enterprise-operator:25.8.0

Option 4: For OpenShift, you can use OpenShift Disconnected Installation Mirroring

Refer to the official Red Hat documentation

Option 5: Offline Transfer for containerd Environments

This method is for air-gapped environments that use containerd as the container runtime (common in Kubernetes) and do not have the Docker daemon. It uses the ctr command-line tool to import, tag, and push images. ⚙️

1. On the Bastion Host (with Internet)

First, on a machine with internet access, you'll pull the images and export them to portable archive files.

  1. Pull the Container Image Use the ctr image pull command to download the required image from its public registry.

    ctr image pull docker.mariadb.com/mariadb-enterprise-operator:25.8.0

    Note: If your bastion host uses Docker, you can use docker pull instead as we did in Option 3.

  2. Export the Image to an Archive Next, export the pulled image to a .tar file using ctr image export. The format is ctr image export <output-filename> <image-name>.

    ctr image export mariadb-enterprise-operator-25.8.0.tar docker.mariadb.com/mariadb-enterprise-operator:25.8.0

    Note: To find the exact image name as containerd sees it, run ctr image ls. The Docker equivalent for this step is docker save <image-name> -o <output-filename>.

Repeat this process for all the container images you need to transfer.

2. Transfer the Archives

Use a tool like scp or sftp or a USB drive to copy the generated .tar archives from the bastion host to your isolated systems.

3. On the Isolated Host

Finally, on the isolated system, you will import the archives into containerd. Official Docs

  1. Importing for Kubernetes (Important!) ⚙️ If the images need to be available to Kubernetes, you must import them into the k8s.io namespace by adding the -n=k8s.io flag.

    ctr -n=k8s.io image import mariadb-enterprise-operator-25.8.0.tar
  2. Verify the Image Check that containerd recognizes the newly imported image.

    ctr image ls

    You can also verify that the Container Runtime Interface (CRI) sees it by running:

    crictl images

Important Note

The examples above use the mariadb-enterprise-operator:25.8.0 image. You must repeat the chosen process for all required container images. A complete list is available here

Additional Resources

This page is: Copyright © 2025 MariaDB. All rights reserved.

Last updated

Was this helpful?