Docker Images

Developing Applications with MariaDB & Containers via Docker
Certified images
All the Docker images used by this operator are based on Red Hat UBI and have been certified by Red Hat. The advantages of using UBI based images are:
Immutability: UBI images are built to be secure and stable, reducing the risk of unintended changes or vulnerabilities due to mutable base layers.
Security and compliance: Regular CVE scanning and vulnerability patching help maintain compliance with industry standards and security best practices.
Enterprise-grade support: UBI images are maintained and supported by Red Hat, ensuring timely security updates and long-term stability.
List of compatible images
MariaDB Enterprise Operator is compatible with the following Docker images:
MariaDB Enterprise Operator (ppc64le support)
docker.mariadb.com/mariadb-enterprise-operator
25.8.0
amd64 arm64 ppc64le
MariaDB Enterprise Operator
docker.mariadb.com/mariadb-enterprise-operator
1.0.0
amd64 arm64
MariaDB Enterprise Server (ppc64le support)
docker.mariadb.com/enterprise-server
11.4.7-4.3 11.4.7-4.2 11.4.7-4.1 11.4 10.6.22-18.1 10.6
amd64 arm64 ppc64le
MariaDB Enterprise Server
docker.mariadb.com/enterprise-server
11.4.5-3 11.4.4-2 10.6.21-17 10.6.20-16.1 10.6.19-15.1 10.6.18-14.2 10.6.17-13.2
amd64 arm64
MaxScale Enterprise (ppc64le support)
docker.mariadb.com/maxscale
25.01.3-1 25.01
amd64 arm64 ppc64le
MaxScale Enterprise
docker.mariadb.com/maxscale-enterprise
25.01.2 25.01.1
amd64 arm64
MaxScale
mariadb/maxscale
24.02.5-ubi 24.02-ubi 23.08.9-ubi 23.08-ubi
amd64 arm64
MariaDB Prometheus Exporter (ppc64le support)
mariadb/mariadb-prometheus-exporter-ubi
1.1.0
amd64 arm64 ppc64le
MariaDB Prometheus Exporter
mariadb/mariadb-prometheus-exporter-ubi
1.0.0
amd64 arm64
MaxScale Prometheus Exporter (ppc64le support)
mariadb/maxscale-prometheus-exporter-ubi
1.1.0
amd64 arm64 ppc64le
MaxScale Prometheus Exporter
mariadb/maxscale-prometheus-exporter-ubi
1.0.0
amd64 arm64
MariaDB Enterprise nslcd sidecar
docker.mariadb.com/nslcd
0.9.10-13
amd64 arm64 ppc64le
Refer to the registry documentation to access docker.mariadb.com with your customer credentials.
Working With Air-Gapped Environments
This section outlines several methods for pulling official MariaDB container images from docker.mariadb.com
and making them available in your private container registry. This is often necessary for air-gapped, offline, or secure environments.
Option 1: Direct Pull, Tag, and Push
This method is ideal for a "bastion" or "jump" host that has network access to both the public internet (specifically docker.mariadb.com
) and your internal private registry.
Log in to both registries. You will need a MariaDB token for the public registry and your credentials for the private one. Refer to the official documentation.
# Log in to the official MariaDB registry docker login docker.mariadb.com # Log in to your private registry docker login <private-registry-url>
Pull the required image. Pull the official MariaDB Enterprise Operator image from its public registry.
docker pull docker.mariadb.com/mariadb-enterprise-operator:25.8.0
Tag the image for your private registry. Create a new tag for the image that points to your private registry's URL and desired repository path.
docker tag docker.mariadb.com/mariadb-enterprise-operator:25.8.0 <private-registry-url>/mariadb/mariadb-enterprise-operator:25.8.0
Push the re-tagged image. Push the newly tagged image to your private registry.
docker push <private-registry-url>/mariadb/mariadb-enterprise-operator:25.8.0
Option 2: Using a Proxy or Caching Registry
Many modern container registries can be configured to function as a pull-through cache or proxy for public registries. When an internal client requests an image, your registry pulls it from the public source, stores a local copy, and then serves it. This automates the process after initial setup.
You can use Harbor as a pull-through cache (Harbor calls this Replication Rules).
Option 3: Offline Transfer using docker save
and docker push
docker save
and docker push
This method is designed for fully air-gapped environments where no single machine has simultaneous access to the internet and the private registry.
On the Internet-Connected Machine
Log in and pull the image.
docker login docker.mariadb.com docker pull docker.mariadb.com/mariadb-enterprise-operator:25.8.0
Save the image to a tar archive. This command packages the image into a single, portable file.
docker save [docker.mariadb.com/mariadb-enterprise-operator:25.8.0 -o mariadb-enterprise-operator_25.8.0.tar
Use a tool like
scp
orsftp
or a USB drive to copy the generated.tar
archives from the internet-connected machine to your isolated systems.
On the Machine with Private Registry Access
Load the image from the archive.
docker load -i mariadb-enterprise-operator_25.8.0.tar
Log in to your private registry.
docker login <private-registry-url>
Tag the loaded image. The image loaded from the tar file will retain its original tag. You must re-tag it for your private registry.
docker tag docker.mariadb.com/mariadb-enterprise-operator:25.8.0 <private-registry-url>/mariadb/mariadb-enterprise-operator:25.8.0
Push the image to your private registry.
docker push <private-registry-url>/mariadb/mariadb-enterprise-operator:25.8.0
Option 4: For OpenShift, you can use OpenShift Disconnected Installation Mirroring
Refer to the official Red Hat documentation
Option 5: Offline Transfer for containerd
Environments
containerd
EnvironmentsThis method is for air-gapped environments that use containerd
as the container runtime (common in Kubernetes) and do not have the Docker daemon. It uses the ctr
command-line tool to import, tag, and push images. ⚙️
1. On the Bastion Host (with Internet)
First, on a machine with internet access, you'll pull the images and export them to portable archive files.
Pull the Container Image Use the
ctr image pull
command to download the required image from its public registry.ctr image pull docker.mariadb.com/mariadb-enterprise-operator:25.8.0
Note: If your bastion host uses Docker, you can use
docker pull
instead as we did in Option 3.Export the Image to an Archive Next, export the pulled image to a
.tar
file usingctr image export
. The format isctr image export <output-filename> <image-name>
.ctr image export mariadb-enterprise-operator-25.8.0.tar docker.mariadb.com/mariadb-enterprise-operator:25.8.0
Note: To find the exact image name as
containerd
sees it, runctr image ls
. The Docker equivalent for this step isdocker save <image-name> -o <output-filename>
.
Repeat this process for all the container images you need to transfer.
2. Transfer the Archives
Use a tool like scp
or sftp
or a USB drive to copy the generated .tar
archives from the bastion host to your isolated systems.
3. On the Isolated Host
Finally, on the isolated system, you will import the archives into containerd
. Official Docs
Importing for Kubernetes (Important!) ⚙️ If the images need to be available to Kubernetes, you must import them into the
k8s.io
namespace by adding the-n=k8s.io
flag.ctr -n=k8s.io image import mariadb-enterprise-operator-25.8.0.tar
Verify the Image Check that
containerd
recognizes the newly imported image.ctr image ls
You can also verify that the Container Runtime Interface (CRI) sees it by running:
crictl images
Important Note
The examples above use the mariadb-enterprise-operator:25.8.0
image. You must repeat the chosen process for all required container images. A complete list is available here
Additional Resources
This page is: Copyright © 2025 MariaDB. All rights reserved.
Last updated
Was this helpful?