• ARCGIS

    ArcGIS Overview
    Esri's enterprise geospatial platform
    ArcGIS Online
    Complete SaaS mapping platform
    ArcGIS Pro
    The world's leading GIS software
    ArcGIS Enterprise
    Foundational system for GIS & mapping
    Developer Technology
    Build mapping & spatial analysis applications
    All products

    CAPABILITIES

    Mapping
    See & understand data spatially
    Analytics
    Bring location to analytics
    Data Management
    Manage, enhance & share your GIS data
    All capabilities

    BUY ARCGIS

    User Types
    Role-based access to ArcGIS
    Esri Store
    ArcGIS products from Esri
    How to Buy
    Esri products, partner products & developer subscriptions

    FEATURED SOLUTIONS

    A contour map of a mountain region in shades of green with a red map point connected to a square by a dotted line, indicating how far apart the two are
    ArcGIS for operational intelligence
    ArcGIS for operational intelligence is geospatial software that helps analysts move from strategic to tactical, transforming operations and intelligence data into actionable, real-time insight.
    Explore ArcGIS for operational intelligence

  • INDUSTRIES

    Architecture, Engineering & Construction
    Business
    Conservation
    Education
    Energy Utilities
    Facilities Management
    Health & Human Services
    National Government
    Natural Resources
    Nonprofit
    Public Safety
    Science
    State & Local Government
    Sustainable Development
    Telecommunications
    Transportation
    Water
    All industries

    FEATURED EVENT

    A person wearing a royal blue collared shirt and dark blue suit standing onstage in a vast auditorium speaking to an unseen audience with a blue and purple background
    Esri International Infrastructure Management & GIS Conference
    Join your peers and industry experts at the Esri International IMGIS Conference in Frankfurt, Germany, on April 9-11, 2025 to discover how ArcGIS can optimize operations, boost efficiency, and streamline collaboration across your projects.
    Explore the event page

  • Support & Services

    Services Overview
    Technical Support
    Premium Support
    Training
    Consulting Services
    Managed Cloud Services
    Advantage Program

    SELF-SERVICE

    Path to Geospatial Excellence
    Esri Community
    ArcGIS Blog
    Documentation
    My Esri

    CONTACT US

    Contact Support

    Featured training

    A top-down view of a building model overlaid with an indoor map showing rooms, hallways, and exits surrounded by landscaping
    New Course | Introduction to Indoor Mapping Using ArcGIS Indoors
    Learn how to create and maintain a complete system for indoor mapping and data management.
    Learn more about the course

  • ESRI STORIES

    WhereNext Magazine
    Executive-level news and insights
    Esri Blog
    Real-world, global GIS innovation
    Esri & The Science of Where Podcast
    Voices of business and technology leaders
    ArcUser
    Practical, technical resource for ArcGIS users
    ArcNews
    Industry news and ArcGIS updates
    ArcWatch
    Geospatial news, views, and trends
    All stories

    FEATURED STORY

    Three rows of students both seated and standing smiling and posing for a photo in a University common area
    The Bullard Center’s pioneering environmental justice internship
    Students at Texas Southern University gain essential knowledge and skills in GIS software to address pollution and climate change.
    Read the story

  • About Esri

    About Esri
    Esri Programs & Initiatives
    Events
    Partners
    Careers
    Media & Analyst Relations
    Contact us

    About GIS

    What is GIS?
    Geographic Approach

    Commitment to Innovation

    Artificial Intelligence
    Location Intelligence
    Digital Transformation
    Digital Twin

    FEATURED EVENT

    Presenter stands on a darkened stage and holds a remote device for advancing his presentation in one hand
    Geodesign Summit

    April 29–May 1, 2025

    Join us in Redlands, California, to discover exciting innovations in geodesign and GIS technology that help improve sustainability, confront complex challenges, and better plan for our future.
    Learn about the summit
ArcGIS Enterprise
  • Overview
  • Extensions
    • Mapping Visualization and Analysis
    • Data Management
    • Sharing and Collaboration
    • Customization and Automation
    • Self-Hosted Infrastructure
  • Windows/Linux
  • Kubernetes
    • Purchase Options
Purchase Options
  • Home
  • Introduction
  • Deploy
  • Administer
  • Create
  • Analyze
  • Share
  • Apps
DeployPlan and prepare

Plan and prepare

Plan for deployment Kubernetes concepts and architecture System architecture Architecture profiles Organization URL Cloud integrations Obtain an authorization file Use your organization's container registry Generate encrypted passwords Persistent volumes System requirements Create the cluster Prepare the cluster Use cluster-level ingress controllers Cloud permissions Use a cloud relational store GPU enabled nodes

Deploy

Run the deployment script Create an organization Deploy in a disconnected environment

Configure authentication

Authentication configuration Introduction to SAML OpenId Connect Web-tier authentication Use LDAP or Windows Active Directory for users and groups Use LDAP Use Active Directory Use LDAP or Active Directory and portal-tier authentication

Undeploy

Steps to undeploy
Back to Top
Back to Top

Use your organization's container registry

ArcGIS 11.4 |
11.411.3
|  Help archive

In this topic

  1. Understand registry tools
  2. Prepare your registry when the client machine has access to Docker Hub and your organization's registry
  3. Prepare your registry when your organization's registry is disconnected from the internet
  4. Prepare your registry for updates or upgrades

When using your organization's container registry with ArcGIS Enterprise on Kubernetes, you must prepare it with the Esri container images prior to new deployments, updates, or upgrades. To do so, you can use the registry tools that are included with the software to push Esri's Docker Hub images to your organization's container registry.

Understand registry tools

The ArcGIS Enterprise on Kubernetes deployment package includes a set of tools that are used to transfer images to your organization's container registry.

These tools are found under setup/tools/registry-tools in the directory where you extracted the deployment package and include the following:

  • image-download.sh—Downloads all container images to your specified storage device as .tar.gz archives.
  • image-upload.sh—Uploads container images from the storage device to your container registry.
  • image-transfer.sh—Transfers images directly between two registries. This is faster than using image-download.sh and image-upload.sh if the client workstation can access both registries.
  • create-offline-manifest.sh—Downloads the version manifest and imports it into your organization, allowing offline access to updates and upgrades.

The registry-tools folder also contains the registry-tools.properties.template file. This template properties file can be used with the image-download.sh, image-upload.sh, and image-transfer.sh tools. Refer to the Readme.md file within this folder for more information on the properties file and registry tools.

Prepare your registry when the client machine has access to Docker Hub and your organization's registry

If your client machine has access to Docker Hub and your organization's registry, you can prepare your registry for a new deployment, update, or upgrade by using the image-transfer.sh tool.

To prepare your registry, complete the following steps:

  1. From My Esri, obtain the software version of ArcGIS Enterprise on Kubernetes that you intend to deploy.
  2. Download and extract the deployment script to your client machine.

    To prepare for an upgrade, download the new version of the deployment script to get the latest images.

  3. Open a terminal and change directories to the setup/tools/registry-tools directory.
  4. If your registry requires you to pre-create the image repositories, for example in Amazon Elastic Container Registry (ECR), run the following command to get a list of required image repositories:
    /setup/tools/registry-tools/image-transfer.sh -l
  5. Identify the corresponding version tag for the software release you intend to deploy by referring to the release notes or by running the following command to view the available image tags:

    /setup/tools/registry-tools/image-transfer.sh -s

  6. Use the template located in the registry-tools folder or create a separate properties file and include these parameters:
    DOWNLOAD_REGISTRY="docker.io/esridocker"
DOWNLOAD_USER="<username>"
DOWNLOAD_PASS="<password>"
CURRENT_VERSION="<current_version_tag>"
DOWNLOAD_TAG="<version_tag>"
UPLOAD_REGISTRY="<registry_host>/<organization>"
UPLOAD_USER="<username>"
UPLOAD_PASS="<password>"
UPLOAD_TAG"="<version_tag>"
DOWNLOAD_DIR="</path/to/download/directory>"
ENCRYPTION_KEYFILE"</path/to/keyfile.txt>"

    The encryption keyfile is a plain text file used for AES-256 encryption and decryption of passwords. The content of this file is text that you specify and should not contain passwords. This file should remain in a fixed location and the contents should not be changed. For example: 

    $ echo 'My Encryption Text!' >> /path/to/keyfile.txt
  7. Run the script using the following command: 
    ./image-transfer.sh -f </properties/file/path>

    Because the script transfers all tagged images to your container registry, it takes some time to complete. If a transfer is interrupted, rerun the script to resume it.

    Tip:

    After the image_transfer.sh tool completes, the images still exist within the container runtime cache. To free up space after it has completed successfully, it is recommended to clean up items not needed in the Docker cache. You can do this by running docker system prune or docker image rm.

Prepare your registry when your organization's registry is disconnected from the internet

If your organization's registry is disconnected from the internet, you can prepare your registry for a new deployment, update, or upgrade by using the image-download.sh and image-upload.sh tools.

To prepare your registry, complete the following steps:

  1. From My Esri, obtain the software version of ArcGIS Enterprise on Kubernetes that you intend to deploy.
  2. Download and extract the deployment scripts to the client machine running the download tool and the client machine running the upload tool.

    It is recommended that you use the same version of the deployment scripts. To prepare for an upgrade, download the new version of the deployment scripts to get the latest images.

  3. On the client machine running the download tool, open a terminal and change directories to the setup/tools/registry-tools directory.
  4. If your registry requires you to pre-create the image repositories, for example in Amazon Elastic Container Registry (ECR), run the following command to get a list of required image repositories:
    /setup/tools/registry-tools/image-download.sh -l
  5. Identify the corresponding version tag for the software release you intend to deploy by referring to the release notes or by running the following command to view the available image tags:

    /setup/tools/registry-tools/image-download.sh -s

  6. If you are not using the properties file, run the image-download.sh tool using the following command format:
    ./image-download.sh -r docker.io/esridocker -u <username> -p <password> -d </path/to/download/directory> -t <version_tag>
  7. If you are using the properties file, use the template located in the registry-tools folder or create a separate properties file and include these parameters:
    DOWNLOAD_REGISTRY="<docker.io/esridocker>"
DOWNLOAD_USER="<username>"
DOWNLOAD_PASS="<password>"
DOWNLOAD_TAG="<version_tag>"
DOWNLOAD_DIR="</path/to/download/directory>"
ENCRYPTION_KEYFILE="</path/to/keyfile.txt>"

    The encryption keyfile is a plain text file used for AES-256 encryption and decryption of passwords. The content of this file is text that you specify and should not contain passwords. This file should remain in a fixed location and the contents should not be changed. For example: 

    $ echo 'My Encryption Text!' >> /path/to/keyfile.txt

    1. Run the script using the following command:
      ./image-download.sh -f </properties/file/path>

      Because the script downloads all tagged images from the Esri repository, it takes some time to complete. If a download is interrupted, rerun the script to resume it.

      Tip:

      After the image_download.sh tool completes, the images still exist within the container runtime cache. To free up space after it has completed successfully, it is recommended to clean up items not needed in the Docker cache. You can do this by running docker system prune or docker image rm.

  8. Follow your organization's processes for moving images to your disconnected client machine.

    This machine must have access to your private registry.

  9. On the client machine with access to your container registry, open a terminal and change directories to the setup/tools/registry-tools directory.
  10. If you are not using the properties file, run the image-upload.sh tool using the following command format:
    ./image-upload.sh -r <registry_host>/<organization> -u <username> -p <password> -d </path/to/download/directory> -t <version_tag>
  11. If you are using the properties file, use the template located in the registry-tools folder or create a separate properties file and include these parameters:
    UPLOAD_REGISTRY="<registry_host>/<organization>"
UPLOAD_USER="<username>"
UPLOAD_PASS="<password>"
UPLOAD_TAG="<version_tag>"
DOWNLOAD_DIR="</path/to/download/directory>"
ENCRYPTION_KEYFILE="</path/to/keyfile.txt>"
    1. Run the script use the following command:
      ./image-upload.sh -f <properties file path>

      Because the script uploads all tagged images to your container registry, it takes some time to complete. If an upload is interrupted, rerun the script to resume it.

      Note:

      After the image-upload.sh tool completes, the images still exist within the container runtime cache. To free up space after it has completed successfully, it's recommended to clean up items not needed in the Docker cache. You can do this by running docker system prune or docker image rm.

Prepare your registry for updates or upgrades

If you are preparing your registry before applying the latest update or upgrading your organization, use a properties file and set the CURRENT_VERSION property to ensure that the registry tool only downloads or transfers required images. Once you have completed steps 1-4 in one of the sections above and have populated the properties file, complete the following steps:

  1. Identify the current version of your organization by signing into the Admin API and combining the version and build.

    For example, for version 11.4.0 and build 6144 the CURRENT_VERSION would be 11.4.0.6144.

  2. Set the CURRENT_VERSION property in the properties file.
  3. If you are preparing to apply the latest update, run the image-transfer.sh or image-download.sh tools.
    1. If your client workstation has direct access to both Docker Hub and the target organization registry, run the command in the following format:
      ./image-transfer.sh -f <properties_file> --update
    2. If your client workstation has access to Docker Hub but not the target organization registry, run the command in the following format:
      ./image-download.sh -f <properties_file> --update
  4. If you are preparing to upgrade your organization to the next released version, run the image-transfer.sh or image-download.sh tools.
    1. If your client workstation has direct access to both Docker Hub and the target organization registry, run the command in the following format:
      ./image-transfer.sh -f <properties_file> --upgrade
    2. If your client workstation has access to Docker Hub but not the target organization registry, run the command in the following format:
      ./image-download.sh -f <properties_file> --upgrade
    5. Note:
    If you used the image-download.sh tool, you must also transfer images to a client workstation with access to the organization registry and run the image-upload.sh tool pointing to the directory of the copied image archives.

Feedback on this topic?

In this topic
  1. Understand registry tools
  2. Prepare your registry when the client machine has access to Docker Hub and your organization's registry
  3. Prepare your registry when your organization's registry is disconnected from the internet
  4. Prepare your registry for updates or upgrades
More about Esri and the Science of WhereEsri: The Science of Where
  • FacebookFacebook
  • XTwitter
  • LinkedInLinkedIn
  • Esri CommunityEsri Community
  • InstagramInstagram
  • YouTubeYouTube_30
ArcGIS
  • ArcGIS Overview
  • Mapping
  • ArcGIS Pro
  • ArcGIS Enterprise
  • ArcGIS Online
  • Developer Technology
  • ArcGIS Location Platform
  • Esri Store
  • ArcGIS Architecture Center
Community
  • Esri Community
  • ArcGIS Blog
  • Industry Blog
  • User Research and Testing
  • Esri Young Professionals Network
  • Events
Understanding GIS
  • What is GIS?
  • Location Intelligence
  • Training
  • ArcUser
  • ArcNews
  • ArcWatch
  • Esri Press
  • Esri Videos
Company
  • About Esri
  • Contact Us
  • Careers
  • Open Vision
  • Partners
  • Code of Business Conduct
  • Environmental & Sustainability Statement
Special Programs
  • ArcGIS for Personal Use
  • ArcGIS for Student Use
  • Conservation
  • Disaster Response
  • Education
  • Nonprofit
  • Racial Equity
  • Privacy
  • Accessibility
  • Legal
  • Sitemap
  • Trust Center