<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=4730426&amp;fmt=gif">
hauler 2.0

Rancher Government Hauler 2.0: Resilient Artifact Management for Disconnected Environments

RGS

Picture utilizing v1 of Rancher Government Hauler to copy 500 artifacts from a Hauler store to a remote registry over a connection that isn’t reliable. Item 100 hits a hiccup.

Before its newest release, Hauler 2.0, that could mean starting the whole process over. A dropped connection halfway through a large transfer could cost hours.

Problems like that shaped much of the work behind Hauler v2.0.0. The team spent as much time rethinking the architecture to better handle austere environments as adding new features. The result is a release that makes large transfers more resilient, simplifies common tasks, and creates a cleaner foundation for future work.

Improving the Underlying Architecture

As Hauler adoption grew, the team found areas where the architecture had become more complicated than necessary. Two dependencies had become especially difficult to maintain: an intermediary layer for handling OCI artifact transfers, ORAS, and a forked copy of Cosign that Hauler relied on to pull digital signatures, attestations, and SBOMs alongside container images.

Both created the same problem. The team was maintaining dependencies it didn’t own, which meant slower security fixes, less control over the project's direction, and more overhead whenever something upstream changed.

Instead of just upgrading those dependencies, the team removed both, replacing them with direct integrations and building the signature handling internally. That work also opened the door to OCI 1.1 Referrers support and reduced the burden of carrying a forked dependency.

The result is less overhead and a simpler path for future work. It also allows RGS to track upstream security fixes as they land, rather than waiting on a dependency to backport them.

Those changes happen below the surface, but they affect everything built on top. They also make it easier for the team to keep improving the platform over time.

Expanding Resilience When Connectivity Is Limited

Many environments do not provide reliable network connectivity. That becomes a problem when a single failure stops an entire transfer.

Hauler 2.0 introduces retry capabilities and more granular error handling, so a problem with one artifact does not have to stop the entire transfer. Users can automatically retry failed transfers or log the failure and keep the rest of the job moving.

Operators no longer have to restart an entire job every time connectivity becomes unreliable.

Making Everyday Tasks Easier

The architectural work behind Hauler v2.0.0 also made several common workflows easier. Some of those changes are small, but they remove extra steps when moving artifacts into disconnected environments.

Chunked hauls. A multi-gigabyte archive isn’t always welcome wherever it’s headed. --chunk-size splits a haul into smaller files (say, 500 MB chunks) and hauler store load reassembles them automatically on the other end.

Local Docker daemon pull. Pull artifacts directly from your local Docker daemon into your Hauler store, instead of pushing them to a registry first. Useful for when you’re testing something you’re building and don’t want an extra registry hop in the middle.

Trim what you pull. --exclude-extras skips signatures, attestations, and SBOMs when you only need the artifact itself, which is useful for keeping store sizes down.

Dry-run product syncs. Previously, there was no good way to know what a hauler store sync --products would pull before the sync was kicked off, which left users guessing about storage and resource requirements. --dry-run shows the list first, so you can plan for it or trim it before committing bandwidth and disk.

Sync from images.txt files. Hauler sync can now be used directly with images.txt files using the --image-txt flag, simplifying adding images from a local or remote image list to the store.

Repository path rewriting, now GA. Promoted from experimental in v1.4, --rewrite lets you set the destination path when pulling artifacts in, so the eventual copy lands where you expect without manual cleanup later.

Why the Work Underneath Matters

The foundation is updated. The enhancements are new. The mission of Hauler is the same as it's always been: simplify transporting artifacts to the airgap.

The work behind this release makes it easier to manage artifacts in disconnected environments. It also shows the kinds of problems the RGS team is focused on. Reliability matters. So does maintainability. And when conditions are less than ideal, operators should not have to fight the tooling.

Before You Upgrade

Before you upgrade, Hauler 2.0 includes two breaking changes you should check for:

  1. Manifests using apiVersion: hauler.cattle.io/v1alpha1 will be skipped with a warning instead of processed. If you have stored manifests using that API version, update them to hauler.cattle.io/v1 first.
  2. The Cosign fork has been removed and replaced with RGS’s own internal implementation. Existing workflows have been tested extensively, but teams should validate them before rolling Hauler v2.0.0 into production. If anything behaves unexpectedly, file an issue on GitHub.

Get Hauler 2.0


Hauler v2.0.0 is available now. Release notes, documentation, and binaries are available on the Hauler GitHub repository and at the official Hauler docs page. Questions, bugs, and feature requests can be submitted through GitHub, and the team will get back to you as soon as possible!