Kubernetes and Airgap

Best practices for creating airgap installations on Kubernetes

Kubernetes and Airgap

When distributing a Kubernetes (or Helm) application using Replicated Ship, there will be a running Kubernetes cluster to deploy to. Enterprise Kubernetes clusters that are used for internal applications can be installed and operated in airgapped environments. An airgap cluster is any cluster that doesn’t have outbound Internet access, and therefore cannot pull the application images from a Docker registry.

The recommended way to deploy applications to airgap clusters is to require a Docker registry that’s already running in the customer environment.

When requiring an existing Docker registry to use, the images will have to be retagged and pushed to the registry at install time. Replicated Ship supports this workflow from the workstation that’s performing the installation:

  1. Require that the installer provide the registry name and namespace in the registry
  2. Require that the workstation running the installation be logged in to the registry

Once these requirements are met, the Ship assets and scripts can:

  1. Pull all public and private images using Docker
  2. Retag the images to match the registry endpoint and namespace
  3. Update the Kubernetes YAML to reflect the correct registry to pull from

Example using Kubernetes and a Registry

    - docker:
        dest: ./images/redis.tar
        image: redis:4.1
    - inline:
        dest: ./k8s/redis.yml
        contents: |
          apiVersion: v1
          kind: Pod
            name: redis
            - name: redis
              image: {{repl ConfigOption "registry_endpoint"}}/{{repl ConfigOption "registry_namespace"}}/redis:4/1
              - name: MASTER
                value: "true"
              - containerPort: 6379
    - inline:
        dest: ./install.sh
        mode: 0755
        contents: |

          docker load < ./installer/images/redis.tar
          docker tag redis:4.1 {{repl ConfigOption "registry_endpoint"}}/{{repl ConfigOption "registry_namespace"}}/redis:4.1
          docker push {{repl ConfigOption "registry_endpoint"}}/{{repl ConfigOption "registry_namespace"}}/redis:4.1

          kubectl apply -f ./installer/k8s

    - name: registry
      title: Docker Registry
        - name: registry_endpoint
          type: text
          required: true
          help_text: registry.mycompany.com
        - name: registry_namespace
          type: text
          required: true
          help_text: myapp