Skip to main content
Version: 2.10

Install in Air-Gapped Environments

Air-gapped environments present unique challenges for deploying Kubernetes applications like Portworx Backup. These isolated networks, completely disconnected from the internet, require careful planning and preparation to ensure successful deployment. This guide walks you through the complete process of installing Portworx Backup in such restricted environments.

Prerequisites

Before starting the air-gapped installation, ensure you have:

  • Kubernetes cluster: A running Kubernetes cluster (version 1.19 or later) deployed in a secure, isolated network without direct internet access.
  • Private container registry: An internal container registry (such as Harbor, Nexus, or Docker Registry) that cluster nodes can reach to pull container images.
  • kubectl: The Kubernetes command-line tool properly configured with cluster credentials and able to execute commands against your air-gapped cluster.
  • Helm 3.x: Helm package manager (version 3.0 or later) installed on your local machine or bastion host with access to the cluster for managing deployments.
  • Storage class: A configured storage class that can provision persistent volumes for Portworx Backup components, with at least 100GB of available storage capacity.
  • Administrative access: Cluster administrator privileges or sufficient RBAC permissions to create namespaces, deploy applications, and manage cluster-wide resources.
  • All required container images: Portworx Backup container images (version 2.10.0) and dependencies transferred from external sources and pushed to your private registry before installation.

Key Considerations for Air-Gapped Installations

The fundamental difference between air-gapped and internet-connected installations lies in image sourcing and dependency management. Instead of pulling images from public registries, your deployment will reference your private registry for all container images. This requires careful attention to image tagging and registry configuration.

Image preparation becomes a critical step that must be completed outside the air-gapped environment. You will need to pull all required images, save them to portable media, and then load them into your private registry. This process includes not just the main Portworx Backup images, but also any dependencies and supporting components.

Network isolation, while providing security benefits, means that any troubleshooting or updates must be planned and executed without external connectivity. This makes thorough testing and validation even more important than in connected environments.

Installation Workflow

The air-gapped installation follows a structured approach that begins with comprehensive preparation outside the isolated environment. You will start by identifying and downloading all required container images, then transferring them into your air-gapped network and loading them into your private registry.

Security and Compliance Benefits

Air-gapped deployments offer significant security advantages by eliminating external network dependencies. This isolation reduces the attack surface and ensures that your backup infrastructure operates within your organization's security boundaries. However, this security comes with the responsibility of maintaining image integrity and managing updates manually.

Next Steps

Begin your air-gapped installation journey with the Pre-Installation Requirements, which covers the essential preparation steps including image collection and private registry setup. Once your environment is properly prepared, proceed to the Air-Gapped Installation Guide for the complete deployment process.