Air-gapped clusters


This document walks you through the process of installing Portworx into an air-gapped environment. First, you must fetch the required Docker images from the public Internet registries. Then, you are required to load these images onto your nodes. Once you’ve loaded the Portworx images, you will continue with the standard installation procedure.

Step 1: Fetch Portworx images

  1. Export your Kubernetes version with:

    export KBVER=$(kubectl version --short | awk -Fv '/Server Version: / {print $3}')

    If the current node doesn’t have kubectl installed, set the KBVER variable manually by running export KBVER=<YOUR_KUBERNETES_VERSION>.

    For example, if your Kubernetes version is 1.11.2, run the following command:

    export KBVER=1.11.2
  2. Pull the Portworx images by running:

    PX_IMGS="$(curl -fsSL "https://install.portworx.com/2.2/?kbver=$KBVER&type=oci&lh=true&ctl=true&stork=true&csi=true" | awk '/image: /{print $2}' | sort -u)"
    PX_IMGS="$PX_IMGS portworx/talisman:latest portworx/px-node-wiper:2.1.4"
    PX_ENT=$(echo "$PX_IMGS" | sed 's|^portworx/oci-monitor:|portworx/px-enterprise:|p;d')
    
    echo $PX_IMGS $PX_ENT | xargs -n1 docker pull
  3. (Optional) Copy the Portworx images to the airgapped node:

    docker save $PX_IMGS $PX_ENT | ssh <intranet-host> docker load

    For <intranet-host>, use the address of your node.

Note that the above command uses ssh to load the images on a node called intranet-host. If your cluster nodes don’t have Internet access, you first need to copy over the images to one of the nodes using a tarball.

Step 2: Load Portworx images to your nodes

There are two ways in which you can load the Portworx images to your nodes:

Step 2a: Push to a local registry server, accessible by the air-gapped nodes

  1. Export your registry location:

    export REGISTRY=<YOUR_REGISTRY_LOCATION>

    Note that the registry location can be:

    • a registry and its port:
    export REGISTRY=myregistry.net:5443

    or

    • it could include your own repository:
    export REGISTRY=_myregistry.net:5443/px-images
  2. Push the images to the registry:

    # Trim trailing slashes:
    REGISTRY=${REGISTRY%/}
    # re-tag and push into custom/local registry defined previously
    # Check if using custom registry+repository (e.g. `REGISTRY=myregistry.net:5443/px-images`)
    # or just the registry (e.g. `REGISTRY=myregistry.net:5443`)
    echo $REGISTRY | grep -q /
    if [ $? -eq 0 ]; then
        # registry + repo are used -- we'll strip original image repositories
        for i in $PX_IMGS $PX_ENT; do tg="$REGISTRY/$(basename $i)" ; docker pull $i; docker tag $i $tg ; docker push $tg ; done
    else
        # only registry used -- we'll keep original image repositories
        for i in $PX_IMGS $PX_ENT; do tg="$REGISTRY/$i" ; docker pull $i; docker tag $i $tg ; docker push $tg ; done
    fi
Since you are using your custom registry, ensure that you specify it in the spec generator in Registry And Image Settings -> Custom Container Registry Location.

Now that you have loaded the images into your registry, continue with Step 3: Install Portworx.

Step 2b: Push directly to your nodes using a tarball

Follow these steps to save the Portworx images into a tarball and then load them onto your nodes indivudally.

  1. Save all Portworx images into a tarball called px-offline.tar by running:

    docker save -o px-offline.tar $PX_IMGS $PX_ENT
  2. Load the images from the tarball

    You can load all images from the tarball on a node using the docker load command. The following command uses ssh on node1, node2 and node3 to copy the tarball and load it. Change the names of the nodes to match your environment.

    for no in node1 node2 node3; do
        cat px-offline.tar | ssh $no docker load
    done
If you’re using this method, specify Image Pull Policy as IfNotPresent on the “Registry and Image Settings” page when generating the Portworx spec.

Step 3: Install Portworx

Once you have loaded the Portworx images into your registry or nodes, continue with the standard installation procedure.



Last edited: Thursday, Nov 14, 2019