Air-gapped clusters

This document walks you through the process of installing Portworx into an air-gapped environment. First, you must fetch the required Docker images from the public Internet registries. Then, you are required to load these images onto your nodes. Once you’ve loaded the Portworx images, you will continue with the standard installation procedure.

Step 1: Fetch Portworx images

1. Export your Kubernetes version with:

   export KBVER=$(kubectl version --short | awk -Fv '/Server Version: / {print $3}')

   If the current node doesn’t have kubectl installed, set the KBVER variable manually by running export KBVER=<YOUR_KUBERNETES_VERSION>.

   For example, if your Kubernetes version is 1.11.2, run the following command:

   export KBVER=1.11.2

2. Pull the Portworx images by running:

   PX_IMGS="$(curl -fsSL "https://install.portworx.com/2.2/?kbver=$KBVER&type=oci&lh=true&ctl=true&stork=true&csi=true" | awk '/image: /{print $2}' | sort -u)"
   PX_IMGS="$PX_IMGS portworx/talisman:latest portworx/px-node-wiper:2.1.4"
   PX_ENT=$(echo "$PX_IMGS" | sed 's|^portworx/oci-monitor:|portworx/px-enterprise:|p;d')
   
   echo $PX_IMGS $PX_ENT | xargs -n1 docker pull

3. (Optional) Copy the Portworx images to the airgapped node:

   docker save $PX_IMGS $PX_ENT | ssh <intranet-host> docker load

   For <intranet-host>, use the address of your node.

Step 2: Load Portworx images to your nodes

There are two ways in which you can load the Portworx images to your nodes:

• If your nodes have access to a private registry, follow Step 2a: Push to a local registry server, accessible by air-gapped nodes.

• Otherwise, follow Step 2b: Push directly to nodes using tarball.

Step 2a: Push to a local registry server, accessible by the air-gapped nodes

1. Export your registry location:

   export REGISTRY=<YOUR_REGISTRY_LOCATION>

   Note that the registry location can be:

   • a registry and its port:

   export REGISTRY=myregistry.net:5443

   or

   • it could include your own repository:

   export REGISTRY=_myregistry.net:5443/px-images

2. Push the images to the registry:

   # Trim trailing slashes:
   REGISTRY=${REGISTRY%/}
   # re-tag and push into custom/local registry defined previously
   # Check if using custom registry+repository (e.g. `REGISTRY=myregistry.net:5443/px-images`)
   # or just the registry (e.g. `REGISTRY=myregistry.net:5443`)
   echo $REGISTRY | grep -q /
   if [ $? -eq 0 ]; then
       # registry + repo are used -- we'll strip original image repositories
       for i in $PX_IMGS $PX_ENT; do tg="$REGISTRY/$(basename $i)" ; docker pull $i; docker tag $i $tg ; docker push $tg ; done
   else
       # only registry used -- we'll keep original image repositories
       for i in $PX_IMGS $PX_ENT; do tg="$REGISTRY/$i" ; docker pull $i; docker tag $i $tg ; docker push $tg ; done
   fi

Now that you have loaded the images into your registry, continue with Step 3: Install Portworx.

Step 2b: Push directly to your nodes using a tarball

Follow these steps to save the Portworx images into a tarball and then load them onto your nodes indivudally.

1. Save all Portworx images into a tarball called px-offline.tar by running:

   docker save -o px-offline.tar $PX_IMGS $PX_ENT

2. Load the images from the tarball

   You can load all images from the tarball on a node using the docker load command. The following command uses ssh on node1, node2 and node3 to copy the tarball and load it. Change the names of the nodes to match your environment.

   for no in node1 node2 node3; do
       cat px-offline.tar | ssh $no docker load
   done

Step 3: Install Portworx

Once you have loaded the Portworx images into your registry or nodes, continue with the standard installation procedure.

• OpenShift

  How to install Portworx with OpenShift

  arrow_forward_ios

• All other

  How to install Portworx with Kubernetes

  arrow_forward_ios