|
5 | 5 | [id="proc-install-rhdh-airgapped-environment-ocp-operator_{context}"] |
6 | 6 | = Installing {product} in an air-gapped environment with the Operator |
7 | 7 |
|
| 8 | +You can install {product} in a fully disconnected or partially disconnected environment using the {product} Operator. For a list of supported platforms, see the link:https://access.redhat.com/support/policy/updates/developerhub[{product} Life Cycle page]. |
| 9 | + |
| 10 | +== Installing {product} in a partially disconnected environment with the Operator |
| 11 | + |
8 | 12 | On an {ocp-short} cluster operating on a restricted network, public resources are not available. However, deploying the {product} Operator and running {product-short} requires the following public resources: |
9 | 13 |
|
10 | 14 | * Operator images (bundle, operator, catalog) |
11 | 15 | * Operands images ({product-very-short}, PostgreSQL) |
12 | 16 |
|
13 | | -To make these resources available, replace them with their equivalent resources in a mirror registry accessible to the {ocp-short} cluster. |
| 17 | +To make these resources available, replace them with their equivalent resources in a mirror registry accessible to your cluster. |
14 | 18 |
|
15 | | -You can use a helper script that mirrors the necessary images and provides the necessary configuration to ensure those images will be used when installing the {product} Operator and creating {product-short} instances. |
| 19 | +You can use a helper script that mirrors the necessary images and provides the necessary configuration to ensure those images are used when installing the {product} Operator and creating {product-short} instances. This script requires a target mirror registry. You likely have a target mirror registry if your cluster is already operating on a disconnected network. If you do not already have a target registry, and if you have an {ocp-short} cluster, you might want to expose and leverage the internal cluster registry. |
16 | 20 |
|
17 | | -[NOTE] |
18 | | -==== |
19 | | -This script requires a target mirror registry which you should already have installed if your {ocp-short} cluster is ready to operate on a restricted network. However, if you are preparing your cluster for disconnected usage, you can use the script to deploy a mirror registry in the cluster and use it for the mirroring process. |
20 | | -==== |
| 21 | +When connected to a {ocp-short} cluster, the helper script detects it and automatically exposes the cluster registry. If connected to a Kubernetes cluster, you can manually specify the target registry to mirror the images. |
21 | 22 |
|
22 | 23 | .Prerequisites |
23 | | -* You have an active {openshift-cli} session with administrative permissions to the {ocp-short} cluster. See link:https://docs.redhat.com/en/documentation/openshift_container_platform/{ocp-version}/html-single/cli_tools/index#cli-getting-started[Getting started with the OpenShift CLI]. |
24 | | -* You have an active `oc registry` session to the `registry.redhat.io` {company-name} Ecosystem Catalog. See link:https://access.redhat.com/RegistryAuthentication[{company-name} Container Registry Authentication]. |
25 | | -* The `opm` CLI tool is installed. See link:https://docs.redhat.com/en/documentation/openshift_container_platform/{ocp-version}/html-single/cli_tools/index#olm-about-opm_cli-opm-install[Installing the opm CLI]. |
26 | | -* The jq package is installed. See link:https://jqlang.github.io/jq/download/[Download jq]. |
27 | | -* Podman is installed. See link:https://podman.io/docs/installation[Podman Installation Instructions]. |
28 | | -* Skopeo version 1.14 or higher is installed. link:https://github.com/containers/skopeo/blob/main/install.md[See Installing Skopeo]. |
29 | | -* If you already have a mirror registry for your cluster, an active Skopeo session with administrative access to this registry is required. See link:https://github.com/containers/skopeo#authenticating-to-a-registry[Authenticating to a registry] and link:https://docs.redhat.com/en/documentation/openshift_container_platform/{ocp-version}/html-single/disconnected_installation_mirroring/index#prerequisites_installing-mirroring-installation-images[Mirroring images for a disconnected installation]. |
| 24 | +* You have installed Podman 5.3 or later. For more information, see link:https://podman.io/docs/installation[Podman Installation Instructions]. |
| 25 | +* You have installed Skopeo 1.17 or later. |
| 26 | +* You have installed `yq` 4.44 or later. |
| 27 | +* You have installed the GNU `sed` command line text editor. |
| 28 | +* You have installed `umoci` CLI tool. |
| 29 | +* You have an active `oc registry`, `podman`, or `skopeo` session to the `registry.redhat.io` {company-name} Ecosystem Catalog. For more information, see link:https://access.redhat.com/RegistryAuthentication[{company-name} Container Registry Authentication]. |
| 30 | +* You have an active `skopeo` session with administrative access to the target mirror registry. For more information, see link:https://github.com/containers/skopeo#authenticating-to-a-registry[Authenticating to a registry]. |
| 31 | +* You have installed the `opm` CLI tool. For more information, see link:https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/cli_tools/opm-cli#olm-about-opm_cli-opm-install[Installing the opm CLI]. |
| 32 | +* If you are using an {ocp-short} cluster, you have the following prerequisites: |
| 33 | +** (Optional) You have installed the `oc-mirror` {ocp-short} CLI plugin if you want to use it to mirror images. |
| 34 | +* If you are using a supported Kubernetes cluster, you have the following prerequisites: |
| 35 | +** You have installed the Operator Lifecycle Manager (OLM) on the disconnected cluster. |
| 36 | +** You have a mirror registry that is reachable from the disconnected cluster. |
30 | 37 |
|
| 38 | +.Procedure |
| 39 | +. In your terminal, navigate to the directory where you want to save the mirroring script. |
| 40 | +. Download the mirroring script by running the following command: |
| 41 | ++ |
| 42 | +[source,terminal,subs="attributes+"] |
| 43 | +---- |
| 44 | +curl -sSLO https://raw.githubusercontent.com/redhat-developer/rhdh-operator/refs/heads/release-{product-version}/.rhdh/scripts/prepare-restricted-environment.sh |
| 45 | +---- |
| 46 | ++ |
| 47 | +. Run the mirroring script by using the `bash` command with the appropriate set of options: |
| 48 | ++ |
| 49 | +[source,terminal,subs="+quotes,+attributes"] |
| 50 | +---- |
| 51 | +bash prepare-restricted-environment.sh \ |
| 52 | + --filter-versions "{product-version}" \ |
| 53 | + [--to-registry _<my.registry.example.com>_] \ <1> |
| 54 | + [--use-oc-mirror true] <2> |
| 55 | +---- |
| 56 | +<1> Specifies the URL for the target mirror registry where you want to mirror the images. |
| 57 | +<2> (Optional) Uses the `oc-mirror` {ocp-short} CLI plugin to mirror images. |
| 58 | ++ |
31 | 59 | [NOTE] |
32 | 60 | ==== |
33 | | -The internal {ocp-short} cluster image registry cannot be used as a target mirror registry. See link:https://docs.redhat.com/en/documentation/openshift_container_platform/{ocp-version}/html-single/disconnected_installation_mirroring/index#installation-about-mirror-registry_installing-mirroring-installation-images[About the mirror registry]. |
| 61 | +The script can take several minutes to complete as it copies multiple images to the mirror registry. |
34 | 62 | ==== |
35 | 63 |
|
36 | | -* If you prefer to create your own mirror registry, see link:https://docs.redhat.com/en/documentation/openshift_container_platform/{ocp-version}/html-single/disconnected_installation_mirroring/index#installing-mirroring-creating-registry[Creating a mirror registry with mirror registry for Red Hat OpenShift]. |
37 | | -
|
38 | | -* If you do not already have a mirror registry, you can use the helper script to create one for you and you need the following additional prerequisites: |
| 64 | +.Verification |
| 65 | +* If you are using {ocp-brand-name}, the {product} Operator is in the *Installed Operators* list in the web console. |
| 66 | +* If you are using a supported Kubernetes platform, you can check the list of pods running in the `rhdh-operator` namespace by running the following command in your terminal: |
39 | 67 | + |
40 | | -** The cURL package is installed. For {rhel}, the curl command is available by installing the curl package. To use curl for other platforms, see the link:https://curl.se/[cURL website]. |
41 | | -** The `htpasswd` command is available. For {rhel}, the `htpasswd` command is available by installing the `httpd-tools` package. |
| 68 | +[source,terminal,subs="+quotes,+attributes"] |
| 69 | +---- |
| 70 | +kubectl -n rhdh-operator get pods |
| 71 | +---- |
| 72 | + |
| 73 | +.Next steps |
| 74 | +* Use the Operator to create a {product} instance on a supported platform. For more information, see the following documentation for the platform that you want to use: |
| 75 | +** link:https://docs.redhat.com/en/documentation/red_hat_developer_hub/1.4/html/installing_red_hat_developer_hub_on_openshift_container_platform/assembly-install-rhdh-ocp-operator[Installing {product} on {ocp-short} with the Operator] |
| 76 | +** link:https://docs.redhat.com/en/documentation/red_hat_developer_hub/1.4/html/installing_red_hat_developer_hub_on_amazon_elastic_kubernetes_service/proc-rhdh-deploy-eks-operator_title-install-rhdh-eks[Installing {product-short} on {eks-short} with the Operator] |
| 77 | +** link:https://docs.redhat.com/en/documentation/red_hat_developer_hub/1.4/html/installing_red_hat_developer_hub_on_microsoft_azure_kubernetes_service/proc-rhdh-deploy-aks-operator_title-install-rhdh-aks[Installing {product-short} on {aks-short} with the Operator] |
| 78 | +** link:https://docs.redhat.com/en/documentation/red_hat_developer_hub/1.4/html/installing_red_hat_developer_hub_on_openshift_dedicated_on_google_cloud_platform/proc-install-rhdh-osd-gcp-operator_title-install-rhdh-osd-gcp[Installing {product-short} on {gcp-short} with the Operator] |
| 79 | +** link:https://docs.redhat.com/en/documentation/red_hat_developer_hub/1.4/html/installing_red_hat_developer_hub_on_google_kubernetes_engine/proc-rhdh-deploy-gke-operator.adoc_title-install-rhdh-gke#proc-deploy-rhdh-instance-gke.adoc_title-install-rhdh-gke[Deploying {product-short} on {gke-short} with the Operator] |
| 80 | + |
| 81 | +== Installing {product} in a fully disconnected environment with the Operator |
| 82 | + |
| 83 | +In environments without internet access — whether for security, compliance, or operational reasons — a fully disconnected installation ensures that {product} can run reliably without external dependencies. |
| 84 | + |
| 85 | +If your network has access to the registry through a bastion host, you can use the helper script to install {product} by mirroring the Operator-related images to disk and transferring them to your air-gapped environment without any connection to the internet. |
| 86 | + |
| 87 | +.Prerequisites |
| 88 | + |
| 89 | +* You have installed Podman 5.3 or later. For more information, see link:https://podman.io/docs/installation[Podman Installation Instructions]. |
| 90 | +* You have installed Skopeo 1.17 or later. |
| 91 | +* You have installed `yq` 4.44 or later. |
| 92 | +* You have installed the GNU `sed` command line text editor. |
| 93 | +* You have installed `umoci` CLI tool. |
| 94 | +* You have an active `oc registry`, `podman`, or `skopeo` session to the `registry.redhat.io` {company-name} Ecosystem Catalog. For more information, see link:https://access.redhat.com/RegistryAuthentication[{company-name} Container Registry Authentication]. |
| 95 | +* You have installed the `opm` CLI tool. For more information, see link:https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/cli_tools/opm-cli#olm-about-opm_cli-opm-install[Installing the opm CLI]. |
42 | 96 |
|
43 | 97 | .Procedure |
44 | | -. Download and run the mirroring script to install a custom Operator catalog and mirror the related images: `prepare-restricted-environment.sh` (link:https://github.com/redhat-developer/rhdh-operator/blob/release-{product-version}/.rhdh/scripts/prepare-restricted-environment.sh[source]). |
| 98 | +. Download the mirroring script to disk by running the following command: |
45 | 99 | + |
46 | | -[source,yaml,subs="attributes+"] |
| 100 | +[source,terminal,subs="attributes+"] |
47 | 101 | ---- |
48 | | -curl -sSLO https://raw.githubusercontent.com/redhat-developer/rhdh-operator/release-{product-version}/.rhdh/scripts/prepare-restricted-environment.sh |
49 | | - |
50 | | -# if you do not already have a target mirror registry |
51 | | -# and want the script to create one for you |
52 | | -# use the following example: |
53 | | -bash prepare-restricted-environment.sh \ |
54 | | - --prod_operator_index "registry.redhat.io/redhat/redhat-operator-index:v{ocp-version}" \ |
55 | | - --prod_operator_package_name "rhdh" \ |
56 | | - --prod_operator_bundle_name "rhdh-operator" \ |
57 | | - --prod_operator_version "v{product-bundle-version}" |
58 | | - |
59 | | -# if you already have a target mirror registry |
60 | | -# use the following example: |
61 | | -bash prepare-restricted-environment.sh \ |
62 | | - --prod_operator_index "registry.redhat.io/redhat/redhat-operator-index:v{ocp-version}" \ |
63 | | - --prod_operator_package_name "rhdh" \ |
64 | | - --prod_operator_bundle_name "rhdh-operator" \ |
65 | | - --prod_operator_version "v{product-bundle-version}" \ |
66 | | - --use_existing_mirror_registry "my_registry" |
| 102 | +curl -sSLO https://raw.githubusercontent.com/redhat-developer/rhdh-operator/refs/heads/release-{product-version}/.rhdh/scripts/prepare-restricted-environment.sh |
67 | 103 | ---- |
68 | 104 | + |
| 105 | +. Run the mirroring script by using the `bash` command with the appropriate set of options: |
| 106 | ++ |
| 107 | +[source,terminal,subs="attributes+"] |
| 108 | +---- |
| 109 | +bash prepare-restricted-environment.sh |
| 110 | + --filter-versions "{product-version}" |
| 111 | + --to-dir _<my_pulled_image_location>_ <1> |
| 112 | + [--use-oc-mirror true] <2> |
| 113 | +---- |
| 114 | +<1> Specifies the absolute path to a directory where you want to pull all of the necessary images with the `--to-dir` option, for example, `/home/user/rhdh-operator-mirror-dir`. |
| 115 | +<2> (Optional) Uses the `oc-mirror` {ocp-short} CLI plugin to mirror images. |
| 116 | ++ |
69 | 117 | [NOTE] |
70 | 118 | ==== |
71 | 119 | The script can take several minutes to complete as it copies multiple images to the mirror registry. |
72 | 120 | ==== |
| 121 | ++ |
| 122 | +. Transfer the directory specified by the `--to-dir` option to your disconnected environment. |
| 123 | +. From a machine in your disconnected environment that has access to both the cluster and the target mirror registry, run the mirroring script by using the `bash` command with the appropriate set of options: |
| 124 | ++ |
| 125 | +[source,terminal,subs="+quotes,+attributes"] |
| 126 | +---- |
| 127 | +bash _<my_pulled_image_location>_/install.sh <1> |
| 128 | + --from-dir _<my_pulled_image_location>_ <2> |
| 129 | + [--to-registry _<my.registry.example.com>_] <3> |
| 130 | + [--use-oc-mirror true] <4> |
| 131 | +---- |
| 132 | +<1> The downloaded image and the absolute path to the directory where it is stored on your system. |
| 133 | +<2> Specifies the directory where you want to pull all of the necessary images with the `--to-dir` option. |
| 134 | +<3> Specifies the URL for the target mirror registry where you want to mirror the images. |
| 135 | +<4> (Optional) Uses the `oc-mirror` {ocp-short} CLI plugin to mirror images. |
| 136 | ++ |
| 137 | +[IMPORTANT] |
| 138 | +==== |
| 139 | +If you used `oc-mirror` to mirror the images to disk, you must also use `oc-mirror` to mirror the images from disk due to the folder layout that `oc-mirror` uses. |
| 140 | +==== |
| 141 | ++ |
| 142 | +[NOTE] |
| 143 | +==== |
| 144 | +The script can take several minutes to complete as it automatically installs the {product} Operator. |
| 145 | +==== |
| 146 | + |
| 147 | +.Verification |
| 148 | +* If you are using {ocp-brand-name}, the {product} Operator is in the *Installed Operators* list in the web console. |
| 149 | +* If you are using a supported Kubernetes platform, you can check the list of pods running in the `rhdh-operator` namespace by running the following command in your terminal: |
| 150 | ++ |
| 151 | +[source,terminal,subs="+quotes,+attributes"] |
| 152 | +---- |
| 153 | +kubectl -n rhdh-operator get pods |
| 154 | +---- |
| 155 | + |
| 156 | +.Next steps |
| 157 | +* Use the Operator to create a {product} instance on a supported platform. For more information, see the following documentation for the platform that you want to use: |
| 158 | +** link:https://docs.redhat.com/en/documentation/red_hat_developer_hub/1.4/html/installing_red_hat_developer_hub_on_openshift_container_platform/assembly-install-rhdh-ocp-operator[Installing {product} on {ocp-short} with the Operator] |
| 159 | +** link:https://docs.redhat.com/en/documentation/red_hat_developer_hub/1.4/html/installing_red_hat_developer_hub_on_amazon_elastic_kubernetes_service/proc-rhdh-deploy-eks-operator_title-install-rhdh-eks[Installing {product-short} on {eks-short} with the Operator] |
| 160 | +** link:https://docs.redhat.com/en/documentation/red_hat_developer_hub/1.4/html/installing_red_hat_developer_hub_on_microsoft_azure_kubernetes_service/proc-rhdh-deploy-aks-operator_title-install-rhdh-aks[Installing {product-short} on {aks-short} with the Operator] |
| 161 | +** link:https://docs.redhat.com/en/documentation/red_hat_developer_hub/1.4/html/installing_red_hat_developer_hub_on_openshift_dedicated_on_google_cloud_platform/proc-install-rhdh-osd-gcp-operator_title-install-rhdh-osd-gcp[Installing {product-short} on {gcp-short} with the Operator] |
| 162 | +** link:https://docs.redhat.com/en/documentation/red_hat_developer_hub/1.4/html/installing_red_hat_developer_hub_on_google_kubernetes_engine/proc-rhdh-deploy-gke-operator.adoc_title-install-rhdh-gke#proc-deploy-rhdh-instance-gke.adoc_title-install-rhdh-gke[Deploying {product-short} on {gke-short} with the Operator] |
0 commit comments