Skip to main content

Air Gap Installation with the Kubernetes Installer

This topic describes how to use Replicated to install an application in an air gap environment, using the Replicated Kubernetes installer to provision an embedded cluster on a virtual machine or on bare metal. The procedure explains how to install with and without high availability mode.

The Kubernetes installer is based on the open source kURL project, which is maintained by Replicated. For more information about installing with kURL, including advanced installation options, see the kURL documentation.

About Private Registries

Air gapped networks must have a Docker image registry that is available inside the network. The app manager rewrites the application image names in all application manifests to read from the on-premises registry, and it re-tags and pushes the images to the on-premises registry. When authenticating to the registry, credentials with push permissions are required.

A single application expects to use a single namespace in the Docker image registry. The namespace name can be any valid URL-safe string, supplied at installation time. A registry typically expects the namespace to exist before any images can be pushed into it.

note

ECR does not use namespaces.

About High Availability Mode

Air gap installations can use high availability (HA) mode with the Kubernetes installer.

A load balancer is required for high availability mode. If your vendor has chosen to use the internal load balancer with the EKCO add-on, you do not need to provide your own external load balancer. An external load balancer can be preferred when clients outside the cluster need access to the cluster's Kubernetes API.

If you decide to use an external load balancer, the external load balancer must be a TCP forwarding load balancer. For more information, see Prerequisites.

The health check for an apiserver is a TCP check on the port that the kube-apiserver listens on. The default value is :6443. For more information about the kube-apiserver external load balancer, see Create load balancer for kube-apiserver in the Kubernetes documentation.

Prerequisites

Complete the following prerequisites:

  • Ensure that there is a compatible Docker image registry available inside the network. For more information about Docker registry compatibility, see Private Registry Requirements.
  • If you are installing in high availability mode:
    • (Optional) If you are going to use the internal load balancer, you can preconfigure it by passing | sudo bash -s ha ekco-enable-internal-load-balancer.
    • For an external load balancer, ensure that your load balancer is:
      • A TCP forwarding external load balancer.
      • Configured to distribute traffic to all healthy control plane nodes in its target list.
      • (Optional) Preconfigured by passing the load-balancer-address=HOST:PORT flag.

Install the Application

This procedure explains how to install the app manager and the application in an air gapped environment, with and without high availability mode.

To install the application:

  1. Run one of the following commands:

    • For a regular installation, run:

      curl -LO https://k8s.kurl.sh/bundle/FILENAME.tar.gz
      tar -xvzf FILENAME.tar.gz
      cat install.sh | sudo bash -s airgap

    • For high availability, run:

      curl -LO https://k8s.kurl.sh/bundle/FILENAME.tar.gz
      tar xvzf FILENAME.tar.gz
      cat install.sh | sudo bash -s airgap ha

    Replace FILENAME with the name of the kURL air gap .tar.gz file.

    After the installation command finishes, note the Kotsadm and Login with password (will not be shown again) fields in the output of the installation command. You can use these in the next step to log in to the admin console and install the application.

    note

    You can construct the URL for the air gap bundle by prefixing the URL path for online installations with /bundle and adding .tar.gz to the end. For more information, see Install in an Online Environment.

  2. (High Availability Only) If you did not preconfigure a load balancer, you are prompted during the installation. Do one of the following:

    • If you are using the internal load balancer, leave the prompt blank and proceed with the installation.

    • If you are using an external load balancer, pass the load balancer address.

  3. Install the application using one of the following methods:

    • Admin console: Use the kotsadm and password from the previous step to log into the admin console. For information about using the admin console, see Completing Application Setup and Deploying.

    • kots CLI:

      1. Install the kots CLI. See Install without Root Access in the Installing the kots CLI reference section.

      2. Use the following command to install the application .airgap bundle. For more information about the kots install command, see install in the kots CLI documentation.

          kubectl kots install APP_NAME \
          --airgap-bundle PATH_TO_AIRGAP_BUNDLE \
          --license-file PATH_TO_LICENSE_FILE \
          --config-values PATH_TO_CONFIG_VALUES \
          --namespace default \
          --shared-password PASSWORD

        Replace:

        • APP_NAME with the name for the application.
        • PATH_TO_AIRGAP_BUNDLE with the path to the .airgap bundle file.
        • PATH_TO_LICENSE_FILE with the path to the license file.
        • PATH_TO_CONFIG_VALUES with the path to the ConfigValues manifest file.
        • PASSWORD with a shared password.

Next Step

(Optional) You can add nodes to the cluster. See Adding Nodes to Kubernetes Installer Clusters.