Air Gap installation guide

Before you get started

To use Kublr in an AirGap environment, download BASH scripts from https://release.ecp.eastbanctech.com, where ${KUBLR_VERSION} is the installation version:

And archives with Helm packages, Kublr agent and Docker images:

System Requirements for Cluster Nodes

  1. x86 64-bit hardware
  2. Hardware recommendation Hardware recommendation
  3. Supported OS on nodes: RHEL 7.2+ or Ubuntu 16.04 LTS
  4. Root access to each node
  5. Existing RAW repository for upload Helm and Kublr agent archives and Docker registry, available from each node
  6. Nodes are connected in your network, and the Kublr-in-a-Box configured IP is accessible from these nodes (ping)
  7. From your nodes, firewall rules should allow traffic to Kublr-in-a-Box on ports 9080
  8. 100Mbs stable Internet connection
  9. Kublr-in-a-Box should be correctly configured to be accessible in your local network. Note: It is critical that you provide the correct IP address during the virtual machine startup. If you skipped this step, please re-run provisioning and configure your firewall rules to allow traffic to your computer.

Repository Preparation

Use the downloaded files on external media or download SHELL scripts and run them as-is. All necessary archives will be downloaded automatically (Internet access is required)

  1. Upload archives with Kublr agent and Helm packages

    $ bash kublr-load-agent.sh https://192.168.3.8/repository/raw/
    Upload kublr-1.10.1-ga2-linux.tar.gz to local repo:
    ######################################################################## 100.0%
    $ bash kublr-load-helm.sh https://192.168.3.8/repository/raw/
    Processing kublr-helm-1.10.1-ga2.tar.gz:
    ######################################################################## 100.0%
    cleaning...
  2. Push all needed Docker images into your Docker registry

    $ docker login --username admin --password admin123 192.168.3.8:5000
    $ bash kublr-load-images.sh 192.168.3.8:5000

In these examples, 192.168.3.8 is the IP address of local RAW repository. You will need to change this to your IP or DNS name.

Running Kublr-in-a-Box in AirGap mode

Specify the addresses of repositories to store artifacts, as well as the address of the Docker repository when you run Kublr-in-a-Box. To run in AirGap mode, specify ISOLATED_ENV=true and KUBLR_HOST=HOST_IP: HOST_PORT for the on-premise installation.

``` bash
$ export ISOLATED_ENV=true
$ export KUBLR_LICENSE='******-****-****-****-****'
$ export KUBLR_HOST=192.168.3.7:9080
$ export DOCKER_REGISTRY=192.168.3.8:5000
$ export HELM_REPOSITORY=https://192.168.3.8/repository/raw
$ export KUBLR_AGENT_REPOSITORY=https://192.168.3.8/repository/raw

$ docker run -p 9080:9080 -d --restart=unless-stopped --name kublr \
       -e DOCKER_REGISTRY=${DOCKER_REGISTRY} \
       -e HELM_REPOSITORY=${HELM_REPOSITORY} \
       -e KUBLR_AGENT_REPOSITORY=${KUBLR_AGENT_REPOSITORY} \
       -e ISOLATED_ENV=${ISOLATED_ENV} \
       -e KUBLR_HOST=${KUBLR_HOST} \
       -e KUBLR_LICENSE=${KUBLR_LICENSE} \
       ${DOCKER_REGISTRY}/kublr/kublr:${KUBLR_VERSION}
```

Re-Provisioning Kublr-in-a-Box

To install clusters on premise, when you have already started Kublr-in-a-Box without option KUBLR_HOST, or your IP address has been changed (for example to switch networks), please use following command to correct KUBLR_HOST to access your computer from the network. Typically, it is your computer’s IP address, but it may be different if you use NAT:

docker exec -i kublr /bin/bash -c 'echo "KUBLR_HOST=HOST_IP:HOST_PORT" > ip.external'; docker restart kublr

This will reconfigure Kublr to use a proper DNS/IP address for the installation scripts used on your nodes.

Creating AirGap On-Premise cluster in Kublr

For more details see On-Premise Installation

  1. Open KCP UI on http://KUBLR-IN-A-BOX-IP:9080/cluster
  2. Click create cluster. Check the “Bare Metal” icon in the Provider section
  3. Create KCP Cluster with configure “Cluster specification” use “Customize Cluster Specification” and change parameters: DOCKER-IP and DOCKER-PORT

    metadata:
      name: cluster-name
    spec:
      kublrAgentConfig:
        kublr:
          docker:
            config:
              insecure-registries:
                - <DOCKER-IP>:<DOCKER-PORT>
    ...

Air gap


Questions? Suggestions? Need help? Contact us.