Air-gapped clusters
This document walks you through the process of installing Portworx into an air-gapped environment. First, you must fetch the required container images from the public container registries on the internet. Then, you can load these images directly onto your nodes or upload them into your private container registry. Once you’ve loaded the Portworx images, you will continue with the standard installation procedure.
Step 1: Download the air-gapped bootstrap script
Export your Kubernetes version by entering the following command:
KBVER=$(kubectl version --short | awk -F'[v+_-]' '/Server Version: / {print $3}')
If the current node doesn’t have
kubectl
installed, you can set theKBVER
variable manually by runningexport KBVER=<YOUR_KUBERNETES_VERSION>
. For example, if your Kubernetes version is1.19.3
, run the following command:KBVER=1.19.3
Download the air-gapped-install bootstrap script by entering the following curl command:
curl -o px-ag-install.sh -L "https://install.portworx.com/2.5/air-gapped?kbver=$KBVER"
Step 2: Pull the container images
Pull the container images by running the px-ag-install
script with the pull
option:
sh px-ag-install.sh pull
Step 3: Make container images available to your nodes
There are two ways in which you can make the Portworx container images available to your nodes:
- Follow Step 3a if your company uses private container registry
- Otherwise, follow Step 3b to push directly to your nodes
Step 3a: Push to a local registry server, accessible by the air-gapped nodes
Push the images to the registry by running the
px-ag-install
script with thepush
option and your registry location:sh px-ag-install.sh push <YOUR_REGISTRY_LOCATION>
For example:
sh px-ag-install.sh push myregistry.net:5443
alternatively you can put all images in the same repository:
sh px-ag-install.sh push myregistry.net:5443/px-images
Once you’ve loaded the images into your registry, continue with Step 4: Install Portworx. When you install Portworx, specify your custom registry in the Customize section of the spec generator:
Step 3b: Push directly to your nodes
Load container images onto your nodes individually by running the px-ag-install
script with the load
option and your intranet host locations:
sh px-ag-install.sh load <intranet-host> [<host2> <host3>...]
For <intranet-host>
, use the hostname or IP-address of your node.
- The command above uses
ssh
to load the images on the nodes on intranet. You can customize or replace thessh
command with the-e command
switch. For example,px-ag-install.sh -e "sshpass -p 5ecr3t ssh -l root"
uses the sshpass(1) command to automatically pass root’s password when logging into the intranet host. - If you’re using this method, you can specify
Image Pull Policy
as IfNotPresent or Never on the “Registry and Image Settings” page when generating the Portworx spec.
Step 4: Install Portworx
Once you have loaded the Portworx images into your registry or nodes, you’re ready to create an install spec using the spec generator. Determine whether you need to specify the PX_HTTP_PROXY
environment variable during installation:
Specify the PX_HTTP_PROXY environment variable
SharedV4 volumes require that your host run dependent services. If your host does not already have dependent services installed, Portworx will attempt to install them automatically. However, installation may fail if the hosts are not configured properly. For example: if your host is air-gapped and does not have dependent packages on intranet-accessible package repositories, or doesn’t have package management configured to use the HTTP proxy server.
If your air-gapped environment doesn’t have a system-wide HTTP proxy, you must specify the PX_HTTP_PROXY=...
variable in the environment variables tab of the spec generator to define the HTTP proxy for Portworx installation, including the automated installation of NFS service on the host.
Create an install spec
Using the Portworx spec generator, create an install spec, making sure to enable sharedV4 support and specify the PX_HTTP_PROXY
environment variable if you need to.
Refer to the following installation topics for more installation information:
-
All other How to install Portworx with Kubernetes
-
Install Portworx on OpenShift How to install Portworx with OpenShift
Air-gapped install bootstrap script reference
./px-ag-install.sh [image-commands] [options] '[arguments...]'
px-ag-install.sh
reflects the default name specified in the installation instructions, but can be whatever you named the script file when you downloaded it.
Image commands
Command | Description | Required? |
---|---|---|
pull |
Pulls the Portworx container images locally | |
push <registry[/repo]> |
Pushes the Portworx images into remote container registry server | |
load node1 [node2 [...]] |
Loads the images tarball to remote nodes (note: ssh-access required) |
Options
Option | Description | Required? |
---|---|---|
--help |
Displays help output | |
-I , --include <image> |
Specify additional images to include | |
-E , --exclude <glob> |
Specify images to EXCLUDE (e.g. -E ‘csi’) | |
-n , --dry-run |
Show commands instead of running | |
-V , --version |
Print version of the script | |
-v |
Verbose output |
Load-specific options
Option | Description | Required? |
---|---|---|
-e , --rsh <command> |
specify the remote shell to use (default ssh) | |
-L , --load-cmd <command> |
specify the remote container-load command to use (default auto) | |
-t <prefix> |
specify temporary tarball filename (default px-agtmp.tar) | |
--pks |
assume PKS environment; transfer images using ‘bosh’ command |
Examples
Pull images from default container registries, push them to custom registry server (default repositories)
px-ag-install.sh pull push your-registry.company.com:5000
Pull images from default container registries, push them to custom registry server and portworx repository
px-ag-install.sh pull px-ag-install.sh push your-registry.company.com:5000/portworx
Push images to password-protected remote registry, then import docker/podman configuration as kuberentes secret
docker login your-registry.company.com:5000 px-ag-install.sh pull px-ag-install.sh push your-registry.company.com:5000/portworx px-ag-install.sh import-secrets
Pull images, then load to given nodes using ssh
px-ag-install.sh pull px-ag-install.sh load node1 node2 node33 node444
Pull images, then load to given nodes using ssh and root-account
px-ag-install.sh -e "ssh -l root" pull load node1 node2 node33 node444
Load images to given nodes using ssh and password ‘5ecr3t’
px-ag-install.sh -e "sshpass -p 5ecr3t ssh" load node1 node2 node33 node444
Pull ONLY busybox image, load it to given nodes
px-ag-install.sh -E '*' -I docker.io/busybox:latest pull load node1 node2 node33 node444