Air-Gapped Installations

Red Hat OpenShift

Trilio for Kubernetes has been designed to support installation in a restricted or disconnected network as part of the OLM framework. Please follow the instructions from the OpenShift Documentation and refer to this detailed video to install T4K in an offline environment.

Others Distributions

The following documentation provides a method to install Trilio for Kubernetes inside an air-gapped environment (a.k.a dark site), i.e., one with either no internet or just partial internet connectivity to run the installation.

Prerequisites

1. A host with 20Gb free disk space if you install a local registry.

2. The host must have connectivity to the cluster.

3. Container Runtime should be installed and running on the host (docker/podman/crictl/nerdctl)

4. If you are installing a local registry, the IP of the host machine and port (by default 443) should not be blocked for cluster nodes or should not have other services like Nginx running.

5. Check if any service is already running on the specified port. If so, mention another port with —port option while running run.sh

Download

Perform the following steps to download the required files:

• Download the installation package to the host

curl -O https://storage.googleapis.com/triliovault-airgap/<version>/installer.tar.gz

• Untar the installer using the command:

$ tar -xvzf installer.tar.gz

• Check that the extracted code looks like this:

$ tree installer
    
    installer
    ├── README.md
    ├── certs
    │   ├── fullchain.pem
    │   └── privkey.pem
    ├── containerImages
    │   ├── busybox.tar.gz
    │   ├── dnsutils.tar.gz
    │   ├── registry.tar.gz
    │   ├── trilioImages.tar.gz
    │   └── loggingImages.tar.gz
    ├── helm
    ├── log-collector
    ├── k8s-triliovault-operator-RELEASE_VERSION.tgz
    └── run.sh

    2 directories, 10 files

• Setup T4K Log-collector plugin

  1. Move binary to PATH :

     Copy

     sudo mv installer/log-collector /usr/local/bin/kubectl-tvk_log_collector

  2. Verify Installation :

     Copy

     kubectl tvk-log-collector --help

Installation

run.sh — library for setting up container registry with trilio images.

Usage:

    # Create local container registry & load Trilio images.
    bash run.sh --setup
    
    # Create local container registry & load Trilio images with Observability stack images.
    bash run.sh --setup --observability
    
    # Create local container registry on a specified port. (Defaults to port 443).
    bash run.sh --setup --port <port-number>
    
    # Create local container registry using custom hostname and ssl certificates & load Trilio images
    bash run.sh --setup --registry-host <registry_host> --cert-file <path-to-cert-file> --key-file <path-to-key>

    # Load Trilio images on existing container registry without authentication
    bash run.sh --registry <registry-name>

    # Load Trilio images on existing container registry with authentication
    bash run.sh --registry <registry-name> --user <username> --pass <password>
   
Options:
    --help                              Show detailed help with options.
    --registry <registry_name>          Existing Container Registry name.(If not provided, local container registry is setup)
    --user <username>                   Existing Container registry username.(If the given container registry requires auth)
    --pass <password>                   Existing Container registry password.(If the given container registry requires auth)
    --setup                             Setup container registry.
    --observability                     Setup observability stack images in container registry
    --port <registry_port>              Setup container registry on a specified port. (Defaults to 443)
    --registry-host <registry_host>     Setup container registry with valid domain name if TLS Certificate provided
    --cert-file <path-to-cert-file>     Setup container registry with SSL/TLS certificate
    --key-file <path-to-key-file>       Setup container registry with SSL/TLS private key

User Actions

• Local secure private container registry setup with wildcard certificates. (Not recommended for production use) :

  Copy

  bash installer/run.sh --setup

• Local secure private container registry setup on the specified port :

  Copy

  bash installer/run.sh --setup --port 5000

• Local secure private container registry setup with observability stack images :

  Copy

  bash installer/run.sh --setup --observability

• Local secure private container registry setup with user-provided certificates. (Not recommended for production use) :

  Copy

  bash installer/run.sh --setup --registry-host <registry-hostname> --cert-file <path-to-cert-file> --key-file <path-to-key-file>

• Use an already existing container registry :

  1. Container Registry with authentication :

     Copy

     bash installer/run.sh --registry <registry-name> --user <registry-username> --pass <registry-pass>

  2. Container Registry without any authentication :

     Copy

     bash installer/run.sh --registry <registry-name>

Install T4K

1. Run helm install command with registry parameters:

   Copy

   helm install <release-name> <k8s-triliovault-operator-*.tgz> --set registry=<registry-name>

2. If --observability option is passed during installer setup, enable Observability Stack in values.yaml and update with container registry parameters and run helm install:

   Copy

   observability:
     enabled: true
     name: "tvk-integration"
     logging:
       loki:
         enabled: true
         fullnameOverride: "loki"
         persistence:
           enabled: true
           accessModes:
             - ReadWriteOnce
           size: 10Gi
         config:
           limits_config:
             reject_old_samples_max_age: 168h
           table_manager:
             retention_period: 168h
         image:
           registry: <registry-name>
       promtail:
         enabled: true
         fullnameOverride: "promtail"
         config:
           clients:
             - url: http://loki:3100/loki/api/v1/push
         image:
           registry: <registry-name>
     monitoring:
       prometheus:
         enabled: true
         fullnameOverride: "prom"
         server:
           enabled: true
           fullnameOverride: "prom-server"
           persistentVolume:
             enabled: false
           image:
             registry: <registry-name>
         kubeStateMetrics:
           enabled: false
           image:
             registry: <registry-name>
         nodeExporter:
           enabled: false
           image:
             registry: <registry-name>
         pushgateway:
           enabled: false
           image:
             registry: <registry-name>
         alertmanager:
           enabled: false
           image:
             registry: <registry-name>
         configmapReload:
           prometheus:
             image:
               registry: <registry-name>
           alertmanager:
             image:
               registry: <registry-name>
     visualization:
       grafana:
         enabled: true
         adminPassword: "admin123"
         fullnameOverride: "grafana"
         service:
           type: ClusterIP
         image:
           registry: <registry-name>
         testFramework:
           registry: <registry-name>
         imageRenderer:
           image:
             registry: <registry-name>
         sidecar:
           image:
             registry: <registry-name>
         initChownData:
           image:
             registry: <registry-name>
         downloadDashboardsImage:
           registry: <registry-name>

Upgrade T4K

Perform the following steps to download and install the upgrade files required:

1. Download the newer version installer package from the GCS bucket here: curl -O https://storage.googleapis.com/triliovault-airgap/<version>/installer.tar.gz

2. Unzip installer.tar.gz

3. Run helm upgrade using the following command:

helm upgrade --install <release-name> <k8s-triliovault-operator-*.tgz> --set registry=<registry-name>