# Air-Gapped Installations ## Red Hat OpenShift Trilio for Kubernetes has been designed to support installation in a restricted or disconnected network as part of the OLM framework. Please follow the instructions from the [OpenShift Documentation](https://docs.openshift.com/container-platform/4.17/disconnected/using-olm.html) and refer to this [detailed video](https://drive.google.com/file/d/1rN0KyyTYGy-g4A-UoMA6lE5JtUzRRBQa/view?usp=sharing) to install T4K in an offline environment. ## Others Distributions The following documentation provides a method to install Trilio for Kubernetes inside an air-gapped environment (a.k.a dark site), i.e., one with either no internet or just partial internet connectivity to run the installation. {% hint style="info" %} MacOS Users: Installation script requires GNU-based `getopt` package and `iproute2mac` package {% endhint %} ### Prerequisites 1. A host with 20Gb free disk space if you install a local registry. 2. The host must have connectivity to the cluster. 3. Container Runtime should be installed and running on the host (`docker`/`podman`/`crictl`/`nerdctl`) 4. If you are installing a local registry, the IP of the host machine and port (by default 443) should not be blocked for cluster nodes or should not have other services like Nginx running. 5. Check if any service is already running on the specified port. If so, mention another port with `—port` option while running `run.sh` ### Download Perform the following steps to download the required files: * Download the installation package to the host ``` curl -O https://storage.googleapis.com/triliovault-airgap//installer.tar.gz ``` * Untar the installer using the command: ```bash $ tar -xvzf installer.tar.gz ``` * Check that the extracted code looks like this: ```bash $ tree installer installer ├── README.md ├── certs │ ├── fullchain.pem │ └── privkey.pem ├── containerImages │ ├── busybox.tar.gz │ ├── dnsutils.tar.gz │ ├── registry.tar.gz │ ├── trilioImages.tar.gz │ └── loggingImages.tar.gz ├── helm ├── log-collector ├── k8s-triliovault-operator-RELEASE_VERSION.tgz └── run.sh 2 directories, 10 files ``` * Setup T4K Log-collector plugin 1. Move binary to PATH : ``` sudo mv installer/log-collector /usr/local/bin/kubectl-tvk_log_collector ``` 2. Verify Installation : ``` kubectl tvk-log-collector --help ``` {% hint style="info" %} 1. The wildcard certificates provided inside the `certs` directory has an expiry. 2. You can download the [`traefik`](https://traefik.me/) certs and replace them inside the folder if they appear to be expired. 3. You can also pass your certs with `--cert-file`, `--key-file`, and `--registry-host` options. 4. Validate the `certs` with `openssl x509 -in -text -noout` {% endhint %} ### Installation `run.sh` — library for setting up container registry with trilio images. ``` Usage: # Create local container registry & load Trilio images. bash run.sh --setup # Create local container registry & load Trilio images with Observability stack images. bash run.sh --setup --observability # Create local container registry on a specified port. (Defaults to port 443). bash run.sh --setup --port # Create local container registry using custom hostname and ssl certificates & load Trilio images bash run.sh --setup --registry-host --cert-file --key-file # Load Trilio images on existing container registry without authentication bash run.sh --registry # Load Trilio images on existing container registry with authentication bash run.sh --registry --user --pass Options: --help Show detailed help with options. --registry Existing Container Registry name.(If not provided, local container registry is setup) --user Existing Container registry username.(If the given container registry requires auth) --pass Existing Container registry password.(If the given container registry requires auth) --setup Setup container registry. --observability Setup observability stack images in container registry --port Setup container registry on a specified port. (Defaults to 443) --registry-host Setup container registry with valid domain name if TLS Certificate provided --cert-file Setup container registry with SSL/TLS certificate --key-file Setup container registry with SSL/TLS private key ``` ### User Actions * Local secure private container registry setup with wildcard certificates. (Not recommended for production use) : ```bash bash installer/run.sh --setup ``` * Local secure private container registry setup on the specified port : ```bash bash installer/run.sh --setup --port 5000 ``` * Local secure private container registry setup with observability stack images : ```bash bash installer/run.sh --setup --observability ``` * Local secure private container registry setup with user-provided certificates. (Not recommended for production use) : ```bash bash installer/run.sh --setup --registry-host --cert-file --key-file ``` * Use an already existing container registry : 1. Container Registry with authentication : ```bash bash installer/run.sh --registry --user --pass ``` 2. Container Registry without any authentication : ```bash bash installer/run.sh --registry ``` ### Install T4K 1. Run helm install command with registry parameters: ``` helm install --set registry= ``` 2. If `--observability` option is passed during installer setup, enable Observability Stack in `values.yaml` and update with container registry parameters and run helm install: ```yaml observability: enabled: true name: "tvk-integration" logging: loki: enabled: true fullnameOverride: "loki" persistence: enabled: true accessModes: - ReadWriteOnce size: 10Gi config: limits_config: reject_old_samples_max_age: 168h table_manager: retention_period: 168h image: registry: promtail: enabled: true fullnameOverride: "promtail" config: clients: - url: http://loki:3100/loki/api/v1/push image: registry: monitoring: prometheus: enabled: true fullnameOverride: "prom" server: enabled: true fullnameOverride: "prom-server" persistentVolume: enabled: false image: registry: kubeStateMetrics: enabled: false image: registry: nodeExporter: enabled: false image: registry: pushgateway: enabled: false image: registry: alertmanager: enabled: false image: registry: configmapReload: prometheus: image: registry: alertmanager: image: registry: visualization: grafana: enabled: true adminPassword: "admin123" fullnameOverride: "grafana" service: type: ClusterIP image: registry: testFramework: registry: imageRenderer: image: registry: sidecar: image: registry: initChownData: image: registry: downloadDashboardsImage: registry: ``` ### Upgrade T4K Perform the following steps to download and install the upgrade files required: 1. Download the newer version installer package from the GCS bucket here:\ `curl -O https://storage.googleapis.com/triliovault-airgap//installer.tar.gz` 2. Unzip `installer.tar.gz` 3. Run helm upgrade using the following command: ```bash helm upgrade --install --set registry= ```