Preparing an air gap environment

If your cluster is not connected to the internet, you can install Cloud Pak for Business Automation in an air gap environment by using a bastion server.

About this task

It is common in production to have a cluster that cannot access the internet. In these cases, you can still install Cloud Pak for Business Automation and OpenShift Container Platform (OCP) in an air-gapped (otherwise known as offline or disconnected) environment. An air-gapped installation uses the IBM operator catalog to mimic a typical online installation except that the Cloud Pak images are in your own registry. You first store the images to a bastion server and then transfer them to a local air-gapped network. A bastion server is a device that has access to both the public internet and an internal local registry on an OCP cluster that is protected by a firewall. Using the bastion server, you can replicate your images through the bastion server directly to the local registry. The OCP cluster can then continue to use the images behind the firewall.

Important: When you install an air gap, you do not need to complete the instructions in Preparing for an Enterprise deployment.

The following diagram shows a bastion server in an air gapped environment. The actions that you need to take to mirror the Cloud Pak images and install the IBM operator catalog are shown in three steps in the diagram.

  1. Save or fetch the case archive.
  2. Configure the credentials for the source and local registries, and then mirror the images.
  3. Configure an OCP cluster by installing the operator catalog and an instance of the Cloud Pak operator in a chosen namespace.
Air gap high-level architecture