Installing IBM Cloud Pak foundational services in an air-gapped environment

If your cluster is not connected to the internet, you can install IBM Cloud Pak foundational services in your cluster by using either a bastion host, portable compute device, or a portable storage device.


It is common in production to have a cluster that does not have internet access. In these cases, you can still install IBM Cloud Pak foundational services, IBM Cloud Paks®, and OpenShift Container Platform in an air-gapped (otherwise known as offline or disconnected) environment. Unlike online installations, air-gapped installations require you to enable the IBM Operator Catalog to mimic a typical online installation using images in your own registry.

The following diagram provides an overview of air-gapped installation scenarios for portable compute, portable storage, and bastion hosts:

Air-gap scenarios
Figure 1. Air-gap scenarios

All of these scenarios use Container Application Software for Enterprises (CASE) files to mirror content from a source to a target. CASE is a specification that defines metadata and structure for packaging, managing, and unpacking containerized applications.

You can store the product code and images to a portable compute device (like a laptop), portable storage device (like an external hard disk drive), or a bastion host and then transfer them to a local air-gapped network. If you are using either a portable compute device or a portable storage device, you don't need a bastion host to install in your air-gapped environment.

Table 1. Air-gapped installation scenarios
Air-gapped installation approach Example Description
Bastion host Bastion host A bastion server is a device that has access to both the public internet and the local intranet where a local registry and Red Hat OpenShift Container Platform clusters reside. Using the bastion server, you can replicate your images through the bastion server directly to the local, intranet registry behind the firewall.
Portable compute device Laptop A portable compute device, such as a laptop, can be used to download images from the entitled registry to a portable container registry running locally on the device. You can then bring the device behind your firewall and copy the images from your portable registry on the device to the local, intranet registry behind the firewall.
Portable storage device Portable hard disk drive A portable storage device, such as a hard disk drive, can be connected to a compute device external to your firewall to download the images. This portable storage can then be connected to a device behind the firewall so that the images can be loaded to the local, intranet registry.

From a high level, air-gapped installations consist of four steps:

  1. Set up your image registry access and mirroring environment (One-time action)
  2. Set environment variables and download CASE files
  3. Mirror images depending on installation scenario
  4. Install the foundational services by way of Red Hat OpenShift Container Platform

The following flow diagram provides you with a further breakdown of these steps, including, if you are adding additional capabilities to an air-gapped installation:

Air-gapped installation task flow
Figure 2. Air-gapped installation task flow

Setting up proxy environment variables

Note: The following proxy environment variables are supported on cloudctl version 3.12.1 and above.

If your bastion host, portable compute device, or portable storage device must be able to connect to the internet via a proxy, set the following environment variables on the machine that accesses the internet via the proxy server:

export https_proxy=http://proxy-server-hostname:port
export http_proxy=http://proxy-server-hostname:port

# Example:
export https_proxy=
export http_proxy=

Installation methods

The following sections illustrate the required steps for each approach to an air-gapped installation. Pick the appropriate methodology and follow the steps within that section. Step ordering might vary depending on your methodology: