health airgap
Validate your source registry connectivity and verify that the cluster can pull an image from the mirror registry for air gap installation.
This health check is suited for checking whether mirrored images in private registry can be accessed and verifying image resource setup before you install Guardium Data Security Center.
Prerequisites
- Log in to Red Hat® OpenShift® Container Platform as a cluster administrator.
- Verify the configuration file.Important: A Kubernetes configuration file must be at either ~/.kube/config or ~/auth/kubeconfig for this command to work. The file must have the target cluster as the current context.
- Ensure that you have either Docker or Podman installed on your system. The health check first checks if Docker or Podman is installed before proceeding.
- Mirror your images to a local private registry. For more information, see Manually installing Guardium Data Security Center offline.
Syntax and command options
The following example shows the syntax that you must use when you run the
airgap
command:guardcenter-cli health airgap \
--host=<local-registry-host> \
--username=<local-registry-username> \
--password=<local-registry-password> \
[--version=<guardium-version>] \
[--save]Configure the following command options when you run the
airgap command:
| Option | Description |
|---|---|
|
|
The host of the private registry. This value can be the host IP address or the FQDN and
listening port, which is formatted as <FQDN:Listening_port>.
|
--username |
The username that you use to log in to the private registry.
|
--password |
The password that you use to log in to the private registry.
|
--version
|
The version of Guardium Data Security Center that
you want to use.
|
|
|
Display command help.
|
--save |
Save the output and resource files to the local file system.
|
Important: You cannot use the
--verbose command option
with this command. Example
The following command example is to verify that the cluster can pull an image from mirror
registry and has
Image Content Source Policy or Image Digest Mirror
Set resource setup before you install Guardium Data Security Center in an air gap
environment:guardcenter-cli health airgap \
--host=<local-registry-host> \
--username=<local-registry-username> \
--password=<local-registry-password> The following example shows a successful output:
Health Check Report [INFO] 2025-02-12T11:57:03.134320Z Checking if docker or podman is installed... [SUCCESS] 2025-02-12T11:57:03.151229Z Required tool is installed: docker [INFO] 2025-02-12T11:57:03.151312Z Checking if registry credentials provided are valid... [SUCCESS] 2025-02-12T11:57:03.767871Z Successfully logged in to 'my.local.private.registry' registry using credentials. [INFO] 2025-02-12T11:57:37.063006Z Verifying registry connection: cp.icr.io, icr.io [SUCCESS] 2025-02-12T11:57:38.291995Z Successfully verified connection for registries. [INFO] 2025-02-12T11:57:38.721920Z Creating pod to test pulling image from mirror registry: my.local.private.registry/cp/ibm-guardium-data-security-center/insights-deploy-common-utils:release-v3.6.2-2025-01-20-10.31.53-a1d3a25 [SUCCESS] 2025-02-12T11:57:44.197681Z Pod successfully pulled an image from 'my.local.private.registry' registry. [INFO] 2025-02-12T11:57:44.322858Z Verifying if cluster has 'image content source policy' or 'image digest mirror set' resource for airgap installation... [SUCCESS] 2025-02-12T11:57:44.546764Z Successfully found 'image digest mirror set' resource. [INFO] 2025-02-12T11:57:44.546928Z Airgap validation info gathered successfully! [INFO] 2025-02-12T11:57:44.546989Z Please refer to airgap documentation for more information: https://www.ibm.com/docs/en/SSGP4E_3.x/install_upgrade/install_prep_offline.html