Importing a managed cluster in an air gapped environment

After you install IBM Multicloud Manager, you can import a managed cluster in an air-gapped environment. By default, the multicluster-endpoint deployment pulls all of the required images from Docker Hub. Complete the following instructions only if you are working in an air gapped environment.

• Prerequisites
• Importing an IBM Cloud Private cluster in an air gapped environment

• Importing an IBM Cloud Private with OpenShift in an air gapped environment

  Important: You cannot import a hub cluster as a managed cluster.

Prerequisites

• You must have an IBM Multicloud Manager hub that is deployed and an IBM Cloud Private cluster that you want to manage. If you need to install IBM Cloud Private, see the product documentation .

• You need to install the Kubernetes CLI, kubectl. To install kubectl, see Installing the Kubernetes CLI (kubectl).

• You must install the IBM Cloud Private CLI, cloudctl. For more information, see Installing the IBM Cloud Private CLI to install the CLI.

  Note: Download the installation file for CLI tools from the management console.

• You must install Docker. To install Docker, see Install Docker .

Importing an IBM Cloud Private cluster in an air gapped environment

1. You need to access images from a private image registry. Run the following command to log in to the image registry:

   docker login <registry-url>
   

   • To configure authentication to access the private image registry from outside of your IBM Cloud Private cluster, see Configuring authentication for the Docker CLI .

   • To configure authentication locally, complete the following steps:

     Log in to your hub cluster with the following command, where <Cluster Master Host> is the external hostname or IP address for your master or leading master node:

     cloudctl login -a https://<Cluster Master Host>:<Cluster Master API Port> --skip-ssl-validation
     

2. Load the PPA archive with the following command:

   cloudctl catalog load-ppa-archive -a <mcm-ppa-3.2.1.tgz> --registry <registry-url>/ibmcom --username <username> --password <password>
   

3. If you are using a private image registry for the import, you must edit the cluster-import-config.yaml file. Add Image Registry Configurations to your file and add the following parameters and values:

   private_registry_enabled: true
   docker_username: <private-registry-username>
   docker_password: <private-registry-password>
   imageRegistry: <registry-url>/ibmcom
   imageNamePostfix: -amd64 #Not required, but if applicable, add a value here or comment out this value.
   

Importing an IBM Cloud Private with OpenShift in an air gapped environment

1. Log in to your cluster with the following command, where <Cluster Master Host> is the external hostname or IP address for your master or leading master node:

   cloudctl login -a https://<Cluster Master Host>:<Cluster Master API Port> --skip-ssl-validation
   

2. Run the following command to log in to the image registry:

   docker login $(kubectl get route -n default docker-registry -o jsonpath='{.spec.host}') -u $(oc whoami) -p $(oc whoami -t)
   

3. Load the PPA archive with the following command:

   cloudctl catalog load-ppa-archive -a <mcm-ppa-3.2.1.tgz> --registry <registry-url>/ibmcom --username <username> --password <password>
   

4. Ensure that the namespace with assigned access so that images can be pulled from this registry.

   oc policy add-role-to-group system:image-puller system:serviceaccounts:multicluster-endpoint --namespace=ibmcom
   

You are ready to complete the import process either from the IBM Multicloud Manager management console or from the CLI.

See Importing a target managed cluster to the IBM Multicloud Manager hub cluster for instructions.