Installation in an Air-Gapped Environment
Audience: System Administrators
Content Summary: This page outlines how to install Immuta in an air-gapped environment.
Introduction
Process for Saving and Loading Docker Images
The process outlined for saving and loading the Docker images will be different for everyone. With the exception of the list of Docker images that all users need to copy to their container registry, all code blocks provided are merely examples.
This high-level overview makes these assumptions:
- a container registry is accessible from inside the air-gapped environment
- Docker and Helm are already installed
Copy Docker Images to Container Registry
All users should copy these Docker images to their container registry.
registry.immuta.com/immuta/immuta-service:2024.1.13
registry.immuta.com/immuta/immuta-db:2024.1.13
registry.immuta.com/immuta/immuta-fingerprint:2024.1.13
registry.immuta.com/immuta/immuta-deploy-tools:$IMMUTA_DEPLOY_TOOLS_VERSION
registry.immuta.com/memcached:$MEMCACHED_TAG
registry.immuta.com/ingress-nginx-controller:$INGRESS_NGINX_TAG
See the Helm Chart Options page for the values: IMMUTA_DEPLOY_TOOLS_VERSION
,
MEMCACHED_TAG
, and INGRESS_NGINX_TAG
.
Sample Processes
Networked Machine (Outside Air Gap)
Docker Registry Authentication
Reach out to your Immuta support professional for your Immuta Docker Registry credentials.
-
Authenticate with Immuta's Docker registry.
docker login https://registry.immuta.com -u <username> -p <password>
-
Pull the images.
docker pull registry.immuta.com/immuta/immuta-service:2024.1.13 docker pull registry.immuta.com/immuta/immuta-db:2024.1.13 docker pull registry.immuta.com/immuta/immuta-fingerprint:2024.1.13 docker pull registry.immuta.com/immuta/immuta-deploy-tools:$IMMUTA_DEPLOY_TOOLS_VERSION docker pull registry.immuta.com/memcached:$MEMCACHED_TAG docker pull registry.immuta.com/ingress-nginx-controller:$INGRESS_NGINX_TAG
-
Save the images.
docker save registry.immuta.com/immuta/immuta-service:2024.1.13 / | gzip > immuta-service-2024.1.13 docker save registry.immuta.com/immuta/immuta-db:2024.1.13 / | gzip > immuta-db-2024.1.13 docker save registry.immuta.com/immuta/immuta-fingerprint:2024.1.13 / | gzip > immuta-fingerprint-2024.1.13 docker save registry.immuta.com/immuta/immuta-deploy-tools:$IMMUTA_DEPLOY_TOOLS_VERSION | / gzip > immuta-deploy-tools-$IMMUTA_DEPLOY_TOOLS_VERSION.tar.gz docker save registry.immuta.com/memcached:$MEMCACHED_TAG | gzip > memcached-$MEMCACHED_TAG.tar.gz docker save registry.immuta.com/ingress-nginx-controller:$INGRESS_NGINX_TAG | / gzip > ingress-nginx-controller-$INGRESS_NGINX_TAG.tar.gz
The
.tar.gz
files will now be in your working directory. -
Add Immuta's Chart repository to Helm:
helm repo add --username <username> --password-stdin immuta https://archives.immuta.com/charts
-
Download the Helm Chart.
helm pull immuta/immuta
The
.tgz
files will now be in your working directory. -
Move the Helm Chart and Docker images onto a machine connected to the air-gapped network.
Offline Machine (Inside Air Gap)
-
Copy these Docker images to your container registry. Note: You may need to reload the environment variables.
registry.immuta.com/immuta/immuta-service:2024.1.13 registry.immuta.com/immuta/immuta-db:2024.1.13 registry.immuta.com/immuta/immuta-fingerprint:2024.1.13 registry.immuta.com/immuta/immuta-deploy-tools:$IMMUTA_DEPLOY_TOOLS_VERSION registry.immuta.com/memcached:$MEMCACHED_TAG registry.immuta.com/ingress-nginx-controller:$INGRESS_NGINX_TAG
-
Validate that the images are present.
docker image ls
-
Tag the images.
docker image tag $IMMUTA_REGISTRY/immuta/immuta-service:2024.1.13 / $CUSTOMER_REGISTRY/immuta/immuta-service:2024.1.13 docker image tag $IMMUTA_REGISTRY/immuta/immuta-db:2024.1.13 / $CUSTOMER_REGISTRY/immuta/immuta-db:2024.1.13 docker image tag $IMMUTA_REGISTRY/immuta/immuta-fingerprint:2024.1.13 / $CUSTOMER_REGISTRY/immuta/immuta-fingerprint:2024.1.13 docker image tag $IMMUTA_REGISTRY/immuta/immuta-deploy-tools:$IMMUTA_DEPLOY_TOOLS_VERSION $CUSTOMER_REGISTRY/immuta/immuta-deploy-tools:$IMMUTA_DEPLOY_TOOLS_VERSION docker image tag $IMMUTA_REGISTRY/memcached:$MEMCACHED_TAG $CUSTOMER_REGISTRY/immuta/memcached:$MEMCACHED_TAG docker image tag $IMMUTA_REGISTRY/ingress-nginx-controller:$INGRESS_NGINX_TAG $CUSTOMER_REGISTRY/immuta/ingress-nginx-controller:$INGRESS_NGINX_TAG
-
Push the images to your registry.
docker image push $CUSTOMER_REGISTRY/immuta/immuta-service:2024.1.13 docker image push $CUSTOMER_REGISTRY/immuta/immuta-db:2024.1.13 docker image push $CUSTOMER_REGISTRY/immuta/immuta-fingerprint:2024.1.13 docker image push $CUSTOMER_REGISTRY/immuta/immuta-deploy-tools:$IMMUTA_DEPLOY_TOOLS_VERSION docker image push $CUSTOMER_REGISTRY/immuta/memcached:$MEMCACHED_TAG docker image push $CUSTOMER_REGISTRY/immuta/ingress-nginx-controller:$INGRESS_NGINX_TAG
-
Create the Helm values file (i.e.,
myValues.yaml
) and point it to your registry (i.e.,web.imageRepository
). Be sure to replace$CUSTOMER_REGISTRY
with the actual URL, including any additional prefixes beforeimmuta
, with the URL for the actual registry.global: imageRegistry: $CUSTOMER_REGISTRY cache: memcached: image: repository: immuta/memcached nginxIngress: controller: image: repository: immuta/ingress-nginx-controller
-
Deploy the Helm Chart.
helm install <YOUR RELEASE NAME> immuta-$IMMUTA_HELM_CHART_VERSION.tgz --values myValues.yaml