Airgapped deployment

To be able to deploy EKF on an airgapped environment, you have to mirror all the necessary images to an internal/private registry. To streamline this procedure please follow the section below.

Mirror images to private registry

Note

Make sure you have rok-tools deployed and configured using the rok-tools-docker.yaml manifest by following the Prepare Management Environment guide. This will provide you the necessary Docker-in-Docker environment.

Note

Make sure you have cloned the Arrikto-provided deployments repo by following the Deploy Rok section.

To mirror all the necessary images to an internal registry follow the steps below:

  1. Exec into the rok-tools management environment.

  2. Configure Docker to access Arrikto’s private registry:

    $ mkdir -p /root/.docker
    $ cp dockerconfig.json /root/.docker/config.json
    
  3. Configure Docker to access your private registry. In case of an ECR registry run:

    $ export AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query 'Account' --output text)
    $ export AWS_DEFAULT_REGION=$(aws configure get region)
    $ aws ecr get-login-password | \
    >    docker login -u AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com
    

    Note

    This will use an ephemeral token that will last for 12 hours.

  4. Switch to the deployments repo:

    $ cd /root/ops/deployments
    
  5. Get the list of all the necessary images:

    $ rok-image-list -o images
    
  6. Pull the images locally:

    $ rok-image-pull --image-list images
    
  7. Specify where you want images to be mirrored, i.e., the private registry along with an optional repo prefix:

    $ export PRIVATE_REGISTRY=registry.example.com/arrikto
    

    In case of ECR this will be:

    $ export PRIVATE_REGISTRY=$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/arrikto
    
  8. Mirror the images to your private registry:

    $ rok-image-mirror --to $PRIVATE_REGISTRY --image-list images --push
    

    Note

    In case of ECR use the --create-ecr-repositories option to automatically create required repositories before pushing.

  9. (Optional) Save images as tarballs locally:

    $ rok-image-mirror --to $PRIVATE_REGISTRY --image-list images --save --save-dir /root/images
    

    Note

    Make sure you have sufficient space under --save-dir.