🕸️ Ada Research Browser

airgap-guide.md
HomeResearch Reportsairgap-guide.md
← Back

Air-Gap Deployment Guide

This guide covers deploying the SRE platform in air-gapped environments with no internet access.

Overview

Air-gapped deployment requires pre-staging all container images and Helm charts before deployment. The platform provides scripts to automate this process.

Prerequisites

Step 1: Mirror Images to Harbor (Connected Environment)

If your Harbor instance has internet access, mirror all platform images directly:

./scripts/airgap-mirror-images.sh

This pulls all platform images and pushes them to harbor.sre.internal/platform/.

Step 2: Export Bundle (Connected Environment)

If Harbor is in the air-gapped environment, create an export bundle:

./scripts/airgap-export-bundle.sh

This creates /tmp/sre-platform-airgap-bundle.tar.gz containing: - All container images as OCI archives - A manifest.json listing all images and versions - An import.sh script for the air-gapped side

Step 3: Transfer Bundle

Transfer the bundle to the air-gapped environment via approved media (USB, SFTP, etc.).

Step 4: Import Images (Air-Gapped Environment)

tar xzf sre-platform-airgap-bundle.tar.gz
cd sre-platform-bundle
./import.sh harbor.airgap.local

This loads all images into the air-gapped Harbor instance.

Step 5: Configure Platform for Air-Gap

  1. Update restrict-image-registries Kyverno policy to allow your air-gapped registry
  2. Apply the image overrides ConfigMap generated by the mirror script
  3. Configure Helm chart repositories to point to a ChartMuseum or OCI registry in the air-gap

Step 6: Deploy

Follow the standard deployment procedure. All images will be pulled from the local Harbor instance.

Updating Images

When new versions are released:

  1. Run airgap-mirror-images.sh or airgap-export-bundle.sh on the connected side
  2. Transfer and import the new images
  3. Update the HelmRelease versions in the platform manifests
  4. Flux will reconcile with the new versions