kubespray offline-environment

[elgamal2020]

in kubespray/docs/offline-environment.md

I would like to ask you to indicate for each for the following why it is required and also how it can be implemented ?

• a HTTP reverse proxy/cache/mirror to serve some static files (zips and binaries)
• an internal Yum/Deb repository for OS packages
• an internal container image registry that need to be populated with all container images used by Kubespray. Exhaustive list depends on your setup
• [Optional] an internal PyPi server for kubespray python packages (only required if your OS doesn't provide all python packages/versions listed in requirements.txt)
• [Optional] an internal Helm registry (only required if helm_enabled=true)

Why is this needed:
This will clarify more standard way to implement and apply Kubespray widely in air-gapped enviroment

Thanks a lot
Best Regards

[floryut]

@EppO could you provide some insights ?

[EppO]

* a HTTP reverse proxy/cache/mirror to serve some static files (zips and binaries)

Kubespray installs kubeadm/kubelet/kubectl from binaries and CNI plugins, etcd, calico, crictl... from tgz files. So you need to point kubespray to an internal webserver that hosts these files. You can use Apache, nginx, ... any webservers of your choice.
An alternative is to use a reverse proxy in a DMZ that has Internet access, configuration is trickier but you don't have to store the files in that case.

* an internal Yum/Deb repository for OS packages

docker/containerd/crio container runtimes are installed via OS packages. You need a internal repository to store them. To create one depends on your linux distro (RPM or DEB based).

* an internal container image registry that need to be populated with all container images used by Kubespray. Exhaustive list depends on your setup

You need to store all container images pulled by kubespray in an internal container registry. This one is tricky because it depends on the configuration of your setup: network plugin, addons, etcd installed by kubeadm, ... it would be useful to write a little script that gets that list based from the inventory and kubespray defaults. Right now, you need to know what images your setup is supposed to use. Once you have that list, you can use something like Harbor or Quay or your cloud provider container registry to store them all.

* [Optional] an internal PyPi server for kubespray python packages (only required if your OS doesn't provide all python packages/versions listed in requirements.txt)

You need to make sure that all python packages listed in requirements.txt are installed, you usually run pip install -r requirements.txt to make sure you have everything. If not, you need to install them and you have 2 options: either you're lucky and the OS ships the python packages in a RPM/DEB package, either you need to install the python package yourself and in that case you need a PyPI server. I didn't run the investigation but I assume all common OSes have the packages required by kubespray.

* [Optional] an internal Helm registry (only required if helm_enabled=true)

If you want to use install Helm, that means you want to install Helm charts. As you won't have access to stable charts because you're running in an air-gap environment, you need to create a Helm chart registry where you store the charts you're going to use. You can use ChartMuseum to do so

[dprabhua]

\assign

[dprabhua]

/assign @dprabhua

[floryut]

@dprabhua Reopen this one if you are ready to add something to contrib regarding offline setup