Airgap installation is used for the environments where Production openshift cluster is isolated from internet or behind the firewall. Airgap installation is done with two methods, first is Bastion host intsallatio and second is Portable Device installation. For installation, values.conf file need to be updated with required values and optional parameters can be skipped.
Following commands are used in video for installation,
1. To create/set the environment variables with the installer image name and the image inventory on your mirroring device
export CASE_NAME=ibm-cp-security && export CASE_VERSION=1.0.29
2. To download the IBM Cloud Pak for Security installer and image inventory to your mirroring device
oc ibm-pak get $CASE_NAME –version $CASE_VERSION –disable-top-level-images-mode
3. To set the environment variable for target registry
export TARGET_REGISTRY=(target_registry)
4. To generate the mirror manifests to use when you mirror the images to the target registry
oc ibm-pak generate mirror-manifests $CASE_NAME $TARGET_REGISTRY –version $CASE_VERSION
5. To mirror images to the target registry
oc image mirror -f ~/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/images-mapping.txt –filter-by-os ‘.*’ -a $REGISTRY_AUTH_FILE –insecure –skip-multiple-scopes –max-per-registry=1
6.a. To retrieve the global pull secret of cluster
oc get secret/pull-secret -n openshift-config –template='{{index .data “.dockerconfigjson” | base64decode}}’ ) (pull_secret_location)
6.b. Add the new pull secret to the global pull secret file
oc registry login –registry=”$TARGET_REGISTRY” –auth-basic=”(username):(password)” –to=(pull_secret_location)
6.c. To update the global pull secret in the cluster
oc set data secret/pull-secret -n openshift-config –from-file=.dockerconfigjson=(pull_secret_location)
6.c. To verify the status of nodes
oc get MachineConfigPool -w
7. To create the ImageContentSourcePolicy resource
oc apply -f ~/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/image-content-source-policy.yaml
8. To extract the Cloud Pak for Security CASE
tar -xf ~/.ibm-pak/data/cases/$CASE_NAME/$CASE_VERSION/ibm-cp-security-$CASE_VERSION.tgz -C ~/.ibm-pak/data/cases/$CASE_NAME/$CASE_VERSION
9. To archive the Cloud Pak for Security CASE after updating the values.conf
tar czf ~/.ibm-pak/data/cases/ibm-cp-security/$CASE_VERSION/ibm-cp-security-$CASE_VERSION.tgz -C ~/.ibm-pak/data/cases/ibm-cp-security/$CASE_VERSION/ ibm-cp-security
10. To install Cloud Pak for Security
oc ibm-pak launch -t 1 $CASE_NAME –version $CASE_VERSION –inventory ibmSecurityOperatorSetup –namespace $CP4S_NAMESPACE –action install –args “–acceptLicense true –inputDir ~/.ibm-pak/data/cases/$CASE_NAME/$CASE_VERSION”
11. To verify Cloud Pak for Security installation
oc ibm-pak launch -t 1 $CASE_NAME –version $CASE_VERSION –inventory ibmSecurityOperatorSetup –namespace $CP4S_NAMESPACE –action validate
[ad_2]
source
