Installing Red Hat Developer Hub in an air-gapped environment
Abstract
Chapter 1. Air-gapped environment
An air-gapped environment, also known as an air-gapped network or isolated network, ensures security by physically segregating the system or network. This isolation is established to prevent unauthorized access, data transfer, or communication between the air-gapped system and external sources.
You can install the Red Hat Developer Hub in an air-gapped environment to ensure security and meet specific regulatory requirements.
Chapter 2. Installing Red Hat Developer Hub in an air-gapped environment with the Operator
On an OpenShift Container Platform cluster operating on a restricted network, public resources are not available. However, deploying the Red Hat Developer Hub Operator and running Developer Hub requires the following public resources:
- Operator images (bundle, operator, catalog)
- Operands images (RHDH, PostgreSQL)
To make these resources available, replace them with their equivalent resources in a mirror registry accessible to the OpenShift Container Platform cluster.
You can use a helper script that mirrors the necessary images and provides the necessary configuration to ensure those images will be used when installing the Red Hat Developer Hub Operator and creating Developer Hub instances.
This script requires a target mirror registry which you should already have installed if your OpenShift Container Platform cluster is ready to operate on a restricted network. However, if you are preparing your cluster for disconnected usage, you can use the script to deploy a mirror registry in the cluster and use it for the mirroring process.
Prerequisites
-
You have an active OpenShift CLI (
oc) session with administrative permissions to the OpenShift Container Platform cluster. See Getting started with the OpenShift CLI. -
You have an active
oc registrysession to theregistry.redhat.ioRed Hat Ecosystem Catalog. See Red Hat Container Registry Authentication. -
The
opmCLI tool is installed. See Installing the opm CLI. - The jq package is installed. See Download jq.
- Podman is installed. See Podman Installation Instructions.
- Skopeo version 1.14 or higher is installed. See Installing Skopeo.
- If you already have a mirror registry for your cluster, an active Skopeo session with administrative access to this registry is required. See Authenticating to a registry and Mirroring images for a disconnected installation.
The internal OpenShift Container Platform cluster image registry cannot be used as a target mirror registry. See About the mirror registry.
- If you prefer to create your own mirror registry, see Creating a mirror registry with mirror registry for Red Hat OpenShift.
If you do not already have a mirror registry, you can use the helper script to create one for you and you need the following additional prerequisites:
- The cURL package is installed. For Red Hat Enterprise Linux, the curl command is available by installing the curl package. To use curl for other platforms, see the cURL website.
-
The
htpasswdcommand is available. For Red Hat Enterprise Linux, thehtpasswdcommand is available by installing thehttpd-toolspackage.
Procedure
Download and run the mirroring script to install a custom Operator catalog and mirror the related images:
prepare-restricted-environment.sh(source).curl -sSLO https://raw.githubusercontent.com/redhat-developer/rhdh-operator/1.4.x/.rhdh/scripts/prepare-restricted-environment.sh # if you do not already have a target mirror registry # and want the script to create one for you # use the following example: bash prepare-restricted-environment.sh \ --prod_operator_index "registry.redhat.io/redhat/redhat-operator-index:v4.17" \ --prod_operator_package_name "rhdh" \ --prod_operator_bundle_name "rhdh-operator" \ --prod_operator_version "v1.4.0" # if you already have a target mirror registry # use the following example: bash prepare-restricted-environment.sh \ --prod_operator_index "registry.redhat.io/redhat/redhat-operator-index:v4.17" \ --prod_operator_package_name "rhdh" \ --prod_operator_bundle_name "rhdh-operator" \ --prod_operator_version "v1.4.0" \ --use_existing_mirror_registry "my_registry"
NoteThe script can take several minutes to complete as it copies multiple images to the mirror registry.
Chapter 3. Installing Red Hat Developer Hub in an air-gapped environment with the Helm Chart
An air-gapped environment, also known as an air-gapped network or isolated network, ensures security by physically segregating the system or network. This isolation is established to prevent unauthorized access, data transfer, or communication between the air-gapped system and external sources.
You can install Red Hat Developer Hub in an air-gapped environment to ensure security and meet specific regulatory requirements.
To install Developer Hub in an air-gapped environment, you must have access to the registry.redhat.io and the registry for the air-gapped environment.
Prerequisites
- You have installed an Red Hat OpenShift Container Platform 4.14 or later.
-
You have access to the
registry.redhat.io. - You have access to the Red Hat OpenShift Container Platform image registry of your cluster. For more information about exposing the image registry, see the Red Hat OpenShift Container Platform documentation about Exposing the registry.
-
You have installed the OpenShift CLI (
oc) on your workstation. -
You have installed the
podmancommand line tools on your workstation. - You you have an account in Red Hat Developer portal.
Procedure
Log in to your OpenShift Container Platform account using the OpenShift CLI (
oc), by running the following command:oc login -u <user> -p <password> https://api.<hostname>:6443
Log in to the OpenShift Container Platform image registry using the
podmancommand line tool, by running the following command:podman login -u kubeadmin -p $(oc whoami -t) default-route-openshift-image-registry.<hostname>
NoteYou can run the following commands to get the full host name of the OpenShift Container Platform image registry, and then use the host name in a command to log in:
REGISTRY_HOST=$(oc get route default-route -n openshift-image-registry --template='{{ .spec.host }}')podman login -u kubeadmin -p $(oc whoami -t) $REGISTRY_HOST
Log in to the
registry.redhat.ioinpodmanby running the following command:podman login registry.redhat.io
For more information about registry authentication, see Red Hat Container Registry Authentication.
Pull Developer Hub and PostgreSQL images from Red Hat Image registry to your workstation, by running the following commands:
podman pull registry.redhat.io/rhdh/rhdh-hub-rhel9:1.4.0
podman pull registry.redhat.io/rhel9/postgresql-15:latest
Push both images to the internal OpenShift Container Platform image registry by running the following commands:
podman push --remove-signatures registry.redhat.io/rhdh/rhdh-hub-rhel9:1.4.0 default-route-openshift-image-registry.<hostname>/<project_name>/rhdh-hub-rhel9:1.4.0
podman push --remove-signatures registry.redhat.io/rhel9/postgresql-15:latest default-route-openshift-image-registry.<hostname>/<project_name>/postgresql-15:latest
For more information about pushing images directly to the OpenShift Container Platform image registry, see How do I push an Image directly into the OpenShift 4 registry.
ImportantIf an x509 error occurs, verify that you have installed the CA certificate used for OpenShift Container Platform routes on your system.
Use the following command to verify that both images are present in the internal OpenShift Container Platform registry:
oc get imagestream -n <project_name>
Enable local image lookup for both images by running the following commands:
oc set image-lookup postgresql-15
oc set image-lookup rhdh-hub-rhel9
Go to YAML view and update the
imagesection forbackstageandpostgresqlusing the following values:Example values for Developer Hub image
upstream: backstage: image: registry: "" repository: rhdh-hub-rhel9 tag: latestExample values for PostgreSQL image
upstream: postgresql: image: registry: "" repository: postgresql-15 tag: latest- Install the Red Hat Developer Hub using Helm chart.