Red Hat Developer Hub 1.4

Installing Red Hat Developer Hub in an air-gapped environment

Red Hat Customer Content Services

Legal Notice

Abstract

Red Hat Developer Hub is an enterprise-grade platform for building developer portals. Administrative users can configure roles, permissions, and other settings to enable other authorized users to deploy an air-gapped Developer Hub instance on any supported platform using either the Operator or Helm chart.

1. Air-gapped environment
2. Installing Red Hat Developer Hub in an air-gapped environment with the Operator
3. Installing Red Hat Developer Hub on OpenShift Container Platform in an air-gapped environment with the Helm chart
3.1. Installing Red Hat Developer Hub on OpenShift Container Platform in a partially disconnected environment with the Helm chart
3.2. Installing Red Hat Developer Hub on OpenShift Container Platform in a fully disconnected environment with the Helm chart

1. Air-gapped environment

An air-gapped environment, also known as an air-gapped network or isolated network, ensures security by physically segregating the system or network. This isolation is established to prevent unauthorized access, data transfer, or communication between the air-gapped system and external sources.

You can install the Red Hat Developer Hub in an air-gapped environment to ensure security and meet specific regulatory requirements.

2. Installing Red Hat Developer Hub in an air-gapped environment with the Operator

On an OpenShift Container Platform cluster operating on a restricted network, public resources are not available. However, deploying the Red Hat Developer Hub Operator and running Developer Hub requires the following public resources:

Operator images (bundle, operator, catalog)
Operands images (RHDH, PostgreSQL)

To make these resources available, replace them with their equivalent resources in a mirror registry accessible to the OpenShift Container Platform cluster.

You can use a helper script that mirrors the necessary images and provides the necessary configuration to ensure those images will be used when installing the Red Hat Developer Hub Operator and creating Developer Hub instances.

Note

This script requires a target mirror registry which you should already have installed if your OpenShift Container Platform cluster is ready to operate on a restricted network. However, if you are preparing your cluster for disconnected usage, you can use the script to deploy a mirror registry in the cluster and use it for the mirroring process.

Prerequisites

You have an active OpenShift CLI (oc) session with administrative permissions to the OpenShift Container Platform cluster. See Getting started with the OpenShift CLI.
You have an active oc registry session to the registry.redhat.io Red Hat Ecosystem Catalog. See Red Hat Container Registry Authentication.
The opm CLI tool is installed. See Installing the opm CLI.
The jq package is installed. See Download jq.
Podman is installed. See Podman Installation Instructions.
Skopeo version 1.14 or higher is installed. See Installing Skopeo.
If you already have a mirror registry for your cluster, an active Skopeo session with administrative access to this registry is required. See Authenticating to a registry and Mirroring images for a disconnected installation.

Note

The internal OpenShift Container Platform cluster image registry cannot be used as a target mirror registry. See About the mirror registry.

If you prefer to create your own mirror registry, see Creating a mirror registry with mirror registry for Red Hat OpenShift.
If you do not already have a mirror registry, you can use the helper script to create one for you and you need the following additional prerequisites:
- The cURL package is installed. For Red Hat Enterprise Linux, the curl command is available by installing the curl package. To use curl for other platforms, see the cURL website.
- The htpasswd command is available. For Red Hat Enterprise Linux, the htpasswd command is available by installing the httpd-tools package.

Procedure

Download and run the mirroring script to install a custom Operator catalog and mirror the related images: prepare-restricted-environment.sh (source).

curl -sSLO https://raw.githubusercontent.com/redhat-developer/rhdh-operator/release-1.4/.rhdh/scripts/prepare-restricted-environment.sh

# if you do not already have a target mirror registry
# and want the script to create one for you
# use the following example:
bash prepare-restricted-environment.sh \
   --prod_operator_index "registry.redhat.io/redhat/redhat-operator-index:v4.17" \
   --prod_operator_package_name "rhdh" \
   --prod_operator_bundle_name "rhdh-operator" \
   --prod_operator_version "v1.4.1"

# if you already have a target mirror registry
# use the following example:
bash prepare-restricted-environment.sh \
   --prod_operator_index "registry.redhat.io/redhat/redhat-operator-index:v4.17" \
   --prod_operator_package_name "rhdh" \
   --prod_operator_bundle_name "rhdh-operator" \
   --prod_operator_version "v1.4.1" \
   --use_existing_mirror_registry "my_registry"

Note

The script can take several minutes to complete as it copies multiple images to the mirror registry.

3. Installing Red Hat Developer Hub on OpenShift Container Platform in an air-gapped environment with the Helm chart

You can install Red Hat Developer Hub in a fully disconnected or partially disconnected environment using the Red Hat Developer Hub Helm chart.

Additional resources

For more information about registry authentication, see Red Hat Container Registry Authentication.

3.1. Installing Red Hat Developer Hub on OpenShift Container Platform in a partially disconnected environment with the Helm chart

If your network has access to the registry.redhat.io registry and the charts.openshift.io Helm chart repository, you can deploy your Red Hat Developer Hub instance in your partially disconnected environment by mirroring the specified resources directly to the target registry.

Prerequisites

You have installed Red Hat OpenShift Container Platform 4.14 or later.
You have access to the charts.openshift.io Helm chart repository.
You have access to the registry.redhat.io.
You have access to a mirror registry that can be reached from the disconnected cluster, for example, the OpenShift Container Platform image registry. For more information about exposing the OpenShift Container Platform image registry, see Exposing the registry.
You are logged in to your target mirror registry and have permissions to push images to it. For more information, see Configuring credentials that allow images to be mirrored.
You have installed the OpenShift CLI (oc) on your workstation.
You have installed the oc-mirror OpenShift CLI (oc) plugin, for more information see Installing the oc-mirror OpenShift CLI plugin.
You have an account in Red Hat Developer portal.

Procedure

Log in to your OpenShift Container Platform account using the OpenShift CLI (oc) by running the following command:
```
oc login -u <user> -p <password> https://api.<hostname>:6443
```
From your disconnected cluster, log in to the image registry that you want to mirror, for example, the OpenShift Container Platform image registry.
Create an ImageSetConfiguration.yaml file.
In your ImageSetConfiguration.yaml file, specify the resources that you want to mirror. For example:
```
apiVersion: mirror.openshift.io/v1alpha2
kind: ImageSetConfiguration
mirror:
  helm:
    repositories:
      - name: <repository_name> (1)
        url: <repository_url> (2)
        charts:
          - name: <chart_name> (3)
            version: "<rhdh_version>" (4)
```
The name of the repository containing the Helm chart that you want to mirror, for example, openshift-charts.
The URL for the repository containing the Helm chart that you want to mirror, for example, https://charts.openshift.io.
The name of the Helm chart containing the images that you want to mirror, for example, redhat-developer-hub.
The Red Hat Developer Hub version that you want to use, for example, 1.4
Mirror the resources specified in the image set configuration file directly to the target registry by running the oc-mirror command. For example:
```
oc-mirror --config=<mirror_config_directory>/ImageSetConfiguration.yaml <target-mirror-registry>
```
where:
<mirror_config_directory>
Specifies the location of your image set configuration file on your system, for example, .user.
<target_mirror_registry>
Specifies the location and name of your target mirror registry, for example,docker://registry.example:5000.
Note
Running the oc-mirror command creates a local workspace containing the Helm chart and a ImageContentSourcePolicy (ICSP) manifest. The ICSP manifest contains an automatically-generated imageContentSourcePolicy.yaml file that you must apply against the cluster in a later step.
Example output
```
Writing image mapping to oc-mirror-workspace/results-1738070846/mapping.txt
Writing ICSP manifests to oc-mirror-workspace/results-1738070846
```
In your workspace, locate the imageContentSourcePolicy.yaml file by running the ls command. For example:
```
ls <workspace_directory>/<results_directory>
```
where:
<workspace_directory>
Specifies the name of your workspace directory, for example, oc-mirror-workspace.
<results_directory>
Specifies the name of your results directory, for example, results-1738070846.
To mirror the Helm chart, deploy the imageContentSourcePolicy.yaml file in the disconnected cluster by running the oc apply command. For example:
```
oc apply -f <workspace_directory>/<results_directory>/ImageContentSourcePolicy.yaml
```
where:
<workspace_directory>
Specifies the name of your workspace directory, for example, oc-mirror-workspace.
<results_directory>
Specifies the name of your results directory, for example, results-1738070846.
In your air-gapped environment, deploy the Helm chart to the namespace that you want to use by running the helm install command with namespace and set options. For example:
```
CLUSTER_ROUTER_BASE=$(oc get route console -n openshift-console -o=jsonpath='{.spec.host}' | sed 's/^[.]*\.//')

helm install <rhdh_instance> <workspace_directory>/<results_directory>/charts/<archive_file> --namespace <your_namespace> --create-namespace \
  --set global.clusterRouterBase="$CLUSTER_ROUTER_BASE"
```
where:
<rhdh_instance>
Specifies the name of your Red Hat Developer Hub instance, for example, my-rhdh.
<workspace_directory>
Specifies the name of your workspace directory, for example, oc-mirror-workspace.
<results_directory>
Specifies the name of your results directory, for example, results-1738070846.
<archive_file>
Specifies the name of the archive file containing the resources that you want to mirror, for example, redhat-developer-hub-1.4.1.tgz.
<your_namespace>
Specifies the namespace that you want to deploy the Helm chart to, for example, my-rhdh-project.

3.2. Installing Red Hat Developer Hub on OpenShift Container Platform in a fully disconnected environment with the Helm chart

If your network has access to the registry through a bastion host, you can use the Helm chart to install Red Hat Developer Hub by mirroring specified resources to disk and transferring them to your air-gapped environment without any connection to the internet.

Prerequisites

You have set up your workstation.
- You have access to the registry.redhat.io.
- You have access to the charts.openshift.io Helm chart repository.
- You have installed the OpenShift CLI (oc) on your workstation.
- You have installed the oc-mirror OpenShift CLI (oc) plugin, for more information see Installing the oc-mirror OpenShift CLI plugin.
- You have an account in Red Hat Developer portal.
You have set up your intermediary host.
- Your host has access to the disconnected cluster and to the target mirror registry, for example, the Red Hat OpenShift Container Platform image registry. For more information about exposing the OpenShift Container Platform image registry, see Exposing the registry.
- You have installed the oc-mirror OpenShift CLI (oc) plugin, for more information see Installing the oc-mirror OpenShift CLI plugin.
- You have installed Red Hat OpenShift Container Platform 4.14 or later.
- You have installed the OpenShift CLI (oc) on your workstation.

Procedure

Create an ImageSetConfiguration file to specify the resources that you want to mirror. For example:
```
apiVersion: mirror.openshift.io/v1alpha2
kind: ImageSetConfiguration
mirror:
  helm:
    repositories:
           - name: <repository_name> (1)
        url: <repository_url> (2)
        charts:
          - name: <chart_name> (3)
            version: "<rhdh_version>" (4)
```
The name of the repository that you want to mirror, for example, openshift-charts.
The URL for the repository that you want to mirror, for example, https://charts.openshift.io.
The name of the Helm chart that you want to mirror, for example, redhat-developer-hub.
The version of Red Hat Developer Hub that you want to use, for example, 1.4
Mirror the resources specified in the ImageSetConfiguration.yaml file by running the oc-mirror command. For example:
```
oc-mirror --config=<mirror_config_directory>/ImageSetConfiguration.yaml <mirror_archive_directory>/
```
where:
<mirror_config_directory>
Specifies the location of your image set configuration file on your system, for example, .user.
<mirror_configuration_file>
Specifies the name of your mirror configuration yaml file, for example, mirror-config.yaml
<mirror_archive_directory>
Specifies the location of your directory where the mirror archive will be created, for example,file://.user.
Note
Running the oc-mirror command generates a local workspace containing the mirror archive file, the Helm chart, and a ImageContentSourcePolicy (ICSP) manifest. The ICSP manifest contains an imageContentSourcePolicy.yaml file that you must apply against the cluster in a later step.
Example output
```
Creating archive /path/to/mirror-archive/mirror_seq1_000000.tar
```
Transfer the generated archive file (for example, mirror_seq1_000000.tar) to the air-gapped environment.
Connect to your air-gapped environment and make sure that you are also connected to the following objects:
- The local target registry
- The target OpenShift Container Platform cluster
From your air-gapped environment, mirror the resources from the archive to the target registry by running the oc-mirror command. For example:
```
oc-mirror --from <mirror-archive-file> <target-registry>
```
where:
<mirror_archive_file>
Specifies the name of the file containing the resources that you want to mirror, for example,mirror_seq1_0000.tar.
<target_registry>
Specifies the name of the target registry that you want to push the mirrored images to, for example, docker://registry.localhost:5000.
Example output
```
Wrote release signatures to oc-mirror-workspace/results-1738075410
Writing image mapping to oc-mirror-workspace/results-1738075410/mapping.txt
Writing ICSP manifests to oc-mirror-workspace/results-1738075410
```
In your workspace, locate the imageContentSourcePolicy.yaml file by running the ls command. For example:
```
ls <workspace_directory>/<results_directory>
```
where:
<workspace_directory>
Specifies the name of your workspace directory, for example, oc-mirror-workspace.
<results_directory>
Specifies the name of your results directory, for example, results-1738070846.
To mirror the Helm chart, deploy the imageContentSourcePolicy.yaml file in the disconnected cluster by running the oc apply command. For example:
```
oc apply -f <workspace_directory>/<results_directory>/ImageContentSourcePolicy.yaml
```
where:
<workspace-directory>
Specifies the name of your workspace directory, for example, oc-mirror-workspace.
<results-directory>
Specifies the name of your results directory, for example, results-1738070846.
In your air-gapped environment, deploy the Helm chart to the namespace that you want to use by running the helm install command with namespace and set options. For example:
```
CLUSTER_ROUTER_BASE=$(oc get route console -n openshift-console -o=jsonpath='{.spec.host}' | sed 's/^[.]*\.//')

helm install <rhdh_instance> <workspace_directory>/<results_directory>/charts/<archive_file> --namespace <your_namespace> --create-namespace \
  --set global.clusterRouterBase="$CLUSTER_ROUTER_BASE"
```
where:
<rhdh_instance>
Specifies the name of your Red Hat Developer Hub instance, for example, my-rhdh
<workspace_directory>
Specifies the name of your workspace directory, for example, oc-mirror-workspace.
<results_directory>
Specifies the name of your results directory, for example, results-1738070846.
<archive_file>
Specifies the name of the archive file containing the resources that you want to mirror, for example, redhat-developer-hub-1.4.1.tgz.
<your_namespace>
Specifies the namespace that you want to deploy the Helm chart to, for example, my-rhdh-project.

Legal Notice

The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.

Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.

Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.

Linux® is the registered trademark of Linus Torvalds in the United States and other countries.

Java® is a registered trademark of Oracle and/or its affiliates.

XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.

MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.

Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.

The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.

All other trademarks are the property of their respective owners.