Red Hat Developer Hub 1.5

Installing Red Hat Developer Hub in an air-gapped environment

Running Red Hat Developer Hub on Red Hat OpenShift Container Platform in a networik restricted environment by using either the Operator or Helm chart.

Red Hat Customer Content Services

Abstract

Platform administrators can configure roles, permissions, and other settings to enable other authorized users to deploy an air-gapped Developer Hub instance on any supported platform using either the Operator or Helm chart.

1. Air-gapped environment

An air-gapped environment, also known as an air-gapped network or isolated network, ensures security by physically segregating the system or network. This isolation is established to prevent unauthorized access, data transfer, or communication between the air-gapped system and external sources.

You can install the Red Hat Developer Hub in an air-gapped environment to ensure security and meet specific regulatory requirements.

2. Installing Red Hat Developer Hub in an air-gapped environment with the Operator

You can install Red Hat Developer Hub in a fully disconnected or partially disconnected environment using the Red Hat Developer Hub Operator. For a list of supported platforms, see the Red Hat Developer Hub Life Cycle page.

2.1. Installing Red Hat Developer Hub in a partially disconnected environment with the Operator

On an OpenShift Container Platform cluster operating on a restricted network, public resources are not available. However, deploying the Red Hat Developer Hub Operator and running Developer Hub requires the following public resources:

  • Operator images (bundle, operator, catalog)
  • Operands images (RHDH, PostgreSQL)

To make these resources available, replace them with their equivalent resources in a mirror registry accessible to your cluster.

You can use a helper script that mirrors the necessary images and provides the necessary configuration to ensure those images will be used when installing the Red Hat Developer Hub Operator and creating Developer Hub instances. This script requires a target mirror registry. You likely have a target mirror registry ready to use if your cluster is already operating on a disconnected network. If you do not already have a target registry, and if you have an OpenShift Container Platform cluster, you might want to expose and leverage the internal cluster registry.

If you are connected to a OpenShift Container Platform cluster, the helper script will detect it and will automatically expose the cluster registry. However, if you are connected to a Kubernetes cluster, you can manually specify the target registry that you want to mirror the images to.

Prerequisites

  • You have installed Podman 5.3 or later. For more information, see Podman Installation Instructions.
  • You have installed Skopeo 1.17 or later.
  • You have installed yq 4.44 or later.
  • You have installed the GNU sed command line text editor.
  • You have installed umoci CLI tool.
  • You have an active oc registry, podman, or skopeo session to the registry.redhat.io Red Hat Ecosystem Catalog. For more information, see Red Hat Container Registry Authentication.
  • You have an active skopeo session with administrative access to the target mirror registry. For more information, see Authenticating to a registry.
  • You have installed the opm CLI tool. For more information, see Installing the opm CLI.

  • If you are using an OpenShift Container Platform cluster, you have the following prerequisites:

    • (Optional) You have installed the oc-mirror OpenShift Container Platform CLI plugin if you want to use it to mirror images.

  • If you are using a supported Kubernetes cluster, you have the following prerequisites:

    • You have installed the Operator Lifecycle Manager (OLM) on the disconnected cluster.
    • You have a mirror registry that is reachable from the disconnected cluster.

Procedure

  1. In your terminal, navigate to the directory where you want to save the mirroring script.

  2. Download the mirroring script by running the following command: 

    curl -sSLO https://raw.githubusercontent.com/redhat-developer/rhdh-operator/refs/heads/release-1.5/.rhdh/scripts/prepare-restricted-environment.sh

  3. Run the mirroring script by running the bash command with the appropriate set of options: 

    bash prepare-restricted-environment.sh \ (1)
  [--to-registry <my.registry.example.com>]] \ (2)
  [--use-oc-mirror true]
    Specifies the URL for the target mirror registry where you want to mirror the images.
    (Optional) Uses the oc-mirror OpenShift Container Platform CLI plugin to mirror images.
    Note

    The script can take several minutes to complete as it copies multiple images to the mirror registry.

Verification

  • If you are using Red Hat OpenShift Container Platform, the Red Hat Developer Hub Operator is in the Installed Operators list in the web console.

  • If you are using a supported Kubernetes platform, you can check the list of pods running in the rhdh-operator namespace by running the following command in your terminal: 

    kubectl -n rhdh-operator get pods

2.2. Installing Red Hat Developer Hub in a fully disconnected environment with the Operator

If your network has access to the registry through a bastion host, you can use the helper script to install Red Hat Developer Hub by mirroring the Operator-related images to disk and transferring them to your air-gapped environment without any connection to the internet.

Prerequisites

Procedure

  1. Download the mirroring script to disk by running the following command: 

    curl -sSLO https://raw.githubusercontent.com/redhat-developer/rhdh-operator/refs/heads/release-1.5/.rhdh/scripts/prepare-restricted-environment.sh

  2. Run the mirroring script by running the bash command with the appropriate set of options: 

    bash prepare-restricted-environment.sh \
    --to-dir <my_pulled_image_location>

    where

    <my_pulled_image_location>

    Specifies the absolute path to a directory where you want to pull all of the necessary images with the --to-dir option, for example, /home/user/rhdh-operator-mirror-dir.

    Note

    The script can take several minutes to complete as it copies multiple images to the mirror registry.

  3. Transfer the directory specified by the --to-dir option to your disconnected environment.

  4. From a machine in your disconnected environment that has access to both the cluster and the target mirror registry, run the mirroring script by running the bash command with the appropriate set of options: 

    bash <my_pulled_image_location>/install.sh  \ (1)
    --from-dir <my_pulled_image_location> \  (2)
    [--to-registry <my.registry.example.com>] \ (3)
    [--use-oc-mirror true] (4)
    The downloaded image and the absolute path to the directory where it is stored on your system.
    Specifies the directory where you want to pull all of the necessary images with the --to-dir option.
    Specifies the URL for the target mirror registry where you want to mirror the images.
    (Optional) Uses the oc-mirror OpenShift Container Platform CLI plugin to mirror images.
    Note

    If you used oc-mirror to mirror the images to disk, you must also use oc-mirror to mirror the images from disk due to the folder layout that oc-mirror uses.

    Note

    The script can take several minutes to complete as it automatically installs the Red Hat Developer Hub Operator.

Verification

  • If you are using Red Hat OpenShift Container Platform, the Red Hat Developer Hub Operator is in the Installed Operators list in the web console.

  • If you are using a supported Kubernetes platform, you can check the list of pods running in the rhdh-operator namespace by running the following command in your terminal: 

    kubectl -n rhdh-operator get pods

Next steps

3. Installing Red Hat Developer Hub in an air-gapped environment with the Helm Chart

An air-gapped environment, also known as an air-gapped network or isolated network, ensures security by physically segregating the system or network. This isolation is established to prevent unauthorized access, data transfer, or communication between the air-gapped system and external sources.

You can install Red Hat Developer Hub in an air-gapped environment to ensure security and meet specific regulatory requirements.

To install Developer Hub in an air-gapped environment, you must have access to the registry.redhat.io and the registry for the air-gapped environment.

Prerequisites

  • You have installed an Red Hat OpenShift Container Platform 4.14 or later.
  • You have access to the registry.redhat.io.
  • You have access to the Red Hat OpenShift Container Platform image registry of your cluster. For more information about exposing the image registry, see the Red Hat OpenShift Container Platform documentation about Exposing the registry.
  • You have installed the OpenShift CLI (oc) on your workstation.
  • You have installed the podman command line tools on your workstation.
  • You you have an account in Red Hat Developer portal.

Procedure

  1. Log in to your OpenShift Container Platform account using the OpenShift CLI (oc), by running the following command: 

    oc login -u <user> -p <password> https://api.<hostname>:6443

  2. Log in to the OpenShift Container Platform image registry using the podman command line tool, by running the following command: 

    podman login -u kubeadmin -p $(oc whoami -t) default-route-openshift-image-registry.<hostname>
    Note

    You can run the following commands to get the full host name of the OpenShift Container Platform image registry, and then use the host name in a command to log in: 

    REGISTRY_HOST=$(oc get route default-route -n openshift-image-registry --template='{{ .spec.host }}')
    podman login -u kubeadmin -p $(oc whoami -t) $REGISTRY_HOST

  3. Log in to the registry.redhat.io in podman by running the following command: 

    podman login registry.redhat.io

    For more information about registry authentication, see Red Hat Container Registry Authentication.

  4. Pull Developer Hub and PostgreSQL images from Red Hat Image registry to your workstation, by running the following commands: 

    podman pull registry.redhat.io/rhdh/rhdh-hub-rhel9:1.5
    podman pull registry.redhat.io/rhel9/postgresql-15:latest

  5. Push both images to the internal OpenShift Container Platform image registry by running the following commands: 

    podman push --remove-signatures registry.redhat.io/rhdh/rhdh-hub-rhel9:1.5 default-route-openshift-image-registry.<hostname>/<project_name>/rhdh-hub-rhel9:1.5
    podman push --remove-signatures registry.redhat.io/rhel9/postgresql-15:latest default-route-openshift-image-registry.<hostname>/<project_name>/postgresql-15:latest

    For more information about pushing images directly to the OpenShift Container Platform image registry, see How do I push an Image directly into the OpenShift 4 registry.

    Important

  6. Use the following command to verify that both images are present in the internal OpenShift Container Platform registry: 

    oc get imagestream -n {my-product-namespace}

  7. Enable local image lookup for both images by running the following commands: 

    oc set image-lookup postgresql-15
    oc set image-lookup  rhdh-hub-rhel9

  8. Go to YAML view and update the image section for backstage and postgresql using the following values:

    Example values for Developer Hub image

    upstream:
  backstage:
    image:
      registry: ""
      repository: rhdh-hub-rhel9
      tag: latest

    Example values for PostgreSQL image

    upstream:
  postgresql:
    image:
      registry: ""
      repository: postgresql-15
      tag: latest

  9. Install the Red Hat Developer Hub using Helm chart.

Legal Notice

Copyright © 2025 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.