|
| 1 | +# Devtron Installation in an Airgapped Environment |
| 2 | + |
| 3 | +## Introduction |
| 4 | + |
| 5 | +In certain scenarios, you may need to deploy Devtron to a Kubernetes cluster that isn’t connected to the internet. Such air-gapped environments are used for various reasons, particularly in industries with strict regulatory requirements like healthcare, banking, and finance. This is because air-gapped environments aren't exposed to the public internet; therefore, they create a controlled and secure space for handling sensitive data and operations. |
| 6 | + |
| 7 | +### Prerequisites |
| 8 | + |
| 9 | +1. Install `podman` or `docker` on the VM from where you're executing the installation commands. |
| 10 | +2. Clone the Devtron Helm chart: |
| 11 | + |
| 12 | + ```bash |
| 13 | + git clone https://github.com/devtron-labs/devtron.git |
| 14 | + cd devtron |
| 15 | + ``` |
| 16 | + |
| 17 | +3. Set the values of `TARGET_REGISTRY`, `TARGET_REGISTRY_USERNAME`, and `TARGET_REGISTRY_TOKEN`. This registry should be accessible from the VM where you are running the cloning script and the K8s cluster where you’re installing Devtron. |
| 18 | + |
| 19 | +{% hint style="warning" %} |
| 20 | +### Note |
| 21 | +If you are using Docker, the TARGET_REGISTRY should be in the format `docker.io/<USERNAME>` |
| 22 | +{% endhint %} |
| 23 | + |
| 24 | +--- |
| 25 | + |
| 26 | +## Docker Instructions |
| 27 | + |
| 28 | +### Platform Selection |
| 29 | + |
| 30 | +#### For Linux/amd64 |
| 31 | + |
| 32 | + ```bash |
| 33 | + export PLATFORM="linux/amd64" |
| 34 | + ``` |
| 35 | +#### For Linux/arm64 |
| 36 | + |
| 37 | + ```bash |
| 38 | + export PLATFORM="linux/arm64" |
| 39 | + ``` |
| 40 | + |
| 41 | + |
| 42 | + |
| 43 | +1. Set the environment variables |
| 44 | + |
| 45 | + ```bash |
| 46 | + # Set the source registry URL |
| 47 | + export SOURCE_REGISTRY="quay.io/devtron" |
| 48 | +
|
| 49 | + # Set the target registry URL, username, and token/password |
| 50 | + export TARGET_REGISTRY="" |
| 51 | + export TARGET_REGISTRY_USERNAME="" |
| 52 | + export TARGET_REGISTRY_TOKEN="" |
| 53 | +
|
| 54 | + # Set the source and target image file names with default values if not already set |
| 55 | + SOURCE_IMAGES_LIST="${SOURCE_IMAGES_LIST:=devtron-images.txt.source}" |
| 56 | + TARGET_IMAGES_LIST="${TARGET_IMAGES_LIST:=devtron-images.txt.target}" |
| 57 | + ``` |
| 58 | + |
| 59 | +2. Log in to the target Docker registry |
| 60 | + |
| 61 | + ```bash |
| 62 | + docker login -u $TARGET_REGISTRY_USERNAME -p $TARGET_REGISTRY_TOKEN $TARGET_REGISTRY |
| 63 | + ``` |
| 64 | + |
| 65 | +3. Clone the images |
| 66 | + |
| 67 | + ```bash |
| 68 | + while IFS= read -r source_image; do |
| 69 | + # Check if the source image belongs to the quay.io/devtron registry |
| 70 | + if [[ "$source_image" == quay.io/devtron/* ]]; then |
| 71 | + # Replace the source registry with the target registry in the image name |
| 72 | + target_image="${source_image/quay.io\/devtron/$TARGET_REGISTRY}" |
| 73 | +
|
| 74 | + # Check if the source image belongs to the quay.io/argoproj registry |
| 75 | + elif [[ "$source_image" == quay.io/argoproj/* ]]; then |
| 76 | + # Replace the source registry with the target registry in the image name |
| 77 | + target_image="${source_image/quay.io\/argoproj/$TARGET_REGISTRY}" |
| 78 | +
|
| 79 | + # Check if the source image belongs to the public.ecr.aws/docker/library registry |
| 80 | + elif [[ "$source_image" == public.ecr.aws/docker/library/* ]]; then |
| 81 | + # Replace the source registry with the target registry in the image name |
| 82 | + target_image="${source_image/public.ecr.aws\/docker\/library/$TARGET_REGISTRY}" |
| 83 | + fi |
| 84 | +
|
| 85 | + # Pull the image from the source registry |
| 86 | + docker pull --platform $PLATFORM $source_image |
| 87 | +
|
| 88 | + # Tag the image with the new target registry name |
| 89 | + docker tag $source_image $target_image |
| 90 | +
|
| 91 | + # Push the image to the target registry |
| 92 | + docker push $target_image |
| 93 | +
|
| 94 | + # Output the updated image name |
| 95 | + echo "Updated image: $target_image" |
| 96 | +
|
| 97 | + # Append the new image name to the target image file |
| 98 | + echo "$target_image" >> "$TARGET_IMAGES_LIST" |
| 99 | +
|
| 100 | + done < "$SOURCE_IMAGES_LIST" |
| 101 | + ``` |
| 102 | +--- |
| 103 | + |
| 104 | +## Podman Instructions |
| 105 | + |
| 106 | +### For Multi-arch |
| 107 | + |
| 108 | +1. Set the environment variables |
| 109 | + |
| 110 | + ```bash |
| 111 | + export SOURCE_REGISTRY="quay.io/devtron" |
| 112 | + export SOURCE_REGISTRY_TOKEN=#Enter token provided by Devtron team |
| 113 | + export TARGET_REGISTRY=#Enter target registry url |
| 114 | + export TARGET_REGISTRY_USERNAME=#Enter target registry username |
| 115 | + export TARGET_REGISTRY_TOKEN=#Enter target registry token/password |
| 116 | + ``` |
| 117 | + |
| 118 | +2. Log in to the target Podman registry |
| 119 | + |
| 120 | + ```bash |
| 121 | + podman login -u $TARGET_REGISTRY_USERNAME -p $TARGET_REGISTRY_TOKEN $TARGET_REGISTRY |
| 122 | + ``` |
| 123 | + |
| 124 | +3. Clone the images |
| 125 | + |
| 126 | + ```bash |
| 127 | + SOURCE_REGISTRY="quay.io/devtron" |
| 128 | + TARGET_REGISTRY=${TARGET_REGISTRY} |
| 129 | + SOURCE_IMAGES_FILE_NAME="${SOURCE_IMAGES_FILE_NAME:=devtron-images.txt.source}" |
| 130 | + TARGET_IMAGES_FILE_NAME="${TARGET_IMAGES_FILE_NAME:=devtron-images.txt.target}" |
| 131 | +
|
| 132 | + cp $SOURCE_IMAGES_FILE_NAME $TARGET_IMAGES_FILE_NAME |
| 133 | + while read source_image; do |
| 134 | + if [[ "$source_image" == *"workflow-controller:"* || "$source_image" == *"argoexec:"* || "$source_image" == *"argocd:"* ]] |
| 135 | + then |
| 136 | + SOURCE_REGISTRY="quay.io/argoproj" |
| 137 | + sed -i "s|${SOURCE_REGISTRY}|${TARGET_REGISTRY}|g" $TARGET_IMAGES_FILE_NAME |
| 138 | + elif [[ "$source_image" == *"redis:"* ]] |
| 139 | + then |
| 140 | + SOURCE_REGISTRY="public.ecr.aws/docker/library" |
| 141 | + sed -i "s|${SOURCE_REGISTRY}|${TARGET_REGISTRY}|g" $TARGET_IMAGES_FILE_NAME |
| 142 | + else |
| 143 | + SOURCE_REGISTRY="quay.io/devtron" |
| 144 | + sed -i "s|${SOURCE_REGISTRY}|${TARGET_REGISTRY}|g" $TARGET_IMAGES_FILE_NAME |
| 145 | + fi |
| 146 | + done <$SOURCE_IMAGES_FILE_NAME |
| 147 | + echo "Target Images file finalized" |
| 148 | +
|
| 149 | + while read -r -u 3 source_image && read -r -u 4 target_image ; do |
| 150 | + echo "Pushing $source_image $target_image" |
| 151 | + podman manifest create $source_image |
| 152 | + podman manifest add $source_image $source_image --all |
| 153 | + podman manifest push $source_image $target_image --all |
| 154 | + done 3<"$SOURCE_IMAGES_FILE_NAME" 4<"$TARGET_IMAGES_FILE_NAME" |
| 155 | + ``` |
| 156 | + |
| 157 | +--- |
| 158 | + |
| 159 | +## Devtron Installation |
| 160 | + |
| 161 | +Before starting, ensure you have created an image pull secret for your registry if authentication is required. |
| 162 | + |
| 163 | +1. Create the namespace (if not already created) |
| 164 | + ```bash |
| 165 | + kubectl create ns devtroncd |
| 166 | + ``` |
| 167 | + |
| 168 | +2. Create the Docker registry secret |
| 169 | + ```bash |
| 170 | + kubectl create secret docker-registry devtron-imagepull \ |
| 171 | + --namespace devtroncd \ |
| 172 | + --docker-server=$TARGET_REGISTRY \ |
| 173 | + --docker-username=$TARGET_REGISTRY_USERNAME \ |
| 174 | + --docker-password=$TARGET_REGISTRY_TOKEN |
| 175 | + ``` |
| 176 | + If you are installing Devtron with the CI/CD module or using Argo CD, create the secret in the following namespaces else, you can skip this step-: |
| 177 | + ```bash |
| 178 | + kubectl create secret docker-registry devtron-imagepull \ |
| 179 | + --namespace devtron-cd \ |
| 180 | + --docker-server=$TARGET_REGISTRY \ |
| 181 | + --docker-username=$TARGET_REGISTRY_USERNAME \ |
| 182 | + --docker-password=$TARGET_REGISTRY_TOKEN |
| 183 | + kubectl create secret docker-registry devtron-imagepull \ |
| 184 | + --namespace devtron-ci \ |
| 185 | + --docker-server=$TARGET_REGISTRY \ |
| 186 | + --docker-username=$TARGET_REGISTRY_USERNAME \ |
| 187 | + --docker-password=$TARGET_REGISTRY_TOKEN |
| 188 | + kubectl create secret docker-registry devtron-imagepull \ |
| 189 | + --namespace argo \ |
| 190 | + --docker-server=$TARGET_REGISTRY \ |
| 191 | + --docker-username=$TARGET_REGISTRY_USERNAME \ |
| 192 | + --docker-password=$TARGET_REGISTRY_TOKEN |
| 193 | + ``` |
| 194 | + |
| 195 | +3. Navigate to the Devtron Helm chart directory |
| 196 | + ```bash |
| 197 | + cd charts/devtron |
| 198 | + ``` |
| 199 | + |
| 200 | + |
| 201 | +### Install Devtron without any Integration |
| 202 | + |
| 203 | +Use the below command to install Devtron without any Integrations |
| 204 | + |
| 205 | +1. Without `imagePullSecrets`: |
| 206 | + ```bash |
| 207 | + helm install devtron . -n devtroncd --set global.containerRegistry="$TARGET_REGISTRY" |
| 208 | + ``` |
| 209 | + |
| 210 | +2. With `imagePullSecrets`: |
| 211 | + ```bash |
| 212 | + helm install devtron . -n devtroncd --set global.containerRegistry="$TARGET_REGISTRY" --set global.imagePullSecrets[0].name=devtron-imagepull |
| 213 | + ``` |
| 214 | + |
| 215 | +### Installing Devtron with CI/CD Mode |
| 216 | +Use the below command to install Devtron with only the CI/CD module |
| 217 | + |
| 218 | +1. Without `imagePullSecrets`: |
| 219 | + ```bash |
| 220 | + helm install devtron . -n devtroncd --set installer.modules={cicd} --set global.containerRegistry="$TARGET_REGISTRY" |
| 221 | + ``` |
| 222 | + |
| 223 | +2. With `imagePullSecrets`: |
| 224 | + ```bash |
| 225 | + helm install devtron . -n devtroncd --set installer.modules={cicd} --set global.containerRegistry="$TARGET_REGISTRY" --set global.imagePullSecrets[0].name=devtron-imagepull |
| 226 | + ``` |
| 227 | + |
| 228 | +### Install Devtron with CICD Mode including Argocd |
| 229 | + |
| 230 | +Use the below command to install Devtron with the CI/CD module and Argo CD |
| 231 | + |
| 232 | +1. Without `imagePullSecrets`: |
| 233 | + ```bash |
| 234 | + helm install devtron . --create-namespace -n devtroncd --set installer.modules={cicd} --set argo-cd.enabled=true --set global.containerRegistry="$TARGET_REGISTRY" --set argo-cd.global.image.repository="${TARGET_REGISTRY}/argocd" --set argo-cd.redis.image.repository="${TARGET_REGISTRY}/redis" |
| 235 | + ``` |
| 236 | + |
| 237 | +2. With `imagePullSecrets`: |
| 238 | + ```bash |
| 239 | + helm install devtron . --create-namespace -n devtroncd --set installer.modules={cicd} --set argo-cd.enabled=true --set global.containerRegistry="$TARGET_REGISTRY" --set argo-cd.global.image.repository="${TARGET_REGISTRY}/argocd" --set argo-cd.redis.image.repository="${TARGET_REGISTRY}/redis" --set global.imagePullSecrets[0].name=devtron-imagepull |
| 240 | + ``` |
| 241 | + |
| 242 | +--- |
| 243 | + |
| 244 | +## Next Steps |
| 245 | +After installation, refer [Devtron installation documentation](https://docs.devtron.ai/install/install-devtron-with-cicd-with-gitops#devtron-dashboard) for further steps, including obtaining the dashboard URL and the admin password. |
0 commit comments