Install or upgrade Deploy on an Air-gapped Kubernetes Cluster
You can install Deploy in an air-gapped environment disconnected from the public internet. This topic provides information about installing and upgrading Deploy in such environments using a Minikube cluster and a custom image registry. For other Kubernetes platforms, steps are similar to the ones listed here for Minikube as long as the custom image registry contains all the required images. Note: The Amazon Elastic Container Registry (ECR) does not support having all necessary images in a single repository and hence, cannot be used as a custom image registry.
Prerequisites
- Read and understand the Plan Your Installation or Upgrade page
- Read and understand the XL CLI's xl kube command
- A computer that runs Windows, macOS, or Linux to install and run the kubectl and other CLIs
- kubectl
- XL CLI 23.1.0 or later
- Deploy operator 22.3.1 or later
- Docker
Steps to Install or Upgrade Deploy in an Air-Gapped Environment
Step 1—Download the Appropriate Installation Blueprint
Before you begin, download the appropriate version of the installation blueprints from the Nexus site (zipped file) https://nexus.xebialabs.com/nexus/content/repositories/digitalai-public/ai/digital/xlclient/blueprints/xl-op-blueprints/.
Note: In case of normal installation on a machine connected to the internet, the installer automatically downloads the blueprints from the distribution site: (https://dist.xebialabs.com/public/xl-op-blueprints/).
If you are not sure about the correct version of the blueprint to download, run the xl kube help command.
Unzip and move the blueprint files to the server where you plan to execute xl kube.
Step 2—Add the Necessary Operator-Related Images to Your Image Registry
As the Kubernetes cluster running in an air-gapped environment cannot download images from public registries such as docker.io, you must push the images to an image registry accessible to the Kubernetes cluster. To do this, create a private image repository on the cloud or a local image repository that is accessible to the Kubernetes cluster.
Here is a list of images required for installing Deploy.
Note: Replace <version> with the version of Deploy you are trying to install.
- docker.io/xebialabs/xl-deploy:
- docker.io/xebialabs/deploy-task-engine:
- docker.io/xebialabs/central-configuration:
- docker.io/xebialabs/tiny-tools:22.2.0
- docker.io/xebialabs/deploy-operator:
- gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
Here are some additional images that may be required based on the components used in your setup:
| Nginx | - docker.io/bitnami/nginx:1.22.1-debian-11-r44- docker.io/bitnami/nginx-ingress-controller:1.6.4-debian-11-r5 |
| HAProxy | - quay.io/jcmoraisjr/haproxy-ingress:v0.14.2 |
| Embedded Keycloak | - docker.io/jboss/keycloak:17.0.1 |
| Embedded Postgres | - docker.io/bitnami/postgresql:14.5.0-debian-11-r35 |
| Embedded RabbitMQ | - docker.io/bitnami/rabbitmq:3.11.10-debian-11-r0- docker.io/bitnami/bitnami-shell:11-debian-11-r92 |
Step 3—Push Images to an Internally Accessible Docker Registry
To ensure that the Kubernetes cluster has access to these images, you must pull the images to a bastion instance connected to the internet and push them to an internally accessible Docker registry.
For example, to push the images to a Docker registry at myrepo_host, follow these steps:
Note: Replace <version> with the version of Deploy you are trying to install. For instance, to install version 23.1, use 23.1.x.
docker pull docker.io/xebialabs/xl-deploy:<version>
docker tag docker.io/xebialabs/xl-deploy:<version> myrepo_host/myrepo/xl-deploy:<version>
docker push myrepo_host/myrepo/xl-deploy:<version>
Note: Ensure that you are logged in to the Docker registry before pushing the images.
If you are using a password-protected, private image registry, create a registry secret:
kubectl create secret docker-registry regcred \
--docker-server=myrepo_host \
--docker-username=<reg-user> \
--docker-password=<reg-password> \
-n digitalai
This example creates a secret called regcred which can be used as pull secrets required for pulling images from a private image registry.
Step 4—Use xl kube install to Install Using a Custom Docker Image Registry
Note: For instructions on installing Deploy using the default image registry, see Install—Deploy or Release—On-premise Kubernetes.
When using a custom Docker registry, the operator image will be in the format myrepo_host/myrepo/deploy-operator:image_tag.
Here is an example of the installation on Minikube with a local Docker registry running at localhost:5000:
- ? Enter the custom docker image registry name:
localhost:5000 - ? Enter the repository name (eg:
<repositoryName> from <repositoryName>/<imageName>:<tagName>):myrepo - ? Enter the operator image to use (eg:
<imageRegistryName>/<repositoryName>``/<imageName>:<tagName>):localhost:5000/myrepo/deploy-operator:<version>
Note: For the above mentioned prompts, override the default answers and specify answers in this format. Additionally, use the actual image tag version in place of <version>, for instance, 23.1.x.
For more information about these prompts, see Installation Wizard for Digital.ai Deploy.
❯ xl kube install -l c:\proj\xl-op-blueprints
? Following kubectl context will be used during execution: `minikube`? Yes
? Select the Kubernetes setup where the Digital.ai Devops Platform will be installed, updated or cleaned: PlainK8s [Plain multi-node K8s cluster]
? Do you want to use an custom Kubernetes namespace (current default is 'digitalai'): No
? Product server you want to perform install for: dai-deploy [Digital.ai Deploy]
? Select type of image registry: public [Custom Public Registry (Uses a specific custom registry)]
? Enter the custom docker image registry name: localhost:5000
? Enter the repository name (eg: <repositoryName> from <repositoryName>/<imageName>:<tagName>): myrepo
? Enter the deploy server image name (eg: <imageName> from <repositoryName>/<imageName>:<tagName>): xl-deploy
? Enter the image tag (eg: <tagName> from <repositoryName>/<imageName>:<tagName>): 23.1.x
? Enter the deploy task engine image name for version 22 and above (eg: <imageName> from <repositoryName>/<imageName>:<tagName>): deploy-task-engine
? Enter the central configuration image name for version 22 and above (eg: <imageName> from <repositoryName>/<imageName>:<tagName>): central-configuration
? Enter the deploy master server replica count: 1
? Enter PVC size for Deploy master (Gi): 1
? Select between supported Access Modes: ReadWriteOnce [ReadWriteOnce]
? Enter the deploy worker replica count: 1
? Enter PVC size for Deploy worker (Gi): 1
? Enter PVC size for Central Configuration (Gi): 0.500000
? Select between supported ingress types: haproxy [HAProxy]
? Do you want to enable an TLS/SSL configuration (if yes, requires existing TLS secret in the namespace): No
? Provide DNS name for accessing UI of the server: test.com
? Provide administrator password: 30Q5utfMV6O9wnHF
? Type of the OIDC configuration: embedded [Embedded Keycloak Configuration]
? Use embedded DB for keycloak: Yes
? Enter Keycloak public URL: k.test.com
? Enter the operator image to use (eg: <imageRegistryName>/<repositoryName>/<imageName>:<tagName>): localhost:5000/myrepo/deploy-operator:23.1.x
? Select source of the license: file [Path to the license file (the file can be in clean text or base64 encoded)]
? Provide license file for the server: c:\downloads\xld-license.lic
? Select source of the repository keystore: generate [Generate the repository keystore during installation (you need to have keytool utility installed in your path)]
? Provide keystore passphrase: 1uwAFCtUJEdwmaDi
? Provide storage class for the server: standard
? Do you want to install a new PostgreSQL on the cluster: Yes
? Provide Storage Class to be defined for PostgreSQL: standard
? Provide PVC size for PostgreSQL (Gi): 1
? Do you want to install a new RabbitMQ on the cluster: Yes
? Replica count to be defined for RabbitMQ: 1
? Storage Class to be defined for RabbitMQ: standard
? Provide PVC size for RabbitMQ (Gi): 1
...
? Do you want to proceed to the deployment with these values? Yes
For current process files will be generated in the: digitalai/dai-deploy/digitalai/20221020-001911/kubernetes
Generated answers file successfully: digitalai/generated_answers_dai-deploy_digitalai_install-20221020-001911.yaml
Starting install processing.
...
Once the installation is completed successfully, you will see the operator and other resource pods up and running.
Use xl kube upgrade to Upgrade Deploy Using a Custom Docker Image Registry
The upgrade process for a custom Docker image registry is similar to the installation process except using xl kube upgrade instead of xl kube install.
Here is an example of running upgrade using the custom docker image registry option:
❯ xl kube upgrade -l ./xl-op-blueprints
...
? Select type of image registry: public [Custom Public Registry (Uses a specific custom registry)]
? Enter the custom docker image registry name: localhost:5000
? Enter the repository name (eg: <repositoryName> from <repositoryName>/<imageName>:<tagName>): myrepo
...
? Enter the operator image to use (eg: <imageRegistryName>/<repositoryName>/<imageName>:<tagName>): localhost:5000/myrepo/deploy-operator:23.1.x
...
? Edit list of custom resource keys that will migrate to the new Deploy CR:
...
? Do you want to proceed to the deployment with these values? Yes
For current process files will be generated in the: digitalai/dai-deploy/digitalai/20221020-011911/kubernetes
Generated answers file successfully: digitalai/generated_answers_dai-deploy_digitalai_upgrade-20221020-011911.yaml
Starting upgrade processing.
...
During upgrade, for the Edit list of custom resource keys that will migrate to the new Deploy CR: prompt, append the following keys:
For default image registry
.spec.TinyToolsImageRepository
.spec.nginx-ingress-controller.defaultBackend.image.registry
.spec.nginx-ingress-controller.defaultBackend.image.repository
.spec.nginx-ingress-controller.image.registry
.spec.nginx-ingress-controller.image.repository
.spec.haproxy-ingress.controller.image.repository
.spec.keycloak.image.repository
.spec.keycloak.postgresql.image.registry
.spec.keycloak.postgresql.image.repository
.spec.postgresql.image.registry
.spec.postgresql.image.repository
.spec.rabbitmq.image.registry
.spec.rabbitmq.image.repository
.spec.rabbitmq.volumePermissions.image.registry
.spec.rabbitmq.volumePermissions.image.repository
For public custom Docker registry
.spec.TinyToolsImageRepository
.spec.nginx-ingress-controller.defaultBackend.image.repository
.spec.nginx-ingress-controller.image.repository
.spec.nginx-ingress-controller.global.imageRegistry
.spec.haproxy-ingress.controller.image.repository
.spec.keycloak.image.repository
.spec.keycloak.postgresql.image.registry
.spec.keycloak.postgresql.image.repository
.spec.postgresql.image.repository
.spec.postgresql.global.imageRegistry
.spec.rabbitmq.image.repository
.spec.rabbitmq.global.imageRegistry
.spec.rabbitmq.volumePermissions.image.repository
For private custom Docker registry
.spec.TinyToolsImageRepository
.spec.nginx-ingress-controller.defaultBackend.image.repository
.spec.nginx-ingress-controller.image.repository
.spec.nginx-ingress-controller.global.imageRegistry
.spec.haproxy-ingress.controller.image.repository
.spec.keycloak.image.repository
.spec.keycloak.postgresql.image.registry
.spec.keycloak.postgresql.image.repository
.spec.postgresql.image.repository
.spec.postgresql.global.imageRegistry
.spec.rabbitmq.image.repository
.spec.rabbitmq.global.imageRegistry
.spec.rabbitmq.volumePermissions.image.repository
.spec.nginx-ingress-controller.global.imagePullSecrets
.spec.keycloak.imagePullSecrets.name
.spec.keycloak.postgresql.imagePullSecrets.name
.spec.postgresql.global.imagePullSecrets
.spec.rabbitmq.global.imagePullSecrets