Skip to content

Air-gapped environments

Installing or upgrading kdb Insights Enterprise in an air-gapped environment requires some changes relative to performing these operations in an internet-enabled environment.

At a high-level the steps are:

  1. Install prerequisites in the air-gapped environment.
  2. Host the required charts and images in accessible registries.
  3. Update the install configuration to point at the accessible registries.

Prerequisites

These are the same as they are for a standard installation but the tools need to be available in the air-gapped environment.

Read the CLI docs for information on how to install the CLI in an air-gapped environment.

Read the licensing docs for information on how to enrol an air-gapped environment.

Hosting charts and images

The charts and images are usually downloaded from the internet at deployment time, in an air-gapped environment this isn't possible so they must be downloaded ahead of time and hosted in registries that are accessible from the air-gapped environment.

Charts

Host the Insights and kxi-operator charts in a local repository.

  1. Download the Insights and kxi-operator Helm charts on an internet-enabled machine.
    helm repo add --username <USERNAME> kx-insights https://nexus.dl.kx.com/repository/kx-insights-charts/
    <enter password>
    helm fetch kx-insights/insights --version $INSIGHTS_VERSION
    helm fetch kx-insights/kxi-operator --version $OPERATOR_VERSION
    
  2. Copy the downloaded tgz files to your offline environment and run these commands to host create a repository index file:
    mkdir repo
    cp insights-$INSIGHTS_VERSION.tgz kxi-operator-$OPERATOR_VERSION.tgz repo
    helm repo index repo
    
  3. Start a local HTTP server in the repo folder:
    cd repo
    python3 -m http.server 8000
    
  4. Set a value for LOCAL_CHART_REPO and add the repo as a Helm repository:
    LOCAL_CHART_REPO=${LOCAL_CHART_REPO:-local-kx-insights}
    helm repo add $LOCAL_CHART_REPO http://localhost:8000
    helm search repo $LOCAL_CHART_REPO/insights
    

Images

Retrieve a manifest of the images to download and host in an image repository that is accessible from the air-gapped environment.

This can be obtained from KX. An example manifest for kdb Insights Enterprise version 1.4.2:

Type Repository Name Tag
docker docker.io alpine 3.16
docker docker.io/bitnami postgresql 14.5.0-debian-11-r21
docker docker.io/bitnami keycloak-config-cli 5.3.1-debian-11-r21
docker docker.io/bitnami keycloak 19.0.2-debian-11-r7
docker registry.dl.kx.com kxi-sm-eod 1.4.1
docker registry.dl.kx.com kxi-acc-svc 1.3.1
docker registry.dl.kx.com kxi-sg-gw 1.4.0
docker registry.dl.kx.com kxi-sg-agg 1.4.0
docker registry.dl.kx.com kxi-service-broker 1.4.0
docker registry.dl.kx.com kxi-sm-eoi 1.4.1
docker registry.dl.kx.com kxi-gui-data 1.4.0
docker registry.dl.kx.com kxi-controller 1.4.0
docker registry.dl.kx.com kx_helm_test 0.2.0
docker registry.dl.kx.com kxi-gui-gateway 1.4.0
docker registry.dl.kx.com kxi-sm-dbm 1.4.1
docker registry.dl.kx.com kxi-api-gateway 1.3.1
docker registry.dl.kx.com kxi-discovery-proxy 1.4.0
docker registry.dl.kx.com kxi-rt 1.4.0
docker registry.dl.kx.com kxi-da 1.4.0
docker registry.dl.kx.com kxi-sp-worker 1.4.0
docker registry.dl.kx.com kxi-sm 1.4.1
docker registry.dl.kx.com kxi-gui-app 1.4.1
docker registry.dl.kx.com kxi-sm-single 1.4.1
docker registry.dl.kx.com kxi-sp-python 1.4.0
docker registry.dl.kx.com kxi-client-controller 1.3.1
docker registry.dl.kx.com kxi-sidecar 1.4.0-rc.1
docker registry.dl.kx.com kxi-ml 1.4.0
docker registry.dl.kx.com kxi-da-single 1.4.0
docker registry.dl.kx.com kxi-package-manager 1.4.0
docker registry.dl.kx.com kxi-sp-controller 1.4.0
docker registry.dl.kx.com kxi-scratchpad 1.4.1
docker registry.dl.kx.com kxi-information-service 1.3.0
docker registry.dl.kx.com kxi-eureka-discovery 1.4.0
docker registry.dl.kx.com kxi-sp-coordinator 1.4.0
docker registry.dl.kx.com kxi-sg-rc 1.4.0
docker registry.dl.kx.com keycloak-alpine 0.0.2
docker registry.dl.kx.com kxi-operator 1.4.0

Install

Make sure you've read the standard install documentation before proceeding.

  1. Ensure that all the charts and images are in accessible registries and that the prerequisites have been completed. You will use the CLI to proceed.
  2. Generate a values file by running
    kxi install setup
    
  3. Edit the values file to reference the accessible image repository by merging the below with the generated values file and replacing IMAGE_REPOSITORY_URL with the appropriate URL.

    global:
      image:
        repository: <IMAGE_REPOSITORY_URL>
    keycloak:
      initContainers:
        - name: init-kx-theme
          image: <IMAGE_REPOSITORY_URL>/alpine:3.16
          command: [ 'sh', '-c' ]
          args:
            - mkdir -p /shared/kx /shared/kx2/login;
              cp -rL /kx-theme/kxlogin_theme.tar /shared/kx;
              cd /shared/kx;
              tar --strip-components=2 -xvf kxlogin_theme.tar;
              rm -rf kxlogin_theme.tar;
              cp /custom-theme/theme.properties /shared/kx2/login;
              cp /custom-theme/login-update-password.ftl /shared/kx2/login;
          volumeMounts:
          - mountPath: /shared
            name: shared-volume
          - mountPath: /kx-theme
            name: kx-theme-volume
          - mountPath: /custom-theme
            name: custom-theme-volume
          resources:
            requests:
              cpu: 100m
              memory: 128Mi
            limits:
              cpu: 100m
              memory: 128Mi
          securityContext:
            allowPrivilegeEscalation: false
      image:
        registry: <IMAGE_REPOSITORY_URL>
        repository: keycloak
        tag: 19.0.2-debian-11-r7
      keycloakConfigCli:
        image:
          registry: <IMAGE_REPOSITORY_URL>
          repository: keycloak-config-cli
          tag: 5.3.1-debian-11-r21
      postgresql:
        image:
          registry: <IMAGE_REPOSITORY_URL>
          repository: postgresql
          tag: 14.5.0-debian-11-r21
        auth:
          existingSecret: kxi-postgresql
      auth:
        existingSecret: kxi-keycloak
    

    Image tags

    The image tags in the above values are for Insights 1.4.2, if you're installing a different version these need to be updated to the appropriate version from the images manifest.

  4. Run the install command:

    kxi install run --filepath values.yaml --chart-repo-name ${LOCAL_CHART_REPO:-local-kx-insights} --version $INSIGHTS_VERSION
    

    Local chart repo

    Make sure the LOCAL_CHART_REPO value matches what you set previously.

Upgrade

Make sure you've read the standard upgrade documentation before proceeding.

  1. Ensure that all the charts and images are in accessible registries and that the prerequisites have been completed. The versions you intend to upgrade to must be accessible. You will use the CLI to proceed.
  2. Retrieve the previously used install configuration with
    kxi install get-values > $INSTALL_CONFIG_FILE
    
  3. Update the resulting file to customise the install configuration upon upgrade, including version-specific upgrade considerations. In particular, ensure that all images reference the accessible image repository and the tags are the correct version for the upgrade based on the image manifest.
  4. Run the upgrade command:

    kxi install upgrade –filepath $INSTALL_CONFIG_FILE --chart-repo-name ${LOCAL_CHART_REPO:-local-kx-insights} --version $INSIGHTS_VERSION
    

    Local chart repo

    Make sure the LOCAL_CHART_REPO value matches what you set previously.

Rollback

Make sure you've read the standard rollback documentation before proceeding.

  1. Run kxi install history to review the release history and choose which revision you want to roll back to:

    $ kxi install history --show-operator
    REVISION    UPDATED                     STATUS              CHART                   APP VERSION DESCRIPTION
    1           Tue Feb 28 14:10:03 2023    deployed            insights-1.3.0          1.3.0       Install complete
    2           Tue Feb 28 14:16:41 2023    failed              insights-1.4.0-rc.60    1.4.0-rc.60 Upgrade "insights" failed: post-upgrade hooks failed: timed out waiting for the condition
    3           Tue Feb 28 14:25:55 2023    failed              insights-1.4.0-rc.80    1.4.0-rc.80 Upgrade "insights" failed: post-upgrade hooks failed: timed out waiting for the condition
    
    1           Tue Feb 28 14:09:52 2023    superseded  kxi-operator-1.3.1          1.3.1       Install complete
    2           Tue Feb 28 14:15:37 2023    superseded  kxi-operator-1.4.0-rc.41    1.4.0-rc.41 Upgrade complete
    3           Tue Feb 28 14:24:54 2023    superseded  kxi-operator-1.4.0-rc.41    1.4.0-rc.41 Upgrade complete
    

    Omit --show-operator if you only want to see kdb Insights Enterprise revisions.

  2. Run kxi install rollback with the chosen revisions:

    $ kxi install rollback --chart-repo-name ${LOCAL_CHART_REPO:-local-kx-insights} $INSIGHTS_REVISION --operator-revision $OPERATOR_REVISION
    Rolling Insights back to version 1.3.0 and revision 1.
    And operator back to version 1.3.1 and revision 1 [y/N]: y
    
    Backing up assemblies
    No assemblies to back up
    ...
    

    Local chart repo

    Make sure the LOCAL_CHART_REPO value matches what you set previously.

    No explicit revision

    If you do not provide an explicit revision, kxi install rollback will choose the most recent one.

    Rolling back kdb Insights Enterprise only

    Omit --operator-revision if you only want to roll back kdb Insights Enterprise.