Air-gapped environments
Installing or upgrading kdb Insights Enterprise in an air-gapped environment requires some changes relative to performing these operations in an internet-enabled environment.
At a high-level the steps are:
- Install prerequisites in the air-gapped environment.
- Host the required charts and images in accessible registries.
- Update the install configuration to point at the accessible registries.
Prerequisites
These are the same as they are for a standard installation but the tools need to be available in the air-gapped environment.
Read the CLI docs for information on how to install the CLI in an air-gapped environment.
Read the licensing docs for information on how to enrol an air-gapped environment.
Hosting charts and images
The charts and images are usually downloaded from the internet at deployment time, in an air-gapped environment this isn't possible so they must be downloaded ahead of time and hosted in registries that are accessible from the air-gapped environment.
Charts
Host the Insights and kxi-operator charts in a local repository.
- Download the Insights and kxi-operator Helm charts on an internet-enabled machine.
helm repo add --username <USERNAME> kx-insights https://nexus.dl.kx.com/repository/kx-insights-charts/ <enter password> helm fetch kx-insights/insights --version $INSIGHTS_VERSION helm fetch kx-insights/kxi-operator --version $OPERATOR_VERSION
- Copy the downloaded tgz files to your offline environment and run these commands to host create a repository index file:
mkdir repo cp insights-$INSIGHTS_VERSION.tgz kxi-operator-$OPERATOR_VERSION.tgz repo helm repo index repo
- Start a local HTTP server in the repo folder:
cd repo python3 -m http.server 8000
- Set a value for
LOCAL_CHART_REPO
and add the repo as a Helm repository:LOCAL_CHART_REPO=${LOCAL_CHART_REPO:-local-kx-insights} helm repo add $LOCAL_CHART_REPO http://localhost:8000 helm search repo $LOCAL_CHART_REPO/insights
Images
Retrieve a manifest of the images to download and host in an image repository that is accessible from the air-gapped environment.
This can be obtained from KX. An example manifest for kdb Insights Enterprise version 1.4.2:
Type | Repository | Name | Tag |
---|---|---|---|
docker | docker.io | alpine | 3.16 |
docker | docker.io/bitnami | postgresql | 14.5.0-debian-11-r21 |
docker | docker.io/bitnami | keycloak-config-cli | 5.3.1-debian-11-r21 |
docker | docker.io/bitnami | keycloak | 19.0.2-debian-11-r7 |
docker | registry.dl.kx.com | kxi-sm-eod | 1.4.1 |
docker | registry.dl.kx.com | kxi-acc-svc | 1.3.1 |
docker | registry.dl.kx.com | kxi-sg-gw | 1.4.0 |
docker | registry.dl.kx.com | kxi-sg-agg | 1.4.0 |
docker | registry.dl.kx.com | kxi-service-broker | 1.4.0 |
docker | registry.dl.kx.com | kxi-sm-eoi | 1.4.1 |
docker | registry.dl.kx.com | kxi-gui-data | 1.4.0 |
docker | registry.dl.kx.com | kxi-controller | 1.4.0 |
docker | registry.dl.kx.com | kx_helm_test | 0.2.0 |
docker | registry.dl.kx.com | kxi-gui-gateway | 1.4.0 |
docker | registry.dl.kx.com | kxi-sm-dbm | 1.4.1 |
docker | registry.dl.kx.com | kxi-api-gateway | 1.3.1 |
docker | registry.dl.kx.com | kxi-discovery-proxy | 1.4.0 |
docker | registry.dl.kx.com | kxi-rt | 1.4.0 |
docker | registry.dl.kx.com | kxi-da | 1.4.0 |
docker | registry.dl.kx.com | kxi-sp-worker | 1.4.0 |
docker | registry.dl.kx.com | kxi-sm | 1.4.1 |
docker | registry.dl.kx.com | kxi-gui-app | 1.4.1 |
docker | registry.dl.kx.com | kxi-sm-single | 1.4.1 |
docker | registry.dl.kx.com | kxi-sp-python | 1.4.0 |
docker | registry.dl.kx.com | kxi-client-controller | 1.3.1 |
docker | registry.dl.kx.com | kxi-sidecar | 1.4.0-rc.1 |
docker | registry.dl.kx.com | kxi-ml | 1.4.0 |
docker | registry.dl.kx.com | kxi-da-single | 1.4.0 |
docker | registry.dl.kx.com | kxi-package-manager | 1.4.0 |
docker | registry.dl.kx.com | kxi-sp-controller | 1.4.0 |
docker | registry.dl.kx.com | kxi-scratchpad | 1.4.1 |
docker | registry.dl.kx.com | kxi-information-service | 1.3.0 |
docker | registry.dl.kx.com | kxi-eureka-discovery | 1.4.0 |
docker | registry.dl.kx.com | kxi-sp-coordinator | 1.4.0 |
docker | registry.dl.kx.com | kxi-sg-rc | 1.4.0 |
docker | registry.dl.kx.com | keycloak-alpine | 0.0.2 |
docker | registry.dl.kx.com | kxi-operator | 1.4.0 |
Install
Make sure you've read the standard install documentation before proceeding.
- Ensure that all the charts and images are in accessible registries and that the prerequisites have been completed. You will use the CLI to proceed.
- Generate a values file by running
kxi install setup
-
Edit the values file to reference the accessible image repository by merging the below with the generated values file and replacing
IMAGE_REPOSITORY_URL
with the appropriate URL.global: image: repository: <IMAGE_REPOSITORY_URL> keycloak: initContainers: - name: init-kx-theme image: <IMAGE_REPOSITORY_URL>/alpine:3.16 command: [ 'sh', '-c' ] args: - mkdir -p /shared/kx /shared/kx2/login; cp -rL /kx-theme/kxlogin_theme.tar /shared/kx; cd /shared/kx; tar --strip-components=2 -xvf kxlogin_theme.tar; rm -rf kxlogin_theme.tar; cp /custom-theme/theme.properties /shared/kx2/login; cp /custom-theme/login-update-password.ftl /shared/kx2/login; volumeMounts: - mountPath: /shared name: shared-volume - mountPath: /kx-theme name: kx-theme-volume - mountPath: /custom-theme name: custom-theme-volume resources: requests: cpu: 100m memory: 128Mi limits: cpu: 100m memory: 128Mi securityContext: allowPrivilegeEscalation: false image: registry: <IMAGE_REPOSITORY_URL> repository: keycloak tag: 19.0.2-debian-11-r7 keycloakConfigCli: image: registry: <IMAGE_REPOSITORY_URL> repository: keycloak-config-cli tag: 5.3.1-debian-11-r21 postgresql: image: registry: <IMAGE_REPOSITORY_URL> repository: postgresql tag: 14.5.0-debian-11-r21 auth: existingSecret: kxi-postgresql auth: existingSecret: kxi-keycloak
Image tags
The image tags in the above values are for Insights 1.4.2, if you're installing a different version these need to be updated to the appropriate version from the images manifest.
-
Run the install command:
kxi install run --filepath values.yaml --chart-repo-name ${LOCAL_CHART_REPO:-local-kx-insights} --version $INSIGHTS_VERSION
Local chart repo
Make sure the LOCAL_CHART_REPO value matches what you set previously.
Upgrade
Make sure you've read the standard upgrade documentation before proceeding.
- Ensure that all the charts and images are in accessible registries and that the prerequisites have been completed. The versions you intend to upgrade to must be accessible. You will use the CLI to proceed.
- Retrieve the previously used install configuration with
kxi install get-values > $INSTALL_CONFIG_FILE
- Update the resulting file to customise the install configuration upon upgrade, including version-specific upgrade considerations. In particular, ensure that all images reference the accessible image repository and the tags are the correct version for the upgrade based on the image manifest.
-
Run the upgrade command:
kxi install upgrade –filepath $INSTALL_CONFIG_FILE --chart-repo-name ${LOCAL_CHART_REPO:-local-kx-insights} --version $INSIGHTS_VERSION
Local chart repo
Make sure the LOCAL_CHART_REPO value matches what you set previously.
Rollback
Make sure you've read the standard rollback documentation before proceeding.
-
Run
kxi install history
to review the release history and choose which revision you want to roll back to:$ kxi install history --show-operator REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION 1 Tue Feb 28 14:10:03 2023 deployed insights-1.3.0 1.3.0 Install complete 2 Tue Feb 28 14:16:41 2023 failed insights-1.4.0-rc.60 1.4.0-rc.60 Upgrade "insights" failed: post-upgrade hooks failed: timed out waiting for the condition 3 Tue Feb 28 14:25:55 2023 failed insights-1.4.0-rc.80 1.4.0-rc.80 Upgrade "insights" failed: post-upgrade hooks failed: timed out waiting for the condition 1 Tue Feb 28 14:09:52 2023 superseded kxi-operator-1.3.1 1.3.1 Install complete 2 Tue Feb 28 14:15:37 2023 superseded kxi-operator-1.4.0-rc.41 1.4.0-rc.41 Upgrade complete 3 Tue Feb 28 14:24:54 2023 superseded kxi-operator-1.4.0-rc.41 1.4.0-rc.41 Upgrade complete
Omit
--show-operator
if you only want to see kdb Insights Enterprise revisions. -
Run
kxi install rollback
with the chosen revisions:$ kxi install rollback --chart-repo-name ${LOCAL_CHART_REPO:-local-kx-insights} $INSIGHTS_REVISION --operator-revision $OPERATOR_REVISION Rolling Insights back to version 1.3.0 and revision 1. And operator back to version 1.3.1 and revision 1 [y/N]: y Backing up assemblies No assemblies to back up ...
Local chart repo
Make sure the LOCAL_CHART_REPO value matches what you set previously.
No explicit revision
If you do not provide an explicit revision,
kxi install rollback
will choose the most recent one.Rolling back kdb Insights Enterprise only
Omit
--operator-revision
if you only want to roll back kdb Insights Enterprise.