/
Deployment on air gapped Kubernetes platforms

Deployment on air gapped Kubernetes platforms

Owned by Christoph Bergner
Last updated: May 30, 2025 by Rene Beckert

In some situations, the Smartfacts server has no access to the internet. In this case, it is not possible to download the needed software and images. This article describes which options we have to install Smartfacts in such scenarios.

Content

Preparations

If not done so far please prepare your infrastructure as described in Installing Smartfacts for Proof of Concepts | Prepare your infrastructure.

Optional: set up the Kubernetes environment

If you do have a Kubernetes environment at hand, you can install in your on cluster. Otherwise you can install a single node Kubernets on a VM by following these instructions:

Download the software

  • Download the latest stable “k3s” and “k3s-airgap-images-amd64.tar.gz” blobs from the “Assets” section of Releases · k3s-io/k3s

    image-20241017-085342.png

  • Download the Helm binaries for Linux amd64 from Releases · helm/helm

  • Copy the contents of the K3s install script at https://get.k3s.io into a new text file called “install.sh”:

    wget https://get.k3s.io./ -O install.sh

  • Download the file https://cp.mid.de/releases/smartfacts-air-gapped/install_airgapped_software.sh

    wget https://cp.mid.de/releases/smartfacts-air-gapped/install_airgapped_software.sh

Copy the files to the Smartfacts server

  • Create a new directory “download” with a subdirectory “software” in your home directory:

    mkdir -p download/software

  • Copy all downloaded files to ~/download/software
    After copying all files, the file structure should look like this:

    download └── software ├── helm-v3.17.3-linux-amd64.tar.gz ├── install_airgapped_software.sh ├── install.sh ├── k3s └── k3s-airgap-images-amd64.tar.gz

Execute the installation script

In the directory ~/download/software make the install script executeable:

chmod u+x install_airgapped_software.sh

and execute it:

./install_airgapped_software.sh

Download the Smartfacts Helm chart

  • Log into the Smartfacts Chart Registry using the credentials provided and download the latest chart version that does not contain the postfix “-dev”.

  • Copy the downloaded helm chart to your home directory on the Smartfacts server

  • Extract the helm chart using the command

    tar -xf smartfacts-*.tgz

Create the deployment configuration

Provide Certificates and Key as Base64 String

The Prerequisite is: The complete certificate chain is available in a file as base64-encoded x509 certificates. The certificates are contained in the file in the correct order (server certificate at the top, root certificate at the bottom). See Section “Certificates” above in this article.

Save the certificate chain as a base64-encoded string:

cat <your certificate chain.crt> | base64 -w0 > chain.crt.base64

Save certificate key as a base64-encoded string:

cat <your certificate key.key> | base64 -w0 > key.base64

Customize Values File

  • Change to the home directory of your user on the server and create a new text file values.yaml with the following content:

    global: registry: "<your private registry>" domain: "<your-domain>" instance: "smartfacts-poc" cert: crtFullChain: "<FULL-CHAIN-CERT-BASE64>" key: "<CERT-KEY-BASE64>" ingress: enabled: true # Smartfacts supports Traefik and nginx as Ingress Controller. # The default is Traefik. # If you use nginx as ingress controller please comment in this line: #ingressClassType: "nginx" genoslc: enabled: true env: trsEnabled: false # Set to true if you use Smartfacts as data source for a link index configuration: # Give a list of up to 5 usernames of users which will have the administration right to change settings in Smartfacts. # At leas one administrator user must be stated here. administrators: - acm # replace this value with the username of the person who should configure the oauth10a information for the OSLC Connector for Smartfacts # key used to encrypt the oauth10a configuration data oauth10aEncryptionKey: "" # define the key which is used to encrypt the oauth10a information in the database spa: cspConf: externalUrls: "" # space separated list of your tool urls (IBM Jazz, Jama, Codebeamer) plugin: importPlugins: true # "true" for first installation, "false" for minor updates will speed up the update process a lot mailservice: enabled: false camp: enabled: false kafka: enabled: false

  • Replace the value of the property registry with the name of your private registry

  • Replace the value of the property domain with your domain name

  • Replace the placeholder of the property crtFullChain with the content of the file chain.crt.base64

  • Replace the placeholder of the property key with the content of the key.base64 file

  • Save the file values.yaml

Provide the container images

The Kubernetes environment at the Smartfacts server must have access to the Smartfacts container images.

The recommended way to gain access to the container images is to add the Smartfacts registry https://repo.mid.de to an existing container registry in your organisation that has access to the internet. This registry serves as a proxy registry so that the Smartfacts server can load the images through this proxy registry.

Provide container images with a proxy container registry

If it is not possible to add repo.mid.de to the proxy registry, you can push the images from repo.mid.de and pull them into your private registry.

If you don’t have a private Docker registry either, you can set up a local registry on the k3s server, according to the description of the help page How to set up a local Docker Registry.

Get a list of all necessary images

  1. change into the directory of the helm chart

  2. for this procedure, you need to temporarily change the registry in your customized values.yaml to the official MID registry:

    global: registry: "repo.mid.de"

  3. Run the following command:

    helm template smartfacts mid-smartfacts/smartfacts -f values.yaml | grep "image:" | sed 's/^[[:space:]]*image:[[:space:]]*"\?\([^"]*[^[:space:]]\)"\?/\"\1/'

    The output is a list of images with tags.

  4. Make sure to change the registry back to your private registry before performing the deployment.

Push the images to your local registry

You can automate the pull and push of the images using this script:

#!/bin/bash # target_registry: Your private registry. Make sure that you are already logged in into your registry. target_registry="<your private registry to push to>" # List of source images images=( <insert the list of images here, one entry per line, including the quotes> ) # Loop through each image for image in "${images[@]}"; do # Pull the image sudo docker pull "$image" # Extract the repository name and tag repo_tag="${image##*/}" echo "repo_tag: $repo_tag" # Construct the target image name target_image="$target_registry/$repo_tag" echo "target_image: target_image" # Tag the image with the target registry sudo docker tag "$image" "$target_image" # Push the image to the target registry sudo docker push "$target_image" done

  1. Save the script as copy_images.sh.

  2. Make sure that you are already logged in to your private registry prior to invoking this script

  3. Run the script on a machine that has

    • Docker installed

    • connectivity to the Internet

    • connectivity to your private registry

      bash copy_images.sh

“bash” is necessary because “sh” does not work with BaSH arrays.

Add login data to your private registry

  1. Create the namespace Smartfacts, if not already present in your cluster:

    sudo kubectl create namespace smartfacts

  2. Create the registry secret in the smartfacts namespace.

    sudo kubectl create secret docker-registry regcred --docker-server=<private registry name> --docker-username=<username> --docker-password=<password> -n smartfacts

    • replace the placeholders with the values for your private image registry

Install Smartfacts

Execute the installation

In the user's home directory, enter the following command to execute the Installation:

sudo helm upgrade --install --timeout 15m0s smartfacts ./smartfacts -f values.yaml -n smartfacts --create-namespace

Watch deployment events (in a new session)

Open a second session on the server and enter the following command:

sudo watch kubectl get deployments -n smartfacts

Enter the following command to show the URLs (please make sure to prefix it with “https://” in your browser):

sudo kubectl get ingress -n smartfacts

Prepare the Smartfacts Model Warehouse

A note on Smartfacts PoC Test Users

For the Smartfacts PoC you can use the generated test users “poc1”…”poc50”. All poc-users have the same password “poc”. For managing the test users in the CAMP use the account administrator user “acm” which has the password “acm”.

Create a Smartfacts Model Warehouse

  1. Open the Smartfacts URL in your browser: https://smartfacts.<yoursmartfactsdomain> and log-in with the account manager credentials (user “acm”, password “acm”).

  2. You will now be asked to create a Model Warehouse.

    1. Click on CREATE A NEW MODEL WAREHOUSE.

    2. In the create dialog, first select the previously created account.

    3. Provide a name for the Model Warehouse.

    4. Optionally, activate the check box Create Demo Models if you want some demo content to be added to the Model Warehouse.

Model Warehouse creation is the final step in the Smartfacts platform set-up process.

Install the Plug-Ins

It depends on which tools you want to use in connection with Smartfacts. Smartfacts provides a plug-in for every tool which is supported. You can download the plug-ins from the main menu via the command Get Plug-ins.

Troubleshooting

Display events

If the deployments don`t get healthy, you can display the event messages of the installation:

sudo kubectl get events -n smartfacts

These events show some common error conditions (e.g. Images are not found; insufficient ressources)

How to Move k3s data to another partition or disk