Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 5. Installing self-service automation portal in air-gapped OpenShift Container Platform environments

You can install self-service automation portal in a disconnected OpenShift Container Platform environment.

5.1. Prerequisites
Copy link

  • You have installed the OpenShift CLI (oc). See the Getting started with the OpenShift CLI chapter of the Understanding OpenShift Container Platform guide.
  • You have installed Helm 3.10 or newer. See the Installing Helm chapter of the OpenShift Container Platform Building applications guide.
  • You have installed and configured Podman for pulling and pushing container images.
  • You have internet access. This is required to pull images and charts from public repositories, including registry.redhat.io and https://charts.openshift.io/.
  • A Red Hat pull secret, for exmaple pull-secret.json or similar credentials file that allows you to pull images from registry.redhat.io.
  • Sufficient disk space to store downloaded images and chart packages.
  • Access to public registries: Docker Hub, quay.io, registry.redhat.io, and your disconnected OpenShift cluster’s internal registry.

5.2. Preparing for air-gapped installation
Copy link

Before you can install self-service automation portal in a disconnected OpenShift Container Platform environment, you must complete some processes on a connected bastion host.

5.2.1. Mirroring container images
Copy link

  1. Log in to registry.redhat.io: 

    $ podman login registry.redhat.io
    Copy to Clipboard Toggle word wrap

    Enter your Red Hat username and password when prompted.

    Alternatively, you can use: 

    $ podman login --authfile <path_to_pull_secret.json> registry.redhat.io
    Copy to Clipboard Toggle word wrap

  2. Log in to your disconnected registry: 

    $ podman login <disconnected_registry_url>
    Copy to Clipboard Toggle word wrap

  3. Pull the original image from registry.redhat.io: 

    $ podman pull registry.redhat.io/rhdh/rhdh-hub-rhel9:x.y.z
    Copy to Clipboard Toggle word wrap

  4. Tag the image for your disconnected registry: 

    $ podman tag registry.redhat.io/rhdh/rhdh-hub-rhel9:x.y.z <disconnected_registry_url>/<your_namespace>/rhdh-hub-rhel9:x.y.z
    Copy to Clipboard Toggle word wrap

    Example: 

    $ podman tag registry.redhat.io/rhdh/rhdh-hub-rhel9:1.1.0 my-disconnected-registry.com/myproject/rhdh-hub-rhel9:1.1.0
    Copy to Clipboard Toggle word wrap

  5. Push the tagged image to your disconnected registry: 

    $ podman push <disconnected_registry_url>/<your_namespace>/rhdh-hub-rhel9:x.y.z
    Copy to Clipboard Toggle word wrap

5.2.2. Downloading the helm chart package
Copy link

  1. Add the OpenShift Helm charts repository: 

    $ helm repo add openshift-helm-charts https://charts.openshift.io/
    Copy to Clipboard Toggle word wrap

  2. Update your Helm repositories to fetch the latest chart information: 

    $ helm repo update
    Copy to Clipboard Toggle word wrap

  3. Pull the chart: 

    $ helm pull openshift-helm-charts/redhat-rhaap-portal --version x.y.z
    Copy to Clipboard Toggle word wrap

    This command downloads the chart as a .tgz file, for example redhat-rhaap-portal-1.0.1.tgz.

  4. Unpack the chart: 

    $ tar -xvf redhat-rhaap-portal-x.y.z.tgz
    Copy to Clipboard Toggle word wrap

    This creates a directory with a name similar to redhat-rhaap-portal-1.0.1/.

  5. Navigate to the unpacked chart directory (for example, cd redhat-rhaap-portal-1.0.1) and open the values.yaml file in a text editor.

  6. Find all the image: entries in values.yaml and replace the original image references with the full path to the image in your disconnected registry.

    For example, replace image: registry.redhat.io/rhdh/rhdh-hub-rhel9:x.y.z with image: <disconnected_registry_url>/<your_namespace>/rhdh-hub-rhel9:x.y.z

  7. Repack the modified chart: 

    $ helm package redhat-rhaap-portal-x.y.z
    Copy to Clipboard Toggle word wrap

    This creates a new .tgz file with your changes (for example, redhat-rhaap-portal-1.0.1.tgz).

  • Copy the modified Helm chart .tgz file or files (for example, redhat-rhaap-portal-1.0.1.tgz) from your connected bastion host to a machine or jump box within your disconnected OpenShift network.

Prerequisites

Ensure you have the necessary kubeconfig and permissions, for example cluster-admin, for setting up image pull secrets or insecure registries.

Procedure

  1. In a terminal, log in to your disconnected OpenShift cluster using the oc CLI. 

    oc login --token=<your_token> --server=<your_openshift_api_url>
    Copy to Clipboard Toggle word wrap

    Use the following command if you have a kubeconfig: 

    export KUBECONFIG=/path/to/your/kubeconfig
oc login
    Copy to Clipboard Toggle word wrap

  2. Ensure that your OpenShift cluster is configured to trust your disconnected registry:

    1. Use ImageContentSourcePolicy for mirroring.
    2. Use additionalTrustedCA in image.config.openshift.io/cluster for self-signed certificates.
    3. Use insecure-registries for plain HTTP.

  1. On the machine within your disconnected environment, navigate to the directory where you placed the transferred Helm chart .tgz file. 

    cd /path/to/your/transferred/charts/
    Copy to Clipboard Toggle word wrap

    Example: 

    cd /opt/disconnected-assets/charts/
    Copy to Clipboard Toggle word wrap

  2. If the namespace doesn’t exist, create it: 

    oc new-project ${MY_NAMESPACE}
    Copy to Clipboard Toggle word wrap

  3. Define your namespace and cluster router base as environment variables for easier use: 

    export MY_NAMESPACE="<your_namespace_name>"
export MY_CLUSTER_ROUTER_BASE="<your_cluster_router_base>"
    Copy to Clipboard Toggle word wrap

    Example: 

    export MY_NAMESPACE="rhdh-dev"
export MY_CLUSTER_ROUTER_BASE="apps.yourcluster.example.com"
    Copy to Clipboard Toggle word wrap

5.3.3. Installing the Helm chart
Copy link

  • Install the chart using the helm install command, referencing the local .tgz file by its name and using --set flags to provide necessary overrides.

    Add more --set flags for any other values that were in your original values.yaml file. 

    $ helm install redhat-rhaap-portal \
  redhat-rhaap-portal-x.y.z.tgz \
  --namespace ${MY_NAMESPACE} \
  --set redhat-developer-hub.global.clusterRouterBase=${MY_CLUSTER_ROUTER_BASE} \
  --set redhat-developer-hub.image.name=<disconnected_registry_url>/<your_namespace>/rhdh-hub-rhel9:x.y.z \
    Copy to Clipboard Toggle word wrap
    • redhat-rhaap-portal: the release name for your Helm deployment.
    • redhat-rhaap-portal-x.y.z.tgz: the local path/filename to your modified Helm chart .tgz file.
    • --namespace ${MY_NAMESPACE}: the OpenShift project (namespace) where the chart will be installed, using your defined variable.
    • --set redhat-developer-hub.global.clusterRouterBase=${MY_CLUSTER_ROUTER_BASE}: the cluster router base, using your defined variable.

5.4. Verifying the disconnected installation
Copy link

  1. Check the Helm release status: 

    $ helm list -n ${MY_NAMESPACE}
    Copy to Clipboard Toggle word wrap

  2. Monitor the pods in your namespace to ensure they are running: 

    $ oc get pods -n ${MY_NAMESPACE}
    Copy to Clipboard Toggle word wrap

  3. Check for ImagePullBackOff or other errors in pod events: 

    $ oc describe pod <pod_name> -n ${MY_NAMESPACE}
    Copy to Clipboard Toggle word wrap

  4. If the chart uses routes to expose services, verify that the routes are created and accessible: 

    $ oc get route -n ${MY_NAMESPACE}
    Copy to Clipboard Toggle word wrap
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat