Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 6. Installing Orchestrator plugin in an air-gapped environment with the Helm chart

You can configure Red Hat Developer Hub (RHDH) with the Orchestrator plugin in a fully disconnected or partially disconnected environment by using the Helm chart.

You can install Red Hat Developer Hub (RHDH) with the Orchestrator plugin in a fully air-gapped OpenShift Container Platform environment using the Helm chart.

You can mirror images to an intermediary disk, and then mirror from the disk to your target local registry and apply the generated cluster resources.

Prerequisites

  • You have set up your disconnected environment using a local registry.
  • You have permissions to push NPM packages to an NPM server available in your restricted network.
  • You have installed the oc-mirror tool, with a version corresponding to the version of your OpenShift Container Platform cluster.

Procedure

  1. Create an ImageSetConfiguration.yaml file for oc-mirror. You must use an ImageSetConfiguration file to include all mirrored images required by the Serverless Logic Operator, as shown in the following example: 

    apiVersion: mirror.openshift.io/v2alpha1
kind: ImageSetConfiguration
mirror:
  additionalimages:
  - name: registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel8:1.36.0
  - name: registry.redhat.io/openshift-serverless-1/logic-jobs-service-ephemeral-rhel8:1.36.0
  - name: registry.redhat.io/openshift-serverless-1/logic-data-index-postgresql-rhel8:1.36.0
  - name: registry.redhat.io/openshift-serverless-1/logic-data-index-ephemeral-rhel8:1.36.0
  - name: registry.redhat.io/openshift-serverless-1/logic-db-migrator-tool-rhel8:1.36.0
  - name: registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8:1.36.0
  - name: registry.redhat.io/openshift-serverless-1/logic-swf-devmode-rhel8:1.36.0

  helm:
    repositories:
      - name: openshift-charts
        url: https://charts.openshift.io
        charts:
          - name: redhat-developer-hub
            version: "1.8.6"
          - name: redhat-developer-hub-orchestrator-infra
            version: "1.8.6"
  operators:
    - catalog: registry.redhat.io/redhat/redhat-operator-index:4.19
      # For example: registry.redhat.io/redhat/redhat-operator-index:v4.19
      packages:
      - name: logic-operator-rhel8
        channels:
        - name: alpha
          minVersion: 1.36.0
          maxVersion: 1.36.0
      - name: serverless-operator
        channels:
        - name: stable
          minVersion: 1.36.0
          maxVersion: 1.36.1

    Alternatively, you can use podman commands to find the missing images and add them to the additionalimages list if the versions change: 

    IMG=registry.redhat.io/openshift-serverless-1/logic-operator-bundle:1.36
mkdir local-manifests-osl
podman create --name temp-container "$IMG" -c "cat /manifests/logic-operator-rhel8.clusterserviceversion.yaml"
podman cp temp-container:/manifests ./local-manifests-osl
podman rm temp-container
yq -r '.data."controllers_cfg.yaml" | from_yaml | .. | select(tag == "!!str") | select(test("^.\\/.:.*$"))' ./local-manifests-osl/manifests/logic-operator-rhel8-controllers-config_v1_configmap.yaml

  2. Mirror the images in the ImageSetConfiguration.yaml file by running the oc-mirror command. For example: 

    $ oc-mirror --config=ImageSetConfiguration.yaml file:///path/to/mirror-archive --authfile /path/to/authfile  --v2
    Note

    The oc-mirror command pulls the charts listed in the ImageSetConfiguration file and makes them available as tgz archives under the /path/to/mirror-archive directory.

  3. Apply the cluster-wide resources generated during the push step to redirect all image pulls to your local registry, as shown in the following example: 

    $ cd <workspace folder>/working-dir/cluster-resources/
$ oc apply -f .
  4. Transfer the generated mirror archive file, for example, /path/to/mirror-archive/mirror_000001.tar, to a bastion host within your disconnected environment.

  5. From the bastion host in your disconnected environment, which has access to the mirror registry, mirror the images from the archive file to your target registry. For example: 

    $ oc-mirror --v2 --from <mirror-archive-file> docker://<target-registry-url:port> --workspace file://<workspace folder> --authfile /path/to/authfile

    where:

    <mirror-archive-file>
    Enter the name of the transferred tar file.
    <target-registry-url:port>
    Enter your local registry, for example, registry.localhost:5000.

  6. Download the Node Package Manager (NPM) packages for orchestrator 1.8.12 using any of the following methods:

  7. Push the NPM packages you have downloaded to your NPM server, as shown in the following example: 

    $ npm publish backstage-plugin-orchestrator-1.8.12.tgz
$ npm publish backstage-plugin-orchestrator-backend-dynamic-1.8.12.tgz
$ npm publish backstage-plugin-orchestrator-form-widgets-1.8.12.tgz
$ npm publish backstage-plugin-scaffolder-backend-module-orchestrator-dynamic-1.8.12.tgz
  8. Apply the redhat-developer-hub-orchestrator-infra Helm chart and approve the install plans. See Air-gapped installation with Helm chart instructions for details.

  9. Apply the RHDH 1.8 Helm chart. Include the version 1.8.6 and enable the Orchestrator plugin, as shown in the following example: 

    orchestrator.enabled=true

  10. The RHDH 1.8 Helm chart defaults to pulling Orchestrator plugins from the official Red Hat NPM registry using full URL references. You must override this behavior to point to your local registry.

    To configure the Orchestrator plugins to use a custom registry, complete the following steps:

    • Open your values.yaml file.

    • List the Orchestrator plugin packages under the orchestrator.plugins section. You must replace the simplified package references with the full URLs that point to your custom NPM registry, as shown in the following example: 

      orchestrator:
  plugins:
    - disabled: false
      package: <custom_NPM_registry_URL>[:<port>]/@redhat/backstage-plugin-orchestrator-backend-dynamic/-/backstage-plugin-orchestrator-backend-dynamic-{product-bundle-version}.tgz
      integrity: sha512-xxxxxx
    - disabled: false
      package: <custom_NPM_registry_URL>[:<port>]/@redhat/backstage-plugin-orchestrator/-/backstage-plugin-orchestrator-{product-bundle-version}.tgz
      integrity: sha512-xxxxxy
    - disabled: false
      package: <custom_NPM_registry_URL>[:<port>]/@redhat/backstage-plugin-orchestrator-form-widgets/-/backstage-plugin-orchestrator-form-widgets-{product-bundle-version}.tgz
      integrity: sha512-xxxxxz
    - disabled: false
      package: <custom_NPM_registry_URL>[:<port>]/@redhat/backstage-plugin-scaffolder-backend-module-orchestrator-dynamic/-/backstage-plugin-scaffolder-backend-module-orchestrator-dynamic-{product-bundle-version}.tgz
      integrity: sha512-xxxx1

      where:

      <custom_NPM_registry_URL>
      Enter the address of your custom registry and make sure the integrity checksum, such as sha512-xxxxxx, matches the files in your registry.

Verification

  • Restart the RHDH Pod and wait for the components to deploy properly.
  • After deployment is complete, go to the RHDH UI and confirm that the Orchestrator UI is accessible and functioning correctly.
Note

The successful accessibility of the Orchestrator UI confirms that the underlying components are running and the cluster recognizes the plugin.

You can install Red Hat Developer Hub (RHDH) with the Orchestrator plugin in a partial OpenShift Container Platform environment using the Helm chart.

A disconnected installation prevents unauthorized access, data transfer, or communication with external sources.

You can use the oc-mirror command to mirror resources directly to your accessible local registry and apply the generated cluster resources.

Prerequisites

  • You have set up your disconnected environment using a local registry.
  • You have permissions to push NPM packages to an NPM server available in your restricted network.
  • You have installed the oc-mirror tool, with a version corresponding to the version of your OpenShift Container Platform cluster.

Procedure

  1. Create an ImageSetConfiguration file for oc-mirror. You must include the images and operators required by the Serverless Logic Operator in the ImageSetConfiguration file, as oc-mirror does not automatically mirror all images. Use the following example: 

    apiVersion: mirror.openshift.io/v2alpha1
kind: ImageSetConfiguration
mirror:
  additionalimages:
  - name: registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel8:1.36.0
  - name: registry.redhat.io/openshift-serverless-1/logic-jobs-service-ephemeral-rhel8:1.36.0
  - name: registry.redhat.io/openshift-serverless-1/logic-data-index-postgresql-rhel8:1.36.0
  - name: registry.redhat.io/openshift-serverless-1/logic-data-index-ephemeral-rhel8:1.36.0
  - name: registry.redhat.io/openshift-serverless-1/logic-db-migrator-tool-rhel8:1.36.0
  - name: registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8:1.36.0
  - name: registry.redhat.io/openshift-serverless-1/logic-swf-devmode-rhel8:1.36.0

  helm:
    repositories:
      - name: openshift-charts
        url: https://charts.openshift.io
        charts:
          - name: redhat-developer-hub
            version: "1.8.6"
          - name: redhat-developer-hub-orchestrator-infra
            version: "1.8.6"
  operators:
    - catalog: registry.redhat.io/redhat/redhat-operator-index:4.19
      # For example: registry.redhat.io/redhat/redhat-operator-index:v4.19
      packages:
      - name: logic-operator-rhel8
        channels:
        - name: alpha
          minVersion: 1.36.0
          maxVersion: 1.36.0
      - name: serverless-operator
        channels:
        - name: stable
          minVersion: 1.36.0
          maxVersion: 1.36.1

  2. Mirror the images in the ImageSetConfiguration.yaml file by running the oc-mirror command to pull images and charts, and push the images directly to the target registry. For example: 

    $ oc-mirror --config=imagesetconfiguration.yaml docker://<registry URL:port> --workspace file://<workspace folder> --authfile /path/to/authfile  --v2
    Note

    The oc-mirror command pulls the charts listed in the ImageSetConfiguration file and makes them available as tgz archives under the <workspace folder> directory.

  3. Apply the generated cluster resources to the disconnected cluster. For example: 

    $ cd <workspace folder>/working-dir/cluster-resources/
$ oc apply -f .

  4. Download the Node Package Manager (NPM) packages for orchestrator 1.8.12 using any of the following methods:

  5. Push the NPM packages you have downloaded to your NPM server, as shown in the following example: 

    $ npm publish backstage-plugin-orchestrator-1.8.12.tgz
$ npm publish backstage-plugin-orchestrator-backend-dynamic-1.8.12.tgz
$ npm publish backstage-plugin-orchestrator-form-widgets-1.8.12.tgz
$ npm publish backstage-plugin-scaffolder-backend-module-orchestrator-dynamic-1.8.12.tgz
  6. Apply the redhat-developer-hub-orchestrator-infra Helm chart and approve the install plans. See Air-gapped installation with Helm chart instructions for details.

  7. Apply the RHDH 1.8 Helm chart. Include the version 1.8.6 and enable the Orchestrator plugin, as shown in the following example: 

    orchestrator.enabled=true

  8. The RHDH 1.8 Helm chart defaults to pulling Orchestrator plugins from the official Red Hat NPM registry using full URL references. You must override this behavior to point to your local registry.

    To configure the Orchestrator plugins to use a custom registry, complete the following steps:

    • Open your values.yaml file.

    • Explicitly list the Orchestrator plugin packages under the orchestrator.plugins section.

      You must replace the simplified package references with the full URLs that point to your custom NPM registry, as shown in the following example: 

      orchestrator:
  plugins:
    - disabled: false
      package: <custom_NPM_registry_URL>[:<port>]/@redhat/backstage-plugin-orchestrator-backend-dynamic/-/backstage-plugin-orchestrator-backend-dynamic-{product-bundle-version}.tgz
      integrity: sha512-xxxxxx
    - disabled: false
      package: <custom_NPM_registry_URL>[:<port>]/@redhat/backstage-plugin-orchestrator/-/backstage-plugin-orchestrator-{product-bundle-version}.tgz
      integrity: sha512-xxxxxy
    - disabled: false
      package: <custom_NPM_registry_URL>[:<port>]/@redhat/backstage-plugin-orchestrator-form-widgets/-/backstage-plugin-orchestrator-form-widgets-{product-bundle-version}.tgz
      integrity: sha512-xxxxxz
    - disabled: false
      package: <custom_NPM_registry_URL>[:<port>]/@redhat/backstage-plugin-scaffolder-backend-module-orchestrator-dynamic/-/backstage-plugin-scaffolder-backend-module-orchestrator-dynamic-{product-bundle-version}.tgz
      integrity: sha512-xxxx1

      where:

      <custom_NPM_registry_URL>
      Enter the address of your custom registry and make sure the integrity checksum, such as sha512-xxxxxx, matches the files in your registry.

Verification

  • Restart the RHDH pod and wait for the components to deploy properly.
  • After deployment is complete, go to the RHDH UI and confirm that the Orchestrator UI is accessible and functioning correctly.
Note

The successful accessibility of the Orchestrator UI confirms that the underlying components are running and the cluster recognizes the plugin.

Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2026 Red HatBack to top