1.6. Install on disconnected networks
You might need to install Red Hat Advanced Cluster Management for Kubernetes on Red Hat OpenShift Clusters that are not connected to the Internet. The procedure to install on a disconnected hub requires some of the same steps as the connected installation. You must download copies of the packages in order to access them during the installation, rather than accessing them directly from the network during the installation.
Note: Most out-of-the-box policies are functional in a disconnected install, except the image vulnerability policy (ImageManifestVulnPolicy
).
1.6.1. Prerequisites for a disconnected installation 复制链接链接已复制到粘贴板!
You must meet the following requirements before you install Red Hat Advanced Cluster Management for Kubernetes:
- Red Hat OpenShift Container Platform version 4.3, or later, must be deployed in your environment, and you must be logged into it with the command line interface (CLI). Note: For managing bare metal clusters, you must have OpenShift Container Platform version 4.5, or later. See the OpenShift version 4.3 documentation, OpenShift version 4.4 documentation, or OpenShift version 4.5 documentation.
-
Your Red Hat OpenShift Container Platform CLI must be version 4.3, or later, and configured to run
oc
commands. - Your Red Hat OpenShift Container Platform permissions must allow you to create a namespace.
- You must have a workstation with Internet connection to download the dependencies for the operator.
Follow these steps to install Advanced Cluster Management for Kubernetes in a disconnected environment:
Create a mirror registry, if necessary.
If you do not already have a mirror registry, create one by completing the procedure in the Creating a mirror registry for installation in a restricted network topic of the Red Hat OpenShift Container Platform documentation.
If you already have a mirror registry, you can configure and use your existing one.
Bare metal only: Provide the certificate information for the disconnected registry in your
install-config.yaml
file. To access the image in a protected disconnected registry, you must provide the certificate information so Red Hat Advanced Cluster Management can access the registry.- Copy the certificate information from the registry.
-
Open the
install-config.yaml
file in an editor. -
Find the entry for
additionalTrustBundle: |
. Add the certificate information after the
additionalTrustBundle
line. The resulting content should look similar to the following example:additionalTrustBundle: | -----BEGIN CERTIFICATE----- certificate_content -----END CERTIFICATE----- sshKey: >-
additionalTrustBundle: | -----BEGIN CERTIFICATE----- certificate_content -----END CERTIFICATE----- sshKey: >-
Copy to Clipboard Copied! Toggle word wrap Toggle overflow -
Save the
install-config.yaml
file.
Enable the disconnected Operator Lifecycle Manager (OLM) Red Hat Operators and Community Operators.
Advanced Cluster Management for Kubernetes is included in the OLM Red Hat Operator catalog.
- Configure the disconnected OLM for the Red Hat Operator catalog. Follow the steps in the Using Operator Lifecycle Manager on restricted networks topic of the Red Hat OpenShift Container Platform documentation.
- Now that you have the image in the disconnected OLM, continue to install Advanced Cluster Management for Kubernetes from the OLM catalog. See the steps in Installing while connected online for the required steps.