红帽全球峰会第 5 章 Enabling offline mode
You can use Red Hat Advanced Cluster Security for Kubernetes for clusters that are not connected to the internet by enabling the offline mode. In offline mode, Red Hat Advanced Cluster Security for Kubernetes components do not connect to addresses or hosts on the internet.
Red Hat Advanced Cluster Security for Kubernetes does not determine if the user-supplied hostnames, IP addresses, or other resources are on the internet. For example, if you try to integrate with a Docker registry hosted on the internet, Red Hat Advanced Cluster Security for Kubernetes will not block this request.
To deploy and operate Red Hat Advanced Cluster Security for Kubernetes in offline mode:
- Download RHACS images and install them in your clusters. If you are using OpenShift Container Platform, you can use Operator Lifecycle Manager (OLM) and OperatorHub to download images to a workstation that is connected to the internet. The workstation then pushes images to a mirror registry that is also connected to your secured cluster. For other platforms, you can use a program such as Skopeo or Docker to pull the images from the remote registry and push them to your own private registry, as described in Downloading images for offline use.
- Enable offline mode during installation.
- Update Scanner’s vulnerability list by uploading a new definitions file at least once per day.
You can only enable offline mode during the installation, and not during an upgrade.
5.1. Downloading images for offline use
5.1.1. Image versions
You can manually pull, retag, and push Red Hat Advanced Cluster Security for Kubernetes (RHACS) images to your registry. The current version includes the following images:
| Image | Description | Current version |
|---|---|---|
| Main |
Includes Central, Sensor, Admission controller, and Compliance components. Also includes |
|
| Central DB | PostgreSQL instance that provides the database storage for Central. |
|
| Scanner | Scans images and nodes. |
|
| Scanner DB | Stores image scan results and vulnerability definitions. |
|
| Scanner V4 | Scans images. |
|
| Scanner V4 DB | Stores image scan results and vulnerability definitions for Scanner V4. |
|
| Collector | Collects runtime activity in Kubernetes or OpenShift Container Platform clusters. |
|
5.1.1.1. Retagging images
You can download and retag images using the Docker command-line interface.
When you retag an image, you must maintain the name of the image and the tag. For example, use:
$ docker tag registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8:4.7.8 <your_registry>/rhacs-main-rhel8:4.7.8and do not retag like the following example:
$ docker tag registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8:4.7.8 <your_registry>/other-name:latestProcedure
Log in to the registry:
$ docker login registry.redhat.ioPull the image:
$ docker pull <image>Retag the image:
$ docker tag <image> <new_image>Push the updated image to your registry:
$ docker push <new_image>
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}