Deploying in an Air-Gapped Kubernetes Cluster using HELM
Prerequisites
On a system that has access to the internet and to an internal container registry:
- 
Install skopeo. Skopeo is a command-line utility (CLI) used to interact with local and remote container images and container image registries.
- 
Install jq. JQ is a lightweight and flexible command-line JSON processor. 
- 
If the internal registry is private, and requires authorization to add/list images, then, before executing the script, create an authorization file to allow skopeoaccess to the internal registry:skopeo login <url-for-internal-registry[:port number]> --authfile ./docker_auth -u <username>Example skopeo login <k8s.gcr.io[:22]> --authfile ./docker_auth -u penderynNote The name of the authfile must be docker_auth. If this is changed, then the name must be updated in the following script.
- 
Enter the password for the user when prompted. 
- 
Copy and paste the following into a script and execute the script: #!/bin/bash DOCKER_AUTH_JSON=./docker_auth SRC_REGISTRY="docker.io/thalesciphertrust" SRC_CTEK8S_NAME="${SRC_REGISTRY}/ciphertrust-transparent-encryption-kubernetes" DEST_REGISTRY=<path to your registry such as example.com[:port]/my-internal-registry> skopeo login ${DEST_REGISTRY} --authfile ${DOCKER_AUTH_JSON} -u <username> DEST_REGISTRY=`echo ${ DEST_REGISTRY} | sed -e "s/\/$//g"` for VER in `skopeo list-tags docker://${SRC_CTEK8S_NAME} | jq '.Tags' | grep -vE "[\\|]" | sed -e s/[\",]//g` do skopeo copy --all docker://${SRC_CTEK8S_NAME}:${VER} \ docker://${DEST_CTEK8S_NAME}:${VER} --authfile ${DOCKER_AUTH_JSON} done skopeo copy --all docker://k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.0.1 \ docker://${DEST_REGISTRY}/csi-node-driver-registrar:v2.0.1 --authfile ${DOCKER_AUTH_JSON} skopeo copy --all docker://k8s.gcr.io/sig-storage/csi-attacher:v3.3.0 \ docker://${DEST_REGISTRY}/csi-attacher:v3.3.0 --authfile ${DOCKER_AUTH_JSON} skopeo copy --all docker://k8s.gcr.io/sig-storage/csi-provisioner:v4.0.0 \ docker://${DEST_REGISTRY}/csi-provisioner:v4.0.0 --authfile ${DOCKER_AUTH_JSON} skopeo copy --all docker://k8s.gcr.io/pause:3.9 \ docker://${DEST_REGISTRY}/pause:3.9 --authfile ${DOCKER_AUTH_JSON}
Deploying in an Air-Gapped Kubernetes Cluster
- 
Download CTE for Kubernetes deployment files, type: git clone https://github.com/thalescpl-io/ciphertrust-transparent-encryption-kubernetes.git
- 
Change to the CTE for Kubernetes directory, type: cd ciphertrust-transparent-encryption-kubernetes
- 
Edit the script variables to reflect your setup, type: vi deploy/kubernetes/1.5.0/values.yamla. Replace docker.io/thalesciphertrust/ciphertrust-transparent-encryption-kuberneteswith appropriate values for your environment:<example.com/my-internal-registry>/ciphertrust-transparent-encryption-kubernetesb. Replace registry.k8s.io/pause:3.9with appropriate values for your environment:<example.com/my-internal-registry>/pause:3.9c. Replace registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 with appropriate values for your environment: <example.com/my-internal-registry>/csi-provisioner:v4.0.0d. Replace k8s.gcr.io/sig-storage/csi-attacher:v3.3.0 with appropriate values for your environment: <example.com/my-internal-registry>/csi-attacher:v3.3.0e. Replace k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.0.1 with appropriate values for your environment: <example.com/my-internal-registry>/csi-node-driver-registrar:v2.0.1
- 
Deploy the script, type: ./deploy.sh -t 1.5.0-latest --helm