You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
% Internal links rely on the following IDs being on this page (e.g. as a heading ID, paragraph ID, etc):
27
-
28
-
$$$air-gapped-install$$$
29
-
30
-
$$$k8s-container-registry-override$$$
31
-
32
-
$$$k8s-eck-diag-air-gapped$$$
33
-
34
-
% There are two concepts and areas to explore here:
35
-
% ECK installation on air-gapped. This has no complexity as it's all a matter of docker registry and docker images.
36
-
% Managing deployments on an ECK running on air-gapped is something not really covered in the official ECK book and partly covered in stack-docs
37
-
38
-
% In this doc we will focus on ECK operator installation in air gapped environments, and we will link to Manage Deployments -> Air gapped (doesn't exist yet) for the content and examples about the rest.
39
-
40
-
% from fleet air-gapped
41
-
% Kibana is able to reach the Elastic Package Registry to download package metadata and content.
42
-
% Elastic Agents are able to download binaries during upgrades from the Elastic Artifact Registry.
43
-
44
-
% what about Elasticsearch requirements for example for GeoIP database, etc?
45
-
46
-
Pending to determine what to do with this:
47
-
* Syncing container images for ECK and all other {{stack}} components over to a locally-accessible container repository.
48
-
* Modifying the ECK helm chart configuration so that ECK is aware that it is supposed to use your offline container repository instead of the public Elastic repository.
49
-
* Optionally, disabling ECK telemetry collection in the ECK helm chart. This configuration propagates to all other Elastic components, such as {{kib}}.
50
-
* Building your custom deployment container image for the {{artifact-registry}}.
51
-
* Building your custom deployment container image for the Elastic Endpoint Artifact Repository.
52
-
53
11
# Running in air-gapped environments [k8s-air-gapped]
54
12
55
-
The ECK operator can be run in an air-gapped environment without access to the open internet when it is configured not to pull container images from `docker.elastic.co`.
13
+
The ECK operator can be run in an air-gapped environment without access to the open internet when configured to avoid pulling container images from `docker.elastic.co`.
56
14
57
15
By default ECK does not require you to specify the container image for each Elastic Stack application you deploy.
@@ -113,49 +71,4 @@ For example, if your private registry is `my.registry` and all Elastic images ar
113
71
114
72
The [eck-diagnostics tool](../../../troubleshoot/deployments/cloud-on-k8s/run-eck-diagnostics.md) optionally runs diagnostics for Elastic Stack applications in a separate container that is deployed into the Kubernetes cluster.
115
73
116
-
In air-gapped environments with no access to the `docker.elastic.co` registry, you should copy the latest support-diagnostics container image to your internal image registry and then run the tool with the additional flag `--diagnostic-image <custom-support-diagnostics-image-name>`. To find out which support diagnostics container image matches your version of eck-diagnostics run the tool once without arguments and it will print the default image in use.
Setting up air-gapped Kubernetes or OpenShift installs of the {{stack}} has some unique concerns, but the general dependencies are the same as in the self-managed install case on a regular Linux machine.
The Elastic Kubernetes operator is an additional component in the Kubernetes OpenShift install that, essentially, does a lot of the work in installing, configuring, and updating deployments of the {{stack}}. For details, refer to the [{{eck}} install instructions](../../../deploy-manage/deploy/cloud-on-k8s/air-gapped-install.md).
129
-
130
-
The main requirements are:
131
-
132
-
* Syncing container images for ECK and all other {{stack}} components over to a locally-accessible container repository.
133
-
* Modifying the ECK helm chart configuration so that ECK is aware that it is supposed to use your offline container repository instead of the public Elastic repository.
134
-
* Optionally, disabling ECK telemetry collection in the ECK helm chart. This configuration propagates to all other Elastic components, such as {{kib}}.
135
-
* Building your custom deployment container image for the {{artifact-registry}}.
136
-
* Building your custom deployment container image for the Elastic Endpoint Artifact Repository.
The container image can be downloaded from the official Elastic Docker repository, as described in the {{fleet}} and {{elastic-agent}} [air-gapped environments](asciidocalypse://docs/docs-content/docs/reference/ingestion-tools/fleet/air-gapped.md) documentation.
142
-
143
-
This container would, ideally, run as a Kubernetes deployment. Refer to [Appendix C - EPR Kubernetes Deployment](../../../deploy-manage/deploy/self-managed/air-gapped-install.md#air-gapped-epr-kubernetes-example) for examples.
A custom container would need to be created following similar instructions to setting up a web server in the [self-managed install case](../../../deploy-manage/deploy/self-managed/air-gapped-install.md#air-gapped-elastic-artifact-registry). For example, a container file using an NGINX base image could be used to run a build similar to the example described in [Appendix B - {{artifact-registry}}](../../../deploy-manage/deploy/self-managed/air-gapped-install.md#air-gapped-elastic-artifact-registry-example).
Just like the {{artifact-registry}}. A custom container needs to be created following similar instructions to setting up a web server for the [self-managed install case](../../../deploy-manage/deploy/self-managed/air-gapped-install.md#air-gapped-elastic-artifact-registry).
154
-
155
-
156
-
#### 2.5. Ironbank Secure Images for Elastic [air-gapped-k8s-os-ironbank-secure-images]
157
-
158
-
Besides the public [Elastic container repository](https://www.docker.elastic.co), most {{stack}} container images are also available in Platform One’s [Iron Bank](https://ironbank.dso.mil/repomap?vendorFilters=Elastic&page=1&sort=1).
159
-
160
-
161
-
74
+
In air-gapped environments with no access to the `docker.elastic.co` registry, you should copy the latest support-diagnostics container image to your internal image registry and then run the tool with the additional flag `--diagnostic-image <custom-support-diagnostics-image-name>`. To find out which support diagnostics container image matches your version of eck-diagnostics, run the tool once without arguments and it will print the default image in use.
0 commit comments