Skip to content

You are viewing documentation for Immuta version 2023.1.

For the latest version, view our documentation for Immuta SaaS or the latest self-hosted version.

Installation in an Air-Gapped Environment

Audience: System Administrators

Content Summary: This page outlines how to install Immuta in an air-gapped environment.

Introduction

Process for Saving and Loading Docker Images

The process outlined for saving and loading the Docker images will be different for everyone. With the exception of the list of Docker images that all users need to copy to their container registry, all code blocks provided are merely examples.

This high-level overview makes these assumptions:

  • a container registry is accessible from inside the air-gapped environment
  • Docker and Helm are already installed

Copy Docker Images to Container Registry

All users should copy these Docker images to their container registry.

registry.immuta.com/immuta/immuta-service:2023.1.2
registry.immuta.com/immuta/immuta-db:2023.1.2
registry.immuta.com/immuta/immuta-fingerprint:2023.1.2
registry.immuta.com/immuta/immuta-deploy-tools:$IMMUTA_DEPLOY_TOOLS_VERSION
registry.immuta.com/memcached:$MEMCACHED_TAG
registry.immuta.com/ingress-nginx-controller:$INGRESS_NGINX_TAG

See the Helm Chart Options page for the values: IMMUTA_DEPLOY_TOOLS_VERSION, MEMCACHED_TAG, and INGRESS_NGINX_TAG.

Sample Processes

Networked Machine (Outside Air Gap)

Docker Registry Authentication

Reach out to your Immuta support professional for your Immuta Docker Registry credentials.

  1. Authenticate with Immuta's Docker registry.

    docker login https://registry.immuta.com -u <username> -p <password>
    
  2. Pull the images.

    docker pull registry.immuta.com/immuta/immuta-service:2023.1.2
    docker pull registry.immuta.com/immuta/immuta-db:2023.1.2
    docker pull registry.immuta.com/immuta/immuta-fingerprint:2023.1.2
    docker pull registry.immuta.com/immuta/immuta-deploy-tools:$IMMUTA_DEPLOY_TOOLS_VERSION
    docker pull registry.immuta.com/memcached:$MEMCACHED_TAG
    docker pull registry.immuta.com/ingress-nginx-controller:$INGRESS_NGINX_TAG
    
  3. Save the images.

    docker save registry.immuta.com/immuta/immuta-service:2023.1.2 /
        | gzip > immuta-service-2023.1.2
    docker save registry.immuta.com/immuta/immuta-db:2023.1.2 /
        | gzip > immuta-db-2023.1.2
    docker save registry.immuta.com/immuta/immuta-fingerprint:2023.1.2 /
        | gzip > immuta-fingerprint-2023.1.2
    docker save registry.immuta.com/immuta/immuta-deploy-tools:$IMMUTA_DEPLOY_TOOLS_VERSION | /
        gzip > immuta-deploy-tools-$IMMUTA_DEPLOY_TOOLS_VERSION.tar.gz
    docker save registry.immuta.com/memcached:$MEMCACHED_TAG | gzip > memcached-$MEMCACHED_TAG.tar.gz
    docker save registry.immuta.com/ingress-nginx-controller:$INGRESS_NGINX_TAG | /
        gzip > ingress-nginx-controller-$INGRESS_NGINX_TAG.tar.gz
    

    The .tar.gz files will now be in your working directory.

  4. Add Immuta's Chart repository to Helm.

    helm repo add --username <username> --password-stdin immuta https://archives.immuta.com/charts
    
  5. Download the Helm Chart.

    helm pull immuta/immuta
    

    The .tgz files will now be in your working directory.

  6. Move the Helm Chart and Docker images onto a machine connected to the air-gapped network.

Offline Machine (Inside Air Gap)

  1. Copy these Docker images to your container registry. Note: You may need to reload the environment variables.

    registry.immuta.com/immuta/immuta-service:2023.1.2
    registry.immuta.com/immuta/immuta-db:2023.1.2
    registry.immuta.com/immuta/immuta-fingerprint:2023.1.2
    registry.immuta.com/immuta/immuta-deploy-tools:$IMMUTA_DEPLOY_TOOLS_VERSION
    registry.immuta.com/memcached:$MEMCACHED_TAG
    registry.immuta.com/ingress-nginx-controller:$INGRESS_NGINX_TAG
    
  2. Validate that the images are present.

    docker image ls
    
  3. Tag the images.

    docker image tag $IMMUTA_REGISTRY/immuta/immuta-service:2023.1.2 /
        $CUSTOMER_REGISTRY/immuta/immuta-service:2023.1.2
    docker image tag $IMMUTA_REGISTRY/immuta/immuta-db:2023.1.2 /
        $CUSTOMER_REGISTRY/immuta/immuta-db:2023.1.2
    docker image tag $IMMUTA_REGISTRY/immuta/immuta-fingerprint:2023.1.2 /
        $CUSTOMER_REGISTRY/immuta/immuta-fingerprint:2023.1.2
    docker image tag $IMMUTA_REGISTRY/immuta/immuta-deploy-tools:$IMMUTA_DEPLOY_TOOLS_VERSION $CUSTOMER_REGISTRY/immuta/immuta-deploy-tools:$IMMUTA_DEPLOY_TOOLS_VERSION
    docker image tag $IMMUTA_REGISTRY/memcached:$MEMCACHED_TAG $CUSTOMER_REGISTRY/immuta/memcached:$MEMCACHED_TAG
    docker image tag $IMMUTA_REGISTRY/ingress-nginx-controller:$INGRESS_NGINX_TAG $CUSTOMER_REGISTRY/immuta/ingress-nginx-controller:$INGRESS_NGINX_TAG
    
  4. Push the images to your registry.

    docker image push $CUSTOMER_REGISTRY/immuta/immuta-service:2023.1.2
    docker image push $CUSTOMER_REGISTRY/immuta/immuta-db:2023.1.2
    docker image push $CUSTOMER_REGISTRY/immuta/immuta-fingerprint:2023.1.2
    docker image push $CUSTOMER_REGISTRY/immuta/immuta-deploy-tools:$IMMUTA_DEPLOY_TOOLS_VERSION
    docker image push $CUSTOMER_REGISTRY/immuta/memcached:$MEMCACHED_TAG
    docker image push $CUSTOMER_REGISTRY/immuta/ingress-nginx-controller:$INGRESS_NGINX_TAG
    
  5. Create the Helm values file (i.e., myValues.yaml) and point it to your registry (i.e., web.imageRepository). Be sure to replace $CUSTOMER_REGISTRY with the actual URL, including any additional prefixes before immuta, with the URL for the actual registry.

    global:
      imageRegistry: $CUSTOMER_REGISTRY
    cache:
      memcached:
        image:
          repository: immuta/memcached
    nginxIngress:
      controller:
        image:
        repository: immuta/ingress-nginx-controller
    
  6. Deploy the Helm Chart.

    helm install <YOUR RELEASE NAME> immuta-$IMMUTA_HELM_CHART_VERSION.tgz --values myValues.yaml