This topic describes how to set up your environment so that you can deploy Tanzu Kubernetes Grid management clusters and Tanzu Kubernetes clusters in Internet-restricted environments, namely environments that are not connected to the Internet. The procedures described here only apply to deployments to vSphere.
If you are using Tanzu Kubernetes Grid to deploy clusters in a connected environment that can pull images over an external internet connection, you do not need to perform this procedure.
Before you can deploy management clusters and Tanzu Kubernetes clusters in an Internet-restricted environment, you must perform the following actions.
The procedure to set up an internet-restricted environment so that you can deploy management clusters and Tanzu Kubernetes clusters has been simplified in Tanzu Kubernetes Grid 1.1.2 and subsequent releases.
This procedure also applies if you are upgrading an existing internet-restricted Tanzu Kubernetes Grid 1.1.2 or later deployment.
yq
and jq
.Run the tkg get management-cluster
command.
Running a tkg
command for the first time installs the necessary Tanzu Kubernetes Grid configuration files in the ~/.tkg
folder on your system. The script that you create and run in subsequent steps requires the YAML files in the ~/.tkg/bom
folder to be present on your machine. The scripts in this procedure use the YAML files in ~/.tkg/bom
to identify the correct versions of the different Tanzu Kubernetes Grid component images to pull.
Set the IP address or FQDN of your local registry as an environment variable.
In the following command example, replace custom-image-repository.io
with the address of your private Docker registry.
On Windows platforms, use the SET
command instead of export
. Include the name of the project in the value:
export TKG_CUSTOM_IMAGE_REPOSITORY="custom-image-repository.io/yourproject"
Copy and paste the following script in a text editor, and save it as gen-publish-images.sh
.
#!/usr/bin/env bash
# Copyright 2020 The TKG Contributors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
BOM_DIR=${HOME}/.tkg/bom
if [ -z "$TKG_CUSTOM_IMAGE_REPOSITORY" ]; then
echo "TKG_CUSTOM_IMAGE_REPOSITORY variable is not defined"
exit 1
fi
for TKG_BOM_FILE in "$BOM_DIR"/*.yaml; do
# Get actual image repository from BoM file
actualImageRepository=$(yq r "$TKG_BOM_FILE" imageConfig.imageRepository | tr -d '"')
# Iterate through BoM file to create the complete Image name
# and then pull, retag and push image to custom registry
yq r --tojson "$TKG_BOM_FILE" images | jq -c '.[]' | while read -r i; do
# Get imagePath and imageTag
imagePath=$(jq .imagePath <<<"$i" | tr -d '"')
imageTag=$(jq .tag <<<"$i" | tr -d '"')
# create complete image names
actualImage=$actualImageRepository/$imagePath:$imageTag
customImage=$TKG_CUSTOM_IMAGE_REPOSITORY/$imagePath:$imageTag
echo "docker pull $actualImage"
echo "docker tag $actualImage $customImage"
echo "docker push $customImage"
echo ""
done
done
Make the script executable.
chmod +x gen-publish-images.sh
Generate a new version of the script that is populated with the address of your private Docker registry.
./gen-publish-images.sh > publish-images.sh
Verify that the generated version of the script contains the correct registry address.
cat publish-images.sh
Make the script executable.
chmod +x publish-images.sh
docker login ${TKG_CUSTOM_IMAGE_REPOSITORY}
Run the script to pull the required images from the public Tanzu Kubernetes Grid registry, retag them, and push them to your private registry.
./publish-images.sh
Run any Tanzu Kubernetes Grid CLI command, for example tkg init --ui
.
The Tanzu Kubernetes Grid installer interface should open.
The procedure to set up an internet-restricted environment was manual in Tanzu Kubernetes Grid 1.1.0 and prone to error. For new deployments to internet-restricted environments, use Tanzu Kubernetes Grid 1.1.2 or a later release.
As long as the TKG_CUSTOM_IMAGE_REPOSITORY
variable remains set, when you deploy clusters, Tanzu Kubernetes Grid will pull images from your local private registry rather than from the external public registry. To make sure that Tanzu Kubernetes Grid always pulls images from the local private registry, add TKG_CUSTOM_IMAGE_REPOSITORY
to the ~/.tkg/config.yaml
file.
TKG_CUSTOM_IMAGE_REPOSITORY: custom-image-repository.io/yourproject
Your Internet-restricted environment is now ready for you to deploy or upgrade Tanzu Kubernetes Grid management clusters and Tanzu Kubernetes clusters to vSphere.