search
Book a demo

Immuta in an Air-Gapped Environment

This page provides one possible way to download and package Immuta artifacts for consumption on a separate network with no Internet access.

export IMMUTA_VERSION=2024.2.20
export IMMUTA_IMAGES="audit-service audit-export-cronjob cache classify-service immuta-service"
export IMMUTA_LEGACY_IMAGES="immuta-db immuta-fingerprint"
for image in ${IMMUTA_IMAGES} ${IMMUTA_LEGACY_IMAGES}; do
  skopeo copy docker://ocir.immuta.com/stable/${image}:${IMMUTA_VERSION} docker-archive://${PWD}/${image}-${IMMUTA_VERSION}.tar;
done

  1. Copy the snippet below and replace the placeholder text with the credentials provided by your Immuta representative:

    echo <token> | helm registry login --password-stdin --username <username> ocir.immuta.com

  2. Download the IEHC for the current Immuta release:

    helm pull oci://ocir.immuta.com/stable/immuta-enterprise --version 2024.2.20
export PRIVATE_REGISTRY=your.private-registry.com
export IMMUTA_VERSION=2024.2.20
export IMMUTA_IMAGES="audit-service audit-export-cronjob cache classify-service immuta-service"
export IMMUTA_LEGACY_IMAGES="immuta-db immuta-fingerprint"
for image in ${IMMUTA_IMAGES} ${IMMUTA_LEGACY_IMAGES}; do
  skopeo copy docker-archive://${PWD}/${image}-${IMMUTA_VERSION}.tar docker://${PRIVATE_REGISTRY}/immuta/${image}:${IMMUTA_VERSION};
done
helm upgrade --install immuta ./immuta-enterprise-2024.2.20.tgz -f immuta-values.yaml

hashtag
Prerequisite

circle-info

Skopeo installation

This guide utilizes the skopeo command to copy container images; ensure it's installed before proceeding. Refer to the skopeo documentationarrow-up-right for further assistance.

hashtag
Checklist

hashtag
Skopeo

hashtag
Helm

hashtag
Download artifacts

This section demonstrates how to download the Helm chart and container images to your local machine. These artifacts will be packaged and transferred to the air-gapped environment later.

circle-info

Upon completion of these steps, the saved artifacts can be found in local directory offline-kit.

  1. Create a directory named offline-kit.

  2. Download the Helm chart into directory offline-kit.

  3. Extract file DIGESTS.md from the Helm chart archive.

  4. Open file ./offline-kit/DIGESTS.md. This file includes the name and digest of every container image referenced by the Helm chart.

  5. Download each image listed in file DIGESTS.md using skopeoarrow-up-right. Each image will be saved to directory offline-kit with the filename<name>-<tag>.tar.

hashtag
Transfer artifacts

This section demonstrates how to push the previously archived container images to a private registry that's accessible from within your air-gapped environment.

circle-info

The exact process for transferring files into an air-gapped network can vary significantly depending on your specific security policies and infrastructure.

  1. Transfer directory offline-kit (created in the previous section) onto a machine that's within your air-gapped environment.

  2. Push each image to your private registry using skopeoarrow-up-right.

hashtag
Chart installation

circle-info

A Helm chart can be referenced from a local file path, instead of remotely if desired. It is not necessary to reference it remotely. When referring to documentation, substitute any references to oci://ocir.immuta.com/stable/immuta-enterprise with the path to the unarchived (.tgz) chart file.

Edit the immuta-values.yaml to reference the private container registry and images.

PreviousGeneric InstallationNextDeploy Immuta without Elasticsearch

Last updated

Was this helpful?