This page provides one possible way to download and package Immuta artifacts for consumption on a separate network with no Internet access.
Install Skopeo
The commands on this page copy the Immuta images from the registry to the local host and export to tarball using skopeo
. Install skopeo
by following the instructions in the .
Authenticate Skopeo to the Immuta registry
Copy the snippet below and replace the placeholder text with the credentials provided by your Immuta representative:
Copy skopeo login https://ocir.immuta.com -u <username> -p <password>
Copy images from the Immuta registry
The IMMUTA_LEGACY_IMAGES
noted below are only required if the deployment still requires the . If not, those legacy images can be omitted.
Copy export IMMUTA_VERSION=2024.2.17
export IMMUTA_IMAGES="audit-service audit-export-cronjob cache classify-service immuta-service"
export IMMUTA_LEGACY_IMAGES="immuta-db immuta-fingerprint"
for image in ${IMMUTA_IMAGES} ${IMMUTA_LEGACY_IMAGES}; do
skopeo copy docker://ocir.immuta.com/stable/${image}:${IMMUTA_VERSION} docker-archive://${PWD}/${image}-${IMMUTA_VERSION}.tar;
done
Pull the Immuta Enterprise Helm chart (IEHC)
Copy the snippet below and replace the placeholder text with the credentials provided by your Immuta representative:
Copy echo <token> | helm registry login --password-stdin --username <username> ocir.immuta.com
Download the IEHC for the current Immuta release:
Copy helm pull oci://ocir.immuta.com/stable/immuta-enterprise --version 2024.2.17
Push images to the private registry
After transferring the Immuta container images and IEHC to your air-gapped network, load them into the container registry there after authenticating.
Copy export PRIVATE_REGISTRY=your.private-registry.com
export IMMUTA_VERSION=2024.2.17
export IMMUTA_IMAGES="audit-service audit-export-cronjob cache classify-service immuta-service"
export IMMUTA_LEGACY_IMAGES="immuta-db immuta-fingerprint"
for image in ${IMMUTA_IMAGES} ${IMMUTA_LEGACY_IMAGES}; do
skopeo copy docker-archive://${PWD}/${image}-${IMMUTA_VERSION}.tar docker://${PRIVATE_REGISTRY}/immuta/${image}:${IMMUTA_VERSION};
done
Install from IEHC tarball
Override the image registry in the Helm chart values overrides:
Copy ---
global:
imageRegistry: your.private-registry.com
imageRepositoryMap:
immuta/immuta-service: immuta/immuta-service
immuta/immuta-db: immuta/immuta-db
immuta/immuta-fingerprint: immuta/immuta-fingerprint
immuta/audit-service: immuta/audit-service
immuta/audit-export-cronjob: immuta/audit-export-cronjob
immuta/classify-service: immuta/classify-service
immuta/cache: immuta/cache
The IEHC can be referenced via filename if there is no Helm chart repository on the destination network:
Copy helm upgrade --install immuta ./immuta-enterprise-2024.2.17.tgz -f immuta-values.yaml