LogoLogo
Public Knowledge Base
Public Knowledge Base
  • Self-hosted Immuta
    • Official Immuta Self-Managed Deployment Documentation
    • What's new in 2024.2?
    • Deployment Options
      • AWS Immuta Deployment
      • Azure Immuta Deployment
      • K3s Deployment
      • SUSE Rancher Kubernetes Engine (RKE2) Deployment
      • In-cluster PostgreSQL using Crunchydata
      • In-cluster Elasticsearch using Elastic Cloud on Kubernetes (ECK)
      • Production Linkerd with AWS Private CA issuer
      • Deploying Linkerd via Open Source Linkerd
      • Deploying Linkerd Service Mesh via Buoyant Enterprise for Linkerd
      • Uninstalling Linkerd
      • Upgrading to Immuta 2024.2 LTS
      • LTS Upgrade via Legacy Chart
      • Legacy Audit - no Elasticsearch
      • Temporal with RDS
      • Setting Up OpenSearch User Pemissions
    • Air gapped installations
      • Immuta Installation on k3s in Air Gapped environment
      • Air-gapped Installation Artifact Transfer
  • Excessive failed jobs in pgboss impacting system performance
  • Example Trino installation via Open Source Helm Chart
  • Immuta Installation on Self Managed Infrastructure Overview
  • Repeatable k3s stack deployment on AWS EC2
  • Trino OAuth2 and JWT via Okta
  • Copy of Okta Attribute Mapping
Powered by GitBook
On this page
  • Installing skopeo
  • Authenticate Skopeo to the Immuta Registry
  • Copy images from Immuta Registry
  • Pull the Immuta Enterprise Helm Chart (IEHC)
  • Pushing images to Private Registry
  • Installing from IEHC tarball
  1. Self-hosted Immuta
  2. Air gapped installations

Air-gapped Installation Artifact Transfer

PreviousImmuta Installation on k3s in Air Gapped environmentNextExcessive failed jobs in pgboss impacting system performance

Last updated 9 months ago

This article provides one possible way to download and package Immuta artifacts for consumption on a separate network with no Internet access. Adjust accordingly depending on your environment and target Immuta version.

Installing skopeo

The commands in this article copy the Immuta images from the registry to the local host and export to tarball using skopeo. Details on installing skopeo for the local platform can be found here:

Authenticate Skopeo to the Immuta Registry

skopeo login https://ocir.immuta.com -u <username> -p <password>

Copy images from Immuta Registry

The IMMUTA_LEGACY_IMAGES noted below are only required if the deployment still requires the Immuta Query Engine or Immuta Fingerprint service. If not, these can be omitted.

export IMMUTA_VERSION=2024.2.5
export IMMUTA_IMAGES="audit-service audit-export-cronjob cache classify-service immuta-service"
export IMMUTA_LEGACY_IMAGES="immuta-db immuta-fingerprint"
for image in ${IMMUTA_IMAGES} ${IMMUTA_LEGACY_IMAGES}; do
  skopeo copy docker://ocir.immuta.com/stable/${image}:${IMMUTA_VERSION} docker-archive://${PWD}/${image}-${IMMUTA_VERSION}.tar;
done

Pull the Immuta Enterprise Helm Chart (IEHC)

Copy the snippet below and replace the placeholder text with the credentials provided to you by your customer success manager:

echo <token> | helm registry login --password-stdin --username <username> ocir.immuta.com

Download the IEHC associated with the current Immuta release

helm pull oci://ocir.immuta.com/stable/immuta-enterprise --version 2024.2.5

Pushing images to Private Registry

After transferring the Immuta container images and Helm chart to your air-gapped network, load them into the container registry there after authenticating.

export PRIVATE_REGISTRY=your.private-registry.com
export IMMUTA_VERSION=2024.2.5
export IMMUTA_IMAGES="audit-service audit-export-cronjob cache classify-service immuta-service"
export IMMUTA_LEGACY_IMAGES="immuta-db immuta-fingerprint"
for image in ${IMMUTA_IMAGES} ${IMMUTA_LEGACY_IMAGES}; do
  skopeo copy docker-archive://${PWD}/${image}-${IMMUTA_VERSION}.tar docker://${PRIVATE_REGISTRY}/immuta/${image}:${IMMUTA_VERSION};
done

Installing from IEHC tarball

Be sure to override the image registry in the helm chart values overrides:

immuta-values.yaml
---
global:
  imageRegistry: your.private-registry.com
  imageRepositoryMap:
    immuta/immuta-service: immuta/immuta-service
    immuta/immuta-db: immuta/immuta-db
    immuta/immuta-fingerprint: immuta/immuta-fingerprint
    immuta/audit-service: immuta/audit-service
    immuta/audit-export-cronjob: immuta/audit-export-cronjob
    immuta/classify-service: immuta/classify-service
    immuta/cache: immuta/cache

The IEHC can be referenced via filename if there is no helm chart repository on the destination network:

helm upgrade --install immuta ./immuta-enterprise-2024.2.5.tgz -f immuta-values.yaml
skopeo/install.md at main · containers/skopeoGitHub
Skopeo Installation Options
Logo