--- menu: learn: parent: Patterns quick start title: Deploying in a disconnected network weight: 22 aliases: /learn/disconnected-installation/ --- :toc: :_content-type: ASSEMBLY include::modules/comm-attributes.adoc[] [id="disconnected-installation"] = Deploy a validated pattern in a disconnected network A disconnected network is an infrastructure isolated from external internet access. Deploying {solution-name-upstream} in this environment requires mirroring container images, configuring internal registries, and adjusting pattern configuration files. This guide describes deploying the {mcg-pattern} on {ocp} 4.19 in a disconnected network. The same approach applies to other validated patterns, although the required images and Operators vary by pattern. .Prerequisites * One or more {ocp} clusters deployed in a disconnected network. * An OCI-compliant registry accessible from the disconnected network, referred to as `registry.internal.disconnected.net` in this guide. * A Git repository accessible from the disconnected network. * (Optional) A virtual machine (VM) in the disconnected network to run commands. [NOTE] ==== Deploying {ocp} in a disconnected network is outside the scope of this guide. For details, see the link:https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html-single/disconnected_environments/index#about-installing-oc-mirror-v2[{ocp} disconnected environments documentation] for details. ==== [id="mirror-images"] == 1. Mirror required container images to an internal registry Mirror all required container images to the internal registry. The specific images you mirror depend on the pattern, the {ocp} version, and the required Operators. The example here mirrors images for the Multicloud GitOps pattern. .Procedure . Create an `imageset-config.yaml` file that lists the required platform images, Operators, and additional images: + [source,yaml] ---- kind: ImageSetConfiguration apiVersion: mirror.openshift.io/v2alpha1 mirror: platform: graph: true channels: - name: stable-4.19 type: ocp operators: - catalog: registry.redhat.io/redhat/redhat-operator-index:v4.19 packages: - name: lvms-operator - name: advanced-cluster-management channels: - name: release-2.14 - name: openshift-external-secrets-operator channels: - name: stable-v1 - name: multicluster-engine channels: - name: stable-2.9 - name: openshift-gitops-operator channels: - name: gitops-1.19 - catalog: registry.redhat.io/redhat/community-operator-index:v4.19 packages: - name: patterns-operator additionalImages: - name: registry.redhat.io/ubi9/ubi-minimal:latest - name: registry.connect.redhat.com/hashicorp/vault:1.20.2-ubi - name: registry.access.redhat.com/ubi8/httpd-24:10.0-1755779646 - name: ghcr.io/external-secrets/external-secrets:v0.10.2-ubi # Validated Patterns Helm charts - name: quay.io/validatedpatterns/acm:0.1.17 - name: quay.io/validatedpatterns/clustergroup:0.9.41 - name: quay.io/validatedpatterns/gitea:0.0.3 - name: quay.io/validatedpatterns/golang-external-secrets:0.1.5 - name: quay.io/validatedpatterns/openshift-external-secrets:0.0.3 - name: quay.io/validatedpatterns/hashicorp-vault:0.1.6 - name: quay.io/validatedpatterns/utility-container:latest - name: quay.io/validatedpatterns/imperative-container:v1 - name: quay.io/validatedpatterns/pattern-install:0.0.11 - name: docker.io/gitea/gitea:1.22.6-rootless ---- . Run the mirror command and specify a local cache directory and the target registry: + [source,terminal] ---- oc mirror --config=/var/cache/oc-mirror/imageset-config.yaml \ --workspace file:///var/cache/oc-mirror/workspace \ docker://registry.internal.disconnected.net --v2 <1> ---- <1> The example uses the `--v2` flag to mirror images. + When mirroring completes, `oc mirror` generates resource files in the `/var/cache/oc-mirror/workspace/working-dir/cluster-resources` directory. . Apply the generated resource files to the cluster so that the cluster can resolve images from the internal registry: + [source,terminal] ---- cd /var/cache/oc-mirror/workspace/working-dir/cluster-resources oc apply -f cs-community-operator-index-v4-19.yaml \ cs-redhat-operator-index-v4-19.yaml idms-oc-mirror.yaml \ itms-oc-mirror.yaml ---- + [IMPORTANT] ==== The catalog source names generated by the `oc mirror` command, such as `cs-redhat-operator-index-v4-19`, are required to configure the pattern values files. Do not change these names. ==== [id="configure-pattern"] == 2. Configure the pattern for disconnected use Update the pattern values files to reference the mirrored catalog sources and the internal Helm chart registry. Verify that the `origin` remote for the local Git clone points to the disconnected Git server by running the `git remote -v` command. .Procedure . In the `values-global.yaml` file, point the Helm chart repository to the internal registry and configure operator sources: + [source,yaml] ---- main: multiSourceConfig: enabled: true clusterGroupChartVersion: "0.9.*" helmRepoUrl: registry.internal.disconnected.net/validatedpatterns patternsOperator: source: cs-community-operator-index-v4-19 <1> gitops: operatorSource: cs-redhat-operator-index-v4-19 <1> ---- <1> The catalog source names must match the generated catalog sources from the `oc mirror` command. . In the `values-hub.yaml` file, configure operator sources for hub-specific components: + [source,yaml] ---- acm: mce_operator: source: cs-redhat-operator-index-v4-19 clusterGroup: subscriptions: acm: name: advanced-cluster-management namespace: open-cluster-management channel: release-2.14 source: cs-redhat-operator-index-v4-19 ---- . Commit and push these changes to the disconnected Git server. [id="deploy-pattern"] == 3. Deploy the pattern After mirroring images and configuring the pattern, deploy the pattern from a machine that has access to the disconnected cluster and the Git repository. .Procedure * Point the installation program to the mirrored Helm chart registry and deploy the pattern: + [source,terminal] ---- export PATTERN_DISCONNECTED_HOME=registry.internal.disconnected.net/validatedpatterns ./pattern.sh make install ---- + The cluster converges to the specified state and the pattern installs. == Adapting this guide for other patterns When deploying a different pattern in a disconnected network: * Identify all Operators required by the pattern and add them to the Operators list in the `imageset-config.yaml` file. * Identify all additional container images referenced by the pattern Helm charts and add them to the `additionalImages` list. * Update the `values-global.yaml`, `values-hub.yaml`, and site-specific values files to reference the correct catalog source names for operator subscriptions.