Install Devtron on Airgapped Environment

Introduction

In certain scenarios, you may need to deploy Devtron to a Kubernetes cluster that isn’t connected to the internet. Such air-gapped environments are used for various reasons, particularly in industries with strict regulatory requirements like healthcare, banking, and finance. This is because air-gapped environments aren't exposed to the public internet; therefore, they create a controlled and secure space for handling sensitive data and operations.

Try Devtron Enterprise for free — unlock advanced features built for scale.

Prerequisites

Install podman or docker on the VM from where you're executing the installation commands.
Get the latest image file

curl -LO https://raw.githubusercontent.com/devtron-labs/devtron/refs/heads/main/devtron-images.txt.source

Set the values of TARGET_REGISTRY, TARGET_REGISTRY_USERNAME, and TARGET_REGISTRY_TOKEN. This registry should be accessible from the VM where you are running the cloning script and the K8s cluster where you’re installing Devtron.

Note

If you are using Docker, the TARGET_REGISTRY should be in the format docker.io/<USERNAME>

Docker Instructions

Platform Selection

For Linux/amd64

export PLATFORM="linux/amd64"

For Linux/arm64

export PLATFORM="linux/arm64"

Set the environment variables

# Set the source registry URL
export SOURCE_REGISTRY="quay.io/devtron"

# Set the target registry URL, username, and token/password
export TARGET_REGISTRY=""
export TARGET_REGISTRY_USERNAME=""
export TARGET_REGISTRY_TOKEN=""

# Set the source and target image file names with default values if not already set
SOURCE_IMAGES_LIST="${SOURCE_IMAGES_LIST:=devtron-images.txt.source}"
TARGET_IMAGES_LIST="${TARGET_IMAGES_LIST:=devtron-images.txt.target}"

docker login -u $TARGET_REGISTRY_USERNAME -p $TARGET_REGISTRY_TOKEN $TARGET_REGISTRY

Clone the images

while IFS= read -r source_image; do
  # Check if the source image belongs to the quay.io/devtron registry
  if [[ "$source_image" == quay.io/devtron/* ]]; then
    # Replace the source registry with the target registry in the image name
    target_image="${source_image/quay.io\/devtron/$TARGET_REGISTRY}"

  # Check if the source image belongs to the quay.io/argoproj registry
  elif [[ "$source_image" == quay.io/argoproj/* ]]; then
    # Replace the source registry with the target registry in the image name
    target_image="${source_image/quay.io\/argoproj/$TARGET_REGISTRY}"

  # Check if the source image belongs to the public.ecr.aws/docker/library registry
  elif [[ "$source_image" == public.ecr.aws/docker/library/* ]]; then
    # Replace the source registry with the target registry in the image name
    target_image="${source_image/public.ecr.aws\/docker\/library/$TARGET_REGISTRY}"
  fi

  # Pull the image from the source registry
  docker pull --platform $PLATFORM $source_image

  # Tag the image with the new target registry name
  docker tag $source_image $target_image

  # Push the image to the target registry
  docker push $target_image

  # Output the updated image name
  echo "Updated image: $target_image"

  # Append the new image name to the target image file
  echo "$target_image" >> "$TARGET_IMAGES_LIST"

done < "$SOURCE_IMAGES_LIST"

Podman Instructions

For Multi-arch

Set the environment variables

export SOURCE_REGISTRY="quay.io/devtron"
export SOURCE_REGISTRY_TOKEN=#Enter token provided by Devtron team
export TARGET_REGISTRY=#Enter target registry url 
export TARGET_REGISTRY_USERNAME=#Enter target registry username 
export TARGET_REGISTRY_TOKEN=#Enter target registry token/password

podman login -u $TARGET_REGISTRY_USERNAME -p $TARGET_REGISTRY_TOKEN $TARGET_REGISTRY

Clone the images

SOURCE_REGISTRY="quay.io/devtron"
TARGET_REGISTRY=${TARGET_REGISTRY}
SOURCE_IMAGES_FILE_NAME="${SOURCE_IMAGES_FILE_NAME:=devtron-images.txt.source}"
TARGET_IMAGES_FILE_NAME="${TARGET_IMAGES_FILE_NAME:=devtron-images.txt.target}"

cp $SOURCE_IMAGES_FILE_NAME $TARGET_IMAGES_FILE_NAME
while read source_image; do
  if [[ "$source_image" == *"workflow-controller:"* || "$source_image" == *"argoexec:"* || "$source_image" == *"argocd:"* ]]
  then
    SOURCE_REGISTRY="quay.io/argoproj"
    sed -i "s|${SOURCE_REGISTRY}|${TARGET_REGISTRY}|g" $TARGET_IMAGES_FILE_NAME
  elif [[ "$source_image" == *"redis:"* ]]
  then
    SOURCE_REGISTRY="public.ecr.aws/docker/library"
    sed -i "s|${SOURCE_REGISTRY}|${TARGET_REGISTRY}|g" $TARGET_IMAGES_FILE_NAME
  else
    SOURCE_REGISTRY="quay.io/devtron"
    sed -i "s|${SOURCE_REGISTRY}|${TARGET_REGISTRY}|g" $TARGET_IMAGES_FILE_NAME
  fi
done <$SOURCE_IMAGES_FILE_NAME
echo "Target Images file finalized"

while read -r -u 3 source_image && read -r -u 4 target_image ; do
  echo "Pushing $source_image $target_image"
  podman manifest create $source_image
  podman manifest add $source_image $source_image --all
  podman manifest push $source_image $target_image --all
done 3<"$SOURCE_IMAGES_FILE_NAME" 4<"$TARGET_IMAGES_FILE_NAME"

Devtron Installation

Before starting, ensure you have created an image pull secret for your registry if authentication is required.

Create the namespace (if not already created)
```
kubectl create ns devtroncd
```

Create the Docker registry secret

kubectl create secret docker-registry devtron-imagepull \
  --namespace devtroncd \
  --docker-server=$TARGET_REGISTRY \
  --docker-username=$TARGET_REGISTRY_USERNAME \
  --docker-password=$TARGET_REGISTRY_TOKEN

If you are installing Devtron with the CI/CD module or using Argo CD, create the secret in the following namespaces else, you can skip this step-:

kubectl create secret docker-registry devtron-imagepull \
  --namespace devtron-cd \
  --docker-server=$TARGET_REGISTRY \
  --docker-username=$TARGET_REGISTRY_USERNAME \
  --docker-password=$TARGET_REGISTRY_TOKEN
kubectl create secret docker-registry devtron-imagepull \
  --namespace devtron-ci \
  --docker-server=$TARGET_REGISTRY \
  --docker-username=$TARGET_REGISTRY_USERNAME \
  --docker-password=$TARGET_REGISTRY_TOKEN
kubectl create secret docker-registry devtron-imagepull \
  --namespace argo \
  --docker-server=$TARGET_REGISTRY \
  --docker-username=$TARGET_REGISTRY_USERNAME \
  --docker-password=$TARGET_REGISTRY_TOKEN

Get the latest Devtron Helm Chart

helm pull devtron-operator --repo http://helm.devtron.ai

This would download the tar file of the devtron-operator chart, Make sure to replace the <devtron-chart-file> in the installation commands with this file name.

Install Devtron without any Integration

Use the below command to install Devtron without any Integrations

Without imagePullSecrets:

helm install devtron <devtron-chart-file> -n devtroncd --set global.containerRegistry="$TARGET_REGISTRY" --set-string components.devtron.customOverrides.IS_AIR_GAP_ENVIRONMENT=true

With imagePullSecrets:

helm install devtron <devtron-chart-file> -n devtroncd --set global.containerRegistry="$TARGET_REGISTRY" --set global.imagePullSecrets[0].name=devtron-imagepull --set-string components.devtron.customOverrides.IS_AIR_GAP_ENVIRONMENT=true

Installing Devtron with CI/CD Mode

Use the below command to install Devtron with only the CI/CD module

Without imagePullSecrets:

helm install devtron <devtron-chart-file> -n devtroncd --set installer.modules={cicd} --set global.containerRegistry="$TARGET_REGISTRY" --set-string components.devtron.customOverrides.IS_AIR_GAP_ENVIRONMENT=true

With imagePullSecrets:

helm install devtron <devtron-chart-file> -n devtroncd --set installer.modules={cicd} --set global.containerRegistry="$TARGET_REGISTRY" --set global.imagePullSecrets[0].name=devtron-imagepull --set-string components.devtron.customOverrides.IS_AIR_GAP_ENVIRONMENT=true

Install Devtron with CICD Mode including Argocd

Use the below command to install Devtron with the CI/CD module and Argo CD

Without imagePullSecrets:

helm install devtron <devtron-chart-file> --create-namespace -n devtroncd --set installer.modules={cicd} --set argo-cd.enabled=true --set global.containerRegistry="$TARGET_REGISTRY" --set argo-cd.global.image.repository="${TARGET_REGISTRY}/argocd" --set argo-cd.redis.image.repository="${TARGET_REGISTRY}/redis" --set-string components.devtron.customOverrides.IS_AIR_GAP_ENVIRONMENT=true

With imagePullSecrets:

helm install devtron <devtron-chart-file> --create-namespace -n devtroncd --set installer.modules={cicd} --set argo-cd.enabled=true --set global.containerRegistry="$TARGET_REGISTRY" --set argo-cd.global.image.repository="${TARGET_REGISTRY}/argocd" --set argo-cd.redis.image.repository="${TARGET_REGISTRY}/redis" --set global.imagePullSecrets[0].name=devtron-imagepull --set-string components.devtron.customOverrides.IS_AIR_GAP_ENVIRONMENT=true

Next Steps

PreviousInstall Devtron on Minikube, Microk8s, K3s, Kind, Cloud VMs NextDemo on Popular Cloud Providers

Last updated 5 days ago

Was this helpful?