K3s: Running k3s on an airgap environment

Created on 6 Mar 2019  路  5Comments  路  Source: k3s-io/k3s

Hi all !

Is your feature request related to a problem? Please describe.
I'd like to be able to deploy small (= 1 node only) environment were node has no access to Internet. This is sometimes related as "airgap" environment.

Describe the solution you'd like
I need to be able to download everything needed for my cluster on one machine which might be connected to Internet and export it as files. In ideal conditions, it would be a Web-browser only machine (no other tools). Situation were I might have to install additional softwares are not critical.

Then, copy all the files (eg, via USB, DVD, other...) to an environment which is not connected to Internet (or filtered) and deploy.

Describe alternatives you've considered
Parsing several issues in k3s projects, I've found relevant information.
My last test was done with 0-2-0-rc4, which closes #141 , #99 and #92 (it will be documented in #167 ).
Steps :

  • run k3s server on a machine connected to Internet and see which images are loaded (k3 crictl images)
  • run docker pull on each previous image
  • then docker save -o k3s.required.images.tar Every image name:tag
  • copy k3s + k3s.required.images.tar on machine without Internet context
  • run k3s server (to create directories) then stop it
  • Copy k3s.required.images.tar into /var/lib/rancher/k3s/agent/images/
  • run k3s server
  • run k3s crictl images => OK, images are imported
  • run k3s kubectl get all --all-namespaces -o wide => Traefik does not work.
    ==> Traefik chart is required. Would it be possible to add chart into a new directory, as you did with images ?

Additional context
Not applicable

Thanks for your help :)

kinenhancement
Source
picture vdups

Most helpful comment

Thanks everyone !!!

My test result is: almost OK. Only problem is the default route that prevents k3s from starting, but there is a quirky workaround.

Here is my test scenario in case you need it for the documentation

  1. Download k3s + k3s-airgap-images-amd64.tar in ~/
  2. Remove my Ethernet wire
  3. Configure network (to avoid default route problem) : sudo ip -c address add 192.168.123.123/24 dev eno1 && sudo ip route add default via 192.168.123.1
  4. Create directory and move images sudo mkdir -p /var/lib/rancher/k3s/agent/images/ && sudo cp ./k3s-airgap-images-amd64.tar /var/lib/rancher/k3s/agent/images/
  5. Run the server chmod +x ./k3s && sudo ./k3s server
  6. Verify everything is working (try it for 2 minutes while everything is being deployed) : sudo ./k3s kubectl get all --all-namespaces -o wide . Note : pod/helm-install-traefik-zmzpc ends in status Completed
  7. Deploy a dummy container + service, then verify service has an endpoint sudo ./k3s kubectl run dummy-test --image k8s.gcr.io/pause:3.1 --image-pull-policy=Never --expose --port 12000 && sleep 30 && sudo ./k3s kubectl get all -o wide && sudo ./k3s kubectl describe service/dummy-test. Service now has a non empty endpoint :)

Do I need to do more testing ?
Cheers,

picture vdups on 25 Mar 2019
👍5

All 5 comments

This is a duplicate of https://github.com/rancher/k3s/issues/166

superseb picture superseb on 6 Mar 2019

This is definitely on the road map. Image preloading already works (needs documentation). But we need to also do offline helm charts. So still working on that.

ibuildthecloud picture ibuildthecloud on 6 Mar 2019
👍3

Thanks (and sorry I did not see #166)
One more thing : k3s (as most K8s do) complains about a lack of default route, which not always defined in isolated networks.
I'm not able to help in coding, but feel free to ask some support in documentation or testing phases :)

vdups picture vdups on 6 Mar 2019

Thanks everyone !!!

My test result is: almost OK. Only problem is the default route that prevents k3s from starting, but there is a quirky workaround.

Here is my test scenario in case you need it for the documentation

  1. Download k3s + k3s-airgap-images-amd64.tar in ~/
  2. Remove my Ethernet wire
  3. Configure network (to avoid default route problem) : sudo ip -c address add 192.168.123.123/24 dev eno1 && sudo ip route add default via 192.168.123.1
  4. Create directory and move images sudo mkdir -p /var/lib/rancher/k3s/agent/images/ && sudo cp ./k3s-airgap-images-amd64.tar /var/lib/rancher/k3s/agent/images/
  5. Run the server chmod +x ./k3s && sudo ./k3s server
  6. Verify everything is working (try it for 2 minutes while everything is being deployed) : sudo ./k3s kubectl get all --all-namespaces -o wide . Note : pod/helm-install-traefik-zmzpc ends in status Completed
  7. Deploy a dummy container + service, then verify service has an endpoint sudo ./k3s kubectl run dummy-test --image k8s.gcr.io/pause:3.1 --image-pull-policy=Never --expose --port 12000 && sleep 30 && sudo ./k3s kubectl get all -o wide && sudo ./k3s kubectl describe service/dummy-test. Service now has a non empty endpoint :)

Do I need to do more testing ?
Cheers,

vdups picture vdups on 25 Mar 2019
👍5

Thank you @vdups! I will add some info to the docs re this feature and the default route.

erikwilson picture erikwilson on 28 Mar 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

VictorRobellini picture VictorRobellini  路  3Comments
kcns008 picture kcns008  路  3Comments
wpwoodjr picture wpwoodjr  路  3Comments
giezi picture giezi  路  3Comments
Moep90 picture Moep90  路  3Comments