About
Red Hat OpenShift is a comprehensive Kubernetes platform that simplifies the deployment, management, and scaling of applications, offering support for both containers and virtual machines within a single environment.
In Internet-connected environments, OpenShift installation is straightforward with installer-provisioned infrastructure, a guided, automated method ideal for cloud providers or on-premises setups.
However, in disconnected environments, especially those with stringent security requirements, installations require additional consideration, including mirroring of all necessary content locally and steps to simulate an internet connection for OpenShift's functionality.
This cheat sheet shows you how to perform an OpenShift disconnected installation in a secured environment:
- Download and configure software on the connected bastion host
- Transfer the software to the disconnected network
- Configure the disconnected bastion host
- Configure the mirror registry on the bastion host
- Create install-config and agent-config files
- Generate and load a bootable ISO image for OpenShift
- Perform post-installation tasks
With Red Hat Developer cheat sheets, you get essential information right at your fingertips so you can work faster and smarter. Easily learn new technologies and coding concepts and quickly find the answers you need.
Excerpt
Because OpenShift is deployed as a set of containers, a registry is necessary to operate properly. In connected environments, OpenShift would use Red Hat’s container registry for the initial installation, but in disconnected environments, this will not be available. Therefore, you need to stand one up to serve this purpose.
The STIG modifies the user bashrc and profile to default to 0077. During the mirroring process to your local registry, we also build your default catalog source. During that process, we need to ensure that the umask is set to 0022 so that OpenShift can read those files within the built container. This is necessary because, by default, OpenShift cannot run containers as root for security reasons.
Related Cheat sheets
