Install on Airgap
Looking for the GitGuardian legacy architecture Airgap page? Please visit the Airgap (legacy) page.
Airgap installation for the new KOTS-based applications is currently experimental. Official support and documentation will be available soon.
For information on the new architecture, as well as determining whether you are using the new or the legacy GitGuardian architecture, explore the New GitGuardian Architecture page.
Before starting the installation, ensure to review the system and network requirements, and download your license.
KOTS-based installation
Airgap installation on an Embedded cluster
Download and install the Kubernetes cluster
First, you will need to set up the cluster. kURL allows you to download a bundle beforehand, and run the install using it. There are two places to download it. The first and recommended one is the download portal where you can also download your license and the application bundle. The second one is with this link, which can be useful for automation purposes:
curl -LSO https://kurl.sh/bundle/gitguardian.tar.gz
Then, copy the archive to your server using for example scp. Go to your
server, with ssh, or another tool. Extract the archive:
scp gitguardian.tar.gz ${your-server-address}:.
ssh ${your-server-address}
tar -xvzf gitguardian.tar.gz
You can now install the cluster:
cat install.sh | sudo bash -s airgap
Once the installation finishes, the KOTS Admin Console will be available on
http://${your-server-address}:8800. If needed you can set up an SSH tunnel to
access it locally on http://localhost:8800:
ssh -N -L 8800:${your-server-ip}:8800 ${your-server-ip}
Upload the application bundle to the KOTS Admin Console
First, you will need to download the license and the application bundle from the
Replicated download portal. The filename should end with .airgap.
Upload your license on the KOTS Admin Console. Then upload the application bundle.
Follow the rest of the instructions here to complete the installation.
Upgrades
To upgrade the cluster itself, please download the latest kURL bundle,
follow the installation instructions above:
copy the bundle, extract it, and run the install.sh script.
Then, you will need to upgrade the KOTS application running in the cluster:
kubectl kots admin-console upgrade --namespace <namespace>
If needed, specify the Kubernetes namespace with --namespace (default namespace is used if not specified).
To upgrade the application, first download the latest application bundle on the download portal. Then go to your KOTS Admin Console on the "Version History", and click on "Upload new version". Upload the bundle and deploy it.
Airgap installation on an Existing cluster
Download and install the KOTS Admin Console
First, install the kubectl KOTS plugin on your machine:
curl https://kots.io/install | bash
Then, you need to download the latest bundle for the KOTS Admin Console. There are two places to download it. The first and recommended one is the download portal where you can also download your license and the application bundle. The second one is the release assets on GitHub. In both cases, make sure to match your locally installed KOTS plugin version. You can check it by running:
kubectl kots version
Now you need to upload these images to your registry using a user with write access to your internal registry:
kubectl kots admin-console push-images ./kotsadm.tar.gz \
${private.registry.host}/gitguardian \
--registry-username ${rw-username} \
--registry-password ${rw-password}
The username and password for the registry are not stored anywhere.
Finally, you can run the install command for the KOTS Admin Console:
kubectl kots install gitguardian \
--kotsadm-namespace gitguardian \
--kotsadm-registry ${private.registry.host} \
--registry-username ${ro-username} \
--registry-password ${ro-password}
A Kubernetes secret will be used to store these credentials.
An automatic port-forward is launched, you can now access the KOTS Admin Console on http://localhost:8800.
Upload the application bundle to the KOTS Admin Console
First, you will need to download the license and the application bundle from the
download portal. The filename should end with .airgap.
Upload your license on the KOTS Admin Console.. Then follow the instructions to set up the registry for the application itself and upload the application bundle.
Follow the rest of the instructions here to complete the installation.
Helm-based installation
Accessing and Downloading the GitGuardian Helm Chart
- Login to Helm chart registry: The Helm chart is available in the Replicated private registry. Use the password provided by the GitGuardian team. Log in with this command (replace email with the one given to GitGuardian):
helm registry login registry.replicated.com --username your.name@yourcompany.com
- Download Helm chart locally: After logging in, download and extract the GitGuardian Helm chart
into a local directory (e.g.,
/home/user) using:
cd /home/user
helm fetch oci://registry.replicated.com/gitguardian/gitguardian --untar
Download GitGuardian Images
Below is a list of images to download and upload to your private image registry:
| Image Type | Repository and image name | Tag |
|---|---|---|
| Front | proxy.replicated.com/proxy/gitguardian/513715405986.dkr.ecr.us-west-2.amazonaws.com/prm/static-chainguard | 2024.4.0 |
| Backend | proxy.replicated.com/proxy/gitguardian/513715405986.dkr.ecr.us-west-2.amazonaws.com/prm/app-chainguard | 2024.4.0 |
| Helm Tooling | proxy.replicated.com/proxy/gitguardian/513715405986.dkr.ecr.us-west-2.amazonaws.com/prm/helm-tooling | 2024.4.0 |
| Used for custom CA | proxy.replicated.com/proxy/gitguardian/513715405986.dkr.ecr.us-west-2.amazonaws.com/services/nginx-unprivileged | stable |
| Replicated SDK | replicated/replicated-sdk | v1.0.0-beta.16 |
For this process, you can utilize a tool like Skopeo or simply use docker pull to handle image transfers.
Example on how to download the images with docker pull (adjust the tag to download the latest release):
cd /home/user/gitguardian
mkdir .docker
export DOCKER_CONFIG="${PWD}/.docker"
yq .global.replicated.dockerconfigjson values.yaml | base64 -d | jq > .docker/config.json
docker pull proxy.replicated.com/proxy/gitguardian/513715405986.dkr.ecr.us-west-2.amazonaws.com/prm/static-chainguard:2024.4.0
docker pull proxy.replicated.com/proxy/gitguardian/513715405986.dkr.ecr.us-west-2.amazonaws.com/prm/app-chainguard:2024.4.0
docker pull proxy.replicated.com/proxy/gitguardian/513715405986.dkr.ecr.us-west-2.amazonaws.com/prm/helm-tooling:2024.4.0
docker pull proxy.replicated.com/proxy/gitguardian/513715405986.dkr.ecr.us-west-2.amazonaws.com/services/nginx-unprivileged:stable
docker pull replicated/replicated-sdk:v1.0.0-beta.16
Using JFrog Artifactory? Be aware of a known issue with authentication with the Replicated image proxy. Express your interest by adding a note to this feature request. For a temporary solution, manually download the images and upload them to your JFrog Artifactory server.
Install the application
Proceed to the Helm installation instructions and adapt them for an airgap installation using the information below:
- Update your values file to use a private registry for image pulling. Add the following configuration (replace
docker.internalwith your private registry):
global:
imageRegistry: docker.internal # Private registry used to pull images
imagePullSecrets:
- name: pull-secret # Existing docker secret used to pull images
replicated:
isAirgap: true # Enable only for environments without Internet access.
images:
replicated-sdk: "docker.internal/replicated/replicated-sdk:v1.0.0-beta.16"
imagePullSecrets:
- name: pull-secret
Are you using an HTTP(s) proxy in your environment? More information on how to Configure a proxy server.
- Use the local Helm chart directory for installation instead of the remote repository. Example command:
helm install <release-name> -n <namespace> --create-namespace /home/user/gitguardian -f local-values.yaml
Was this page helpful?
