Running k3s on an airgap environment

[vdups]

Hi all !

Is your feature request related to a problem? Please describe.
I'd like to be able to deploy small (= 1 node only) environment were node has no access to Internet. This is sometimes related as "airgap" environment.

Describe the solution you'd like
I need to be able to download everything needed for my cluster on one machine which might be connected to Internet and export it as files. In ideal conditions, it would be a Web-browser only machine (no other tools). Situation were I might have to install additional softwares are not critical.

Then, copy all the files (eg, via USB, DVD, other...) to an environment which is not connected to Internet (or filtered) and deploy.

Describe alternatives you've considered
Parsing several issues in k3s projects, I've found relevant information.
My last test was done with 0-2-0-rc4, which closes #141 , #99 and #92 (it will be documented in #167 ).
Steps :

• run k3s server on a machine connected to Internet and see which images are loaded (k3 crictl images)
• run docker pull on each previous image
• then docker save -o k3s.required.images.tar Every image name:tag
• copy k3s + k3s.required.images.tar on machine without Internet context
• run k3s server (to create directories) then stop it
• Copy k3s.required.images.tar into /var/lib/rancher/k3s/agent/images/
• run k3s server
• run k3s crictl images => OK, images are imported
• run k3s kubectl get all --all-namespaces -o wide => Traefik does not work.
  ==> Traefik chart is required. Would it be possible to add chart into a new directory, as you did with images ?

Additional context
Not applicable

Thanks for your help :)

[superseb]

This is a duplicate of #166

[ibuildthecloud]

This is definitely on the road map. Image preloading already works (needs documentation). But we need to also do offline helm charts. So still working on that.

[vdups]

Thanks (and sorry I did not see #166)
One more thing : k3s (as most K8s do) complains about a lack of default route, which not always defined in isolated networks.
I'm not able to help in coding, but feel free to ask some support in documentation or testing phases :)

[vdups]

Thanks everyone !!!

My test result is: almost OK. Only problem is the default route that prevents k3s from starting, but there is a quirky workaround.

Here is my test scenario in case you need it for the documentation

1. Download k3s + k3s-airgap-images-amd64.tar in ~/
2. Remove my Ethernet wire
3. Configure network (to avoid default route problem) : sudo ip -c address add 192.168.123.123/24 dev eno1 && sudo ip route add default via 192.168.123.1
4. Create directory and move images sudo mkdir -p /var/lib/rancher/k3s/agent/images/ && sudo cp ./k3s-airgap-images-amd64.tar /var/lib/rancher/k3s/agent/images/
5. Run the server chmod +x ./k3s && sudo ./k3s server
6. Verify everything is working (try it for 2 minutes while everything is being deployed) : sudo ./k3s kubectl get all --all-namespaces -o wide . Note : pod/helm-install-traefik-zmzpc ends in status Completed
7. Deploy a dummy container + service, then verify service has an endpoint sudo ./k3s kubectl run dummy-test --image k8s.gcr.io/pause:3.1 --image-pull-policy=Never --expose --port 12000 && sleep 30 && sudo ./k3s kubectl get all -o wide && sudo ./k3s kubectl describe service/dummy-test. Service now has a non empty endpoint :)

Do I need to do more testing ?
Cheers,

[erikwilson]

Thank you @vdups! I will add some info to the docs re this feature and the default route.