Installing SUSE® Observability in Air-Gapped Mode

This document provides a step-by-step guide for installing SUSE® Observability using Helm charts in an air-gapped environment. The process involves preparing the necessary Docker images and Helm charts on a host with internet access, transferring them to a host within a private network, copying Docker images to a private registry, and then deploying the Helm charts.

Prerequisites

On the Local Host (Internet Access)

  • Operating System: Linux or MacOS

  • Tools Installed:

    • Docker

    • Helm cli

    • Scripts for downloading Docker images from the source registry (links will be provided later in this guide).

  • Internet Access: Required to pull Docker images from Quay.io and Helm charts from ChartMuseum.

On the Private Network Host

  • Access: SSH access to the host.

  • Tools Installed:

    • Docker

    • Helm cli

    • Scripts for downloading Docker images from the source registry (links will be provided later in this guide).

    • Network access and credentials to upload images to a private Docker registry.

    • A configured Kubeconfig to install the Helm charts on the target clusters.

Preparing the Docker Images and Helm Charts

Run the following commands on the local host to obtain the required Docker images and Helm charts:

Adding Helm repositories to the local Helm cache:

# Adding the Helm repository for {stackstate-product-name}
helm repo add suse-observability https://charts.rancher.com/server-charts/prime/suse-observability
helm repo update

Fetching the latest versions of the charts. These commands will download TGZ archives of the charts:

# Downloading the chart for {stackstate-product-name}
# The file will be named suse-observability-k8s-A.B.C.tgz
helm fetch suse-observability/suse-observability

# Downloading the helper chart that generates values for {stackstate-product-name}
# The file will be named suse-observability-values-L.M.N.tgz
helm fetch suse-observability/suse-observability-values

Downloading the Bash scripts to save Docker images:

# o11y-get-images.sh
curl -LO https://raw.githubusercontent.com/StackVista/helm-charts/master/stable/suse-observability/installation/o11y-get-images.sh
# o11y-save-images.sh
curl -LO https://raw.githubusercontent.com/StackVista/helm-charts/master/stable/suse-observability/installation/o11y-save-images.sh

# Make the scripts executable
chmod a+x o11y-get-images.sh o11y-save-images.sh

Extracting and Saving Docker Images:

# Extract the list of images from the Helm chart and save it to a file.
./o11y-get-images.sh -f suse-observability-A.B.C.tgz > o11y-images.txt

Replace suse-observability-A.B.C.tgz with the actual filename of the chart archive downloaded earlier.*

 
# Save Docker images to an archive.
# The script expects the file o11y-images.txt to contain the list of images used by {stackstate-product-name}.
# The Docker images will be saved to o11y-images.tar.gz.
./o11y-save-images.sh -i o11y-images.txt -f o11y-images.tar.gz

Copying the Required Files to the Remote Host

Copy the following files from the local host to the host in the private network:

  • o11y-images.txt (List of images required by the SUSE® Observability chart)

  • o11y-images.tar.gz (An archive with the SUSE® Observability’s Docker images)

  • o11y-load-images.sh (Bash script to upload Docker images to a registry)

  • Helm charts downloaded earlier:

    • suse-observability-A.B.C.tgz

    • suse-observability-values-L.M.N.tgz

Restoring Docker Images from the Archive to the Private Registry

Upload the images to the private registry:

# Load Docker images from the archive and push them to the private registry.
# Replace <private-registry> with your private registry's URL.
export DST_REGISTRY_USERNAME="..."
export DST_REGISTRY_PASSWORD="..."
./o11y-load-images.sh -d registry.example.com:5043 -i o11y-images.txt -f o11y-images.tar.gz

If the destination registry doesn’t use authentication the environment variables, DST_REGISTRY_USERNAME and DST_REGISTRY_PASSWORD must not be configured or have to be set to empty values.*

Installing SUSE® Observability

Installing SUSE® Observability Helm charts in an air-gapped environment requires overriding the registries used in Docker image URLs. This guide follows the Installation setup, but uses pre-downloaded Helm archives and private Docker registries.

  • Recommended method

  • Legacy method (Deprecated)

Create a values.yaml file with your configuration, including the private registry:

global:
  # Required: Your private registry URL
  imageRegistry: "registry.example.com:5043"

  suseObservability:
    # Required: Your {stackstate-product-name} license key
    license: "YOUR-LICENSE-KEY"

    # Required: Base URL for {stackstate-product-name}
    baseUrl: "https://observability.example.com"

    # Required: Sizing profile
    sizing:
      profile: "150-ha"

    # Required: Admin password (must be bcrypt hash)
    adminPassword: "$2a$10$..."

    # Optional: Pull secret for private registry authentication
    pullSecret:
      username: "registry-user"
      password: "registry-pass"
To generate a bcrypt password hash, use: htpasswd -bnBC 10 "" "your-password" | tr -d ':\n'

Deploy using the downloaded chart archive:

helm_deploy.sh
helm upgrade --install \
    --namespace suse-observability \
    --create-namespace \
    --values values.yaml \
    suse-observability \
    suse-observability-A.B.C.tgz

With the recommended method, you only need to download the suse-observability chart (not suse-observability-values). The image list is extracted from the main chart.

This method is deprecated. For new installations, use the recommended method above. For existing installations using this method, see the migration guide to transition to the new configuration format.

Create a private-registry.yaml file with the following content:

global:
  imageRegistry: registry.example.com:5043

Command to Generate Helm Chart Values File:

helm_template.sh
export VALUES_DIR=.
helm template \
    --set license='<licenseKey>' \
    --set baseUrl='<baseURL>' \
    --set rancherUrl='<rancherURL>' \
    --set sizing.profile='<sizing.profile>' \
    suse-observability-values suse-observability-values-L.M.N.tgz \
    --output-dir $VALUES_DIR

If the private registry requires authentication, include the pull secret username and password:

helm_template.sh
export VALUES_DIR=.
helm template \
    --set license='<licenseKey>' \
    --set baseUrl='<baseURL>' \
    --set rancherUrl='<rancherURL>' \
    --set sizing.profile='<sizing.profile>' \
    --set pullSecret.username='registry-user' \
    --set pullSecret.password='registry-pass' \
    suse-observability-values suse-observability-values-L.M.N.tgz \
    --output-dir $VALUES_DIR

Deploying the SUSE® Observability Helm Chart:

helm_deploy.sh
helm upgrade --install \
    --namespace suse-observability \
    --create-namespace \
    --values $VALUES_DIR/suse-observability-values/templates/baseConfig_values.yaml \
    --values $VALUES_DIR/suse-observability-values/templates/sizing_values.yaml \
    --values $VALUES_DIR/suse-observability-values/templates/affinity_values.yaml \
    --values private-registry.yaml \
    suse-observability \
    suse-observability-A.B.C.tgz

Validating the Deployment:

kubectl get pod -n suse-observability