Installation on Air-Gapped Networks
Overview
This guide provides instructions for installing RepoFlow in air-gapped environments. In such networks, internet access is restricted, so all necessary resources must be pre-downloaded and transferred to the target system.
RepoFlow supports two CPU architectures:
- amd64 (default)
- arm64 (add
-arm64to RepoFlow Docker image tags for compatibility)
RepoFlow also provides a special airgapped server image for air-gapped environments. This is necessary for vulnerability scanning in such environments.
Example RepoFlow Tags
Here are examples of RepoFlow server image tags to illustrate how they are structured:
-
Standard tags:
0.4.70.4.7-amd640.4.7-arm64
-
Airgapped tags:
0.4.7-airgapped-amd640.4.7-airgapped-arm64
If you encounter any issues, feel free to contact us at support@repoflow.io.
Steps for Installation
1. Download the Helm Chart
- Download the RepoFlow Helm chart package:
helm repo add repoflow-helm-public https://api.repoflow.io/helm/repoflow-public/helm-public
helm repo update
helm pull repoflow/repoflow --version 0.4.7 - Transfer the
.tgzfile to the air-gapped environment.
2. Prepare Docker Images
You need to pull and save all required Docker images, whether using Helm or Docker Compose.
Helm Chart Deployment
If you are using the Helm chart, you need all of the following images. It is recommended to use the airgapped server image.
Pull and Save Commands:
docker pull api.repoflow.io/repoflow-public/docker-public/library/repoflow-client:0.4.7
docker save api.repoflow.io/repoflow-public/docker-public/library/repoflow-client:0.4.7 -o ./repoflow-client_0.4.7.tar
docker pull api.repoflow.io/repoflow-public/docker-public/library/repoflow-server:0.4.7-airgapped-amd64
docker save api.repoflow.io/repoflow-public/docker-public/library/repoflow-server:0.4.7-airgapped-amd64 -o ./repoflow-server_0.4.7-airgapped-amd64.tar
# The RepoFlow CLI is not necessary but useful
docker pull api.repoflow.io/repoflow-public/docker-public/library/repoflow-cli:0.4.7
docker save api.repoflow.io/repoflow-public/docker-public/library/repoflow-cli:0.4.7 -o ./repoflow-cli_0.4.7.tar
docker pull nginxinc/nginx-unprivileged:1.27.4-bookworm-perl
docker save nginxinc/nginx-unprivileged:1.27.4-bookworm-perl -o ./nginx-unprivileged_1.27.4-bookworm-perl.tar
docker pull postgres:16.2
docker save postgres:16.2 -o ./postgres_16.2.tar
docker pull bitnami/minio:2024.12.18-debian-12-r1
docker save bitnami/minio:2024.12.18-debian-12-r1 -o ./minio_2024.11.7-debian-12-r0.tar
docker pull hasura/graphql-engine:v2.37.0
docker save hasura/graphql-engine:v2.37.0 -o ./graphql-engine_v2.37.0.tar
docker pull elasticsearch:8.15.0
docker save elasticsearch:8.15.0 -o ./elasticsearch_8.15.0.tar
docker pull redis:alpine3.15
docker save redis:alpine3.15 -o ./redis_alpine3.15.tar
# Optional for init containers
docker pull redis:busybox:1.36
docker save redis:busybox:1.36 -o ./busybox_1.36.tar
Docker Compose Deployment
If you are using Docker Compose, some images are not required. You need the following:
docker pull api.repoflow.io/repoflow-public/docker-public/library/repoflow-client:0.4.7
docker save api.repoflow.io/repoflow-public/docker-public/library/repoflow-client:0.4.7 -o ./repoflow-client_0.4.7.tar
docker pull api.repoflow.io/repoflow-public/docker-public/library/repoflow-server:0.4.7-airgapped-amd64
docker save api.repoflow.io/repoflow-public/docker-public/library/repoflow-server:0.4.7-airgapped-amd64 -o ./repoflow-server_0.4.7-airgapped-amd64.tar
docker pull nginxinc/nginx-unprivileged:1.27.4-bookworm-perl
docker save nginxinc/nginx-unprivileged:1.27.4-bookworm-perl -o ./nginx-unprivileged_1.27.4-bookworm-perl.tar
docker pull postgres:16.2
docker save postgres:16.2 -o ./postgres_16.2.tar
docker pull bitnami/minio:2024.12.18-debian-12-r1
docker save bitnami/minio:2024.12.18-debian-12-r1 -o ./minio_2024.11.7-debian-12-r0.tar
docker pull hasura/graphql-engine:v2.37.0
docker save hasura/graphql-engine:v2.37.0 -o ./graphql-engine_v2.37.0.tar
Note: In Docker Compose, busybox, elasticsearch, and redis are not needed.
3. Transfer Files to the Air-Gapped Network
- Copy the Helm chart
.tgzfile and the Docker images to the air-gapped environment.
4. Load Docker Images in the Air-Gapped Network
Run the following commands on the target system to load the saved Docker images:
docker load -i ./repoflow-client_0.4.7.tar
docker load -i ./repoflow-server_0.4.7-airgapped-amd64.tar
docker load -i ./nginx-unprivileged_1.27.4-bookworm-perl.tar
docker load -i ./postgres_16.2.tar
docker load -i ./minio_2024.11.7-debian-12-r0.tar
docker load -i ./graphql-engine_v2.37.0.tar
For Helm users, also load:
docker load -i ./elasticsearch_8.15.0.tar
docker load -i ./redis_alpine3.15.tar
docker load -i ./busybox_1.36.tar
5. Deploy RepoFlow Using Helm
-
Install the Helm chart:
helm install repoflow ./repoflow-0.4.7.tgz
6. Environment Configuration for Air-Gapped Networks
When running RepoFlow in an air-gapped environment, ensure the following environment variables are set:
IS_VULNERABILITY_SCANNING_ENABLED=true
GRYPE_AUTO_UPDATE=false
Additionally, ensure that the airgapped RepoFlow server image is used for vulnerability scanning.
Helm Configuration
In your values.yaml, you must disable the vulnerability scanning volume under the server section:
vulnerabilitiesScanning:
enabled: false
Docker-Compose Configuration
If you are using Docker Compose, you need to remove the grype-db volume.
- Remove the volume mount from the server section:
- grype-db:/srv/vulnerabilitiesScanning
- Remove the volume definition from the volumes section:
volumes:
grype-db:
Note: For vulnerability scanning in an air-gapped environment, always use the
airgappedserver image and disable the Grype database volume to prevent RepoFlow from attempting to update it.
Notes
- Ensure Docker is configured to work offline in the air-gapped network.
- Review the Helm chart values to customize deployment settings.
For further assistance, contact support@repoflow.io.