-
Notifications
You must be signed in to change notification settings - Fork 206
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docs / strategy for an air-gapped faasd configuration #122
Comments
Rancher have an approach outlined for k3s here: https://rancher.com/docs/k3s/latest/en/installation/airgap/ |
Can docker-import be used to untar files on the host into images to avoid needing any registry https://docs.docker.com/engine/reference/commandline/import/#import-from-a-local-directory then if pull policy is Never it should use the locally imported images |
I think ctr has its own commands for importing images, however we are not using docker but containerd. |
@Waterdrips To use on an airgapped system:
Troubleshooting:
|
@pingberlin would you be open to writing up a short step-by-step blog post on this? What about the initial installation and deployment of faasd and its containers in docker-compose.yaml? |
I am currently struggling with this as I have to install faasd in an air-gapped server (banking industry). @pingberlin, if you could give some more insight on how you managed to first do a complete installation and then keep it runinng, I'll try to mirror on my end and then I can offer my help on testing and writing the docs, @alexellis . |
@amongil we will probably get to this eventually, but can't make any guarantees. OpenFaaS Ltd does offer paid consulting if you need it sooner and I'm sure we could help through a small project. Feel free to email [email protected] if that's of interest to you. |
Expected Behaviour
We should provide docs for how to use faasd in an air-gapped configuration.
Possible Solution
Ideas:
A) a mode for faasd and containers where containers are never pulled, and are assumed to be in the local library
B) instructions for mirroring to a local registry, and then updating the docker.io references to the local registry IP instead. This will probably have to have a self-signed CA, so we will need to find a way to add it to the trust bundle
C) export tar images from a live faasd instance, copy them to the "offline" machine, then insert them into the containerd library and configure faasd to read them - goes with option A)
Steps to Reproduce (for bugs)
Install faasd, then "unplug the Internet", reboot faasd and try to use it.
I.e. use Multipass and a VM on your workstation, then disconnect from WiFi, reboot the VM.
The text was updated successfully, but these errors were encountered: