Deploying Supervisor Services in Air Gapped Environments

vSphere with Tanzu Supervisor Services

Supervisor Services is a platform for managing core infrastructure components such as virtual machines, MinIO, Velero, Harbor and others. Once deployed, application teams can deploy Supervisor Services instances within their own namespaces using industry-standard tools and procedures.

Since Supervisor Services are also tightly integrated with independent software vendors (ISV), they can provide key shared services to workloads, such as (as of January 2024) a Container Image Registry (Harbor), a Backup & Recovery Service (Velero), an S3 Object Store (MinIO), Data Persistence Platform (vDPP), Certificate Mamagement Service, Kubernetes Ingress Controller Service (Contour) and External DNS Service.

The links of images or image bundles are defined in each service manifest file. How the service can be rolled out in an Air Gapped environment depends on whether it is a single image per service, multiple images or an image bundle.

Here are a few manifest file examples:

Providing images and bundles

After the links of images or image bundles have been found, they must be downloaded and created in an internal registry accessible from the air-gapped environment.

The images can be deployed with docker, image bundles can be deployed with the “imgpkg” tool.

Option 1: Deploy from a VM with docker and imgpkg tool that has access to the Internet and the registry in the Air-Gapped environment:

• For Images:
  docker pull < image_name:version>
  Docker tag < image_name:version> <interne_harbor/image_name:verstion>
  Docker Push < interne_harbor:verstion> br>br>
• For image bundles:
  imgpkg copy -b projects.registry.vmware.com/…/< image-bundle_name:version> —to-repo <interne_harbor/image-name> —debug

Option 2: From a VM with docker and imgpkg tools that does not have access to the registry in the Air-Gapped environment:

• For Images:
  ‘# A VM with Internet access
  docker pull < imagename:version>
  docker save > < image name >.tar
  ‘# copy image to the VM with access to the registry
  docker load < < image_name:version>.tar
  Docker tag < image_name:version> <interne_harbor/image_name:verstion>
  docker push <interne_harbor/image_name:verstion> br>br>
• For image bundles
  mgpkg copy -b projects.registry.vmware.com/…/< image-bundle_name:version> —to-tar=<$HOME/< image_folder_name>.tar
  ‘# copy image-bundle to the VM with access to the registry
  imgpkg copy –tar < path_to_image_file>.tar –to-repo <interne_harbor/image-name> —debug

Supervisor Service Manifest file

Once the image bundles are deployed, the manifest files must be supplemented with the link from the internal registry to the image bundle.

Now the Supervisor Services, which are provided as an image, can be activated and installed.

Now the Supervisor Services, which are provided as image bundles, can be activated and installed. Then follow the installation steps on the VMware website and enjoy the Supervisor Services in air gapped environments. After the Supervisor Cluster Update, the changes must be repeated on the kapp-controller-config.

If you are also struggling with challenges in your infrastructure, please contact our team and let us work together to find a solution.