Helm to deploy LTS-enterprise in to air-gapped Kubernetes

I am arranging to install SonarQube in to an air-gapped (‘offline’) Kubernetes cluster.

The helm (lts) charts pull various images, and not all of them have a configurable name nor container image repository, such as this one: helm-chart-sonarqube/sonarqube-test.yaml at master · SonarSource/helm-chart-sonarqube · GitHub which pulls bats/bats:1.2.1

Are there instructions available on how to modify the helm chart for air-gapped installations, along with a list of which images we need to make available?

Hello @Martin

Could you please explain why you would want to change the name of the image in that case?

For “offline” Kubernetes, you could maybe go with the Pre-pulled images concept in Kubernetes, which would require changing the imagePullPolicy to Never, which is supported in the helm chart with the image.pullPolicy property.

If you search for this property in the chart, you will find all the images that may need to be pre-pulled on your nodes

Thanks Leo - I’m intending to copy all the required images in to our own container image registry. I’m newish to Helm and Kubernetes so apologies if I miss some obvious things that make this all easier!

I did not yet find a list of which images I need in advance, other than reading through all of the three (sonarqube, postgres and ingress-nginx).

Here’s my list so far:

So you need to rename all the images so it is fetched from your container image registry? It cannot work by keeping the same image names?

Maybe the community can help with this since we didn’t have feedback so far on a setup of SonarQube in an air-gapped Kubernetes cluster.

Regarding the configuration of image for bats/bats:1.2.1, this is a good candidate for an improvement in the future for the latest version of the helm chart

I am a bit new, but I think I do need to either rename the images (to include a registry prefix), or to use image.registry in the YAML. I’m reading Using Admission Controllers | Kubernetes to see if I can find a way to inject image.registry.

But since all except bats/bats:1.2.1 can have the image name overridden via helm values, I think I’m probably able to do what I need. I might edit the helm chart in our local copy of it to allow me to change bats/bats:1.2.1 too.

This is what we’ve gone with, except for the bats/bats:1.2.1 which we edited a local copy of the helm chart to work around.

values.yaml:

image:
  repository: our-private-registry.com/docker.io/sonarqube
  tag: lts-enterprise

caCerts:
  image: our-private-registry.com/docker.io/adoptopenjdk/openjdk11:alpine

initContainers:
  image: our-private-registry.com/docker.io/busybox:1.32

initSysctl:
  image: our-private-registry.com/docker.io/busybox:1.32

initFs:
  image: our-private-registry.com/docker.io/busybox:1.32

curlContainerImage: our-private-registry.com/docker.io/curlimages/curl:latest

prometheusExporter:
  image: our-private-registry.com/docker.io/curlimages/curl:7.76.1
# note the download URL would need changing, too

plugins:
  image: our-private-registry.com/docker.io/rjkernick/alpine-wget:latest

postgresql:
  image:
    registry: our-private-registry.com/docker.io
  metrics:
    image:
      registry: our-private-registry.com/docker.io


tests:
# TODO minideb-extras is deprecated - https://hub.docker.com/r/bitnami/minideb-extras
  image: our-private-registry.com/docker.io/bitnami/minideb-extras:jessie-r525
# This next one needed a change to the helm chart itself
  initimage: our-private-registry.com/docker.io/bats/bats:1.2.1

ingress-nginx:
  controller:
    image:
      repository: our-private-registry.com/k8s.gcr.io/ingress-nginx/controller

ingress-nginx:
  controller:
    admissionWebhooks:
      patch:
        image:
          repository: our-private-registry.com/docker.io/jettech/kube-webhook-certgen

ingress-nginx:
  defaultBackend:
    image:
      repository: our-private-registry.com/k8s.gcr.io/defaultbackend-amd64

Hi @Martin3254
Thank you for the feedback, I have created a ticket on our side to track the improvement