Share with friends and colleagues on social media

Containers has become first choice and ask from customers and Kubernetes is the first choice for container orchestration. Cloud native applications are being built. SUSE Cloud Application Platform is a modern application delivery platform used to bring an advance cloud native developer experience to Kubernetes. SUSE has containerized Cloud foundry.

Container images being downloaded on Kubernetes master and worker nodes when we deploy SUSE Cloud Application Platform. Source of these container images can be SUSE registry site which is or can be a local registry in the same network of Kubernetes master and worker nodes.

Kubernetes master and worker nodes should not have internet access If we talk about a deployment in production environment and this will require us to setup repository and registry server in local network. This method is called airgapped method and we will see how to setup airgapped environment in this blog. A big thank you to Derek So who helped me in my setup.

# command to be executed

## line commented in a file

Environment Setup:

I have used NFS storage in this setup for sharing data between external RMT and internal RMT but an external drive can also be used. CaaSP v4 and CAPv1.5 images will be used.

Extrmt : Internet facing rmt server(it has access to internet)

No internet access on any other server but default route should be there for SUSE CaasP installation

Intrmt : internal rmt server

mgmt : kubernates management node

master : kubernetes master node

worker1 : kubernetes worker node

registry : registry pointing to intrmt(cname record in DNS)

charts : charts pointing to intrmt(cname record in DNS)

Install and configure RMT on extrmt server by following below link, Include package hub module, CaasP module. add aliases for, & intrmt in certificates section while configuring RMT. Please follow procedure at below link.

Once RMT is configured sync and mirror repositories which are required.

extrmt#rmt-cli sync

extrmt#for i in `cat`; do rmt-cli product enable $i; done











extrmt#rmt-cli mirror

Install and configure NFS

extrmt#mount /dev/sdb1 /mnt/storage (NFS share for data sharing with intrmt)

extrmt#zypper in nfs-kernel-server yast2-nfs-server

extrmt#yast2 nfs-server (export /mnt/storage directory)

Export RMT data and repos on NFS share.

extrmt#rmt-cli export data /mnt/storage

extrmt#rmt-cli export settings /mnt/storage

extrmt #rmt-cli export repos /mnt/storage

We will download all images required to setup SUSE CaaSP and CAP in below section on extrmt server. extrmt #zypper in docker helm-mirror skopeo

extrmt # cat /etc/sysconfig/docker


extrmt #systemctl enable –now docker.service

extrmt #systemctl start docker.service


extrmt #LOCAL_DIR=/mnt/storage/suse



extrmt #export CAASP_IMAGE_LIST_URL

extrmt #export LOCAL_DIR

extrmt #export LOCAL_CHART_URL

extrmt #export LOCAL_REGISTRY_URL

extrmt #mkdir -p $LOCAL_DIR

extrmt #curl  $CAASP_IMAGE_LIST_URL -o $LOCAL_DIR/caasp-image-list.txt

extrmt #awk ‘{print $NF}’ $LOCAL_DIR/caasp-image-list.txt | cut -c 7- | sed ‘/^$/d’ | sort -u > extrmt $LOCAL_DIR/caasp-image-download.txt

extrmt #mkdir –p $LOCAL_DIR/skopeodata/

extrmt #for img in `cat $LOCAL_DIR/caasp-image-download.txt`


skopeo copy docker://$img dir:$LOCAL_DIR/skopeodata/$img


extrmt #vi $LOCAL_DIR/cap-image-download

extrmt #for img in `cat $LOCAL_DIR/cap-image-download`


skopeo copy docker://$img dir:$LOCAL_DIR/skopeodata/$img


extrmt #helm-mirror –new-root-url $LOCAL_CHART_URL $LOCAL_DIR/suse-charts

extrmt #skopeo copy docker:// dir:/mnt/storage/suse/skopeodata/

We have our extrmt server ready with all repositories and container images required to install SUSE CaaSP and CAP.

We will copy there repositories and container images to intrmt server so it can be used in SUSE CaaSP cluster. We will start configuring intrmt server in below section.

Install and configure RMT on intrmt server. We need to use RMT certificates from extrmt server so we will copy them on intrmt server.

intrmt#zypper in rmt-server

intrmt #scp extrmt:/etc/rmt/ssl/* /etc/rmt/ssl/

intrmt #yast2 rmt

intrmt #systemctl stop rmt-server-sync.timer

intrmt #systemctl disable rmt-server-sync.timer

intrmt #mount extrmt:/mnt/storage /mnt/storage

intrmt #rmt-cli import data /mnt/storage

intrmt #rmt-cli import repos /mnt/storage

intrmt #for i in `cat`; do  rmt-cli products enable $i; done











intrmt #zypper in docker

intrmt #zypper in -t pattern SUSE-CaaSP-Management

intrmt #SUSEConnect –product PackageHub/15.1/x86_64

intrmt #zypper install docker-distribution-registry

We need to create a virtual host server for helm charts. We will use nginx used by RMT for this purpose.

intrmt #vi /etc/nginx/vhosts.d/charts-server-https.conf

server {  listen 443   ssl;  server_name;   access_log  /var/log/nginx/charts_https_access.log;  error_log   /var/log/nginx/charts_https_error.log;  root        /srv/www/;   ssl_certificate     /etc/rmt/ssl/rmt-server.crt;  ssl_certificate_key /etc/rmt/ssl/rmt-server.key;  ssl_protocols       TLSv1.2 TLSv1.3;   location /charts {    autoindex on;  }}

intrmt #systemctl restart nginx

We will configure registry server in below section. Our registry server is listening to 5000 port on intrmt server.

intrmt #systemctl enable –now docker.service

intrmt #mkdir /var/lib/registry

intrmt #cat /etc/sysconfig/docker


intrmt #vi /etc/registry/config.yml

version: 0.1



service: registry



blobdescriptor: inmemory


rootdirectory: /var/lib/registry




X-Content-Type-Options: [nosniff]


certificate: /etc/rmt/ssl/rmt-server.crt

key: /etc/rmt/ssl/rmt-server.key



enabled: true

interval: 10s

threshold: 3

intrmt #systemctl start registry

intrmt #systemctl enable registry

We will now sync all SUSE CaaSP and CAP container images from extrmt server to our registry server created in above section.

intrmt #zypper in skopeo

intrmt #skopeo sync dir:/mnt/storage/suse/skopeodata/ docker://

intrmt #cd /mnt/storage/suse/suse-charts

intrmt #mkdir /srv/www/charts

intrmt #rsync -avP * /srv/www/charts/

intrmt #chown -R nginx:nginx /srv/www/charts

intrmt #chmod -R 555 /srv/www/charts/

So we have our internal RMT server and registry server ready now and we can use them to install SLES and then SUSE CaaSP and CAP. We need to perform below tasks on all SUSE CaaSP cluster machines(master, worker and management nodes).

#scp extrmt:/etc/rmt/ssl/rmt-ca.crt /etc/pki/trust/anchors/ #update-ca-certificates

#vi /etc/containers/registries.conf


location = “”

mirror = [{ location = “”}]

## Optional: if the registry is not secure this can be set

## insecure = true

Once everything setup follow below link to setup SUSE CaaSP cluster.

Once SUSE CaaSP cluster is up and running follow below link to setup SUSE CAP.

Share with friends and colleagues on social media
(Visited 1 times, 1 visits today)

Category: Containers, Containers as a Service, Kubernetes, SUSE CaaS Platform, SUSE Cloud Application Platform, Technical Solutions
This entry was posted Wednesday, 8 April, 2020 at 3:17 am
You can follow any responses to this entry via RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *

No comments yet