Documenting the process of automating disconnected (airgapped) installations of Red Hat OpenShift using GitOps

It comes down to security and control. Data must be physically transferred into an air gapped environment. This means that exfiltration of data generated in the environment typylcally requires physical access to the systems in the air gapped environment.

This is typically used in Law Enforcement, the Military, Banking, Scientific Computing, and in industrial control networks.

OpenShift is part of a large ecosystem of tools that have been able to operate in disconnected networks. A lot of work was done by the Red Hat Government Team, and without them, the current tools wouldn't exist:

• oc-mirror - A tool for mirroring images, Operators and Helm charts stored in OCI registries

• Mirror Registry for Red Hat OpenShift - A self contained Quay Registry built for disconnected environments

As an added difficulty, we will automate much of the Day2 operations of the cluster configuration using OpenShift GitOps.

The advantage of this, is that architects, developers, engineers and administrators looking to deploy a system like this can practice the deployment on a connected system and develop a working configuration. The tested and working configurations of OpenShift and the applications to be deployed may be configured as Applications in OpenShift GitOps and synced via git.

For now let's focus on the requirements of the Low Side.