Skip to content

Getting started

The general flow of a disconnected OpenShift install goes like this:

Connected Process

  1. Download the required tools from Red Hat.
  2. Create an image set configuration file.
  3. Mirror an image set to disk using oc-mirror.
  4. Transfer the image set and associated tools to the target disconnected environment.

Disconnected Process

  1. Set up the tools and create a push/pull secret for your target mirror registry.
  2. Upload the image set to the disconnected mirror registry.
  3. Create the cluster configs and build the ISO using the Agent-based Installer.
  4. Boot the the ISO onto your hardware.
  5. Configure your cluster to use the resources generated by the oc-mirror plugin.

Basic Prerequisites

Online connected (low-side)

  • A Red Hat account and valid OpenShift subscription
  • RHEL 8/9 or compatible WSL machine that can access the internet (Red Hat's CDN, registry.redhat.io, quay.io)
  • Adequate disk space either on the machine and transfer disk, or just the transfer disk: 30GB-100GB+ (Dependant on what you want to mirror/download)
  • Data transfer capabilities (connected to disconnected)

Offline disconnected (high-side)

  • A machine that can access the network that the cluster will be installed to
  • Adequate disk space on the disconnected machine and transfer disk, or just the transfer disk: 30GB-100GB+ (Dependant on what you bring over from the connected network)

  • A docker v2-2 capable registry with adequate storage space: 30GB-100GB+ (If you do not have a registry in your environment, you can use the mirror registry for Red Hat OpenShift)

    If you want to use the Red Hat provided mirror registry, the machine must be able to run Podman. Changes to the machine may need to happen that may violate the DISA STIG.

  • DNS server

  • NTP server/source

Cluster Resources

Recommended cluster resources for the following topologies:

Topology # of master nodes # of worker nodes vCPU Memory Storage
Single-node cluster 1 0 16 vCPUs 32 GB of RAM 120 GB
Compact cluster 3 0 or 1 8 vCPUs 16 GB of RAM 120 GB
HA cluster 3 2 and above 8 vCPUs 16 GB of RAM 120 GB

Enclave Support

Red Hat Docs

You can also mirror into an enclave by following the docs linked above. This allows you to mirror for multiple disconnected environments within your organization.

FIPS Compliance

OpenShift version 4.12 to 4.15

To enable FIPS mode for your cluster, you must run the installation program from a RHEL 8 computer that is configured to operate in FIPS mode. Running RHEL 9 with FIPS mode enabled to install an OpenShift Container Platform cluster is not possible.

OpenShift version 4.16 and later

To enable FIPS mode for your cluster, you must run the installation program from a RHEL 9 computer that is configured to operate in FIPS mode, and you must use a FIPS-capable version of the installation program.