Installing in an Air-gapped Environment

Air-gapped Environment Support is an Enterprise Feature
To retrieve your license, please log in to the Admin Console.

Docker Registry

To pull a specific version or the latest of the following Docker images from docker.io, visit:

• kubeshark/worker
• kubeshark/hub
• kubeshark/front

You can then push these images to your local Docker registry and update the proper configuration including the registry address and, if needed, the secret for pulling images from your local repository.

Disabling Internet-Dependent Features

Be aware that the availability of certain features relies on an active internet connection. In air-gapped environments, it’s advisable to disable these features:

• Authentication
• Telemetry
• PF_RING

Configuration Example

Below is an example and guidelines for configuring your local Docker registry, disabling the aforementioned features, and managing your license:

tap:
  docker:
    registry: <local-registry-address>
    imagePullSecrets: [ <secret> ]
  auth:
    enabled: false
  telemetry:
    enabled: false
  noKernelModule: true
license: <your-enterprise-license>

Alternatively, you can add the following directives to your command line as a second option:

--set tap.auth.enabled=false \
--set tap.telemetry.enabled=false \
--set tap.noKernelModule=true \
--set license=<your-enterprise-license> \
--set tap.docker.registry=<local-registry-address> \
--set-json 'tap.docker.imagePullSecrets=["<secret>"]'

Notes:

1. Disabling the features mentioned above, while recommended, is optional. Kubeshark will still function in an air-gapped environment even if you don’t disable these functions. However, please note that these functions will not work as intended since they depend on open internet connectivity.
2. We are planning to add support for these functions (especially PF-RING and authentication) in an air-gapped environment in the near future.