Skip to content

feat: wg-easy airgap install #70

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Jun 11, 2025
Merged

feat: wg-easy airgap install #70

merged 11 commits into from
Jun 11, 2025

Conversation

nvanthao
Copy link
Member

@nvanthao nvanthao commented Jun 3, 2025
edited
Loading

Add Airgap Installation Support for WG-Easy

Summary

This PR adds airgap installation support for the WG-Easy application, enabling deployment in air-gapped environments without internet access.

Key Changes

🚀 Airgap Installation Logic

  • New AIRGAP parameter in Taskfile.yaml to enable airgap mode
  • Automatic airgap build detection - checks if airgap builds are available for the target release channel
  • Airgap build triggering - automatically triggers airgap builds if not already built
  • Network policy updates - switches VM network policy to airgap mode during installation
  • Airgap bundle installation - modifies installer command to use airgap bundles when enabled

🏗️ Image Registry Configuration

Updated all Helm charts to support local registry overrides for airgap deployments with Embedded Cluster

  • cert-manager: All component images (controller, webhook, cainjector, acmesolver, startupapicheck) now support local registry
  • replicated-sdk: Added local registry support for SDK image
  • traefik: Configured to use local registry when available
  • wg-easy: Main application and preflight images support local registry

Usage

To install in airgap mode:

task cmx-vm-install CMX_VM_USER=<user> AIRGAP=true REPLICATED_LICENSE_ID=<id>

The system will:

  1. Verify airgap builds are available (or trigger them if needed)
  2. Download the airgap installer bundle
  3. Configure network policies for airgap operation
  4. Install using local registry images

Testing

  • ✅ Verified EC installs successfully with all image pushed to private registry
  • ✅ Verified app deployed from KOTS with all images loaded from private registry

TODO

  • What need to be done for Helm CLI airgap?

@nvanthao nvanthao self-assigned this Jun 3, 2025
@nvanthao nvanthao marked this pull request as ready for review June 6, 2025 23:29
banjoh
banjoh reviewed Jun 10, 2025
View reviewed changes
Copy link
Member

@banjoh banjoh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes look good

applications/wg-easy/Taskfile.yaml Outdated

echo "Airgap build status: $AIRGAP_BUILD_STATUS"

if [ "$AIRGAP_BUILD_STATUS" = "metadata" ]; then
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Checking the status of the airgap build is nice. I think we should wait for the build to complete. As a user, it would be nice to just run task cmx-vm-install..., get some coffee and come back to find the deployment done.

We can add a new wait-airgap-build task or something like that, or we can just wait within cmx-vm-install task

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's great idea, I've added new task airgap-build with polling and can be called separately or from cmx-vm-install.

e.g.

Check if user is set...
Check if license ID is set...
Airgap mode enabled, ensuring airgap build is ready...
Checking if airgap build is available for latest release in channel Unstable...
Found app ID: 2xzKY8D0vi6qlCGajpFLEumdsi6, channel ID: 2xzKY7R5vVrmM1CaE13yKqRKFXH
Airgap build status: metadata
Airgap has not been built yet. Triggering build...
{}Airgap build triggered. Polling every 10 seconds for up to 5 minutes...
Checking airgap build status... (attempt 1/30)
Airgap build current status: building
Checking airgap build status... (attempt 2/30)
Airgap build current status: building_bundle
Checking airgap build status... (attempt 3/30)
Airgap build current status: building_bundle
Checking airgap build status... (attempt 4/30)
Airgap build current status: building_bundle
Checking airgap build status... (attempt 5/30)
Airgap build current status: building_bundle
Checking airgap build status... (attempt 6/30)
Airgap build current status: building_bundle
Checking airgap build status... (attempt 7/30)
Airgap build current status: building_bundle
Checking airgap build status... (attempt 8/30)
Airgap build current status: building_bundle
Checking airgap build status... (attempt 9/30)
Airgap build current status: built
Airgap build completed successfully!
Airgap bundle images: [
  "debian:buster-slim",
  "docker.io/traefik:v3.0.0",
  "ghcr.io/wg-easy/wg-easy:14",
  "quay.io/jetstack/cert-manager-cainjector:v1.14.5",
  "quay.io/jetstack/cert-manager-controller:v1.14.5",
  "quay.io/jetstack/cert-manager-startupapicheck:v1.14.5",
  "quay.io/jetstack/cert-manager-webhook:v1.14.5",
  "registry.replicated.com/library/replicated-sdk-image:1.5.3"
]
SSH into the VM and download the app binary...

@nvanthao nvanthao requested a review from banjoh June 11, 2025 07:29
hedge-sparrow
hedge-sparrow requested changes Jun 11, 2025
View reviewed changes
@nvanthao nvanthao requested a review from hedge-sparrow June 11, 2025 10:28
@nvanthao nvanthao merged commit ae3ecbf into main Jun 11, 2025
1 check passed
@nvanthao nvanthao deleted the gerard/sc-122950/wg-easy-airgap branch June 11, 2025 21:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hedge-sparrow hedge-sparrow hedge-sparrow approved these changes

@banjoh banjoh Awaiting requested review from banjoh

Assignees

@nvanthao nvanthao

Labels
type::feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nvanthao @banjoh @hedge-sparrow