Installing Strimzi in an air-gapped environment

Complete these steps to install Strimzi if your Kubernetes cluster does not have internet access, or if you want to install from a self-hosted registry. Installing Strimzi installs the applications and resources that enable you to deploy and manage Kafka in Kubernetes.

Strimzi is installed in your Kubernetes cluster with the Strimzi Cluster Operator Helm chart using the helm install command. When you install the chart, Helm installs the Strimzi Custom Resource Definitions (CRDs) included in CSM Operator and deploys the Strimzi Cluster Operator, which is an operator application that manages and monitors Kafka and related components. Additionally, other cluster resources and applications required for managing Kafka are also installed.

Installing Strimzi does not create or deploy a Kafka cluster. Kafka clusters are created following the installation by deploying Kafka and KafkaNodePool resources in the Kubernetes cluster with kubectl or oc.

Cloudera recommends that you install Strimzi once per Kubernetes cluster. Some resources are cluster-wide, which can cause issues if Strimzi is installed multiple times on the same cluster.

By default the Strimzi Cluster Operator (deployed with installation) watches and manages the Kafka clusters that are deployed in the same namespace as the Strimzi Cluster Operator. However, you can configure it to watch any namespace. This allows you to manage multiple Kafka clusters deployed in different namespaces using a single installation.

  • Ensure that your Kubernetes environment meets requirements listed in System requirements.

  • A self-hosted Docker registry is required. Your registry must be accessible by your Kubernetes cluster.

  • A machine with Internet connectivity is required. While the Kubernetes cluster does not need internet access, you will need a machine to pull the images from the Cloudera Docker registry.

  • Access to docker or equivalent utility that you can use to pull and push images is required. The following steps use docker. Replace commands where necessary.

  • Ensure that you have access to your Cloudera credentials (username and password). Credentials are required to access the Cloudera Archive and Cloudera Docker registry where installation artifacts are hosted.

  • Ensure that you have access to a valid Cloudera license.

  • Review the Helm chart reference before installation.

    The Helm chart accepts various configuration properties that you can set during installation. Using these properties you can customize your installation.

  1. Copy the following installation artifacts to your self-hosted registry.
    Table 1. CSM Operator artifacts on the Cloudera Docker registry
    Artifact Location Description
    Strimzi Docker image Docker image used for deploying Strimzi and its components.
    Kafka Docker image Docker image used for deploying Kafka and related components.
    Strimzi Cluster Operator Helm chart oci:// Helm chart used to install the Strimzi Cluster Operator with helm install.

    This step involves pulling the artifacts from the Cloudera Docker registry, retagging them, and then pushing them to your self-hosted registry. The exact steps you need to carry it out depend on your environment and how your registry is set up. The following substeps demonstrate the basic workflow using docker and helm.

    1. Log in to the Cloudera Docker registry with both docker and helm.
      Provide your Cloudera credentials when prompted.
      docker login
      helm registry login
    2. Pull the Docker images from the Cloudera Docker registry.
      docker pull \[***IMAGE NAME***]:[***VERSION***]
    3. Pull the Strimzi Cluster Operator Helm chart.
      helm pull \
        oci:// \
        --version 1.0.0-b283
    4. Retag the Docker images you pulled so that they contain the address of your registry.
      docker tag \
        [***ORIGINAL IMAGE TAG***] \
        [***YOUR REGISTRY***]/cloudera/[***IMAGE NAME***]:[***VERSION***]
    5. Push the images and chart to your self-hosted registry.
      docker push \
        [***YOUR REGISTRY***]/cloudera/[***IMAGE NAME***]:[***VERSION***]
      helm push \
        strimzi-kafka-operator-1.0.0-b283.tgz \
        oci://[***YOUR REGISTRY***]/cloudera-helm/csm-operator/
  2. Create a namespace in your Kubernetes cluster.
    kubectl create namespace [***NAMESPACE***]
    This is the namespace where you install Strimzi. Use the namespace you create in all installation steps that follow.
  3. Create a Kubernetes secret containing credentials for your self-hosted registry.
    kubectl create secret docker-registry [***SECRET NAME***] \
      --docker-server [***REGISTRY HOSTNAME***]:[***PORT***] \
      --docker-username [***USERNAME***] \
      --docker-password [***PASSWORD***] \
      --namespace [***NAMESPACE***]

    Replace [***USERNAME***] and [***PASSWORD***] with your Cloudera credentials.

  4. Install Strimzi with helm install.
    helm install strimzi-cluster-operator \
      --namespace [***NAMESPACE***] \
      --set 'image.imagePullSecrets[0].name= [***SECRET***] \
      --set defaultImageRegistry=[***REGISTRY HOSTNAME***]:[***PORT***] \
      --set-file clouderaLicense.fileContent=[***PATH TO LICENSE FILE***] \
      oci://[***YOUR REGISTRY***]/cloudera-helm/csm-operator/strimzi-kafka-operator \
      --version 1.0.0-b283 \
      --set watchAnyNamespace=true
    • The string strimzi-cluster-operator is the Helm release name of the chart installation. This is an arbitrary, user defined name. Cloudera recommends that you use a unique and easily identifiable name.

    • imagePullSecrets specifies what secret is used to pull images from the specified registry. Ensure that you replace [***SECRET NAME***] with the name of the secret you created in Step 3.

    • clouderaLicense.fileContent is used to register your license. If this property is set, a secret is generated that contains the license you specify. Setting this property is mandatory. The Strimzi Cluster Operator will not function without a valid license. Ensure that you replace [***PATH TO LICENSE FILE***] with the full path to your Cloudera license file.

    • You can use --set to set various other properties of the Helm chart. This enables you to customize your installation. For example, Cloudera recommends that you configure the Cluster Operator to watch all namespaces, this is configured by setting watchAnyNamespace to true. Alternatively, you can configure a list of specific namespaces to watch using watchNamespaces.

  5. Verify your installation
    This is done by listing the deployments and pods in your namespace. If installation is successful, you should see a strimzi-cluster-operator deployment and pod present in the cluster.
    kubectl get deployments --namespace [***NAMESPACE***]
    NAME                       READY   UP-TO-DATE   AVAILABLE   AGE
    strimzi-cluster-operator   1/1     1            1           13m
    kubectl get pods --namespace [***NAMESPACE***]
    NAME                       READY   UP-TO-DATE   AVAILABLE   AGE
    strimzi-cluster-operator   1/1     1            1           13m
  6. Optional: Access supplemental resources available on the Cloudera Archive.
    Supplemental resources available on the Cloudera Archive include various example files, diagnostic tools, and more. You can use these resources to quickly deploy Kafka clusters and to gain a better understanding of Strimzi and CSM Operator.