Installing and Running Kubewarden In Air-Gapped Environments

We are excited to announce that deploying Kubewarden in air gap environments has been simplified and documented!

You will need a private OCI registry accessible by your Kubernetes cluster. If you’re unfamiliar with Kubewarden, it’s a policy engine for Kubernetes. Its mission is to simplify the adoption of policy-as-code. Kubewarden policies are WebAssembly modules; therefore they can be stored inside an OCI-compliant registry as OCI artifacts. For an air gap installation, you need to download all the Kubewarden container images and policies in your workstation, then move them to your private OCI registry. Check the Kubewarden docs for a step-by-step guide.

We have added new commands to kwctl v1.3.1 in order to simplify air gap deployment:

• save: saves a list of Kubewarden policies provided as input in a tar.gz file.
• load: loads Kubewarden policies from a tar.gz file into an OCI registry.

There are helpers’ scripts that make easier the air gap installation. You can find them in our utils repository:

• kubewarden-save-images.sh and kubewarden-load-images.sh, which takes a text file with all the container images as input.
• kubewarden-save-policies.sh and kubewarden-load-policies.sh, which takes a text file with all the policies as input.

From now on, all Kubewarden releases will contain a text file with all the container images required to use Kubewarden and another one with the default policies referenced by the kubewarden-defaults chart. These files can be used to perform the air gap installation of a specific Kubewarden version.

Give it a try and reach out to us if you have any questions or want to share your feedback!