Airgapped Kubernetes


Watch Hannes Probst's Talk at ContainerDays 2023

What if you want to install Kubernetes, but your nodes are not connected to the internet? If you are concerned about data protection and critical infrastructure, while at the same time wanting to leverage the benefits of Kubernetes, the solution demonstrated in this talk might be helpful.

Typical enterprise architecture applies many layers of protection to isolate workloads, most notably through firewalls. Traffic needs to be explicitly allowed to leave the protected networks. Everything else is blocked. This is an attempt to get as many “gaps” between the outside and the inside as possible. The next logical step in this setup is to reach a so-called air-gaped environment.

How would Kubernetes work in such an isolated and air-gapped scenario? Usually, while installing Kubernetes, many artifacts and binaries need to be downloaded from all over the place. Also, future clusters usually rely on a lot of outside resources.

We talk about a possible architecture for such use cases. Let us get started with an easy-to-understand overview. Then we will dive deeper and cover details about a reference implementation we put together on AWS, with a fully functional air-gapped Multicluster Kubernetes environment.

Speaker: Hannes Probst, Technical Infrastructure Consulant at Kubermatic

Leading Companies Choose Kubermatic