DEV Community

Sudhir Jangir
Sudhir Jangir

Posted on • Edited on

Kubernetes in Restrictive or regulated environments

There could be situations where Internet access is regulated or even not there. These "air-gap" or regulated/isolated deployments become more involved with cloud-based environments, where full control is not available. Existing k8s/Cloud providers don't give you access to the cluster or configuration, or may not have an equivalent distribution for your local network or environment.

Now public cloud offering is being centred around containers/Kubernetes/open source, having these in Hybrid or local system has become a need. Localstack or outposts still ties you with the cloud providers, while container movement is also about flexibility. The whole exercise becomes too complicated where the effort to put this in place becomes more than a few weeks of effort.

How do you install/run packages in these Restrictive or regulated environments?

Running Kubernetes cluster in "Air-gap" kind of environments means having local repositories for container images, bundled packages, or approved/regulated binaries. Even for additional tools like image scanning or ci/cd, should be available locally. The application package may include everything needed to run the application – binaries, dependencies, or built-in container registry.

With work from home situations (COVID or even after that), "air-gap" kind of need would arise even for desktop users, where they may have limited connectivity or restricted by office network/installation policies. Users should be able to get a production-like environment with a local registry, control over cluster resizing, version switch capability, or configuration control.

Such packages should not interfere with your existing installations and should be light on your machine.

As a developer working from home, I need to bring my cluster closer to me and should be able to control my cluster behaviour even if I am in Air-gap environment. Developer Focus should be on service development rather than getting worried about how to install or how to run or configure in these situations.

Top comments (0)