This repository documents a production-inspired Kubernetes cluster deployment in a fully offline (air‑gapped) environment using kubeadm.
The content is based on real-world enterprise experience and focuses on deterministic, secure, and reproducible Kubernetes setups where no internet access is available.
All examples are generalized and anonymized for public learning purposes.
By following the documentation in this repository, you will be able to:
- Build a multi-node Kubernetes cluster without internet access
- Prepare OS-level RPM dependencies for offline installation
- Configure containerd for air-gapped environments
- Bootstrap Kubernetes using kubeadm
- Expose services using MetalLB (Layer 2 mode) on bare‑metal / on‑prem clusters
- Validate external access using real workloads (NGINX)
This repository intentionally avoids cloud-managed abstractions and focuses on on‑prem / restricted environments.
- Operating System: Rocky Linux 9.6 / RHEL 9.6
- Container Runtime: containerd
- Kubernetes: v1.34.1
- Networking: Calico CNI
- LoadBalancer: MetalLB (L2 mode)
- Registry: Trusted private container registry (pre‑populated)
⚠️ All cluster nodes are assumed to have zero outbound internet connectivity.
offline-kubernetes-airgapped/
├── README.md
└── docs/
├── offline-kubernetes-setup.md # Core cluster bootstrap (kubeadm)
├── rpm-package-preparation.md # Offline RPM dependency preparation
└── metalLb-setup.md # LoadBalancer using MetalLB (L2)
Each document is designed to be self-contained and can be followed independently.
- Kubernetes Cluster Setup (Offline)
- RPM Package Preparation (Offline Requirement)
- MetalLB Implementation & Operations Guide
-
No public internet access required
-
All images pulled from private Nexus
-
No cloud dependencies
-
Suitable for:
- Bank DCs
- Secure enterprise networks
- Government / regulated environments
- Keep rpm files for each component
- Backup
/etc/kubernetesand/var/lib/etcd - Do not mix Kubernetes versions across documents
- Always validate image availability before upgrades
This repository is useful for:
- DevOps / Platform Engineers
- On‑prem Kubernetes administrators
- Teams working in air‑gapped or regulated environments
- Engineers who want to understand Kubernetes beyond cloud-managed services
- No external repositories are accessed from cluster nodes
- All RPMs and container images are prepared in advance
- Private registry usage is treated as a prerequisite
- Configuration is suitable for regulated and audited environments
Registry implementation details are intentionally out of scope and may be documented separately.
Most Kubernetes tutorials assume:
- Internet access
- Cloud load balancers
- Managed container registries
This repository documents what actually works in:
- Enterprise data centers
- Restricted networks
- Security‑first environments
It reflects operational reality, not lab assumptions.
- Private registry setup & image mirroring
- Offline cluster upgrade strategy
- Monitoring & logging (Prometheus / Grafana offline)
- Backup & disaster recovery
LinkedIn: https://www.linkedin.com/in/abhijithb2109/
If you find this repository useful:
- ⭐ Star the repository
- 🍴 Fork it to adapt for your environment
- 💬 Share feedback or improvements via issues
Abhijith B DevOps Engineer Email : abhijithb2109@gmail.com
Focused on Kubernetes, on‑prem infrastructure, and production‑grade platform engineering.
- This repository is safe to share publicly
- Content can be reused for internal documentation
- MkDocs / GitHub Pages can be added later without restructuring
If this repository helps you, feel free to ⭐ it or adapt it for your environment.