3.7.0
What's New in ioFog 3.7.0?Core ConceptsArchitectureQuick Start With Local Deployment
IntroductionDownloadGetting FamiliarResource ManagementConnect/DisconnectLegacy
CLI Reference
iofogctliofogctl attachiofogctl attach agentiofogctl attach edge-resourceiofogctl attach execiofogctl attach exec agentiofogctl attach exec microserviceiofogctl attach volume-mountiofogctl completioniofogctl completion bashiofogctl completion fishiofogctl completion powershelliofogctl completion zshiofogctl configureiofogctl connectiofogctl createiofogctl create namespaceiofogctl deleteiofogctl delete agentiofogctl delete alliofogctl delete application-templateiofogctl delete applicationiofogctl delete catalogitemiofogctl delete certificateiofogctl delete configmapiofogctl delete controlleriofogctl delete edge-resourceiofogctl delete microserviceiofogctl delete namespaceiofogctl delete nats-account-ruleiofogctl delete nats-user-ruleiofogctl delete registryiofogctl delete roleiofogctl delete rolebindingiofogctl delete secretiofogctl delete serviceiofogctl delete serviceaccountiofogctl delete volume-mountiofogctl delete volumeiofogctl deployiofogctl describeiofogctl describe agent-configiofogctl describe agentiofogctl describe application-templateiofogctl describe applicationiofogctl describe certificateiofogctl describe configmapiofogctl describe controlleriofogctl describe controlplaneiofogctl describe edge-resourceiofogctl describe microserviceiofogctl describe namespaceiofogctl describe nats-account-ruleiofogctl describe nats-accountiofogctl describe nats-user-ruleiofogctl describe nats-useriofogctl describe registryiofogctl describe roleiofogctl describe rolebindingiofogctl describe secretiofogctl describe serviceiofogctl describe serviceaccountiofogctl describe system-microserviceiofogctl describe volume-mountiofogctl describe volumeiofogctl detachiofogctl detach agentiofogctl detach edge-resourceiofogctl detach execiofogctl detach exec agentiofogctl detach exec microserviceiofogctl detach volume-mountiofogctl disconnectiofogctl execiofogctl exec agentiofogctl exec microserviceiofogctl getiofogctl legacyiofogctl logsiofogctl moveiofogctl move agentiofogctl move microserviceiofogctl natsiofogctl nats accountsiofogctl nats accounts ensureiofogctl nats operatoriofogctl nats operator describeiofogctl nats usersiofogctl nats users create-mqtt-beareriofogctl nats users createiofogctl nats users credsiofogctl nats users delete-mqtt-beareriofogctl nats users deleteiofogctl pruneiofogctl prune agentiofogctl rebuildiofogctl rebuild microserviceiofogctl rebuild system-microserviceiofogctl renameiofogctl rename agentiofogctl rename applicationiofogctl rename controlleriofogctl rename edge-resourceiofogctl rename microserviceiofogctl rename namespaceiofogctl rollbackiofogctl startiofogctl start applicationiofogctl start microserviceiofogctl stopiofogctl stop applicationiofogctl stop microserviceiofogctl upgradeiofogctl versioniofogctl view
IntroductionPrepare Your NetworkPrepare Realm and OIDC ClientKeycloak DeploymentPrepare Your Remote HostsRemote Control PlaneKubernetes Prepare ClusterExternal Database DeploymentKubernetes iofogctlSetup Your AgentsAirgap Deployment
Securing ClusterRolesRole BindingsCertificates ManagerNATs Account RuleNATs User RuleNATs JWT Authentication
IntroductionAgent ConfigurationAttach/DetachVolumesDocker Image PruningUpgrade/Rollback
IntroductionApplication TemplatesMicroservice Lifecycle ManagementMicroservice LogsMicroservice Move/RenameMicroservice Registry Catalog
YAML KindsControl PlaneAgentApplicationApplication TemplateRegistryCatalogOfflineImageSecretCertificateConfigMapVolumeMountServiceRoleRoleBindingNatsAccountRuleNatsUserRule
ECN Viewer
OverviewConfigurationREST API
OverviewCLI UsageLocal APIConfigurationAgent Logs
HALREST Blue
GuidelinesCode of Conduct

Airgap Deployment

This page describes how to deploy and run Eclipse ioFog in air-gapped or restricted networks where Remote ControlPlane Controllers or Agents hosts cannot access the internet (or container registries) directly.

Overview

iofogctl allows users to deploy container images to edge nodes that cannot access the internet for pulling images.

Remote ControlPlane

---
apiVersion: iofog.org/v3
kind: ControlPlane
metadata:
  name: remote
spec:
  iofogUser:
    name: Foo
    surname: Bar
    email: mail@example.com
    password:
  airgap: true   
  controllers:
  - name: remote-1
      host: 10.0.23.66
      ssh:
       user: admin
       keyFile: ~/.ssh/id_rsa
    # logLevel:
    # https:
    #   enabled: true
    #   caCert:
    #   tlsCert:
    #   tlsKey:
    # scripts:
    #   dir: /path-to-custom-scripts-dir
    #   deps:
    #     entrypoint: install_container_engine.sh
    #     args: []
    #   setEnv:
    #     entrypoint: set_env.sh
    #     args: []
    #   install:
    #     entrypoint: install_iofog.sh
    #     args:
    #       - ghcr.io/eclipse-iofog/controller:3.7.3
    #   uninstall:
    #     entrypoint: uninstall_iofog.sh
    systemAgent:
      # scripts:
      #   dir: /path-to-custom-scripts-dir
      #   deps:
      #     entrypoint: install_container_engine.sh
      #     args: []
      #   install:
      #     entrypoint: install_iofog.sh
      #     args:
      #       - ghcr.io/eclipse-iofog/agent:3.7.0
      #   uninstall:
      #     entrypoint: uninstall_iofog.sh
      #     args: []
      # config:
      #   deploymentType: container
      #   containerEngine: docker
      package:
        container:
          image: ghcr.io/eclipse-iofog/agent:3.7.0
      config:
        deploymentType: container
        containerEngine: docker
        agentType: x86
        host: 192.168.139.148
  nats:
    enabled: true
  systemMicroservices:
    router:
      x86: ghcr.io/eclipse-iofog/router:3.7.0
      arm: ghcr.io/eclipse-iofog/router:3.7.0
    nats:
      x86: ghcr.io/eclipse-iofog/nats:2.12.4
      arm: ghcr.io/eclipse-iofog/nats:2.12.4
  auth:
    url: 
    realm: 
    ssl: "none"
    realmKey:
    controllerClient: pot-controller
    controllerSecret: ""
    viewerClient: ecn-viewer

You only need to set spec.airgap: true. iofogctl will download both Controller, Agent, Router, NATs, Debugger images and send them to the remote host over ssh and load the images on the remote host.

You must set system agent spec.systemAgent.config.agentType and spec.systemAgent.config.containerEngine, so iofogctl would know which image it needs to pull and send to the remote host.

You can check default airgap controller installation scripts Default AirGap Controller Installation Scripts.

You can check default airgap system agent installation scripts Default AirGap Agent Installation Scripts.

If you would like to customize installation scripts you can download and update them so iofogctlwould you your custom installation scripts.

Remote Agents

---
apiVersion: iofog.org/v3
kind: Agent
metadata:
  name: foo
spec:
  host: 192.168.139.148
  ssh:
    user: foo
    keyFile:  ~/.ssh/id_rsa
    port: 22
  airgap: true  
  package:
    container:
      image: ghcr.io/eclipse-iofog/agent:3.7.0
  config:
    deploymentType: container
    containerEngine: docker
    agentType: arm
  # scripts:
  #   dir: <path-to-script-dir>
  #   deps:
  #     entrypoint: install_deps.sh
  #   install:
  #     entrypoint: install_iofog.sh
  #     args:
  #       - ghcr.io/eclipse-iofog/agent:3.7.0
  #   uninstall:
  #     entrypoint: uninstall_iofog.sh

You only need to set spec.airgap: true. iofogctl will download both Agent, Router, NATs, Debugger images and send them to the remote host over ssh and load the images on the remote host.

You must set system agent spec.config.agentType and spec.config.containerEngine, so iofogctl would know which image it needs to pull and send to the remote host.

You can check default airgap system agent installation scripts Default AirGap Agent Installation Scripts.

If you would like to customize installation scripts you can download and update them so iofogctlwould you your custom installation scripts.

OfflineImage for microservices

OfflineImage is the main mechanism for getting container images onto Agents that cannot pull from the internet:

  1. On a machine that has registry access (and iofogctl), define an OfflineImage YAML with the image tags and the list of Agent names.
  2. Run iofogctl deploy -f offline-image.yaml. iofogctl pulls the images locally, transfers them to each Agent via SSH, and loads them into the container runtime on the Agent. Catalog items are created with registry from_cache so applications can reference these images.
  3. Use flags such as --no-cache and --transfer-pool as needed (see OfflineImage reference).

This flow avoids any need for the Agent to reach a registry; all image data is pushed from the machine running iofogctl to the Agents over SSH.

For OfflineImage YAML and CLI flags, see OfflineImage YAML Specification. For general deployment paths, see Platform Deployment Introduction.