Deploying OpenShift On-Premises | Air-Gapped Kubernetes Setup

Client

The client operates in the medical industry and delivers software used in highly regulated environments. Their end customer was a government organization, which required the entire platform to be deployed on-premises in a fully air-gapped environment with no external network access.

Due to regulatory and security requirements, the solution had to comply with strict isolation, controlled software supply chains, and auditable deployment procedures. The client required external expertise to design and deploy a secure OpenShift platform capable of running their application reliably under these constraints.

Challenge

Deployments in medical and government environments introduce challenges beyond standard Kubernetes installations.

The OpenShift cluster had to operate in a fully air-gapped setup, meaning no direct access to public container registries, software repositories, or external services. All dependencies, container images, and updates needed to be mirrored and validated in advance.

Additional challenges included:

• Meeting strict security and compliance requirements
• Delivering the solution under a tight deadline
• Coordinating multiple vendors involved in the solution
• Working with local IT teams across different physical locations
• Ensuring cluster networking and storage were correctly configured for on-premises infrastructure

The deployment needed to be reliable, repeatable, and auditable.

Work Done

The engagement covered both platform-level OpenShift configuration and application deployment.

1. Air-Gapped OpenShift Cluster Configuration
   Configured a fully isolated OpenShift cluster, including offline installation procedures, internal image registries, and secure handling of container images and dependencies.

2. Networking & Storage Setup
   Worked with local infrastructure teams to configure cluster networking and persistent storage suitable for on-premises environments, ensuring reliability and performance.

3. Architecture & Vendor Coordination
   Participated in architectural discussions with other vendors to align deployment assumptions, responsibilities, and integration points.

4. Application Deployment
   Deployed the client’s application onto the OpenShift cluster, validating correct operation in an air-gapped environment.

5. Developer Support & Kustomize Adjustments
   Assisted development teams in modifying Kustomize deployment manifests to work correctly within OpenShift and air-gapped constraints.

Air-Gapped OpenShift Considerations

Deploying OpenShift in an air-gapped environment introduces unique operational challenges.

Key considerations included:

• Mirroring container images and operators into internal registries
• Managing software updates without direct internet access
• Validating image integrity and supply chain security
• Ensuring cluster upgrades could be performed safely and predictably
• Designing deployment processes that were fully repeatable and auditable

Addressing these factors early was critical to ensuring long-term maintainability and compliance.

Results & Outcome

The OpenShift platform was successfully deployed on-premises in a fully air-gapped configuration, meeting all security and operational requirements.

• Delivered a production-ready OpenShift cluster suitable for medical and government use
• Enabled secure application deployment in an isolated environment
• Met tight delivery timelines despite infrastructure and coordination constraints
• Provided developers with a working deployment model compatible with OpenShift and Kustomize
• Established a foundation for future updates and maintenance in a controlled environment

Key Takeaways

• Air-gapped Kubernetes deployments require careful planning of software supply chains
• OpenShift provides strong tooling for regulated, on-premises environments
• Collaboration between vendors and local IT teams is critical for success
• Deployment automation and clear processes reduce risk in high-security environments