Installing a cluster on {ibm-cloud-title} in a disconnected environment

In {product-title} {product-version}, you can install a cluster in a restricted network by creating an internal mirror of the installation release content that is accessible to an existing Virtual Private Cloud (VPC) on {ibm-cloud-name}.

Prerequisites

You reviewed details about the {product-title} installation and update processes.
You configured an {ibm-cloud-title} account to host the cluster.
You have a container image registry that is accessible to the internet and your restricted network. The container image registry should mirror the contents of the {product-registry} and contain the installation media. For more information, see Mirroring images for a disconnected installation by using the oc-mirror plugin v2.
You have an existing VPC on {ibm-cloud-name} that meets the following requirements:
- The VPC contains the mirror registry or has firewall rules or a peering connection to access the mirror registry that is hosted elsewhere.
- The VPC can access {ibm-cloud-name} service endpoints using a public endpoint. If network restrictions limit access to public service endpoints, evaluate those services for alternate endpoints that might be available. For more information see Access to IBM service endpoints.
You cannot use the VPC that the installation program provisions by default.
If you plan on configuring endpoint gateways to use {ibm-cloud-name} Virtual Private Endpoints, consider the following requirements:
- Endpoint gateway support is currently limited to the us-east and us-south regions.
- The VPC must allow traffic to and from the endpoint gateways. You can use the VPC’s default security group, or a new security group, to allow traffic on port 443. For more information, see Allowing endpoint gateway traffic.
If you use a firewall, you configured it to allow the sites that your cluster requires access to.
You configured the ccoctl utility before you installed the cluster. For more information, see Configuring IAM for {ibm-cloud-title}.