Content Bundles¶
In an air-gapped deployment, all container images and Helm charts are delivered via content bundles -- compressed .zst files downloaded from Artifact Studio and uploaded to the Palette Management Appliance's internal registry.
What Are Content Bundles¶
Content bundles are compressed archives containing:
- Container images for all Palette packs (OS, K8s, CNI, CSI, add-ons)
- Helm charts for pack deployment
- Pack metadata for the Palette registry
When uploaded to the PMA, the bundles are extracted and their contents are pushed to the internal registry on port 30003. Cluster nodes then pull images from this registry during deployment.
Artifact Studio Login¶
| Field | Value |
|---|---|
| URL | https://artifact-studio.spectrocloud.com |
| Username | spectro |
| Password | mV715z##spPSJC |
Internet Required for Download
Artifact Studio requires internet access. Download the bundles on an internet-connected machine, then transfer them to the air-gapped environment via USB or approved file transfer.
Pack List¶
The following packs are included in the content bundles for the Toyota POC:
Infrastructure Packs¶
| Pack | Version | Type | Purpose |
|---|---|---|---|
| edge-native-byoi | 2.1.0 | OCI | Base OS layer (Ubuntu 24.04 with Kairos) |
| edge-k8s (PXKe) | 1.33.6 | OCI | Kubernetes distribution (kubeadm-based) |
| cni-cilium-oss | 1.18.4 | OCI | Container networking with eBPF dataplane |
Add-on Packs¶
| Pack | Version | Type | Purpose |
|---|---|---|---|
| lb-metallb-helm | 0.15.2 | OCI | Bare metal load balancer (L2 mode) |
| nginx | 1.14.1 | OCI | Ingress controller |
| prometheus-operator | 80.4.2 | OCI | Monitoring and alerting stack |
| virtual-machine-orchestrator | 4.8.9 | OCI | VM Orchestrator (KubeVirt-based) |
| vm-migration-assistant | 4.8.8 | OCI | VM migration tooling |
Download Process¶
- Log in to Artifact Studio
- Navigate to Install Palette Enterprise
- Select version 4.8.51
- Click Show Artifacts
- Download the Content Bundle (select "including Ubuntu")
- The download produces 9
.zstfiles
Bundle Files¶
The content bundle consists of 9 separate .zst compressed files:
| File | Approximate Size | Contents |
|---|---|---|
| Bundle 1 | Varies | Core Palette system images |
| Bundle 2 | Varies | Kubernetes distribution images |
| Bundle 3 | ~118 MB | Cilium CNI images and charts |
| Bundle 4 | Varies | Storage provider images |
| Bundle 5 | Varies | Monitoring stack images |
| Bundle 6 | Varies | VMO images and dependencies |
| Bundle 7 | Varies | VMA images |
| Bundle 8 | Varies | Ingress and load balancer images |
| Bundle 9 | Varies | Additional pack dependencies |
Bundle Sizes
Individual bundle sizes vary by version. The complete set for v4.8.51 is approximately 15-20 GB total. The Cilium bundle (118.4 MB) was the first successfully uploaded and verified during the 4/29 working session.
Upload Process¶
Step 1: Transfer to Air-Gap Environment¶
Transfer all 9 .zst files to a machine that can reach the PMA on port 5080. Common methods:
- USB drive (recommended for large files)
- Out-of-band file transfer
- IPMI virtual media (for smaller files)
Step 2: Upload via Local UI¶
- Access the PMA Local UI at
https://10.25.232.252:5080 - Navigate to Content --> Upload
- Select a
.zstfile and begin upload - Wait for upload and extraction to complete before uploading the next file
- Repeat for all 9
.zstfiles
graph LR
DL["Download from<br/>Artifact Studio"] --> XFER["Transfer to<br/>Air-Gap"]
XFER --> UP["Upload to PMA<br/>Local UI :5080"]
UP --> REG["Internal Registry<br/>:30003"]
REG --> NODES["Cluster Nodes<br/>Pull Images"]
style DL fill:#1F7A78,color:#fff
style XFER fill:#005B5B,color:#fff
style UP fill:#043736,color:#fff
style REG fill:#9EB277,color:#fff
style NODES fill:#1F7A78,color:#fffStep 3: Sync Pack Registry¶
After all bundles are uploaded:
- Log in to Palette System Console at
https://10.25.232.155/system - Navigate to Administration --> Pack Registries
- Click Sync to trigger a registry synchronization
- Wait for the sync to complete
Step 4: Verify Packs¶
After sync, verify all required packs are available:
- In the Palette tenant console, navigate to Profiles --> Create
- Confirm each pack from the Pack List appears in the pack selection UI
- Verify correct versions are available
Registry Architecture¶
graph TB
subgraph PMA["Palette Management Appliance"]
LUI["Local UI :5080<br/>(Upload endpoint)"]
STORE["Content Storage<br/>(500GB disk)"]
REG["Internal Registry<br/>:30003"]
end
ZST[".zst Content Bundles"] -->|Upload| LUI
LUI -->|Extract| STORE
STORE -->|Serve| REG
subgraph Cluster["Bare Metal Cluster"]
N1["Node 1"] -->|Pull| REG
N2["Node 2"] -->|Pull| REG
N3["Node 3"] -->|Pull| REG
endEdge Host Registry Configuration¶
Each bare-metal node is configured to pull images from the PMA internal registry. This is set in the user-data during ISO build:
stylus:
registryCredentials:
domain: "10.25.232.155:30003/spectro-content"
username: "admin"
password: "********"
insecure: false
Production Migration: Harbor¶
For production deployment beyond the POC, Toyota can migrate to their existing Harbor registry:
| Aspect | POC (Internal Registry) | Production (Harbor) |
|---|---|---|
| Registry | PMA built-in (:30003) | Dedicated Harbor instance |
| Image source | Content bundles (.zst) | Artifactory --> Harbor mirror |
| Scalability | Single PMA | Multi-node HA Harbor |
| RBAC | Basic | Full Harbor project/team RBAC |
| Scanning | None | Harbor vulnerability scanning |
| Integration | None | Existing CDC pipeline |
The migration path is straightforward:
- Deploy Harbor instance in the Toyota environment
- Mirror images from PMA internal registry to Harbor
- Update cluster profiles to point to Harbor endpoint
- Reconfigure edge host
registryCredentialsto use Harbor
POC Recommendation
Use the PMA internal registry for the POC to eliminate the Harbor/Artifactory dependency from the critical path. This was recommended during the 4/22 prep call and confirmed as the approach for the POC deployment.