Transport OCM Component Versions
On this page
The section Add Component Version to CTF archive explained how to store component versions in a CTF archive.
During the transfer, it is possible to include component references as local blobs. It is also possible to include references in a recursive way.
Here is an example of a recursive transfer from one OCI registry to another, which includes resources and references:
ocm transfer componentversion --recursive --copy-resources ghcr.io/open-component-model/ocm//ocm.software/toi/demo/helmdemo:0.12.0 another-registry/
transferring version "ocm.software/toi/demo/helmdemo:0.12.0"...
transferring version "ocm.software/toi/installers/helminstaller:0.12.0"...
...resource 0 toiimage[ociImage](ocm.software/toi/installers/helminstaller/helminstaller:0.12.0)...
...resource 1 toiexecutor[toiExecutor]...
...adding component version...
...resource 0 package[toiPackage]...
...resource 1 chart[helmChart](ocm.software/toi/demo/helmdemo/echoserver:0.1.0)...
...resource 2 image[ociImage](google-containers/echoserver:1.10)...
...resource 3 config-example[yaml]...
...resource 4 creds-example[yaml]...
...adding component version...
2 versions transferred
The OCM CLI’s transfer
command can be used to transfer component versions, CTF archives, and artifacts. See ocm transfer -h
for more information.
More examples on the transport archive and the common transfer format (CTF) can be found in the ocm-spec.
Air gapped environment
Working with air-gapped environments requires careful preparation and a systematic approach to ensure all component dependencies are available offline. This section demonstrates how to prepare, transport, and deploy OCM components in secure, disconnected environments.
Inspect Component Structure
Begin by examining the component descriptor and its resolved references to understand the complete dependency tree:
ocm get resources ghcr.io/open-component-model/ocm//ocm.software/toi/demo/helmdemo:0.12.0 -r -otree
COMPONENT NAME VERSION IDENTITY TYPE RELATION
└─ ocm.software/toi/demo/helmdemo 0.12.0
├─ chart 0.12.0 helmChart local
├─ config-example 0.12.0 yaml local
├─ creds-example 0.12.0 yaml local
├─ image 1.0 ociImage external
├─ package 0.12.0 toiPackage local
└─ ocm.software/toi/installers/helminstaller installer 0.12.0
├─ toiexecutor 0.12.0 toiExecutor local
└─ toiimage 0.12.0 ociImage local
Create Offline Package
Download the complete component descriptor with all referenced resources as local blobs. This creates a self-contained package that includes all dependencies:
ocm transfer component ghcr.io/open-component-model/ocm//ocm.software/toi/demo/helmdemo:0.12.0 -r --copy-resources ./ctf-copy-resources
transferring version "ocm.software/toi/demo/helmdemo:0.12.0"...
transferring version "ocm.software/toi/installers/helminstaller:0.12.0"...
...resource 0 toiimage[ociImage](ocm.software/toi/installers/helminstaller/helminstaller:0.12.0)...
...resource 1 toiexecutor[toiExecutor]...
...adding component version...
...resource 0 package[toiPackage]...
...resource 1 chart[helmChart](ocm.software/toi/demo/helmdemo/echoserver:0.1.0)...
...resource 2 image[ociImage](google-containers/echoserver:1.10)...
...resource 3 config-example[yaml]...
...resource 4 creds-example[yaml]...
...adding component version...
2 versions transferred
Verify Package Integrity
Confirm that all resources have been successfully packaged and are available as local blobs:
du -shA ctf-copy-resources
106M ctf-copy-resources
ocm get resources ctf-copy-resources -o treewide
COMPONENT NAME VERSION IDENTITY TYPE RELATION ACCESS
├─ ocm.software/toi/demo/helmdemo 0.12.0
│ ├─ chart 0.12.0 helmChart local localBlob
│ ├─ config-example 0.12.0 yaml local localBlob
│ ├─ creds-example 0.12.0 yaml local localBlob
│ ├─ image 1.0 ociImage external localBlob
│ └─ package 0.12.0 toiPackage local localBlob
└─ ocm.software/toi/installers/helminstaller 0.12.0
├─ toiexecutor 0.12.0 toiExecutor local localBlob
└─ toiimage 0.12.0 ociImage local localBlob
Transport to Air-Gapped Environment
Copy the packaged OCM artifacts to your preferred portable storage medium for secure transport:
sudo cp -r ./ctf-copy-resources /media/....
Physical Transport Phase ✈️
Transport your portable storage device containing the OCM artefact to the air-gapped environment following your organization’s security protocols.
___
____/ \____
o "Here I come!" | ✈️ |
/|\_┌▓┐ |___________|
/ \ | |
___| |___
Deploy in Air-Gapped Environment
Transfer the OCM artifacts from your portable storage device to the air-gapped OCI registry:
ocm transfer ctf ./media/.../ctf-copy-resources $AIR_GAPPED_OCI_REGISTRY/...
Application Deployment
With all components now available in your air-gapped registry, you can proceed with deploying your applications via GitOps. The self-contained nature of the OCM package ensures reliable deployment without external dependencies.
🎉 SUCCESSFUL DEPLOYMENT IN AIR-GAPPED K8S CLUSTER 🎉
╔══════════════════════════════════════╗
║ AIR-GAPPED ENVIRONMENT ║
║ 🔒 SECURE � ║
╚══════════════════════════════════════╝
│
┌─────────────────────────────────────┐
│ KUBERNETES CLUSTER │
│ │
│ ┌─────┐ ┌─────┐ ┌─────┐ │
│ │ POD │ │ POD │ │ POD │ │
│ │ ⚙️ │ │ ⚙️ │ │ ⚙️ │ │
│ └─────┘ └─────┘ └─────┘ │
│ │ │ │ │
│ ┌──┴────────┴────────┴──┐ │
│ │ LEADER NODE │ │
│ │ 🎛️ │ │
│ └───────────────────────┘ │
│ │
│ ┌─────┐ ┌─────┐ ┌─────┐ │
│ │NODE1│ │NODE2│ │NODE3│ │
│ │ 🖥️ │ │ 🖥️ │ │ 🖥️ │ │
│ └─────┘ └─────┘ └─────┘ │
└─────────────────────────────────────┘
\o/ "DEPLOYMENT SUCCESSFUL!"
| "All pods are running!"
/ \ "Zero downtime achieved!"