When internet access is prohibited in or unavailable to your organization, you can deploy ArcGIS Enterprise on Kubernetes in a disconnected environment. To do so, you must create your organization's container registry, use registry tools to populate your container images, and configure the organization to use local resources.
Prepare for deployment
Before deploying ArcGIS Enterprise on Kubernetes for disconnected use, review the system requirements and steps to plan for deployment, then prepare your organization's container registry. To prepare your registry, you must have access to each of the following:
- Internet access to obtain container images
- Credentials for the Esri Docker Hub repository
- Credentials for read and write access to your organization's container registry
- Docker Engine
- A storage device with 200 GB of free disk space to store downloaded images
Note:
If you want to use horizontal pod autoscaling, ensure your registry has the appropriate images.
Deploy
After you've uploaded images to your container registry, run the deployment script to deploy ArcGIS Enterprise on Kubernetes. The deployment script is interactive and prompts you for several parameters.
Note:
When specifying the registry host, you must specify the details for your container registry.Configure the organization
After you've run the deployment script, follow the steps to create an organization. These steps are the same for organizations with and without internet access.
Download and import the version manifest
By default, ArcGIS Enterprise Administrator API uses a well-known URL to detect when container image updates are available. When your Kubernetes cluster is not connected to the internet, you must download this file and import it into your organization.
Use the create-offline-manifest.sh script to first download the Esri-published version manifest file and import it into your organization. Internet access is required when downloading the version manifest file.
- On your Kubernetes client machine, open a terminal.
- Change directories to the setup/tools/registry-tools directory.
- In the terminal, run the create-offline-manifest.sh script using the following command format:
./create-offline-manifest.sh -d /path/to/download/directory - Once the download is complete, run the create-offline-manifest.sh script again using the following command format to import the version manifest file into your organization:
./create-offline-manifest.sh -i </path/to/download/directory/manifest.dat> -u <username> -p <password> -a https://organization.example.com/context- If you created an organization using the configure.sh script, perform the following command:
./create-offline-manifest.sh -i </path/to/download/directory/manifest.dat> -f ../configure/configure.properties
- If you created an organization using the configure.sh script, perform the following command:
Once the version manifest has been imported, you have completed the deployment steps. Next, you will configure the organization to use local resources where applicable.
Note:
To check that the version manifest has been imported, you can run the following command:kubectl get secret arcgis-version-manifest -n <namespace>
Configure local resources
When the organization is disconnected from the internet, configure the organization to use local services and resources where applicable.
Configure custom basemaps
The organization is preconfigured with a collection of basemaps from ArcGIS Online. These basemaps are not supported for use in a disconnected environment. Instead, create your own custom basemaps and configure the organization to offer these basemaps in the basemap gallery.
See Customize basemaps for details on creating and configuring custom basemaps in your organization.
Configure utility services
By default, utility services are configured to use those from ArcGIS Online. To learn how to update the utility services to point to your own local services, see Configure utility services.
ArcGIS Living Atlas of the World content
ArcGIS Living Atlas of the World is a collection of ready-to-use geographic content available from ArcGIS Online. It is not supported in disconnected environments. To disable ArcGIS Living Atlas of the World content, see steps to disable or adjust other ArcGIS Online resources.
Disable external content
Because some Esri content requires external access to the internet, you must disable the content to prevent requests to ArcGIS Online resources. When you disable the content, a specific group of items is disabled:
- All content, including basemap items, owned by "esri_[lang]" that contains URLs to external sites. The items disabled will depend on the content languages enabled for your organization.
- All content owned by "esri" that contains URLs to external sites.
- All content owned by "esri_apps" that contains URLs to external sites.
To disable external content, complete the following steps:
- Sign in to the ArcGIS Enterprise Administrator API.
The URL is in the format https://organization.example.com/context/admin.
- Click System > Content > External Content > Update.
- Set Enable External Content to False.
- Click Update.
Once external content has been disabled, items that contain URLs to external sites will not be discoverable or returned in search results.
Disable or adjust other ArcGIS Online sources
Some functionality in the organization has been preconfigured to use services or content from ArcGIS Online. When working in disconnected environments, you can disable these services and content by adjusting the organization properties. Example properties include the following:
extentService: "<URL to local map service>",—The extent service is used to update or set the extent of a web map item on the Set Extent dialog box in the organization. By default, the extent service originates from ArcGIS Online. In a disconnected environment, you must configure your organization with a GIS Server tiled map service. The service must use the WGS84 geographic coordinate system with well-known ID (WKID) 4326.
gcsBasemapService: "<URL to local map service>",—The GCS basemap service is used as the basemap for OGC WMS services that do not support the Web Mercator coordinate system. By default, the GCS basemap service originates from ArcGIS Online. In a disconnected environment, you must configure your organization with a GIS Server map service. The service must use the WGS84 geographic coordinate system with well-known ID (WKID) 4326.
configurePortalAGOEnv: "www.arcgis.com",—Used to determine the proxy used for configured utility services. The default proxy for configured utility services is www.arcgis.com. In a disconnected environment, set this property to false.
portalAGOConfigEnabled: true,—Controls the display of the ArcGIS Online tab in the organization's Settings page. In a disconnected environment, set this property to false.
portalLivingAtlasConfigEnabled: true,—Together with the portalAGOConfigEnabled property, this property controls the display of the Configure Living Atlas Content section on the ArcGIS Online tab in the organization's Settings page. In a disconnected environment, set this property to false.
searchArcGISOnlineEnabled: true,—With this property, you can disable the option in Map Viewer Classic to search for layers in ArcGIS Online. The default is true. When disabled, the option to search for layers in ArcGIS Online is hidden from the Search for Layers dialog box in Map Viewer Classic. In a disconnected environment, set this property to false.
To learn more about the properties you can modify, see the Sharing API documentation and follow the steps to set advanced portal options.
Upgrade or update
When a software update or upgrade is available, you must do the following:
- Prepare your organization's container registry with the container images from Esri.
- Download the manifest from Esri and upload it into your organization. This will ensure ArcGIS Enterprise can discover new updates or upgrades that are available.
- Apply the update or upgrade to your organization.