Wipe Portworx in an airgapped cluster

When wiping Portworx in Kubernetes, a number of docker images are fetched from registries on the internet.

This topic explains how to load these images onto your nodes when they don’t have access to the standard registries on the internet.

Step 1: Download the wiper script

Click Download wiper script and save it any node which has kubectl access to your cluster.

Alternately, you can also use wget.

wget -O px-wipe.sh https://install.portworx.com/2.1/px-wipe

Step 2: Download the images that the wiper script will use

First let’s pull all the images required for the wipe process.

PX_IMGS="$PX_IMGS portworx/talisman:latest portworx/px-node-wiper:"
echo $PX_IMGS | xargs -n1 docker pull

Step 3: Push to local registry server, accessible by air-gapped nodes

This steps assumes your cluster nodes have access to a custom/private registry.

  1. Export your registry location:


    Note that the registry location can be:

    • a registry and its port:
    export REGISTRY=myregistry.net:5443


    • it could include your own repository:
    export REGISTRY=_myregistry.net:5443/px-images
  2. Push the images to the registry:

    # Trim trailing slashes:
    # re-tag and push into custom/local registry defined previously
    # Check if using custom registry+repository (e.g. `REGISTRY=myregistry.net:5443/px-images`)
    # or just the registry (e.g. `REGISTRY=myregistry.net:5443`)
    echo $REGISTRY | grep -q /
    if [ $? -eq 0 ]; then
        # registry + repo are used -- we'll strip original image repositories
        for i in $PX_IMGS $PX_ENT; do tg="$REGISTRY/$(basename $i)" ; docker pull $i; docker tag $i $tg ; docker push $tg ; done
        # only registry used -- we'll keep original image repositories
        for i in $PX_IMGS $PX_ENT; do tg="$REGISTRY/$i" ; docker pull $i; docker tag $i $tg ; docker push $tg ; done

Now that you have the images in your registry, continue with Step 4: Run the wiper script.

Step 4: Run the wiper script

First let’s figure out the image names and tags for our private registry.

Below we are simply prefixing the actual image names with the custom/private registry.

Below commands use the REGISTRY variable. Ensure it’s still exported on the terminal you run the below commands by using echo $REGISTRY.
export WIPER_IMAGE=$REGISTRY/portworx/px-node-wiper
export TALISMAN_IMAGE=$REGISTRY/portworx/talisman

Now let’s run the wiper script we downloaded previously from any node that has kubectl access.

chmod +x px-wipe.sh
./px-wipe.sh -I $TALISMAN_IMAGE -wi $WIPER_IMAGE

Last edited: Friday, Apr 24, 2020