{"id":73428,"date":"2025-08-26T23:21:20","date_gmt":"2025-08-26T17:51:20","guid":{"rendered":"https:\/\/www.tothenew.com\/blog\/?p=73428"},"modified":"2025-09-05T15:51:17","modified_gmt":"2025-09-05T10:21:17","slug":"bringing-cloud-native-power-on-prem-deploying-the-mirantis-ecosystem-in-samsungs-highly-isolated-environment","status":"publish","type":"post","link":"https:\/\/www.tothenew.com\/blog\/bringing-cloud-native-power-on-prem-deploying-the-mirantis-ecosystem-in-samsungs-highly-isolated-environment\/","title":{"rendered":"Bringing Cloud-Native Power On-Prem: Deploying the Mirantis Ecosystem in Samsung\u2019s Highly Isolated Environment."},"content":{"rendered":"

Introduction<\/h2>\n

In today\u2019s enterprise IT world, container orchestration often feels like magic. It takes a bunch of servers and makes them behave like a single, well-oiled machine. But what happens when you don\u2019t have the cloud at all?<\/p>\n

That was exactly the challenge we faced: building a production-grade Kubernetes platform inside Samsung\u2019s fully air-gapped, on-premises environment.<\/p>\n

As a DevOps engineer, I knew this wasn\u2019t just about spinning up infrastructure\u2014it was about proving that our cloud-native philosophy could still thrive without internet access. We wanted a setup that was reliable, secure, and scalable, entirely on-premises. That\u2019s when the Mirantis ecosystem came into play. With Mirantis Kubernetes Engine (MKE), Mirantis Secure Registry (MSR), Mirantis Container Runtime (MCR), and MinIO for storage, we stitched together a complete, enterprise-ready solution.<\/p>\n

Why Mirantis?<\/h2>\n

We didn\u2019t choose Mirantis on a whim. In a world with no AWS, no GCP, and no Azure, we needed a stack that could stand tall on its own. Something that gave us:
\n\u2022 Fully integrated Kubernetes orchestration
\n\u2022 Reliable and controlled image storage
\n\u2022 A production-grade runtime<\/p>\n

And most importantly, something that didn\u2019t need to \u201cphone home\u201d to the cloud.<\/p>\n

MKE, MSR and MCR satisfied all of these needs and most importantly satisfied them without any global communication.<\/p>\n

With MKE, you get production-grade Kubernetes orchestration with high availability and security built in.<\/p>\n

MSR is a reliable and scalable registry that integrates closely with MKE, with full control of image manipulation.<\/p>\n

MCR is a secured variant of the Docker engine, providing the runtime compatibility and performance required.<\/p>\n

To round out this stack, we placed MinIO for object storage\u2014a high-performance, S3-compatible file storage locally for logs, backups, and app-level assets.<\/p>\n

Preparing in an Isolated System<\/h3>\n

Here\u2019s where things got tricky. In a cloud-connected world, deploying Kubernetes is as simple as a few commands. In an air-gapped setup? Not so much.<\/p>\n

We had to rethink our entire approach. On an internet-connected machine, we downloaded all the required packages\u2014MKE, MSR, MCR, supporting files, container images, and tools. Once we had everything, we bundled it neatly, validated it, and made sure every single dependency was in place.<\/p>\n

Then came the fun part\u2014moving it into the isolated network. With the Samsung infra team, we sometimes used secure USB drives, and other times a temporarily authorized internal portal. It wasn\u2019t glamorous, but it worked. And the best part? Once the files were inside, we had complete control.<\/p>\n

We followed a well-defined, strict installation order:<\/h4>\n

1. Install MCR as the container runtime.
\n2. Deploy MKE to orchestrate the cluster and establish the control plane.
\n3. Use MKE\u2019s master nodes to install MSR for centralised image management.
\n4. Deploy MinIO as distributed object storage for the Kubernetes cluster.<\/p>\n

How We Set Things Up.<\/h2>\n

We created an easy-to-follow hierarchy in case of set-up error – (Posting checklist)<\/p>\n

MCR was the first thing to go in, which would be our container runtime.<\/p>\n

Imported MKE \u2013 that covered cluster management and the control plane.<\/p>\n

We leveraged MKE\u2019s master nodes to inject MSR \u2014 this gave us one place to manage all of our container images.<\/p>\n

Added MinIO, this was my object storage for logs, backups and app data.<\/p>\n

This step-by-step approach convinced us that the setup was stable and could run without requiring the internet.<\/p>\n

Production Architecture and Node Topology<\/h3>\n

So what does high availability and easy scalability look like in our production setup?<\/p>\n

\u2022 3 MKE Manager Nodes\u2013 to ensure the control plane is up all the time.<\/p>\n

\u2022 5 Worker Nodes (with all applications executed).<\/p>\n

\u2022 3 MSR Nodes \u2013 this was for ensuring the registry had backups and could scale when necessary.<\/p>\n

\u2022 1 MinIO Cluster \u2013 providing scalable, high-performance object storage.<\/p>\n

I think this was a good tradeoff between performance and security. When a node failed, MKE\u2019s self-healing resolved any issues relatively quickly and with little to no effect.<\/p>\n

 <\/p>\n

Mirantis Node Management UI.<\/strong><\/p>\n

\"MKE\"<\/p>\n

 <\/p>\n

Mirantis Secure Registry (MSR) UI.<\/h2>\n
\"MSR

MSR REPOSITORY<\/p><\/div>\n

UI & Observability<\/h2>\n

One of the coolest things about Mirantis, are the web dashboards for MKE and MSR. These made it easy to:<\/p>\n

\u2022 Monitor the health of clusters and logs for pods.<\/p>\n

\u2022 View CPU, memory and disk usage per node.<\/p>\n

\u2022 Work with namespaces, roles and deployments, without any CLI required.<\/p>\n

For such a teammates who wasn\u2019t confident of using CLI to do all these, this helped.<\/p>\n

 <\/p>\n

MKE Cluster Overview UI<\/strong><\/p>\n

\"MKE\"

MKE<\/p><\/div>\n

Documentation Experience<\/h2>\n

There is another reason why this deployment was smooth is Mirantis documentation. The guides were:<\/p>\n

\u2022 Clear and simple to follow.<\/p>\n

\u2022 Full of working examples.<\/p>\n

\u2022 Updated regularly.<\/p>\n

Despite our unique case (air-gapped system), the docs met our needs for installation, ha design, image processing, and best practices.<\/p>\n

Outcome and Takeaways<\/span><\/h3>\n

Combining MKE, MSR, MCR, and MinIO, we were able to provide fully cloud-agnostic, production-grade Kubernetes deployment\u2014100% self-sufficient and fine-tuned for a specific use case. Once setup, the cluster would not be dependent upon the Internet for updates, images, or any post-install activity. It was all in the network.<\/p>\n

Now, all the applications are secured and running in their own cluster, running all container images locally versioned through MSR. MinIO is the internal object storage layer for applications and backup. Codes for dashboards and monitoring allow examining workloads, resource usage, and node health in real time, offering smoother and more predictable operations.<\/p>\n

The last setup finds the optimum balance\u2014security, flexibility and control, which is exactly how it should be in a restricted enterprise environment.<\/p>\n

Key Wins:<\/h3>\n

\u2022 Kubernetes in a 100% air-gapped environment<\/p>\n

\u2022 On-prem pipeline for images<\/p>\n

\u2022 High availability across services<\/p>\n

\u2022 Local object storage with MinIO<\/p>\n

\u2022 Easy management with web dashboards<\/p>\n

Conclusion<\/h2>\n

This journey demonstrated that running Kubernetes at an enterprise scale does not necessarily mean it must be in the cloud. With Mirantis, we developed a production-grade platform within a completely air-gapped environment \u2013 an achievement that many believed too complex and restrictive.<\/p>\n

MKE, MSR, MCR and MinIO are great because we got exactly what we wanted – security, scalability and reliability \u2013 all without having to depend on external connectivity. From image management to storage, everything remained local, and transactions proceeded in fast, secure operations.<\/p>\n

For enterprises in a similar bind, Mirantis does it again: demonstrates how cloud-native can still work on premises. It\u2019s not a mere end-run \u2014 it\u2019s evidence that agility and compliance can work hand in hand.<\/p>\n

In other words, Mirantis helped us bring the cloud home.<\/p>\n","protected":false},"excerpt":{"rendered":"

Introduction In today\u2019s enterprise IT world, container orchestration often feels like magic. It takes a bunch of servers and makes them behave like a single, well-oiled machine. But what happens when you don\u2019t have the cloud at all? That was exactly the challenge we faced: building a production-grade Kubernetes platform inside Samsung\u2019s fully air-gapped, on-premises […]<\/p>\n","protected":false},"author":1934,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":36},"categories":[2348],"tags":[7653,7644,7648,1892,7651,7647,7649,7643,6721,7642,7641,7639,7640,7645,7650,7646,7652],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/73428"}],"collection":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/users\/1934"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/comments?post=73428"}],"version-history":[{"count":7,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/73428\/revisions"}],"predecessor-version":[{"id":75675,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/73428\/revisions\/75675"}],"wp:attachment":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/media?parent=73428"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/categories?post=73428"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/tags?post=73428"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}