Offline/cached updates for K8S apps and/or Helm charts

Good day,

Is there a means (either via a native K8S feature or some apps/hacks/etc. that run on top of K8S) to provide updated applications (i.e. via Helm charts) using an “offline/network installer” method?

For example, let’s consider a simple app I deploy via a Helm chart. This provides the necessary YAML file(s), which indicate with Docker container(s) need to be pulled from a private Docker Registry server/instance. The cluster I’m using (for specific testing reasons) must sometimes go offline for days at a time (i.e. typically isn’t connected to the internet), but we need to pull software updates (i.e. updated Helm charts) regularly, as the beta software I’m testing has bug fixes on a daily basis.

Due to policy reasons, I’m not permitted to connect the K8S cluster (kubeadm-based) to the internet often. I’m trying to find a way to pull a Helm chart, plus the associated Docker containers/images, put it on a USB thumb drive, copy the files to some location on the K8S master, and instruct it to do a normal “helm update” operation, but fall back to retrieving the updates (plus container) from local storage (i.e. a pre-determined location on disk).

Is there some de-facto/“best” way to accomplish this? I have a rough idea how I could fake-out the Helm chart updates, but I haven’t figured out how to fake-out the Docker container/image deployment step. I could manually deploy the image, but the Helm-chart-update stage is still going to try and use the “real” URL to the container, not the localhost-copy.

So far, this is the only relevant document/example I could find on the topic:

Update: tracking in Slack:

If you have the image locally on each node, I think you can just do docker tag (or something like that) and then, if the pull policy of the pod is to only when needed, it will just use the local image.

Another option is to use a very easy sed expression to modify the registry where it pulls

Will any of that work for you?