MOSIP COTs and component Deployment on our Bench, does it require Internet

Dear Team,

We are planning to deploy MOSIP COTs and components on our Private cloud where we don’t have access to internet.

Would like to understand do I need to have Internet on my environment to deploy MOSIP by using provided Ansible scripts or I can do without it.

Regards
Paras Kaushik

hi Paras_Kaushik

Thank you for reaching out. Our team will review your query regarding MOSIP deployment and reach out shortly with the required guidance.

Regards,
Mrudula
on behalf of Team MOSIP

Hi @Paras_Kaushik

Thank you for your query. To answer your question — yes, by default the MOSIP deployment scripts expect internet access, but an air-gapped (offline) deployment is achievable with the right preparation. Here’s what you need to account for:

What requires internet in a standard deployment:

• Pulling Docker images from Docker Hub / MOSIP’s container registry
• Fetching Helm charts from public Helm repositories
• Ansible roles downloading system packages (apt/yum), kubectl, helm, and other binaries
• Some COTS components (e.g., Keycloak) fetching plugins or themes at startup

To deploy on a fully private/air-gapped environment:

1. Mirror all Docker images to a private container registry (e.g., Harbor) accessible within your network, and update all values.yaml files to point to it.
2. Host Helm charts on a private chart repository and update your Ansible inventory accordingly.
3. Pre-cache OS packages or set up a local apt/yum mirror or proxy.
4. Pre-download all binaries (kubectl, helm, etc.) and make them available locally.
5. Review init containers — some MOSIP pods fetch configurations or certificates at startup and will need those sources to be available internally.

The Ansible scripts do not have a built-in offline mode, so these adjustments need to be made manually across the configuration files.

Thanks and Regards,
Chandra Keshav Mishra
Team MOSIP