kubewarden · AkashKumar7902 · Apr 26, 2026
@@ -152,119 +152,6 @@ learn how to configure the `sources.yaml` file.
 
 :::
 
-## Install Kubewarden
-
-Now that your private registry has everything required you can install
-Kubewarden. The only difference to a standard Kubewarden installation is that
-you need to change the registry in the container images and policies to be the
-private registry.
-
-Install the Kubewarden stack:
-
-```shell
-helm install --wait -n kubewarden \
-  kubewarden-crds kubewarden-crds.tgz
-```
-
-```shell
-helm install --wait -n kubewarden \
-  kubewarden-controller kubewarden-controller.tgz \
-  --set global.cattle.systemDefaultRegistry=<REGISTRY.YOURDOMAIN.COM:PORT>
-```
-
-:::caution
-
-To use the Policy Reporter subchart available in the `kubewarden-controller`
-chart, you need to define other values specific for the subchart in an
-air-gapped environment. See an example below:
-
-```shell
-helm install --wait -n kubewarden kubewarden-controller kubewarden-controller.tgz \
-    --set global.cattle.systemDefaultRegistry=<REGISTRY.YOURDOMAIN.COM:PORT> \
-    --set auditScanner.policyReporter=true \
-    --set policy-reporter.image.registry=<REGISTRY.YOURDOMAIN.COM:PORT> \
-    --set policy-reporter.ui.image.registry=<REGISTRY.YOURDOMAIN.COM:PORT> \
-    --set policy-reporter.image.repository=kyverno/policy-reporter \
-    --set policy-reporter.ui.image.repository=kyverno/policy-reporter-ui
-```
-
-It's necessary to define `auditScanner.policyReporter` to enable the subchart
-and 4 more values to configure the registry and repository where you store the
-Policy Reporter images. For more information about the policy report subchart
-values, see [Policy Reporter
-documentation](https://kyverno.github.io/policy-reporter-docs/getting-started/helm.html).
-
-:::
-
-```shell
-helm install --wait -n kubewarden \
-  kubewarden-defaults kubewarden-defaults.tgz \
-  --set global.cattle.systemDefaultRegistry=<REGISTRY.YOURDOMAIN.COM:PORT>
-```
-
-:::caution
-
-To download the recommended policies installed by the `kubewarden-defaults`
-Helm Chart from a registry other than `global.cattle.systemDefaultRegistry`,
-use the `recommendedPolicies.defaultPoliciesRegistry` configuration.
-This configuration lets users specify a registry dedicated to pulling the OCI
-artifacts of the policies. It's particularly useful when their container image
-repository doesn't support OCI artifacts.
-
-To install and wait for the installation to complete, use the following
-command:
-
-```console
-helm install --wait -n kubewarden \
-  kubewarden-defaults kubewarden-defaults.tgz \
-  --set global.cattle.systemDefaultRegistry=<REGISTRY.YOURDOMAIN.COM:PORT> \
-  --set recommendedPolicies.defaultPoliciesRegistry=<REGISTRY.YOURDOMAIN.COM:PORT>
-```
-
-If the `recommendedPolicies.defaultPoliciesRegistry` configuration isn't set,
-you use `global.cattle.systemDefaultRegistry` as the default registry.
-
-:::
-
-Finally, you need to configure Policy Server to fetch policies from your
-private registry. See the [using private
-registry](../policy-servers/private-registry) section of the documentation.
-
-Now you can create Kubewarden policies in your cluster. Policies must be
-available in your private registry.
-
-```
-kubectl apply -f - <<EOF
-apiVersion: policies.kubewarden.io/v1
-kind: ClusterAdmissionPolicy
-metadata:
-  name: privileged-pods
-spec:
-  module: registry://<REGISTRY.YOURDOMAIN.COM:PORT>/kubewarden/policies/pod-privileged:v0.2.2
-  rules:
-  - apiGroups: [""]
-    apiVersions: ["v1"]
-    resources: ["pods"]
-    operations:
-    - CREATE
-  mutating: false
-EOF
-```
-
-:::caution
-
-`PolicyServer` resources must use the image available in your private registry.
-For example:
-
-```yaml
-apiVersion: policies.kubewarden.io/v1
-kind: PolicyServer
-metadata:
-  name: reserved-instance-for-tenant-a
-spec:
-  image: <REGISTRY.YOURDOMAIN.COM:PORT>/kubewarden/policy-server:v1.3.0
-  replicas: 2
-  serviceAccountName: sa
-```
-
-:::
+After loading the images and policies into your private registry, continue with
+[installing and configuring Kubewarden from the private
+registry](./install-configure).
@@ -125,91 +125,6 @@ This starts a registry at the `localhost:5000` address. From this point,
 you can use other commands like Skopeo to copy all the container images, policy
 modules and Helm charts used by Kubewarden into your private registry.
 
-## Install Kubewarden
-
-Now that your private registry is complete, you can install Kubewarden. The
-difference from a standard Kubewarden installation is that you need to change
-the registry referenced in the container images and policies to be the private
-registry. Additionally, the Helm charts must be installed from OCI artifacts.
-
-Install the Kubewarden stack:
-
-```shell
-helm install --wait -n kubewarden kubewarden-crds --create-namespace \
-    oci://<REGISTRY.YOURDOMAIN.COM:PORT>/hauler/kubewarden-crds
-helm install --wait -n kubewarden kubewarden-controller \
-    --set "global.cattle.systemDefaultRegistry=<REGISTRY.YOURDOMAIN.COM:PORT>" \
-    oci://<REGISTRY.YOURDOMAIN.COM:PORT>/hauler/kubewarden-controller
-```
-
-:::caution
-
-To use the PolicyReporter sub-chart available in the `kubewarden-controller`
-chart you need to define other values specific for the sub-chart in an
-air-gapped environment. See an example below:
-
-```shell
-helm install --wait -n kubewarden kubewarden-controller oci://<REGISTRY.YOURDOMAIN.COM:PORT>/hauler/kubewarden-controller \
-    --set global.cattle.systemDefaultRegistry=<REGISTRY.YOURDOMAIN.COM:PORT> \
-    --set auditScanner.policyReporter=true \
-    --set policy-reporter.image.registry=<REGISTRY.YOURDOMAIN.COM:PORT> \
-    --set policy-reporter.image.repository=kyverno/policy-reporter \
-    --set policy-reporter.ui.image.registry=<REGISTRY.YOURDOMAIN.COM:PORT> \
-    --set policy-reporter.ui.image.repository=kyverno/policy-reporter-ui
-```
-
-It's necessary to define `auditScanner.policyReporter` and four other values to
-enable the sub-chart and to configure the registry and repository with the
-location of the Policy Reporter image store. For more information about the
-policy report sub-chart values, refer to [Policy Reporter
-documentation](https://kyverno.github.io/policy-reporter-docs/getting-started/helm.html).
-
-:::
-
-```shell
-helm install --wait -n kubewarden \
-  kubewarden-defaults oci://<REGISTRY.YOURDOMAIN.COM:PORT>/hauler/kubewarden-defaults \
-  --set global.cattle.systemDefaultRegistry=<REGISTRY.YOURDOMAIN.COM:PORT>
-```
-
-Finally, configure each Policy Server to fetch policies from your private
-registry. See the [using private registry](../policy-servers/private-registry)
-section of the documentation.
-
-Now create Kubewarden policies in your cluster. Policies must be available in
-your private registry.
-
-```
-kubectl apply -f - <<EOF
-apiVersion: policies.kubewarden.io/v1
-kind: ClusterAdmissionPolicy
-metadata:
-  name: privileged-pods
-spec:
-  module: registry://<REGISTRY.YOURDOMAIN.COM:PORT>/kubewarden/policies/pod-privileged:v0.2.2
-  rules:
-  - apiGroups: [""]
-    apiVersions: ["v1"]
-    resources: ["pods"]
-    operations:
-    - CREATE
-  mutating: false
-EOF
-```
-
-:::caution
-`PolicyServer` resources must use the image available in your private registry.
-For example:
-
-```yaml
-apiVersion: policies.kubewarden.io/v1
-kind: PolicyServer
-metadata:
-  name: reserved-instance-for-tenant-a
-spec:
-  image: <REGISTRY.YOURDOMAIN.COM:PORT>/kubewarden/policy-server:v1.3.0
-  replicas: 2
-  serviceAccountName: sa
-```
-
-:::
+After copying the Hauler store into your private registry, continue with
+[installing and configuring Kubewarden from the private
+registry](./install-configure).