public/rancher-docs
1
0
Fork 0
mirror of https://github.com/rancher/rancher-docs.git synced 2026-05-22 21:05:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

removed references to bastion host

Browse Source
This commit is contained in:
Mark Bishop
2018-09-20 10:48:04 -07:00
parent bb3c98f726
commit 0954d63f87
2 changed files with 33 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files
content/rancher/v2.x/en/installation/air-gap-installation/install-rancher/_index.md
+32 -70
View File
@@ -28,100 +28,60 @@ docker run -d --restart=unless-stopped \
<registry.yourdomain.com:port>/rancher/rancher:latest
```
>**Note:** If you want to skip [3—Configuring Rancher for the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/config-rancher-for-private-reg/) later, you can complete it now by setting the environment variable `CATTLE_SYSTEM_DEFAULT_REGISTRY`.
>
> Example:
> ```
docker run -d --restart=unless-stopped \
-p 80:80 -p 443:443 \
-e CATTLE_SYSTEM_DEFAULT_REGISTRY=<registry.yourdomain.com:port> \
<registry.yourdomain.com:port>/rancher/rancher:v2.0.0
```
## High Availability Install
To install Rancher in a high availability configuration within an air gap environment, follow the instructions in [High Availability Install]({{< baseurl >}}/rancher/v2.x/en/installation/ha). Parts of the install where you must complete a special action for air gap are flagged with substitute steps, which are listed in the subheadings below.
### Add Private Registry to RKE YAML
When you get to [Create the rancher-cluster.yml File]({{< baseurl >}}/rancher/v2.x/en/installation/ha/kubernetes-rke/#create-the-rancher-cluster-yml-file), replace its code sample with the one below, which adds the `private registries` block:
When you get to [Create the rancher-cluster.yml File]({{< baseurl >}}/rancher/v2.x/en/installation/ha/kubernetes-rke/#create-the-rancher-cluster-yml-file), replace its code sample with the one below, which adds the `private registries` block. Replace each `address`, `internal_address`, and `url` with the with the address information for each of your hosts.
Replace values in the code sample according to the table below.
| Directive Replacement | Description |
| ----------------------- | --------------------------------------------------------------------- |
| `address` | The IP address for each of your air gap nodes outside of the cluster. |
| `internal address` | The IP address for each of your air gap nodes within the cluster. |
| `url` | The URL for your private registry. |
>**Note:** When declaring the `address` for each of your air gap nodes, use its external IP address.
```yaml
nodes:
- address: 18.222.121.187
internal_address: 172.31.7.22
- address: 18.222.121.187 # air gap node external IP
internal_address: 172.31.7.22 # air gap node internal IP
user: rancher
role: [ "controlplane", "etcd", "worker" ]
ssh_key_file: /home/user/.ssh/id_rsa
- address: 18.220.193.254
internal_address: 172.31.13.132
- address: 18.220.193.254 # air gap node external IP
internal_address: 172.31.13.132 # air gap node internal IP
user: rancher
role: [ "controlplane", "etcd", "worker" ]
ssh_key_file: /home/user/.ssh/id_rsa
- address: 13.59.83.89
internal_address: 172.31.3.216
- address: 13.59.83.89 # air gap node external IP
internal_address: 172.31.3.216 # air gap node internal IP
user: rancher
role: [ "controlplane", "etcd", "worker" ]
ssh_key_file: /home/user/.ssh/id_rsa
private_registries:
- url: my_registry.example.com
- url: my_registry.example.com # private registry url
user: rancher
password: "*********"
is_default: true
```
#### Optional: Run RKE Through Bastion Host
When setting up an air gap environment, it may be useful to run RKE through a [bastion host]({{< baseurl >}}/rke/v0.1.x/en/config-options/bastion-host/). This configuration can be helpful if you want to keep your RKE config (`rancher-cluster.yml`) or SSH keys on your local machine. Use of a bastion host requires it to be accessible from both the Internet and your air gap nodes over port 22.
**Port Requirements:**
| Port | Outgoing Host | Incoming Host |
| ------ | -------------- | ----------------- |
| 22 TCP | local RKE host | bastion host |
| 22 TCP | bastion host | each air gap node |
To enable running RKE through a bastion server, add the following sample to `rancher-cluster.yml`:
```yaml
bastion_host:
address: 18.224.54.35 # public IP of the bastion server
user: rancher
port: 22
ssh_key_path: /path/to/ssh/key
```
>**Note:** When declaring the `address` for each of your air gap nodes and bastion host, use its external IP address.
**Example in context:**
```yaml
bastion_host:
address: 18.224.54.35 # public IP of the bastion server
user: rancher
port: 22
ssh_key_path: /home/user/.ssh/id_rsa
nodes:
- address: 18.222.121.187
internal_address: 172.31.7.22
user: rancher
role: [ "controlplane", "etcd", "worker" ]
ssh_key_file: /home/user/.ssh/id_rsa
- address: 18.220.193.254
internal_address: 172.31.13.132
user: rancher
role: [ "controlplane", "etcd", "worker" ]
ssh_key_file: /home/user/.ssh/id_rsa
- address: 13.59.83.89
internal_address: 172.31.3.216
user: rancher
role: [ "controlplane", "etcd", "worker" ]
ssh_key_file: /home/user/.ssh/id_rsa
private_registries:
- url: my_registry.example.com
user: rancher
password: "*********"
is_default: true
```
After adding the bastion host to `rancher-cluster.yml`, running `rke up` provisions the Kubernetes cluster through the bastion server, and provides the resulting `kube_config`. However, it's important to note that as your nodes are not accessible by public IP, the machine from which you run `kubectl` in later steps must be able to access your air gapped nodes at the addresses provided. Due to this requirement, you may need to move the resulting `kube_config` after its creation.
### Initialize Helm Using Private Registry
When you get to [Helm Init]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-init/#helm-init), add your private registry in the step to initialize Helm, as shown below:
When you get to [Helm Init]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-init/#helm-init), add your private registry in the step to initialize Helm, as shown below. Replace `user-ag-2-registry.rancher.space` with your registry's hostname and domain.
```
helm init --service-account tiller \
@@ -130,7 +90,8 @@ helm init --service-account tiller \
### Install cert-manager Using Private Registry
When you get to [Install cert-manager]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/#install-cert-manager), replace the install commands provided with the one below:
When you get to [Install cert-manager]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/#install-cert-manager), replace the install commands provided with the one below. Replace `user-ag-2-registry.rancher.space` with your registry's hostname and domain.
```
helm install stable/cert-manager --name cert-manager --namespace kube-system \
@@ -139,9 +100,10 @@ helm install stable/cert-manager --name cert-manager --namespace kube-system \
### Install Rancher Using Private Registry
When you get to [Choose Your SSL Configuration]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/#choose-your-ssl-configuration), set your `hostname` and `rancherImage`, adding your private registry's URL, as shown below:
When you get to [Choose Your SSL Configuration]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/#choose-your-ssl-configuration), set your `hostname` and `rancherImage`, replacing `user-ag-2-registry.rancher.space` with your registry's hostname and domain.
```plain
```
helm install rancher-stable/rancher --name rancher --namespace cattle-system \
--set hostname=user-ag-2.rancher.space \
--set rancherImage=user-ag-2-registry.rancher.space/rancher/rancher
content/rancher/v2.x/en/installation/ha/kubernetes-rke/_index.md
+1 -1
View File
@@ -11,7 +11,7 @@ Using the sample below create the `rancher-cluster.yml` file. Replace the IP Add
> **Notes:**
>
>- Air Gap User? [Add a private registry section]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/#add-private-registry-to-rke-yaml) to the sample below. Optionally, if you want to run RKE through a bastion host you have set up, you can [add one]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/#optional-run-rke-through-bastion-host) to `rancher-cluster.yml`.
>- Air Gap User? [Add a private registry section]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/#add-private-registry-to-rke-yaml) to the sample below.
>- If your node has public and internal addresses, it is recommended to set the `internal_address:` so Kubernetes will use it for intra-cluster communication. Some services like AWS EC2 require setting the `internal_address:` if you want to use self-referencing security groups or firewalls.