From 0ff8b8470a20ffe6b094ccd3507a19aeec23bd99 Mon Sep 17 00:00:00 2001 From: Denise Schannon Date: Thu, 27 Sep 2018 15:03:24 -0700 Subject: [PATCH] air gap changes --- .../air-gap-installation/_index.md | 16 +- .../config-rancher-for-private-reg/_index.md | 14 +- .../install-rancher/_index.md | 33 +-- .../prepare-private-reg/_index.md | 208 +++++++++--------- .../en/installation/single-node/_index.md | 8 +- 5 files changed, 138 insertions(+), 141 deletions(-) diff --git a/content/rancher/v2.x/en/installation/air-gap-installation/_index.md b/content/rancher/v2.x/en/installation/air-gap-installation/_index.md index 72e3c5e9c57..4ef7ca1cabd 100644 --- a/content/rancher/v2.x/en/installation/air-gap-installation/_index.md +++ b/content/rancher/v2.x/en/installation/air-gap-installation/_index.md @@ -2,19 +2,21 @@ title: Air Gap Install weight: 300 --- -In environments where security is high priority, you can set up Rancher in an air gap configuration. Air gap installs are more secure than standard single-node or HA deployments because the network that runs Rancher is disconnected from the Internet, reducing your security surface area. +In environments where security is high priority, you can set up Rancher in an air gap configuration. Air gap installs are more secure than standard single-node or HA deployments because the network that runs Rancher is disconnected from the Internet, reducing your security surface area. ## Prerequisites -- Rancher supports air gap installs using a private registry. You must have your own private registry or other means of distributing docker images to your machine. If you need help with creating a private registry, please refer to the [Docker documentation](https://docs.docker.com/registry/). +- Rancher supports air gap installs using a private registry. You must have your own private registry or other means of distributing Docker images to your machine. If you need help with creating a private registry, please refer to the [Docker documentation](https://docs.docker.com/registry/). - For each Rancher [release](https://github.com/rancher/rancher/releases), we provide the Docker images and scripts needed to mirror those images to your own registry. The Docker images are used when nodes are added to a cluster, or when you enable features like pipelines or logging. + For each Rancher [release](https://github.com/rancher/rancher/releases), we provide the Docker images and scripts needed to mirror these images to your own registry. The Docker images are used when installing Rancher in a HA setup, when provisioning a cluster where Rancher is launching Kubernetes, or when you enable features like pipelines or logging. - **Installation Option:** Before beginning your air gap installation, choose whether you want ~~a~~ [single-node install]({{< baseurl >}}/rancher/v2.x/en/installation/single-node) or a [high availability install]({{< baseurl >}}/rancher/v2.x/en/installation/ha). View your chosen configuration's introduction notes along with Rancher's [node requirements]({{< baseurl >}}/rancher/v2.x/en/installation/requirements). ## Caveats -In Rancher v2.0.x, registries with authentication are not supported for installing from a private registry. The Docker images can only be pulled from a registry without authentication enabled. This limitation only applies to Docker images. +Any Rancher version prior to v2.1.0, registries with authentication are not supported when installing Rancher in HA or provisioning clusters, but after clusters are provisioned, registries with authentication can be used in the Kubernetes clusters. + +As of v2.1.0, registries with authentication work for installing Rancher as well as provisioning clusters. ## Air Gap Installation Outline @@ -22,7 +24,7 @@ While installing Rancher in an air gap configuration, you'll complete several di - [1—Preparing the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/prepare-private-reg/) - [2—Installing Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/) -- [3—Configuring Rancher for the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/config-rancher-for-private-reg/) +- [3—Configuring Rancher to default to the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/private-registry/) - -### [Next: Prepare the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/prepare-private-reg/) \ No newline at end of file + +### [Next: Prepare the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/prepare-private-reg/) diff --git a/content/rancher/v2.x/en/installation/air-gap-installation/config-rancher-for-private-reg/_index.md b/content/rancher/v2.x/en/installation/air-gap-installation/config-rancher-for-private-reg/_index.md index 4084d537d00..d661c1eae0f 100644 --- a/content/rancher/v2.x/en/installation/air-gap-installation/config-rancher-for-private-reg/_index.md +++ b/content/rancher/v2.x/en/installation/air-gap-installation/config-rancher-for-private-reg/_index.md @@ -4,20 +4,20 @@ weight: 75 draft: true --- -Rancher needs to be configured to use the private registry as source for the needed images. +Rancher needs to be configured to use the private registry in order to provision any [Rancher launched Kubernetes clusters]({{< baseurl >}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/) or [Rancher tools]({{< baseurl >}}/rancher/v2.x/en/tools/) . 1. Log into Rancher and configure the default admin password. 1. Go into the **Settings** view. - + ![Settings]({{< baseurl >}}/img/rancher/airgap/settings.png) 1. Look for the setting called `system-default-registry` and choose **Edit**. - + ![Edit]({{< baseurl >}}/img/rancher/airgap/edit-system-default-registry.png) 1. Change the value to your registry (e.g. `registry.yourdomain.com:port`). Do not prefix the registry with `http://` or `https://`. - + ![Save]({{< baseurl >}}/img/rancher/airgap/enter-system-default-registry.png) @@ -27,8 +27,6 @@ Rancher needs to be configured to use the private registry as source for the nee > ``` docker run -d --restart=unless-stopped \ -p 80:80 -p 443:443 \ - -e CATTLE_SYSTEM_DEFAULT_REGISTRY= \ - /rancher/rancher:v2.0.0 + -e CATTLE_SYSTEM_DEFAULT_REGISTRY= \ + /rancher/rancher: ``` - - diff --git a/content/rancher/v2.x/en/installation/air-gap-installation/install-rancher/_index.md b/content/rancher/v2.x/en/installation/air-gap-installation/install-rancher/_index.md index 3578650b56e..db53f2c02ed 100644 --- a/content/rancher/v2.x/en/installation/air-gap-installation/install-rancher/_index.md +++ b/content/rancher/v2.x/en/installation/air-gap-installation/install-rancher/_index.md @@ -4,7 +4,7 @@ weight: 50 draft: true --- -After your private registry is setup for your Rancher installation, complete that installation. Follow one of the procedures below based on the configuration in which you want to run Rancher. +After your private registry is set up for your Rancher installation, complete your installation. Follow one of the procedures below based on the configuration in which you want to run Rancher. @@ -19,22 +19,22 @@ To deploy Rancher on a single node in an air gap environment, follow the instruc ### Add Private Registry URL to Run Command -When you get to the section [Choose an SSL Option and Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/single-node/#2-choose-an-ssl-option-and-install-rancher), regardless of which install option you choose, prepend your Rancher image tag with your private registry URL (``), as shown in the example below. +When you get to the section [Choose an SSL Option and Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/single-node/#2-choose-an-ssl-option-and-install-rancher), regardless of which install option you choose, prepend your Rancher image tag with your private registry URL (``), as shown in the example below. ``` docker run -d --restart=unless-stopped \ -p 80:80 -p 443:443 \ - /rancher/rancher:latest + /rancher/rancher: ``` ->**Note:** If you want to skip [3—Configuring Rancher for the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/config-rancher-for-private-reg/) later, you can complete it now by setting the environment variable `CATTLE_SYSTEM_DEFAULT_REGISTRY`. +>**Note:** If you want to automatically configure Rancher to default to the private registry, you can do it during the installation by setting the environment variable `CATTLE_SYSTEM_DEFAULT_REGISTRY`. This will allow you to skip [3—Configuring Rancher for the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/config-rancher-for-private-reg/) > > Example: ``` docker run -d --restart=unless-stopped \ -p 80:80 -p 443:443 \ - -e CATTLE_SYSTEM_DEFAULT_REGISTRY= \ - /rancher/rancher:v2.0.0 + -e CATTLE_SYSTEM_DEFAULT_REGISTRY= \ + /rancher/rancher:v2.0.0 ``` ## High Availability Air Gap Install @@ -43,7 +43,7 @@ To install Rancher in a high availability configuration within an air gap enviro ### Add Private Registry to RKE YAML -When you get to [Create the rancher-cluster.yml File]({{< baseurl >}}/rancher/v2.x/en/installation/ha/kubernetes-rke/#create-the-rancher-cluster-yml-file), replace its code sample with the one below, which adds the `private registries` block. Replace each `address`, `internal_address`, and `url` with the with the address information for each of your hosts. +When you get to the [Create the rancher-cluster.yml File]({{< baseurl >}}/rancher/v2.x/en/installation/ha/kubernetes-rke/#create-the-rancher-cluster-yml-file) step, replace its code sample with the one below, which adds the `private_registries` code block. By adding this private registry into the file, it automatically uses the private registry when pulling any images. Replace values in the code sample according to the table below. @@ -53,6 +53,7 @@ Replace values in the code sample according to the table below. | `internal_address` | The IP address for each of your air gap nodes within the cluster. | | `url` | The URL for your private registry. | +
```yaml nodes: @@ -72,7 +73,7 @@ nodes: role: [ "controlplane", "etcd", "worker" ] ssh_key_file: /home/user/.ssh/id_rsa private_registries: - - url: my_registry.example.com # private registry url + - url: # private registry url user: rancher password: "*********" is_default: true @@ -80,32 +81,32 @@ nodes: ### Initialize Helm Using Private Registry -When you get to [Helm Init]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-init/#helm-init), add your private registry in the step to initialize Helm, as shown below. Replace `user-ag-2-registry.rancher.space` with your registry's hostname and domain. +When you get to [Helm Init]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-init/#helm-init), add your private registry in the step to initialize Helm, as shown below. Replace `` with your registry's hostname and domain. ``` helm init --service-account tiller \ ---tiller-image user-ag-2-registry.rancher.space/gcr.io/kubernetes-helm/tiller:v2.10.0 +--tiller-image /gcr.io/kubernetes-helm/tiller:v2.10.0 ``` ### Install cert-manager Using Private Registry -When you get to [Install cert-manager]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/#install-cert-manager), replace the install commands provided with the one below. Replace `user-ag-2-registry.rancher.space` with your registry's hostname and domain. +When you get to [Install cert-manager]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/#install-cert-manager), replace the install commands provided with the one below. Replace `` with your registry's hostname and domain. ``` helm install stable/cert-manager --name cert-manager --namespace kube-system \ ---set image.repository=user-ag-2-registry.rancher.space/quay.io/jetstack/cert-manager-controller +--set image.repository=/quay.io/jetstack/cert-manager-controller ``` ### Install Rancher Using Private Registry -When you get to [Choose Your SSL Configuration]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/#choose-your-ssl-configuration), set your `hostname` and `rancherImage`, replacing `user-ag-2-registry.rancher.space` with your registry's hostname and domain. +When you get to [Choose Your SSL Configuration]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/#choose-your-ssl-configuration), set your `hostname` and `rancherImage`, replacing `` with your registry's hostname and domain. ``` helm install rancher-stable/rancher --name rancher --namespace cattle-system \ ---set hostname=user-ag-2.rancher.space \ ---set rancherImage=user-ag-2-registry.rancher.space/rancher/rancher +--set hostname= \ +--set rancherImage=/rancher/rancher: ``` -### [Next: Configuring Rancher for the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/config-rancher-for-private-reg/) \ No newline at end of file +### [Next: Configuring Rancher for the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/config-rancher-for-private-reg/) diff --git a/content/rancher/v2.x/en/installation/air-gap-installation/prepare-private-reg/_index.md b/content/rancher/v2.x/en/installation/air-gap-installation/prepare-private-reg/_index.md index b86f31d5150..63491f0799e 100644 --- a/content/rancher/v2.x/en/installation/air-gap-installation/prepare-private-reg/_index.md +++ b/content/rancher/v2.x/en/installation/air-gap-installation/prepare-private-reg/_index.md @@ -4,71 +4,139 @@ weight: 25 draft: true --- -For the first part of your air gap install, you'll prepare your private registry for Rancher installation by downloading the Rancher release files, and then pushing them to your private registry. +For the first part of your air gap install, you'll prepare your private registry in order to be able to install and start using Rancher. + -1. Browse to the [Rancher releases page](https://github.com/rancher/rancher/releases) and download the following files from the version of Rancher tagged with `Latest release`. +1. Browse to the [Rancher releases page](https://github.com/rancher/rancher/releases) and download the following files for the version that you want to install. - | Release File | Description | - | ---------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | - | `rancher-images.txt` | This file contains all images needed to deploy the release. | - | `rancher-load-images.sh` | This script loads images from `rancher-images.tar.gz` and pushes them to your private registry. You must supply the hostname of your private registry as first argument to the script.
`rancher-load-images.sh registry.yourdomain.com:5000` | - | `rancher-save-images.sh` | This script pulls all needed images from DockerHub and saves all of the images as a compressed file called `rancher-images.tar.gz`. This file can be transferred to your on-premise host that can access your private registry. | - - >**Installing on a single node?** - > - >The next two steps don't apply to you. Skip to [step 4](#pop-reg). - + | Release File | Description | + | --- | --- | + | `rancher-images.txt` | This file contains the list of all images needed to install the release, create [Rancher launched clusters]({{< baseurl >}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/) and use any of the [Rancher tools]({{< baseurl >}}/rancher/v2.x/en/tools/). | + | `rancher-save-images.sh` | This script pulls all the images in the `rancher-images.txt` from DockerHub and saves all of the images as a compressed file called `rancher-images.tar.gz`. This file can be transferred to your on-premise host that can access your private registry. | + | `rancher-load-images.sh` | This script loads images from the `rancher-images.tar.gz` file and pushes them to your private registry. You must supply the hostname of your private registry as first argument to the script.
`rancher-load-images.sh ` | -1. **High Availablity Installs Only:** You need some additional software to complete installation in an air gap environment. Download the software in the table below. - + >**Doing a [single node installation]({{< baseurl >}}/rancher/v2.x/en/installation/single-node/)?** Skip to [step 3](#pop-reg). + + +1. **High Availability (HA) Installs Only:** For our [HA installation]({{< baseurl >}}/rancher/v2.x/en/installation/ha/), we use additional tools to install Kubernetes and launch Rancher onto a Kubernetes cluster. You will need to install and download additional software and images in order to complete the HA installation. + + Download the software in the table below. + | Software | Description | |----------|-------------| - | RKE | Rancher Kubernetes Engine (RKE) is Rancher's fast, light-weight Kubernetes installer. | - | Helm Image (tiller) | You can discover the tiller image compatible with your installed version of Helm. - | cert-manager | Rancher uses the [cert-manager](https://github.com/jetstack/cert-manager) project to issue self-singed certificates for Rancher GUI/Agent access. + | RKE | [Rancher Kubernetes Engine (RKE)]({{< baseurl >}}/rke/v1.x/en/) is Rancher's fast, light-weight Kubernetes installer. Please download the RKE version that is listed in the release notes of the Rancher version that you are planning to launch. The Docker images in Step 1 will match with this RKE version. | + | Helm | As you are installing Rancher through a helm chart, you will need to download [Helm](https://docs.helm.sh/using_helm/#installing-helm). +
-1. **High Availablity Installs Only:** From a system with internet access, paste the sample below into an empty file and save it as a shell script. Run the script to compile the images required by the latest Rancher release and write them to `images.txt` in the local directory. + After the software is installed, run the following shell script to compile the list of additional images required to [install Rancher as a helm chart]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/). + + | Images | Description | + |----------|-------------| + | Helm Image (tiller) | You can need a tiller image that is compatible with your installed version of Helm. + | cert-manager | Rancher uses the [cert-manager](https://github.com/jetstack/cert-manager) project to issue self-signed certificates for Rancher GUI/Agent access. ```bash #!/bin/bash set -e - + # Collect images for Air Gap/Private Registry install # Requires: # rke - https://rancher.com/docs/rke/v0.1.x/en/installation/ # helm - https://docs.helm.sh/using_helm/#installing-helm # curl # jq - - echo "RKE Images" - rke config --system-images 2>/dev/null > tmp-images.txt - + echo "Helm Tiller Image" helm init --dry-run --debug | grep image: | awk '{print $2}' >> tmp-images.txt - - echo "Rancher Images" - latest_url=$(curl -sS "https://api.github.com/repos/rancher/rancher/releases/latest" | jq -r '.assets[]|select(.name=="rancher-images.txt")|.browser_download_url') - curl -sSL ${latest_url} >> tmp-images.txt - + echo "Cert-Manager Image" cm_repo=$(helm inspect values stable/cert-manager | grep repository: | awk '{print $2}') cm_tag=$(helm inspect values stable/cert-manager | grep tag: | awk '{print $2}') echo "${cm_repo}:${cm_tag}" >> tmp-images.txt - + echo "Sort and uniq the images list" - cat tmp-images.txt | sort -u | uniq > images.txt - + cat tmp-images.txt | sort -u | uniq > helm-images.txt + # cleanup tmp file rm tmp-images.txt ``` + -1. Use the Rancher release files that you downloaded in [step 1](#step-1) to populate your private registry with Rancher images. Use the scenario that best matches your use case. +1. Use the Rancher release files that you downloaded in [step 1](#step-1) to populate your private registry with Rancher images. Use the scenario that best matches your use case: + + * **Scenario 1**: You have node(s) that can access both DockerHub and your private registry. + * **Scenario 2**: You have a node that can access DockerHub to pull and save the images, and a separate node(s) that access your private registry to push the images. + +
{{% tabs %}} {{% tab "Scenario 1" %}} + +
+The architecture for this scenario is: + +- A host that can access both DockerHub and your private registry. + +- An on-premise private registry, which you'll use to deploy Rancher in your air gap environment. +
+
+![Scenario2]({{< baseurl >}}/img/rancher/airgap/privateregistrypushpull.svg) + + +1. You will need to pull all the required images, re-tag each image with the location of your registry, and push the image to the registry. This action requires at least 20GB of disk space. + +Use the shell script below to to populate the private registry. This shell script can be used with the list of images from Step 1 (i.e. `rancher-images.txt`) as well as the list of images required for a HA install from Step 2 (i.e. `helm-images.txt`). + +```bash +#!/bin/bash + +# Usage: +# ./populate-images.sh --registry --images ./images.txt + +POSITIONAL=() +while [[ $# -gt 0 ]] +do +key="$1" + +case $key in + -r|--registry) + reg="$2" + shift # past argument + shift # past value + ;; + -i|--images) + images="$2" + shift + shift + ;; +esac +done + +if [[ -z $reg ]]; then + echo "-r|--registry is required" + exit 1 +fi + +if [[ -z $images ]]; then + echo "-i|--images file is required" + exit 1 +fi + +echo "Log into Docker registry ${reg}" +docker login ${reg} + +for i in $(cat ${images}); do + docker pull ${i} + docker tag ${i} ${reg}/${i} + docker push ${reg}/${i} +done +``` + +{{% /tab %}} +{{% tab "Scenario 2" %}}
The architecture for this scenario is: @@ -90,81 +158,9 @@ The architecture for this scenario is: 1. Transfer the output file from the previous step (`rancher-images.tar.gz`) to the host that can access the private registry. -1. Transfer and run `rancher-load-images.sh` on the host that can access the private registry. It should be run in the same directory as `rancher-images.tar.gz`. -{{% /tab %}} -{{% tab "Scenario 2" %}} -
-The architecture for this scenario is: +1. Transfer and run `rancher-load-images.sh` on the host that can access the private registry. It should be run in the same directory as `rancher-images.tar.gz`. -- A host that can access both DockerHub and your private registry. - -- An on-premise private registry, which you'll use to deploy Rancher in your air gap environment. -
-
-![Scenario2]({{< baseurl >}}/img/rancher/airgap/privateregistrypushpull.svg) - - -2. Pull all the images present in `rancher-images.txt`, re-tag each image with the location of your registry, and push the image to the registry. This action requires at least 20GB of disk space. See an example script below: - - ``` - #!/bin/sh - IMAGES=`curl -s -L https://github.com/rancher/rancher/releases/download/v2.0.0/rancher-images.txt` - for IMAGE in $IMAGES; do - until docker inspect $IMAGE > /dev/null 2>&1; do - docker pull $IMAGE - done - docker tag $IMAGE /$IMAGE - docker push /$IMAGE - done - ``` {{% /tab %}} {{% /tabs %}} -1. Use the shell script below to to populate the private registry. This shell script can be used with a list of images (`images.txt`). To use this script, the system needs access to both the Internet and the private registry. - - ```bash - #!/bin/bash - - # Usage: - # ./populate-images.sh --registry my_registry.example.com --images ./images.txt - - POSITIONAL=() - while [[ $# -gt 0 ]] - do - key="$1" - - case $key in - -r|--registry) - reg="$2" - shift # past argument - shift # past value - ;; - -i|--images) - images="$2" - shift - shift - ;; - esac - done - - if [[ -z $reg ]]; then - echo "-r|--registry is required" - exit 1 - fi - - if [[ -z $images ]]; then - echo "-i|--images file is required" - exit 1 - fi - - echo "Log into Docker registry ${reg}" - docker login ${reg} - - for i in $(cat ${images}); do - docker pull ${i} - docker tag ${i} ${reg}/${i} - docker push ${reg}/${i} - done - ``` - -### [Next: Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/) \ No newline at end of file +### [Next: Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/) diff --git a/content/rancher/v2.x/en/installation/single-node/_index.md b/content/rancher/v2.x/en/installation/single-node/_index.md index 3b458f3ff80..faa5ce5af39 100644 --- a/content/rancher/v2.x/en/installation/single-node/_index.md +++ b/content/rancher/v2.x/en/installation/single-node/_index.md @@ -33,7 +33,7 @@ If you are installing Rancher in a development or testing environment where iden Log into your Linux host, and then run the minimum installation command below. ->**Air Gap User?** [Add your private registry URL]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/#add-private-registry-url-to-run-command) before the `rancher/rancher` image tag. +>**Air Gap User?** [Add your private registry URL]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/#add-private-registry-url-to-run-command) before the `rancher/rancher` image. docker run -d --restart=unless-stopped \ -p 80:80 -p 443:443 \ @@ -55,7 +55,7 @@ After creating your certificate, run the Docker command below to install Rancher - Replace `` with the directory path to your certificate file. - Replace ``,``, and `` with your certificate names. ->**Air Gap User?** [Add your private registry URL]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/#add-private-registry-url-to-run-command) before the `rancher/rancher` image tag. +>**Air Gap User?** [Add your private registry URL]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/#add-private-registry-url-to-run-command) before the `rancher/rancher` image. ``` docker run -d --restart=unless-stopped \ @@ -81,7 +81,7 @@ After obtaining your certificate, run the Docker command below. - Use the `--no-cacerts` as argument to the container to disable the default CA certificate generated by Rancher. ->**Air Gap User?** [Add your private registry URL]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/#add-private-registry-url-to-run-command) before the `rancher/rancher` image tag. +>**Air Gap User?** [Add your private registry URL]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/#add-private-registry-url-to-run-command) before the `rancher/rancher` image. ``` docker run -d --restart=unless-stopped \ @@ -104,7 +104,7 @@ For production environments, you also have the options of using [Let's Encrypt]( After you fulfill the prerequisites, you can install Rancher using a Let's Encrypt certificate by running the following command. Replace `` with your your domain. ->**Air Gap User?** [Add your private registry URL]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/#add-private-registry-url-to-run-command) before the `rancher/rancher` image tag. +>**Air Gap User?** [Add your private registry URL]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/#add-private-registry-url-to-run-command) before the `rancher/rancher` image. docker run -d --restart=unless-stopped \ -p 80:80 -p 443:443 \