diff --git a/content/rancher/v2.x/en/installation/WIP-air-gap-installation/air-gap-high-availability/_index.md b/content/rancher/v2.x/en/installation/WIP-air-gap-installation/air-gap-high-availability/_index.md deleted file mode 100644 index ab06d55cbe0..00000000000 --- a/content/rancher/v2.x/en/installation/WIP-air-gap-installation/air-gap-high-availability/_index.md +++ /dev/null @@ -1,275 +0,0 @@ ---- -title: "Air Gap: High Availability Install" -weight: ---- - -## Outline - - - -- [Outline](#outline) -- [Prerequisites](#prerequisites) -- [Caveats](#caveats) -- [1. Provision Three Linux Hosts and Load Balancer](#1-provision-three-linux-hosts-and-load-balancer) - - [Host Requirements](#host-requirements) - - [Recommended Architecture](#recommended-architecture) - - [Required Tools](#required-tools) - - [Load Balancer](#load-balancer) -- [2. Collect and Publish Image Sources](#2-collect-and-publish-image-sources) -- [3. Create an RKE Config File](#3-create-an-rke-config-file) - - [Common RKE Nodes Options](#common-rke-nodes-options) -- [4. Run RKE](#4-run-rke) -- [5. Initialize Helm and Render Templates](#5-initialize-helm-and-render-templates) -- [6. Optional: Install Cert-Manager](#6-optional-install-cert-manager) -- [7. Install Rancher](#7-install-rancher) -- [8. Copy and Apply Manifests](#8-copy-and-apply-manifests) -- [9. Configure Rancher for the Private Registry](#9-configure-rancher-for-the-private-registry) - - - -## Prerequisites - -Rancher supports air gap installs using a private registry. You must have your own private registry or other means of distributing Docker images to your machine. If you need help with creating a private registry, please refer to the [Docker documentation](https://docs.docker.com/registry/). - - -## Caveats - -In versions of Rancher prior to v2.1.0, registries with authentication are not supported when installing Rancher in HA or provisioning clusters, but after clusters are provisioned, registries with authentication can be used in the Kubernetes clusters. - -As of v2.1.0, registries with authentication work for installing Rancher as well as provisioning clusters. - - -## 1. Provision Three Linux Hosts and Load Balancer - -Provision three air gapped Linux hosts according to our requirements below to launch Rancher in an HA configuration. - -These hosts should be disconnected from the internet, but should have connectivity with your private registry. - -### Host Requirements -View hardware and software requirements for each of your cluster nodes in [Requirements]({{< baseurl >}}/rancher/v2.x/en/installation/requirements). - -### Recommended Architecture - -- DNS for Rancher should resolve to a layer 4 load balancer -- The Load Balancer should forward port TCP/80 and TCP/443 to all 3 nodes in the Kubernetes cluster. -- The Ingress controller will redirect HTTP to HTTPS and terminate SSL/TLS on port TCP/443. -- The Ingress controller will forward traffic to port TCP/80 on the pod in the Rancher deployment. - -
HA Rancher install with layer 4 load balancer, depicting SSL termination at ingress controllers
- -![Rancher HA]({{< baseurl >}}/img/rancher/ha/rancher2ha.svg) - -### Required Tools - -The following CLI tools are required for this install. Please make sure these tools are installed and available in your `$PATH` - -* [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl) - Kubernetes command-line tool. -* [rke]({{< baseurl >}}/rke/v0.1.x/en/installation/) - Rancher Kubernetes Engine, cli for building Kubernetes clusters. -* [helm](https://docs.helm.sh/using_helm/#installing-helm) - Package management for Kubernetes. - - -### Load Balancer - -RKE, the installer that provisions your air gapped cluster, will configure an Ingress controller pod on each of your nodes. The Ingress controller pods are bound to ports TCP/80 and TCP/443 on the host network and are the entry point for HTTPS traffic to the Rancher server. - -Configure a load balancer as a basic Layer 4 TCP forwarder. The exact configuration will vary depending on your environment. - - -## 2. Collect and Publish Image Sources - -Using a computer with internet access, browse to our Rancher [releases page](https://github.com/rancher/rancher/releases) and find the version that you want to install in your air gap environment. Download the following three files: - - -| Release File | Description | -| --- | --- | -| `rancher-images.txt` | Contains a list of all files needed to install Rancher. -| `rancher-save-images.sh` | Pulls all the images in the `rancher-images.txt` from various public registries and saves all of the images as `rancher-images.tar.gz`. | -| `rancher-load-images.sh` | Loads images from the `rancher-images.tar.gz` file and pushes them to your private registry. | - - -After downloading the release files, publish the images from `rancher-images.txt` to your private registry using the image scripts. - ->**Note:** Image publication may require up to 20GB of empty disk space. - -1. From Terminal, change directories to the path containing the files listed above. - -1. Make `rancher-save-images.sh` an executable. - - ``` - chmod +x rancher-save-images.sh - ``` - -1. Run `rancher-save-images.sh` with the `rancher-images.txt` image list to create a tarball of all the required images. - - ```plain - ./rancher-save-images.sh --image-list ./rancher-images.txt - ``` - - **Step Result:** Docker begins pulling the images used for an air gap install. Be patient. This process takes a few minutes. When the process completes, your current directory will output a tarball named `rancher-images.tar.gz`. - -1. Push `rancher-load-images.sh`, `rancher-images.txt` and `rancher-images.tar.gz` to your private registry.files to each of the [Linux hosts](#1-provision-three-linux-hosts-and-load-balancer) that you've provisioned. - - - 1. Log into your private registry if required. - - ```plain - docker login - ``` - - 1. Use `rancher-load-images.sh` to extract, tag and push the images to your private registry. - - ```plain - ./rancher-load-images.sh --image-list ./rancher-images.txt --registry - ``` - - -## 3. Create an RKE Config File - - -From a system that can access ports 22/tcp and 6443/tcp on your host nodes, use the sample below create `rancher-cluster.yml`. This file is a Rancher Kubernetes Engine configuration file (RKE config file), which is a configuration for the cluster you're deploying Rancher to. Replace the IP Addresses in the `nodes` list with the IP address or DNS names of the 3 nodes you created. - ->**Tip:** See [Install Kubernetes with RKE]({{< baseurl >}}/rancher/v2.x/en/installation/ha/kubernetes-rke/) for more details on the options available. - -Replace values in the code sample according to the table below. - -| Directive Replacement | Description | -| ----------------------- | --------------------------------------------------------------------- | -| `address` | The IP address for each of your air gap nodes outside of the cluster. | -| `internal_address` | The IP address for each of your air gap nodes within the cluster. | -| `url` | The URL for your private registry. | - -> **Note:** If your node has public and internal addresses, it is recommended to set the `internal_address:` so Kubernetes will use it for intra-cluster communication. Some services like AWS EC2 require setting the `internal_address:` if you want to use self-referencing security groups or firewalls. - -```yaml -nodes: -- address: 18.222.121.187 # air gap node external IP - internal_address: 172.31.7.22 # air gap node internal IP - user: rancher - role: [ "controlplane", "etcd", "worker" ] - ssh_key_file: /home/user/.ssh/id_rsa -- address: 18.220.193.254 # air gap node external IP - internal_address: 172.31.13.132 # air gap node internal IP - user: rancher - role: [ "controlplane", "etcd", "worker" ] - ssh_key_file: /home/user/.ssh/id_rsa -- address: 13.59.83.89 # air gap node external IP - internal_address: 172.31.3.216 # air gap node internal IP - user: rancher - role: [ "controlplane", "etcd", "worker" ] - ssh_key_file: /home/user/.ssh/id_rsa - -private_registries: -- url: # private registry url - user: rancher - password: "*********" - is_default: true -``` - -### Common RKE Nodes Options - -| Option | Required | Description | -| ------------------ | -------- | -------------------------------------------------------------------------------------- | -| `address` | yes | The public DNS or IP address | -| `user` | yes | A user that can run docker commands | -| `role` | yes | List of Kubernetes roles assigned to the node | -| `internal_address` | no | The private DNS or IP address for internal cluster traffic | -| `ssh_key_path` | no | Path to SSH private key used to authenticate to the node (defaults to `~/.ssh/id_rsa`) | - - - -## 4. Run RKE - -After configuring `rancher-cluster.yml`, open Terminal and change directories to the RKE binary. Then enter the command below to stand up your high availability cluster. - -``` -rke up --config ./rancher-cluster.yml -``` - -## 5. Initialize Helm and Render Templates - - -Instead of installing the `tiller` agent on the cluster, render the installs on a system that has access to the internet and copy resulting manifests to a system that has access to the Rancher server cluster. - -Initialize `helm` locally on a system that has internet access. - -```plain -helm init -c -``` - -Then, using the same system, fetch and render the `helm` charts. - -## 6. Optional: Install Cert-Manager - -If you are installing Rancher with its self-signed certificates, you will need to install 'cert-manager' on your cluster. If you are installing your own certificates you may skip this section. - -From a system connected to the internet, fetch the latest `cert-manager` chart available from thea [official Helm chart repository](https://github.com/helm/charts/tree/master/stable). - -```plain -helm fetch stable/cert-manager -``` - -Render the template with the option you would use to install the chart. Remember to set the `image.repository` option to pull the image from your private registry. This will create a `cert-manager` directory with the Kubernetes manifest files. - -```plain -helm template ./cert-manager-.tgz --output-dir . \ ---name cert-manager --namespace kube-system \ ---set image.repository=/quay.io/jetstack/cert-manager-controller -``` - -## 7. Install Rancher - -Add the Helm chart repository that contains charts to install Rancher. Replace `` with the [repository that you're using]({{< baseurl >}}/rancher/v2.x/en/installation/server-tags/#helm-chart-repositories) (i.e. `latest` or `stable`). Please see the [High Availability Install]({{< baseurl >}}/rancher/v2.x/en/installation/ha) guide for additional options and troubleshooting. - -```plain -helm repo add rancher- https://releases.rancher.com/server-charts/ -``` - -Fetch the latest Rancher chart. This will pull down the chart and save it in the current directory as a `.tgz` file. Replace `` with the repo you're using (`latest` or `stable`). - -```plain -helm fetch rancher-/rancher -``` - -Render the template with the options you would use to install the chart. See [Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/) for details on the various options. Remember to set the `rancherImage` option to pull the image from your private registry. This will create a `rancher` directory with the Kubernetes manifest files. - -```plain -helm template ./rancher-.tgz --output-dir . \ ---name rancher --namespace cattle-system \ ---set hostname= \ ---set rancherImage=/rancher/rancher -``` - -## 8. Copy and Apply Manifests - -Copy the rendered manifest directories to a system that has access to the Rancher server cluster. - -Use `kubectl` to create namespaces and apply the rendered manifests. - -```plain -kubectl -n kube-system apply -R -f ./cert-manager - -kubectl create namespace cattle-system -kubectl -n cattle-system apply -R -f ./rancher -``` - -Make sure you follow any additional instructions required by SSL install options. See [Choose your SSL Configuration]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/#choose-your-ssl-configuration) for details. - -## 9. Configure Rancher for the Private Registry - -Rancher needs to be configured to use the private registry in order to provision any [Rancher launched Kubernetes clusters]({{< baseurl >}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/) or [Rancher tools]({{< baseurl >}}/rancher/v2.x/en/tools/) . - -1. Log into Rancher and configure the default admin password. - -1. Go into the **Settings** view. - - ![Settings]({{< baseurl >}}/img/rancher/airgap/settings.png) - -1. Look for the setting called `system-default-registry` and choose **Edit**. - - ![Edit]({{< baseurl >}}/img/rancher/airgap/edit-system-default-registry.png) - -1. Change the value to your registry (e.g. `registry.yourdomain.com:port`). Do not prefix the registry with `http://` or `https://`. - - ![Save]({{< baseurl >}}/img/rancher/airgap/enter-system-default-registry.png) - ->**Note:** If you want to configure the setting when starting the rancher/rancher container, you can use the environment variable `CATTLE_SYSTEM_DEFAULT_REGISTRY`. diff --git a/content/rancher/v2.x/en/installation/air-gap-high-availability/_index.md b/content/rancher/v2.x/en/installation/air-gap-high-availability/_index.md new file mode 100644 index 00000000000..f45caa25ba3 --- /dev/null +++ b/content/rancher/v2.x/en/installation/air-gap-high-availability/_index.md @@ -0,0 +1,30 @@ +--- +title: "Air Gap: High Availability Install" +weight: 280 +--- + +## Prerequisites + +Rancher supports air gap installs using a private registry. You must have your own private registry or other means of distributing Docker images to your machine. If you need help with creating a private registry, please refer to the [Docker documentation](https://docs.docker.com/registry/). + +The following CLI tools are required for this install. Please make sure these tools are installed and available in your `$PATH` + +* [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl) - Kubernetes command-line tool. +* [rke]({{< baseurl >}}/rke/v0.1.x/en/installation/) - Rancher Kubernetes Engine, cli for building Kubernetes clusters. +* [helm](https://docs.helm.sh/using_helm/#installing-helm) - Package management for Kubernetes. + +## Caveats + +In versions of Rancher prior to v2.1.0, registries with authentication are not supported when installing Rancher in HA or provisioning clusters, but after clusters are provisioned, registries with authentication can be used in the Kubernetes clusters. + +As of v2.1.0, registries with authentication work for installing Rancher as well as provisioning clusters. + + +## Installation Outline + +- [1. Create Nodes and Load Balancer]({{< baseurl >}}/rancher/v2.x/en/installation/wip-air-gap-installation/air-gap-high-availability/provision-hosts/) +- [2. Collect and Publish Image Sources]({{< baseurl >}}/rancher/v2.x/en/installation/wip-air-gap-installation/air-gap-high-availability/prepare-private-registry/) +- [3. Install Kubernetes with RKE]({{< baseurl >}}/rancher/v2.x/en/installation/wip-air-gap-installation/air-gap-high-availability/install-kube/) +- [4. Initialize Helm]({{< baseurl >}}/rancher/v2.x/en/installation/wip-air-gap-installation/air-gap-high-availability/helm-init/) +- [5. Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/wip-air-gap-installation/air-gap-high-availability/install-rancher/) +- [6. Configure Rancher for the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/wip-air-gap-installation/air-gap-high-availability/config-rancher-for-private-reg/) \ No newline at end of file diff --git a/content/rancher/v2.x/en/installation/air-gap-high-availability/config-rancher-for-private-reg/_index.md b/content/rancher/v2.x/en/installation/air-gap-high-availability/config-rancher-for-private-reg/_index.md new file mode 100644 index 00000000000..e6eef0dcaed --- /dev/null +++ b/content/rancher/v2.x/en/installation/air-gap-high-availability/config-rancher-for-private-reg/_index.md @@ -0,0 +1,24 @@ +--- +title: "6. Configure Rancher for the Private Registry" +weight: +aliases: + +--- + +Rancher needs to be configured to use the private registry in order to provision any [Rancher launched Kubernetes clusters]({{< baseurl >}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/) or [Rancher tools]({{< baseurl >}}/rancher/v2.x/en/tools/) . + +1. Log into Rancher and configure the default admin password. + +1. Go into the **Settings** view. + + ![Settings]({{< baseurl >}}/img/rancher/airgap/settings.png) + +1. Look for the setting called `system-default-registry` and choose **Edit**. + + ![Edit]({{< baseurl >}}/img/rancher/airgap/edit-system-default-registry.png) + +1. Change the value to your registry (e.g. `registry.yourdomain.com:port`). Do not prefix the registry with `http://` or `https://`. + + ![Save]({{< baseurl >}}/img/rancher/airgap/enter-system-default-registry.png) + +>**Note:** If you want to configure the setting when starting the rancher/rancher container, you can use the environment variable `CATTLE_SYSTEM_DEFAULT_REGISTRY`. diff --git a/content/rancher/v2.x/en/installation/air-gap-high-availability/helm-init/_index.md b/content/rancher/v2.x/en/installation/air-gap-high-availability/helm-init/_index.md new file mode 100644 index 00000000000..e924b9843df --- /dev/null +++ b/content/rancher/v2.x/en/installation/air-gap-high-availability/helm-init/_index.md @@ -0,0 +1,36 @@ +--- +title: 4. Initialize Helm +weight: 400 +aliases: +--- + +## A. Initialize Helm and Render Templates + + +Instead of installing the `tiller` agent on the cluster, render the installs on a system that has access to the internet and copy resulting manifests to a system that has access to the Rancher server cluster. + +Initialize `helm` locally on a system that has internet access. + +```plain +helm init -c +``` + +Then, using the same system, fetch and render the `helm` charts. + +## B. Optional: Install Cert-Manager + +If you are installing Rancher with its self-signed certificates, you will need to install 'cert-manager' on your cluster. If you are installing your own certificates you may skip this section. + +From a system connected to the internet, fetch the latest `cert-manager` chart available from thea [official Helm chart repository](https://github.com/helm/charts/tree/master/stable). + +```plain +helm fetch stable/cert-manager +``` + +Render the template with the option you would use to install the chart. Remember to set the `image.repository` option to pull the image from your private registry. This will create a `cert-manager` directory with the Kubernetes manifest files. + +```plain +helm template ./cert-manager-.tgz --output-dir . \ +--name cert-manager --namespace kube-system \ +--set image.repository=/quay.io/jetstack/cert-manager-controller +``` \ No newline at end of file diff --git a/content/rancher/v2.x/en/installation/air-gap-high-availability/install-kube/_index.md b/content/rancher/v2.x/en/installation/air-gap-high-availability/install-kube/_index.md new file mode 100644 index 00000000000..d0192bab02f --- /dev/null +++ b/content/rancher/v2.x/en/installation/air-gap-high-availability/install-kube/_index.md @@ -0,0 +1,68 @@ +--- +title: "3. Install Kubernetes with RKE" +weight: 300 +aliases: + +--- + +## A. Create an RKE Config File + + +From a system that can access ports 22/tcp and 6443/tcp on your host nodes, use the sample below to create `rancher-cluster.yml`. This file is a Rancher Kubernetes Engine configuration file (RKE config file), which is a configuration for the cluster you're deploying Rancher to. Replace the IP addresses in the `nodes` list with the IP address or DNS names of the 3 nodes you created. + +>**Tip:** See [Install Kubernetes with RKE]({{< baseurl >}}/rancher/v2.x/en/installation/ha/kubernetes-rke/) for more details on the options available. + +Replace values in the code sample according to the table below. + +| Directive Replacement | Description | +| ----------------------- | --------------------------------------------------------------------- | +| `address` | The IP address for each of your air gap nodes outside of the cluster. | +| `internal_address` | The IP address for each of your air gap nodes within the cluster. | +| `url` | The URL for your private registry. | + +> **Note:** If your node has public and internal addresses, it is recommended to set the `internal_address:` so Kubernetes will use it for intra-cluster communication. Some services like AWS EC2 require setting the `internal_address:` if you want to use self-referencing security groups or firewalls. + +```yaml +nodes: +- address: 18.222.121.187 # air gap node external IP + internal_address: 172.31.7.22 # air gap node internal IP + user: rancher + role: [ "controlplane", "etcd", "worker" ] + ssh_key_file: /home/user/.ssh/id_rsa +- address: 18.220.193.254 # air gap node external IP + internal_address: 172.31.13.132 # air gap node internal IP + user: rancher + role: [ "controlplane", "etcd", "worker" ] + ssh_key_file: /home/user/.ssh/id_rsa +- address: 13.59.83.89 # air gap node external IP + internal_address: 172.31.3.216 # air gap node internal IP + user: rancher + role: [ "controlplane", "etcd", "worker" ] + ssh_key_file: /home/user/.ssh/id_rsa + +private_registries: +- url: # private registry url + user: rancher + password: "*********" + is_default: true +``` + +### Common RKE Nodes Options + +| Option | Required | Description | +| ------------------ | -------- | -------------------------------------------------------------------------------------- | +| `address` | yes | The public DNS or IP address | +| `user` | yes | A user that can run docker commands | +| `role` | yes | List of Kubernetes roles assigned to the node | +| `internal_address` | no | The private DNS or IP address for internal cluster traffic | +| `ssh_key_path` | no | Path to SSH private key used to authenticate to the node (defaults to `~/.ssh/id_rsa`) | + + + +## B. Run RKE + +After configuring `rancher-cluster.yml`, open Terminal and change directories to the RKE binary. Then enter the command below to stand up your high availability cluster. + +``` +rke up --config ./rancher-cluster.yml +``` \ No newline at end of file diff --git a/content/rancher/v2.x/en/installation/air-gap-high-availability/install-rancher/_index.md b/content/rancher/v2.x/en/installation/air-gap-high-availability/install-rancher/_index.md new file mode 100644 index 00000000000..68c4e941e20 --- /dev/null +++ b/content/rancher/v2.x/en/installation/air-gap-high-availability/install-rancher/_index.md @@ -0,0 +1,43 @@ +--- +title: "5. Install Rancher" +weight: 500 +aliases: +--- + +## A. Install Rancher + +Add the Helm chart repository that contains charts to install Rancher. Replace `` with the [repository that you're using]({{< baseurl >}}/rancher/v2.x/en/installation/server-tags/#helm-chart-repositories) (i.e. `latest` or `stable`). Please see the [High Availability Install]({{< baseurl >}}/rancher/v2.x/en/installation/ha) guide for additional options and troubleshooting. + +```plain +helm repo add rancher- https://releases.rancher.com/server-charts/ +``` + +Fetch the latest Rancher chart. This will pull down the chart and save it in the current directory as a `.tgz` file. Replace `` with the repo you're using (`latest` or `stable`). + +```plain +helm fetch rancher-/rancher +``` + +Render the template with the options you would use to install the chart. See [Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/) for details on the various options. Remember to set the `rancherImage` option to pull the image from your private registry. This will create a `rancher` directory with the Kubernetes manifest files. + +```plain +helm template ./rancher-.tgz --output-dir . \ +--name rancher --namespace cattle-system \ +--set hostname= \ +--set rancherImage=/rancher/rancher +``` + +## B. Copy and Apply Manifests + +Copy the rendered manifest directories to a system that has access to the Rancher server cluster. + +Use `kubectl` to create namespaces and apply the rendered manifests. + +```plain +kubectl -n kube-system apply -R -f ./cert-manager + +kubectl create namespace cattle-system +kubectl -n cattle-system apply -R -f ./rancher +``` + +Make sure you follow any additional instructions required by SSL install options. See [Choose your SSL Configuration]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/#choose-your-ssl-configuration) for details. \ No newline at end of file diff --git a/content/rancher/v2.x/en/installation/air-gap-high-availability/prepare-private-registry/_index.md b/content/rancher/v2.x/en/installation/air-gap-high-availability/prepare-private-registry/_index.md new file mode 100644 index 00000000000..4fa593ffa4a --- /dev/null +++ b/content/rancher/v2.x/en/installation/air-gap-high-availability/prepare-private-registry/_index.md @@ -0,0 +1,75 @@ +--- +title: "2. Collect and Publish Image Sources" +weight: 200 +aliases: + +--- + +Using a computer with internet access, browse to our Rancher [releases page](https://github.com/rancher/rancher/releases) and find the version that you want to install in your air gap environment. Download the following three files: + + +| Release File | Description | +| --- | --- | +| `rancher-images.txt` | Contains a list of all files needed to install Rancher. +| `rancher-save-images.sh` | Pulls all the images in the `rancher-images.txt` from various public registries and saves all of the images as `rancher-images.tar.gz`. | +| `rancher-load-images.sh` | Loads images from the `rancher-images.tar.gz` file and pushes them to your private registry. | + + +The Rancher HA install uses images from 3 sources. Combine the 3 sources into a file named `rancher-images.txt`. + +* **Rancher** - Images required by Rancher. Download the `rancher-images.txt` file from [Rancher releases](https://github.com/rancher/rancher/releases) page for the version of Rancher you are installing. +* **RKE** - Images required by `rke` to install Kubernetes. Run `rke` and add the images to the end of `rancher-images.txt`. + + ```plain + rke config --system-images >> ./rancher-images.txt + ``` +* **Cert-Manager** - (Optional) If you choose to install with Rancher Self-Signed TLS certificates, you will need the [`cert-manager`](https://github.com/helm/charts/tree/master/stable/cert-manager) image. You may skip this image if you are using you using your own certificates. + + Fetch the latest `cert-manager` Helm chart and parse the template for image details. + + ```plain + helm fetch stable/cert-manager + helm template ./cert-manager-.tgz | grep -oP '(?<=image: ").*(?=")' >> ./rancher-images.txt + ``` + +Sort and unique the images list to remove any overlap between the sources. + +```plain +sort -u rancher-images.txt -o rancher-images.txt +``` + + +After downloading the release files, publish the images from `rancher-images.txt` to your private registry using the image scripts. + +>**Note:** Image publication may require up to 20GB of empty disk space. + +1. From Terminal, change directories to the path containing the files listed above. + +1. Make `rancher-save-images.sh` an executable. + + ``` + chmod +x rancher-save-images.sh + ``` + +1. Run `rancher-save-images.sh` with the `rancher-images.txt` image list to create a tarball of all the required images. + + ```plain + ./rancher-save-images.sh --image-list ./rancher-images.txt + ``` + + **Step Result:** Docker begins pulling the images used for an air gap install. Be patient. This process takes a few minutes. When the process completes, your current directory will output a tarball named `rancher-images.tar.gz`. + +1. Push `rancher-load-images.sh`, `rancher-images.txt` and `rancher-images.tar.gz` to your private registry.files to each of the [Linux hosts](#1-provision-three-linux-hosts-and-load-balancer) that you've provisioned. + + + 1. Log into your private registry if required. + + ```plain + docker login + ``` + + 1. Use `rancher-load-images.sh` to extract, tag and push the images to your private registry. + + ```plain + ./rancher-load-images.sh --image-list ./rancher-images.txt --registry + ``` diff --git a/content/rancher/v2.x/en/installation/air-gap-high-availability/provision-hosts/_index.md b/content/rancher/v2.x/en/installation/air-gap-high-availability/provision-hosts/_index.md new file mode 100644 index 00000000000..a344df90129 --- /dev/null +++ b/content/rancher/v2.x/en/installation/air-gap-high-availability/provision-hosts/_index.md @@ -0,0 +1,29 @@ +--- +title: "1. Create Nodes and Load Balancer" +weight: 100 +aliases: +--- +Provision three air gapped Linux hosts according to our requirements below to launch Rancher in an HA configuration. + +These hosts should be disconnected from the internet, but should have connectivity with your private registry. + +### Host Requirements + +View hardware and software requirements for each of your cluster nodes in [Requirements]({{< baseurl >}}/rancher/v2.x/en/installation/requirements). + +### Recommended Architecture + +- DNS for Rancher should resolve to a layer 4 load balancer +- The Load Balancer should forward port TCP/80 and TCP/443 to all 3 nodes in the Kubernetes cluster. +- The Ingress controller will redirect HTTP to HTTPS and terminate SSL/TLS on port TCP/443. +- The Ingress controller will forward traffic to port TCP/80 on the pod in the Rancher deployment. + +
HA Rancher install with layer 4 load balancer, depicting SSL termination at ingress controllers
+ +![Rancher HA]({{< baseurl >}}/img/rancher/ha/rancher2ha.svg) + +### Load Balancer + +RKE, the installer that provisions your air gapped cluster, will configure an Ingress controller pod on each of your nodes. The Ingress controller pods are bound to ports TCP/80 and TCP/443 on the host network and are the entry point for HTTPS traffic to the Rancher server. + +Configure a load balancer as a basic Layer 4 TCP forwarder. The exact configuration will vary depending on your environment. diff --git a/content/rancher/v2.x/en/installation/air-gap-installation/_index.md b/content/rancher/v2.x/en/installation/air-gap-installation/_index.md deleted file mode 100644 index b6a943ab19c..00000000000 --- a/content/rancher/v2.x/en/installation/air-gap-installation/_index.md +++ /dev/null @@ -1,30 +0,0 @@ ---- -title: Air Gap Install -weight: 300 ---- -In environments where security is high priority, you can set up Rancher in an air gap configuration. Air gap installs are more secure than standard single-node or HA deployments because the network that runs Rancher is disconnected from the Internet, reducing your security surface area. - -## Prerequisites - -- Rancher supports air gap installs using a private registry. You must have your own private registry or other means of distributing Docker images to your machine. If you need help with creating a private registry, please refer to the [Docker documentation](https://docs.docker.com/registry/). - - For each Rancher [release](https://github.com/rancher/rancher/releases), we provide the Docker images and scripts needed to mirror these images to your own registry. The Docker images are used when installing Rancher in an HA setup, when provisioning a cluster where Rancher is launching Kubernetes, or when you enable features like pipelines or logging. - -- **Installation Option:** Before beginning your air gap installation, choose whether you want ~~a~~ [single-node install]({{< baseurl >}}/rancher/v2.x/en/installation/single-node) or a [high availability install]({{< baseurl >}}/rancher/v2.x/en/installation/ha). View your chosen configuration's introduction notes along with Rancher's [node requirements]({{< baseurl >}}/rancher/v2.x/en/installation/requirements). - -## Caveats - -Any Rancher version prior to v2.1.0, registries with authentication are not supported when installing Rancher in HA or provisioning clusters, but after clusters are provisioned, registries with authentication can be used in the Kubernetes clusters. - -As of v2.1.0, registries with authentication work for installing Rancher as well as provisioning clusters. - -## Air Gap Installation Outline - -While installing Rancher in an air gap configuration, you'll complete several different tasks. - -- [1—Preparing the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/prepare-private-reg/) -- [2—Installing Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/) -- [3—Configuring Rancher to default to the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/private-registry/) - - -### [Next: Prepare the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/prepare-private-reg/) diff --git a/content/rancher/v2.x/en/installation/air-gap-installation/install-rancher/_index.md b/content/rancher/v2.x/en/installation/air-gap-installation/install-rancher/_index.md deleted file mode 100644 index 2adfc00ff8c..00000000000 --- a/content/rancher/v2.x/en/installation/air-gap-installation/install-rancher/_index.md +++ /dev/null @@ -1,156 +0,0 @@ ---- -title: 2—Installing Rancher -weight: 50 ---- - -After your private registry is set up for your Rancher installation, complete your installation. Follow one of the procedures below based on the configuration in which you want to run Rancher. - -{{% tabs %}} -{{% tab "HA Install" %}} -This guide will take you through the basic process of installing Rancher Server HA in a Air Gap environment. Please see the [High Availability Install]({{< baseurl >}}/rancher/v2.x/en/installation/ha) guide for additional options and troubleshooting. - -## RKE - -On a system that has access (22/tcp and 6443/tcp) to the nodes you have built to host the Rancher server cluster, use the sample below create the `rancher-cluster.yml` file. Define your nodes and fill out the details for the private registry. - -See [Install Kubernetes with RKE]({{< baseurl >}}/rancher/v2.x/en/installation/ha/kubernetes-rke/) for more details on the options available. - -Replace values in the code sample according to the table below. - -| Directive Replacement | Description | -| ----------------------- | --------------------------------------------------------------------- | -| `address` | The IP address for each of your air gap nodes outside of the cluster. | -| `internal_address` | The IP address for each of your air gap nodes within the cluster. | -| `url` | The URL for your private registry. | - -```yaml -nodes: -- address: 18.222.121.187 # air gap node external IP - internal_address: 172.31.7.22 # air gap node internal IP - user: rancher - role: [ "controlplane", "etcd", "worker" ] - ssh_key_file: /home/user/.ssh/id_rsa -- address: 18.220.193.254 # air gap node external IP - internal_address: 172.31.13.132 # air gap node internal IP - user: rancher - role: [ "controlplane", "etcd", "worker" ] - ssh_key_file: /home/user/.ssh/id_rsa -- address: 13.59.83.89 # air gap node external IP - internal_address: 172.31.3.216 # air gap node internal IP - user: rancher - role: [ "controlplane", "etcd", "worker" ] - ssh_key_file: /home/user/.ssh/id_rsa - -private_registries: -- url: # private registry url - user: rancher - password: "*********" - is_default: true -``` - -### Run RKE - -```plain -rke up --config ./rancher-cluster.yml -``` - -### Testing the Cluster - -Follow the rest of the [Install Kubernetes with RKE]({{< baseurl >}}/rancher/v2.x/en/installation/ha/kubernetes-rke/) guide to test your cluster and verify the health of your pods before continuing. - -## Helm - -Instead of installing the `tiller` agent on the cluster, render the installs on a system that has access to the internet and copy resulting manifests to a system that has access to the Rancher server cluster. - -### Initialize Helm Locally - -Skip the [Initialize Helm (Install Tiller)]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-init/) and initialize `helm` locally on a system that has internet access. - -```plain -helm init -c -``` - -## Installing Rancher - -If you set up a default private registry with credentials in RKE, the Kubernetes `kubelet` will have the credentials for your private registry configured. - -### Render Templates - -Fetch and render the `helm` charts on a system that has internet access. - -#### Cert-Manager - -If you are installing Rancher with Rancher self-signed certificates you will need to install 'cert-manager' on your cluster. If you are installing your own certificates you may skip this section. - -Fetch the latest `cert-manager` chart from the [official Helm chart repository](https://github.com/helm/charts/tree/master/stable). - -```plain -helm fetch stable/cert-manager -``` - -Render the template with the option you would use to install the chart. Remember to set the `image.repository` option to pull the image from your private registry. This will create a `cert-manager` directory with the Kubernetes manifest files. - -```plain -helm template ./cert-manager-.tgz --output-dir . \ ---name cert-manager --namespace kube-system \ ---set image.repository=/quay.io/jetstack/cert-manager-controller -``` - -#### Rancher - -Add the Helm chart repository that contains charts to install Rancher. Replace `` with the [repository that you're using]({{< baseurl >}}/rancher/v2.x/en/installation/server-tags/#helm-chart-repositories) (i.e. `latest` or `stable`). - -```plain -helm repo add rancher- https://releases.rancher.com/server-charts/ -``` - -Fetch the latest Rancher chart. This will pull down the chart and save it in the current directory as a `.tgz` file. Replace `` with the repo you're using (`latest` or `stable`). - -```plain -helm fetch rancher-/rancher -``` - -Render the template with the options you would use to install the chart. See [Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/) for details on the various options. Remember to set the `rancherImage` option to pull the image from your private registry. This will create a `rancher` directory with the Kubernetes manifest files. - -```plain -helm template ./rancher-.tgz --output-dir . \ ---name rancher --namespace cattle-system \ ---set hostname= \ ---set rancherImage=/rancher/rancher -``` - -### Copy Manifests - -Copy the rendered manifest directories to a system that has access to the Rancher server cluster. - -### Apply the Manifests - -Use `kubectl` to create namespaces and apply the rendered manifests. - -```plain -kubectl -n kube-system apply -R -f ./cert-manager - -kubectl create namespace cattle-system -kubectl -n cattle-system apply -R -f ./rancher -``` - -Make sure you follow any additional instructions required by SSL install options. See [Choose your SSL Configuration]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/#choose-your-ssl-configuration) for details. - -{{% /tab %}} -{{% tab "Single Node" %}} -To deploy Rancher on a single node in an air gap environment, follow the instructions in the standard [Single Node Install]({{< baseurl >}}/rancher/v2.x/en/installation/single-node-install/). Parts of the install where you must complete a special action for air gap are flagged with a substitute step, which is listed in the subheading below. - -### Add Private Registry URL to Run Command - -When you get to the section [Choose an SSL Option and Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/single-node/#2-choose-an-ssl-option-and-install-rancher), regardless of which install option you choose, prepend your Rancher image tag with your private registry URL (``), as shown in the example below. - -```plain -docker run -d --restart=unless-stopped \ - -p 80:80 -p 443:443 \ - /rancher/rancher: -``` - -{{% /tab %}} -{{% /tabs %}} - -### [Next: Configuring Rancher for the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/config-rancher-for-private-reg/) diff --git a/content/rancher/v2.x/en/installation/air-gap-installation/prepare-private-reg/_index.md b/content/rancher/v2.x/en/installation/air-gap-installation/prepare-private-reg/_index.md deleted file mode 100644 index 05a6d06829e..00000000000 --- a/content/rancher/v2.x/en/installation/air-gap-installation/prepare-private-reg/_index.md +++ /dev/null @@ -1,81 +0,0 @@ ---- -title: 1—Preparing the Private Registry -weight: 25 ---- - -For the first part of your air gap install, you'll prepare your private registry in order to be able to install and start using Rancher. - - - -## Image Sources - -Collect the list of images required for Rancher. These steps will require internet access. - -{{% tabs %}} -{{% tab "HA Install" %}} -The Rancher HA install uses images from 3 sources. Combine the 3 sources into a file named `rancher-images.txt`. - -* **Rancher** - Images required by Rancher. Download the `rancher-images.txt` file from [Rancher releases](https://github.com/rancher/rancher/releases) page for the version of Rancher you are installing. -* **RKE** - Images required by `rke` to install Kubernetes. Run `rke` and add the images to the end of `rancher-images.txt`. - - ```plain - rke config --system-images >> ./rancher-images.txt - ``` -* **Cert-Manager** - (Optional) If you choose to install with Rancher Self-Signed TLS certificates, you will need the [`cert-manager`](https://github.com/helm/charts/tree/master/stable/cert-manager) image. You may skip this image if you are using you using your own certificates. - - Fetch the latest `cert-manager` Helm chart and parse the template for image details. - - ```plain - helm fetch stable/cert-manager - helm template ./cert-manager-.tgz | grep -oP '(?<=image: ").*(?=")' >> ./rancher-images.txt - ``` - -Sort and unique the images list to remove any overlap between the sources. - -```plain -sort -u rancher-images.txt -o rancher-images.txt -``` - -{{% /tab %}} -{{% tab "Single Node" %}} -All the required images for a Single Node install can be found in the `rancher-images.txt` included with the release of Rancher you are installing. - -Download the `rancher-images.txt` from the [Rancher releases](https://github.com/rancher/rancher/releases) page. - -{{% /tab %}} -{{% /tabs %}} - -## Publish Images - -Once you have the `rancher-images.txt` file populated, publish the images from the list to your private registry. - -> **NOTE** This may require up to 20GB of disk space. - -1. Browse to the [Rancher releases page](https://github.com/rancher/rancher/releases) and download the following tools for saving and publishing the images. - - | Release File | Description | - | --- | --- | - | `rancher-save-images.sh` | This script pulls all the images in the `rancher-images.txt` from various public registries and saves all of the images as `rancher-images.tar.gz`. | - | `rancher-load-images.sh` | This script loads images from the `rancher-images.tar.gz` file and pushes them to your private registry. | - -1. From a system with internet access, use the `rancher-save-images.sh` with the `rancher-images.txt` image list to create a tarball of all the required images. - - ```plain - ./rancher-save-images.sh --image-list ./rancher-images.txt - ``` - -1. Copy `rancher-load-images.sh`, `rancher-images.txt` and `rancher-images.tar.gz` files to a system that can reach your private registry. - - Log into your registry if required. - - ```plain - docker login - ``` - - Use `rancher-load-images.sh` to extract, tag and push the images to your private registry. - - ```plain - ./rancher-load-images.sh --image-list ./rancher-images.txt --registry - ``` - -### [Next: Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/) diff --git a/content/rancher/v2.x/en/installation/air-gap-single-node/_index.md b/content/rancher/v2.x/en/installation/air-gap-single-node/_index.md new file mode 100644 index 00000000000..c59e02d933c --- /dev/null +++ b/content/rancher/v2.x/en/installation/air-gap-single-node/_index.md @@ -0,0 +1,26 @@ +--- +title: "Air Gap: Single Node Install" +weight: 270 +--- + +## Prerequisites + +Rancher supports air gap installs using a private registry. You must have your own private registry or other means of distributing Docker images to your machine. If you need help with creating a private registry, please refer to the [Docker documentation](https://docs.docker.com/registry/). + + +## Caveats + +In versions of Rancher prior to v2.1.0, registries with authentication are not supported when installing Rancher in HA or provisioning clusters, but after clusters are provisioned, registries with authentication can be used in the Kubernetes clusters. + +As of v2.1.0, registries with authentication work for installing Rancher as well as provisioning clusters. + +## Installation Outline + +- [1. Provision Linux Host]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-install/air-gap-single-node/provision-host/) +- [2. Prepare Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-install/air-gap-single-node/prepare-private-registry/) +- [3. Choose an SSL Option and Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-install/air-gap-single-node/install-rancher/) +- [4. Configure Rancher for Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-install/air-gap-single-node/config-rancher-for-private-reg/) + + + +### [Next: Provision Linux Host]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-install/air-gap-single-node/provision-host/) diff --git a/content/rancher/v2.x/en/installation/air-gap-installation/config-rancher-for-private-reg/_index.md b/content/rancher/v2.x/en/installation/air-gap-single-node/config-rancher-for-private-reg/_index.md similarity index 92% rename from content/rancher/v2.x/en/installation/air-gap-installation/config-rancher-for-private-reg/_index.md rename to content/rancher/v2.x/en/installation/air-gap-single-node/config-rancher-for-private-reg/_index.md index 2f754ce09b1..896a47f3c10 100644 --- a/content/rancher/v2.x/en/installation/air-gap-installation/config-rancher-for-private-reg/_index.md +++ b/content/rancher/v2.x/en/installation/air-gap-single-node/config-rancher-for-private-reg/_index.md @@ -1,6 +1,7 @@ --- -title: 3—Configuring Rancher for the Private Registry -weight: 75 +title: "4. Configure Rancher for the Private Registry" +weight: 400 +aliases: --- Rancher needs to be configured to use the private registry in order to provision any [Rancher launched Kubernetes clusters]({{< baseurl >}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/) or [Rancher tools]({{< baseurl >}}/rancher/v2.x/en/tools/) . diff --git a/content/rancher/v2.x/en/installation/WIP-air-gap-installation/air-gap-single-node/_index.md b/content/rancher/v2.x/en/installation/air-gap-single-node/install-rancher/_index.md similarity index 53% rename from content/rancher/v2.x/en/installation/WIP-air-gap-installation/air-gap-single-node/_index.md rename to content/rancher/v2.x/en/installation/air-gap-single-node/install-rancher/_index.md index 417ae3daa0b..b890c6eef11 100644 --- a/content/rancher/v2.x/en/installation/WIP-air-gap-installation/air-gap-single-node/_index.md +++ b/content/rancher/v2.x/en/installation/air-gap-single-node/install-rancher/_index.md @@ -1,79 +1,8 @@ --- -title: "Air Gap: Single Node Install" -weight: +title: "3. Choose an SSL Option and Install Rancher" +weight: 300 +aliases: --- -## Outline - - - -- [Prerequisites](#prerequisites) -- [Caveats](#caveats) -- [1. Provision Linux Host](#1-provision-linux-host) -- [2. Collect Image Sources](#2-collect-image-sources) -- [3. Publish Images](#3-publish-images) -- [4. Choose an SSL Option and Install Rancher](#4-choose-an-ssl-option-and-install-rancher) -- [5. Configure Rancher for the Private Registry](#5-configure-rancher-for-the-private-registry) - - - -## Prerequisites - -Rancher supports air gap installs using a private registry. You must have your own private registry or other means of distributing Docker images to your machine. If you need help with creating a private registry, please refer to the [Docker documentation](https://docs.docker.com/registry/). - - -## Caveats - -In versions of Rancher prior to v2.1.0, registries with authentication are not supported when installing Rancher in HA or provisioning clusters, but after clusters are provisioned, registries with authentication can be used in the Kubernetes clusters. - -As of v2.1.0, registries with authentication work for installing Rancher as well as provisioning clusters. - - -## 1. Provision Linux Host - -Provision a single, air gapped Linux host according to our [Requirements]({{< baseurl >}}/rancher/v2.x/en/installation/requirements) to launch your {{< product >}} Server. - -This host should be disconnected from the internet, but should have connectivity with your private registry. - -## 2. Collect Image Sources - -Using a computer with internet access, browse to our Rancher [releases page](https://github.com/rancher/rancher/releases) and find the version that you want to install. Download the following three files, which are required to install Rancher in an air gap environment: - - -| Release File | Description | -| --- | --- | -| `rancher-images.txt` | This file contains a list of all files needed to install Rancher. -| `rancher-save-images.sh` | This script pulls all the images in the `rancher-images.txt` from various public registries and saves all of the images as `rancher-images.tar.gz`. | -| `rancher-load-images.sh` | This script loads images from the `rancher-images.tar.gz` file and pushes them to your private registry. | - - -## 3. Publish Images - -After downloading the release files, publish the images from `rancher-images.txt` to your private registry using the image scripts. - ->**Note:** Image publication may require up to 20GB of empty disk space. - -1. From a system with internet access, use the `rancher-save-images.sh` with the `rancher-images.txt` image list to create a tarball of all the required images. - - ```plain - ./rancher-save-images.sh --image-list ./rancher-images.txt - ``` - -1. Copy `rancher-load-images.sh`, `rancher-images.txt` and `rancher-images.tar.gz` files to the [Linux host](#1-provision-linux-host) that you've provisioned. - - 1. Log into your registry if required. - - ```plain - docker login - ``` - - 1. Use `rancher-load-images.sh` to extract, tag and push the images to your private registry. - - ```plain - ./rancher-load-images.sh --image-list ./rancher-images.txt --registry - ``` - - -## 4. Choose an SSL Option and Install Rancher For development and testing in air gap environments, we recommend installing Rancher by running a single Docker container. In this installation scenario, you'll deploy Rancher to your air gap host using an image pulled from your private registry. @@ -157,22 +86,5 @@ Placeholder | Description ``` {{% /accordion %}} -## 5. Configure Rancher for the Private Registry -Rancher needs to be configured to use the private registry in order to provision any [Rancher launched Kubernetes clusters]({{< baseurl >}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/) or [Rancher tools]({{< baseurl >}}/rancher/v2.x/en/tools/) . - -1. Log into Rancher and configure the default admin password. - -1. Go into the **Settings** view. - - ![Settings]({{< baseurl >}}/img/rancher/airgap/settings.png) - -1. Look for the setting called `system-default-registry` and choose **Edit**. - - ![Edit]({{< baseurl >}}/img/rancher/airgap/edit-system-default-registry.png) - -1. Change the value to your registry (e.g. `registry.yourdomain.com:port`). Do not prefix the registry with `http://` or `https://`. - - ![Save]({{< baseurl >}}/img/rancher/airgap/enter-system-default-registry.png) - ->**Note:** If you want to configure the setting when starting the rancher/rancher container, you can use the environment variable `CATTLE_SYSTEM_DEFAULT_REGISTRY`. \ No newline at end of file +### [Next: Configure Rancher for the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-install/air-gap-single-node/config-rancher-for-private-reg/) \ No newline at end of file diff --git a/content/rancher/v2.x/en/installation/air-gap-single-node/prepare-private-registry/_index.md b/content/rancher/v2.x/en/installation/air-gap-single-node/prepare-private-registry/_index.md new file mode 100644 index 00000000000..708cd336c6d --- /dev/null +++ b/content/rancher/v2.x/en/installation/air-gap-single-node/prepare-private-registry/_index.md @@ -0,0 +1,45 @@ +--- +title: "2. Prepare Private Registry" +weight: 200 +aliases: +--- + +## A. Collect Image Sources + +Using a computer with internet access, browse to our Rancher [releases page](https://github.com/rancher/rancher/releases) and find the version that you want to install. Download the following three files, which are required to install Rancher in an air gap environment: + + +| Release File | Description | +| --- | --- | +| `rancher-images.txt` | This file contains a list of all files needed to install Rancher. +| `rancher-save-images.sh` | This script pulls all the images in the `rancher-images.txt` from various public registries and saves all of the images as `rancher-images.tar.gz`. | +| `rancher-load-images.sh` | This script loads images from the `rancher-images.tar.gz` file and pushes them to your private registry. | + + +## B. Publish Images + +After downloading the release files, publish the images from `rancher-images.txt` to your private registry using the image scripts. + +>**Note:** Image publication may require up to 20GB of empty disk space. + +1. From a system with internet access, use the `rancher-save-images.sh` with the `rancher-images.txt` image list to create a tarball of all the required images. + + ```plain + ./rancher-save-images.sh --image-list ./rancher-images.txt + ``` + +1. Copy `rancher-load-images.sh`, `rancher-images.txt` and `rancher-images.tar.gz` files to the [Linux host](#1-provision-linux-host) that you've provisioned. + + 1. Log into your registry if required. + + ```plain + docker login + ``` + + 1. Use `rancher-load-images.sh` to extract, tag and push the images to your private registry. + + ```plain + ./rancher-load-images.sh --image-list ./rancher-images.txt --registry + ``` + +### [Next: Choose an SSL Option and Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-install/air-gap-single-node/install-rancher/) \ No newline at end of file diff --git a/content/rancher/v2.x/en/installation/air-gap-single-node/provision-host/_index.md b/content/rancher/v2.x/en/installation/air-gap-single-node/provision-host/_index.md new file mode 100644 index 00000000000..37d931f70d8 --- /dev/null +++ b/content/rancher/v2.x/en/installation/air-gap-single-node/provision-host/_index.md @@ -0,0 +1,11 @@ +--- +title: "1. Provision Linux Host" +weight: 100 +aliases: +--- + +Provision a single, air gapped Linux host according to our [Requirements]({{< baseurl >}}/rancher/v2.x/en/installation/requirements) to launch your {{< product >}} Server. + +This host should be disconnected from the internet, but should have connectivity with your private registry. + +### [Next: Prepare Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-install/air-gap-single-node/prepare-private-registry/)