public/rancher-docs
1
0
Fork 0
mirror of https://github.com/rancher/rancher-docs.git synced 2026-05-28 15:45:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

streamline air-gap docs

Browse Source
This commit is contained in:
Jason Greathouse
2018-10-01 22:17:28 -05:00
parent 3ef973976b
commit 530ec9ce2b
7 changed files with 187 additions and 269 deletions
Download Patch File Download Diff File Expand all files Collapse all files
content/rancher/v2.x/en/installation/air-gap-installation/config-rancher-for-private-reg/_index.md
-11
View File
@@ -19,14 +19,3 @@ Rancher needs to be configured to use the private registry in order to provision
1. Change the value to your registry (e.g. `registry.yourdomain.com:port`). Do not prefix the registry with `http://` or `https://`.
![Save]({{< baseurl >}}/img/rancher/airgap/enter-system-default-registry.png)
>**Note:** If you want to configure the setting when starting the rancher/rancher container, you can use the environment variable `CATTLE_SYSTEM_DEFAULT_REGISTRY`.
>
> Example:
> ```
docker run -d --restart=unless-stopped \
-p 80:80 -p 443:443 \
-e CATTLE_SYSTEM_DEFAULT_REGISTRY=<REGISTRY.YOURDOMAIN.COM:PORT> \
<REGISTRY.YOURDOMAIN.COM:PORT>/rancher/rancher:<RANCHER_VERSION_TAG>
```
content/rancher/v2.x/en/installation/air-gap-installation/install-rancher/_index.md
+117 -72
View File
@@ -6,44 +6,15 @@ draft: true
After your private registry is set up for your Rancher installation, complete your installation. Follow one of the procedures below based on the configuration in which you want to run Rancher.
<!-- TOC -->
{{% tabs %}}
{{% tab "HA Install" %}}
This guide will take you through the basic process of installing Rancher Server HA in a Air Gap environment. Please see the [High Availability Install]({{< baseurl >}}/rancher/v2.x/en/installation/ha) guide for additional options and troubleshooting.
- [Single Node Air Gap Install](#single-node-air-gap-install)
- [High Availability Air Gap Install](#high-availability-air-gap-install)
## RKE
<!-- /TOC -->
## Single Node Air Gap Install
On a system that has access (22/tcp and 6443/tcp) to the nodes you have built to host the Rancher server cluster, use the sample below create the `rancher-cluster.yml` file. Define your nodes and fill out the details for the private registry.
To deploy Rancher on a single node in an air gap environment, follow the instructions in the standard [Single Node Install]({{< baseurl >}}/rancher/v2.x/en/installation/single-node-install/). Parts of the install where you must complete a special action for air gap are flagged with a substitute step, which is listed in the subheading below.
### Add Private Registry URL to Run Command
When you get to the section [Choose an SSL Option and Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/single-node/#2-choose-an-ssl-option-and-install-rancher), regardless of which install option you choose, prepend your Rancher image tag with your private registry URL (`<REGISTRY.YOURDOMAIN.COM:PORT>`), as shown in the example below.
```
docker run -d --restart=unless-stopped \
-p 80:80 -p 443:443 \
<REGISTRY.YOURDOMAIN.COM:PORT>/rancher/rancher:<RANCHER_VERSION_TAG>
```
>**Note:** If you want to automatically configure Rancher to default to the private registry, you can do it during the installation by setting the environment variable `CATTLE_SYSTEM_DEFAULT_REGISTRY`. This will allow you to skip [3—Configuring Rancher for the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/config-rancher-for-private-reg/)
>
> Example:
```
docker run -d --restart=unless-stopped \
-p 80:80 -p 443:443 \
-e CATTLE_SYSTEM_DEFAULT_REGISTRY=<REGISTRY.YOURDOMAIN.COM:PORT> \
<REGISTRY.YOURDOMAIN.COM:PORT>/rancher/rancher:v2.0.0
```
## High Availability Air Gap Install
To install Rancher in a high availability configuration within an air gap environment, follow the instructions in the standard [High Availability Install]({{< baseurl >}}/rancher/v2.x/en/installation/ha). Parts of the install where you must complete a special action for air gap are flagged with substitute steps, which are listed in the subheadings below.
### Add Private Registry to RKE YAML
When you get to the [Create the rancher-cluster.yml File]({{< baseurl >}}/rancher/v2.x/en/installation/ha/kubernetes-rke/#create-the-rancher-cluster-yml-file) step, replace its code sample with the one below, which adds the `private_registries` code block. By adding this private registry into the file, it automatically uses the private registry when pulling any images.
See [Install Kubernetes with RKE]({{< baseurl >}}/rancher/v2.x/en/installation/ha/kubernetes-rke/) for more details on the options available.
Replace values in the code sample according to the table below.
@@ -53,60 +24,134 @@ Replace values in the code sample according to the table below.
| `internal_address` | The IP address for each of your air gap nodes within the cluster. |
| `url` | The URL for your private registry. |
<br>
```yaml
nodes:
- address: 18.222.121.187 # air gap node external IP
internal_address: 172.31.7.22 # air gap node internal IP
user: rancher
role: [ "controlplane", "etcd", "worker" ]
ssh_key_file: /home/user/.ssh/id_rsa
- address: 18.220.193.254 # air gap node external IP
internal_address: 172.31.13.132 # air gap node internal IP
user: rancher
role: [ "controlplane", "etcd", "worker" ]
ssh_key_file: /home/user/.ssh/id_rsa
- address: 13.59.83.89 # air gap node external IP
internal_address: 172.31.3.216 # air gap node internal IP
user: rancher
role: [ "controlplane", "etcd", "worker" ]
ssh_key_file: /home/user/.ssh/id_rsa
private_registries:
- url: <REGISTRY.YOURDOMAIN.COM:PORT> # private registry url
user: rancher
password: "*********"
is_default: true
- address: 18.222.121.187 # air gap node external IP
internal_address: 172.31.7.22 # air gap node internal IP
user: rancher
role: [ "controlplane", "etcd", "worker" ]
ssh_key_file: /home/user/.ssh/id_rsa
- address: 18.220.193.254 # air gap node external IP
internal_address: 172.31.13.132 # air gap node internal IP
user: rancher
role: [ "controlplane", "etcd", "worker" ]
ssh_key_file: /home/user/.ssh/id_rsa
- address: 13.59.83.89 # air gap node external IP
internal_address: 172.31.3.216 # air gap node internal IP
user: rancher
role: [ "controlplane", "etcd", "worker" ]
ssh_key_file: /home/user/.ssh/id_rsa
private_registries:
- url: <REGISTRY.YOURDOMAIN.COM:PORT> # private registry url
user: rancher
password: "*********"
is_default: true
```
### Initialize Helm Using Private Registry
### Run RKE
When you get to [Helm Init]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-init/#helm-init), add your private registry in the step to initialize Helm, as shown below. Replace `<REGISTRY.YOURDOMAIN.COM:PORT>` with your registry's hostname and domain.
```
helm init --service-account tiller \
--tiller-image <REGISTRY.YOURDOMAIN.COM:PORT>/gcr.io/kubernetes-helm/tiller:v2.10.0
```plain
rke up --config ./rancher-cluster.yml
```
### Install cert-manager Using Private Registry
### Testing the Cluster
When you get to [Install cert-manager]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/#install-cert-manager), replace the install commands provided with the one below. Replace `<REGISTRY.YOURDOMAIN.COM:PORT>` with your registry's hostname and domain.
Follow the rest of the [Install Kubernetes with RKE]({{< baseurl >}}/rancher/v2.x/en/installation/ha/kubernetes-rke/) guide to test your cluster and verify the health of your pods before continuing.
## Helm
Instead of installing the `tiller` agent on the cluster, render the installs on a system that has access to the internet and copy resulting manifests to a system that has access to the Rancher server cluster.
### Initialize Helm Locally
Skip the [Initialize Helm (Install Tiller)]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-init/#helm-init) and initialize `helm` locally on a system that has internet access.
```plain
helm init -c
```
helm install stable/cert-manager --name cert-manager --namespace kube-system \
## Installing Rancher
If you set up a default private registry with credentials in RKE, the Kubernetes `kubelet` will have the credentials for your private registry configured.
### Render Templates
Fetch and render the `helm` charts on a system that has internet access.
#### Cert-Manager
If you are installing Rancher with Rancher Self-Signed certificates you will need to install 'cert-manager' on your cluster. If you are installing your own certificates you may skip this section.
Fetch the latest `stable/cert-manager` chart. This will pull down the chart and save it in the current directory as a `.tgz` file.
```plain
helm fetch stable/cert-manager
```
Render the template with the option you would use to install the chart. Remember to set the `image.repository` option to pull the image from your private registry. This will create a `cert-manager` directory with the Kubernetes manifest files.
```plain
helm template ./cert-manager-<version>.tgz --output-dir ./ \
--name cert-manager --namespace kube-system \
--set image.repository=<REGISTRY.YOURDOMAIN.COM:PORT>/quay.io/jetstack/cert-manager-controller
```
### Install Rancher Using Private Registry
When you get to [Choose Your SSL Configuration]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/#choose-your-ssl-configuration), set your `hostname` and `rancherImage`, replacing `<REGISTRY.YOURDOMAIN.COM:PORT>` with your registry's hostname and domain.
#### Rancher
Install the Rancher chart repo.
```plain
helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
```
helm install rancher-stable/rancher --name rancher --namespace cattle-system \
--set hostname=<REGISTRY.YOURDOMAIN.COM:PORT> \
--set rancherImage=<REGISTRY.YOURDOMAIN.COM:PORT>/rancher/rancher:<RANCHER_VERSION_TAG>
Fetch the latest `rancher-stable/rancher` chart. This will pull down the chart and save it in the current directory as a `.tgz` file.
```plain
helm fetch rancher-stable/rancher
```
Render the template with the options you would use to install the chart. See [Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/) for details on the various options. Remember to set the `rancherImage` option to pull the image from your private registry. This will create a `rancher` directory with the Kubernetes manifest files.
```plain
helm template ./rancher-<version>.tgz --output-dir ./ \
--name rancher --namespace cattle-system \
--set hostname=<RANCHER.YOURDOMAIN.COM> \
--set rancherImage=<REGISTRY.YOURDOMAIN.COM:PORT>/rancher/rancher
```
### Copy Manifests
Copy the rendered manifest directories to a system that has access to the Rancher server cluster.
### Apply the Manifests
Use `kubectl` to create namespaces and apply the rendered manifests.
```plain
kubectl -n kube-system apply -R -f ./cert-manager
kubectl create namespace cattle-system
kubectl -n cattle-system apply -R -f ./rancher
```
Make sure you follow any additional instructions required by SSL install options. See [Choose your SSL Configuration]({{< baseurl >}}rancher/v2.x/en/installation/ha/helm-rancher/#choose-your-ssl-configuration) for details.
{{% /tab %}}
{{% tab "Single Node" %}}
To deploy Rancher on a single node in an air gap environment, follow the instructions in the standard [Single Node Install]({{< baseurl >}}/rancher/v2.x/en/installation/single-node-install/). Parts of the install where you must complete a special action for air gap are flagged with a substitute step, which is listed in the subheading below.
### Add Private Registry URL to Run Command
When you get to the section [Choose an SSL Option and Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/single-node/#2-choose-an-ssl-option-and-install-rancher), regardless of which install option you choose, prepend your Rancher image tag with your private registry URL (`<REGISTRY.YOURDOMAIN.COM:PORT>`), as shown in the example below.
```plain
docker run -d --restart=unless-stopped \
-p 80:80 -p 443:443 \
<REGISTRY.YOURDOMAIN.COM:PORT>/rancher/rancher:<RANCHER_VERSION_TAG>
```
{{% /tab %}}
{{% /tabs %}}
### [Next: Configuring Rancher for the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/config-rancher-for-private-reg/)
content/rancher/v2.x/en/installation/air-gap-installation/prepare-private-reg/_index.md
+57 -141
View File
@@ -8,159 +8,75 @@ For the first part of your air gap install, you'll prepare your private registry
<a id="step-1"></a>
1. Browse to the [Rancher releases page](https://github.com/rancher/rancher/releases) and download the following files for the version that you want to install.
## Image Sources
| Release File | Description |
| --- | --- |
| `rancher-images.txt` | This file contains the list of all images needed to install the release, create [Rancher launched clusters]({{< baseurl >}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/) and use any of the [Rancher tools]({{< baseurl >}}/rancher/v2.x/en/tools/). |
| `rancher-save-images.sh` | This script pulls all the images in the `rancher-images.txt` from DockerHub and saves all of the images as a compressed file called `rancher-images.tar.gz`. This file can be transferred to your on-premise host that can access your private registry. |
| `rancher-load-images.sh` | This script loads images from the `rancher-images.tar.gz` file and pushes them to your private registry. You must supply the hostname of your private registry as first argument to the script.<br/>`rancher-load-images.sh <REGISTRY.YOURDOMAIN.COM:PORT>` |
Collect the list of images required for Rancher. These steps will require internet access.
>**Doing a [single node installation]({{< baseurl >}}/rancher/v2.x/en/installation/single-node/)?** Skip to [step 3](#pop-reg).
1. **High Availability (HA) Installs Only:** For our [HA installation]({{< baseurl >}}/rancher/v2.x/en/installation/ha/), we use additional tools to install Kubernetes and launch Rancher onto a Kubernetes cluster. You will need to install and download additional software and images in order to complete the HA installation.
Download the software in the table below.
| Software | Description |
|----------|-------------|
| RKE | [Rancher Kubernetes Engine (RKE)]({{< baseurl >}}/rke/v1.x/en/) is Rancher's fast, light-weight Kubernetes installer. Please download the RKE version that is listed in the release notes of the Rancher version that you are planning to launch. The Docker images in Step 1 will match with this RKE version. |
| Helm | As you are installing Rancher through a helm chart, you will need to download [Helm](https://docs.helm.sh/using_helm/#installing-helm).
<br>
After the software is installed, run the following shell script to compile the list of additional images required to [install Rancher as a helm chart]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/).
| Images | Description |
|----------|-------------|
| Helm Image (tiller) | You can need a tiller image that is compatible with your installed version of Helm.
| cert-manager | Rancher uses the [cert-manager](https://github.com/jetstack/cert-manager) project to issue self-signed certificates for Rancher GUI/Agent access.
```bash
#!/bin/bash
set -e
# Collect images for Air Gap/Private Registry install
# Requires:
# rke - https://rancher.com/docs/rke/v0.1.x/en/installation/
# helm - https://docs.helm.sh/using_helm/#installing-helm
# curl
# jq
echo "Helm Tiller Image"
helm init --dry-run --debug | grep image: | awk '{print $2}' >> tmp-images.txt
echo "Cert-Manager Image"
cm_repo=$(helm inspect values stable/cert-manager | grep repository: | awk '{print $2}')
cm_tag=$(helm inspect values stable/cert-manager | grep tag: | awk '{print $2}')
echo "${cm_repo}:${cm_tag}" >> tmp-images.txt
echo "Sort and uniq the images list"
cat tmp-images.txt | sort -u | uniq > helm-images.txt
# cleanup tmp file
rm tmp-images.txt
```
<a id="pop-reg"></a>
1. Use the Rancher release files that you downloaded in [step 1](#step-1) to populate your private registry with Rancher images. Use the scenario that best matches your use case:
* **Scenario 1**: You have node(s) that can access both DockerHub and your private registry.
* **Scenario 2**: You have a node that can access DockerHub to pull and save the images, and a separate node(s) that access your private registry to push the images.
<br/>
{{% tabs %}}
{{% tab "Scenario 1" %}}
{{% tab "HA Install" %}}
The Rancher HA install uses images from 3 sources. Combine the 3 sources into a file named `rancher-images.txt`.
<br/>
The architecture for this scenario is:
* **Rancher** - Images required by Rancher. Download the `rancher-images.txt` file from [Rancher releases](https://github.com/rancher/rancher/releases) page for the version of Rancher you are installing.
* **RKE** - Images required by `rke` to install Kubernetes. Run `rke` and add the images to the end of `rancher-images.txt`.
```plain
rke config --system-images >> ./rancher-images.txt
```
* **Cert-Manager** - (Optional) If you choose to install with Rancher Self-Signed TLS certificates, you will need the [`cert-manager`](https://github.com/helm/charts/tree/master/stable/cert-manager) image. You may skip this image if you are using you using your own certificates.
Fetch and the latest `cert-manager` Helm chart and parse the template for image details.
```plain
helm fetch stable/cert-manager
helm template ./cert-manager-<version>.tgz | grep -oP '(?<=image: ").*(?=")' >> ./rancher-images.txt
```
- A host that can access both DockerHub and your private registry.
Sort and unique the images list to remove any overlap between the sources.
- An on-premise private registry, which you'll use to deploy Rancher in your air gap environment.
<br/>
<br/>
![Scenario2]({{< baseurl >}}/img/rancher/airgap/privateregistrypushpull.svg)
1. You will need to pull all the required images, re-tag each image with the location of your registry, and push the image to the registry. This action requires at least 20GB of disk space.
Use the shell script below to to populate the private registry. This shell script can be used with the list of images from Step 1 (i.e. `rancher-images.txt`) as well as the list of images required for a HA install from Step 2 (i.e. `helm-images.txt`).
```bash
#!/bin/bash
# Usage:
# ./populate-images.sh --registry <REGISTRY.YOURDOMAIN.COM:PORT> --images ./images.txt
POSITIONAL=()
while [[ $# -gt 0 ]]
do
key="$1"
case $key in
-r|--registry)
reg="$2"
shift # past argument
shift # past value
;;
-i|--images)
images="$2"
shift
shift
;;
esac
done
if [[ -z $reg ]]; then
echo "-r|--registry is required"
exit 1
fi
if [[ -z $images ]]; then
echo "-i|--images file is required"
exit 1
fi
echo "Log into Docker registry ${reg}"
docker login ${reg}
for i in $(cat ${images}); do
docker pull ${i}
docker tag ${i} ${reg}/${i}
docker push ${reg}/${i}
done
```plain
sort -u rancher-images.txt -o rancher-images.txt
```
{{% /tab %}}
{{% tab "Scenario 2" %}}
<br/>
The architecture for this scenario is:
{{% tab "Single Node" %}}
All the required images for a Single Node install can be found in the `rancher-images.txt` included with the release of Rancher you are installing.
- A host that can access DockerHub, which pulls and saves Rancher images from the Internet.
- An on-premise host that acts as an intermediary between:
- The host that can access DockerHub.
- Your private registry.
- An on-premise private registry, which you'll use to deploy Rancher in your air gap environment.
<br/>
<br/>
![Scenario1]({{< baseurl >}}/img/rancher/airgap/privateregistry.svg)
1. From the host that can access DockerHub, run `rancher-save-images.sh`. This will require at least 20GB of disk space.
1. Transfer the output file from the previous step (`rancher-images.tar.gz`) to the host that can access the private registry.
1. Transfer and run `rancher-load-images.sh` on the host that can access the private registry. It should be run in the same directory as `rancher-images.tar.gz`.
Download the `rancher-images.txt` from the [Rancher releases](https://github.com/rancher/rancher/releases) page.
{{% /tab %}}
{{% /tabs %}}
## Publish Images
Once you have the `rancher-images.txt` file populated, publish the images from the list to your private registry.
> **NOTE** This may require up to 20GB of disk space.
1. Browse to the [Rancher releases page](https://github.com/rancher/rancher/releases) and download the following tools for saving and publishing the images.
| Release File | Description |
| --- | --- |
| `rancher-save-images.sh` | This script pulls all the images in the `rancher-images.txt` from various public registries and saves all of the images as `rancher-images.tar.gz`. |
| `rancher-load-images.sh` | This script loads images from the `rancher-images.tar.gz` file and pushes them to your private registry. |
1. From a system with internet access, use the `rancher-save-images.sh` with the `rancher-images.txt` image list to create a tarball of all the required images.
```plain
./rancher-save-images.sh --image-list ./rancher-images.txt
```
1. Copy `rancher-load-images.sh`, `rancher-images.txt` and `rancher-images.tar.gz` files to a system that can reach your private registry.
Log into your registry if required.
```plain
docker login <REGISTRY.YOURDOMAIN.COM:PORT>
```
Use `rancher-load-images.sh` to extract, tag and push the images to your private registry.
```plain
./rancher-load-images.sh --image-list ./rancher-images.txt --registry <REGISTRY.YOURDOMAIN.COM:PORT>
```
### [Next: Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/)
content/rancher/v2.x/en/installation/ha/helm-init/_index.md
+5 -10
View File
@@ -5,7 +5,9 @@ weight: 195
Helm is the package management tool of choice for Kubernetes. Helm "charts" provide templating syntax for Kubernetes YAML manifest documents. With Helm we can create configurable deployments instead of just using static files. For more information about creating your own catalog of deployments, check out the docs at [https://helm.sh/](https://helm.sh/).
### Initialize Helm on the cluster
> **Note:** For systems without direct internet access see [Helm - Air Gap]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/#helm) for install details.
### Initialize Helm on the Cluster
Helm installs the `tiller` service on your cluster to manage charts. Since RKE enables RBAC by default we will need to use `kubectl` to create a `serviceaccount` and `clusterrolebinding` so `tiller` has permission to deploy to the cluster.
@@ -13,20 +15,13 @@ Helm installs the `tiller` service on your cluster to manage charts. Since RKE e
* Create the `ClusterRoleBinding` to give the `tiller` account access to the cluster.
* Finally use `helm` to initialize the `tiller` service
>**Using Air Gap?** [Add the private registry's FQDN]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/#initialize-helm-using-private-registry) to the command.
```
```plain
kubectl -n kube-system create serviceaccount tiller
kubectl create clusterrolebinding tiller \
--clusterrole cluster-admin \
--serviceaccount=kube-system:tiller
```
##### Helm init
`helm init` installs the `tiller` service in the `kube-system` namespace on your cluster.
```
helm init --service-account tiller
```
content/rancher/v2.x/en/installation/ha/helm-rancher/_index.md
+3 -4
View File
@@ -5,6 +5,8 @@ weight: 200
Rancher installation is now managed using the Helm package manager for Kubernetes. Use `helm` to install the prerequisite and Rancher charts.
> **Note:** For systems without direct internet access see [Installing Rancher - Air Gap]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/) for install details.
### Add the Chart Repo
Use `helm repo add` to add the Rancher chart repository.
@@ -23,9 +25,6 @@ Rancher relies on [cert-manager](https://github.com/kubernetes/charts/tree/maste
Install `cert-manager` from the Helm stable catalog.
>**Using Air Gap?** [Add the private registry's FQDN]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/#install-cert-manager-using-private-registry) to the command.
```
helm install stable/cert-manager \
--name cert-manager \
@@ -101,7 +100,7 @@ Now that Rancher is running, see [Adding TLS Secrets]({{< baseurl >}}/rancher/v2
The Rancher chart configuration has many options for customizing the install to suit your specific environment. Here are some common advanced scenarios.
* [HTTP Proxy]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/chart-options/#http-proxy)
* [Private Docker Image Registry]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/chart-options/#private-registry)
* [Private Docker Image Registry]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/chart-options/#private-registry-and-air-gap-installs)
* [TLS Termination on an External Load Balancer]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/chart-options/#external-tls-termination)
See the [Chart Options]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/chart-options/) for the full list of options.
content/rancher/v2.x/en/installation/ha/helm-rancher/chart-options/_index.md
+2 -27
View File
@@ -41,34 +41,9 @@ Add your IP exceptions to the `noProxy` list. Make sure you add the Service clus
--set noProxy="127.0.0.1,localhost,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
```
### Private Registry
### Private Registry and Air Gap Installs
You can point to a private registry for the rancher image.
#### Images
Populate your private registry with Rancher images.
You can get the list of images required for rancher and worker cluster installs from the [Releases](https://github.com/rancher/rancher/releases/latest) page.
#### Create Registry Secret
Use `kubectl` to create a docker-registry secret in the `cattle-system` namespace.
```
kubectl -n cattle-system create secret docker-registry regcred \
--docker-server="reg.example.com:5000" \
--docker-email=<email>
```
#### Registry Options
Add the `rancherImage` to point to your private registry image and `imagePullSecrets` to your install command.
```
--set rancherImage=reg.example.com:5000/rancher/rancher \
--set imagePullSecrets[0].name=regcred
```
See [Installing Rancher - Air Gap]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/) for details on installing Rancher with a private registry.
### External TLS Termination
content/rancher/v2.x/en/installation/ha/kubernetes-rke/_index.md
+3 -4
View File
@@ -5,14 +5,13 @@ weight: 190
Use RKE to install Kubernetes with a high availability etcd configuration.
> **Note:** For systems without direct internet access see [RKE - Air Gap]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/#rke) for install details.
### Create the `rancher-cluster.yml` File
Using the sample below create the `rancher-cluster.yml` file. Replace the IP Addresses in the `nodes` list with the IP address or DNS names of the 3 Nodes you created.
> **Notes:**
>
>- Air Gap User? [Add a private registry section]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/#add-private-registry-to-rke-yaml) to the sample below.
>- If your node has public and internal addresses, it is recommended to set the `internal_address:` so Kubernetes will use it for intra-cluster communication. Some services like AWS EC2 require setting the `internal_address:` if you want to use self-referencing security groups or firewalls.
> **Note:** If your node has public and internal addresses, it is recommended to set the `internal_address:` so Kubernetes will use it for intra-cluster communication. Some services like AWS EC2 require setting the `internal_address:` if you want to use self-referencing security groups or firewalls.
```yaml