diff --git a/content/rancher/v2.x/en/installation/air-gap-installation/config-rancher-for-private-reg/_index.md b/content/rancher/v2.x/en/installation/air-gap-installation/config-rancher-for-private-reg/_index.md index d661c1eae0f..922cb3f1a63 100644 --- a/content/rancher/v2.x/en/installation/air-gap-installation/config-rancher-for-private-reg/_index.md +++ b/content/rancher/v2.x/en/installation/air-gap-installation/config-rancher-for-private-reg/_index.md @@ -19,14 +19,3 @@ Rancher needs to be configured to use the private registry in order to provision 1. Change the value to your registry (e.g. `registry.yourdomain.com:port`). Do not prefix the registry with `http://` or `https://`. ![Save]({{< baseurl >}}/img/rancher/airgap/enter-system-default-registry.png) - - ->**Note:** If you want to configure the setting when starting the rancher/rancher container, you can use the environment variable `CATTLE_SYSTEM_DEFAULT_REGISTRY`. -> -> Example: -> ``` -docker run -d --restart=unless-stopped \ - -p 80:80 -p 443:443 \ - -e CATTLE_SYSTEM_DEFAULT_REGISTRY= \ - /rancher/rancher: -``` diff --git a/content/rancher/v2.x/en/installation/air-gap-installation/install-rancher/_index.md b/content/rancher/v2.x/en/installation/air-gap-installation/install-rancher/_index.md index db53f2c02ed..8e38f50295d 100644 --- a/content/rancher/v2.x/en/installation/air-gap-installation/install-rancher/_index.md +++ b/content/rancher/v2.x/en/installation/air-gap-installation/install-rancher/_index.md @@ -6,44 +6,15 @@ draft: true After your private registry is set up for your Rancher installation, complete your installation. Follow one of the procedures below based on the configuration in which you want to run Rancher. - +{{% tabs %}} +{{% tab "HA Install" %}} +This guide will take you through the basic process of installing Rancher Server HA in a Air Gap environment. Please see the [High Availability Install]({{< baseurl >}}/rancher/v2.x/en/installation/ha) guide for additional options and troubleshooting. -- [Single Node Air Gap Install](#single-node-air-gap-install) -- [High Availability Air Gap Install](#high-availability-air-gap-install) +## RKE - -## Single Node Air Gap Install +On a system that has access (22/tcp and 6443/tcp) to the nodes you have built to host the Rancher server cluster, use the sample below create the `rancher-cluster.yml` file. Define your nodes and fill out the details for the private registry. -To deploy Rancher on a single node in an air gap environment, follow the instructions in the standard [Single Node Install]({{< baseurl >}}/rancher/v2.x/en/installation/single-node-install/). Parts of the install where you must complete a special action for air gap are flagged with a substitute step, which is listed in the subheading below. - - -### Add Private Registry URL to Run Command - -When you get to the section [Choose an SSL Option and Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/single-node/#2-choose-an-ssl-option-and-install-rancher), regardless of which install option you choose, prepend your Rancher image tag with your private registry URL (``), as shown in the example below. - -``` -docker run -d --restart=unless-stopped \ - -p 80:80 -p 443:443 \ - /rancher/rancher: -``` - ->**Note:** If you want to automatically configure Rancher to default to the private registry, you can do it during the installation by setting the environment variable `CATTLE_SYSTEM_DEFAULT_REGISTRY`. This will allow you to skip [3—Configuring Rancher for the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/config-rancher-for-private-reg/) -> -> Example: -``` -docker run -d --restart=unless-stopped \ - -p 80:80 -p 443:443 \ - -e CATTLE_SYSTEM_DEFAULT_REGISTRY= \ - /rancher/rancher:v2.0.0 -``` - -## High Availability Air Gap Install - -To install Rancher in a high availability configuration within an air gap environment, follow the instructions in the standard [High Availability Install]({{< baseurl >}}/rancher/v2.x/en/installation/ha). Parts of the install where you must complete a special action for air gap are flagged with substitute steps, which are listed in the subheadings below. - -### Add Private Registry to RKE YAML - -When you get to the [Create the rancher-cluster.yml File]({{< baseurl >}}/rancher/v2.x/en/installation/ha/kubernetes-rke/#create-the-rancher-cluster-yml-file) step, replace its code sample with the one below, which adds the `private_registries` code block. By adding this private registry into the file, it automatically uses the private registry when pulling any images. +See [Install Kubernetes with RKE]({{< baseurl >}}/rancher/v2.x/en/installation/ha/kubernetes-rke/) for more details on the options available. Replace values in the code sample according to the table below. @@ -53,60 +24,134 @@ Replace values in the code sample according to the table below. | `internal_address` | The IP address for each of your air gap nodes within the cluster. | | `url` | The URL for your private registry. | -
- ```yaml nodes: - - address: 18.222.121.187 # air gap node external IP - internal_address: 172.31.7.22 # air gap node internal IP - user: rancher - role: [ "controlplane", "etcd", "worker" ] - ssh_key_file: /home/user/.ssh/id_rsa - - address: 18.220.193.254 # air gap node external IP - internal_address: 172.31.13.132 # air gap node internal IP - user: rancher - role: [ "controlplane", "etcd", "worker" ] - ssh_key_file: /home/user/.ssh/id_rsa - - address: 13.59.83.89 # air gap node external IP - internal_address: 172.31.3.216 # air gap node internal IP - user: rancher - role: [ "controlplane", "etcd", "worker" ] - ssh_key_file: /home/user/.ssh/id_rsa - private_registries: - - url: # private registry url - user: rancher - password: "*********" - is_default: true +- address: 18.222.121.187 # air gap node external IP + internal_address: 172.31.7.22 # air gap node internal IP + user: rancher + role: [ "controlplane", "etcd", "worker" ] + ssh_key_file: /home/user/.ssh/id_rsa +- address: 18.220.193.254 # air gap node external IP + internal_address: 172.31.13.132 # air gap node internal IP + user: rancher + role: [ "controlplane", "etcd", "worker" ] + ssh_key_file: /home/user/.ssh/id_rsa +- address: 13.59.83.89 # air gap node external IP + internal_address: 172.31.3.216 # air gap node internal IP + user: rancher + role: [ "controlplane", "etcd", "worker" ] + ssh_key_file: /home/user/.ssh/id_rsa + +private_registries: +- url: # private registry url + user: rancher + password: "*********" + is_default: true ``` -### Initialize Helm Using Private Registry +### Run RKE -When you get to [Helm Init]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-init/#helm-init), add your private registry in the step to initialize Helm, as shown below. Replace `` with your registry's hostname and domain. - -``` -helm init --service-account tiller \ ---tiller-image /gcr.io/kubernetes-helm/tiller:v2.10.0 +```plain +rke up --config ./rancher-cluster.yml ``` -### Install cert-manager Using Private Registry +### Testing the Cluster -When you get to [Install cert-manager]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/#install-cert-manager), replace the install commands provided with the one below. Replace `` with your registry's hostname and domain. +Follow the rest of the [Install Kubernetes with RKE]({{< baseurl >}}/rancher/v2.x/en/installation/ha/kubernetes-rke/) guide to test your cluster and verify the health of your pods before continuing. +## Helm +Instead of installing the `tiller` agent on the cluster, render the installs on a system that has access to the internet and copy resulting manifests to a system that has access to the Rancher server cluster. + +### Initialize Helm Locally + +Skip the [Initialize Helm (Install Tiller)]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-init/#helm-init) and initialize `helm` locally on a system that has internet access. + +```plain +helm init -c ``` -helm install stable/cert-manager --name cert-manager --namespace kube-system \ + +## Installing Rancher + +If you set up a default private registry with credentials in RKE, the Kubernetes `kubelet` will have the credentials for your private registry configured. + +### Render Templates + +Fetch and render the `helm` charts on a system that has internet access. + +#### Cert-Manager + +If you are installing Rancher with Rancher Self-Signed certificates you will need to install 'cert-manager' on your cluster. If you are installing your own certificates you may skip this section. + +Fetch the latest `stable/cert-manager` chart. This will pull down the chart and save it in the current directory as a `.tgz` file. + +```plain +helm fetch stable/cert-manager +``` + +Render the template with the option you would use to install the chart. Remember to set the `image.repository` option to pull the image from your private registry. This will create a `cert-manager` directory with the Kubernetes manifest files. + +```plain +helm template ./cert-manager-.tgz --output-dir ./ \ +--name cert-manager --namespace kube-system \ --set image.repository=/quay.io/jetstack/cert-manager-controller ``` -### Install Rancher Using Private Registry - -When you get to [Choose Your SSL Configuration]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/#choose-your-ssl-configuration), set your `hostname` and `rancherImage`, replacing `` with your registry's hostname and domain. +#### Rancher +Install the Rancher chart repo. +```plain +helm repo add rancher-stable https://releases.rancher.com/server-charts/stable ``` -helm install rancher-stable/rancher --name rancher --namespace cattle-system \ ---set hostname= \ ---set rancherImage=/rancher/rancher: + +Fetch the latest `rancher-stable/rancher` chart. This will pull down the chart and save it in the current directory as a `.tgz` file. + +```plain +helm fetch rancher-stable/rancher ``` +Render the template with the options you would use to install the chart. See [Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/) for details on the various options. Remember to set the `rancherImage` option to pull the image from your private registry. This will create a `rancher` directory with the Kubernetes manifest files. + +```plain +helm template ./rancher-.tgz --output-dir ./ \ +--name rancher --namespace cattle-system \ +--set hostname= \ +--set rancherImage=/rancher/rancher +``` + +### Copy Manifests + +Copy the rendered manifest directories to a system that has access to the Rancher server cluster. + +### Apply the Manifests + +Use `kubectl` to create namespaces and apply the rendered manifests. + +```plain +kubectl -n kube-system apply -R -f ./cert-manager + +kubectl create namespace cattle-system +kubectl -n cattle-system apply -R -f ./rancher +``` + +Make sure you follow any additional instructions required by SSL install options. See [Choose your SSL Configuration]({{< baseurl >}}rancher/v2.x/en/installation/ha/helm-rancher/#choose-your-ssl-configuration) for details. + +{{% /tab %}} +{{% tab "Single Node" %}} +To deploy Rancher on a single node in an air gap environment, follow the instructions in the standard [Single Node Install]({{< baseurl >}}/rancher/v2.x/en/installation/single-node-install/). Parts of the install where you must complete a special action for air gap are flagged with a substitute step, which is listed in the subheading below. + +### Add Private Registry URL to Run Command + +When you get to the section [Choose an SSL Option and Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/single-node/#2-choose-an-ssl-option-and-install-rancher), regardless of which install option you choose, prepend your Rancher image tag with your private registry URL (``), as shown in the example below. + +```plain +docker run -d --restart=unless-stopped \ + -p 80:80 -p 443:443 \ + /rancher/rancher: +``` + +{{% /tab %}} +{{% /tabs %}} + ### [Next: Configuring Rancher for the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/config-rancher-for-private-reg/) diff --git a/content/rancher/v2.x/en/installation/air-gap-installation/prepare-private-reg/_index.md b/content/rancher/v2.x/en/installation/air-gap-installation/prepare-private-reg/_index.md index 63491f0799e..42490a2c91a 100644 --- a/content/rancher/v2.x/en/installation/air-gap-installation/prepare-private-reg/_index.md +++ b/content/rancher/v2.x/en/installation/air-gap-installation/prepare-private-reg/_index.md @@ -8,159 +8,75 @@ For the first part of your air gap install, you'll prepare your private registry -1. Browse to the [Rancher releases page](https://github.com/rancher/rancher/releases) and download the following files for the version that you want to install. +## Image Sources - | Release File | Description | - | --- | --- | - | `rancher-images.txt` | This file contains the list of all images needed to install the release, create [Rancher launched clusters]({{< baseurl >}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/) and use any of the [Rancher tools]({{< baseurl >}}/rancher/v2.x/en/tools/). | - | `rancher-save-images.sh` | This script pulls all the images in the `rancher-images.txt` from DockerHub and saves all of the images as a compressed file called `rancher-images.tar.gz`. This file can be transferred to your on-premise host that can access your private registry. | - | `rancher-load-images.sh` | This script loads images from the `rancher-images.tar.gz` file and pushes them to your private registry. You must supply the hostname of your private registry as first argument to the script.
`rancher-load-images.sh ` | +Collect the list of images required for Rancher. These steps will require internet access. - - >**Doing a [single node installation]({{< baseurl >}}/rancher/v2.x/en/installation/single-node/)?** Skip to [step 3](#pop-reg). - - -1. **High Availability (HA) Installs Only:** For our [HA installation]({{< baseurl >}}/rancher/v2.x/en/installation/ha/), we use additional tools to install Kubernetes and launch Rancher onto a Kubernetes cluster. You will need to install and download additional software and images in order to complete the HA installation. - - Download the software in the table below. - - | Software | Description | - |----------|-------------| - | RKE | [Rancher Kubernetes Engine (RKE)]({{< baseurl >}}/rke/v1.x/en/) is Rancher's fast, light-weight Kubernetes installer. Please download the RKE version that is listed in the release notes of the Rancher version that you are planning to launch. The Docker images in Step 1 will match with this RKE version. | - | Helm | As you are installing Rancher through a helm chart, you will need to download [Helm](https://docs.helm.sh/using_helm/#installing-helm). - -
- - After the software is installed, run the following shell script to compile the list of additional images required to [install Rancher as a helm chart]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/). - - | Images | Description | - |----------|-------------| - | Helm Image (tiller) | You can need a tiller image that is compatible with your installed version of Helm. - | cert-manager | Rancher uses the [cert-manager](https://github.com/jetstack/cert-manager) project to issue self-signed certificates for Rancher GUI/Agent access. - - ```bash - #!/bin/bash - set -e - - # Collect images for Air Gap/Private Registry install - # Requires: - # rke - https://rancher.com/docs/rke/v0.1.x/en/installation/ - # helm - https://docs.helm.sh/using_helm/#installing-helm - # curl - # jq - - echo "Helm Tiller Image" - helm init --dry-run --debug | grep image: | awk '{print $2}' >> tmp-images.txt - - echo "Cert-Manager Image" - cm_repo=$(helm inspect values stable/cert-manager | grep repository: | awk '{print $2}') - cm_tag=$(helm inspect values stable/cert-manager | grep tag: | awk '{print $2}') - echo "${cm_repo}:${cm_tag}" >> tmp-images.txt - - echo "Sort and uniq the images list" - cat tmp-images.txt | sort -u | uniq > helm-images.txt - - # cleanup tmp file - rm tmp-images.txt - ``` - - -1. Use the Rancher release files that you downloaded in [step 1](#step-1) to populate your private registry with Rancher images. Use the scenario that best matches your use case: - - * **Scenario 1**: You have node(s) that can access both DockerHub and your private registry. - * **Scenario 2**: You have a node that can access DockerHub to pull and save the images, and a separate node(s) that access your private registry to push the images. - - -
{{% tabs %}} -{{% tab "Scenario 1" %}} +{{% tab "HA Install" %}} +The Rancher HA install uses images from 3 sources. Combine the 3 sources into a file named `rancher-images.txt`. -
-The architecture for this scenario is: +* **Rancher** - Images required by Rancher. Download the `rancher-images.txt` file from [Rancher releases](https://github.com/rancher/rancher/releases) page for the version of Rancher you are installing. +* **RKE** - Images required by `rke` to install Kubernetes. Run `rke` and add the images to the end of `rancher-images.txt`. + + ```plain + rke config --system-images >> ./rancher-images.txt + ``` +* **Cert-Manager** - (Optional) If you choose to install with Rancher Self-Signed TLS certificates, you will need the [`cert-manager`](https://github.com/helm/charts/tree/master/stable/cert-manager) image. You may skip this image if you are using you using your own certificates. + + Fetch and the latest `cert-manager` Helm chart and parse the template for image details. + + ```plain + helm fetch stable/cert-manager + helm template ./cert-manager-.tgz | grep -oP '(?<=image: ").*(?=")' >> ./rancher-images.txt + ``` -- A host that can access both DockerHub and your private registry. +Sort and unique the images list to remove any overlap between the sources. -- An on-premise private registry, which you'll use to deploy Rancher in your air gap environment. -
-
-![Scenario2]({{< baseurl >}}/img/rancher/airgap/privateregistrypushpull.svg) - - -1. You will need to pull all the required images, re-tag each image with the location of your registry, and push the image to the registry. This action requires at least 20GB of disk space. - -Use the shell script below to to populate the private registry. This shell script can be used with the list of images from Step 1 (i.e. `rancher-images.txt`) as well as the list of images required for a HA install from Step 2 (i.e. `helm-images.txt`). - -```bash -#!/bin/bash - -# Usage: -# ./populate-images.sh --registry --images ./images.txt - -POSITIONAL=() -while [[ $# -gt 0 ]] -do -key="$1" - -case $key in - -r|--registry) - reg="$2" - shift # past argument - shift # past value - ;; - -i|--images) - images="$2" - shift - shift - ;; -esac -done - -if [[ -z $reg ]]; then - echo "-r|--registry is required" - exit 1 -fi - -if [[ -z $images ]]; then - echo "-i|--images file is required" - exit 1 -fi - -echo "Log into Docker registry ${reg}" -docker login ${reg} - -for i in $(cat ${images}); do - docker pull ${i} - docker tag ${i} ${reg}/${i} - docker push ${reg}/${i} -done +```plain +sort -u rancher-images.txt -o rancher-images.txt ``` {{% /tab %}} -{{% tab "Scenario 2" %}} -
-The architecture for this scenario is: +{{% tab "Single Node" %}} +All the required images for a Single Node install can be found in the `rancher-images.txt` included with the release of Rancher you are installing. -- A host that can access DockerHub, which pulls and saves Rancher images from the Internet. - -- An on-premise host that acts as an intermediary between: - - - The host that can access DockerHub. - - - Your private registry. - -- An on-premise private registry, which you'll use to deploy Rancher in your air gap environment. -
-
- -![Scenario1]({{< baseurl >}}/img/rancher/airgap/privateregistry.svg) - -1. From the host that can access DockerHub, run `rancher-save-images.sh`. This will require at least 20GB of disk space. - -1. Transfer the output file from the previous step (`rancher-images.tar.gz`) to the host that can access the private registry. - -1. Transfer and run `rancher-load-images.sh` on the host that can access the private registry. It should be run in the same directory as `rancher-images.tar.gz`. +Download the `rancher-images.txt` from the [Rancher releases](https://github.com/rancher/rancher/releases) page. {{% /tab %}} {{% /tabs %}} +## Publish Images + +Once you have the `rancher-images.txt` file populated, publish the images from the list to your private registry. + +> **NOTE** This may require up to 20GB of disk space. + +1. Browse to the [Rancher releases page](https://github.com/rancher/rancher/releases) and download the following tools for saving and publishing the images. + + | Release File | Description | + | --- | --- | + | `rancher-save-images.sh` | This script pulls all the images in the `rancher-images.txt` from various public registries and saves all of the images as `rancher-images.tar.gz`. | + | `rancher-load-images.sh` | This script loads images from the `rancher-images.tar.gz` file and pushes them to your private registry. | + +1. From a system with internet access, use the `rancher-save-images.sh` with the `rancher-images.txt` image list to create a tarball of all the required images. + + ```plain + ./rancher-save-images.sh --image-list ./rancher-images.txt + ``` + +1. Copy `rancher-load-images.sh`, `rancher-images.txt` and `rancher-images.tar.gz` files to a system that can reach your private registry. + + Log into your registry if required. + + ```plain + docker login + ``` + + Use `rancher-load-images.sh` to extract, tag and push the images to your private registry. + + ```plain + ./rancher-load-images.sh --image-list ./rancher-images.txt --registry + ``` + ### [Next: Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/) diff --git a/content/rancher/v2.x/en/installation/ha/helm-init/_index.md b/content/rancher/v2.x/en/installation/ha/helm-init/_index.md index 20d057843bb..1d58e21872b 100644 --- a/content/rancher/v2.x/en/installation/ha/helm-init/_index.md +++ b/content/rancher/v2.x/en/installation/ha/helm-init/_index.md @@ -5,7 +5,9 @@ weight: 195 Helm is the package management tool of choice for Kubernetes. Helm "charts" provide templating syntax for Kubernetes YAML manifest documents. With Helm we can create configurable deployments instead of just using static files. For more information about creating your own catalog of deployments, check out the docs at [https://helm.sh/](https://helm.sh/). -### Initialize Helm on the cluster +> **Note:** For systems without direct internet access see [Helm - Air Gap]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/#helm) for install details. + +### Initialize Helm on the Cluster Helm installs the `tiller` service on your cluster to manage charts. Since RKE enables RBAC by default we will need to use `kubectl` to create a `serviceaccount` and `clusterrolebinding` so `tiller` has permission to deploy to the cluster. @@ -13,20 +15,13 @@ Helm installs the `tiller` service on your cluster to manage charts. Since RKE e * Create the `ClusterRoleBinding` to give the `tiller` account access to the cluster. * Finally use `helm` to initialize the `tiller` service ->**Using Air Gap?** [Add the private registry's FQDN]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/#initialize-helm-using-private-registry) to the command. - -``` +```plain kubectl -n kube-system create serviceaccount tiller + kubectl create clusterrolebinding tiller \ --clusterrole cluster-admin \ --serviceaccount=kube-system:tiller -``` -##### Helm init - -`helm init` installs the `tiller` service in the `kube-system` namespace on your cluster. - -``` helm init --service-account tiller ``` diff --git a/content/rancher/v2.x/en/installation/ha/helm-rancher/_index.md b/content/rancher/v2.x/en/installation/ha/helm-rancher/_index.md index 8787f4fd931..57dade23699 100644 --- a/content/rancher/v2.x/en/installation/ha/helm-rancher/_index.md +++ b/content/rancher/v2.x/en/installation/ha/helm-rancher/_index.md @@ -5,6 +5,8 @@ weight: 200 Rancher installation is now managed using the Helm package manager for Kubernetes. Use `helm` to install the prerequisite and Rancher charts. +> **Note:** For systems without direct internet access see [Installing Rancher - Air Gap]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/) for install details. + ### Add the Chart Repo Use `helm repo add` to add the Rancher chart repository. @@ -23,9 +25,6 @@ Rancher relies on [cert-manager](https://github.com/kubernetes/charts/tree/maste Install `cert-manager` from the Helm stable catalog. ->**Using Air Gap?** [Add the private registry's FQDN]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/#install-cert-manager-using-private-registry) to the command. - - ``` helm install stable/cert-manager \ --name cert-manager \ @@ -101,7 +100,7 @@ Now that Rancher is running, see [Adding TLS Secrets]({{< baseurl >}}/rancher/v2 The Rancher chart configuration has many options for customizing the install to suit your specific environment. Here are some common advanced scenarios. * [HTTP Proxy]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/chart-options/#http-proxy) -* [Private Docker Image Registry]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/chart-options/#private-registry) +* [Private Docker Image Registry]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/chart-options/#private-registry-and-air-gap-installs) * [TLS Termination on an External Load Balancer]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/chart-options/#external-tls-termination) See the [Chart Options]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/chart-options/) for the full list of options. diff --git a/content/rancher/v2.x/en/installation/ha/helm-rancher/chart-options/_index.md b/content/rancher/v2.x/en/installation/ha/helm-rancher/chart-options/_index.md index 0fdd32fe6fa..91d86126b9f 100644 --- a/content/rancher/v2.x/en/installation/ha/helm-rancher/chart-options/_index.md +++ b/content/rancher/v2.x/en/installation/ha/helm-rancher/chart-options/_index.md @@ -41,34 +41,9 @@ Add your IP exceptions to the `noProxy` list. Make sure you add the Service clus --set noProxy="127.0.0.1,localhost,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16" ``` -### Private Registry +### Private Registry and Air Gap Installs -You can point to a private registry for the rancher image. - -#### Images - -Populate your private registry with Rancher images. - -You can get the list of images required for rancher and worker cluster installs from the [Releases](https://github.com/rancher/rancher/releases/latest) page. - -#### Create Registry Secret - -Use `kubectl` to create a docker-registry secret in the `cattle-system` namespace. - -``` -kubectl -n cattle-system create secret docker-registry regcred \ - --docker-server="reg.example.com:5000" \ - --docker-email= -``` - -#### Registry Options - -Add the `rancherImage` to point to your private registry image and `imagePullSecrets` to your install command. - -``` ---set rancherImage=reg.example.com:5000/rancher/rancher \ ---set imagePullSecrets[0].name=regcred -``` +See [Installing Rancher - Air Gap]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/) for details on installing Rancher with a private registry. ### External TLS Termination diff --git a/content/rancher/v2.x/en/installation/ha/kubernetes-rke/_index.md b/content/rancher/v2.x/en/installation/ha/kubernetes-rke/_index.md index 9acb25beb94..c91d3b81e85 100644 --- a/content/rancher/v2.x/en/installation/ha/kubernetes-rke/_index.md +++ b/content/rancher/v2.x/en/installation/ha/kubernetes-rke/_index.md @@ -5,14 +5,13 @@ weight: 190 Use RKE to install Kubernetes with a high availability etcd configuration. +> **Note:** For systems without direct internet access see [RKE - Air Gap]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/#rke) for install details. + ### Create the `rancher-cluster.yml` File Using the sample below create the `rancher-cluster.yml` file. Replace the IP Addresses in the `nodes` list with the IP address or DNS names of the 3 Nodes you created. -> **Notes:** -> ->- Air Gap User? [Add a private registry section]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/#add-private-registry-to-rke-yaml) to the sample below. ->- If your node has public and internal addresses, it is recommended to set the `internal_address:` so Kubernetes will use it for intra-cluster communication. Some services like AWS EC2 require setting the `internal_address:` if you want to use self-referencing security groups or firewalls. +> **Note:** If your node has public and internal addresses, it is recommended to set the `internal_address:` so Kubernetes will use it for intra-cluster communication. Some services like AWS EC2 require setting the `internal_address:` if you want to use self-referencing security groups or firewalls. ```yaml