diff --git a/content/rancher/v2.x/en/installation/air-gap-high-availability/_index.md b/content/rancher/v2.x/en/installation/air-gap-high-availability/_index.md index 8dac5518de2..acf44ed8fb1 100644 --- a/content/rancher/v2.x/en/installation/air-gap-high-availability/_index.md +++ b/content/rancher/v2.x/en/installation/air-gap-high-availability/_index.md @@ -15,14 +15,15 @@ The following CLI tools are required for this install. Make sure these tools are * [rke]({{< baseurl >}}/rke/v0.1.x/en/installation/) - Rancher Kubernetes Engine, cli for building Kubernetes clusters. * [helm](https://docs.helm.sh/using_helm/#installing-helm) - Package management for Kubernetes. +>**Note:** If you install Rancher in an HA configuration in an air gap environment, you cannot transition to a single-node setup during future upgrades. + ## Installation Outline - [1. Create Nodes and Load Balancer]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-high-availability/provision-hosts/) - [2. Collect and Publish Image Sources]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-high-availability/prepare-private-registry/) - [3. Install Kubernetes with RKE]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-high-availability/install-kube/) -- [4. Initialize Helm]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-high-availability/helm-init/) -- [5. Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-high-availability/install-rancher/) -- [6. Configure Rancher for the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-high-availability/config-rancher-for-private-reg/) +- [4. Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-high-availability/install-rancher/) +- [5. Configure Rancher for the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-high-availability/config-rancher-for-private-reg/) ### [Next: Create Nodes and Load Balancer]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-high-availability/provision-hosts/) diff --git a/content/rancher/v2.x/en/installation/air-gap-high-availability/config-rancher-for-private-reg/_index.md b/content/rancher/v2.x/en/installation/air-gap-high-availability/config-rancher-for-private-reg/_index.md index 08013579bc4..b5d0a5cc75f 100644 --- a/content/rancher/v2.x/en/installation/air-gap-high-availability/config-rancher-for-private-reg/_index.md +++ b/content/rancher/v2.x/en/installation/air-gap-high-availability/config-rancher-for-private-reg/_index.md @@ -1,5 +1,5 @@ --- -title: "6. Configure Rancher for the Private Registry" +title: "5. Configure Rancher for the Private Registry" weight: aliases: @@ -7,6 +7,8 @@ aliases: Rancher needs to be configured to use the private registry in order to provision any [Rancher launched Kubernetes clusters]({{< baseurl >}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/) or [Rancher tools]({{< baseurl >}}/rancher/v2.x/en/tools/). +>**Note:** If you want to configure Rancher for your private registry when when starting the rancher/rancher container, you can use the environment variable `CATTLE_SYSTEM_DEFAULT_REGISTRY`. + 1. Log into Rancher and configure the default admin password. 1. Go into the **Settings** view. @@ -19,6 +21,4 @@ Rancher needs to be configured to use the private registry in order to provision 1. Change the value to your registry (e.g. `registry.yourdomain.com:port`). Do not prefix the registry with `http://` or `https://`. - ![Save]({{< baseurl >}}/img/rancher/airgap/enter-system-default-registry.png) - ->**Note:** If you want to configure the setting when starting the rancher/rancher container, you can use the environment variable `CATTLE_SYSTEM_DEFAULT_REGISTRY`. + ![Save]({{< baseurl >}}/img/rancher/airgap/enter-system-default-registry.png) \ No newline at end of file diff --git a/content/rancher/v2.x/en/installation/air-gap-high-availability/install-kube/_index.md b/content/rancher/v2.x/en/installation/air-gap-high-availability/install-kube/_index.md index a9c7e2ee3f3..8a54cfc80e3 100644 --- a/content/rancher/v2.x/en/installation/air-gap-high-availability/install-kube/_index.md +++ b/content/rancher/v2.x/en/installation/air-gap-high-availability/install-kube/_index.md @@ -61,4 +61,4 @@ After configuring `rancher-cluster.yml`, open Terminal and change directories to rke up --config ./rancher-cluster.yml ``` -### [Next: Initialize Helm]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-high-availability/helm-init/) +### [Next: Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-high-availability/install-rancher) diff --git a/content/rancher/v2.x/en/installation/air-gap-high-availability/install-rancher-2/_index.md b/content/rancher/v2.x/en/installation/air-gap-high-availability/install-rancher-2/_index.md deleted file mode 100644 index d0eb89c5e54..00000000000 --- a/content/rancher/v2.x/en/installation/air-gap-high-availability/install-rancher-2/_index.md +++ /dev/null @@ -1,96 +0,0 @@ ---- -title: "5. Choose an SSL Option and Install Rancher" -weight: 500 -aliases: ---- - -## A. Render Templates and Install Rancher - -Add the Helm chart repository that contains charts to install Rancher. Replace `` with the [repository that you're using]({{< baseurl >}}/rancher/v2.x/en/installation/server-tags/#helm-chart-repositories) (i.e. `latest` or `stable`). - -```plain -helm repo add rancher- https://releases.rancher.com/server-charts/ -``` - -Fetch the latest Rancher chart. This will pull down the chart and save it in the current directory as a `.tgz` file. Replace `` with the repo you're using (`latest` or `stable`). - -```plain -helm fetch rancher-/rancher -``` - -Render the template with the options you would use to install the chart. See [Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/) for details on the various options. Remember to set the `rancherImage` option to pull the image from your private registry. This will create a `rancher` directory with the Kubernetes manifest files. - -```plain -helm template ./rancher-.tgz --output-dir . \ ---name rancher --namespace cattle-system \ ---set hostname= \ ---set rancherImage=/rancher/rancher -``` - ->Want additional options? Need help troubleshooting? See [High Availability Install: Advanced Options]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/#advanced-configurations). - -## A. Choose an SSL Option and Install Rancher - - -Rancher server is designed to be secure by default and requires SSL/TLS configuration. There are two options for the source of the certificate in an HA air gap setup: - -{{% accordion id="self-signed" label="Option A: Default Self-Signed Certificate" %}} -The default is for Rancher to generate a CA and use the `cert-manager` to issue the certificate for access to the Rancher server interface. Use the reference table below to replace each placeholder. - -Placeholder | Description -------------|------------- -`` | The version number of the output tarball. -`` | The DNS name you pointed at your load balancer. -`` | The DNS name for your private registry.). - - -```plain -helm template ./rancher-.tgz --output-dir . \ - --name rancher \ - --namespace cattle-system \ - --set hostname= \ - --set rancherImage=/rancher/rancher -``` - -{{% /accordion %}} - -{{% accordion id="secret" label="Option B: Certificates for Files (Kubernetes Secret)" %}} -Create Kubernetes secrets from your own certificates for Rancher to use. - -> **Note:** The common name for the cert will need to match the `hostname` option or the ingress controller will fail to provision the site for Rancher. - -Placeholder | Description -------------|------------- -`` | The version number of the output tarball. -`` | The DNS name you pointed at your load balancer. -`` | The DNS name for your private registry. - - -> **Note:** If you are using a Private CA signed cert, add `--set privateCA=true` - -``` -helm template ./rancher-.tgz --output-dir . \ - --name rancher \ - --namespace cattle-system \ - --set hostname= \ - --set rancherImage=/rancher/rancher - --set ingress.tls.source=secret \ -``` - -Now that Rancher is running, see [Adding TLS Secrets]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/tls-secrets/) to publish the certificate files so Rancher and the ingress controller can use them. -{{% /accordion %}} - -## B. Copy and Apply Manifests - -Copy the rendered manifest directories to a system that has access to the Rancher server cluster. - -Use `kubectl` to create namespaces and apply the rendered manifests. - -```plain -kubectl -n kube-system apply -R -f ./cert-manager - -kubectl create namespace cattle-system -kubectl -n cattle-system apply -R -f ./rancher -``` - -### [Next: Configure Rancher for the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-high-availability/config-rancher-for-private-reg/) diff --git a/content/rancher/v2.x/en/installation/air-gap-high-availability/install-rancher/_index.md b/content/rancher/v2.x/en/installation/air-gap-high-availability/install-rancher/_index.md index d518ad67f4f..c5ec3257902 100644 --- a/content/rancher/v2.x/en/installation/air-gap-high-availability/install-rancher/_index.md +++ b/content/rancher/v2.x/en/installation/air-gap-high-availability/install-rancher/_index.md @@ -39,77 +39,92 @@ From a system that has access to the internet, render the installs and copy the >Want additional options? Need help troubleshooting? See [High Availability Install: Advanced Options]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/#advanced-configurations). -## B. Optional: Install Cert-Manager -If you are installing Rancher with its self-signed certificates, you will need to install 'cert-manager' on your cluster. If you are installing your own certificates you may skip this section. +## B. Choose your SSL Configuration -From a system connected to the internet, fetch the latest `cert-manager` chart available from thea [official Helm chart repository](https://github.com/helm/charts/tree/master/stable). +Rancher Server is designed to be secure by default and requires SSL/TLS configuration. -```plain -helm fetch stable/cert-manager -``` +For HA air gap configurations, there are two recommended options for the source of the certificate. -Render the template with the option you would use to install the chart. Remember to set the `image.repository` option to pull the image from your private registry. This will create a `cert-manager` directory with the Kubernetes manifest files. +> **Note:** If you want terminate SSL/TLS externally, see [TLS termination on an External Load Balancer]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/chart-options/#external-tls-termination). -```plain -helm template ./cert-manager-.tgz --output-dir . \ ---name cert-manager --namespace kube-system \ ---set image.repository=/quay.io/jetstack/cert-manager-controller -``` +| Configuration | Chart option | Description | Requires cert-manager | +|-----|-----|-----|-----| +| [Rancher Generated Self-Signed Certificates](#self-signed) | `ingress.tls.source=rancher` | Use certificates issued by Rancher's generated CA (self signed)
This is the **default** | yes | +| [Certificates from Files](#secret) | `ingress.tls.source=secret` | Use your own certificate files by creating Kubernetes Secret(s) | no | +## C. Install Rancher -## D. Choose an SSL Option and Install Rancher - - -Rancher server is designed to be secure by default and requires SSL/TLS configuration. There are two options for the source of the certificate in an HA air gap setup: +Based on the choice your made in [B. Choose your SSL Coniguration](#b-optional-install-cert-manager), complete one of the procedures below. {{% accordion id="self-signed" label="Option A: Default Self-Signed Certificate" %}} -The default is for Rancher to generate a CA and use the `cert-manager` to issue the certificate for access to the Rancher server interface. Use the reference table below to replace each placeholder. +By default, Rancher generates a CA and uses cert manger to issue the certificate for access to the Rancher server interface. -Placeholder | Description -------------|------------- -`` | The version number of the output tarball. -`` | The DNS name you pointed at your load balancer. -`` | The DNS name for your private registry.). +1. From a system connected to the internet, fetch the latest cert-manager chart available from the [official Helm chart repository](https://github.com/helm/charts/tree/master/stable). + ```plain + helm fetch stable/cert-manager + ``` -```plain -helm template ./rancher-.tgz --output-dir . \ - --name rancher \ - --namespace cattle-system \ - --set hostname= \ - --set rancherImage=/rancher/rancher -``` + ``` + +1. Render the cert manager template with the options you would like to use to install the chart. Remember to set the `image.repository` option to pull the image from your private registry. This will create a `cert-manager` directory with the Kubernetes manifest files. + + ```plain + helm template ./cert-manager-.tgz --output-dir . \ + --name cert-manager --namespace kube-system \ + --set image.repository=/quay.io/jetstack/cert-manager-controller + ``` + +1. Render the Rancher template with the options you would like to use to install the chart. Use the reference table below to replace each placeholder. + + Placeholder | Description + ------------|------------- + `` | The version number of the output tarball. + `` | The DNS name you pointed at your load balancer. + `` | The DNS name for your private registry.). + + + ```plain + helm template ./rancher-.tgz --output-dir . \ + --name rancher \ + --namespace cattle-system \ + --set hostname= \ + --set rancherImage=/rancher/rancher + ``` {{% /accordion %}} {{% accordion id="secret" label="Option B: Certificates for Files (Kubernetes Secret)" %}} -Create Kubernetes secrets from your own certificates for Rancher to use. -> **Note:** The common name for the cert will need to match the `hostname` option or the ingress controller will fail to provision the site for Rancher. +1. Create Kubernetes secrets from your own certificates for Rancher to use. -Placeholder | Description -------------|------------- -`` | The version number of the output tarball. -`` | The DNS name you pointed at your load balancer. -`` | The DNS name for your private registry. + > **Note:** The common name for the cert will need to match the `hostname` option or the ingress controller will fail to provision the site for Rancher. +1. Render the Rancher template with the options you would like to use to install the chart. Use the reference table below to replace each placeholder. -> **Note:** If you are using a Private CA signed cert, add `--set privateCA=true` - -``` -helm template ./rancher-.tgz --output-dir . \ - --name rancher \ - --namespace cattle-system \ - --set hostname= \ - --set rancherImage=/rancher/rancher - --set ingress.tls.source=secret \ + Placeholder | Description + ------------|------------- + `` | The version number of the output tarball. + `` | The DNS name you pointed at your load balancer. + `` | The DNS name for your private registry. + + + > **Note:** If you are using a Private CA signed cert, add `--set privateCA=true` following `--set ingress.tls.source=secret` + + ``` + helm template ./rancher-.tgz --output-dir . \ + --name rancher \ + --namespace cattle-system \ + --set hostname= \ + --set rancherImage=/rancher/rancher + --set ingress.tls.source=secret \ ``` -Now that Rancher is running, see [Adding TLS Secrets]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/tls-secrets/) to publish the certificate files so Rancher and the ingress controller can use them. +1. Now that Rancher is running, see [Adding TLS Secrets]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/tls-secrets/) to publish the certificate files so Rancher and the ingress controller can use them. {{% /accordion %}} -## B. Copy and Apply Manifests +## D. Copy and Apply Manifests Copy the rendered manifest directories to a system that has access to the Rancher server cluster. diff --git a/content/rancher/v2.x/en/installation/air-gap-single-node/_index.md b/content/rancher/v2.x/en/installation/air-gap-single-node/_index.md index ec84e74550e..3f7fd9e6302 100644 --- a/content/rancher/v2.x/en/installation/air-gap-single-node/_index.md +++ b/content/rancher/v2.x/en/installation/air-gap-single-node/_index.md @@ -7,6 +7,7 @@ weight: 280 Rancher supports air gap installs using a private registry. You must have your own private registry or other means of distributing Docker images to your machine. If you need help with creating a private registry, please refer to the [Docker documentation](https://docs.docker.com/registry/). +>**Note:** If you install Rancher on a single node in an air gap environment, you cannot transition to a HA configuration during future upgrades. ## Installation Outline