public/rancher-docs
1
0
Fork 0
mirror of https://github.com/rancher/rancher-docs.git synced 2026-05-22 21:05:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Say to pass private registry as env variable in air gap install

Browse Source
This commit is contained in:
Catherine Luse
2019-08-07 15:19:25 -07:00
parent 67a2e0ebca
commit ad8a05e57e
4 changed files with 39 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files
content/rancher/v2.x/en/installation/air-gap-high-availability/_index.md
+1 -2
View File
@@ -23,7 +23,6 @@ The following CLI tools are required for this install. Make sure these tools are
- [2. Collect and Publish Image Sources]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-high-availability/prepare-private-registry/)
- [3. Install Kubernetes with RKE]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-high-availability/install-kube/)
- [4. Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-high-availability/install-rancher/)
- [5. Configure Rancher for the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-high-availability/config-rancher-for-private-reg/)
- [6. Configure Rancher System Charts]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-high-availability/config-rancher-system-charts/)
- [5. Configure Rancher System Charts]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-high-availability/config-rancher-system-charts/)
### [Next: Create Nodes and Load Balancer]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-high-availability/provision-hosts/)
content/rancher/v2.x/en/installation/air-gap-high-availability/config-rancher-for-private-reg/_index.md
-26
View File
@@ -1,26 +0,0 @@
---
title: "5. Configure Rancher for the Private Registry"
weight: 500
aliases:
---
Rancher needs to be configured to use the private registry in order to provision any [Rancher launched Kubernetes clusters]({{< baseurl >}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/) or [Rancher tools]({{< baseurl >}}/rancher/v2.x/en/tools/).
>**Note:** If you want to configure Rancher to use your private registry when starting the rancher/rancher container, you can use the environment variable `CATTLE_SYSTEM_DEFAULT_REGISTRY`.
1. Log into Rancher and configure the default admin password.
1. Go into the **Settings** view.
![Settings]({{< baseurl >}}/img/rancher/airgap/settings.png)
1. Look for the setting called `system-default-registry` and choose **Edit**.
![Edit]({{< baseurl >}}/img/rancher/airgap/edit-system-default-registry.png)
1. Change the value to your registry (e.g. `registry.yourdomain.com:port`). Do not prefix the registry with `http://` or `https://`.
![Save]({{< baseurl >}}/img/rancher/airgap/enter-system-default-registry.png)
### [Next: Configure Rancher System Charts]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-high-availability/config-rancher-system-charts/)
content/rancher/v2.x/en/installation/air-gap-high-availability/config-rancher-system-charts/_index.md
+1 -1
View File
@@ -1,5 +1,5 @@
---
title: "6. Configure Rancher System Charts"
title: "5. Configure Rancher System Charts"
weight: 600
aliases:
---
content/rancher/v2.x/en/installation/air-gap-high-availability/install-rancher/_index.md
+37 -23
View File
@@ -45,12 +45,14 @@ For HA air gap configurations, there are two recommended options for the source
| [Rancher Generated Self-Signed Certificates](#self-signed) | `ingress.tls.source=rancher` | Use certificates issued by Rancher's generated CA (self signed)<br/>This is the **default** | yes |
| [Certificates from Files](#secret) | `ingress.tls.source=secret` | Use your own certificate files by creating Kubernetes Secret(s) | no |
## C. Install Rancher
## C. Set Up the Rancher Template
Based on the choice your made in [B. Choose your SSL Configuration](#b-optional-install-cert-manager), complete one of the procedures below.
In this section you will configure your cert manager and private registry in the Rancher template.
{{% accordion id="self-signed" label="Option A: Default Self-Signed Certificate" %}}
By default, Rancher generates a CA and uses cert manger to issue the certificate for access to the Rancher server interface.
By default, Rancher generates a CA and uses cert manager to issue the certificate for access to the Rancher server interface.
1. From a system connected to the internet, fetch the latest cert-manager chart available from the [official Helm chart repository](https://github.com/helm/charts/tree/master/stable).
@@ -66,23 +68,25 @@ By default, Rancher generates a CA and uses cert manger to issue the certificate
--set image.repository=<REGISTRY.YOURDOMAIN.COM:PORT>/quay.io/jetstack/cert-manager-controller
```
1. Render the Rancher template, declaring your chosen options. Use the reference table below to replace each placeholder.
Placeholder | Description
------------|-------------
`<VERSION>` | The version number of the output tarball.
`<RANCHER.YOURDOMAIN.COM>` | The DNS name you pointed at your load balancer.
`<REGISTRY.YOURDOMAIN.COM:PORT>` | The DNS name for your private registry.).
1. Render the Rancher template, declaring your chosen options. Use the reference table below to replace each placeholder. Rancher needs to be configured to use the private registry in order to provision any Rancher launched Kubernetes clusters or Rancher tools. To configure Rancher to use your private registry when starting the `rancher/rancher` container, use the `CATTLE_SYSTEM_DEFAULT_REGISTRY` variable. You can set the the extra environment variable `extraEnv` to use the same `name` and `value` keys as the container manifest definitions. Remember to quote the values:
```plain
```plain
helm template ./rancher-<VERSION>.tgz --output-dir . \
--name rancher \
--namespace cattle-system \
--set hostname=<RANCHER.YOURDOMAIN.COM> \
--set rancherImage=<REGISTRY.YOURDOMAIN.COM:PORT>/rancher/rancher
--set 'extraEnv[0].name=CATTLE_SYSTEM_DEFAULT_REGISTRY'
--set 'extraEnv[0].value=<REGISTRY.YOURDOMAIN.COM>'
```
Placeholder | Description
------------|-------------
`<VERSION>` | The version number of the output tarball.
`<RANCHER.YOURDOMAIN.COM>` | The DNS name you pointed at your load balancer.
`<REGISTRY.YOURDOMAIN.COM:PORT>` | The DNS name for your private registry.
`<REGISTRY.YOURDOMAIN.COM>` | The DNS name for your private registry. This configures Rancher to use your private registry when starting the `rancher/rancher` container.
{{% /accordion %}}
{{% accordion id="secret" label="Option B: Certificates for Files (Kubernetes Secret)" %}}
@@ -91,16 +95,7 @@ By default, Rancher generates a CA and uses cert manger to issue the certificate
> **Note:** The common name for the cert will need to match the `hostname` option or the ingress controller will fail to provision the site for Rancher.
1. Render the Rancher template, declaring your chosen options. Use the reference table below to replace each placeholder.
Placeholder | Description
------------|-------------
`<VERSION>` | The version number of the output tarball.
`<RANCHER.YOURDOMAIN.COM>` | The DNS name you pointed at your load balancer.
`<REGISTRY.YOURDOMAIN.COM:PORT>` | The DNS name for your private registry.
> **Note:** If you are using a Private CA signed cert, add `--set privateCA=true` following `--set ingress.tls.source=secret`
1. Render the Rancher template, declaring your chosen options. Use the reference table below to replace each placeholder. Rancher needs to be configured to use the private registry in order to provision any Rancher launched Kubernetes clusters or Rancher tools. To configure Rancher to use your private registry when starting the `rancher/rancher` container, the `CATTLE_SYSTEM_DEFAULT_REGISTRY` variable. You can set the the extra environment variable `extraEnv` to use the same `name` and `value` keys as the container manifest definitions. Remember to quote the values:
```
helm template ./rancher-<VERSION>.tgz --output-dir . \
@@ -109,7 +104,18 @@ By default, Rancher generates a CA and uses cert manger to issue the certificate
--set hostname=<RANCHER.YOURDOMAIN.COM> \
--set rancherImage=<REGISTRY.YOURDOMAIN.COM:PORT>/rancher/rancher \
--set ingress.tls.source=secret
```
--set 'extraEnv[0].name=CATTLE_SYSTEM_DEFAULT_REGISTRY'
--set 'extraEnv[0].value=<REGISTRY.YOURDOMAIN.COM>'
```
Placeholder | Description
------------|-------------
`<VERSION>` | The version number of the output tarball.
`<RANCHER.YOURDOMAIN.COM>` | The DNS name you pointed at your load balancer.
`<REGISTRY.YOURDOMAIN.COM:PORT>` | The DNS name for your private registry.
`<REGISTRY.YOURDOMAIN.COM>` | The DNS name for your private registry. This configures Rancher to use your private registry when starting the `rancher/rancher` container.
> **Note:** If you are using a Private CA signed cert, add `--set privateCA=true` following `--set ingress.tls.source=secret`
1. See [Adding TLS Secrets]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/tls-secrets/) to publish the certificate files so Rancher and the ingress controller can use them.
{{% /accordion %}}
@@ -133,4 +139,12 @@ kubectl create namespace cattle-system
kubectl -n cattle-system apply -R -f ./rancher
```
### [Next: Configure Rancher for the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-high-availability/config-rancher-for-private-reg/)
### Additional Resources
These resources could be helpful when you install Rancher:
- [Rancher Helm chart options]({{<baseurl>}}rancher/v2.x/en/installation/ha/helm-rancher/chart-options/)
- [Adding TLS secrets]({{<baseurl>}}/rancher/v2.x/en/installation/ha/helm-rancher/tls-secrets/)
- [Troubleshooting Rancher HA installations]({{<baseurl>}}/rancher/v2.x/en/installation/ha/helm-rancher/troubleshooting/)
### [Next: Configure Rancher System Charts]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-high-availability/config-rancher-system-charts/)