completing draft of ha air gap

content/rancher/v2.x/en/installation/WIP-air-gap-installation/air-gap-high-availability/_index.md

@@ -11,18 +11,19 @@ weight:
 - [Prerequisites](#prerequisites)
 - [Caveats](#caveats)
 - [1. Provision Three Linux Hosts and Load Balancer](#1-provision-three-linux-hosts-and-load-balancer)
-- [2. Collect Image Sources](#2-collect-image-sources)
-- [3. Publish Images](#3-publish-images)
-- [4. Install Rancher](#4-install-rancher)
-    - [4A. Create an RKE Config File](#4a-create-an-rke-config-file)
-        - [Common RKE Nodes Options](#common-rke-nodes-options)
-    - [4B. Run RKE](#4b-run-rke)
-    - [4C. Initialize Helm](#4c-initialize-helm)
-    - [4D. Render Templates](#4d-render-templates)
-    - [4E. Install Cert-Manager](#4e-install-cert-manager)
-    - [4F. Install Rancher](#4f-install-rancher)
-    - [4G. Copy and Apply Manifests](#4g-copy-and-apply-manifests)
-- [4. Configure Rancher for the Private Registry](#4-configure-rancher-for-the-private-registry)
+    - [Host Requirements](#host-requirements)
+    - [Recommended Architecture](#recommended-architecture)
+    - [Required Tools](#required-tools)
+    - [Load Balancer](#load-balancer)
+- [2. Collect and Publish Image Sources](#2-collect-and-publish-image-sources)
+- [3. Create an RKE Config File](#3-create-an-rke-config-file)
+    - [Common RKE Nodes Options](#common-rke-nodes-options)
+- [4. Run RKE](#4-run-rke)
+- [5. Initialize Helm and Render Templates](#5-initialize-helm-and-render-templates)
+- [6. Optional: Install Cert-Manager](#6-optional-install-cert-manager)
+- [7. Install Rancher](#7-install-rancher)
+- [8. Copy and Apply Manifests](#8-copy-and-apply-manifests)
+- [9. Configure Rancher for the Private Registry](#9-configure-rancher-for-the-private-registry)
 
 <!-- /TOC -->
 
@@ -44,11 +45,10 @@ Provision three air gapped Linux hosts according to our requirements below to la
 
 These hosts should be disconnected from the internet, but should have connectivity with your private registry.
 
-{{% tabs %}}
-{{% tab "Host Requirements" %}}
+### Host Requirements
 View hardware and software requirements for each of your cluster nodes in [Requirements]({{< baseurl >}}/rancher/v2.x/en/installation/requirements).
-{{% /tab %}}
-{{% tab "Recommended Architecture" %}}
+
+### Recommended Architecture
 
 - DNS for Rancher should resolve to a layer 4 load balancer
 - The Load Balancer should forward port TCP/80 and TCP/443 to all 3 nodes in the Kubernetes cluster.
@@ -56,50 +56,61 @@ View hardware and software requirements for each of your cluster nodes in [Requi
 - The Ingress controller will forward traffic to port TCP/80 on the pod in the Rancher deployment.
 
 <figcaption>HA Rancher install with layer 4 load balancer, depicting SSL termination at ingress controllers</figcaption>
-![Rancher HA]({{< baseurl >}}/img/rancher/ha/rancher2ha.svg) 
-{{% /tab %}}
-{{% tab "Required Tools" %}}
+
+![Rancher HA]({{< baseurl >}}/img/rancher/ha/rancher2ha.svg)
+
+### Required Tools
+
 The following CLI tools are required for this install. Please make sure these tools are installed and available in your `$PATH`
 
 * [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl) - Kubernetes command-line tool.
 * [rke]({{< baseurl >}}/rke/v0.1.x/en/installation/) - Rancher Kubernetes Engine, cli for building Kubernetes clusters.
-* [helm](https://docs.helm.sh/using_helm/#installing-helm) - Package management for Kubernetes. 
-{{% /tab %}}
+* [helm](https://docs.helm.sh/using_helm/#installing-helm) - Package management for Kubernetes.
+
+
+### Load Balancer
 
-{{% tab "Load Balancer"%}}
 RKE, the installer that provisions your air gapped cluster, will configure an Ingress controller pod on each of your nodes. The Ingress controller pods are bound to ports TCP/80 and TCP/443 on the host network and are the entry point for HTTPS traffic to the Rancher server.
 
 Configure a load balancer as a basic Layer 4 TCP forwarder. The exact configuration will vary depending on your environment.
-{{% /tab %}}
-{{% /tabs %}}
 
-## 2. Collect Image Sources
 
-Using a computer with internet access, browse to our Rancher [releases page](https://github.com/rancher/rancher/releases) and find the version that you want to install. Download the following three files, which are required to install Rancher in an air gap environment:
+## 2. Collect and Publish Image Sources
+
+Using a computer with internet access, browse to our Rancher [releases page](https://github.com/rancher/rancher/releases) and find the version that you want to install in your air gap environment. Download the following three files:
 
 
 | Release File | Description |
 | --- | --- |
-| `rancher-images.txt` | This file contains a list of all files needed to install Rancher.
-| `rancher-save-images.sh` | This script pulls all the images in the `rancher-images.txt` from various public registries and saves all of the images as `rancher-images.tar.gz`. |
-| `rancher-load-images.sh` | This script loads images from the `rancher-images.tar.gz` file and pushes them to your private registry. |
+| `rancher-images.txt` | Contains a list of all files needed to install Rancher.
+| `rancher-save-images.sh` | Pulls all the images in the `rancher-images.txt` from various public registries and saves all of the images as `rancher-images.tar.gz`. |
+| `rancher-load-images.sh` | Loads images from the `rancher-images.tar.gz` file and pushes them to your private registry. |
 
 
-## 3. Publish Images
-
 After downloading the release files, publish the images from `rancher-images.txt` to your private registry using the image scripts.
 
 >**Note:** Image publication may require up to 20GB of empty disk space.
 
-1. From a system with internet access, use the `rancher-save-images.sh` with the `rancher-images.txt` image list to create a tarball of all the required images.
+1. From Terminal, change directories to the path containing the files listed above.
+
+1. Make `rancher-save-images.sh` an executable.
+
+    ```
+    chmod +x rancher-save-images.sh
+    ```
+
+1. Run `rancher-save-images.sh` with the `rancher-images.txt` image list to create a tarball of all the required images.
 
     ```plain
     ./rancher-save-images.sh --image-list ./rancher-images.txt
     ```
 
-1. Copy `rancher-load-images.sh`, `rancher-images.txt` and `rancher-images.tar.gz` files to the [Linux host](#1-provision-linux-host) that you've provisioned.
+    **Step Result:** Docker begins pulling the images used for an air gap install. Be patient. This process takes a few minutes. When the process completes, your current directory will output a tarball named `rancher-images.tar.gz`.
 
-    1. Log into your registry if required.
+1. Push `rancher-load-images.sh`, `rancher-images.txt` and `rancher-images.tar.gz` to your private registry.files to each of the [Linux hosts](#1-provision-three-linux-hosts-and-load-balancer) that you've provisioned.
+
+
+    1. Log into your private registry if required.
 
         ```plain
         docker login <REGISTRY.YOURDOMAIN.COM:PORT>
@@ -112,17 +123,10 @@ After downloading the release files, publish the images from `rancher-images.txt
         ```
 
 
+## 3. Create an RKE Config File
 
 
-## 4. Install Rancher
-
-This guide will take you through the basic process of installing Rancher Server HA in a Air Gap environment. Please see the [High Availability Install]({{< baseurl >}}/rancher/v2.x/en/installation/ha) guide for additional options and troubleshooting.
-
-
-### 4A. Create an RKE Config File 
-
-
-On a system that has access (22/tcp and 6443/tcp) to the nodes you have built to host the Rancher server cluster, use the sample below create the `rancher-cluster.yml` file. Replace the IP Addresses in the `nodes` list with the IP address or DNS names of the 3 nodes you created.
+From a system that can access ports 22/tcp and 6443/tcp on your host nodes, use the sample below create `rancher-cluster.yml`. This file is a Rancher Kubernetes Engine configuration file (RKE config file), which is a configuration for the cluster you're deploying Rancher to.  Replace the IP Addresses in the `nodes` list with the IP address or DNS names of the 3 nodes you created.
 
 >**Tip:** See [Install Kubernetes with RKE]({{< baseurl >}}/rancher/v2.x/en/installation/ha/kubernetes-rke/) for more details on the options available.
 
@@ -161,19 +165,19 @@ private_registries:
   is_default: true
 ```
 
-#### Common RKE Nodes Options
+### Common RKE Nodes Options
 
-| Option | Required | Description |
-| --- | --- | --- |
-| `address` | yes | The public DNS or IP address |
-| `user` | yes | A user that can run docker commands |
-| `role` | yes | List of Kubernetes roles assigned to the node |
-| `internal_address` | no | The private DNS or IP address for internal cluster traffic |
-| `ssh_key_path` | no | Path to SSH private key used to authenticate to the node (defaults to `~/.ssh/id_rsa`) |
+| Option             | Required | Description                                                                            |
+| ------------------ | -------- | -------------------------------------------------------------------------------------- |
+| `address`          | yes      | The public DNS or IP address                                                           |
+| `user`             | yes      | A user that can run docker commands                                                    |
+| `role`             | yes      | List of Kubernetes roles assigned to the node                                          |
+| `internal_address` | no       | The private DNS or IP address for internal cluster traffic                             |
+| `ssh_key_path`     | no       | Path to SSH private key used to authenticate to the node (defaults to `~/.ssh/id_rsa`) |
 
 <!-- TODO: add troubleshooting and other links -->
 
-### 4B. Run RKE
+## 4. Run RKE
 
 After configuring `rancher-cluster.yml`, open Terminal and change directories to the RKE binary. Then enter the command below to stand up your high availability cluster.
 
@@ -181,26 +185,24 @@ After configuring `rancher-cluster.yml`, open Terminal and change directories to
 rke up --config ./rancher-cluster.yml
 ```
 
-### 4C. Initialize Helm 
+## 5. Initialize Helm and Render Templates
 
 
 Instead of installing the `tiller` agent on the cluster, render the installs on a system that has access to the internet and copy resulting manifests to a system that has access to the Rancher server cluster.
 
-Skip the [Initialize Helm (Install Tiller)]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-init/) and initialize `helm` locally on a system that has internet access.
+Initialize `helm` locally on a system that has internet access.
 
 ```plain
 helm init -c
-``` 
+```
 
-### 4D. Render Templates
+Then, using the same system, fetch and render the `helm` charts.
 
-Fetch and render the `helm` charts on a system that has internet access.
-
-### 4E. Install Cert-Manager
+## 6. Optional: Install Cert-Manager
 
 If you are installing Rancher with its self-signed certificates, you will need to install 'cert-manager' on your cluster. If you are installing your own certificates you may skip this section.
 
-Fetch the latest `cert-manager` chart from the [official Helm chart repository](https://github.com/helm/charts/tree/master/stable).
+From a system connected to the internet, fetch the latest `cert-manager` chart available from thea [official Helm chart repository](https://github.com/helm/charts/tree/master/stable).
 
 ```plain
 helm fetch stable/cert-manager
@@ -214,9 +216,9 @@ helm template ./cert-manager-<version>.tgz --output-dir . \
 --set image.repository=<REGISTRY.YOURDOMAIN.COM:PORT>/quay.io/jetstack/cert-manager-controller
 ```
 
-### 4F. Install Rancher
+## 7. Install Rancher
 
-Add the Helm chart repository that contains charts to install Rancher. Replace `<CHART_REPO>` with the [repository that you're using]({{< baseurl >}}/rancher/v2.x/en/installation/server-tags/#helm-chart-repositories) (i.e. `latest` or `stable`).
+Add the Helm chart repository that contains charts to install Rancher. Replace `<CHART_REPO>` with the [repository that you're using]({{< baseurl >}}/rancher/v2.x/en/installation/server-tags/#helm-chart-repositories) (i.e. `latest` or `stable`). Please see the [High Availability Install]({{< baseurl >}}/rancher/v2.x/en/installation/ha) guide for additional options and troubleshooting.
 
 ```plain
 helm repo add rancher-<CHART_REPO> https://releases.rancher.com/server-charts/<CHART_REPO>
@@ -237,7 +239,7 @@ helm template ./rancher-<version>.tgz --output-dir . \
 --set rancherImage=<REGISTRY.YOURDOMAIN.COM:PORT>/rancher/rancher
 ```
 
-### 4G. Copy and Apply Manifests
+## 8. Copy and Apply Manifests
 
 Copy the rendered manifest directories to a system that has access to the Rancher server cluster.
 
@@ -252,7 +254,7 @@ kubectl -n cattle-system apply -R -f ./rancher
 
 Make sure you follow any additional instructions required by SSL install options. See [Choose your SSL Configuration]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/#choose-your-ssl-configuration) for details.
 
-## 4. Configure Rancher for the Private Registry
+## 9. Configure Rancher for the Private Registry
 
 Rancher needs to be configured to use the private registry in order to provision any [Rancher launched Kubernetes clusters]({{< baseurl >}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/) or [Rancher tools]({{< baseurl >}}/rancher/v2.x/en/tools/) .