From efc41fd600dc264fce7b7b687ee4accfc0f55593 Mon Sep 17 00:00:00 2001 From: Mark Bishop Date: Fri, 2 Nov 2018 18:42:12 -0700 Subject: [PATCH] completing draft of ha air gap --- .../air-gap-high-availability}/_index.md | 130 +++++++++--------- .../air-gap-single-node}/_index.md | 0 2 files changed, 66 insertions(+), 64 deletions(-) rename content/rancher/v2.x/en/installation/{air-gap-installation/high-availability => WIP-air-gap-installation/air-gap-high-availability}/_index.md (68%) rename content/rancher/v2.x/en/installation/{air-gap-installation/single-node => WIP-air-gap-installation/air-gap-single-node}/_index.md (100%) diff --git a/content/rancher/v2.x/en/installation/air-gap-installation/high-availability/_index.md b/content/rancher/v2.x/en/installation/WIP-air-gap-installation/air-gap-high-availability/_index.md similarity index 68% rename from content/rancher/v2.x/en/installation/air-gap-installation/high-availability/_index.md rename to content/rancher/v2.x/en/installation/WIP-air-gap-installation/air-gap-high-availability/_index.md index 16ffa53ea0d..ab06d55cbe0 100644 --- a/content/rancher/v2.x/en/installation/air-gap-installation/high-availability/_index.md +++ b/content/rancher/v2.x/en/installation/WIP-air-gap-installation/air-gap-high-availability/_index.md @@ -11,18 +11,19 @@ weight: - [Prerequisites](#prerequisites) - [Caveats](#caveats) - [1. Provision Three Linux Hosts and Load Balancer](#1-provision-three-linux-hosts-and-load-balancer) -- [2. Collect Image Sources](#2-collect-image-sources) -- [3. Publish Images](#3-publish-images) -- [4. Install Rancher](#4-install-rancher) - - [4A. Create an RKE Config File](#4a-create-an-rke-config-file) - - [Common RKE Nodes Options](#common-rke-nodes-options) - - [4B. Run RKE](#4b-run-rke) - - [4C. Initialize Helm](#4c-initialize-helm) - - [4D. Render Templates](#4d-render-templates) - - [4E. Install Cert-Manager](#4e-install-cert-manager) - - [4F. Install Rancher](#4f-install-rancher) - - [4G. Copy and Apply Manifests](#4g-copy-and-apply-manifests) -- [4. Configure Rancher for the Private Registry](#4-configure-rancher-for-the-private-registry) + - [Host Requirements](#host-requirements) + - [Recommended Architecture](#recommended-architecture) + - [Required Tools](#required-tools) + - [Load Balancer](#load-balancer) +- [2. Collect and Publish Image Sources](#2-collect-and-publish-image-sources) +- [3. Create an RKE Config File](#3-create-an-rke-config-file) + - [Common RKE Nodes Options](#common-rke-nodes-options) +- [4. Run RKE](#4-run-rke) +- [5. Initialize Helm and Render Templates](#5-initialize-helm-and-render-templates) +- [6. Optional: Install Cert-Manager](#6-optional-install-cert-manager) +- [7. Install Rancher](#7-install-rancher) +- [8. Copy and Apply Manifests](#8-copy-and-apply-manifests) +- [9. Configure Rancher for the Private Registry](#9-configure-rancher-for-the-private-registry) @@ -44,11 +45,10 @@ Provision three air gapped Linux hosts according to our requirements below to la These hosts should be disconnected from the internet, but should have connectivity with your private registry. -{{% tabs %}} -{{% tab "Host Requirements" %}} +### Host Requirements View hardware and software requirements for each of your cluster nodes in [Requirements]({{< baseurl >}}/rancher/v2.x/en/installation/requirements). -{{% /tab %}} -{{% tab "Recommended Architecture" %}} + +### Recommended Architecture - DNS for Rancher should resolve to a layer 4 load balancer - The Load Balancer should forward port TCP/80 and TCP/443 to all 3 nodes in the Kubernetes cluster. @@ -56,50 +56,61 @@ View hardware and software requirements for each of your cluster nodes in [Requi - The Ingress controller will forward traffic to port TCP/80 on the pod in the Rancher deployment.
HA Rancher install with layer 4 load balancer, depicting SSL termination at ingress controllers
-![Rancher HA]({{< baseurl >}}/img/rancher/ha/rancher2ha.svg) -{{% /tab %}} -{{% tab "Required Tools" %}} + +![Rancher HA]({{< baseurl >}}/img/rancher/ha/rancher2ha.svg) + +### Required Tools + The following CLI tools are required for this install. Please make sure these tools are installed and available in your `$PATH` * [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl) - Kubernetes command-line tool. * [rke]({{< baseurl >}}/rke/v0.1.x/en/installation/) - Rancher Kubernetes Engine, cli for building Kubernetes clusters. -* [helm](https://docs.helm.sh/using_helm/#installing-helm) - Package management for Kubernetes. -{{% /tab %}} +* [helm](https://docs.helm.sh/using_helm/#installing-helm) - Package management for Kubernetes. + + +### Load Balancer -{{% tab "Load Balancer"%}} RKE, the installer that provisions your air gapped cluster, will configure an Ingress controller pod on each of your nodes. The Ingress controller pods are bound to ports TCP/80 and TCP/443 on the host network and are the entry point for HTTPS traffic to the Rancher server. Configure a load balancer as a basic Layer 4 TCP forwarder. The exact configuration will vary depending on your environment. -{{% /tab %}} -{{% /tabs %}} -## 2. Collect Image Sources -Using a computer with internet access, browse to our Rancher [releases page](https://github.com/rancher/rancher/releases) and find the version that you want to install. Download the following three files, which are required to install Rancher in an air gap environment: +## 2. Collect and Publish Image Sources + +Using a computer with internet access, browse to our Rancher [releases page](https://github.com/rancher/rancher/releases) and find the version that you want to install in your air gap environment. Download the following three files: | Release File | Description | | --- | --- | -| `rancher-images.txt` | This file contains a list of all files needed to install Rancher. -| `rancher-save-images.sh` | This script pulls all the images in the `rancher-images.txt` from various public registries and saves all of the images as `rancher-images.tar.gz`. | -| `rancher-load-images.sh` | This script loads images from the `rancher-images.tar.gz` file and pushes them to your private registry. | +| `rancher-images.txt` | Contains a list of all files needed to install Rancher. +| `rancher-save-images.sh` | Pulls all the images in the `rancher-images.txt` from various public registries and saves all of the images as `rancher-images.tar.gz`. | +| `rancher-load-images.sh` | Loads images from the `rancher-images.tar.gz` file and pushes them to your private registry. | -## 3. Publish Images - After downloading the release files, publish the images from `rancher-images.txt` to your private registry using the image scripts. >**Note:** Image publication may require up to 20GB of empty disk space. -1. From a system with internet access, use the `rancher-save-images.sh` with the `rancher-images.txt` image list to create a tarball of all the required images. +1. From Terminal, change directories to the path containing the files listed above. + +1. Make `rancher-save-images.sh` an executable. + + ``` + chmod +x rancher-save-images.sh + ``` + +1. Run `rancher-save-images.sh` with the `rancher-images.txt` image list to create a tarball of all the required images. ```plain ./rancher-save-images.sh --image-list ./rancher-images.txt ``` -1. Copy `rancher-load-images.sh`, `rancher-images.txt` and `rancher-images.tar.gz` files to the [Linux host](#1-provision-linux-host) that you've provisioned. + **Step Result:** Docker begins pulling the images used for an air gap install. Be patient. This process takes a few minutes. When the process completes, your current directory will output a tarball named `rancher-images.tar.gz`. - 1. Log into your registry if required. +1. Push `rancher-load-images.sh`, `rancher-images.txt` and `rancher-images.tar.gz` to your private registry.files to each of the [Linux hosts](#1-provision-three-linux-hosts-and-load-balancer) that you've provisioned. + + + 1. Log into your private registry if required. ```plain docker login @@ -112,17 +123,10 @@ After downloading the release files, publish the images from `rancher-images.txt ``` +## 3. Create an RKE Config File -## 4. Install Rancher - -This guide will take you through the basic process of installing Rancher Server HA in a Air Gap environment. Please see the [High Availability Install]({{< baseurl >}}/rancher/v2.x/en/installation/ha) guide for additional options and troubleshooting. - - -### 4A. Create an RKE Config File - - -On a system that has access (22/tcp and 6443/tcp) to the nodes you have built to host the Rancher server cluster, use the sample below create the `rancher-cluster.yml` file. Replace the IP Addresses in the `nodes` list with the IP address or DNS names of the 3 nodes you created. +From a system that can access ports 22/tcp and 6443/tcp on your host nodes, use the sample below create `rancher-cluster.yml`. This file is a Rancher Kubernetes Engine configuration file (RKE config file), which is a configuration for the cluster you're deploying Rancher to. Replace the IP Addresses in the `nodes` list with the IP address or DNS names of the 3 nodes you created. >**Tip:** See [Install Kubernetes with RKE]({{< baseurl >}}/rancher/v2.x/en/installation/ha/kubernetes-rke/) for more details on the options available. @@ -161,19 +165,19 @@ private_registries: is_default: true ``` -#### Common RKE Nodes Options +### Common RKE Nodes Options -| Option | Required | Description | -| --- | --- | --- | -| `address` | yes | The public DNS or IP address | -| `user` | yes | A user that can run docker commands | -| `role` | yes | List of Kubernetes roles assigned to the node | -| `internal_address` | no | The private DNS or IP address for internal cluster traffic | -| `ssh_key_path` | no | Path to SSH private key used to authenticate to the node (defaults to `~/.ssh/id_rsa`) | +| Option | Required | Description | +| ------------------ | -------- | -------------------------------------------------------------------------------------- | +| `address` | yes | The public DNS or IP address | +| `user` | yes | A user that can run docker commands | +| `role` | yes | List of Kubernetes roles assigned to the node | +| `internal_address` | no | The private DNS or IP address for internal cluster traffic | +| `ssh_key_path` | no | Path to SSH private key used to authenticate to the node (defaults to `~/.ssh/id_rsa`) | -### 4B. Run RKE +## 4. Run RKE After configuring `rancher-cluster.yml`, open Terminal and change directories to the RKE binary. Then enter the command below to stand up your high availability cluster. @@ -181,26 +185,24 @@ After configuring `rancher-cluster.yml`, open Terminal and change directories to rke up --config ./rancher-cluster.yml ``` -### 4C. Initialize Helm +## 5. Initialize Helm and Render Templates Instead of installing the `tiller` agent on the cluster, render the installs on a system that has access to the internet and copy resulting manifests to a system that has access to the Rancher server cluster. -Skip the [Initialize Helm (Install Tiller)]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-init/) and initialize `helm` locally on a system that has internet access. +Initialize `helm` locally on a system that has internet access. ```plain helm init -c -``` +``` -### 4D. Render Templates +Then, using the same system, fetch and render the `helm` charts. -Fetch and render the `helm` charts on a system that has internet access. - -### 4E. Install Cert-Manager +## 6. Optional: Install Cert-Manager If you are installing Rancher with its self-signed certificates, you will need to install 'cert-manager' on your cluster. If you are installing your own certificates you may skip this section. -Fetch the latest `cert-manager` chart from the [official Helm chart repository](https://github.com/helm/charts/tree/master/stable). +From a system connected to the internet, fetch the latest `cert-manager` chart available from thea [official Helm chart repository](https://github.com/helm/charts/tree/master/stable). ```plain helm fetch stable/cert-manager @@ -214,9 +216,9 @@ helm template ./cert-manager-.tgz --output-dir . \ --set image.repository=/quay.io/jetstack/cert-manager-controller ``` -### 4F. Install Rancher +## 7. Install Rancher -Add the Helm chart repository that contains charts to install Rancher. Replace `` with the [repository that you're using]({{< baseurl >}}/rancher/v2.x/en/installation/server-tags/#helm-chart-repositories) (i.e. `latest` or `stable`). +Add the Helm chart repository that contains charts to install Rancher. Replace `` with the [repository that you're using]({{< baseurl >}}/rancher/v2.x/en/installation/server-tags/#helm-chart-repositories) (i.e. `latest` or `stable`). Please see the [High Availability Install]({{< baseurl >}}/rancher/v2.x/en/installation/ha) guide for additional options and troubleshooting. ```plain helm repo add rancher- https://releases.rancher.com/server-charts/ @@ -237,7 +239,7 @@ helm template ./rancher-.tgz --output-dir . \ --set rancherImage=/rancher/rancher ``` -### 4G. Copy and Apply Manifests +## 8. Copy and Apply Manifests Copy the rendered manifest directories to a system that has access to the Rancher server cluster. @@ -252,7 +254,7 @@ kubectl -n cattle-system apply -R -f ./rancher Make sure you follow any additional instructions required by SSL install options. See [Choose your SSL Configuration]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/#choose-your-ssl-configuration) for details. -## 4. Configure Rancher for the Private Registry +## 9. Configure Rancher for the Private Registry Rancher needs to be configured to use the private registry in order to provision any [Rancher launched Kubernetes clusters]({{< baseurl >}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/) or [Rancher tools]({{< baseurl >}}/rancher/v2.x/en/tools/) . diff --git a/content/rancher/v2.x/en/installation/air-gap-installation/single-node/_index.md b/content/rancher/v2.x/en/installation/WIP-air-gap-installation/air-gap-single-node/_index.md similarity index 100% rename from content/rancher/v2.x/en/installation/air-gap-installation/single-node/_index.md rename to content/rancher/v2.x/en/installation/WIP-air-gap-installation/air-gap-single-node/_index.md