public/rancher-docs
1
0
Fork 0
mirror of https://github.com/rancher/rancher-docs.git synced 2026-05-16 18:13:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

making updates per Jason

Browse Source
This commit is contained in:
Mark Bishop
2018-11-09 16:09:18 -07:00
parent a553d04cea
commit f72eb04099
5 changed files with 40 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files
content/rancher/v2.x/en/installation/air-gap-high-availability/install-kube/_index.md
+6 -6
View File
@@ -17,28 +17,28 @@ Replace values in the code sample below with help of the _RKE Options_ table. Us
| Option | Required | Description |
| ------------------ | -------- | -------------------------------------------------------------------------------------- |
| `address` | ✓ | The DNS or IP address for the node within the air gap network (don't use a public address). |
| `address` | ✓ | The DNS or IP address for the node within the air gap network. |
| `user` | ✓ | A user that can run docker commands. |
| `role` | ✓ | List of Kubernetes roles assigned to the node. |
| `internal_address` | | The private DNS or IP address used for internal cluster traffic. |
| `internal_address` | optional<sup>1</sup> | The DNS or IP address used for internal cluster traffic. |
| `ssh_key_path` | | Path to SSH private key used to authenticate to the node (defaults to `~/.ssh/id_rsa`). |
> **Note:** Although this is an air gap configuration, we still recommend setting values for both `address` and `external address`. In this context, `address` refers to the IP address of the node within the air gap network, not a public address. `internal_address` is the IP address that your nodes use for intra-cluster communication. Some services like AWS EC2 require setting the `internal_address` if you want to use self-referencing security groups or firewalls.
> <sup>1</sup> Some services like AWS EC2 require setting the `internal_address` if you want to use self-referencing security groups or firewalls.
```yaml
nodes:
- address: 10.10.3.187 # node air gap network IP
- address: 10.10.3.187 # node air gap network IP
internal_address: 172.31.7.22 # node intra-cluster IP
user: rancher
role: [ "controlplane", "etcd", "worker" ]
ssh_key_file: /home/user/.ssh/id_rsa
- address: 10.10.3.254 # node air gap network IP
- address: 10.10.3.254 # node air gap network IP
internal_address: 172.31.13.132 # node intra-cluster IP
user: rancher
role: [ "controlplane", "etcd", "worker" ]
ssh_key_file: /home/user/.ssh/id_rsa
- address: 10.10.3.89 # node air gap network IP
- address: 10.10.3.89 # node air gap network IP
internal_address: 172.31.3.216 # node intra-cluster IP
user: rancher
role: [ "controlplane", "etcd", "worker" ]
content/rancher/v2.x/en/installation/air-gap-high-availability/install-rancher/_index.md
+7 -18
View File
@@ -4,12 +4,12 @@ weight: 400
aliases:
---
## A. Add the Helm Chart Repository and Render Templates
## A. Add the Helm Chart Repository
From a system that has access to the internet, render the installs and copy the resulting manifests to a system that has access to the Rancher server cluster.
1. Initialize `helm` locally on a system that has internet access.
1. If you haven't already, initialize `helm` locally on a system that has internet access.
```plain
helm init -c
@@ -28,15 +28,6 @@ From a system that has access to the internet, render the installs and copy the
helm fetch rancher-<CHART_REPO>/rancher
```
4. Render the template with the options you would use to install the chart. See [Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/) for details on the various options. Remember to set the `rancherImage` option to pull the image from your private registry. This will create a `rancher` directory with the Kubernetes manifest files.
```plain
helm template ./rancher-<version>.tgz --output-dir . \
--name rancher --namespace cattle-system \
--set hostname=<RANCHER.YOURDOMAIN.COM> \
--set rancherImage=<REGISTRY.YOURDOMAIN.COM:PORT>/rancher/rancher
```
>Want additional options? Need help troubleshooting? See [High Availability Install: Advanced Options]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/#advanced-configurations).
@@ -66,8 +57,6 @@ By default, Rancher generates a CA and uses cert manger to issue the certificate
helm fetch stable/cert-manager
```
```
1. Render the cert manager template with the options you would like to use to install the chart. Remember to set the `image.repository` option to pull the image from your private registry. This will create a `cert-manager` directory with the Kubernetes manifest files.
```plain
@@ -76,7 +65,7 @@ By default, Rancher generates a CA and uses cert manger to issue the certificate
--set image.repository=<REGISTRY.YOURDOMAIN.COM:PORT>/quay.io/jetstack/cert-manager-controller
```
1. Render the Rancher template with the options you would like to use to install the chart. Use the reference table below to replace each placeholder.
1. Render the Rancher template, declaring your chosen options. Use the reference table below to replace each placeholder.
Placeholder | Description
------------|-------------
@@ -101,7 +90,7 @@ By default, Rancher generates a CA and uses cert manger to issue the certificate
> **Note:** The common name for the cert will need to match the `hostname` option or the ingress controller will fail to provision the site for Rancher.
1. Render the Rancher template with the options you would like to use to install the chart. Use the reference table below to replace each placeholder.
1. Render the Rancher template, declaring your chosen options. Use the reference table below to replace each placeholder.
Placeholder | Description
------------|-------------
@@ -121,12 +110,12 @@ By default, Rancher generates a CA and uses cert manger to issue the certificate
--set ingress.tls.source=secret \
```
1. Now that Rancher is running, see [Adding TLS Secrets]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/tls-secrets/) to publish the certificate files so Rancher and the ingress controller can use them.
1. See [Adding TLS Secrets]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/tls-secrets/) to publish the certificate files so Rancher and the ingress controller can use them.
{{% /accordion %}}
## D. Copy and Apply Manifests
## D. Install Rancher
Copy the rendered manifest directories to a system that has access to the Rancher server cluster.
Copy the rendered manifest directories to a system that has access to the Rancher server cluster to complete installation.
Use `kubectl` to create namespaces and apply the rendered manifests.
content/rancher/v2.x/en/installation/air-gap-high-availability/prepare-private-registry/_index.md
+22 -26
View File
@@ -22,28 +22,20 @@ Start by collecting all the images needed to install Rancher in an air gap envir
| `rancher-save-images.sh` | This script pulls all the images in the `rancher-images.txt` from Docker Hub and saves all of the images as `rancher-images.tar.gz`. |
| `rancher-load-images.sh` | This script loads images from the `rancher-images.tar.gz` file and pushes them to your private registry. |
3. Use the three files above to populate `rancher-images.txt` with the images needed for installation.
1. Make `rancher-save-images.sh` an executable.
1. Make `rancher-save-images.sh` an executable.
```
chmod +x rancher-save-images.sh
```
```
chmod +x rancher-save-images.sh
```
1. Run `rancher-save-images.sh` with the `rancher-images.txt` image list to create a tarball of all the required images.
```plain
./rancher-save-images.sh --image-list ./rancher-images.txt
```
**Step Result:** Docker begins pulling the images used for an air gap install. Be patient. This process takes a few minutes. When the process completes, your current directory will output a tarball named `rancher-images.tar.gz`.
1. From the directory that contains the RKE binary, add RKE's images to `rancher-images.txt`.
1. From the directory that contains the RKE binary, add RKE's images to `rancher-images.txt`, which is a list of all the files needed to install Rancher.
```
rke config --system-images >> ./rancher-images.txt
```
1. **Self-Signed Certificate Users Only:** If you elect to use the Rancher default self-signed TLS certificates, you must add the [`cert-manager`](https://github.com/helm/charts/tree/master/stable/cert-manager) image to `rancher-images.txt` as well. You may skip to [B. Publish Images](#b-publish-images ) if you are using you using your own certificates.
1. **Default Rancher Generated Self-Signed Certificate Users Only:** If you elect to use the Rancher default self-signed TLS certificates, you must add the [`cert-manager`](https://github.com/helm/charts/tree/master/stable/cert-manager) image to `rancher-images.txt` as well. You may skip to [B. Publish Images](#b-publish-images ) if you are using you using your own certificates.
1. Fetch the latest `cert-manager` Helm chart and parse the template for image details.
@@ -58,6 +50,14 @@ Start by collecting all the images needed to install Rancher in an air gap envir
sort -u rancher-images.txt -o rancher-images.txt
```
1. Run `rancher-save-images.sh` with the `rancher-images.txt` image list to create a tarball of all the required images.
```plain
./rancher-save-images.sh --image-list ./rancher-images.txt
```
**Step Result:** Docker begins pulling the images used for an air gap install. Be patient. This process takes a few minutes. When the process completes, your current directory will output a tarball named `rancher-images.tar.gz`. Check that the output is in the directory.
## B. Publish Images
@@ -65,20 +65,16 @@ Using a computer with access to the internet and your private registry, move the
>**Note:** Image publication may require up to 20GB of empty disk space.
1. Log into your private registry if required.
1. Push `rancher-load-images.sh`, `rancher-images.txt` and `rancher-images.tar.gz` to your private registry.
```plain
docker login <REGISTRY.YOURDOMAIN.COM:PORT>
```
1. Use `rancher-load-images.sh` to extract, tag and push `rancher-images.txt` and `rancher-images.tar.gz` to your private registry.
1. Log into your private registry if required.
```plain
docker login <REGISTRY.YOURDOMAIN.COM:PORT>
```
1. Use `rancher-load-images.sh` to extract, tag and push the images to your private registry.
```plain
./rancher-load-images.sh --image-list ./rancher-images.txt --registry <REGISTRY.YOURDOMAIN.COM:PORT>
```
```plain
./rancher-load-images.sh --image-list ./rancher-images.txt --registry <REGISTRY.YOURDOMAIN.COM:PORT>
```
### [Next: Install Kubernetes with RKE]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-high-availability/install-kube/)
content/rancher/v2.x/en/installation/air-gap-high-availability/provision-hosts/_index.md
+5
View File
@@ -28,4 +28,9 @@ RKE, the installer that provisions your air gapped cluster, will configure an In
Configure a load balancer as a basic Layer 4 TCP forwarder. The exact configuration will vary depending on your environment.
**Load Balancer Configuration Samples:**
- [NGINX]({{< baseurl >}}/rancher/v2.x/en/installation/ha/create-nodes-lb/nginx)
- [Amazon NLB]({{< baseurl >}}/rancher/v2.x/en/installation/ha/create-nodes-lb/nlb)
### [Next: Collect and Publish Image Sources]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-high-availability/prepare-private-registry/)
content/rancher/v2.x/en/installation/ha/helm-rancher/_index.md
-6
View File
@@ -90,12 +90,6 @@ This option uses `cert-manager` to automatically request and renew [Let's Encryp
- Set `hostname` to the public DNS record, set `ingress.tls.source` to `letsEncrypt` and `letsEncrypt.email` to the email address used for communication about your certificate (for example, expiry notices)
<<<<<<< HEAD
>**Using Air Gap?** [Set the `rancherImage` option]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/#install-rancher-using-private-registry) in your command, pointing toward your private registry.
=======
>>>>>>> removing air gap notes
```
helm install rancher-<CHART_REPO>/rancher \
--name rancher \