From f72eb04099d7d9a1acc3f972cead448f4232195d Mon Sep 17 00:00:00 2001 From: Mark Bishop Date: Fri, 9 Nov 2018 16:09:18 -0700 Subject: [PATCH] making updates per Jason --- .../install-kube/_index.md | 12 ++--- .../install-rancher/_index.md | 25 +++------- .../prepare-private-registry/_index.md | 48 +++++++++---------- .../provision-hosts/_index.md | 5 ++ .../en/installation/ha/helm-rancher/_index.md | 6 --- 5 files changed, 40 insertions(+), 56 deletions(-) diff --git a/content/rancher/v2.x/en/installation/air-gap-high-availability/install-kube/_index.md b/content/rancher/v2.x/en/installation/air-gap-high-availability/install-kube/_index.md index 8a54cfc80e3..30695200b6e 100644 --- a/content/rancher/v2.x/en/installation/air-gap-high-availability/install-kube/_index.md +++ b/content/rancher/v2.x/en/installation/air-gap-high-availability/install-kube/_index.md @@ -17,28 +17,28 @@ Replace values in the code sample below with help of the _RKE Options_ table. Us | Option | Required | Description | | ------------------ | -------- | -------------------------------------------------------------------------------------- | -| `address` | ✓ | The DNS or IP address for the node within the air gap network (don't use a public address). | +| `address` | ✓ | The DNS or IP address for the node within the air gap network. | | `user` | ✓ | A user that can run docker commands. | | `role` | ✓ | List of Kubernetes roles assigned to the node. | -| `internal_address` | | The private DNS or IP address used for internal cluster traffic. | +| `internal_address` | optional1 | The DNS or IP address used for internal cluster traffic. | | `ssh_key_path` | | Path to SSH private key used to authenticate to the node (defaults to `~/.ssh/id_rsa`). | -> **Note:** Although this is an air gap configuration, we still recommend setting values for both `address` and `external address`. In this context, `address` refers to the IP address of the node within the air gap network, not a public address. `internal_address` is the IP address that your nodes use for intra-cluster communication. Some services like AWS EC2 require setting the `internal_address` if you want to use self-referencing security groups or firewalls. +> 1 Some services like AWS EC2 require setting the `internal_address` if you want to use self-referencing security groups or firewalls. ```yaml nodes: -- address: 10.10.3.187 # node air gap network IP +- address: 10.10.3.187 # node air gap network IP internal_address: 172.31.7.22 # node intra-cluster IP user: rancher role: [ "controlplane", "etcd", "worker" ] ssh_key_file: /home/user/.ssh/id_rsa -- address: 10.10.3.254 # node air gap network IP +- address: 10.10.3.254 # node air gap network IP internal_address: 172.31.13.132 # node intra-cluster IP user: rancher role: [ "controlplane", "etcd", "worker" ] ssh_key_file: /home/user/.ssh/id_rsa -- address: 10.10.3.89 # node air gap network IP +- address: 10.10.3.89 # node air gap network IP internal_address: 172.31.3.216 # node intra-cluster IP user: rancher role: [ "controlplane", "etcd", "worker" ] diff --git a/content/rancher/v2.x/en/installation/air-gap-high-availability/install-rancher/_index.md b/content/rancher/v2.x/en/installation/air-gap-high-availability/install-rancher/_index.md index c5ec3257902..758758c3e73 100644 --- a/content/rancher/v2.x/en/installation/air-gap-high-availability/install-rancher/_index.md +++ b/content/rancher/v2.x/en/installation/air-gap-high-availability/install-rancher/_index.md @@ -4,12 +4,12 @@ weight: 400 aliases: --- -## A. Add the Helm Chart Repository and Render Templates +## A. Add the Helm Chart Repository From a system that has access to the internet, render the installs and copy the resulting manifests to a system that has access to the Rancher server cluster. -1. Initialize `helm` locally on a system that has internet access. +1. If you haven't already, initialize `helm` locally on a system that has internet access. ```plain helm init -c @@ -28,15 +28,6 @@ From a system that has access to the internet, render the installs and copy the helm fetch rancher-/rancher ``` -4. Render the template with the options you would use to install the chart. See [Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/) for details on the various options. Remember to set the `rancherImage` option to pull the image from your private registry. This will create a `rancher` directory with the Kubernetes manifest files. - - ```plain - helm template ./rancher-.tgz --output-dir . \ - --name rancher --namespace cattle-system \ - --set hostname= \ - --set rancherImage=/rancher/rancher - ``` - >Want additional options? Need help troubleshooting? See [High Availability Install: Advanced Options]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/#advanced-configurations). @@ -66,8 +57,6 @@ By default, Rancher generates a CA and uses cert manger to issue the certificate helm fetch stable/cert-manager ``` - ``` - 1. Render the cert manager template with the options you would like to use to install the chart. Remember to set the `image.repository` option to pull the image from your private registry. This will create a `cert-manager` directory with the Kubernetes manifest files. ```plain @@ -76,7 +65,7 @@ By default, Rancher generates a CA and uses cert manger to issue the certificate --set image.repository=/quay.io/jetstack/cert-manager-controller ``` -1. Render the Rancher template with the options you would like to use to install the chart. Use the reference table below to replace each placeholder. +1. Render the Rancher template, declaring your chosen options. Use the reference table below to replace each placeholder. Placeholder | Description ------------|------------- @@ -101,7 +90,7 @@ By default, Rancher generates a CA and uses cert manger to issue the certificate > **Note:** The common name for the cert will need to match the `hostname` option or the ingress controller will fail to provision the site for Rancher. -1. Render the Rancher template with the options you would like to use to install the chart. Use the reference table below to replace each placeholder. +1. Render the Rancher template, declaring your chosen options. Use the reference table below to replace each placeholder. Placeholder | Description ------------|------------- @@ -121,12 +110,12 @@ By default, Rancher generates a CA and uses cert manger to issue the certificate --set ingress.tls.source=secret \ ``` -1. Now that Rancher is running, see [Adding TLS Secrets]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/tls-secrets/) to publish the certificate files so Rancher and the ingress controller can use them. +1. See [Adding TLS Secrets]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/tls-secrets/) to publish the certificate files so Rancher and the ingress controller can use them. {{% /accordion %}} -## D. Copy and Apply Manifests +## D. Install Rancher -Copy the rendered manifest directories to a system that has access to the Rancher server cluster. +Copy the rendered manifest directories to a system that has access to the Rancher server cluster to complete installation. Use `kubectl` to create namespaces and apply the rendered manifests. diff --git a/content/rancher/v2.x/en/installation/air-gap-high-availability/prepare-private-registry/_index.md b/content/rancher/v2.x/en/installation/air-gap-high-availability/prepare-private-registry/_index.md index ab03a7cfa78..0dccd3b3818 100644 --- a/content/rancher/v2.x/en/installation/air-gap-high-availability/prepare-private-registry/_index.md +++ b/content/rancher/v2.x/en/installation/air-gap-high-availability/prepare-private-registry/_index.md @@ -22,28 +22,20 @@ Start by collecting all the images needed to install Rancher in an air gap envir | `rancher-save-images.sh` | This script pulls all the images in the `rancher-images.txt` from Docker Hub and saves all of the images as `rancher-images.tar.gz`. | | `rancher-load-images.sh` | This script loads images from the `rancher-images.tar.gz` file and pushes them to your private registry. | -3. Use the three files above to populate `rancher-images.txt` with the images needed for installation. - 1. Make `rancher-save-images.sh` an executable. +1. Make `rancher-save-images.sh` an executable. - ``` - chmod +x rancher-save-images.sh - ``` + ``` + chmod +x rancher-save-images.sh + ``` - 1. Run `rancher-save-images.sh` with the `rancher-images.txt` image list to create a tarball of all the required images. - - ```plain - ./rancher-save-images.sh --image-list ./rancher-images.txt - ``` - - **Step Result:** Docker begins pulling the images used for an air gap install. Be patient. This process takes a few minutes. When the process completes, your current directory will output a tarball named `rancher-images.tar.gz`. -1. From the directory that contains the RKE binary, add RKE's images to `rancher-images.txt`. +1. From the directory that contains the RKE binary, add RKE's images to `rancher-images.txt`, which is a list of all the files needed to install Rancher. ``` rke config --system-images >> ./rancher-images.txt ``` -1. **Self-Signed Certificate Users Only:** If you elect to use the Rancher default self-signed TLS certificates, you must add the [`cert-manager`](https://github.com/helm/charts/tree/master/stable/cert-manager) image to `rancher-images.txt` as well. You may skip to [B. Publish Images](#b-publish-images ) if you are using you using your own certificates. +1. **Default Rancher Generated Self-Signed Certificate Users Only:** If you elect to use the Rancher default self-signed TLS certificates, you must add the [`cert-manager`](https://github.com/helm/charts/tree/master/stable/cert-manager) image to `rancher-images.txt` as well. You may skip to [B. Publish Images](#b-publish-images ) if you are using you using your own certificates. 1. Fetch the latest `cert-manager` Helm chart and parse the template for image details. @@ -58,6 +50,14 @@ Start by collecting all the images needed to install Rancher in an air gap envir sort -u rancher-images.txt -o rancher-images.txt ``` +1. Run `rancher-save-images.sh` with the `rancher-images.txt` image list to create a tarball of all the required images. + + ```plain + ./rancher-save-images.sh --image-list ./rancher-images.txt + ``` + + **Step Result:** Docker begins pulling the images used for an air gap install. Be patient. This process takes a few minutes. When the process completes, your current directory will output a tarball named `rancher-images.tar.gz`. Check that the output is in the directory. + ## B. Publish Images @@ -65,20 +65,16 @@ Using a computer with access to the internet and your private registry, move the >**Note:** Image publication may require up to 20GB of empty disk space. +1. Log into your private registry if required. -1. Push `rancher-load-images.sh`, `rancher-images.txt` and `rancher-images.tar.gz` to your private registry. + ```plain + docker login + ``` +1. Use `rancher-load-images.sh` to extract, tag and push `rancher-images.txt` and `rancher-images.tar.gz` to your private registry. - 1. Log into your private registry if required. - - ```plain - docker login - ``` - - 1. Use `rancher-load-images.sh` to extract, tag and push the images to your private registry. - - ```plain - ./rancher-load-images.sh --image-list ./rancher-images.txt --registry - ``` + ```plain + ./rancher-load-images.sh --image-list ./rancher-images.txt --registry + ``` ### [Next: Install Kubernetes with RKE]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-high-availability/install-kube/) \ No newline at end of file diff --git a/content/rancher/v2.x/en/installation/air-gap-high-availability/provision-hosts/_index.md b/content/rancher/v2.x/en/installation/air-gap-high-availability/provision-hosts/_index.md index 209475a4f24..aa911439019 100644 --- a/content/rancher/v2.x/en/installation/air-gap-high-availability/provision-hosts/_index.md +++ b/content/rancher/v2.x/en/installation/air-gap-high-availability/provision-hosts/_index.md @@ -28,4 +28,9 @@ RKE, the installer that provisions your air gapped cluster, will configure an In Configure a load balancer as a basic Layer 4 TCP forwarder. The exact configuration will vary depending on your environment. +**Load Balancer Configuration Samples:** + +- [NGINX]({{< baseurl >}}/rancher/v2.x/en/installation/ha/create-nodes-lb/nginx) +- [Amazon NLB]({{< baseurl >}}/rancher/v2.x/en/installation/ha/create-nodes-lb/nlb) + ### [Next: Collect and Publish Image Sources]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-high-availability/prepare-private-registry/) diff --git a/content/rancher/v2.x/en/installation/ha/helm-rancher/_index.md b/content/rancher/v2.x/en/installation/ha/helm-rancher/_index.md index e5d6f3979cb..6e7646069f4 100644 --- a/content/rancher/v2.x/en/installation/ha/helm-rancher/_index.md +++ b/content/rancher/v2.x/en/installation/ha/helm-rancher/_index.md @@ -90,12 +90,6 @@ This option uses `cert-manager` to automatically request and renew [Let's Encryp - Set `hostname` to the public DNS record, set `ingress.tls.source` to `letsEncrypt` and `letsEncrypt.email` to the email address used for communication about your certificate (for example, expiry notices) -<<<<<<< HEAD - ->**Using Air Gap?** [Set the `rancherImage` option]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/#install-rancher-using-private-registry) in your command, pointing toward your private registry. - -======= ->>>>>>> removing air gap notes ``` helm install rancher-/rancher \ --name rancher \