From fba4696a568e35321bdcdfacba968d22b2c199bc Mon Sep 17 00:00:00 2001 From: Mark Bishop Date: Fri, 9 Nov 2018 13:50:30 -0700 Subject: [PATCH] adding content --- .../helm-init/_index.md | 47 --------- .../install-kube/_index.md | 45 ++++----- .../install-rancher-2/_index.md | 96 +++++++++++++++++++ .../install-rancher/_index.md | 67 +++++++++---- .../prepare-private-registry/_index.md | 11 +-- 5 files changed, 169 insertions(+), 97 deletions(-) delete mode 100644 content/rancher/v2.x/en/installation/air-gap-high-availability/helm-init/_index.md create mode 100644 content/rancher/v2.x/en/installation/air-gap-high-availability/install-rancher-2/_index.md diff --git a/content/rancher/v2.x/en/installation/air-gap-high-availability/helm-init/_index.md b/content/rancher/v2.x/en/installation/air-gap-high-availability/helm-init/_index.md deleted file mode 100644 index f1044b45b44..00000000000 --- a/content/rancher/v2.x/en/installation/air-gap-high-availability/helm-init/_index.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: 4. Initialize Helm -weight: 400 -aliases: ---- - -## A. Initialize Helm and Render Templates - - -From a system that has access to the internet, render the installs et and copy resulting manifests to a system that has access to the Rancher server cluster. - -Initialize `helm` locally on a system that has internet access. - -```plain -helm init -c -``` - -Then, using the same system, fetch and render the `helm` charts. Render the template with the options you would use to install the chart. See [Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/) for details on the various options. Remember to set the `rancherImage` option to pull the image from your private registry. This will create a `rancher` directory with the Kubernetes manifest files. - -```plain -helm template ./rancher-.tgz --output-dir . \ ---name rancher --namespace cattle-system \ ---set hostname= \ ---set rancherImage=/rancher/rancher -``` - ->Want additional options? Need help troubleshooting? See [High Availability Install: Advanced Options]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/#advanced-configurations). - -## B. Optional: Install Cert-Manager - -If you are installing Rancher with its self-signed certificates, you will need to install 'cert-manager' on your cluster. If you are installing your own certificates you may skip this section. - -From a system connected to the internet, fetch the latest `cert-manager` chart available from thea [official Helm chart repository](https://github.com/helm/charts/tree/master/stable). - -```plain -helm fetch stable/cert-manager -``` - -Render the template with the option you would use to install the chart. Remember to set the `image.repository` option to pull the image from your private registry. This will create a `cert-manager` directory with the Kubernetes manifest files. - -```plain -helm template ./cert-manager-.tgz --output-dir . \ ---name cert-manager --namespace kube-system \ ---set image.repository=/quay.io/jetstack/cert-manager-controller -``` - -### [Next: Choose an SSL Option and Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-high-availability/install-rancher/) \ No newline at end of file diff --git a/content/rancher/v2.x/en/installation/air-gap-high-availability/install-kube/_index.md b/content/rancher/v2.x/en/installation/air-gap-high-availability/install-kube/_index.md index dd7e05f0263..a9c7e2ee3f3 100644 --- a/content/rancher/v2.x/en/installation/air-gap-high-availability/install-kube/_index.md +++ b/content/rancher/v2.x/en/installation/air-gap-high-availability/install-kube/_index.md @@ -9,31 +9,37 @@ aliases: From a system that can access ports 22/tcp and 6443/tcp on your host nodes, use the sample below to create a new file named `rancher-cluster.yml`. This file is a Rancher Kubernetes Engine configuration file (RKE config file), which is a configuration for the cluster you're deploying Rancher to. -Replace values in the code sample according to the table below with the IP address or DNS names of the 3 nodes you created. +Replace values in the code sample below with help of the _RKE Options_ table. Use the IP address or DNS names of the [3 nodes]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-high-availability/provision-hosts) you created. + +>**Tip:** For more details on the options available, see the RKE [Config Options](http://localhost:9001/rke/v0.1.x/en/config-options/). + +
RKE Options
+ +| Option | Required | Description | +| ------------------ | -------- | -------------------------------------------------------------------------------------- | +| `address` | ✓ | The DNS or IP address for the node within the air gap network (don't use a public address). | +| `user` | ✓ | A user that can run docker commands. | +| `role` | ✓ | List of Kubernetes roles assigned to the node. | +| `internal_address` | | The private DNS or IP address used for internal cluster traffic. | +| `ssh_key_path` | | Path to SSH private key used to authenticate to the node (defaults to `~/.ssh/id_rsa`). | -| Placeholder | Description | -| ----------------------- | --------------------------------------------------------------------- | -| `address` | The IP address for each of your air gap nodes outside of the cluster. | -| `internal_address` | The IP address for each of your air gap nodes within the cluster. | -| `url` | The URL for your private registry. | - -> **Note:** If your node has public and internal addresses, it is recommended to set the `internal_address:` so Kubernetes will use it for intra-cluster communication. Some services like AWS EC2 require setting the `internal_address:` if you want to use self-referencing security groups or firewalls. +> **Note:** Although this is an air gap configuration, we still recommend setting values for both `address` and `external address`. In this context, `address` refers to the IP address of the node within the air gap network, not a public address. `internal_address` is the IP address that your nodes use for intra-cluster communication. Some services like AWS EC2 require setting the `internal_address` if you want to use self-referencing security groups or firewalls. ```yaml nodes: -- address: 18.222.121.187 # air gap node external IP - internal_address: 172.31.7.22 # air gap node internal IP +- address: 10.10.3.187 # node air gap network IP + internal_address: 172.31.7.22 # node intra-cluster IP user: rancher role: [ "controlplane", "etcd", "worker" ] ssh_key_file: /home/user/.ssh/id_rsa -- address: 18.220.193.254 # air gap node external IP - internal_address: 172.31.13.132 # air gap node internal IP +- address: 10.10.3.254 # node air gap network IP + internal_address: 172.31.13.132 # node intra-cluster IP user: rancher role: [ "controlplane", "etcd", "worker" ] ssh_key_file: /home/user/.ssh/id_rsa -- address: 13.59.83.89 # air gap node external IP - internal_address: 172.31.3.216 # air gap node internal IP +- address: 10.10.3.89 # node air gap network IP + internal_address: 172.31.3.216 # node intra-cluster IP user: rancher role: [ "controlplane", "etcd", "worker" ] ssh_key_file: /home/user/.ssh/id_rsa @@ -45,17 +51,6 @@ private_registries: is_default: true ``` -### Common RKE Nodes Options - -| Option | Required | Description | -| ------------------ | -------- | -------------------------------------------------------------------------------------- | -| `address` | yes | The public DNS or IP address | -| `user` | yes | A user that can run docker commands | -| `role` | yes | List of Kubernetes roles assigned to the node | -| `internal_address` | no | The private DNS or IP address for internal cluster traffic | -| `ssh_key_path` | no | Path to SSH private key used to authenticate to the node (defaults to `~/.ssh/id_rsa`) | - ->**Tip:** For more details on the options available, see the RKE [Config Options](http://localhost:9001/rke/v0.1.x/en/config-options/). ## B. Run RKE diff --git a/content/rancher/v2.x/en/installation/air-gap-high-availability/install-rancher-2/_index.md b/content/rancher/v2.x/en/installation/air-gap-high-availability/install-rancher-2/_index.md new file mode 100644 index 00000000000..d0eb89c5e54 --- /dev/null +++ b/content/rancher/v2.x/en/installation/air-gap-high-availability/install-rancher-2/_index.md @@ -0,0 +1,96 @@ +--- +title: "5. Choose an SSL Option and Install Rancher" +weight: 500 +aliases: +--- + +## A. Render Templates and Install Rancher + +Add the Helm chart repository that contains charts to install Rancher. Replace `` with the [repository that you're using]({{< baseurl >}}/rancher/v2.x/en/installation/server-tags/#helm-chart-repositories) (i.e. `latest` or `stable`). + +```plain +helm repo add rancher- https://releases.rancher.com/server-charts/ +``` + +Fetch the latest Rancher chart. This will pull down the chart and save it in the current directory as a `.tgz` file. Replace `` with the repo you're using (`latest` or `stable`). + +```plain +helm fetch rancher-/rancher +``` + +Render the template with the options you would use to install the chart. See [Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/) for details on the various options. Remember to set the `rancherImage` option to pull the image from your private registry. This will create a `rancher` directory with the Kubernetes manifest files. + +```plain +helm template ./rancher-.tgz --output-dir . \ +--name rancher --namespace cattle-system \ +--set hostname= \ +--set rancherImage=/rancher/rancher +``` + +>Want additional options? Need help troubleshooting? See [High Availability Install: Advanced Options]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/#advanced-configurations). + +## A. Choose an SSL Option and Install Rancher + + +Rancher server is designed to be secure by default and requires SSL/TLS configuration. There are two options for the source of the certificate in an HA air gap setup: + +{{% accordion id="self-signed" label="Option A: Default Self-Signed Certificate" %}} +The default is for Rancher to generate a CA and use the `cert-manager` to issue the certificate for access to the Rancher server interface. Use the reference table below to replace each placeholder. + +Placeholder | Description +------------|------------- +`` | The version number of the output tarball. +`` | The DNS name you pointed at your load balancer. +`` | The DNS name for your private registry.). + + +```plain +helm template ./rancher-.tgz --output-dir . \ + --name rancher \ + --namespace cattle-system \ + --set hostname= \ + --set rancherImage=/rancher/rancher +``` + +{{% /accordion %}} + +{{% accordion id="secret" label="Option B: Certificates for Files (Kubernetes Secret)" %}} +Create Kubernetes secrets from your own certificates for Rancher to use. + +> **Note:** The common name for the cert will need to match the `hostname` option or the ingress controller will fail to provision the site for Rancher. + +Placeholder | Description +------------|------------- +`` | The version number of the output tarball. +`` | The DNS name you pointed at your load balancer. +`` | The DNS name for your private registry. + + +> **Note:** If you are using a Private CA signed cert, add `--set privateCA=true` + +``` +helm template ./rancher-.tgz --output-dir . \ + --name rancher \ + --namespace cattle-system \ + --set hostname= \ + --set rancherImage=/rancher/rancher + --set ingress.tls.source=secret \ +``` + +Now that Rancher is running, see [Adding TLS Secrets]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/tls-secrets/) to publish the certificate files so Rancher and the ingress controller can use them. +{{% /accordion %}} + +## B. Copy and Apply Manifests + +Copy the rendered manifest directories to a system that has access to the Rancher server cluster. + +Use `kubectl` to create namespaces and apply the rendered manifests. + +```plain +kubectl -n kube-system apply -R -f ./cert-manager + +kubectl create namespace cattle-system +kubectl -n cattle-system apply -R -f ./rancher +``` + +### [Next: Configure Rancher for the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-high-availability/config-rancher-for-private-reg/) diff --git a/content/rancher/v2.x/en/installation/air-gap-high-availability/install-rancher/_index.md b/content/rancher/v2.x/en/installation/air-gap-high-availability/install-rancher/_index.md index d0eb89c5e54..d518ad67f4f 100644 --- a/content/rancher/v2.x/en/installation/air-gap-high-availability/install-rancher/_index.md +++ b/content/rancher/v2.x/en/installation/air-gap-high-availability/install-rancher/_index.md @@ -1,35 +1,64 @@ --- -title: "5. Choose an SSL Option and Install Rancher" -weight: 500 +title: 4. Install Rancher +weight: 400 aliases: --- -## A. Render Templates and Install Rancher +## A. Add the Helm Chart Repository and Render Templates -Add the Helm chart repository that contains charts to install Rancher. Replace `` with the [repository that you're using]({{< baseurl >}}/rancher/v2.x/en/installation/server-tags/#helm-chart-repositories) (i.e. `latest` or `stable`). -```plain -helm repo add rancher- https://releases.rancher.com/server-charts/ -``` +From a system that has access to the internet, render the installs and copy the resulting manifests to a system that has access to the Rancher server cluster. -Fetch the latest Rancher chart. This will pull down the chart and save it in the current directory as a `.tgz` file. Replace `` with the repo you're using (`latest` or `stable`). +1. Initialize `helm` locally on a system that has internet access. -```plain -helm fetch rancher-/rancher -``` + ```plain + helm init -c + ``` -Render the template with the options you would use to install the chart. See [Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/) for details on the various options. Remember to set the `rancherImage` option to pull the image from your private registry. This will create a `rancher` directory with the Kubernetes manifest files. +2. Use `helm repo add` command to add the Helm chart repository that contains charts to install Rancher. For more information about the repository choices and which is best for your use case, see [Choosing a Version of Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/server-tags/#helm-chart-repositories). -```plain -helm template ./rancher-.tgz --output-dir . \ ---name rancher --namespace cattle-system \ ---set hostname= \ ---set rancherImage=/rancher/rancher -``` + Replace both occurences of `` with the Helm chart repository that you want to use (i.e. `latest` or `stable`). + + ``` + helm repo add rancher- https://releases.rancher.com/server-charts/ + ``` +3. Fetch the latest Rancher chart. This will pull down the chart and save it in the current directory as a `.tgz` file. Replace `` with the repo you're using (`latest` or `stable`). + + ```plain + helm fetch rancher-/rancher + ``` + +4. Render the template with the options you would use to install the chart. See [Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/) for details on the various options. Remember to set the `rancherImage` option to pull the image from your private registry. This will create a `rancher` directory with the Kubernetes manifest files. + + ```plain + helm template ./rancher-.tgz --output-dir . \ + --name rancher --namespace cattle-system \ + --set hostname= \ + --set rancherImage=/rancher/rancher + ``` >Want additional options? Need help troubleshooting? See [High Availability Install: Advanced Options]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/#advanced-configurations). -## A. Choose an SSL Option and Install Rancher +## B. Optional: Install Cert-Manager + +If you are installing Rancher with its self-signed certificates, you will need to install 'cert-manager' on your cluster. If you are installing your own certificates you may skip this section. + +From a system connected to the internet, fetch the latest `cert-manager` chart available from thea [official Helm chart repository](https://github.com/helm/charts/tree/master/stable). + +```plain +helm fetch stable/cert-manager +``` + +Render the template with the option you would use to install the chart. Remember to set the `image.repository` option to pull the image from your private registry. This will create a `cert-manager` directory with the Kubernetes manifest files. + +```plain +helm template ./cert-manager-.tgz --output-dir . \ +--name cert-manager --namespace kube-system \ +--set image.repository=/quay.io/jetstack/cert-manager-controller +``` + + +## D. Choose an SSL Option and Install Rancher Rancher server is designed to be secure by default and requires SSL/TLS configuration. There are two options for the source of the certificate in an HA air gap setup: diff --git a/content/rancher/v2.x/en/installation/air-gap-high-availability/prepare-private-registry/_index.md b/content/rancher/v2.x/en/installation/air-gap-high-availability/prepare-private-registry/_index.md index 5d5090b9b4b..ab03a7cfa78 100644 --- a/content/rancher/v2.x/en/installation/air-gap-high-availability/prepare-private-registry/_index.md +++ b/content/rancher/v2.x/en/installation/air-gap-high-availability/prepare-private-registry/_index.md @@ -13,7 +13,7 @@ Start by collecting all the images needed to install Rancher in an air gap envir ![Choose Release Version]({{< baseurl >}}/img/rancher/choose-release-version.png) -2. From the release's **Assets** section (in the picture above), download the following three files, which are required to install Rancher in an air gap environment: +2. From the release's **Assets** section (pictured above), download the following three files, which are required to install Rancher in an air gap environment: | Release File | Description | @@ -22,7 +22,7 @@ Start by collecting all the images needed to install Rancher in an air gap envir | `rancher-save-images.sh` | This script pulls all the images in the `rancher-images.txt` from Docker Hub and saves all of the images as `rancher-images.tar.gz`. | | `rancher-load-images.sh` | This script loads images from the `rancher-images.tar.gz` file and pushes them to your private registry. | -3. Combine the 3 three files above into a file named `rancher-images.txt`. +3. Use the three files above to populate `rancher-images.txt` with the images needed for installation. 1. Make `rancher-save-images.sh` an executable. @@ -36,14 +36,14 @@ Start by collecting all the images needed to install Rancher in an air gap envir ./rancher-save-images.sh --image-list ./rancher-images.txt ``` - **Step Result:** Docker begins pulling the images used for an air gap install. Be patient. This process takes a few minutes. When the process completes, your current directory will output a tarball named `rancher-images.tar.gz`. + **Step Result:** Docker begins pulling the images used for an air gap install. Be patient. This process takes a few minutes. When the process completes, your current directory will output a tarball named `rancher-images.tar.gz`. -1. From the directory that contains the RKE binary, use RKE to `rancher-images.txt` as well. +1. From the directory that contains the RKE binary, add RKE's images to `rancher-images.txt`. ``` rke config --system-images >> ./rancher-images.txt ``` -1. **Self-Signed Certificate Users Only:** If you elect to use the Rancher default self-signed TLS certificates, you must add the [`cert-manager`](https://github.com/helm/charts/tree/master/stable/cert-manager) image to `rancher-images.txt` as well. You may skip this image if you are using you using your own certificates. +1. **Self-Signed Certificate Users Only:** If you elect to use the Rancher default self-signed TLS certificates, you must add the [`cert-manager`](https://github.com/helm/charts/tree/master/stable/cert-manager) image to `rancher-images.txt` as well. You may skip to [B. Publish Images](#b-publish-images ) if you are using you using your own certificates. 1. Fetch the latest `cert-manager` Helm chart and parse the template for image details. @@ -66,7 +66,6 @@ Using a computer with access to the internet and your private registry, move the >**Note:** Image publication may require up to 20GB of empty disk space. - 1. Push `rancher-load-images.sh`, `rancher-images.txt` and `rancher-images.tar.gz` to your private registry.