Air Gap Installation of single node Rancher
Rancher is a complete software stack for teams adopting containers. It addresses the operational and security challenges of managing multiple Kubernetes clusters, while providing DevOps teams with integrated tools for running containerized workloads.
Prerequisites:
1. Private Docker Registry: To Push rancher images to that registry from machine-1. (Ref: https://vineetcic.medium.com/create-own-docker-registry-with-gui-using-harbor-9e63f38f8753)
2. A machine-1 which has private registry access as well as internet access so that download all required images on this machine
3. A machine-2 which has no internet access but ability to access mentioned docker private registry and deploy renacher on this node.
Note : In this article going to install rancher v:2.5.5
(Please check host entry of private registry server on both machines i.e. machine-1 and machine-2)
2. Got to the rancher release link which you want to install in this article going to install rancher:v2.5.5 so open the following link
https://github.com/rancher/rancher/releases/tag/v2.5.5
Form above link download three files
rancher-images.txtThis file contains a list of images needed to install Rancher, provision clusters and user Rancher tools.rancher-save-images.shThis script pulls all the images in the rancher-images.txt from Docker Hub and saves all of the images as rancher-images.tar.gz.rancher-load-images.shThis script loads images from the rancher-images.tar.gz file and pushes them to your private registry.
3. Save the images to your workstation i.e. machine-1:
Make rancher-save-images.sh an executable:chmod +x rancher-save-images.sh
Run rancher-save-images.sh with the rancher-images.txt image list to create a tarball of all the required images:./rancher-save-images.sh --image-list ./rancher-images.txt
Result: Docker begins pulling the images used for an air gap install. Be patient. This process takes a few minutes. When the process completes, your current directory will output a tarball named rancher-images.tar.gz. Check that the output is in the directory.
4. Populate the private registry :
The rancher-images.txt is expected to be on the workstation (machine-1) in the same directory that you are running the rancher-load-images.sh script. The rancher-images.tar.gz should also be in the same directory.
Log into your private registry if required: plain docker login <REGISTRY.YOURDOMAIN.COM:PORT>
Make rancher-load-images.sh an executable:chmod +x rancher-load-images.sh
Use rancher-load-images.sh to extract, tag and push rancher-images.txt and rancher-images.tar.gz to your private registry:./rancher-load-images.sh --image-list ./rancher-images.txt --registry <REGISTRY.YOURDOMAIN.COM:PORT>
5. Following methods to install rancher
METHOD-I:
Now can install direct with single command without bind mount any file so load all images on local machine and run following commands
docker run -d --restart=unless-stopped --privileged --name rancher -p 80:80 -p 443:443 rancher/rancher:v2.5.5
METHOD-II:
In above method if container will restart then all data will destroy and if you bind mount the directory so container will search for registry server so first creates registries.yaml file on machine-2 which is as below and then install rancher on that machine
mirrors:
docker.io:
endpoint:
- "https://mycustomreg.com:5000"
configs:
"mycustomreg:5000":
auth:
username: xxxxxx # this is the registry username
password: xxxxxx # this is the registry password
tls:
cert_file: /etc/rancher/k3s/cert.pem # path to the cert file used in the registry
key_file: /etc/rancher/k3s/abc.key # path to the key file used in the registry
ca_file: /etc/rancher/k3s/ca.pem # path to the ca file used in the registrynow run run the following command to run rancher
docker run -d --restart=unless-stopped --privileged --name rancher --add-host <REGISTRY.YOURDOMAIN.COM:IP> -p 80:80 -p 443:443 -v /opt/rancher:/var/lib/rancher -v /home2/k3s:/etc/rancher/k3s <REGISTRY.YOURDOMAIN.COM:PORT>/rancher/rancher:v2.5.5
NOTE: cert files and registries.yaml file must resides in /home/k3s directory and pull image should mentioned with private registry (<REGISTRY.YOURDOMAIN.COM:PORT>/rancher/rancher:v2.5.5) and host entry must require .
METHOD-III:
By docker-compose file. Create docker-compose.yaml
version: '3'services:
rancher:
image: <REGISTRY.YOURDOMAIN.COM:PORT>/rancher/rancher:v2.5.5
restart: always
privileged: true
ports:
- "80:80"
- "443:443"
volumes:
- /opt/rancher:/var/lib/rancher
- /home2/harbor/secrets:/etc/rancher/k3s
extra_hosts:
- "<REGISTRY.YOURDOMAIN.COM:IP>"
6. References:
1. https://rancher.com/docs/rancher/v2.5/en/installation/other-installation-methods/single-node-docker/advanced/#air-gap
2. https://rancher.com/docs/k3s/latest/en/installation/private-registry/
3. https://rancher.com/docs/rancher/v2.5/en/installation/other-installation-methods/air-gap/populate-private-registry/
7. Enjoy !!!
