Skip to content

Commit

Permalink
Merge pull request #372 from rancher-max/airgap-docs
Browse files Browse the repository at this point in the history 
Add documentation for airgap install
  • Loading branch information
@davidnuzik
davidnuzik authored Sep 29, 2020
2 parents 2b27b47 + 0398293 commit 5fe53a9
Showing 1 changed file with 25 additions and 0 deletions.
25 changes: 25 additions & 0 deletions docs/airgap.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
# Air-Gap Install

RKE2 can be installed in an air-gapped environment with two different methods.
You can either deploy via the bundled `rke2-airgap-images` tarball, or by using a private registry.

All files mentioned in the steps can be obtained from the assets of the desired released rke2 version [here](https://github.com/rancher/rke2/releases).

If running on an SELinux enforcing air-gapped node, you must first install the necessary SELinux policy RPM before performing these steps. See our [RPM Documentation](https://github.com/rancher/rke2#rpm-repositories) to determine what you need.

## Tarball Method
1. Add the desired version of the `rke2-airgap-images-amd64.tar.gz` file to the air-gapped node.
2. Gunzip the tar.gz file so that it is only a tar, and move it to `/var/lib/rancher/rke2/agent/images/`.
3. [Install RKE2](#install-rke2)

## Private Registry Method
The private registry must be using TLS, with a cert trusted by the host CA bundle. If the registry is using a self-signed cert, you can add the cert to the host CA bundle with `update-ca-certificates`. The registry must also allow anonymous (unauthenticated) access.
1. Add all the required system images to your private registry. A simple list of these can be obtained from the `rke2-images.linux-amd64.txt` file.
2. Add the ca cert to the operating system's trusted certs
3. [Install RKE2](#install-rke2) using the `--system-default-registry` flag.

## Install RKE2
These steps should only be performed after completing one of either the [Tarball Method](#tarball-method) or [Private Registry Method](#private-registry-method).
1. Obtain the rke2 binary file `rke2.linux-amd64`
2. Ensure the binary is named `rke2` and place it in `/usr/local/bin`. Ensure it is executable.
3. Run the binary with the desired flags. For example, if using the Private Registry Method: `sudo rke2 server --system-default-registry="https://myprivreg.com:5000" 2>&1 &`

0 comments on commit 5fe53a9

Please sign in to comment.