Shulou(Shulou.com)06/01 Report--

This article will explain in detail the example analysis of single-node Rancher offline installation. The editor thinks it is very practical, so I share it with you for reference. I hope you can get something after reading this article.

Preface

Rancher starts from v2.5.x, and single-node Rancher Server has built-in K3s as a local cluster. In addition to supporting Rancher Server, the local cluster will also run fleet, rancher-webhook, gitjob, coredns and other components. The following figure shows the components and required images started by default in the built-in K3s cluster of Rancher v2.5.8:

Docker.io/rancher/coredns-coredns and docker.io/rancher/pause are built-in images of Rancher Server. Other images need to be downloaded online at dockerhub after Rancher Server is started.

If your environment is offline and Rancher Server is launched through docker run, you will report some logs of failed image downloads:

Error syncing pod d0f83155-f023-4ff6-9164-11b6b63ef4d6 ("helm-operation-t8mtl_cattle-system (d0f83155-f023-4ff6-9164-11b6b63ef4d6)"), skipping: [failed to "StartContainer" for "helm" with ImagePullBackOff: "Back-off pulling image\" rancher/shell:v0.1.6\ ", failed to" StartContainer "for" proxy "with ImagePullBackOff:" Back-off pulling image\ "rancher/shell:v0.1.6\"]

The official website document single node offline installation Rancher Server (http://docs.rancher.cn/docs/rancher2.5/installation/other-installation-methods/air-gap/install-rancher/_index/# single node installation) section points out that you can specify the CATTLE_SYSTEM_DEFAULT_REGISTRY parameter to obtain the images needed by Rancher Server from the private image repository, but if your private image repository is TLS enabled or authenticated CATTLE_SYSTEM_DEFAULT_REGISTRY can't meet your needs.

For the above scenarios, we can map the * * / etc/rancher/k3s/registries.yaml** of the built-in K3s cluster to the host, and then modify registries.yaml to achieve more complex scenarios such as enabling TLS or having authentication. For more information about configuring private warehouses for K3s, please see the official website of K3s (http://docs.rancher.cn/docs/k3s/installation/private-registry/_index/).).

Single node Rancher Server configures private image repository

The following sections show you how to install a single-node Rancher Server in an offline environment through a private image repository, which is divided into the following scenarios according to the types of image repositories:

Private repository is a certificate (https) issued by a SSL certification authority, with authentication

The private warehouse is a self-signed certificate (https) with authentication

Private warehouses do not use SSL (use http) and have authentication

Private repository is a certificate (https) issued by a SSL certification authority, with authentication

The images needed by Rancher Server have been uploaded in the private repository in advance. For more information on how to synchronize the images to the private image repository, please see the official documentation (http://docs.rancher.cn/docs/rancher2.5/installation/other-installation-methods/air-gap/populate-private-registry/_index).).

1. Configure K3s registries.yaml

Root@ip-172-31-14-159 cat / opt/registries.yamlmirrors: # Private repository domain name harbor.kingsd.top: endpoint:-"https://harbor.kingsd.top"configs:" harbor.kingsd.top "auth: username: admin # this is the user name of the private image warehouse password: Password # this is the password of the private image warehouse

two。 Start single node Rancher Server

Root@ip-172-31-14-159 root@ip-172-31-14-- privileged\ >-- restart=unless-stopped\ >-p 80:80-p 443 privileged\ >-e CATTLE_SYSTEM_DEFAULT_REGISTRY=harbor.kingsd.top\ # set the domain name of private warehouse >-v / opt/registries.yaml:/etc/rancher/k3s/registries.yaml\ # Map the host `registries.yaml` to the container > rancher/rancher:v2.5.8

3. Verification

After waiting for Rancher Server to start successfully, we can exec into the container to confirm whether the required components are started:

Root@3fd636aa513e:/var/lib/rancher# kubectl get pods-ANAMESPACE NAME READY STATUS RESTARTS AGEcattle-system helm-operation-5w49g 0 3m21scattle-system helm-operation-gclkp 2 Completed 0 3m21scattle-system helm-operation-gclkp 0 3m3scattle-system 2 Completed 0 Helm-operation-jt948 0/2 Completed 0 3m13scattle-system helm-operation-l76g6 0/2 Completed 0 3m41scattle-system helm-operation-zmm6f 0/2 Completed 0 3m28scattle-system rancher-webhook-58b8d9f6c6-bxmns 1/1 Running 0 3m24sfleet-system fleet-agent-7c7d457b6d-x4kvf 1 Running 0 2m33sfleet-system fleet-controller-5ddfd96f5c-lxbnt 1 6hx52 1 Running 0 3m10sfleet-system gitjob-7b4ddfcbf7-6hx52 1 Running 0 3m10skube-system coredns-66c464876b-hfjqk 1 Running 0 4m1srancher-operator-system rancher-operator-5cbfb5d6d7-kq29z 1/1 Running 0 3m32sroot@3fd636aa513e:/var/lib/rancher# k3s crictl imagesIMAGE TAG IMAGE ID SIZEdocker.io/rancher/coredns-coredns 1.6.9 4e797b3234604 43.3MBdocker. Io/rancher/pause 3.1 da86e6ba6ca19 746kBharbor.kingsd.top/rancher/fleet-agent v0.3.5 2a0c55d5db357 55.9MBharbor.kingsd.top/rancher/fleet v0.3.5 981b7123a405f 23.9MBharbor.kingsd.top/rancher/gitjob v0.1.15 dac9b6c58fe07 24.8MBharbor.kingsd.top/rancher/rancher-operator v0.1.4 c18d03bea7c6f 14.5MBharbor.kingsd.top/rancher/rancher-webhook v0.1.0 aec2ca2e747d7 12.6MBharbor.kingsd.top/rancher/shell v0.1.6 2e550736e6a49 46.8MB

As you can see, except for the rancher/coredns-coredns and rancher/pause images built into Rancher Server, all the other images are pulled from harbor.kingsd.top.

The private warehouse is a self-signed certificate (https) with authentication

The main difference between the private repository of Rancher Server connection self-signed certificate and the private repository of SSL certificate authority is that when connecting the private repository of self-signed certificate, you need to specify the self-signed certificate of the private image repository in the registries.yaml of K3s.

1. Configure K3s registries.yaml

Root@ip-172-31-14-159 cat / opt/registries.yamlmirrors: # Private repository domain name harbor.kingsd.top: endpoint:-"https://harbor.kingsd.top"configs:" harbor.kingsd.top "auth: username: admin # this is the user name of the private image warehouse password: Password # this is the password tls of the private image warehouse: The path to the ca file used in the ca_file: / opt/certs/ca.crt # image repository. The path to the cert file used in the cert_file: / opt/certs/harbor.kingsd.top.cert # image repository. The path to the key file used in the key_file: / opt/certs/harbor.kingsd.top.key # image repository.

two。 Start single node Rancher Server

Root@ip-172-31-14-159 root@ip-172-31-14-- privileged\ >-- restart=unless-stopped\ >-p 80:80-p 443VR 443\ >-e CATTLE_SYSTEM_DEFAULT_REGISTRY=harbor.kingsd.top\ # set the private warehouse domain name >-v / opt/registries.yaml:/etc/rancher/k3s/registries.yaml\ # Map the host `registries.yaml` to the container >-v / opt / certs:/opt/certs\ # Map the certificate to the container > rancher/rancher:v2.5.8

3. Verification

After waiting for Rancher Server to start successfully, we can exec into the container to confirm whether the required components are started:

Root@381b5d2c26d9:/var/lib/rancher# kubectl get pods-ANAMESPACE NAME READY STATUS RESTARTS AGEcattle-system helm-operation-b5mvm 0 6m27scattle-system helm-operation-cdlc8 2 Completed 0 6m27scattle-system helm-operation-cdlc8 0 5m57scattle-system 2 Completed 0 Helm-operation-hcxmj 0/2 Completed 0 5m47scattle-system helm-operation-vqz9z 0/2 Completed 0 6m4scattle-system helm-operation-wqgz9 0/2 Completed 0 6m12scattle-system rancher-webhook-58b8d9f6c6-z68ps 1/1 Running 0 6m18sfleet-system fleet-agent-7c7d457b6d-zznvd 1 Running 0 5m25sfleet-system fleet-controller-5ddfd96f5c-kcqmq 1 99l46 1 Running 0 5m53sfleet-system gitjob-7b4ddfcbf7-99l46 1 Running 0 5m53skube-system coredns-66c464876b-mflfv 1 Running 0 6m49srancher-operator-system rancher-operator-5cbfb5d6d7-prsqh 1/1 Running 0 6m9sroot@381b5d2c26d9:/var/lib/rancher# k3s crictl imagesIMAGE TAG IMAGE ID SIZEdocker.io/rancher/coredns-coredns 1.6.9 4e797b3234604 43.3MBdocker. Io/rancher/pause 3.1 da86e6ba6ca19 746kBharbor.kingsd.top/rancher/fleet-agent v0.3.5 2a0c55d5db357 55.9MBharbor.kingsd.top/rancher/fleet v0.3.5 981b7123a405f 23.9MBharbor.kingsd.top/rancher/gitjob v0.1.15 dac9b6c58fe07 24.8MBharbor.kingsd.top/rancher/rancher-operator v0.1.4 c18d03bea7c6f 14.5MBharbor.kingsd.top/rancher/rancher-webhook v0.1.0 aec2ca2e747d7 12.6MBharbor.kingsd.top/rancher/shell v0.1.6 2e550736e6a49 46.8MB

As you can see, except for the rancher/coredns-coredns and rancher/pause images built into Rancher Server, all the other images are pulled from harbor.kingsd.top.

Private warehouses do not use SSL (use http) and have authentication

For the private repository of HTTP, you only need to change the mirrors.endpoint configuration in registries.yaml to the beginning of http.

1. Configure K3s registries.yaml

Root@ip-172-31-14-159 cat cat / opt/registries.yamlcat: cat: No such file or directorymirrors: # Private Repository IP 3.96.56.137: endpoint:-"http://3.96.56.137"configs:" 3.96.56.137 ": auth: username: admin # this is the user name of the private image repository password: Password # this is the password of the private image repository

two。 Start single node Rancher Server

Root@ip-172-31-14-159 root@ip-172-31-14-- privileged\ >-- restart=unless-stopped\ >-p 80:80-p 443 privileged\ >-e CATTLE_SYSTEM_DEFAULT_REGISTRY=3.96.56.137\ # set up a private warehouse IP >-v / opt/registries.yaml:/etc/rancher/k3s/registries.yaml\ # Map the host `registries.yaml` to the container > rancher/rancher:v2.5.8

3. Verification

Root@cb018bb70446:/var/lib/rancher# kubectl get pods-ANAMESPACE NAME READY STATUS RESTARTS AGEcattle-system helm-operation-44tb7 0 77scattle-system helm-operation-cwpvz 2 Completed 0 77scattle-system helm-operation-cwpvz 0 66scattle-system 2 Completed 0 Helm-operation-f898m 0/2 Completed 0 58scattle-system helm-operation-fc4tj 0/2 Completed 0 51scattle-system helm-operation-qq4kz 0/2 Completed 0 42scattle-system rancher-webhook-c49756c7f-rjwdj 1/1 Running 0 63sfleet-system fleet-agent-55865c8959-rz8p2 1/1 Running 0 21sfleet-system fleet-controller-797ff98bfd-xj48k 1/1 Running 0 47sfleet-system gitjob-58bdfc4c69-mp84z 1/1 Running 0 47skube-system coredns-66c464876b-dbm8v 1/ 1 Running 0 96srancher-operator-system rancher-operator-578b4c64d4-4ptq9 1 69sroot@cb018bb70446:/var/lib/rancher# 1 Running 0 69sroot@cb018bb70446:/var/lib/rancher# k3s crictl imagesIMAGE TAG IMAGE ID SIZE3.96.56.137/rancher/fleet-agent v0.3.5 2a0c55d5db357 55.9MB3.96 .56.137 / rancher/fleet v0.3.5 981b7123a405f 23.9MB3.96.56.137/rancher/gitjob v0.1.15 dac9b6c58fe07 24.8MB3.96.56.137/rancher/rancher-operator v0.1.4 c18d03bea7c6f 14.5MB3.96.56.137/rancher/rancher-webhook v0.1.0 Aec2ca2e747d7 12.6MB3.96.56.137/rancher/shell v0.1.6 2e550736e6a49 46.8MBdocker.io/rancher/coredns-coredns 1.6.9 4e797b3234604 43.3MBdocker.io/rancher/pause 3.1 da86e6ba6ca19 746kB

As you can see, except for the rancher/coredns-coredns and rancher/pause images built into Rancher Server, the other images are pulled from 3.96.56.137.

This is the end of this article on "sample analysis of single-node Rancher offline installation". I hope the above content can be helpful to you, so that you can learn more knowledge. if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.