fgiudici
commented
1 year ago A Rancher airgapped deployment requires a private registry in the isolated infrastructure. The container images for the clusters itselves (K3s, RKE2, ...), for Rancher and required charts (certmanager) should be downloaded and loaded in the private registry. Rancher doc here. Notes:
- you need a tls secured registry: follow docs here
- images are downloaded and tgzipped: this tasks takes a lot of time and disk space, ensure you have ~200GB of free disk space
- the tar.gz archive with all the images should be loaded to the private registry: this takes some time too
When installing Rancher from helm (from a locally pulled tgz chart of course) the --set useBundledSystemChart=true will instruct Rancher to get the "apps" (the charts in the Rancher Marketplace) from a local cache from the rancher/rancher image (which is loaded in the private registry). So, all the charts in the Rancher Marketplace will be available in the airgapped Rancher.
The UI extensions instead ARE NOT managed in the airgap scenario (apart from the default installed ones). UI extension airgap should be managed apart (and yes, also the Elemental UI extension will not be there by default).
Since Elemental charts are not in the Rancher Marketplace (yet) installation of Elemental in an airgap scenario requires extra steps:
- the elemental charts (crds and operator ones) should be pulled and made available as a tgz. Easy and straightforward.
- the elemental-operator chart must support registry templating (elemental-operator #496).
- the required Elemental images should be loaded in the private registry:
- the elemental-operator image
- the seedimage-builder image
- the Elemental Teal OS images to be used for ISO building and upgrades
- a custom Elemental OS channel should be prepared targeting the Elemental Teal OS images in the private repo (likely we should provide a script to automate OS images loading on the private repo and channel generation)
Create a test airgap environment and deploy elemental from there