OUTDATED - How to Air Gap RKE2, Neuvector, Longhorn, and Rancher

Рет қаралды 3,800

Күн бұрын

*UPDATE* Go watch the newer version! • Use Hauler to Air Gap ... *UPDATE*
THIS Version is DEPRECATED.
This video is a continuation of the Simple RKE2/Rancher install video : • Outdated - Simple RKE2... .
In this video we are walking through the steps to air gap RKE, Rancher, Longhorn and Neuvector with security in mind.
github.com/cle...
** OLD UPDATE **
For easier terminal watching - asciinema.org/...
Please feel free to comment below or reach out to me at andy.clemenko@rancherfederal.com
thanks for watching!

Пікірлер: 35

@jimbrent8151 Жыл бұрын

Awesome Andy... I like your sauce ;-) This was really great this significantly helped me get an idea of what needs to be done to deploy to an air - gap environment without spending HOURS readings the docs. Now I can refer to the docs with confidence and perhaps even modify your scripts to work in our environment.

@clemenko Жыл бұрын

That is awesome! Keep in mind, like with the registry layout, this is intended for a POC. We are working on a Reference Architecture for production environments.

@onurkocaman8375 Жыл бұрын

Thank you very much, Andy. I finally saw a functional K8s airgap setup. It has become a usable installation in a dark site network.

@clemenko Жыл бұрын

Great to hear! I just made a quick video for k3s air-gapped : kzbin.info/www/bejne/aWiXgKd-m96GjdU

@Roby86x Жыл бұрын

Amazing work Andy, really appreciate the effort to put all these things up, saves tremendous amount of time for airgapped env. Keep it up! 🥳

@clemenko Жыл бұрын

aw, thank you very much!

@fdhall 11 ай бұрын

tremendous work bro...very well done! much appreciated that it's not in some sort of insane Ansible playbook too lol! preciate you!

@clemenko 11 ай бұрын

Glad you enjoyed it!

@TheRiccardo1983 10 ай бұрын

Hello Andy , I find your video very interesting and thank you very much. I wanted to ask you if the kernel settings that you go to configure are all strictly necessary. I look forward to your feedback thank you

@clemenko 9 ай бұрын

some are. `net.ipv4.ip_forward=1` and the vm and kernel ones are. That list is from years of tinkering with docker and kubernetes.

@karlkaye-eddie383 7 ай бұрын

Awesome work Andy. Really Appreciate the videos. How would one change this script to include a image registry for the air-gapped environment and then provide a way to bring new images over from time to time. Also how do you add images to to the build method.

@clemenko 7 ай бұрын

Thanks. Rancher Gov is actually working on a product to streamline this. github.com/rancherfederal/hauler. How about I make a walk through video? Would that help?

@clemenko 7 ай бұрын

Hope this helps! kzbin.info/www/bejne/gnSYamVrmtSprac

@Maica1V Жыл бұрын

Yea nice bro, I was suffering doing this by myself until now, this certainly will help. But why a registered domain name for an air gaped install? I mean, my scenario is that the clusters I'm deployin have no access to the internet

@clemenko Жыл бұрын

glad you like it. you don't need a registered domain air gapped. it helps though with Ingress.

@devopssimon Жыл бұрын

Thanks for your work on this. What is the process for upgrade in the future, do you just run the script again with updated version variables?

@clemenko Жыл бұрын

Running the script again is not a good idea. It is meant to bootstrap a POC(test) cluster. I would work on creating the pipeline for images to cross the air gap. Also creating a registry for everything. hope this helps.

@mikeroberts265 11 ай бұрын

Thanks so much for this Andy. Would you be keen to update the script to use Opensuse or Suse ?

@clemenko 11 ай бұрын

Possibly. Which one would make the most sense?

@mikeroberts265 11 ай бұрын

@@clemenko sles15.5 would rock

@mikeroberts265 11 ай бұрын

Running into an issue where the build script stops after skopeo - cert-manager.. running on Rocky9.. tried a few time and fails everytime

@clemenko 11 ай бұрын

@@mikeroberts265 let me test the current script and see about sles15.5

@clemenko 11 ай бұрын

I was not able to recreate the problem. I wonder if you are docker hub throttled.

@Spektrob Жыл бұрын

Thats awesome!!! Thanks for your efforts. Can you maybe elaborate on how you created the registry.tar in the repo? And what is the content of the file?

@clemenko Жыл бұрын

Can't believe I missed that. I added it to the README.md. But here is the command `docker pull --platform linux/amd64 registry && docker save registry -o registry.tar` you can remove the ---platform is you are NOT on an apple silicon mac. Thanks for bringing it to my attention.

@Spektrob Жыл бұрын

@@clemenko Awesome!!! Thank you :)

@user-iu3sz6lp6n 10 ай бұрын

your terminal screen is very misty

@clemenko 10 ай бұрын

Not sure what that means. Can you elaborate?

@user-iu3sz6lp6n 9 ай бұрын

very hard to see your screen, please make it more clear and visible@@clemenko

@clemenko 9 ай бұрын

@@user-iu3sz6lp6n It is clear on my ipad/computer. where are you watching it? Maybe I can setup a asciinema.org?

@clemenko 9 ай бұрын

Take a look at asciinema.org/a/621604. this should help

@Ankityadav-mc8tc 11 ай бұрын

Hello Andy, Found the video interested. And trying to replicate it. I have faced issue with yum install -y /opt/rancher/rke2_1.28.2/rke2-common-1.28.2.rke2r1-0.el9.x86_64.rpm /opt/rancher/rke2_1.28.2/rke2-selinux-0.14-1.el9.noarch.rpm Error: Package: rke2-selinux-0.14-1.el9.noarch (/rke2-selinux-0.14-1.el9.noarch) Requires: container-selinux >= 3:2.191.0-1 I tried with the latest 3 versions of Linux. even tried rpm localinstall container-selinux >= 3:2.191.0-1

@clemenko 11 ай бұрын

Try changing the rke2 version to 1.26. I think you are hitting a dependency that doesn't exist. Let me know how it goes.

@brandonrobinson5152 10 ай бұрын

@@clemenko I was running into the same exact issue as OP above. Thanks for the suggestion! I will give this a try.