A. Collect Images
Start by collecting all the images needed to install Rancher in an air gap environment. You’ll collect images from your chosen Rancher release, RKE, and (if you’re using a self-signed TLS certificate) Cert-Manager.
Using a computer with internet access, browse to our releases page and find the Rancher v2.x release that you want to install. Don’t download releases marked
Pre-release, as they are not stable for production environments.
From the release’s Assets section (pictured above), download the following three files, which are required to install Rancher in an air gap environment:
Release File Description
This file contains a list of all files needed to install Rancher.
This script pulls all the images in the
rancher-images.txtfrom Docker Hub and saves all of the images as
This script loads images from the
rancher-images.tar.gzfile and pushes them to your private registry.
chmod +x rancher-save-images.sh
From the directory that contains the RKE binary, add RKE’s images to
rancher-images.txt, which is a list of all the files needed to install Rancher.
rke config --system-images >> ./rancher-images.txt
Default Rancher Generated Self-Signed Certificate Users Only: If you elect to use the Rancher default self-signed TLS certificates, you must add the
rancher-images.txtas well. You may skip this step if you are using you using your own certificates.
Fetch the latest
cert-managerHelm chart and parse the template for image details.
helm fetch stable/cert-manager --version 0.5.2 helm template ./cert-manager-<version>.tgz | grep -oP '(?<=image: ").*(?=")' >> ./rancher-images.txt
Sort and unique the images list to remove any overlap between the sources.
sort -u rancher-images.txt -o rancher-images.txt
rancher-images.txtimage list to create a tarball of all the required images.
./rancher-save-images.sh --image-list ./rancher-images.txt
Step Result: Docker begins pulling the images used for an air gap install. Be patient. This process takes a few minutes. When the process completes, your current directory will output a tarball named
rancher-images.tar.gz. Check that the output is in the directory.
B. Publish Images
Using a computer with access to the internet and your private registry, move the images from
rancher-images.txt to your private registry using the image scripts.
Note: Image publication may require up to 20GB of empty disk space.
Log into your private registry if required.
docker login <REGISTRY.YOURDOMAIN.COM:PORT>
rancher-load-images.shto extract, tag and push
rancher-images.tar.gzto your private registry.
./rancher-load-images.sh --image-list ./rancher-images.txt --registry <REGISTRY.YOURDOMAIN.COM:PORT>