2. Prepare Private Registry
A. Collect Images
Start by collecting all the images needed to install Rancher in an air gap environment. You’ll collect images from your chosen Rancher release, RKE, and (if you’re using a self-signed TLS certificate) Cert-Manager.
Using a computer with internet access, browse to our releases page and find the Rancher v2.1.x release that you want to install. Don’t download releases marked
Pre-release, as they are not stable for production environments.
From the release’s Assets section (pictured above), download the following three files, which are required to install Rancher in an air gap environment:
Release File Description
This file contains a list of all files needed to install Rancher.
This script pulls all the images in the
rancher-images.txtfrom Docker Hub and saves all of the images as
This script loads images from the
rancher-images.tar.gzfile and pushes them to your private registry.
chmod +x rancher-save-images.sh
From the directory that contains the RKE binary, add RKE’s images to
rancher-images.txt, which is a list of all the files needed to install Rancher.
rke config --system-images >> ./rancher-images.txt
Default Rancher Generated Self-Signed Certificate Users Only: If you elect to use the Rancher default self-signed TLS certificates, you must add the
rancher-images.txtas well. You may skip to B. Publish Images if you are using you using your own certificates.
Fetch the latest
cert-managerHelm chart and parse the template for image details.
helm fetch stable/cert-manager helm template ./cert-manager-<version>.tgz | grep -oP '(?<=image: ").*(?=")' >> ./rancher-images.txt
Sort and unique the images list to remove any overlap between the sources.
sort -u rancher-images.txt -o rancher-images.txt
rancher-images.txtimage list to create a tarball of all the required images.
./rancher-save-images.sh --image-list ./rancher-images.txt
Step Result: Docker begins pulling the images used for an air gap install. Be patient. This process takes a few minutes. When the process completes, your current directory will output a tarball named
rancher-images.tar.gz. Check that the output is in the directory.
B. Publish Images
Using a computer with access to the internet and your private registry, move the images from
rancher-images.txt to your private registry using the image scripts.
Note: Image publication may require up to 20GB of empty disk space.
Log into your private registry if required.
docker login <REGISTRY.YOURDOMAIN.COM:PORT>
rancher-load-images.shto extract, tag and push
rancher-images.tar.gzto your private registry.
./rancher-load-images.sh --image-list ./rancher-images.txt --registry <REGISTRY.YOURDOMAIN.COM:PORT>