In environments where security is high priority, you can set up Rancher in an air gap configuration. Air gap installs are more secure than standard single-node or HA deployments because the network that runs Rancher is disconnected from the Internet, reducing your security surface area.

Prerequisites

  • Rancher supports air gap installs using a private registry. You must have your own private registry or other means of distributing Docker images to your machine. If you need help with creating a private registry, please refer to the Docker documentation.

    For each Rancher release, we provide the Docker images and scripts needed to mirror these images to your own registry. The Docker images are used when installing Rancher in an HA setup, when provisioning a cluster where Rancher is launching Kubernetes, or when you enable features like pipelines or logging.

  • Installation Option: Before beginning your air gap installation, choose whether you want a single-node install or a high availability install. View your chosen configuration’s introduction notes along with Rancher’s node requirements.

Caveats

Any Rancher version prior to v2.1.0, registries with authentication are not supported when installing Rancher in HA or provisioning clusters, but after clusters are provisioned, registries with authentication can be used in the Kubernetes clusters.

As of v2.1.0, registries with authentication work for installing Rancher as well as provisioning clusters.

Air Gap Installation Outline

While installing Rancher in an air gap configuration, you’ll complete several different tasks.

Next: Prepare the Private Registry