Skip to main content
Skip table of contents

Air-Gap Install for RKE-2 Kubernetes

To deploy RKE-2 Kubernetes in an air-gap environment, we will have to collect and archive the deployment artifacts from a system where internet is available.

Collect Artifacts for RKE2

Identify latest stable release for RKE2. Navigate to the latest stable release page on github using RKE-2 stable release. At the time of this writing the latest stable release is v1.28.12+rke2r1

  1. Create a local artifacts folder

CODE 
mkdir /root/artifacts/rke2 && cd /root/artifacts/rke2

  1. Download RKE2 artifacts

BASH 
curl -OLs https://github.com/rancher/rke2/releases/download/v1.28.12%2Brke2r1/rke2-images.linux-amd64.tar.zst
curl -OLs https://github.com/rancher/rke2/releases/download/v1.28.12%2Brke2r1/rke2.linux-amd64.tar.gz
curl -OLs https://github.com/rancher/rke2/releases/download/v1.28.12%2Brke2r1/sha256sum-amd64.txt
curl -sfL https://get.rke2.io --output install.sh

  1. Create a folder for EFCX artifacts

CODE 
mkdir /root/artifacts/EFCX && /root/artifacts/EFCX

  1. Downloads and archive other helm charts

Openebs

CODE 
helm repo add openebs https://openebs.github.io/openebs
helm repo update
helm pull openebs/openebs

Download images for openebs

BASH 
mkdir -p  images/openebs
for OPENEBS_IMG in $(helm  template --debug openebs/openebs|& awk '/image:/ {print $2 }' |sed -e "s/'//g" -e 's/"//g'|sort -u)
do 
  OPENEBS_IMG_IMAGE_REPO=${OPENEBS_IMG%%:*};
  echo "${OPENEBS_IMG_IMAGE_REPO}"
  CONTAINERD_ADDRESS=/run/k3s/containerd/containerd.sock /var/lib/rancher/rke2/bin/ctr  -n k8s.io i pull   docker.io/${OPENEBS_IMG}
  CONTAINERD_ADDRESS=/run/k3s/containerd/containerd.sock ctr -n k8s.io i export images/openebs/${OPENEBS_IMG_IMAGE_REPO//\//}.tar docker.io/${OPENEBS_IMG}
done

Cert-manager

BASH 
mkdir images/cert-manager
for CERT_M_IMG in $(helm  template --debug --set installCRDs=true oci://registry-1.docker.io/bitnamicharts/cert-manager|&  awk '/image:/ {print $2 }' |sed -e "s/'//g" -e 's/"//g'|sort -u)
do 
  CERT_M_IMAGE_REPO=${CERT_M_IMG%%:*};
  CONTAINERD_ADDRESS=/run/k3s/containerd/containerd.sock /var/lib/rancher/rke2/bin/ctr  -n k8s.io i pull   ${CERT_M_IMG}
  CONTAINERD_ADDRESS=/run/k3s/containerd/containerd.sock ctr -n k8s.io i export images/cert-manager/${CERT_M_IMAGE_REPO//\//}.tar ${CERT_M_IMG}
done

Clone the CX repository ( replace the branch-name )

CODE 
git clone -b <BRANCH-NAME> https://efcx:RecRpsuH34yqp56YRFUb@gitlab.expertflow.com/cim/cim-solution.git

Download all the CX solution images

BASH 
mkdir images/efcx
for CXI in  $(awk '/[ ]+image:/ { print $NF }' cim-solution/kubernetes/cim/Deployments/*.yaml)
do
  CXI_IMAGE_REPO=${CXI%%:*};
  CONTAINERD_ADDRESS=/run/k3s/containerd/containerd.sock /var/lib/rancher/rke2/bin/ctr  -n k8s.io i pull   -u  efcx:RecRpsuH34yqp56YRFUb ${CXI}
  CONTAINERD_ADDRESS=/run/k3s/containerd/containerd.sock ctr -n k8s.io i export images/efcx/${CXI_IMAGE_REPO//\//}.tar ${CXI}
done

Download and archive images for External Components

BASH 
mkdir images/efex
IMG_ARRAY=()
for efex in cim-solution/kubernetes/external/bitnami/* 
do
  IMG_ARRAY+=($(helm template --debug  --values ${efex}/values.yaml ${efex}|awk '/image:/ { print $2 }'))
done

#Archive 

for img in "$IMG_ARRAY[@]}"
do
  EFCX_IMAGE_REPO=${img%%:*};
  CONTAINERD_ADDRESS=/run/k3s/containerd/containerd.sock /var/lib/rancher/rke2/bin/ctr  -n k8s.io i pull ${img}
  CONTAINERD_ADDRESS=/run/k3s/containerd/containerd.sock ctr -n k8s.io i export images/efex/${EFCX_IMAGE_REPO//\//}.tar ${img}
done

Rasa-x Images

BASH 
mkdir images/rasax
for RASAX_IMAGE in $(helm template --debug  --values cim-solution/kubernetes/external/rasa-x/values-small.yaml cim-solution/kubernetes/external/rasa-x 2> /dev/null |awk '/image:/ {print $2 }'|sed -e "s/'//g" -e 's/"//g'|sort -u )
do
   RASAX_IMAGE_REPO=${RASAX_IMAGE%%:*}
   CONTAINERD_ADDRESS=/run/k3s/containerd/containerd.sock /var/lib/rancher/rke2/bin/ctr  -n k8s.io i pull ${RASAX_IMAGE}
   CONTAINERD_ADDRESS=/run/k3s/containerd/containerd.sock ctr -n k8s.io i export images/rasax/${RASAX_IMAGE_REPO//\//}.tar ${RASAX_IMAGE}
done

Superset Images

BASH 
mkdir images/superset
for SUPERSET_IMAGE in $(helm template --debug  --values cim-solution/kubernetes/external/superset/values.yaml  cim-solution/kubernetes/external/superset 2> /dev/null |awk '/image:/ {print $2 }'|sed -e "s/'//g" -e 's/"//g'|sort -u )
do
   SUPERSET_IMAGE_REPO=${SUPERSET_IMAGE%%:*}
   CONTAINERD_ADDRESS=/run/k3s/containerd/containerd.sock /var/lib/rancher/rke2/bin/ctr  -n k8s.io i pull ${SUPERSET_IMAGE}
   CONTAINERD_ADDRESS=/run/k3s/containerd/containerd.sock ctr -n k8s.io i export images/superset/${SUPERSET_IMAGE_REPO//\//}.tar ${SUPERSET_IMAGE}
done

Download the latest helm binary

  1. Identify the latest release by visiting the link. As of this writing, the latest release is v3.15.4 ( change with the latest release in below given steps. )

CODE 
 wget https://get.helm.sh/helm-v3.15.4-linux-amd64.tar.gz

  1. Change to the /root/ directory

CODE 
cd /root/

  1. Archive all the artifacts

CODE 
tar cvf rke2-EFCX-artifacts.tar  /root/artifacts

Transfer all the artifacts to Offline system ( s/ftp, USB or using Jump PC )

On the target system( without internet access)

Once all the files from previous steps are copied/transferred, use below given procedure

  1. Extract the archive

CODE 
tar zxvf rke2-EFCX-artifacts.tar

  1. Install RKE2 using air-gap method

CODE 
cd artifacts/rke2
INSTALL_RKE2_ARTIFACT_PATH=/root/artifacts/rke2 INSTALL_RKE2_METHOD=tar  sh install.sh

  1. Create necessary files as mentioned in the standard deployment guide for RKE2 config.yaml and other manifests before proceeding with the RKE2 install as mentioned here

It takes a while for RKE2 to completely ready, please wait while all the pods are in running state.

Install helm

Change to the directory where artifacts are extracted

CODE 
cd /root/artifacts

Extract the helm archine

CODE 
tar zxvf helm-v3.15.4-linux-amd64.tar.gz

and copy the binary

CODE 
cp linux-amd64/helm /usr/local/bin/

Once RKE2 is up and running, proceed with the import process of images

  1. Import OpenEBS images

CODE 
for img in EFCX/images/openebs/*.tar
do
  echo ${img}
  CONTAINERD_ADDRESS=/run/k3s/containerd/containerd.sock ctr -n k8s.io i import ${img}
done

  1. Import cert-manager

CODE 
for img in EFCX/images/cert-manager/*.tar
do
  echo ${img}
  CONTAINERD_ADDRESS=/run/k3s/containerd/containerd.sock ctr -n k8s.io i import ${img}
done

  1. Import EFCX images

CODE 
for img in EFCX/images/efcx/*.tar
do
  echo ${img}
  CONTAINERD_ADDRESS=/run/k3s/containerd/containerd.sock ctr -n k8s.io i import ${img}
done

  1. Import external component images

CODE 
for img in EFCX/images/efex/*.tar
do
  echo ${img}
  CONTAINERD_ADDRESS=/run/k3s/containerd/containerd.sock ctr -n k8s.io i import ${img}
done

  1. Import superset images

CODE 
for img in EFCX/images/superset/*.tar
do
  echo ${img}
  CONTAINERD_ADDRESS=/run/k3s/containerd/containerd.sock ctr -n k8s.io i import ${img}
done

  1. Import rasa-x images

CODE 
for img in EFCX/images/rasax/*.tar
do
  echo ${img}
  CONTAINERD_ADDRESS=/run/k3s/containerd/containerd.sock ctr -n k8s.io i import ${img}
done

View all the images are imported successfully

CODE 
crictl --runtime-endpoint="unix:///run/k3s/containerd/containerd.sock"  image list

Next Steps

Proceed with the EF-CX installation using CX Deployment on Kubernetes

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close