GithubHelp home page GithubHelp logo

Comments (6)

stefanvangastel avatar stefanvangastel commented on July 29, 2024 2

Fyi: I can confirm a working rke in an air-gapped on-premise offline environment.

from rke.

galal-hussein avatar galal-hussein commented on July 29, 2024 1

RKE Version: master build Feb 9

I was able to verify airgap using private docker registry and the following cluster.yml file:

private_registries:
  - url: rke-registry.rancher:5000
    user: testuser
    password: testpassword
network:
  plugin: canal
nodes:
- address: 10.0.1.142
  user: ubuntu
  role: [controlplane,worker,etcd]
- address: 10.0.1.151
  user: ubuntu
  role: [controlplane,worker,etcd]

system_images:
  etcd: rke-registry.rancher:5000/rancher/etcd:v3.0.17
  kubernetes: rke-registry.rancher:5000/rancher/k8s:v1.8.7-rancher1-1
  alpine: rke-registry.rancher:5000/alpine:latest
  nginx_proxy: rke-registry.rancher:5000/rancher/rke-nginx-proxy:v0.1.1
  cert_downloader: rke-registry.rancher:5000/rancher/rke-cert-deployer:v0.1.1
  kubernetes_services_sidecar: rke-registry.rancher:5000/rancher/rke-service-sidekick:v0.1.0
  kubedns: rke-registry.rancher:5000/rancher/k8s-dns-kube-dns-amd64:1.14.5
  dnsmasq: rke-registry.rancher:5000/rancher/k8s-dns-dnsmasq-nanny-amd64:1.14.5
  kubedns_sidecar: rke-registry.rancher:5000/rancher/k8s-dns-sidecar-amd64:1.14.5
  kubedns_autoscaler: rke-registry.rancher:5000/rancher/cluster-proportional-autoscaler-amd64:1.0.0
  canal_node: rke-registry.rancher:5000/rancher/calico-node:v2.6.2
  canal_cni: rke-registry.rancher:5000/rancher/calico-cni:v1.11.0
  canal_flannel: rke-registry.rancher:5000/rancher/coreos-flannel:v0.9.1

I verified that nodes are airgapped and has no access to the internet, and i was able to pull from this private registry with authentication without docker login on the hosts

from rke.

galal-hussein avatar galal-hussein commented on July 29, 2024

all images used and statically hardcoded:

  • alpine:latest
  • rancher/rke-nginx-proxy:0.1.0
  • rancher/rke-cert-deployer:0.1.0
  • quay.io/calico/kube-controllers:v1.0.0
  • quay.io/calico/node:v2.6.2
  • quay.io/calico/cni:v1.11.0
  • quay.io/coreos/flannel:v0.9.1
  • quay.io/coreos/flannel-cni:v0.2.0
  • gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.0.0
  • gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.5
  • gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.5
  • gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.5

from rke.

soumyalj avatar soumyalj commented on July 29, 2024

Tested with rke version v0.0.9-dev.
Pushed the images above to a quay private repository and used them in the cluster.yml file.
Logged into the host with quay.io login.
./rke up --config cluster.yml was executed
When the images are private in the repository, the pull is not successful and rke up fails.

INFO[0002] [reconcile] Reconciling cluster state        
INFO[0002] [reconcile] This is newly generated cluster  
INFO[0002] [certificates] Deploying kubernetes certificates to Cluster nodes 
INFO[0002] [certificates] Checking image [quay.io/soumyalj/rke-cert-deployer-private:latest] on host [159.89.176.30] 
DEBU[0002] Checking if image [quay.io/soumyalj/rke-cert-deployer-private:latest] exists on host [159.89.176.30] 
DEBU[0002] Image [quay.io/soumyalj/rke-cert-deployer-private:latest] does not exist on host [159.89.176.30]: Error: No such image: quay.io/soumyalj/rke-cert-deployer-private:latest 
INFO[0002] [certificates] Pulling image [quay.io/soumyalj/rke-cert-deployer-private:latest] on host [159.89.176.30] 
{"status":"Pulling repository quay.io/soumyalj/rke-cert-deployer-private"}
{"errorDetail":{"code":403,"message":"Error: Status 403 trying to pull repository soumyalj/rke-cert-deployer-private: \"{\\\"error\\\": \\\"Permission Denied\\\"}\""},"error":"Error: Status 403 trying to pull repository soumyalj/rke-cert-deployer-private: \"{\\\"error\\\": \\\"Permission Denied\\\"}\""}
INFO[0003] [certificates] Successfully pulled image [quay.io/soumyalj/rke-cert-deployer-private:latest] on host [159.89.176.30] 
FATA[0003] Failed to create Certificates deployer container on host [159.89.176.30]: Error: No such image: quay.io/soumyalj/rke-cert-deployer-private:latest 

When the images are made public, rke pulls the images on the host and the cluster is created successfully.

from rke.

moelsayed avatar moelsayed commented on July 29, 2024

Previously rke would try to pull an image and it failed if it's a private image. #276 fixes this by adding configuration for private registry authentication.

from rke.

adalga avatar adalga commented on July 29, 2024

Does it work with insecure registries ? I have an insecure registry and I can pull image from it manually. However,when I define it as a private_registries: in the cluster.yml rke still tries to pull from docker.io and gives an error like
Can't pull Docker image [alpine:latest] for host [192.168.112.146]: Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

from rke.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.