Deploying a Kubernetes cluster in an airgapped environment


#1

Greetings

I’m having difficulty getting a Kubernetes cluster deployed in an air-gapped environment using Rancher per the instructions at https://rancher.com/docs/rancher/v2.x/en/installation/air-gap-single-node/install-rancher/

After configuring the private registry and transferring all the images to my isolated linux host, I’m able to get the Rancher server to start with this command:

docker run -d --restart=unless-stopped -p 80:80 -p 443:443 rancher/rancher:latest

(Note: I’m choosing Option A-Default Self-Signed Certificate)

After logging into the web console and going though the wizard to add a cluster, I’m given this command to type on the worker node:

sudo docker run -d --privileged --restart=unless-stopped --net=host -v /etc/kubernetes:/etc/kubernetes -v /var/run:/var/run rancher/rancher-agent:latest --server https//myserver --token 47f96rpsz5kjwn2n66rmrb27bwxkh8h68wxvmj627snrqqtt6jpfq5 —no-cacerts --no-check-certificate 8d2d6aef91e96cade1160faa2d7515b9239972ac58cd7f99b910fa6a305acad1 --etcd --controlplane --worker

The agent container launches, but the node never gets added. The logs for the agent container show:

INFO: Arguments: --server https//myserver --token REDACTED —no-cacerts --no-check-certificate 8d2d6aef91e96cade1160faa2d7515b9239972ac58cd7f99b910fa6a305acad1 --etcd --controlplane --worker

INFO: Environment: CATTLE_ADDRESS=10.1.x.x CATTLE_INTERNAL_ADDRESS= CATTLE_NODE_NAME=myserver CATTLE_SERVER=https://myserver.mydomain.com CATTLE_TOKEN=REDACTED

INFO: Using resolv.conf: ; generated by /usr/sbin/dhclient-script search mydomain nameserver 10.1.x.x nameserver 10.1.x.x

INFO: myserver/ping is accessible

INFO: myserver resolves to 10.1.1x.x

time=“2019-02-13T22:11:05Z” level=info msg=“Rancher agent version v2.1.6 is starting”

time=“2019-02-13T22:11:05Z” level=info msg=“Option controlPlane=false”

time=“2019-02-13T22:11:05Z” level=info msg=“Option worker=false”

time=“2019-02-13T22:11:05Z” level=info msg="Option requestedHostname=myserver”

time=“2019-02-13T22:11:05Z” level=info msg=“Option customConfig=map[address:10.1.x.x internalAddress: roles:[] label:map[]]”

time=“2019-02-13T22:11:05Z” level=info msg=“Option etcd=false”

time=“2019-02-13T22:11:05Z” level=info msg=“Listening on /tmp/log.sock”

time=“2019-02-13T22:11:05Z” level=info msg=“Connecting to wss://myserver.mydomain.com/v3/connect/register with token 47f96rpsz5kjwn2n66rmrb27bwxkh8h68wxvmj627snrqqtt6jpfq5”

time=“2019-02-13T22:11:05Z” level=info msg=“Connecting to proxy” url=“wss://myserver.mydomain.com/v3/connect/register”

time=“2019-02-13T22:11:05Z” level=error msg=“Failed to connect to proxy” error=“websocket: bad handshake”

time=“2019-02-13T22:11:05Z” level=error msg=“Failed to connect to proxy” error=“websocket: bad handshake”

time=“2019-02-13T22:11:15Z” level=info msg=“Connecting to wss://myserver.mydomain.com/v3/connect/register with token 47f96rpsz5kjwn2n66rmrb27bwxkh8h68wxvmj627snrqqtt6jpfq5”

What could I be doing wrong here?