RKE2 can be installed in an air-gapped environment with two different methods.
You can either deploy via the bundled
rke2-airgap-images tarball, or by using a private registry.
All files mentioned in the steps can be obtained from the assets of the desired released rke2 version here.
If running on an SELinux enforcing air-gapped node, you must first install the necessary SELinux policy RPM before performing these steps. See our RPM Documentation to determine what you need.
- Add the desired version of the
rke2-airgap-images-amd64.tar.gzfile to the air-gapped node.
- Gunzip the tar.gz file so that it is only a tar, and move it to
- Install RKE2
Private Registry Method¶
The private registry must be using TLS, with a cert trusted by the host CA bundle. If the registry is using a self-signed cert, you can add the cert to the host CA bundle with
update-ca-certificates. The registry must also allow anonymous (unauthenticated) access.
- Add all the required system images to your private registry. A simple list of these can be obtained from the
- Add the ca cert to the operating system's trusted certs
- Install RKE2 using the
- Obtain the rke2 binary file
- Ensure the binary is named
rke2and place it in
/usr/local/bin. Ensure it is executable.
- Run the binary with the desired parameters. For example, if using the Private Registry Method, your config file would have the following: