Air-Gapped Environment
This section describes how to use SUSE Virtualization in an air gapped environment. Some use cases could be where SUSE Virtualization will be installed offline, behind a firewall, or behind a proxy.
The ISO image contains all the packages to make it work in an air gapped environment.
Working Behind an HTTP Proxy
In some environments, the connection to external services, from the servers or VMs, requires an HTTP(S) proxy.
Configure an HTTP Proxy During Installation
You can configure the HTTP(S) proxy during the ISO installation as shown in picture below:
Configure an HTTP Proxy
You can configure the HTTP(S) proxy using the UI.
-
Go to the settings page of the UI.
-
Find the
http-proxysetting, click ⋮ > Edit setting -
Enter the value(s) for
http-proxy,https-proxyandno-proxy.
|
SUSE Virtualization appends necessary addresses to user configured When the nodes in the cluster do not use a proxy to communicate with each other, the CIDR needs to be added to |
Guest Cluster Images
All necessary images to install and run SUSE Virtualization are conveniently packaged into the ISO, eliminating the need to pre-load images on bare-metal nodes. A SUSE Virtualization cluster manages them independently and effectively behind the scenes.
However, it’s essential to understand a guest K8s cluster (e.g., RKE2 cluster) created by the Harvester node driver is a distinct entity from a SUSE Virtualization cluster. A guest cluster operates within VMs and requires pulling images either from the internet or a private registry.
If the Cloud Provider option is configured to SUSE Virtualization in a guest Kubernetes cluster, it deploys the Harvester cloud provider and Container Storage Interface (CSI) driver.
As a result, we recommend monitoring each RKE2 release in your air gapped environment and pulling the required images into your private registry. Please refer to the Support Matrix page for the best Harvester cloud provider and CSI driver capability support.
Integrate with an External Rancher
Rancher determines the rancher-agent image to be used whenever a SUSE Virtualization cluster is imported. If the image is not included in the SUSE Virtualization ISO, it must be pulled from the internet and loaded on each node, or pushed to the SUSE Virtualization cluster’s registry.
# Run the following commands on a computer that can access both the internet and the {harvester-product-name} cluster.
docker pull rancher/rancher-agent:<version>
docker save rancher/rancher-agent:<version> -o rancher-agent-<version>.tar
# Copy the image TAR file to the air-gapped environment.
scp rancher-agent-<version>.tar rancher@<harvester-node-ip>:/tmp
# Use SSH to connect to the {harvester-product-name} node, and then load the image.
ssh rancher@<harvester-node-ip>
sudo -i
docker load -i /tmp/rancher-agent-<version>.tarbashKnown Issues
1. Missing rancher/rancher-agent:v2.9.2 image affects deployment in air-gapped environments. (Issue #7157)
Rancher v2.9.2, which is embedded in SUSE Virtualization v1.4.0, introduced a new cronjob (rke2-machine-config-cleanup). This cronjob uses a container image (rancher/rancher-agent:v2.9.2) that is not included in the SUSE Virtualization v1.4.0 ISO. To mitigate the issue, you can pull the image from the internet and then load it in the air-gapped environment.
# on a computer which can reach the internet and harvester cluster
docker pull rancher/rancher-agent:v2.9.2
docker save rancher/rancher-agent:v2.9.2 -o rancher-agent-v2.9.2.tar
# copy rancher-agent-v2.9.2.tar to the air-gapped environment
scp rancher-agent-v2.9.2.tar rancher@<harvester-node-ip>:/tmp
# ssh to the harvester node and load the image
ssh rancher@<harvester-node-ip>
sudo -i
docker load -i /tmp/rancher-agent-v2.9.2.tarbash