Windows 离线安装

Windows Support requires using Calico or Flannel as the CNI for the RKE2 cluster.

You can use RKE2 Windows Agent (Worker) Nodes in an air-gapped environment with two different methods. This requires first completing the RKE2 airgap setup.

You can use any RKE2 Prime version listed on the Prime Artifacts URL for the assets mentioned in these steps. To learn more about the Prime Artifacts URL, see our Prime-only documentation. Authentication is required. Use your SUSE Customer Center (SCC) credentials to log in.

Download the air-gap images tarballs for your RKE2 version or by using a private registry. There are currently three tarball artifacts released for Windows in accordance with our validated Windows versions.

rke2.windows-amd64.tar.gz
rke2-windows-1809-amd64-images.tar.gz
rke2-windows-ltsc2022-amd64-images.tar.gz

All files mentioned in the steps can be obtained from the Prime Artifacts URL for your desired RKE2 version.

Prepare the Windows Agent Node

The Windows Server Containers feature must be enabled for the RKE2 agent to function correctly.

Open a new Powershell window with Administrator privileges.
```
powershell -Command "Start-Process PowerShell -Verb RunAs"
```

In the new Powershell window, run the following command.

Enable-WindowsOptionalFeature -Online -FeatureName containers –All

Reboot the node for the Containers feature to function correctly.

Windows Tarball Method

Download the Windows images tarballs and binary from the Prime Artifacts URL for the version of RKE2 you are using.

Using tar.gz image tarballs

Windows Server

$ProgressPreference = 'SilentlyContinue'
Invoke-WebRequest <PRIME-Artifacts-URL>/rke2/<VERSION>/rke2.windows-amd64.tar.gz -OutFile /var/lib/rancher/rke2/agent/images/rke2.windows-amd64.tar.gz

* Windows Server 2019 LTSC (amd64) (OS Build 17763.2061)*

$ProgressPreference = 'SilentlyContinue'
Invoke-WebRequest <PRIME-Artifacts-URL>/rke2/<VERSION>/rke2-windows-1809-amd64-images.tar.gz -OutFile c:/var/lib/rancher/rke2/agent/images/rke2-windows-1809-amd64-images.tar.gz

Windows Server 2022 LTSC (amd64) (OS Build 20348.169)

$ProgressPreference = 'SilentlyContinue'
Invoke-WebRequest <PRIME-Artifacts-URL>/rke2/<VERSION>/rke2-windows-ltsc2022-amd64-images.tar.gz -OutFile c:/var/lib/rancher/rke2/agent/images/rke2-windows-ltsc2022-amd64-images.tar.gz

Using tar.zst image tarballs

Zstandard offers better compression ratios and faster decompression speeds compared to pigz.

Windows Server 2019 LTSC (amd64) (OS Build 17763.2061)

$ProgressPreference = 'SilentlyContinue'
Invoke-WebRequest <PRIME-Artifacts-URL>/rke2/<VERSION>/rke2-windows-1809-amd64-images.tar.zst -OutFile /var/lib/rancher/rke2/agent/images/rke2-windows-1809-amd64-images.tar.zst

Windows Server 2022 LTSC (amd64) (OS Build 20348.169)

$ProgressPreference = 'SilentlyContinue'
Invoke-WebRequest <PRIME-Artifacts-URL>/rke2/<VERSION>/rke2-windows-ltsc2022-amd64-images.tar.zst -OutFile c:/var/lib/rancher/rke2/agent/images/rke2-windows-ltsc2022-amd64-images.tar.zst

Use rke2-windows-<VERSION>-amd64.tar.gz or rke2-windows-<VERSION>-amd64.tar.zst. Zstandard offers better compression ratios and faster decompression speeds compared to pigz.
1. Ensure that the /var/lib/rancher/rke2/agent/images/ directory exists on the node.
  New-Item -Type Directory c:\usr\local\bin -Force New-Item -Type Directory c:\var\lib\rancher\rke2\bin -Force
2. Copy the compressed archive to /var/lib/rancher/rke2/agent/images/ on the node, ensuring that the file extension is retained.
3. Install Windows RKE2.

Private Registry Method

Private registry support honors all settings from the containerd registry configuration, including endpoint override, transport protocol (HTTP/HTTPS), authentication, certificate verification, and more.

Add all the required system images to your private registry. A list of images can be obtained from the .txt file corresponding to each tarball referenced above. Alternatively, you can docker load the airgap image tarballs, then tag and push the loaded images.
Install Windows RKE2 using the system-default-registry parameter, or use the containerd registry configuration to use your registry as a mirror for docker.io.

Install Windows RKE2

These steps should only be performed after completing one of either the Tarball Method or Private Registry Method.

Obtain the Windows RKE2 binary file rke2-windows-amd64.exe. Ensure the binary is named rke2.exe and place it in c:/usr/local/bin.
```
Invoke-WebRequest <PRIME-Artifacts-URL>/rke2/<VERSION>/rke2-windows-amd64.exe -OutFile c:/usr/local/bin/rke2.exe
```

Configure the rke2-agent for Windows.

New-Item -Type Directory c:/etc/rancher/rke2 -Force
Set-Content -Path c:/etc/rancher/rke2/config.yaml -Value @"
server: https://<server>:9345
token: <token from server node>
"@

To read more about the config.yaml file, see the Install Options documentation.

Configure your PATH.

$env:PATH+=";c:\var\lib\rancher\rke2\bin;c:\usr\local\bin"

"Path",
[Environment]::GetEnvironmentVariable("Path", [EnvironmentVariableTarget]::Machine) + ";c:\var\lib\rancher\rke2\bin;c:\usr\local\bin",
[EnvironmentVariableTarget]::Machine)

Start the RKE2 Windows service by running the binary with the desired parameters. Please see the Windows Agent Configuration reference for additional parameters.
```
c:\usr\local\bin\rke2.exe agent service --add
Start-Service rke2
```
- If you are using the Rancher Prime registry, set the following values in config.yaml:
  1. Set system-default-registry: registry.rancher.com.
  2. If you are not using the default CNI, Canal, set cni: <CNI>.
    
    system-default-registry: registry.rancher.com cni: <CNI>
- If using the Private Registry Method, set the following values in config.yaml:
  system-default-registry: "registry.example.com:5000"
  The system-default-registry parameter must specify only valid RFC 3986 URI authorities, i.e. a host and optional port.
  
  If you prefer to use CLI parameters only, run the binary with the desired parameters.
  c:/usr/local/bin/rke2.exe agent --token <> --server <>