Getting Started
This will guide you through getting started with STIGATRON.
STIGATRON Images
The images for STIGATRON can be found here. You'll need to pull these images using hauler
.
Internet-Connected Environment
If you're working in a connected environment, look here for instructions on pulling the images into your registry.
Airgapped Environment
If you're working in an airgapped environment, look here for instructions on pulling the images locally.
On the airgap, look here for loading the localized images into the airgapped registry.
STIGATRON Helm Chart
The chart for STIGATRON can be found here. You'll need to pull the chart using hauler
.
Configuring Registry Credentials
Local Cluster
On the local cluster running Rancher Multi-cluster Manager, you'll need to configure credentials for the registry with the STIGATRON images. See the Rancher Configuration on how to set up those credentials.
Downstream Clusters
For downstream clusters, you'll need to also configure registry credentials. Depending on how RKE2 was configured and set up, there are a few ways to do this.
Rancher-Provisioned Cluster
If you provisioned or are provisioning RKE2 directly from the Rancher UI, you can configure/update that cluster with credentials.
- Click the upper-left menu and navigate to
Cluster Management
. - If updating an existing cluster, select that cluster, click the 3-dot menu in the upper-right, and select
Edit Config
. If creating a new cluster, just clickCreate
in the upper-left. - Once you get to the screen to update/create the cluster's node pools, scroll to the bottom under
Cluster Configuration
and find theRegistries
tab. - Select the second option (
Use specified private registry for Rancher System Container Images
). - Enter your registry hostname in the first box.
- In the
Authentication
box, selectCreate a HTTP Basic Auth Secret
and enter your credentials.
- For future clusters using the same registry, you can just select existing secret.
- Click
Save
.
- Wait for cluster to reconcile.
Imported Cluster
If you're working with a cluster that was imported or is to be imported into the Rancher MCM, you'll need to update the containerd registries.yaml
file on every node, substituting your registry hostname and credentials:
# /etc/rancher/k3s/registries.yaml
# /etc/rancher/rke2/registries.yaml
configs:
"<registry-url>":
auth:
username: <redacted>
password: <redacted>