Skip to content

Installation

Here are the detailed instructions for installation of the self hosted controller in Azure AKS clusters.


Download Controller Terraform Package

  • Click here to download the controller installation package to the instance

  • From your home directory, untar the package using the command below

tar -xf terraform*


Install Pass

For Centos ⅞

yum -y install tree
wget https://download-ib01.fedoraproject.org/pub/epel/8/Everything/x86_64/Packages/p/pass-1.7.3-7.el8.noarch.rpm
wget https://rpmfind.net/linux/centos/8-stream/BaseOS/x86_64/os/Packages/tree-1.7.0-15.el8.x86_64.rpm
yum --nogpgcheck localinstall tree-1.7.0-15.el8.x86_64.rpm
yum --nogpgcheck localinstall pass-1.7.3-7.el8.noarch.rpm

For Ubuntu/Debian

apt-get install pass

Create a GPG Key

For Ubuntu/Debian

gpg --full-generate-key

For CentOS ⅞

gpg --gen-key

Select the below options: 1. Type of Key - RSA and RSA (default) Key 2. Key size - 4096 3. Key is valid for - key does not expire

  • You need a user ID to identify your key, hence the software constructs the user ID from the Real Name, Comment and Email Address in this form: Example-ID (Example Name) example@example.com

Real name: First Middle Last Suffix Email address: first.last@host.tld Comment:

  • On selecting this USER-ID: First Middle Last Suffix first.last@host.tld

  • The system requests for a Passphrase, thus make a note of it

Fetch and display Keys

gpg --list-keys

Output:

/home/user/.gnupg/pubring.gpg
------------------------------
pub   4096R/65789276 2021-01-24
uid                  First Middle Last Suffix <first.last@host.tld>
sub   4096R/33W9D0G6 2021-01-24

Initialize Key

  • Initialize password store for 65789276

pass init 65789276

Input the Secret Phrase

  • Store your secrets by using the pass insert command:
pass insert secret_username
>Enter password for secret_username: admin
pass insert secret_password
>Enter password for secret_password: password
  • Read the secret out by using pass <secret>
pass secret_username
Output: admin

$ pass secret_password
Output: password
  • Read secrets from pass and set as environment variables
export TF_VAR_postgresql_admin_login_password=$(pass secret_password)

Terraform will automatically take up the secrets when you run terraform apply.

  • Use this functionality to put your secrets as environment variables in a subshell and then run terraform apply

Update Terraform Variables

After downloading the terraform package, update your configuration in terraform.tfvars in the eks-terraform directory.

#####-------AKS Resource Group-------####
existingResourceGroupFlag  = false
existingVirtualNetworkFlag = false
subscription_id            = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" ​​## <"update subscription id">
tenantId                   = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" ## <"Enter resource group name">
resource_group_name        = "example-dev-test"
location                   = "centralindia" ## <"Enter the location for azure resources to be created">

default_tags = {
  Environment = "AKS"
}
####-------AKS Database------####

postgresql_server_name        = "example-dev-postgresql"
public_network_access_enabled = true
existingDatabase              = false #true If using existing database
existingDatabaseFQDN          = ""    #existing database FQDN should be provided in case of using existing database
noc_node_public_ip            = "129.146.42.67"
#postgresql_admin_login_password = <use env TF_VAR_postgresql_admin_login_password to set value>

#####-------AKS Virtual Network-------####
vnet_name     = "example-dev-controller-vnet"
subnet_name   = "example-dev-controller-subnet"
subnet_cidr   = ["10.2.32.0/21"]
address_space = "10.2.0.0/16"
dns_servers   = ["10.0.0.4", "10.0.0.5"]


#####-------AKS Cluster-------####
aks_cluster_name   = "example-dev-controller" ## <Enter name of aks cluster>
dns_prefix         = "example-dev-controller-dns" ##<Enter dns prefix name>
kubernetes_version = "1.21.7" ## <Enter the kubernetes version>
default_pool_name  = "default"
node_count         = 3 ## <Enter the desired nodes as part of aks cluster>
min_count          = 3
max_count          = 10 ## <It should be 3 or more than 3>
vm_size            = "Standard_B16ms"
os_disk_size_gb    = "1028"
max_pods           = 250
default_pool_type  = "VirtualMachineScaleSets"
network_plugin     = "azure"
service_cidr       = "10.0.0.0/16"

############### Storage Account Creation for velero backups ############################

velero_storage_account_name   = "examplestorage" ## Do not use numbers for velero_storage_account_name
velero_storage_resource_group = "example-dev-test"
velero_container_name         = "examplevelerobackups"

####------    AKS Velero  ------------####
velero_restore = false

####----------------AKS HostedZone ---------------####################################
hosted_zone_name               = "example.dev.example.net"
hostedZone_resource_group_name = "example-hostedzone-rg"

####---Radm Config variables------####
controllerName          = "RafayAirGapController"
deploymentType          = "AKS"
databasePort            = "5432"
externalDatabaseEnabled = true
path                    = "/home/opc/controller" ## Please change this to the path where you have good disk space.
generateSelfSignedCerts = true
consoleCertificate      = ""
consoleKey              = ""
superUserName           = "example@example.co"
superUserPassword       = "example@1234"
starDomain              = "example.dev.example.net"
partnerName             = "example@example.co"
#if custom logo is present add a path below else leave it null
logoPath                = ""
productName             = "example-product"
helpDeskEmail           = "example@example.com"
notificationsEmail      = "example@example.com"
hostedDNSServerEnable   = "false"
externalLBEnable        =  false
useInstanceRole         = ""
awsAccountID            = "ZWRnZWRidXNlcg=="
awsAccessKeyID          = "ZWRnZWRidXNlcg=="
awsAccessSecretKey      = ""
controllerRepoUrl       = "https://dev-rafay-controller.s3.us-west-1.amazonaws.com/Publish"
controllerVersion       = "1.10-3"

Store terraform state files

Create a Resource Group, Storage account and Storage Container using below commands to store terraform state file

Exporting environment variables

TF_STATE_FILE_STORAGE_RESOURCE_GROUP=<Resource Group name>
TF_STATE_FILE_STORAGE_ACCOUNT=<storage account name>
TF_STATE_FILE_STORAGE_CONTAINER=<storage container name>

Note: If you already have a Storage Resource Group/Account/Container present, proceed directly to Run Terraform Commands.

Create Storage Resource Group

az group create --name "${TF_STATE_FILE_STORAGE_RESOURCE_GROUP}" --location centralindia

Create Storage Account

az storage account create -n $TF_STATE_FILE_STORAGE_ACCOUNT -g $TF_STATE_FILE_STORAGE_RESOURCE_GROUP

Create the container

az storage container create --account-name $TF_STATE_FILE_STORAGE_ACCOUNT -n $TF_STATE_FILE_STORAGE_CONTAINER --public-access blob


Run Terraform commands

  • Initialize the terraform code and run it.
terraform init \
-backend-config="resource_group_name=$TF_STATE_FILE_STORAGE_RESOURCE_GROUP" \
-backend-config="storage_account_name=$TF_STATE_FILE_STORAGE_ACCOUNT" \
-backend-config="container_name=$TF_STATE_FILE_STORAGE_CONTAINER" \
-backend-config="key=terraform.tfstate"
  • Create a plan of what resources are going to be executed in the AKS console.

terraform plan

  • Apply and create infrastructure to bring up the Self Hosted Controller.

terraform apply --auto-approve