KOP Airgap - Installation
The overall installation process abstracts and dramatically simplifies the deployment of a relatively complex technology stack into just a few steps.
Assumptions¶
Please ensure that you have properly configured and tested the required resources (nodes, storage, networking, security etc) as per the requirements.
Step 1: Download Installer¶
- Download the latest version of the installer using the download link provided by the support team.
- Verify the package using either the md5 or sha256 checksum provided by the support team.
- From your home directory, untar the package using the command below
tar -xf rafay-controller-x.x.x.tar.gz
- Copy the controller's installer "radm" utility CLI tool to the system path directory
sudo mv ./radm /usr/bin/
Step 2: Edit Config File¶
In this step, you will customize and personalize the configuration YAML file for your air-gapped controller.
- Copy the "config.yaml" file
cp -rp config.yaml-tmpl config.yaml
vi config.yaml
- Customize the "config.yaml" file
Item | Description |
---|---|
metadata.name | Name for the controller |
spec.networking.interface | Interface for controller traffic (optional) |
spec.deployment.ha | True if controller is more than 1 node setup. |
spec.repo..path. | Path of the tar location. |
spec.app-config.generate-self-signed-certs | Generates and uses self signed certs for incoming controller traffic if set to true |
spec.app-config.console-certificates.certificate | base64 encoding of the certificate (required if generate-self-signed-cert set to false) |
spec.app-config.console-certificates.key | base64 encoding of the private key (required if generate-self-signed-cert set to false) |
spec.app-config.partner.logo | Display logo for white labeling and branding (optional) |
spec.app-config.partner.star-domain | Wild card DNS domain to use for the controller |
spec.override-config.global.enable_hosted_dns_server | Toggle to host internal DNS server if DNS is not available in env |
spec.override-config.localprovisioner.basePath | Path where persistent volumes are created |
spec.override-config.core-registry-path | path where registry images are stored |
spec.override-config.etcd-path | path where etcd data is saved |
spec.override-config.global.external_lb | True, if external LB is used for SSL offloading |
spec.override-config.global.use_instance_role | Toggle if using IAM role for controller instance |
spec.override-config.global.aws* | AWS credentials |
Step 3: Provision Infrastructure¶
In this step, you will deploy the baseline infrastructure services layer (Kubernetes, Docker, Storage, etc).
Start provisioning the controller infrastructure using the command shown below. The "radm" CLI utility accepts the config.yaml file as input and automatically provisions the required infrastructure.
sudo radm init --config config.yaml
It may take up to ~5 minutes for this step to complete. Once it is done, copy the kubeconfig file to home directory to access the API server using KubeCTL CLI.
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) -R $HOME/.kube
Verify that you are able to perform kubectl operations to the cluster by issuing the following command
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
airgap-nonha-controller Ready master 17m v1.18.6
Step 4: Install Software Dependencies¶
In this step, you will install the software dependencies that are required by the controller. The "radm" CLI utility accepts the config.yaml as input and automatically installs all the required software dependencies.
sudo radm dependency --config config.yaml
It may take up to ~15 minutes for this step to complete.
Verify all pods are in running state before proceeding to the next step
$ kubectl get pod -A |grep -v Running
NAMESPACE NAME READY STATUS RESTARTS AGE
$
Step 5: Install the Controller¶
In the previous steps, you provisioned the required infrastructure and installed software dependencies. In this step, you will install the controller software.
Run the following command. This will install and bring up all the required micro-services for the controller application. Note that this command can take ~10 minutes to finish.
sudo radm application --config config.yaml
Once the installation process is completed, wait for all pods to be in "Running" state. This may take another ~5-10 minutes
$ kubectl get pod -A |grep -v Running
NAMESPACE NAME READY STATUS RESTARTS AGE
$
After this point you have the operational air-gapped controller
Step 6: Access Controller Console¶
Try accessing the air-gapped controller's console URL on the configured domain: "https://console.<your_dns_domain>". You should see a page similar to the illustrative example shown below.
Signup for an organization (tenant) in the air gapped controller
Now you should be able to login to your organization on the air-gapped controller with the email and password above
Step 7: Upload Cluster Dependencies¶
The air-gapped controller is specifically designed to be operated in environments where there is "no connectivity to the Internet". As the result, administrators are required to upload critical software dependencies, packages, binaries and docker images to the registry on the air-gapped controller. This will ensure that the managed downstream clusters only have to reach out to the air-gapped controller for required softwares and docker images during provisioning and update.
Run the following command to upload all the pre-packaged software dependencies, binaries and docker images to the registry on the air-gapped controller. It may take ~15-20 minutes for the upload to complete
sudo radm cluster --config config.yaml
After this step is completed successfully, you can start deploying your first Kubernetes cluster in your organization through the air-gapped controller.