Standard

Standard layout

Example of the layout configuration:

---
apiVersion: deckhouse.io/v1alpha1
kind: VCDClusterConfiguration
layout: Standard
provider:
  server: '<SERVER>'
  username: '<USERNAME>'
  password: '<PASSWORD>'
  insecure: true
sshPublicKey: ssh-rsa AAAABBBBB
organization: deckhouse
virtualDataCenter: MSK-1
virtualApplicationName: deckhouse
internalNetworkCIDR: 192.168.199.0/24
masterNodeGroup:
  replicas: 1
  instanceClass:
    storageProfile: "Fast vHDD"
    sizingPolicy: 4cpu8mem
    template: "catalog/Ubuntu 22.04 Server"
    mainNetworkIPAddresses:
    - 192.168.199.2

WithNAT

WithNAT layout

When using this placement scheme, you must check with the administrator which network virtualization platform is in use and specify it in the edgeGateway.type parameter.
Two options are supported: NSX-T and NSX-V.

To ensure administrative access to the cluster nodes, a bastion is deployed. The parameters for its configuration are described in the bastion section.

If the Edge Gateway is based on NSX-T, a DHCP server will be automatically enabled in the created network for the nodes.
It will assign IP addresses starting from the 30th address in the subnet up to the second-to-last (just before the broadcast address).
You can change the starting address of the DHCP pool using the internalNetworkDHCPPoolStartAddress parameter.

If NSX-V is used, DHCP must be configured manually. Otherwise, nodes that rely on dynamic IP assignment will not be able to obtain an address.

It is not recommended to use dynamic addressing for the first master node in combination with NSX-V.

The deployment scheme assumes automated creation of NAT rules:

  • An SNAT rule for translating the addresses of the internal node network to the external address specified in the edgeGateway.externalIP property.
  • A DNAT rule for translating the external address and port, specified in the edgeGateway.externalIP and edgeGateway.externalPort properties, respectively, to the internal address of the bastion instance on port 22 using the TCP protocol for administrative access to the nodes via SSH.

If the Edge Gateway is provided by NSX-V, you must specify the name and type of the network to which the rule will be bound in the edgeGateway.NSX-V.externalNetworkName and edgeGateway.NSX-V.externalNetworkType properties, respectively. Typically, this is a network connected to the Edge Gateway in Gateway Interface and having an external IP address.

Additionally, you can enable the creation of default firewall rules using the createDefaultFirewallRules property.

If the Edge Gateway is provided by NSX-T, existing rules on the Edge Gateway will be overwritten. It is assumed that using this option implies that only one cluster will be deployed per Edge Gateway.

The following rules will be created:

  • Allow any outgoing traffic
  • Allow incoming traffic over the TCP protocol on port 22 to enable SSH access to the cluster nodes
  • Allow any incoming traffic over the ICMP protocol
  • Allow incoming traffic over the TCP and UDP protocols on ports 30000–32767 for NodePort usage

Example of the layout configuration using NSX-T:

---
apiVersion: deckhouse.io/v1alpha1
kind: VCDClusterConfiguration
layout: WithNAT
provider:
  server: '<SERVER>'
  username: '<USERNAME>'
  password: '<PASSWORD>'
  insecure: true
sshPublicKey: ssh-rsa AAAABBBBB
organization: deckhouse
virtualDataCenter: MSK-1
virtualApplicationName: deckhouse
internalNetworkCIDR: 192.168.199.0/24
internalNetworkDNSServers:
  - 77.88.8.8
  - 1.1.1.1
mainNetwork: internal
bastion:
  instanceClass:
    rootDiskSizeGb: 30
    sizingPolicy: 2cpu1mem
    template: "catalog/Ubuntu 22.04 Server"
    storageProfile: Fast vHDD
    mainNetworkIPAddress: 10.1.4.10
edgeGateway:
  name: "edge-gateway-01"
  type: "NSX-T"
  externalIP: 10.0.0.1
  externalPort: 10022
createDefaultFirewallRules: false
masterNodeGroup:
  replicas: 1
  instanceClass:
    storageProfile: "Fast vHDD"
    sizingPolicy: 4cpu8mem
    template: "catalog/Ubuntu 22.04 Server"
    mainNetworkIPAddresses:
    - 192.168.199.2

Example of the layout configuration using NSX-V:

---
apiVersion: deckhouse.io/v1alpha1
kind: VCDClusterConfiguration
layout: WithNAT
provider:
  server: '<SERVER>'
  username: '<USERNAME>'
  password: '<PASSWORD>'
  insecure: true
sshPublicKey: ssh-rsa AAAABBBBB
organization: deckhouse
virtualDataCenter: MSK-1
virtualApplicationName: deckhouse
internalNetworkCIDR: 192.168.199.0/24
internalNetworkDNSServers:
  - 77.88.8.8
  - 1.1.1.1
mainNetwork: internal
bastion:
  instanceClass:
    rootDiskSizeGb: 30
    sizingPolicy: 2cpu1mem
    template: "catalog/Ubuntu 22.04 Server"
    storageProfile: Fast vHDD
    mainNetworkIPAddress: 10.1.4.10
edgeGateway:
  name: "edge-gateway-01"
  type: "NSX-V"
  externalIP: 10.0.0.1
  externalPort: 10022
  NSX-V:
    externalNetworkName: external
    externalNetworkType: ext
createDefaultFirewallRules: true
masterNodeGroup:
  replicas: 1
  instanceClass:
    storageProfile: "Fast vHDD"
    sizingPolicy: 4cpu8mem
    template: "catalog/Ubuntu 22.04 Server"
    mainNetworkIPAddresses:
    - 192.168.199.2