Standard
Example of the layout configuration:
---
apiVersion: deckhouse.io/v1alpha1
kind: VCDClusterConfiguration
layout: Standard
provider:
server: '<SERVER>'
username: '<USERNAME>'
password: '<PASSWORD>'
insecure: true
sshPublicKey: ssh-rsa AAAABBBBB
organization: deckhouse
virtualDataCenter: MSK-1
virtualApplicationName: deckhouse
internalNetworkCIDR: 192.168.199.0/24
masterNodeGroup:
replicas: 1
instanceClass:
storageProfile: "Fast vHDD"
sizingPolicy: 4cpu8mem
template: "catalog/Ubuntu 22.04 Server"
mainNetworkIPAddresses:
- 192.168.199.2
WithNAT
When using this placement scheme, you must check with the administrator which network virtualization platform is in use and specify it in the edgeGateway.type
parameter.
Two options are supported: NSX-T
and NSX-V
.
To ensure administrative access to the cluster nodes, a bastion is deployed. The parameters for its configuration are described in the bastion
section.
If the Edge Gateway is based on NSX-T
, a DHCP server will be automatically enabled in the created network for the nodes.
It will assign IP addresses starting from the 30th address in the subnet up to the second-to-last (just before the broadcast address).
You can change the starting address of the DHCP pool using the internalNetworkDHCPPoolStartAddress
parameter.
If NSX-V
is used, DHCP must be configured manually. Otherwise, nodes that rely on dynamic IP assignment will not be able to obtain an address.
It is not recommended to use dynamic addressing for the first master node in combination with NSX-V
.
The deployment scheme assumes automated creation of NAT rules:
- An SNAT rule for translating the addresses of the internal node network to the external address specified in the
edgeGateway.externalIP
property. - A DNAT rule for translating the external address and port, specified in the
edgeGateway.externalIP
andedgeGateway.externalPort
properties, respectively, to the internal address of the bastion instance on port 22 using theTCP
protocol for administrative access to the nodes via SSH.
If the Edge Gateway is provided by NSX-V
, you must specify the name and type of the network to which the rule will be bound in the edgeGateway.NSX-V.externalNetworkName
and edgeGateway.NSX-V.externalNetworkType
properties, respectively. Typically, this is a network connected to the Edge Gateway in Gateway Interface
and having an external IP address.
Additionally, you can enable the creation of default firewall rules using the createDefaultFirewallRules
property.
If the Edge Gateway is provided by NSX-T
, existing rules on the Edge Gateway will be overwritten. It is assumed that using this option implies that only one cluster will be deployed per Edge Gateway.
The following rules will be created:
- Allow any outgoing traffic
- Allow incoming traffic over the
TCP
protocol on port 22 to enable SSH access to the cluster nodes - Allow any incoming traffic over the
ICMP
protocol - Allow incoming traffic over the
TCP
andUDP
protocols on ports 30000–32767 for NodePort usage
Example of the layout configuration using NSX-T
:
---
apiVersion: deckhouse.io/v1alpha1
kind: VCDClusterConfiguration
layout: WithNAT
provider:
server: '<SERVER>'
username: '<USERNAME>'
password: '<PASSWORD>'
insecure: true
sshPublicKey: ssh-rsa AAAABBBBB
organization: deckhouse
virtualDataCenter: MSK-1
virtualApplicationName: deckhouse
internalNetworkCIDR: 192.168.199.0/24
internalNetworkDNSServers:
- 77.88.8.8
- 1.1.1.1
mainNetwork: internal
bastion:
instanceClass:
rootDiskSizeGb: 30
sizingPolicy: 2cpu1mem
template: "catalog/Ubuntu 22.04 Server"
storageProfile: Fast vHDD
mainNetworkIPAddress: 10.1.4.10
edgeGateway:
name: "edge-gateway-01"
type: "NSX-T"
externalIP: 10.0.0.1
externalPort: 10022
createDefaultFirewallRules: false
masterNodeGroup:
replicas: 1
instanceClass:
storageProfile: "Fast vHDD"
sizingPolicy: 4cpu8mem
template: "catalog/Ubuntu 22.04 Server"
mainNetworkIPAddresses:
- 192.168.199.2
Example of the layout configuration using NSX-V
:
---
apiVersion: deckhouse.io/v1alpha1
kind: VCDClusterConfiguration
layout: WithNAT
provider:
server: '<SERVER>'
username: '<USERNAME>'
password: '<PASSWORD>'
insecure: true
sshPublicKey: ssh-rsa AAAABBBBB
organization: deckhouse
virtualDataCenter: MSK-1
virtualApplicationName: deckhouse
internalNetworkCIDR: 192.168.199.0/24
internalNetworkDNSServers:
- 77.88.8.8
- 1.1.1.1
mainNetwork: internal
bastion:
instanceClass:
rootDiskSizeGb: 30
sizingPolicy: 2cpu1mem
template: "catalog/Ubuntu 22.04 Server"
storageProfile: Fast vHDD
mainNetworkIPAddress: 10.1.4.10
edgeGateway:
name: "edge-gateway-01"
type: "NSX-V"
externalIP: 10.0.0.1
externalPort: 10022
NSX-V:
externalNetworkName: external
externalNetworkType: ext
createDefaultFirewallRules: true
masterNodeGroup:
replicas: 1
instanceClass:
storageProfile: "Fast vHDD"
sizingPolicy: 4cpu8mem
template: "catalog/Ubuntu 22.04 Server"
mainNetworkIPAddresses:
- 192.168.199.2