Deckhouse Platform in a private environment

The recommended settings for a Deckhouse Platform Community Edition installation are generated below:

  • config.yml — a file with the configuration needed to bootstrap the cluster. Contains the installer parameters, access parameters, and the initial cluster parameters.

Please pay attention to:

  • highlighted parameters you must define.
  • parameters you might want to change.

The installation must be performed from a personal computer with SSH access to the node, the master node of the future cluster.

To learn more about the Deckhouse Platform release channels, please see the relevant documentation.

# General cluster parameters (ClusterConfiguration).
# Version of the Deckhouse API.
apiVersion: deckhouse.io/v1
# Type of the configuration section.
kind: ClusterConfiguration
# Type of the infrastructure: bare metal (Static) or Cloud (Cloud).
clusterType: Static
# Address space of the cluster's Pods.
podSubnetCIDR: 10.111.0.0/16
# Address space of the cluster's services.
serviceSubnetCIDR: 10.222.0.0/16
# Kubernetes version to install.
kubernetesVersion: "1.23"
# Cluster domain (used for local routing).
clusterDomain: "cluster.local"
packagesProxy:
  uri: https://example.com
  username: <PROXY-USERNAME>
  password: <PROXY-PASSWORD>
---
# Section for bootstrapping the Deckhouse cluster (InitConfiguration).
# Version of the Deckhouse API.
apiVersion: deckhouse.io/v1
# Type of the configuration section.
kind: InitConfiguration
# Deckhouse parameters.
deckhouse:
  # The release channel in use.
  releaseChannel: Stable
  configOverrides:
    global:
      modules:
        # Template to use for system app domains within the cluster.
        # For example, in the case of %s.example.com, Grafana will be mapped to grafana.example.com.
        publicDomainTemplate: "%s.example.com"
        # Proxy server settings for accessing Deckhouse modules to the Internet.
        proxy:
          httpProxy: <HTTP_PROXY_ADDRESS>
          httpsProxy: <HTTPS_PROXY_ADDRESS>
          noProxy: <NO_PROXY_LIST>
    # Enable the cni-flannel module.
    cniFlannelEnabled: true
    # Cni-flannel module settings.
    cniFlannel:
      # Flannel backend, available values are VXLAN (if your servers have L3 connectivity) and HostGW (for L2 networks).
      # You might consider changing this.
      podNetworkMode: VXLAN
  # Address of the Docker registry where the Deckhouse images are located.
  imagesRepo: <IMAGES_REPO_URI>
  # A special string with your token to access the Docker registry.
  registryDockerCfg: <YOUR_PRIVATE_ACCESS_STRING_IS_HERE>
  # Registry access scheme (HTTP or HTTPS).
  registryScheme: HTTPS
  # Root CA certificate to validate the registry’s HTTPS certificate (if self-signed certificates are used).
  registryCA: <REGISTRY_CA>
---
# Section with the parameters of the bare metal cluster (StaticClusterConfiguration).
# Version of the Deckhouse API.
apiVersion: deckhouse.io/v1
# Type of the configuration section.
kind: StaticClusterConfiguration
# List of internal cluster networks (e.g., '10.0.4.0/24')
# for linking Kubernetes components (kube-apiserver, kubelet etc.).
internalNetworkCIDRs:
- *!CHANGE_internalNetworkCIDRs*
# General cluster parameters (ClusterConfiguration). # Version of the Deckhouse API. apiVersion: deckhouse.io/v1 # Type of the configuration section. kind: ClusterConfiguration # Type of the infrastructure: bare metal (Static) or Cloud (Cloud). clusterType: Static # Address space of the cluster's Pods. podSubnetCIDR: 10.111.0.0/16 # Address space of the cluster's services. serviceSubnetCIDR: 10.222.0.0/16 # Kubernetes version to install. kubernetesVersion: "1.23" # Cluster domain (used for local routing). clusterDomain: "cluster.local" packagesProxy: uri: https://example.com username: <PROXY-USERNAME> password: <PROXY-PASSWORD> --- # Section for bootstrapping the Deckhouse cluster (InitConfiguration). # Version of the Deckhouse API. apiVersion: deckhouse.io/v1 # Type of the configuration section. kind: InitConfiguration # Deckhouse parameters. deckhouse: # The release channel in use. releaseChannel: Stable configOverrides: global: modules: # Template to use for system app domains within the cluster. # For example, in the case of %s.example.com, Grafana will be mapped to grafana.example.com. publicDomainTemplate: "%s.example.com" # Proxy server settings for accessing Deckhouse modules to the Internet. proxy: httpProxy: <HTTP_PROXY_ADDRESS> httpsProxy: <HTTPS_PROXY_ADDRESS> noProxy: <NO_PROXY_LIST> # Enable the cni-flannel module. cniFlannelEnabled: true # Cni-flannel module settings. cniFlannel: # Flannel backend, available values are VXLAN (if your servers have L3 connectivity) and HostGW (for L2 networks). # You might consider changing this. podNetworkMode: VXLAN # Address of the Docker registry where the Deckhouse images are located. imagesRepo: <IMAGES_REPO_URI> # A special string with your token to access the Docker registry. registryDockerCfg: <YOUR_PRIVATE_ACCESS_STRING_IS_HERE> # Registry access scheme (HTTP or HTTPS). registryScheme: HTTPS # Root CA certificate to validate the registry’s HTTPS certificate (if self-signed certificates are used). registryCA: <REGISTRY_CA> --- # Section with the parameters of the bare metal cluster (StaticClusterConfiguration). # Version of the Deckhouse API. apiVersion: deckhouse.io/v1 # Type of the configuration section. kind: StaticClusterConfiguration # List of internal cluster networks (e.g., '10.0.4.0/24') # for linking Kubernetes components (kube-apiserver, kubelet etc.). internalNetworkCIDRs: - *!CHANGE_internalNetworkCIDRs*

Use a Docker image to install the Deckhouse Platform. It is necessary to transfer configuration files to the container as well as SSH keys for accessing the master nodes.

Log in on the personal computer to the container image registry you specified in the previous step.

Run the installer on the personal computer.

Linux / macOS Windows

docker run --pull=always -it -v "$PWD/config.yml:/config.yml" -v "$HOME/.ssh/:/tmp/.ssh/" <IMAGES_REPO_URI>/install:stable bash
docker run --pull=always -it -v "$PWD/config.yml:/config.yml" -v "$HOME/.ssh/:/tmp/.ssh/" <IMAGES_REPO_URI>/install:stable bash
docker run --pull=always -it -v "%cd%\config.yml:/config.yml" -v "%userprofile%\.ssh\:/tmp/.ssh/" <IMAGES_REPO_URI>/install:stable bash -c "chmod 400 /tmp/.ssh/id_rsa; bash"
docker run --pull=always -it -v "%cd%\config.yml:/config.yml" -v "%userprofile%\.ssh\:/tmp/.ssh/" <IMAGES_REPO_URI>/install:stable bash -c "chmod 400 /tmp/.ssh/id_rsa; bash"

Now, to initiate the process of installation, you need to execute inside the container:

dhctl bootstrap --ssh-user=<username> --ssh-host=<master_ip> --ssh-agent-private-keys=/tmp/.ssh/id_rsa \
  --config=/config.yml \
  --ask-become-pass
dhctl bootstrap --ssh-user=<username> --ssh-host=<master_ip> --ssh-agent-private-keys=/tmp/.ssh/id_rsa \ --config=/config.yml \ --ask-become-pass

The --ssh-user parameter here refers to the user that generated the SSH key. If a password is required to run sudo on the server, then specify it in response to the request [sudo] Password:, otherwise leave it empty.

After the installation is complete, you will be returned to the command line.

Almost everything is ready for a fully-fledged Deckhouse Platform to work!

Use a Docker image to install the Deckhouse Platform. It is necessary to transfer configuration files to the container as well as SSH keys for accessing the master nodes.

Log in on the personal computer to the container image registry you specified in the previous step.

Run the installer on the personal computer.

Linux / macOS Windows

 echo <LICENSE_TOKEN> | docker login -u license-token --password-stdin registry.deckhouse.io
docker run --pull=always -it -v "$PWD/config.yml:/config.yml" -v "$HOME/.ssh/:/tmp/.ssh/" registry.deckhouse.io/deckhouse/ee/install:stable bash
echo <LICENSE_TOKEN> | docker login -u license-token --password-stdin registry.deckhouse.io docker run --pull=always -it -v "$PWD/config.yml:/config.yml" -v "$HOME/.ssh/:/tmp/.ssh/" registry.deckhouse.io/deckhouse/ee/install:stable bash

Log in on the personal computer to the container image registry by providing the license key as a password:

docker login -u license-token registry.deckhouse.io
docker login -u license-token registry.deckhouse.io

Run a container with the installer:

docker run --pull=always -it -v "%cd%\config.yml:/config.yml" -v "%userprofile%\.ssh\:/tmp/.ssh/" registry.deckhouse.io/deckhouse/ee/install:stable bash -c "chmod 400 /tmp/.ssh/id_rsa; bash"
docker run --pull=always -it -v "%cd%\config.yml:/config.yml" -v "%userprofile%\.ssh\:/tmp/.ssh/" registry.deckhouse.io/deckhouse/ee/install:stable bash -c "chmod 400 /tmp/.ssh/id_rsa; bash"

Now, to initiate the process of installation, you need to execute inside the container:

dhctl bootstrap --ssh-user=<username> --ssh-host=<master_ip> --ssh-agent-private-keys=/tmp/.ssh/id_rsa \
  --config=/config.yml \
  --ask-become-pass
dhctl bootstrap --ssh-user=<username> --ssh-host=<master_ip> --ssh-agent-private-keys=/tmp/.ssh/id_rsa \ --config=/config.yml \ --ask-become-pass

The --ssh-user parameter here refers to the user that generated the SSH key. If a password is required to run sudo on the server, then specify it in response to the request [sudo] Password:, otherwise leave it empty.

After the installation is complete, you will be returned to the command line.

Almost everything is ready for a fully-fledged Deckhouse Platform to work!