Deckhouse Platform in a private environment

Installation

Caution! The settings for working through a proxy server have changed in Deckhouse 1.42 (issue). The guide is for Deckhouse 1.42+.

bm-private

The recommended settings for a Deckhouse Platform Community Edition installation are generated below:

config.yml — a file with the configuration needed to bootstrap the cluster. Contains the installer parameters, access parameters, and the initial cluster parameters.

Please pay attention to:

highlighted parameters you must define.
parameters you might want to change.
The installation must be performed from a personal computer with SSH access to the node, the master node of the future cluster.

Create the config.yml file.

config.ymlCopy filename Copy content

# General cluster parameters.
# https://deckhouse.io/documentation/v1/installing/configuration.html#clusterconfiguration
apiVersion: deckhouse.io/v1
kind: ClusterConfiguration
clusterType: Static
# Address space of the cluster's Pods.
podSubnetCIDR: 10.111.0.0/16
# Address space of the cluster's services.
serviceSubnetCIDR: 10.222.0.0/16
kubernetesVersion: "1.23"
clusterDomain: "cluster.local"
# Proxy server settings.
proxy:
  httpProxy: <HTTP_PROXY_ADDRESS>
  httpsProxy: <HTTPS_PROXY_ADDRESS>
  noProxy: <NO_PROXY_LIST>
---
# Section for bootstrapping the Deckhouse cluster.
# https://deckhouse.io/documentation/v1/installing/configuration.html#initconfiguration
apiVersion: deckhouse.io/v1
kind: InitConfiguration
deckhouse:
  releaseChannel: Stable
  configOverrides:
    global:
      modules:
        # Template to use for system app domains within the cluster.
        # For example, in the case of %s.example.com, Grafana will be mapped to grafana.example.com.
        publicDomainTemplate: "%s.example.com"
    # Enable the cni-flannel module.
    # You might consider changing this.
    cniFlannelEnabled: true
    # Cni-flannel module settings.
    # You might consider changing this.
    cniFlannel:
      # Flannel backend, available values are VXLAN (if your servers have L3 connectivity) and HostGW (for L2 networks).
      podNetworkMode: VXLAN
  # Address of the Docker registry where the Deckhouse images are located.
  imagesRepo: <IMAGES_REPO_URI>
  # A special string with your token to access the Docker registry.
  registryDockerCfg: <YOUR_PRIVATE_ACCESS_STRING_IS_HERE>
  # Registry access scheme (HTTP or HTTPS).
  registryScheme: HTTPS
  # Root CA certificate to validate the registry’s HTTPS certificate (if self-signed certificates are used).
  registryCA: <REGISTRY_CA>
---
# Section with the parameters of the bare metal cluster (StaticClusterConfiguration).
# https://deckhouse.io/documentation/v1/installing/configuration.html#staticclusterconfiguration
apiVersion: deckhouse.io/v1
kind: StaticClusterConfiguration
# list of internal cluster networks (e.g., '10.0.4.0/24'), which is
# used for linking Kubernetes components (kube-apiserver, kubelet etc.)
# if every node in cluster has only one network interface
# StaticClusterConfiguration resource can be skipped.
internalNetworkCIDRs:
- *!CHANGE_internalNetworkCIDRs*

# General cluster parameters. # https://deckhouse.io/documentation/v1/installing/configuration.html#clusterconfiguration apiVersion: deckhouse.io/v1 kind: ClusterConfiguration clusterType: Static # Address space of the cluster's Pods. podSubnetCIDR: 10.111.0.0/16 # Address space of the cluster's services. serviceSubnetCIDR: 10.222.0.0/16 kubernetesVersion: "1.23" clusterDomain: "cluster.local" # Proxy server settings. proxy: httpProxy: <HTTP_PROXY_ADDRESS> httpsProxy: <HTTPS_PROXY_ADDRESS> noProxy: <NO_PROXY_LIST> --- # Section for bootstrapping the Deckhouse cluster. # https://deckhouse.io/documentation/v1/installing/configuration.html#initconfiguration apiVersion: deckhouse.io/v1 kind: InitConfiguration deckhouse: releaseChannel: Stable configOverrides: global: modules: # Template to use for system app domains within the cluster. # For example, in the case of %s.example.com, Grafana will be mapped to grafana.example.com. publicDomainTemplate: "%s.example.com" # Enable the cni-flannel module. # You might consider changing this. cniFlannelEnabled: true # Cni-flannel module settings. # You might consider changing this. cniFlannel: # Flannel backend, available values are VXLAN (if your servers have L3 connectivity) and HostGW (for L2 networks). podNetworkMode: VXLAN # Address of the Docker registry where the Deckhouse images are located. imagesRepo: <IMAGES_REPO_URI> # A special string with your token to access the Docker registry. registryDockerCfg: <YOUR_PRIVATE_ACCESS_STRING_IS_HERE> # Registry access scheme (HTTP or HTTPS). registryScheme: HTTPS # Root CA certificate to validate the registry’s HTTPS certificate (if self-signed certificates are used). registryCA: <REGISTRY_CA> --- # Section with the parameters of the bare metal cluster (StaticClusterConfiguration). # https://deckhouse.io/documentation/v1/installing/configuration.html#staticclusterconfiguration apiVersion: deckhouse.io/v1 kind: StaticClusterConfiguration # list of internal cluster networks (e.g., '10.0.4.0/24'), which is # used for linking Kubernetes components (kube-apiserver, kubelet etc.) # if every node in cluster has only one network interface # StaticClusterConfiguration resource can be skipped. internalNetworkCIDRs: - *!CHANGE_internalNetworkCIDRs*

Use a Docker image to install the Deckhouse Platform. It is necessary to transfer configuration files to the container as well as SSH keys for accessing the master node (further, it is assumed that the SSH key ~/.ssh/id_rsa is used).

Run the installer on the personal computer.

Linux / macOS Windows

Copy content

docker run --pull=always -it -v "$PWD/config.yml:/config.yml" -v "$HOME/.ssh/:/tmp/.ssh/" <IMAGES_REPO_URI>/install:stable bash

docker run --pull=always -it -v "$PWD/config.yml:/config.yml" -v "$HOME/.ssh/:/tmp/.ssh/" <IMAGES_REPO_URI>/install:stable bash

Copy content

docker run --pull=always -it -v "%cd%\config.yml:/config.yml" -v "%userprofile%\.ssh\:/tmp/.ssh/" <IMAGES_REPO_URI>/install:stable bash -c "chmod 400 /tmp/.ssh/id_rsa; bash"

docker run --pull=always -it -v "%cd%\config.yml:/config.yml" -v "%userprofile%\.ssh\:/tmp/.ssh/" <IMAGES_REPO_URI>/install:stable bash -c "chmod 400 /tmp/.ssh/id_rsa; bash"

Now, to initiate the process of installation, you need to execute inside the container:

Copy content

dhctl bootstrap --ssh-user=<username> --ssh-host=<master_ip> --ssh-agent-private-keys=/tmp/.ssh/id_rsa \
  --config=/config.yml \
  --ask-become-pass

dhctl bootstrap --ssh-user=<username> --ssh-host=<master_ip> --ssh-agent-private-keys=/tmp/.ssh/id_rsa \ --config=/config.yml \ --ask-become-pass

The --ssh-user parameter here refers to the user that generated the SSH key. If a password is required to run sudo on the server, then specify it in response to the request [sudo] Password:.

The installation process may take about 15-30 minutes with a good connection.

After the installation is complete, the installer will output the IP of the master node (you will need it further). Example output:

...
┌ 🎈 ~ Common: Kubernetes Master Node addresses for SSH
│ cloud-demo-master-0 | ssh ubuntu@1.2.3.4
└ 🎈 ~ Common: Kubernetes Master Node addresses for SSH (0.00 seconds)

Almost everything is ready for a fully-fledged Deckhouse Platform to work!

Run the installer on the personal computer.

Linux / macOS Windows

Copy content

 echo <LICENSE_TOKEN> | docker login -u license-token --password-stdin registry.deckhouse.io
docker run --pull=always -it -v "$PWD/config.yml:/config.yml" -v "$HOME/.ssh/:/tmp/.ssh/" registry.deckhouse.io/deckhouse/ee/install:stable bash

echo <LICENSE_TOKEN> | docker login -u license-token --password-stdin registry.deckhouse.io docker run --pull=always -it -v "$PWD/config.yml:/config.yml" -v "$HOME/.ssh/:/tmp/.ssh/" registry.deckhouse.io/deckhouse/ee/install:stable bash

Copy content

docker login -u license-token registry.deckhouse.io

docker login -u license-token registry.deckhouse.io

Run a container with the installer:

Copy content

docker run --pull=always -it -v "%cd%\config.yml:/config.yml" -v "%userprofile%\.ssh\:/tmp/.ssh/" registry.deckhouse.io/deckhouse/ee/install:stable bash -c "chmod 400 /tmp/.ssh/id_rsa; bash"

docker run --pull=always -it -v "%cd%\config.yml:/config.yml" -v "%userprofile%\.ssh\:/tmp/.ssh/" registry.deckhouse.io/deckhouse/ee/install:stable bash -c "chmod 400 /tmp/.ssh/id_rsa; bash"

Now, to initiate the process of installation, you need to execute inside the container:

Copy content

dhctl bootstrap --ssh-user=<username> --ssh-host=<master_ip> --ssh-agent-private-keys=/tmp/.ssh/id_rsa \
  --config=/config.yml \
  --ask-become-pass

dhctl bootstrap --ssh-user=<username> --ssh-host=<master_ip> --ssh-agent-private-keys=/tmp/.ssh/id_rsa \ --config=/config.yml \ --ask-become-pass

The --ssh-user parameter here refers to the user that generated the SSH key. If a password is required to run sudo on the server, then specify it in response to the request [sudo] Password:.

The installation process may take about 15-30 minutes with a good connection.

After the installation is complete, the installer will output the IP of the master node (you will need it further). Example output:

...
┌ 🎈 ~ Common: Kubernetes Master Node addresses for SSH
│ cloud-demo-master-0 | ssh ubuntu@1.2.3.4
└ 🎈 ~ Common: Kubernetes Master Node addresses for SSH (0.00 seconds)

Almost everything is ready for a fully-fledged Deckhouse Platform to work!

Go back Next: Finishing installation

Deckhouse Platform in a private environment

Request 30 days access

Thank you

Error

Request callback

Thank you

Something went wrong

Book your sessions

Thank you

Error

Get the PCI SSC Compliance Report

Thank you

Error