Deckhouse Platform for bare metal

1
Selecting infrastructure
2
Installation information
3
Setting up cluster
4
Installation
5
Finishing installation
6
What can I do next?

At this point, you have created a basic single-master cluster.

For real-world conditions (production and test environments), you need to add additional nodes to the cluster according to the documentation.

If you install Deckhouse for evaluation purposes and one node in the cluster is enough for you, allow Deckhouse components to work on the master node. To do this, remove the taint from the master node by running the following command:

Copy content
sudo kubectl patch nodegroup master --type json -p '[{"op": "remove", "path": "/spec/nodeTemplate/taints"}]'
sudo kubectl patch nodegroup master --type json -p '[{"op": "remove", "path": "/spec/nodeTemplate/taints"}]'

After that, there will be three more actions.

  • Setup Ingress controller

    On the master node, create the ingress-nginx-controller.yml file containing the Ingress controller configuration:

    ingress-nginx-controller.ymlCopy filenameCopy content
    # section containing the parameters of nginx ingress controller
# version of the Deckhouse API
apiVersion: deckhouse.io/v1
kind: IngressNginxController
metadata:
  name: nginx
spec:
  # the name of the Ingress class to use with the Ingress nginx controller
  ingressClass: nginx
  # Ingress version to use (use version 1.1 with Kubernetes 1.23+)
  controllerVersion: "1.1"
  # the way traffic goes to cluster from the outer network
  inlet: HostPort
  hostPort:
    httpPort: 80
    httpsPort: 443
  # describes on which nodes the component will be located
  # you might consider changing this
  nodeSelector:
    node-role.kubernetes.io/control-plane: ""
  tolerations:
  - operator: Exists
    # section containing the parameters of nginx ingress controller # version of the Deckhouse API apiVersion: deckhouse.io/v1 kind: IngressNginxController metadata: name: nginx spec: # the name of the Ingress class to use with the Ingress nginx controller ingressClass: nginx # Ingress version to use (use version 1.1 with Kubernetes 1.23+) controllerVersion: "1.1" # the way traffic goes to cluster from the outer network inlet: HostPort hostPort: httpPort: 80 httpsPort: 443 # describes on which nodes the component will be located # you might consider changing this nodeSelector: node-role.kubernetes.io/control-plane: "" tolerations: - operator: Exists

    Apply it using the following command on the master node>:

    Copy content
    sudo kubectl create -f ingress-nginx-controller.yml
    sudo kubectl create -f ingress-nginx-controller.yml

  • Create a user to access the cluster web interfaces

    Create on the master node the user.yml file containing the user account data and access rights:

    user.ymlCopy filenameCopy content
    apiVersion: deckhouse.io/v1
kind: ClusterAuthorizationRule
metadata:
  name: admin
spec:
  # Kubernetes RBAC accounts list
  subjects:
  - kind: User
    name: admin@deckhouse.io
  # pre-defined access template
  accessLevel: SuperAdmin
  # allow user to do kubectl port-forward
  portForwarding: true
---
# section containing the parameters of the static user
# version of the Deckhouse API
apiVersion: deckhouse.io/v1
kind: User
metadata:
  name: admin
spec:
  # user e-mail
  email: admin@deckhouse.io
  # this is a hash of the password <GENERATED_PASSWORD>, generated  now
  # generate your own or use it at your own risk (for testing purposes)
  # echo "<GENERATED_PASSWORD>" | htpasswd -BinC 10 "" | cut -d: -f2
  # you might consider changing this
  password: <GENERATED_PASSWORD_HASH>
    apiVersion: deckhouse.io/v1 kind: ClusterAuthorizationRule metadata: name: admin spec: # Kubernetes RBAC accounts list subjects: - kind: User name: admin@deckhouse.io # pre-defined access template accessLevel: SuperAdmin # allow user to do kubectl port-forward portForwarding: true --- # section containing the parameters of the static user # version of the Deckhouse API apiVersion: deckhouse.io/v1 kind: User metadata: name: admin spec: # user e-mail email: admin@deckhouse.io # this is a hash of the password <GENERATED_PASSWORD>, generated now # generate your own or use it at your own risk (for testing purposes) # echo "<GENERATED_PASSWORD>" | htpasswd -BinC 10 "" | cut -d: -f2 # you might consider changing this password: <GENERATED_PASSWORD_HASH>

    Apply it using the following command on the master node:

    Copy content
    sudo kubectl create -f user.yml
    sudo kubectl create -f user.yml
  • Create DNS records to organize access to the cluster web-interfaces:
    • Discover public IP address of the node where the Ingress controller is running.
    • If you have the DNS server and you can add a DNS records:
      • If your cluster DNS name template is a wildcard DNS (e.g., %s.kube.my), then add a corresponding wildcard A record containing the public IP, you've discovered previously.
      • If your cluster DNS name template is NOT a wildcard DNS (e.g., %s-kube.company.my), then add A or CNAME records containing the public IP, you've discovered previously, for the following Deckhouse service DNS names: 
        api.example.com
argocd.example.com
cdi-uploadproxy.example.com
dashboard.example.com
deckhouse.example.com
dex.example.com
grafana.example.com
hubble.example.com
istio.example.com
istio-api-proxy.example.com
kubeconfig.example.com
openvpn-admin.example.com
prometheus.example.com
status.example.com
upmeter.example.com

    • If you don't have a DNS server: on your PC add static entries (specify your public IP address in the PUBLIC_IPvariable) that match the names of specific services to the public IP to the /etc/hosts file for Linux (%SystemRoot%\system32\drivers\etc\hosts for Windows):

      Copy content
      export PUBLIC_IP="<PUT_PUBLIC_IP_HERE>"
sudo -E bash -c "cat <<EOF >> /etc/hosts
$PUBLIC_IP api.example.com
$PUBLIC_IP argocd.example.com
$PUBLIC_IP cdi-uploadproxy.example.com
$PUBLIC_IP dashboard.example.com
$PUBLIC_IP deckhouse.example.com
$PUBLIC_IP dex.example.com
$PUBLIC_IP grafana.example.com
$PUBLIC_IP hubble.example.com
$PUBLIC_IP istio.example.com
$PUBLIC_IP istio-api-proxy.example.com
$PUBLIC_IP kubeconfig.example.com
$PUBLIC_IP openvpn-admin.example.com
$PUBLIC_IP prometheus.example.com
$PUBLIC_IP status.example.com
$PUBLIC_IP upmeter.example.com
EOF
"
      export PUBLIC_IP="<PUT_PUBLIC_IP_HERE>" sudo -E bash -c "cat <<EOF >> /etc/hosts $PUBLIC_IP api.example.com $PUBLIC_IP argocd.example.com $PUBLIC_IP cdi-uploadproxy.example.com $PUBLIC_IP dashboard.example.com $PUBLIC_IP deckhouse.example.com $PUBLIC_IP dex.example.com $PUBLIC_IP grafana.example.com $PUBLIC_IP hubble.example.com $PUBLIC_IP istio.example.com $PUBLIC_IP istio-api-proxy.example.com $PUBLIC_IP kubeconfig.example.com $PUBLIC_IP openvpn-admin.example.com $PUBLIC_IP prometheus.example.com $PUBLIC_IP status.example.com $PUBLIC_IP upmeter.example.com EOF "
Go back Next: What can I do next?