Deckhouse Platform for bare metal
At this point, you have created a basic single-master cluster.
For real-world conditions (production and test environments), you need to add additional nodes to the cluster according to the documentation.
If you install Deckhouse for evaluation purposes and one node in the cluster is enough for you, allow Deckhouse components to work on the master node. To do this, remove the taint from the master node by running the following command:
sudo kubectl patch nodegroup master --type json -p '[{"op": "remove", "path": "/spec/nodeTemplate/taints"}]'
sudo kubectl patch nodegroup master --type json -p '[{"op": "remove", "path": "/spec/nodeTemplate/taints"}]'
After that, there will be three more actions.
Setup Ingress controller
On the master node, create the
ingress-nginx-controller.yml
file containing the Ingress controller configuration:# section containing the parameters of nginx ingress controller # version of the Deckhouse API apiVersion: deckhouse.io/v1 kind: IngressNginxController metadata: name: nginx spec: # the name of the Ingress class to use with the Ingress nginx controller ingressClass: nginx # Ingress version to use (use version 1.1 with Kubernetes 1.23+) controllerVersion: "1.1" # the way traffic goes to cluster from the outer network inlet: HostPort hostPort: httpPort: 80 httpsPort: 443 # describes on which nodes the component will be located # you might consider changing this nodeSelector: node-role.kubernetes.io/control-plane: "" tolerations: - operator: Exists
# section containing the parameters of nginx ingress controller # version of the Deckhouse API apiVersion: deckhouse.io/v1 kind: IngressNginxController metadata: name: nginx spec: # the name of the Ingress class to use with the Ingress nginx controller ingressClass: nginx # Ingress version to use (use version 1.1 with Kubernetes 1.23+) controllerVersion: "1.1" # the way traffic goes to cluster from the outer network inlet: HostPort hostPort: httpPort: 80 httpsPort: 443 # describes on which nodes the component will be located # you might consider changing this nodeSelector: node-role.kubernetes.io/control-plane: "" tolerations: - operator: ExistsApply it using the following command on the master node>:
sudo kubectl create -f ingress-nginx-controller.yml
sudo kubectl create -f ingress-nginx-controller.ymlCreate a user to access the cluster web interfaces
Create on the master node the
user.yml
file containing the user account data and access rights:apiVersion: deckhouse.io/v1 kind: ClusterAuthorizationRule metadata: name: admin spec: # Kubernetes RBAC accounts list subjects: - kind: User name: admin@deckhouse.io # pre-defined access template accessLevel: SuperAdmin # allow user to do kubectl port-forward portForwarding: true --- # section containing the parameters of the static user # version of the Deckhouse API apiVersion: deckhouse.io/v1 kind: User metadata: name: admin spec: # user e-mail email: admin@deckhouse.io # this is a hash of the password <GENERATED_PASSWORD>, generated now # generate your own or use it at your own risk (for testing purposes) # echo "<GENERATED_PASSWORD>" | htpasswd -BinC 10 "" | cut -d: -f2 # you might consider changing this password: <GENERATED_PASSWORD_HASH>
apiVersion: deckhouse.io/v1 kind: ClusterAuthorizationRule metadata: name: admin spec: # Kubernetes RBAC accounts list subjects: - kind: User name: admin@deckhouse.io # pre-defined access template accessLevel: SuperAdmin # allow user to do kubectl port-forward portForwarding: true --- # section containing the parameters of the static user # version of the Deckhouse API apiVersion: deckhouse.io/v1 kind: User metadata: name: admin spec: # user e-mail email: admin@deckhouse.io # this is a hash of the password <GENERATED_PASSWORD>, generated now # generate your own or use it at your own risk (for testing purposes) # echo "<GENERATED_PASSWORD>" | htpasswd -BinC 10 "" | cut -d: -f2 # you might consider changing this password: <GENERATED_PASSWORD_HASH>Apply it using the following command on the master node:
- Create DNS records to organize access to the cluster web-interfaces:
- Discover public IP address of the node where the Ingress controller is running.
- If you have the DNS server and you can add a DNS records:
- If your cluster DNS name template is a wildcard DNS (e.g.,
%s.kube.my
), then add a corresponding wildcard A record containing the public IP, you've discovered previously. - If your cluster DNS name template is NOT a wildcard DNS (e.g.,
%s-kube.company.my
), then add A or CNAME records containing the public IP, you've discovered previously, for the following Deckhouse service DNS names:api.example.com argocd.example.com cdi-uploadproxy.example.com dashboard.example.com deckhouse.example.com dex.example.com grafana.example.com hubble.example.com istio.example.com istio-api-proxy.example.com kubeconfig.example.com openvpn-admin.example.com prometheus.example.com status.example.com upmeter.example.com
- If your cluster DNS name template is a wildcard DNS (e.g.,
If you don't have a DNS server: on your PC add static entries (specify your public IP address in the
PUBLIC_IP
variable) that match the names of specific services to the public IP to the/etc/hosts
file for Linux (%SystemRoot%\system32\drivers\etc\hosts
for Windows):export PUBLIC_IP="<PUT_PUBLIC_IP_HERE>" sudo -E bash -c "cat <<EOF >> /etc/hosts $PUBLIC_IP api.example.com $PUBLIC_IP argocd.example.com $PUBLIC_IP cdi-uploadproxy.example.com $PUBLIC_IP dashboard.example.com $PUBLIC_IP deckhouse.example.com $PUBLIC_IP dex.example.com $PUBLIC_IP grafana.example.com $PUBLIC_IP hubble.example.com $PUBLIC_IP istio.example.com $PUBLIC_IP istio-api-proxy.example.com $PUBLIC_IP kubeconfig.example.com $PUBLIC_IP openvpn-admin.example.com $PUBLIC_IP prometheus.example.com $PUBLIC_IP status.example.com $PUBLIC_IP upmeter.example.com EOF "
export PUBLIC_IP="<PUT_PUBLIC_IP_HERE>" sudo -E bash -c "cat <<EOF >> /etc/hosts $PUBLIC_IP api.example.com $PUBLIC_IP argocd.example.com $PUBLIC_IP cdi-uploadproxy.example.com $PUBLIC_IP dashboard.example.com $PUBLIC_IP deckhouse.example.com $PUBLIC_IP dex.example.com $PUBLIC_IP grafana.example.com $PUBLIC_IP hubble.example.com $PUBLIC_IP istio.example.com $PUBLIC_IP istio-api-proxy.example.com $PUBLIC_IP kubeconfig.example.com $PUBLIC_IP openvpn-admin.example.com $PUBLIC_IP prometheus.example.com $PUBLIC_IP status.example.com $PUBLIC_IP upmeter.example.com EOF "