Deckhouse Platform in existing cluster

1
Selecting infrastructure
2
Installation information
3
Installation
4
Finishing installation
5
What can I do next?

Select the Deckhouse Platform revision

Community Edition Enterprise Edition

The recommended settings for a Deckhouse Platform Community Edition installation are generated below:

  • config.yml — a file with the configuration needed to bootstrap the cluster. Contains the installer parameters, access parameters, and the initial cluster parameters.

Please pay attention to:

  • highlighted parameters you must define.
  • parameters you might want to change.
  • We recommend that you read the section If something went wrong first; perhaps, your ISP case is already addressed there. Refer to it if you have any problems during the installation process.

Create the config.yml file.

config.ymlCopy filenameCopy content
# Section for bootstrapping the Deckhouse cluster.
# https://deckhouse.io/documentation/v1/installing/configuration.html#initconfiguration
apiVersion: deckhouse.io/v1
kind: InitConfiguration
deckhouse:
  releaseChannel: Stable
  # The Minimal bundle is used when installing Deckhouse in an existing cluster.
  bundle: Minimal
  configOverrides:
    global:
      modules:
        # Template that will be used for system apps domains within the cluster.
        # E.g., Grafana for %s.example.com will be available as 'grafana.example.com'.
        # You can change it to your own or follow the steps in the guide and change it after installation.
        publicDomainTemplate: "%s.example.com"
        # You might consider changing this.
        placement:
          customTolerationKeys:
          - SystemLoad
    certManagerEnabled: true
    deckhouseWebEnabled: true
# Section for bootstrapping the Deckhouse cluster. # https://deckhouse.io/documentation/v1/installing/configuration.html#initconfiguration apiVersion: deckhouse.io/v1 kind: InitConfiguration deckhouse: releaseChannel: Stable # The Minimal bundle is used when installing Deckhouse in an existing cluster. bundle: Minimal configOverrides: global: modules: # Template that will be used for system apps domains within the cluster. # E.g., Grafana for %s.example.com will be available as 'grafana.example.com'. # You can change it to your own or follow the steps in the guide and change it after installation. publicDomainTemplate: "%s.example.com" # You might consider changing this. placement: customTolerationKeys: - SystemLoad certManagerEnabled: true deckhouseWebEnabled: true

About nodeSelector, taints и tolerations...

You can control on which nodes the Deckhouse core components will run by setting nodeSelector/tolerations in the configOverrides.deckhouse parameter of the installation configuration. You can also specify cluster node taints in the configOverrides.global.modules.placement.customTolerationKeys array so that Deckhouse can automatically add the appropriate toleration to its components.

Below is an example of setting nodeSelector/tolerations for the deckhouse module and specifying tolerations for other Deckhouse components in the customTolerationKeys array (do not copy this example without adapting it to your configuration as the values will be different):

deckhouse:
  configOverrides:
    # ...
    deckhouse:
      tolerations:
        - key: dedicated.deckhouse.io
          operator: Exists
    # ...
    global:
      modules:
        # ...
        placement:
          customTolerationKeys:
          - SystemLoad
          - app.kubernetes.io/instance

Enter license key

Enter

Have no key?

Request 30-day free trial access!

The recommended settings for a Deckhouse Platform Enterprise Edition installation are generated below:

  • config.yml — a file with the configuration needed to bootstrap the cluster. Contains the installer parameters, access parameters, and the initial cluster parameters.

Please pay attention to:

  • highlighted parameters you must define.
  • parameters you might want to change.
  • We recommend that you read the section If something went wrong first; perhaps, your ISP case is already addressed there. Refer to it if you have any problems during the installation process.

Create the config.yml file.

config.ymlCopy filenameCopy content
# Section for bootstrapping the Deckhouse cluster.
# https://deckhouse.io/documentation/v1/installing/configuration.html#initconfiguration
apiVersion: deckhouse.io/v1
kind: InitConfiguration
deckhouse:
  # Address of the Docker registry where the Deckhouse images are located.
  imagesRepo: registry.deckhouse.io/deckhouse/ee
  # A special string with your token to access Docker registry (generated automatically for your license token).
  registryDockerCfg: <YOUR_ACCESS_STRING_IS_HERE>
  releaseChannel: Stable
  # the Minimal bundle is used when installing Deckhouse in an existing cluster.
  bundle: Minimal
  configOverrides:
    global:
      modules:
        # Template that will be used for system apps domains within the cluster.
        # E.g., Grafana for %s.example.com will be available as 'grafana.example.com'.
        # You can change it to your own or follow the steps in the guide and change it after installation.
        publicDomainTemplate: "%s.example.com"
        # You might consider changing this.
        placement:
          customTolerationKeys:
          - SystemLoad
    certManagerEnabled: true
    deckhouseWebEnabled: true
# Section for bootstrapping the Deckhouse cluster. # https://deckhouse.io/documentation/v1/installing/configuration.html#initconfiguration apiVersion: deckhouse.io/v1 kind: InitConfiguration deckhouse: # Address of the Docker registry where the Deckhouse images are located. imagesRepo: registry.deckhouse.io/deckhouse/ee # A special string with your token to access Docker registry (generated automatically for your license token). registryDockerCfg: <YOUR_ACCESS_STRING_IS_HERE> releaseChannel: Stable # the Minimal bundle is used when installing Deckhouse in an existing cluster. bundle: Minimal configOverrides: global: modules: # Template that will be used for system apps domains within the cluster. # E.g., Grafana for %s.example.com will be available as 'grafana.example.com'. # You can change it to your own or follow the steps in the guide and change it after installation. publicDomainTemplate: "%s.example.com" # You might consider changing this. placement: customTolerationKeys: - SystemLoad certManagerEnabled: true deckhouseWebEnabled: true

About nodeSelector, taints и tolerations...

You can control on which nodes the Deckhouse core components will run by setting nodeSelector/tolerations in the configOverrides.deckhouse parameter of the installation configuration. You can also specify cluster node taints in the configOverrides.global.modules.placement.customTolerationKeys array so that Deckhouse can automatically add the appropriate toleration to its components.

Below is an example of setting nodeSelector/tolerations for the deckhouse module and specifying tolerations for other Deckhouse components in the customTolerationKeys array (do not copy this example without adapting it to your configuration as the values will be different):

deckhouse:
  configOverrides:
    # ...
    deckhouse:
      tolerations:
        - key: dedicated.deckhouse.io
          operator: Exists
    # ...
    global:
      modules:
        # ...
        placement:
          customTolerationKeys:
          - SystemLoad
          - app.kubernetes.io/instance

Use a Docker image to install the Deckhouse Platform. It is necessary to transfer configuration files to the container.

Run the installer on the personal computer.

Linux / macOS Windows

Copy content
docker run --pull=always -it -v "$PWD/config.yml:/config.yml" \
  -v "$HOME/.kube/config:/kubeconfig" registry.deckhouse.io/deckhouse/ce/install:stable bash
docker run --pull=always -it -v "$PWD/config.yml:/config.yml" \ -v "$HOME/.kube/config:/kubeconfig" registry.deckhouse.io/deckhouse/ce/install:stable bash
Copy content
docker run --pull=always -it -v "%cd%\config.yml:/config.yml" -v "%userprofile%\.kube\config:/kubeconfig"  registry.deckhouse.io/deckhouse/ce/install:stable bash -c "chmod 400 /tmp/.ssh/id_rsa; bash"
docker run --pull=always -it -v "%cd%\config.yml:/config.yml" -v "%userprofile%\.kube\config:/kubeconfig" registry.deckhouse.io/deckhouse/ce/install:stable bash -c "chmod 400 /tmp/.ssh/id_rsa; bash"

Notes:

  • Kubectl configuration file with access to Kubernetes API must be mount as the /kubeconfig file in the container.

Now, to initiate the process of installation, you need to execute inside the container:

Copy content
dhctl bootstrap-phase install-deckhouse --kubeconfig=/kubeconfig --config=/config.yml
dhctl bootstrap-phase install-deckhouse --kubeconfig=/kubeconfig --config=/config.yml

The installation process may take about 15-30 minutes with a good connection.

After the installation is complete, the installer will output the IP of the master node (you will need it further). Example output:

...
┌ 🎈 ~ Common: Kubernetes Master Node addresses for SSH
│ cloud-demo-master-0 | ssh ubuntu@1.2.3.4
└ 🎈 ~ Common: Kubernetes Master Node addresses for SSH (0.00 seconds)

Almost everything is ready for a fully-fledged Deckhouse Platform to work!

If something went wrong

Some providers’ clusters may require extra steps before or after installing Deckhouse.

Here are some common problems and ways to solve them. Should you run into difficulties installing Deckhouse in an existing cluster, please, share them by creating an issue.

Installation errors at the 'Waiting for Deckhouse to become Ready' step

  • Error of the following kind: 
    │ │ ┌ Waiting for Deckhouse to become Ready
│ │ │ Deckhouse pod found: deckhouse-64649df6f9-mf6dt (Pending)
│ │ │ Deckhouse pod found: deckhouse-64649df6f9-mf6dt (Pending)

    Probably, there is no node in the cluster with the node-role.kubernetes.io/control-plane: "" label which is originally used in the nodeSelector of the deckhouse deployment manifest.

    Ways to fix the error:

    • Insert the proper nodeSelector into the deckhouse deployment: 
      kubectl -n d8-system edit deployment/deckhouse
    • Delete nodeSelector in the deckhouse deployment: 
      kubectl patch -n d8-system deployment deckhouse --type json -p '[{"op": "remove", "path": "/spec/template/spec/nodeSelector"}]'

There is no Ingress controller in the cluster...

The deckhouse-web module, which provides a web interface to the cluster documentation, requires the Ingress controller to be active in the cluster. If there is no Ingress controller in your cluster, you can use the built-in ingress-nginx module:

  • Enable the ingress-nginx module, by executing the following command:

    Copy content
    kubectl create -f - <<EOF
apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: ingress-nginx
spec:
  enabled: true
EOF
    kubectl create -f - <<EOF apiVersion: deckhouse.io/v1alpha1 kind: ModuleConfig metadata: name: ingress-nginx spec: enabled: true EOF

  • Create an ingress-nginx-controller.yml file with the following contents:

    ingress-nginx-controller.ymlCopy filenameCopy content
    # Section containing the parameters of Nginx Ingress controller.
# https://deckhouse.io/documentation/v1/modules/402-ingress-nginx/cr.html
apiVersion: deckhouse.io/v1
kind: IngressNginxController
metadata:
  name: nginx
spec:
  ingressClass: nginx
  # The way traffic goes to cluster from the outer network.
  inlet: HostPort
  hostPort:
    httpPort: 80
    httpsPort: 443
  # Describes on which nodes the component will be located.
  # You might consider changing this.
  nodeSelector:
    node-role.kubernetes.io/control-plane: ""
  tolerations:
  - operator: Exists
    # Section containing the parameters of Nginx Ingress controller. # https://deckhouse.io/documentation/v1/modules/402-ingress-nginx/cr.html apiVersion: deckhouse.io/v1 kind: IngressNginxController metadata: name: nginx spec: ingressClass: nginx # The way traffic goes to cluster from the outer network. inlet: HostPort hostPort: httpPort: 80 httpsPort: 443 # Describes on which nodes the component will be located. # You might consider changing this. nodeSelector: node-role.kubernetes.io/control-plane: "" tolerations: - operator: Exists

  • Once Deckhouse is installed, apply the file using the command below:

    Copy content
    kubectl create -f ingress-nginx-controller.yml
    kubectl create -f ingress-nginx-controller.yml

Use a Docker image to install the Deckhouse Platform. It is necessary to transfer configuration files to the container.

Run the installer on the personal computer.

Linux / macOS Windows

Copy content
 echo <LICENSE_TOKEN> | docker login -u license-token --password-stdin registry.deckhouse.io
docker run --pull=always -it -v "$PWD/config.yml:/config.yml" \
  -v "$HOME/.kube/config:/kubeconfig" registry.deckhouse.io/deckhouse/ee/install:stable bash
echo <LICENSE_TOKEN> | docker login -u license-token --password-stdin registry.deckhouse.io docker run --pull=always -it -v "$PWD/config.yml:/config.yml" \ -v "$HOME/.kube/config:/kubeconfig" registry.deckhouse.io/deckhouse/ee/install:stable bash

Log in on the personal computer to the container image registry by providing the license key as a password:

Copy content
docker login -u license-token registry.deckhouse.io
docker login -u license-token registry.deckhouse.io

Run a container with the installer:

Copy content
docker run --pull=always -it -v "%cd%\config.yml:/config.yml" -v "%userprofile%\.kube\config:/kubeconfig" registry.deckhouse.io/deckhouse/ee/install:stable bash -c "chmod 400 /tmp/.ssh/id_rsa; bash"
docker run --pull=always -it -v "%cd%\config.yml:/config.yml" -v "%userprofile%\.kube\config:/kubeconfig" registry.deckhouse.io/deckhouse/ee/install:stable bash -c "chmod 400 /tmp/.ssh/id_rsa; bash"

Notes:

  • Kubectl configuration file with access to Kubernetes API must be mount as the /kubeconfig file in the container.

Now, to initiate the process of installation, you need to execute inside the container:

Copy content
dhctl bootstrap-phase install-deckhouse --kubeconfig=/kubeconfig --config=/config.yml
dhctl bootstrap-phase install-deckhouse --kubeconfig=/kubeconfig --config=/config.yml

The installation process may take about 15-30 minutes with a good connection.

After the installation is complete, the installer will output the IP of the master node (you will need it further). Example output:

...
┌ 🎈 ~ Common: Kubernetes Master Node addresses for SSH
│ cloud-demo-master-0 | ssh ubuntu@1.2.3.4
└ 🎈 ~ Common: Kubernetes Master Node addresses for SSH (0.00 seconds)

Almost everything is ready for a fully-fledged Deckhouse Platform to work!

If something went wrong

Some providers’ clusters may require extra steps before or after installing Deckhouse.

Here are some common problems and ways to solve them. Should you run into difficulties installing Deckhouse in an existing cluster, please, share them by creating an issue.

Installation errors at the 'Waiting for Deckhouse to become Ready' step

  • Error of the following kind: 
    │ │ ┌ Waiting for Deckhouse to become Ready
│ │ │ Deckhouse pod found: deckhouse-64649df6f9-mf6dt (Pending)
│ │ │ Deckhouse pod found: deckhouse-64649df6f9-mf6dt (Pending)

    Probably, there is no node in the cluster with the node-role.kubernetes.io/control-plane: "" label which is originally used in the nodeSelector of the deckhouse deployment manifest.

    Ways to fix the error:

    • Insert the proper nodeSelector into the deckhouse deployment: 
      kubectl -n d8-system edit deployment/deckhouse
    • Delete nodeSelector in the deckhouse deployment: 
      kubectl patch -n d8-system deployment deckhouse --type json -p '[{"op": "remove", "path": "/spec/template/spec/nodeSelector"}]'

There is no Ingress controller in the cluster...

The deckhouse-web module, which provides a web interface to the cluster documentation, requires the Ingress controller to be active in the cluster. If there is no Ingress controller in your cluster, you can use the built-in ingress-nginx module:

  • Enable the ingress-nginx module, by executing the following command:

    Copy content
    kubectl create -f - <<EOF
apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: ingress-nginx
spec:
  enabled: true
EOF
    kubectl create -f - <<EOF apiVersion: deckhouse.io/v1alpha1 kind: ModuleConfig metadata: name: ingress-nginx spec: enabled: true EOF

  • Create an ingress-nginx-controller.yml file with the following contents:

    ingress-nginx-controller.ymlCopy filenameCopy content
    # Section containing the parameters of Nginx Ingress controller.
# https://deckhouse.io/documentation/v1/modules/402-ingress-nginx/cr.html
apiVersion: deckhouse.io/v1
kind: IngressNginxController
metadata:
  name: nginx
spec:
  ingressClass: nginx
  # The way traffic goes to cluster from the outer network.
  inlet: HostPort
  hostPort:
    httpPort: 80
    httpsPort: 443
  # Describes on which nodes the component will be located.
  # You might consider changing this.
  nodeSelector:
    node-role.kubernetes.io/control-plane: ""
  tolerations:
  - operator: Exists
    # Section containing the parameters of Nginx Ingress controller. # https://deckhouse.io/documentation/v1/modules/402-ingress-nginx/cr.html apiVersion: deckhouse.io/v1 kind: IngressNginxController metadata: name: nginx spec: ingressClass: nginx # The way traffic goes to cluster from the outer network. inlet: HostPort hostPort: httpPort: 80 httpsPort: 443 # Describes on which nodes the component will be located. # You might consider changing this. nodeSelector: node-role.kubernetes.io/control-plane: "" tolerations: - operator: Exists

  • Once Deckhouse is installed, apply the file using the command below:

    Copy content
    kubectl create -f ingress-nginx-controller.yml
    kubectl create -f ingress-nginx-controller.yml
Go back Next: Finishing installation