Deckhouse Kubernetes Platform in existing cluster

To access the web interfaces of Deckhouse services, you need to:

The DNS names template is used to configure Ingress resources of system applications. For example, the name deckhouse is assigned to the in-cluster documentattion module interface. Then, for the template %s.kube.company.my Grafana will be available at deckhouse.kube.company.my, etc.

The guide will use sslip.io to simplify configuration.

Run the following command to configure template for DNS names to use the sslip.io (specify the public IP address of the node where the Ingress controller is running):

BALANCER_IP=<INGRESS_CONTROLLER_IP> 
kubectl patch mc global --type merge \
  -p "{\"spec\": {\"settings\":{\"modules\":{\"publicDomainTemplate\":\"%s.${BALANCER_IP}.sslip.io\"}}}}" && echo && \
echo "Domain template is '$(kubectl get mc global -o=jsonpath='{.spec.settings.modules.publicDomainTemplate}')'."
BALANCER_IP=<INGRESS_CONTROLLER_IP> kubectl patch mc global --type merge \ -p "{\"spec\": {\"settings\":{\"modules\":{\"publicDomainTemplate\":\"%s.${BALANCER_IP}.sslip.io\"}}}}" && echo && \ echo "Domain template is '$(kubectl get mc global -o=jsonpath='{.spec.settings.modules.publicDomainTemplate}')'."

The command will also print the DNS name template set in the cluster. Example output:

moduleconfig.deckhouse.io/global patched

Domain template is '%s.1.2.3.4.sslip.io'.

Regenerating certificates after changing the DNS name template can take up to 5 minutes.

Other options...

Instead of using sslip.io, you can use other options.

  • If you have the DNS server and you can add a DNS records:
    • If your cluster DNS name template is a wildcard DNS (e.g., %s.kube.company.my), then add a corresponding wildcard A record containing the IP of the load balancer.
    • If your cluster DNS name template is NOT a wildcard DNS template (e.g., %s-kube.company.my), then add A or CNAME recordscontaining the IP of the load balancer, for the following DNS names according to the Deckhouse DNS templates:
      • api
      • argocd
      • cdi-uploadproxy
      • dashboard
      • documentation
      • dex
      • grafana
      • hubble
      • istio
      • istio-api-proxy
      • kubeconfig
      • openvpn-admin
      • prometheus
      • status
      • upmeter
  • If you don't have a DNS server, then on the computer from which you need access to Deckhouse services add static records to the file /etc/hosts (for Linux, or %SystemRoot%\system32\drivers\etc\hosts for Windows).

    Make the following steps to add records to the /etc/hosts file on Linux, from which you need access to Deckhouse services (the PC)

    • Specify the DNS name template used in the DOMAIN_TEMPLATE variable (e.g., %s.kube.company.my):

      DOMAIN_TEMPLATE='<DOMAIN_TEMPLATE>'
      
      DOMAIN_TEMPLATE='<DOMAIN_TEMPLATE>'

    • Specify the load balancer IP used in the BALANCER_IP variable:

      BALANCER_IP='<BALANCER_IP>'
      
      BALANCER_IP='<BALANCER_IP>'

    • Add records to the /etc/hosts file:

      for i in api argocd cdi-uploadproxy dashboard documentation dex grafana hubble istio istio-api-proxy kubeconfig openvpn-admin prometheus status upmeter; do echo "${BALANCER_IP}  ${DOMAIN_TEMPLATE} "| sed "s/%s/$i/"; done  | sudo bash -c "cat >>/etc/hosts"
      
      for i in api argocd cdi-uploadproxy dashboard documentation dex grafana hubble istio istio-api-proxy kubeconfig openvpn-admin prometheus status upmeter; do echo "${BALANCER_IP} ${DOMAIN_TEMPLATE} "| sed "s/%s/$i/"; done | sudo bash -c "cat >>/etc/hosts"

Then, run the following command to change the DNS name template:

kubectl patch mc global --type merge -p "{\"spec\": {\"settings\":{\"modules\":{\"publicDomainTemplate\":\"${DOMAIN_TEMPLATE}\"}}}}"
kubectl patch mc global --type merge -p "{\"spec\": {\"settings\":{\"modules\":{\"publicDomainTemplate\":\"${DOMAIN_TEMPLATE}\"}}}}"