Deckhouse Platform on VMware vSphere
Enter license key
Have no key?
The recommended settings for a Deckhouse Platform Enterprise Edition installation are generated below:
config.yml— a file with the configuration needed to bootstrap the cluster. Contains the installer parameters, cloud provider related parameters (such as credentials, instance type, etc), and the initial cluster parameters.
resources.yml— description of the resources that must be installed after the installation (nodes description, Ingress controller description, etc).
Please pay attention to:
- highlighted parameters you must define.
- parameters you might want to change.
# General cluster parameters. # https://deckhouse.io/documentation/v1/installing/configuration.html#clusterconfiguration apiVersion: deckhouse.io/v1 kind: ClusterConfiguration clusterType: Cloud cloud: provider: vSphere # A prefix of objects that are created in the cloud during the installation. # You might consider changing this. prefix: cloud-demo # Address space of the cluster's Pods. podSubnetCIDR: 10.111.0.0/16 # Address space of the cluster's services. serviceSubnetCIDR: 10.222.0.0/16 kubernetesVersion: "1.23" clusterDomain: "cluster.local" --- # Section for bootstrapping the Deckhouse cluster. # https://deckhouse.io/documentation/v1/installing/configuration.html#initconfiguration apiVersion: deckhouse.io/v1 kind: InitConfiguration deckhouse: imagesRepo: registry.deckhouse.io/deckhouse/ee # A special string with your token to access Docker registry (generated automatically for your license token). registryDockerCfg: <YOUR_ACCESS_STRING_IS_HERE> releaseChannel: Stable configOverrides: global: modules: # Template that will be used for system apps domains within the cluster. # E.g., Grafana for %s.example.com will be available as 'grafana.example.com'. # You can change it to your own or follow the steps in the guide and change it after installation. publicDomainTemplate: "%s.example.com" userAuthn: controlPlaneConfigurator: dexCAMode: DoNotNeed publishAPI: enable: true https: mode: Global --- # Section containing the parameters of the cloud provider. # https://deckhouse.io/documentation/v1/modules/030-cloud-provider-vsphere/cluster_configuration.html apiVersion: deckhouse.io/v1 kind: VsphereClusterConfiguration layout: Standard # vCenter API access parameters provider: server: *!CHANGE_SERVER* username: *!CHANGE_USERNAME* password: *!CHANGE_PASSWORD* # Set to true if vCenter has a self-signed certificate, # otherwise set false (or delete the string below with the insecure parameter). insecure: *!CHANGE_INSECURE* # Path to a Folder in which VirtualMachines will be created. # The folder itself will be created by the Deckhouse Installer. vmFolderPath: *!CHANGE_FOLDER* # Region and zone tag category names. regionTagCategory: k8s-region zoneTagCategory: k8s-zone # Region and zone tag names in which cluster will operate. region: *!CHANGE_REGION_TAG_NAME* zones: - *!CHANGE_ZONE_TAG_NAME* # Public SSH key for accessing cloud nodes. # This key will be added to the user on created nodes (the user name depends on the image used). sshPublicKey: *!CHANGE_SSH_KEY* # Name of the External Network which has access to the Internet. # IP addresses from the External Network sets as ExternalIP of Node object. # Optional parameter. externalNetworkNames: - *!CHANGE_NETWORK_NAME* # Name of the Internal Network that will be used for traffic between nodes. # IP addresses from the Internal Network sets as InternalIP of Node object. # Optional parameter. internalNetworkNames: - *!CHANGE_NETWORK_NAME* # Address space of the cluster's nodes. internalNetworkCIDR: 10.90.0.0/24 masterNodeGroup: replicas: 1 instanceClass: numCPUs: 4 memory: 8192 rootDiskSize: 50 # The name of the image, taking into account the vCenter folder path. # Example: "folder/my-ubuntu-packer-image". template: *!CHANGE_TEMPLATE_NAME* datastore: *!CHANGE_DATASTORE_NAME* # Main network connected to node. mainNetwork: *!CHANGE_NETWORK_NAME* # Additional networks connected to node. # Optional parameter. additionalNetworks: - *!CHANGE_NETWORK_NAME*
# Section containing the parameters of instance class for worker nodes. # https://deckhouse.io/documentation/v1/modules/030-cloud-provider-vsphere/cr.html apiVersion: deckhouse.io/v1 kind: VsphereInstanceClass metadata: name: worker spec: numCPUs: 8 memory: 16384 # VM disk size. # You might consider changing this. rootDiskSize: 70 template: *!CHANGE_TEMPLATE_NAME* mainNetwork: *!CHANGE_NETWORK_NAME* --- # Section containing the parameters of worker node group. # https://deckhouse.io/documentation/v1/modules/040-node-manager/cr.html#nodegroup apiVersion: deckhouse.io/v1 kind: NodeGroup metadata: name: worker spec: cloudInstances: classReference: kind: VsphereInstanceClass name: worker # The maximum number of instances for the group in each zone (used by the autoscaler). # You might consider changing this. maxPerZone: 1 # The minimum number of instances for the group in each zone. minPerZone: 1 # List of availability zones to create instances in. # You might consider changing this. zones: - *!CHANGE_ZONE_TAG_NAME* disruptions: approvalMode: Automatic nodeType: CloudEphemeral --- # Section containing the parameters of Nginx Ingress controller. # https://deckhouse.io/documentation/v1/modules/402-ingress-nginx/cr.html apiVersion: deckhouse.io/v1 kind: IngressNginxController metadata: name: nginx spec: ingressClass: nginx # The way traffic goes to cluster from the outer network. inlet: HostPort hostPort: httpPort: 80 httpsPort: 443 realIPHeader: X-Forwarded-For nodeSelector: node-role.kubernetes.io/control-plane: "" tolerations: - operator: Exists --- # RBAC and authorization settings. # https://deckhouse.io/documentation/v1/modules/140-user-authz/cr.html#clusterauthorizationrule apiVersion: deckhouse.io/v1 kind: ClusterAuthorizationRule metadata: name: admin spec: subjects: - kind: User name: email@example.com accessLevel: SuperAdmin portForwarding: true --- # Parameters of the static user. # https://deckhouse.io/documentation/v1/modules/150-user-authn/cr.html#user apiVersion: deckhouse.io/v1 kind: User metadata: name: admin spec: # User e-mail. email: firstname.lastname@example.org # This is a hash of the password <GENERATED_PASSWORD>, generated when loading the page of the Getting Started. # Generate your own or use it at your own risk (for testing purposes) # echo "<GENERATED_PASSWORD>" | htpasswd -BinC 10 "" | cut -d: -f2 # You might consider changing this. password: <GENERATED_PASSWORD_HASH>
Use a Docker image to install the Deckhouse Platform. It is necessary to transfer configuration files to the container as well as SSH keys for accessing the master node (further, it is assumed that the SSH key
~/.ssh/id_rsa is used).
Run the installer on the personal computer.
echo <LICENSE_TOKEN> | docker login -u license-token --password-stdin registry.deckhouse.io docker run --pull=always -it -v "$PWD/config.yml:/config.yml" -v "$HOME/.ssh/:/tmp/.ssh/" \ -v "$PWD/resources.yml:/resources.yml" -v "$PWD/dhctl-tmp:/tmp/dhctl" registry.deckhouse.io/deckhouse/ee/install:stable bash
Log in on the personal computer to the container image registry by providing the license key as a password:
docker login -u license-token registry.deckhouse.io
Run a container with the installer:
docker run --pull=always -it -v "%cd%\config.yml:/config.yml" -v "%userprofile%\.ssh\:/tmp/.ssh/" -v "%cd%\resources.yml:/resources.yml" -v "%cd%\dhctl-tmp:/tmp/dhctl" registry.deckhouse.io/deckhouse/ee/install:stable bash -c "chmod 400 /tmp/.ssh/id_rsa; bash"
Now, to initiate the process of installation, you need to execute inside the container:
dhctl bootstrap --ssh-user=ubuntu --ssh-agent-private-keys=/tmp/.ssh/id_rsa --config=/config.yml --resources=/resources.yml
--ssh-user parameter here refers to the default user for the relevant VM image. It is
ubuntu for the image suggested in this guide.
If the installation was interrupted...
If the installation was interrupted (there were not enough quotas, network errors, etc.), you can restart it. The installation will continue correctly, no duplicate resources will be created in the cloud.
If the installation failed, and you need to delete the resources created in the cloud, run the following command:
dhctl bootstrap-phase abort --ssh-user=ubuntu --ssh-agent-private-keys=/tmp/.ssh/id_rsa --config=/config.yml
The installation process may take about 15-30 minutes with a good connection.
After the installation is complete, the installer will output the IP of the master node (you will need it further). Example output:
... ┌ 🎈 ~ Common: Kubernetes Master Node addresses for SSH │ cloud-demo-master-0 | ssh email@example.com └ 🎈 ~ Common: Kubernetes Master Node addresses for SSH (0.00 seconds)
Almost everything is ready for a fully-fledged Deckhouse Platform to work!