Deckhouse Kubernetes Platform on VMware vSphere

Accessing to the master node

Deckhouse have finished installation process. It remains to make some settings, for which you need to connect to the master node.

Connect to the master node via SSH (the IP address of the master node was printed by the installer upon completion of the installation, but you can also find it using the cloud provider web interface/CLI tool):

ssh ubuntu@<MASTER_IP>
ssh ubuntu@<MASTER_IP>

Check the kubectl is working by displaying a list of cluster nodes:

sudo /opt/deckhouse/bin/kubectl get nodes
sudo /opt/deckhouse/bin/kubectl get nodes

Example of the output...

$ sudo /opt/deckhouse/bin/kubectl get nodes
NAME                                     STATUS   ROLES                  AGE   VERSION
cloud-demo-master-0                      Ready    control-plane,master   12h   v1.23.9
cloud-demo-worker-01a5df48-84549-jwxwm   Ready    worker                 12h   v1.23.9

It may take some time to start the Ingress controller after installing Deckhouse. Make sure that the Ingress controller has started before continuing:

sudo /opt/deckhouse/bin/kubectl -n d8-ingress-nginx get po
sudo /opt/deckhouse/bin/kubectl -n d8-ingress-nginx get po

Wait for the Pods to switch to Ready state.

Example of the output...

$ sudo /opt/deckhouse/bin/kubectl -n d8-ingress-nginx get po
NAME                                       READY   STATUS    RESTARTS   AGE
controller-nginx-r6hxc                     3/3     Running   0          16h
kruise-controller-manager-78786f57-82wph   3/3     Running   0          16h

DNS

To access the web interfaces of Deckhouse services, you need to:

The DNS names template is used to configure Ingress resources of system applications. For example, the name grafana is assigned to the Grafana interface. Then, for the template %s.kube.company.my Grafana will be available at grafana.kube.company.my, etc.

Configure DNS for Deckhouse services using one of the following methods:

  • If you have the DNS server and you can add a DNS records:
    • If your cluster DNS name template is a wildcard DNS (e.g., %s.kube.company.my), then add a corresponding wildcard A record containing the IP of the master-node.
    • If your cluster DNS name template is NOT a wildcard DNS template (e.g., %s-kube.company.my), then add A or CNAME recordscontaining the IP of the master node, for the following DNS names according to the Deckhouse DNS templates:
      • api
      • argocd
      • dashboard
      • documentation
      • dex
      • grafana
      • hubble
      • istio
      • istio-api-proxy
      • kubeconfig
      • openvpn-admin
      • prometheus
      • status
      • upmeter
  • If you don't have a DNS server, then on the computer from which you need access to Deckhouse services add static records to the file /etc/hosts (for Linux, or %SystemRoot%\system32\drivers\etc\hosts for Windows).

    Make the following steps to add records to the /etc/hosts file on Linux, from which you need access to Deckhouse services (the PC)

    • [On the PC] Specify the DNS name template used in the DOMAIN_TEMPLATE variable (e.g., %s.kube.company.my):

      DOMAIN_TEMPLATE='<DOMAIN_TEMPLATE>'
      
      DOMAIN_TEMPLATE='<DOMAIN_TEMPLATE>'

    • [On the PC] Specify the load balancer IP used in the BALANCER_IP variable:

      BALANCER_IP='<BALANCER_IP>'
      
      BALANCER_IP='<BALANCER_IP>'

    • [On the PC] Add records to the /etc/hosts file:

      for i in api argocd dashboard documentation dex grafana hubble istio istio-api-proxy kubeconfig openvpn-admin prometheus status upmeter; do echo "${BALANCER_IP}  ${DOMAIN_TEMPLATE} "| sed "s/%s/$i/"; done  | sudo bash -c "cat >>/etc/hosts"
      
      for i in api argocd dashboard documentation dex grafana hubble istio istio-api-proxy kubeconfig openvpn-admin prometheus status upmeter; do echo "${BALANCER_IP} ${DOMAIN_TEMPLATE} "| sed "s/%s/$i/"; done | sudo bash -c "cat >>/etc/hosts"

Then, run the following command on the master node (specify the template for DNS names to use in the DOMAIN_TEMPLATE variable):

DOMAIN_TEMPLATE='<DOMAIN_TEMPLATE>'
sudo /opt/deckhouse/bin/kubectl patch mc global --type merge -p "{\"spec\": {\"settings\":{\"modules\":{\"publicDomainTemplate\":\"${DOMAIN_TEMPLATE}\"}}}}"
DOMAIN_TEMPLATE='<DOMAIN_TEMPLATE>' sudo /opt/deckhouse/bin/kubectl patch mc global --type merge -p "{\"spec\": {\"settings\":{\"modules\":{\"publicDomainTemplate\":\"${DOMAIN_TEMPLATE}\"}}}}"

Configure remote access to the cluster

On a personal computer follow these steps to configure the connection of kubectl to the cluster:

  • Open Kubeconfig Generator web interface. The name kubeconfig is reserved for it, and the address for access is formed according to the DNS names template (which you set up erlier). For example, for the DNS name template %s.1.2.3.4.sslip.io, the Kubeconfig Generator web interface will be available at https://kubeconfig.1.2.3.4.sslip.io.
  • Log in as a user admin@deckhouse.io. The user password generated in the previous step is <GENERATED_PASSWORD> (you can also find it in the User CustomResource in the resource.yml file).
  • Select the tab with the OS of the personal computer.
  • Sequentially copy and execute the commands given on the page.
  • Check that kubectl connects to the cluster (for example, execute the command kubectl get no).