WARNING: Ensure the cluster that you want to use to deploy Kaptain is the only cluster in its workspace. Kaptain is meant to be deployed on workspaces with a single cluster.

This section contains information on how to deploy Kaptain to your cluster, which is the last step required to install Kaptain.

Prerequisites

WARNING: (Enterprise only) If you are installing Kaptain on a Managed or Attached cluster, you must customize the deployment for Kaptain to communicate with the Management cluster via Dex (unless you have a dedicated dex instance running on said cluster).
In the following workflow, we will show you when to do this.

NOTE: There are different configuration options you can set up for Kaptain. Some must take place during the deployment of the Kaptain instance, or the installation could fail.

Enable and deploy Kaptain using the DKP UI

Follow these steps to enable Kaptain in air-gapped and networked environments from the DKP UI:

  1. Enterprise only: Select your target workspace, from the top menu bar.

  2. Select Applications from the sidebar menu.

  3. Type Kaptain in the Applications search bar. If Kaptain is not available in the UI, add Kaptain to your DKP catalog.

  4. Select the three dot menu > Enable, in the Kaptain tile. The Enable Workspace Catalog Application page is displayed.

  5. Verify that you deploy to the correct target workspace and Clusters.

    • If the workspace is incorrect, go back to the main dashboard and select the correct workspace as in step 1.

    • If you don’t want to deploy Kaptain to all clusters in a workspace, interrupt deployment and start over from a fresh workspace.

  6. Select a version from the drop-down menu, if available. This drop-down menu will only be visible if there is more than one version.

  7. Enterprise only: Customize the deployment so Kaptain can communicate with the Management cluster via Dex. For this, copy the required values or upload your customized YAML to the Configure Service. Here is an example:

    ingress:
      externalDexClientId: dex-controller-kaptain-authservice
      externalDexClientSecret: kubeflow-authservice
      oidcProviderEndpoint: https://management_cluster_endpoint/dex
      oidcProviderBase64CaBundle: LS0tLS1CRUd...
    CODE
  8. Optional: If you want to override the default configuration values, copy any other customized configuration values into the text editor under Configure Service or upload your YAML file that contains the values.

  9. Confirm the details are correct, and then select the Enable button to enable and trigger deployment. The status changes to Enabled.

  10. Repeat these steps for each additional workspace, if you want to deploy Kaptain to other workspaces.

Alternately, you can use the DKP CLI to enable your catalog applications.

Verify the status of deployment using the DKP UI

Follow these steps to verify the deployment of Kaptain:

  1. Select Clusters, from the sidebar menu.

  2. Select View Details, from your clusters tile.

  3. Select the Applications tab and scroll down to find the Kaptain tile.

    The status is Deployed when Kaptain’s deployment is successful.

It can take several minutes until provisioning finishes and status changes to Deployed.

Enable and deploy Kaptain using the DKP CLI (Essential only)

Follow these steps to enable Kaptain with no customizations from the DKP CLI:

  1. Ensure you reference the cluster on which you want to deploy Kaptain. For customers with an Essential license and a single-cluster experience, the clusterKubeconfig.conf is your Essential cluster. For customers with an Enterprise license and multi-cluster experience, your clusterKubeconfig.conf is the managed or attached cluster where you will install Kaptain.

  2. Enable Kaptain to deploy to your existing Management, Managed or Attached cluster with an AppDeployment resource.
    Within the AppDeployment, define the appRef to specify which App to enable:

    cat <<EOF | kubectl apply -f -
    apiVersion: apps.kommander.d2iq.io/v1alpha2
    kind: AppDeployment
    metadata:
      name: kaptain
      namespace: ${WORKSPACE_NAMESPACE}
    spec:
      appRef:
        kind: App
        name: kaptain-2.0.0
    EOF
    CODE
  3. Create the resource in the workspace you just created, which instructs Kommander to deploy the AppDeployment to the KommanderCluster in the same workspace.

Enable Kaptain with a custom configuration using the CLI (Essential and Enterprise)

If you want to customize your installation and modify the custom domain name, external Dex, creation of profiles, certificates, for example, continue with these steps:

IMPORTANT: If you are deploying Kaptain to an attached cluster, ensure that the ConfigMap contains the ${WORKSPACE_NAMESPACE} in the global.workspace section of the values.yaml, as shown in the following example.

  1. Ensure you reference the cluster on which you want to deploy Kaptain. For customers with an Essential license and a single-cluster experience, the clusterKubeconfig.conf is your Essential cluster. For customers with an Enterprise license and multi-cluster experience, your clusterKubeconfig.conf is the managed or attached cluster where you will install Kaptain.

  2. Create the ConfigMap with the custom configuration. In the following example, the ConfigMap is configuring Kaptain to communicate with the Management cluster via Dex, which is a necessary step when deploying Kaptain to a Managed or Attached cluster (Enterprise only). Other configurations can be made in the same way.

    cat <<EOF | kubectl apply -f -
    apiVersion: v1
    kind: ConfigMap
    metadata:
      namespace: ${WORKSPACE_NAMESPACE}
      name: kaptain-overrides
    data:
      values.yaml: |
        global:
          workspace: ${WORKSPACE_NAMESPACE}
        core:
          registrationFlow: true
        ingress:
          externalDexClientId: dex-controller-kubeflow-authservice
          externalDexClientSecret: kubeflow-authservice
          oidcProviderEndpoint: https://management_cluster_endpoint/dex
          oidcProviderBase64CaBundle: LS0tLS1CRUd...
    EOF
    CODE

  3. Provide the name of the ConfigMap you created in the AppDeployment, which provides custom configuration on top of the default configuration:

    cat <<EOF | kubectl apply -f -
    apiVersion: apps.kommander.d2iq.io/v1alpha2
    kind: AppDeployment
    metadata:
      name: kaptain
      namespace: ${WORKSPACE_NAMESPACE}
    spec:
      appRef:
        kind: App
        name: kaptain-2.0.0
      configOverrides:
        name: kaptain-overrides
    EOF
    CODE

Kommander waits for the ConfigMap to be present before deploying the AppDeployment to the attached clusters.

Verify the status of deployment using the DKP CLI

With Kaptain enabled, connect to the cluster and check the HelmReleases to verify the deployment:

kubectl get helmreleases -n ${WORKSPACE_NAMESPACE}
CODE

The output should look like this:

NAME                      AGE     READY   STATUS
kaptain-1                 3m40s   True    Release reconciliation succeeded
CODE

Log in to Kaptain using the management cluster’s Dex instance

  1. Get your Kaptain login credentials:

    kubectl -n kommander get secret dkp-credentials -o go-template='Username: {{.data.username|base64decode}}{{ "\n"}}Password: {{.data.password|base64decode}}{{ "\n"}}'
    CODE

    The output displays your username and password.

  2. Discover the Kaptain endpoint:

    kubectl exec -it -n kaptain-ingress authservice-0 -- sh -c 'echo $HOMEPAGE_URL'
    CODE

When calling up https://<Kaptain endpoint>, you will see the login page of the Management cluster’s Dex instance (which states “Log in to Kommander”). After entering your credentials, you will be redirected to the Kubeflow UI.

It is possible that you receive a browser warning due to your instance's self-signed certificate. This instance is safe. You can bypass the warning in the advanced settings of the browser or by typing thisisunsafe once the warning appears (there is no specific field for this).