When creating an air-gapped vSphere cluster, the bastion VM hosts the installation of the DKP Konvoy bundles and images, as well as the Docker registry, needed to create and operate your vSphere cluster. The bastion VM must have access to the vSphere API Server (vCenter Server). Ensure the items below are installed and the environment matches the requirements below:
Create a bastion VM host template for the cluster nodes to use within the air-gapped network. This bastion VM host also needs access to a Docker registry in lieu of an Internet connection for pulling Docker images. The recommended template naming pattern is
Find and record the bastion VM’s IP or host name.
Download the following required DKP Konvoy binaries and installation bundles discussed in step 5 below.
Docker® version 18.09.2 or later installed. You must have Docker installed on the host where the DKP Konvoy CLI runs. For example, if you are installing Konvoy on your laptop, ensure the laptop has a supported version of Docker. On macOS, Docker runs in a virtual machine which you configure with at least 8GB of memory.
kubectl for interacting with the running cluster, installed on the host where the DKP Konvoy command line interface (CLI) runs.
Depending on your OS, there are various commands for setting up your own bastion host for use with air-gapped vSphere.
This would be a generic example for RHEL Bastion nodes:
base-rhel-osboots, open an
sshterminal to host and install the tools and packages:
sudo yum install -y yum-utils bzip2 wgetCODE
Install kubectl as mentioned above, below is a RHEL example:
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch enabled=1 gpgcheck=1 gpgkey=https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg EOF sudo yum install -y kubectlCODE
Install Docker (Only on Bastion Host) and add the repo for upstream docker:
sudo yum-config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repoCODE
NOTE: Other Docker repo downloads are available on docker.com: https://download.docker.com/linux/
sudo yum install -y docker-ce docker-ce-cli containerd.ioCODE
Create directory for Konvoy Image Builder and DKP CLI:
mkdir kib && mkdir dkpCODE
Get the needed D2iQ Software by downloading the air-gapped bundle:
dkp-air-gapped-bundle_v2.5.0_linux_amd64.tar.gz, extract the tarball to a local directory:
tar -xzvf dkp-air-gapped-bundle_v2.5.0_linux_amd64.tar.gz && cd dkp-v2.5.0/kibCODE
Install DKP CLI:
cd .. cd dkp wget https://downloads.d2iq.com/dkp/v2.5.0/dkp_v2.5.0_linux_amd64.tar.gzCODE
Set the following vSphere environment variables on the bastion VM host:
export VSPHERE_SERVER=your_vCenter_APIserver_URL export VSPHERE_USERNAME=your_vCenter_user_name export VSPHERE_PASSWORD=your_vCenter_passwordCODE
Set the following environment variables to enable connection to an existing Docker registry. You must create the VM template with the Konvoy Image Builder to be able to use the registry mirror feature:
export DOCKER_REGISTRY_ADDRESS=<https/http>://<registry-address>:<registry-port> export DOCKER_REGISTRY_CA=<path to the CA on the bastion host>CODE
DOCKER_REGISTRY_ADDRESS: the address of an existing Docker registry accessible in the vSphere Zone where the new cluster nodes will be configured, to use a mirror registry when pulling images.
DOCKER_REGISTRY_CA: (optional) the path on the bastion host to the Docker registry CA. Konvoy configures the cluster nodes to trust this CA. This value is only needed if the registry is using a self-signed certificate and the VMs are not already configured to trust this CA.
Each infrastructure provider has its own set of bastion host instructions. Refer to your own OS instructions to setup a bastion host like AWS Bastion, Azure, GCP, or vSphere.