Bastion Host

When creating an air-gapped vSphere cluster, the bastion VM hosts the installation of the DKP Konvoy bundles and images, as well as the Docker registry, needed to create and operate your vSphere cluster. The bastion VM must have access to the vSphere API Server (vCenter Server). Ensure the items below are installed and the environment matches the requirements below:

Create a bastion VM host template for the cluster nodes to use within the air-gapped network. This bastion VM host also needs access to a Docker registry in lieu of an Internet connection for pulling Docker images. The recommended template naming pattern is ../folder-name/dkp-e2e-bastion-template or similar.
Find and record the bastion VM’s IP or host name.
Download the following required DKP Konvoy binaries and installation bundles discussed in step 5 below.
Docker® version 18.09.2 or later installed. You must have Docker installed on the host where the DKP Konvoy CLI runs. For example, if you are installing Konvoy on your laptop, ensure the laptop has a supported version of Docker. On macOS, Docker runs in a virtual machine which you configure with at least 8GB of memory.
kubectl for interacting with the running cluster, installed on the host where the DKP Konvoy command line interface (CLI) runs.

Depending on your OS, there are various commands for setting up your own bastion host for use with air-gapped vSphere.

This would be a generic example for RHEL Bastion nodes:

Once base-rhel-os boots, open an ssh terminal to host and install the tools and packages:
CODE
```
sudo yum install -y yum-utils bzip2 wget
```

Install kubectl as mentioned above, below is a RHEL example:

CODE

cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch
enabled=1
gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
sudo yum install -y kubectl

Install Docker (Only on Bastion Host) and add the repo for upstream docker:
CODE
```
sudo yum-config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo
```
NOTE: Other Docker repo downloads are available on docker.com: https://download.docker.com/linux/

Install Docker:

CODE

sudo yum install -y docker-ce docker-ce-cli containerd.io

Create directory for Konvoy Image Builder and DKP CLI:
CODE
```
mkdir kib && mkdir dkp
```
Get the needed D2iQ Software by downloading the air-gapped bundle:
Download dkp-air-gapped-bundle_v2.5.2_linux_amd64.tar.gz, extract the tarball to a local directory:
CODE
```
tar -xzvf dkp-air-gapped-bundle_v2.5.2_linux_amd64.tar.gz && cd dkp-v2.5.2/kib
```

Install DKP CLI:

CODE

cd ..
cd dkp
wget https://downloads.d2iq.com/dkp/v2.5.2/dkp_v2.5.2_linux_amd64.tar.gz

Set the following vSphere environment variables on the bastion VM host:

CODE

export VSPHERE_SERVER=your_vCenter_APIserver_URL
export VSPHERE_USERNAME=your_vCenter_user_name
export VSPHERE_PASSWORD=your_vCenter_password

Set the following environment variables to enable connection to an existing Docker registry. You must create the VM template with the Konvoy Image Builder to be able to use the registry mirror feature:
CODE
```
export DOCKER_REGISTRY_ADDRESS=<https/http>://<registry-address>:<registry-port>
export DOCKER_REGISTRY_CA=<path to the CA on the bastion host>
```
- DOCKER_REGISTRY_ADDRESS: the address of an existing Docker registry accessible in the vSphere Zone where the new cluster nodes will be configured, to use a mirror registry when pulling images.
- DOCKER_REGISTRY_CA: (optional) the path on the bastion host to the Docker registry CA. Konvoy configures the cluster nodes to trust this CA. This value is only needed if the registry is using a self-signed certificate and the VMs are not already configured to trust this CA.

More information:

Each infrastructure provider has its own set of bastion host instructions. Refer to your own OS instructions to setup a bastion host like AWS Bastion, Azure, GCP, or vSphere.