Bastion Host

When creating an air-gapped cluster, the bastion VM hosts the installation of the DKP Konvoy bundles and images, as well as the Docker or other local registry, needed to create and operate your cluster. In a given environment, the bastion VM must have access to the infrastructure provider’s API. Ensure the items below are installed and the environment matches the requirements below:

Create a bastion VM host template for the cluster nodes to use within the air-gapped network. This bastion VM host also needs access to a local registry in lieu of an Internet connection for pulling images.
Find and record the bastion VM’s IP or host name.
Download the following required DKP Konvoy binaries and installation bundles discussed in step 5 below.
A local registry or Docker® version 18.09.2 or later installed. You must have Docker installed on the host where the DKP Konvoy CLI runs. For example, if you are installing Konvoy on your laptop, ensure the laptop has a supported version of Docker. On macOS, Docker runs in a virtual machine which you configure with at least 8GB of memory.
kubectl for interacting with the running cluster, installed on the host where the DKP Konvoy command line interface (CLI) runs.

Depending on your OS, there are various commands for setting up your own bastion host for use in an air-gapped environment. The steps below are an example for vSphere.

This would be a generic example for RHEL Bastion nodes using Docker:

Open an ssh terminal to the bastion host and install the tools and packages:
CODE
```
sudo yum install -y yum-utils bzip2 wget
```

Install kubectl as mentioned above, below is a RHEL example:

CODE

cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch
enabled=1
gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
sudo yum install -y kubectl

Install Docker for example (only on the Bastion Host) and add the repo for upstream Docker:
CODE
```
sudo yum-config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo
```
NOTE: Other Docker repo downloads are available on docker.com: https://download.docker.com/linux/

Install example for Docker:

CODE

sudo yum install -y docker-ce docker-ce-cli containerd.io

Get the needed D2iQ Software by downloading the air-gapped bundle:
Download dkp-air-gapped-bundle_v2.7.0_linux_amd64.tar.gz, extract the tarball to a local directory:
CODE
```
tar -xzvf dkp-air-gapped-bundle_v2.7.0_linux_amd64.tar.gz
```
Set the following environment variables to enable connection to an existing Docker or other registry. You must create the VM template with the Konvoy Image Builder to be able to use the registry mirror feature:
CODE
```
export REGISTRY_ADDRESS=<https/http>://<registry-address>:<registry-port>
export REGISTRY_CA=<path to the CA on the bastion host>
```
- REGISTRY_ADDRESS: the address of an existing registry accessible in the environment where the new cluster nodes will be configured, to use a mirror registry when pulling images.
- REGISTRY_CA: (optional) the path on the bastion host to the registry CA. Konvoy configures the cluster nodes to trust this CA. This value is only needed if the registry is using a self-signed certificate and the VMs are not already configured to trust this CA.

More information:

Each infrastructure provider has its own set of bastion host instructions. Refer to your own OS instructions to setup a bastion host like AWS Bastion, Azure, GCP, or vSphere.

Next Step

Proceed to installation instructions:

If using the Custom Installation and Additional Infrastructure Tools instructions, proceed to the infrastructure provider you are using.
If using the Day 1 - Basic Installs by Infrastructure instructions, proceed (or return) to that section to install and setup DKP based on your infrastructure environment provider.