Skip to main content
Skip table of contents

Bastion Host

When creating an air-gapped cluster, the bastion VM hosts the installation of the DKP Konvoy bundles and images, as well as the Docker or other local registry, needed to create and operate your cluster. In a given environment, the bastion VM must have access to the infrastructure provider’s API. Ensure the items below are installed and the environment matches the requirements below:

  • Create a bastion VM host template for the cluster nodes to use within the air-gapped network. This bastion VM host also needs access to a local registry in lieu of an Internet connection for pulling images.

  • Find and record the bastion VM’s IP or host name.

  • Download the following required DKP Konvoy binaries and installation bundles discussed in step 5 below.

  • A local registry or Docker® version 18.09.2 or later installed. You must have Docker installed on the host where the DKP Konvoy CLI runs. For example, if you are installing Konvoy on your laptop, ensure the laptop has a supported version of Docker. On macOS, Docker runs in a virtual machine which you configure with at least 8GB of memory.

  • kubectl for interacting with the running cluster, installed on the host where the DKP Konvoy command line interface (CLI) runs.

Depending on your OS, there are various commands for setting up your own bastion host for use in an air-gapped environment. The steps below are an example for vSphere.

This would be a generic example for RHEL Bastion nodes using Docker:

  1. Open an ssh terminal to the bastion host and install the tools and packages:

    CODE
    sudo yum install -y yum-utils bzip2 wget
  2. Install kubectl as mentioned above, below is a RHEL example:

    CODE
    cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
    [kubernetes]
    name=Kubernetes
    baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch
    enabled=1
    gpgcheck=1
    gpgkey=https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
    EOF
    sudo yum install -y kubectl
  3. Install Docker for example (only on the Bastion Host) and add the repo for upstream Docker:

    CODE
    sudo yum-config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo

    NOTE: Other Docker repo downloads are available on docker.com: https://download.docker.com/linux/

  4. Install example for Docker:

    CODE
    sudo yum install -y docker-ce docker-ce-cli containerd.io
  5. Get the needed D2iQ Software by downloading the air-gapped bundle:
    Download dkp-air-gapped-bundle_v2.7.0_linux_amd64.tar.gz, extract the tarball to a local directory:

    CODE
    tar -xzvf dkp-air-gapped-bundle_v2.7.0_linux_amd64.tar.gz
  6. Set the following environment variables to enable connection to an existing Docker or other registry. You must create the VM template with the Konvoy Image Builder to be able to use the registry mirror feature:

    CODE
    export REGISTRY_ADDRESS=<https/http>://<registry-address>:<registry-port>
    export REGISTRY_CA=<path to the CA on the bastion host>
    • REGISTRY_ADDRESS: the address of an existing registry accessible in the environment where the new cluster nodes will be configured, to use a mirror registry when pulling images.

    • REGISTRY_CA: (optional) the path on the bastion host to the registry CA. Konvoy configures the cluster nodes to trust this CA. This value is only needed if the registry is using a self-signed certificate and the VMs are not already configured to trust this CA.

More information:

Each infrastructure provider has its own set of bastion host instructions. Refer to your own OS instructions to setup a bastion host like AWS Bastion, Azure, GCP, or vSphere.

Next Step

Proceed to installation instructions:

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.