Install Kommander in an air-gapped environment

Install Kommander in an air-gapped environment

This topic shows how to run Kommander on top of an air-gapped Konvoy cluster installation.

Prerequisites

Before installing, ensure you have:

  • A Docker registry containing all the necessary Docker installation images, including the Kommander images. The kommander-image-bundle.tar tarball has the required artifacts.

  • A charts bundle file containing all Helm charts that Kommander installation needs.

  • Connectivity with clusters attaching to the management cluster:

    • Both management and attached clusters must be able to connect to the Docker registry.
    • The management cluster must be able to connect to all attached cluster’s API servers.
    • The management cluster must be able to connect to any load balancers created for platform services on the management cluster.
  • A configuration file that you will adapt to your needs using the steps outlined in this topic. Make sure to create that file using the following command:

dkp install kommander --init --airgapped > install.yaml

Kommander charts bundle

The charts bundle is a gzipped Tar archive containing Helm charts, which are required during Kommander installation. Create the charts bundle with the DKP CLI or downloaded along with the DKP CLI. Execute this command to create the charts bundle:

dkp create chart-bundle

Kommander creates charts-bundle.tar.gz. Optionally, specify the output using the -o parameter:

dkp create chart-bundle -o [name of the output file]

Kommander’s internal Helm repository

The Kommander charts bundle is pushed to Kommander’s internal Helm repository. To inspect the contents:

dkp get charts

Individual charts can be removed using:

dkp delete chart [chartName] [chartVersion]

It is possible to push new charts as well:

dkp push chart [chartTarball]

Or push a new bundle:

dkp push chart-bundle [chartsTarball]

Check the built-in help text for each command for more information.

Use MetalLB

For an on-premises deployment, Kommander ships with MetalLB, which provides load-balancing services.

NOTE: Making a configuration change in the ConfigMap for the metallb application may not result in the configuration change applying. This is intentional behavior. MetalLB refuses to adopt changes to the ConfigMap that breaks existing Services. You can force MetalLB to load those changes by deleting the metallb controller pod:

kubectl -n kommander delete pod -l app=metallb,component=controller

To use MetalLB:

  1. Identify and reserve a virtual IP (VIP) address range in your networking infrastructure.

  2. Configure your networking infrastructure so that the reserved IP addresses is reachable:

    • from all hosts specified in the inventory file.
    • from the computer used to deploy Kubernetes.

NOTE: Ensure the MetalLB subnet does not overlap with podSubnet and serviceSubnet.

Your configuration is complete if the reserved virtual IP addresses are in the same subnet as the rest of the cluster nodes. If it is in a different subnet, configure appropriate routes to ensure connectivity with the virtual IP address. If the virtual IP addresses share an interface with the primary IP address of the interface, disable any IP or MAC spoofing from the infrastructure firewall.

You can configure MetalLB in two modes: Layer2 and BGP.

Layer2

The following example illustrates how to enable MetalLB and configure it with the Layer2 mode using the install.yaml configuration file created above:

apiVersion: config.kommander.mesosphere.io/v1alpha1
kind: Installation
apps:
 ...
  metallb:
    values: |
      configInline:
        address-pools:
          - name: default
            protocol: layer2
            addresses:
              - 10.0.50.25-10.0.50.50

The number of virtual IP addresses in the reserved range determines the maximum number of LoadBalancer service types you can create in the cluster.

BGP

MetalLB in bgp mode implements only a subset of the BGP protocol. In particular, it only advertises the virtual IP to peer BGP agent.

The following example illustrates the BGP configuration in the overrides ConfigMap:

apiVersion: config.kommander.mesosphere.io/v1alpha1
kind: Installation
apps:
 ...
  metallb:
    values: |
      configInline:
        peers:
          - my-asn: 64500
            peer-asn: 64500
            peer-address: 172.17.0.4
        address-pools:
          - name: my-ip-space
            protocol: bgp
            addresses:
              - 172.40.100.0/24

In the above configuration, peers defines the configuration of the BGP peer, such as peer IP address and autonomous system number (asn). The address-pools section is similar to layer2, except for the protocol.

MetalLB also supports advanced BGP configuration.

See Kommander Load Balancing for more information.

Load the Docker images into your Docker registry

  1. See the NOTICES.txt file for 3rd party software attributions and place the kommander-image-bundle-v2.2.1.tar.gz and dkp-catalog-applications-image-bundle-v2.2.1.tar.gz bundles within a location where you can load and push the images to your private Docker registry.

  2. Run the following command to load the air-gapped image bundle into your private Docker registry:

    dkp push image-bundle --image-bundle kommander-image-bundle-v2.2.1.tar.gz --to-registry <REGISTRY_URL>
    

It may take a while to push all the images to your image registry, depending on the performance of the network between the machine you are running the script on and the Docker registry.

Install on Konvoy

NOTE: This docker image includes code from the MinIO Project (“MinIO”), which is © 2015-2021 MinIO, Inc. MinIO is made available subject to the terms and conditions of the GNU Affero General Public License 3.0. Complete source code for MinIO is available here, here, and here

  1. Create the configuration file by running kommander install --init --airgapped > install.yaml for the air-gapped deployment. Open the install.yaml file and review that it looks like the following:

    apiVersion: config.kommander.mesosphere.io/v1alpha1
    kind: Installation
    airgapped:
      enabled: true
    
  2. In the same file, if you are installing Kommander in an AWS VPC, set the Traefik annotation to create an internal facing ELB by setting the following:

    apps:
      traefik:
        values: |
          service:
            annotations:
              service.beta.kubernetes.io/aws-load-balancer-internal: "true"
    
  3. Download the Kommander application definitions:

    wget "https://downloads.d2iq.com/dkp/v2.2.1/kommander-applications-v2.2.1.tar.gz"
    
  4. Download the Kommander charts bundle:

    wget "https://downloads.d2iq.com/dkp/v2.2.1/dkp-kommander-charts-bundle-v2.2.1.tar.gz" -O - | tar -xvf -
    
  5. To install Kommander in your air-gapped environment using the above configuration file, enter the following command:

    dkp install kommander --installer-config ./install.yaml \
    --kommander-applications-repository kommander-applications-v2.2.1.tar.gz \
    --charts-bundle dkp-kommander-charts-bundle-v2.2.1.tar.gz
    
  6. Verify your installation.

This Docker image includes code from the MinIO Project (“MinIO”), which is © 2015-2021 MinIO, Inc. MinIO is made available subject to the terms and conditions of the [GNU Affero General Public License 3.0][https://www.gnu.org/licenses/agpl-3.0.en.html]. The complete source code for the versions of MinIO packaged with DKP 2.2.1 are available at these URLs:

  • https://github.com/minio/minio/tree/RELEASE.2022-02-24T22-12-01Z
  • https://github.com/minio/minio/tree/RELEASE.2022-01-08T03-11-54Z
  • https://github.com/minio/minio/tree/RELEASE.2021-02-14T04-01-33Z