This topic shows how to run Kommander on top of an air-gapped Konvoy cluster installation.
Before installing, ensure you have:
A Docker registry containing all the necessary Docker installation images, including the Kommander images. The
kommander-image-bundle.tartarball has the required artifacts.
A charts bundle file containing all Helm charts that Kommander installation needs.
Connectivity with clusters attaching to the management cluster:
- Both management and attached clusters must be able to connect to the Docker registry.
- The management cluster must be able to connect to all attached cluster’s API servers.
- The management cluster must be able to connect to any load balancers created for platform services on the management cluster.
A configuration file that you will adapt to your needs using the steps outlined in this topic. Make sure to create that file using the following command:
dkp install kommander --init --airgapped > install.yaml
All the prerequisites covered in air-gapped Konvoy installation.
MetalLB enabled and configured, which provides load-balancing services.
The image bundle files downloaded.
Kommander charts bundle
The charts bundle is a gzipped Tar archive containing Helm charts, which are required during Kommander installation. Create the charts bundle with the DKP CLI or downloaded along with the DKP CLI. Execute this command to create the charts bundle:
dkp create chart-bundle
Optionally, specify the output using the
dkp create chart-bundle -o [name of the output file]
Kommander’s internal Helm repository
The Kommander charts bundle is pushed to Kommander’s internal Helm repository. To inspect the contents:
dkp get charts
Individual charts can be removed using:
dkp delete chart [chartName] [chartVersion]
It is possible to push new charts as well:
dkp push chart [chartTarball]
Or push a new bundle:
dkp push chart-bundle [chartsTarball]
Check the built-in help text for each command for more information.
For an on-premises deployment, Kommander ships with MetalLB, which provides load-balancing services.
kubectl -n kommander delete pod -l app=metallb,component=controller
To use MetalLB:
Identify and reserve a virtual IP (VIP) address range in your networking infrastructure.
Configure your networking infrastructure so that the reserved IP addresses is reachable:
- from all hosts specified in the inventory file.
- from the computer used to deploy Kubernetes.
Your configuration is complete if the reserved virtual IP addresses are in the same subnet as the rest of the cluster nodes. If it is in a different subnet, configure appropriate routes to ensure connectivity with the virtual IP address. If the virtual IP addresses share an interface with the primary IP address of the interface, disable any IP or MAC spoofing from the infrastructure firewall.
You can configure MetalLB in two modes: Layer2 and BGP.
The following example illustrates how to enable MetalLB and configure it with the Layer2 mode using the
install.yaml configuration file created above:
apiVersion: config.kommander.mesosphere.io/v1alpha1 kind: Installation apps: ... metallb: values: | configInline: address-pools: - name: default protocol: layer2 addresses: - 10.0.50.25-10.0.50.50
The number of virtual IP addresses in the reserved range determines the maximum number of
LoadBalancer service types you can create in the cluster.
bgp mode implements only a subset of the BGP protocol. In particular, it only advertises the virtual IP to peer BGP agent.
The following example illustrates the BGP configuration in the overrides
apiVersion: config.kommander.mesosphere.io/v1alpha1 kind: Installation apps: ... metallb: values: | configInline: peers: - my-asn: 64500 peer-asn: 64500 peer-address: 172.17.0.4 address-pools: - name: my-ip-space protocol: bgp addresses: - 18.104.22.168/24
In the above configuration,
peers defines the configuration of the BGP peer, such as peer IP address and
autonomous system number (
address-pools section is similar to
layer2, except for the protocol.
MetalLB also supports advanced BGP configuration.
See Kommander Load Balancing for more information.
Load the Docker images into your Docker registry
NOTICES.txtfile for 3rd party software attributions and place the
dkp-catalog-applications-image-bundle-v2.2.1.tar.gzbundles within a location where you can load and push the images to your private Docker registry.
Run the following command to load the air-gapped image bundle into your private Docker registry:
dkp push image-bundle --image-bundle kommander-image-bundle-v2.2.1.tar.gz --to-registry <REGISTRY_URL>
It may take a while to push all the images to your image registry, depending on the performance of the network between the machine you are running the script on and the Docker registry.
Install on Konvoy
Create the configuration file by running
kommander install --init --airgapped > install.yamlfor the air-gapped deployment. Open the
install.yamlfile and review that it looks like the following:
apiVersion: config.kommander.mesosphere.io/v1alpha1 kind: Installation airgapped: enabled: true
In the same file, if you are installing Kommander in an AWS VPC, set the Traefik annotation to create an internal facing ELB by setting the following:
apps: traefik: values: | service: annotations: service.beta.kubernetes.io/aws-load-balancer-internal: "true"
Download the Kommander application definitions:
Download the Kommander charts bundle:
wget "https://downloads.d2iq.com/dkp/v2.2.1/dkp-kommander-charts-bundle-v2.2.1.tar.gz" -O - | tar -xvf -
To install Kommander in your air-gapped environment using the above configuration file, enter the following command:
dkp install kommander --installer-config ./install.yaml \ --kommander-applications-repository kommander-applications-v2.2.1.tar.gz \ --charts-bundle dkp-kommander-charts-bundle-v2.2.1.tar.gz
This Docker image includes code from the MinIO Project (“MinIO”), which is © 2015-2021 MinIO, Inc. MinIO is made available subject to the terms and conditions of the [GNU Affero General Public License 3.0][https://www.gnu.org/licenses/agpl-3.0.en.html]. The complete source code for the versions of MinIO packaged with DKP 2.2.1 are available at these URLs: