2.3 Fulfill the prerequisites for using a pre-provisioned infrastructure when Air-Gapped
The instructions below outline how to fulfill the prerequisites for using pre-provisioned infrastructure when using air-gapped.
Air-Gapped Registry Prerequisites
If you use Jfrog Artifactory or Jfrog Container Registry, you must update to a new version of the software. Any build newer than version 7.11 will work, as we have confirmed that older versions are not compatible.
If you use Nexus Registry, there is currently an issue that prevents usage with DKP 2.X and OCI Images. Support for OCI Images was added here in this publicly available Jira ticket:
A new issue was filed here determining that OCI image support is currently broken:
You can track this Jira link for status on a resolution for this issue.
Any newer version than Harbor Registry v2.1.1-5f52168e will support OCI images.
Download the bootstrap image
Download the bootstrap docker image on a machine that has access to this artifact:CODE
curl -O https://downloads.d2iq.com/dkp/v2.3.3/konvoy-bootstrap_v2.3.3.tar
Load the bootstrap Docker image on your bastion machine:CODE
docker load -i konvoy-bootstrap_v2.3.3.tar
Copy air-gapped artifacts onto cluster hosts
Using the Konvoy Image Builder,you can copy the required artifacts onto your cluster hosts.
Create the directories where you will place the air-gapped bundles:CODE
mkdir artifacts mkdir artifacts/images
Define an environment variable for the Kubernetes version that corresponds with Konvoy release you are installing. You can find the correct Kubernetes version by checking the release notes for the release you are installing:CODE
Set an environment variable for the image’s OS you want to use. The OS packages bundles will contain the RPMs for Kubernetes and all of their dependencies required to install these packages without access to any external RPM repositories. The available options for your command are listed below followed by the command in which to replace them:
Download the OS packages bundle:CODE
curl --output artifacts/"$VERSION"_"$BUNDLE_OS".tar.gz -O https://downloads.d2iq.com/dkp/airgapped/os-packages/"$VERSION"_"$BUNDLE_OS".tar.gz
Download the Kubernetes images bundle. This bundle includes the necessary images for
kubeadmto bootstrap a Kubernetes
The available options for each Kubernetes version are:
curl --output artifacts/images/"$VERSION"_images.tar.gz -O https://downloads.d2iq.com/dkp/airgapped/kubernetes-images/"$VERSION"_images.tar.gz
curl --output artifacts/images/"$VERSION"_images_fips.tar.gz -O https://downloads.d2iq.com/dkp/airgapped/kubernetes-images/"$VERSION"_images_fips.tar.gz
Download the PIP packages using the command below. This bundle includes a few packages required by DKP to bootstrap machines.CODE
curl --output artifacts/pip-packages.tar.gz -O https://downloads.d2iq.com/dkp/airgapped/pip-packages/pip-packages.tar.gz
Download the Containerd
1.14.13packages for the OS you plan to provision dkp on. The options for OS are listed below for replacement in the command before running:
curl --output artifacts/containerd-1.4.13-d2iq.1-"$CONTAINERD_OS"-x86_64.tar.gz --location https://packages.d2iq.com/dkp/containerd/containerd-1.4.13-d2iq.1-"$CONTAINERD_OS"-x86_64.tar.gz
To get the fips builds append
-x86_64in the url.
eTo get the fips build for
centos-7.9the url would be
The following OS’s have containerd fips builds:
Export the following environment variables, ensuring that all control plane and worker nodes are included:CODE
export CONTROL_PLANE_1_ADDRESS="<control-plane-address-1>" export CONTROL_PLANE_2_ADDRESS="<control-plane-address-2>" export CONTROL_PLANE_3_ADDRESS="<control-plane-address-3>" export WORKER_1_ADDRESS="<worker-address-1>" export WORKER_2_ADDRESS="<worker-address-2>" export WORKER_3_ADDRESS="<worker-address-3>" export WORKER_4_ADDRESS="<worker-address-4>" export SSH_USER="<ssh-user>" export SSH_PRIVATE_KEY_FILE="<private key file>"
SSH_PRIVATE_KEY_FILEmust be either the name of the SSH private key file in your working directory or an absolute path to the file in your user’s home directory.
inventory.yamlto be used with
konvoy-image uploadin the next step:CODE
cat <<EOF > inventory.yaml all: vars: ansible_user: $SSH_USER ansible_port: 22 ansible_ssh_private_key_file: $SSH_PRIVATE_KEY_FILE hosts: $CONTROL_PLANE_1_ADDRESS: ansible_host: $CONTROL_PLANE_1_ADDRESS $CONTROL_PLANE_2_ADDRESS: ansible_host: $CONTROL_PLANE_2_ADDRESS $CONTROL_PLANE_3_ADDRESS: ansible_host: $CONTROL_PLANE_3_ADDRESS $WORKER_1_ADDRESS: ansible_host: $WORKER_1_ADDRESS $WORKER_2_ADDRESS: ansible_host: $WORKER_2_ADDRESS $WORKER_3_ADDRESS: ansible_host: $WORKER_3_ADDRESS $WORKER_4_ADDRESS: ansible_host: $WORKER_4_ADDRESS EOF
Upload the artifacts onto cluster hosts with the following command:BASH
konvoy-image upload artifacts --container-images-dir=./artifacts/images/ \ --os-packages-bundle=./artifacts/"$VERSION"_"$BUNDLE_OS".tar.gz \ --pip-packages-bundle=./artifacts/pip-packages.tar.gz \ --containerd-bundle=artifacts/containerd-1.4.13-d2iq.1-"$CONTAINERD_OS".tar.gz
Seed your docker registry
Before creating a Kubernetes cluster you must have the required images in a local docker registry. This registry must be accessible from both the bastion machine and the machines that will be created for the Kubernetes cluster.
Download the images bundle:CODE
curl -o konvoy-image-bundle.tar -O downloads.d2iq.com/dkp/v2.3.3/konvoy_image_bundle_v2.3.3_linux_amd64.tar
Place the bundle in a location where you can load and push the images to your private docker registry.
Set an environment variable with your registry address:CODE
Run the following command to load the air-gapped image bundle into your private Docker registry:CODE
dkp push image-bundle --image-bundle konvoy-image-bundle.tar.gz --to-registry $DOCKER_REGISTRY_ADDRESS
It may take a while to push all the images to your image registry, depending on the performance of the network between the machine you are running the script on and the Docker registry.
This Docker image includes code from the MinIO Project (“MinIO”), which is © 2015-2021 MinIO, Inc. MinIO is made available subject to the terms and conditions of the GNU Affero General Public License 3.0. The complete source code for the versions of MinIO packaged with DKP/Kommander/Konvoy 2.2.1 are available at these URLs: https://github.com/minio/minio/tree/RELEASE.2022-02-24T22-12-01Z https://github.com/minio/minio/tree/RELEASE.2021-02-14T04-01-33Z
For a full list of attributed 3rd party software, see D2IQ Legal.