Pre-provisioned Prerequisites Air-gapped
2.3 Fulfill the prerequisites for using a pre-provisioned infrastructure when Air-Gapped
The instructions below outline how to fulfill the prerequisites for using pre-provisioned infrastructure when using air-gapped.
Air-Gapped Registry Prerequisites
JFrog Artifactory
If you use Jfrog Artifactory or Jfrog Container Registry, you must update to a new version of the software. Any build newer than version 7.11 will work, as we have confirmed that older versions are not compatible.
Nexus Registry
If you use Nexus Registry, there is currently an issue that prevents usage with DKP 2.X and OCI Images. Support for OCI Images was added here in this publicly available Jira ticket:
https://issues.sonatype.org/browse/NEXUS-21087
A new issue was filed here determining that OCI image support is currently broken:
https://issues.sonatype.org/plugins/servlet/mobile#issue/NEXUS-27494
You can track this Jira link for status on a resolution for this issue.
Harbor Registry
Any newer version than Harbor Registry v2.1.1-5f52168e will support OCI images.
Download the bootstrap image
Download the bootstrap docker image on a machine that has access to this artifact:
CODEcurl -O https://downloads.d2iq.com/dkp/v2.3.3/konvoy-bootstrap_v2.3.3.tar
Load the bootstrap Docker image on your bastion machine:
CODEdocker load -i konvoy-bootstrap_v2.3.3.tar
Copy air-gapped artifacts onto cluster hosts
Using the Konvoy Image Builder,you can copy the required artifacts onto your cluster hosts.
Create the directories where you will place the air-gapped bundles:
CODEmkdir artifacts mkdir artifacts/images
Define an environment variable for the Kubernetes version that corresponds with Konvoy release you are installing. You can find the correct Kubernetes version by checking the release notes for the release you are installing:
CODEexport VERSION=1.23.12
Set an environment variable for the image’s OS you want to use. The OS packages bundles will contain the RPMs for Kubernetes and all of their dependencies required to install these packages without access to any external RPM repositories. The available options for your command are listed below followed by the command in which to replace them:
centos_7_x86_64
centos_7_x86_64_fips
redhat_7_x86_64
redhat_7_x86_64_fips
redhat_8_x86_64
redhat_8_x86_64_fips
CODEexport BUNDLE_OS=centos_7_x86_64
Download the OS packages bundle:
CODEcurl --output artifacts/"$VERSION"_"$BUNDLE_OS".tar.gz -O https://downloads.d2iq.com/dkp/airgapped/os-packages/"$VERSION"_"$BUNDLE_OS".tar.gz
Download the Kubernetes images bundle. This bundle includes the necessary images for
kubeadm
to bootstrap a KubernetesNode
.The available options for each Kubernetes version are:
<version>_images.tar.gz
CODEcurl --output artifacts/images/"$VERSION"_images.tar.gz -O https://downloads.d2iq.com/dkp/airgapped/kubernetes-images/"$VERSION"_images.tar.gz
<version>_images_fips.tar.gz
CODEcurl --output artifacts/images/"$VERSION"_images_fips.tar.gz -O https://downloads.d2iq.com/dkp/airgapped/kubernetes-images/"$VERSION"_images_fips.tar.gz
Download the PIP packages using the command below. This bundle includes a few packages required by DKP to bootstrap machines.
CODEcurl --output artifacts/pip-packages.tar.gz -O https://downloads.d2iq.com/dkp/airgapped/pip-packages/pip-packages.tar.gz
Download the Containerd
1.14.13
packages for the OS you plan to provision dkp on. The options for OS are listed below for replacement in the command before running:centos-7.9
ol-7.9
rhel-7.9
rhel-8.2
rhel-8.4
sles-15.3
ubuntu-18.04
ubuntu-20.04
CODEexport CONTAINERD_OS=centos-7.9
BASHcurl --output artifacts/containerd-1.4.13-d2iq.1-"$CONTAINERD_OS"-x86_64.tar.gz --location https://packages.d2iq.com/dkp/containerd/containerd-1.4.13-d2iq.1-"$CONTAINERD_OS"-x86_64.tar.gz
To get the fips builds append_fips
after-x86_64
in the url.
eTo get the fips build forcentos-7.9
the url would behttps://packages.d2iq.com/dkp/containerd/containerd-1.4.13-d2iq.1-centos-7.9-x86_64_fips.tar.gz
The following OS’s have containerd fips builds:centos-7.9
ol-7.9
rhel-7.9
rhel-8.2
rhel-8.4
Export the following environment variables, ensuring that all control plane and worker nodes are included:
CODEexport CONTROL_PLANE_1_ADDRESS="<control-plane-address-1>" export CONTROL_PLANE_2_ADDRESS="<control-plane-address-2>" export CONTROL_PLANE_3_ADDRESS="<control-plane-address-3>" export WORKER_1_ADDRESS="<worker-address-1>" export WORKER_2_ADDRESS="<worker-address-2>" export WORKER_3_ADDRESS="<worker-address-3>" export WORKER_4_ADDRESS="<worker-address-4>" export SSH_USER="<ssh-user>" export SSH_PRIVATE_KEY_FILE="<private key file>"
SSH_PRIVATE_KEY_FILE
must be either the name of the SSH private key file in your working directory or an absolute path to the file in your user’s home directory.Generate an
inventory.yaml
to be used withkonvoy-image upload
in the next step:CODEcat <<EOF > inventory.yaml all: vars: ansible_user: $SSH_USER ansible_port: 22 ansible_ssh_private_key_file: $SSH_PRIVATE_KEY_FILE hosts: $CONTROL_PLANE_1_ADDRESS: ansible_host: $CONTROL_PLANE_1_ADDRESS $CONTROL_PLANE_2_ADDRESS: ansible_host: $CONTROL_PLANE_2_ADDRESS $CONTROL_PLANE_3_ADDRESS: ansible_host: $CONTROL_PLANE_3_ADDRESS $WORKER_1_ADDRESS: ansible_host: $WORKER_1_ADDRESS $WORKER_2_ADDRESS: ansible_host: $WORKER_2_ADDRESS $WORKER_3_ADDRESS: ansible_host: $WORKER_3_ADDRESS $WORKER_4_ADDRESS: ansible_host: $WORKER_4_ADDRESS EOF
Upload the artifacts onto cluster hosts with the following command:
BASHkonvoy-image upload artifacts --container-images-dir=./artifacts/images/ \ --os-packages-bundle=./artifacts/"$VERSION"_"$BUNDLE_OS".tar.gz \ --pip-packages-bundle=./artifacts/pip-packages.tar.gz \ --containerd-bundle=artifacts/containerd-1.4.13-d2iq.1-"$CONTAINERD_OS".tar.gz
Use the --overrides flag and reference either fips.yaml or offline-fips.yaml manifests located in the overrides directory or see these pages in the documentation:
Seed your docker registry
Before creating a Kubernetes cluster you must have the required images in a local docker registry. This registry must be accessible from both the bastion machine and the machines that will be created for the Kubernetes cluster.
Download the images bundle:
CODEcurl -o konvoy-image-bundle.tar -O downloads.d2iq.com/dkp/v2.3.3/konvoy_image_bundle_v2.3.3_linux_amd64.tar
Place the bundle in a location where you can load and push the images to your private docker registry.
Set an environment variable with your registry address:
CODEexport DOCKER_REGISTRY_ADDRESS=<registry-address>:<registry-port>
Run the following command to load the air-gapped image bundle into your private Docker registry:
CODEdkp push image-bundle --image-bundle konvoy-image-bundle.tar.gz --to-registry $DOCKER_REGISTRY_ADDRESS
It may take a while to push all the images to your image registry, depending on the performance of the network between the machine you are running the script on and the Docker registry.
Then begin creating the bootstrap cluster.
This Docker image includes code from the MinIO Project (“MinIO”), which is © 2015-2021 MinIO, Inc. MinIO is made available subject to the terms and conditions of the GNU Affero General Public License 3.0. The complete source code for the versions of MinIO packaged with DKP/Kommander/Konvoy 2.2.1 are available at these URLs: https://github.com/minio/minio/tree/RELEASE.2022-02-24T22-12-01Z https://github.com/minio/minio/tree/RELEASE.2021-02-14T04-01-33Z
For a full list of attributed 3rd party software, see D2IQ Legal.