Pre-provisioned Prerequisites Air-gapped

2.3 Fulfill the prerequisites for using a pre-provisioned infrastructure when Air-Gapped

The instructions below outline how to fulfill the prerequisites for using pre-provisioned infrastructure when using air-gapped.

Air-Gapped Registry Prerequisites

JFrog Artifactory

If you use Jfrog Artifactory or Jfrog Container Registry, you must update to a new version of the software. Any build newer than version 7.11 will work, as we have confirmed that older versions are not compatible.

Nexus Registry

If you use Nexus Registry, there is currently an issue that prevents usage with DKP 2.X and OCI Images. Support for OCI Images was added here in this publicly available Jira ticket:

https://issues.sonatype.org/browse/NEXUS-21087

A new issue was filed here determining that OCI image support is currently broken:

https://issues.sonatype.org/plugins/servlet/mobile#issue/NEXUS-27494

You can track this Jira link for status on a resolution for this issue.

Harbor Registry

Any newer version than Harbor Registry v2.1.1-5f52168e will support OCI images.

Download the bootstrap image

Download the bootstrap docker image on a machine that has access to this artifact:
CODE
```
curl -O https://downloads.d2iq.com/dkp/v2.3.3/konvoy-bootstrap_v2.3.3.tar
```
Load the bootstrap Docker image on your bastion machine:
CODE
```
docker load -i konvoy-bootstrap_v2.3.3.tar
```

Copy air-gapped artifacts onto cluster hosts

Using the Konvoy Image Builder,you can copy the required artifacts onto your cluster hosts.

Create the directories where you will place the air-gapped bundles:
CODE
```
mkdir artifacts
mkdir artifacts/images
```
Define an environment variable for the Kubernetes version that corresponds with Konvoy release you are installing. You can find the correct Kubernetes version by checking the release notes for the release you are installing:
CODE
```
export VERSION=1.23.12
```
Set an environment variable for the image’s OS you want to use. The OS packages bundles will contain the RPMs for Kubernetes and all of their dependencies required to install these packages without access to any external RPM repositories. The available options for your command are listed below followed by the command in which to replace them:
- centos_7_x86_64
- centos_7_x86_64_fips
- redhat_7_x86_64
- redhat_7_x86_64_fips
- redhat_8_x86_64
- redhat_8_x86_64_fips
CODE
```
export BUNDLE_OS=centos_7_x86_64
```

Download the OS packages bundle:

CODE

curl --output artifacts/"$VERSION"_"$BUNDLE_OS".tar.gz -O https://downloads.d2iq.com/dkp/airgapped/os-packages/"$VERSION"_"$BUNDLE_OS".tar.gz

Download the Kubernetes images bundle. This bundle includes the necessary images for kubeadm to bootstrap a Kubernetes Node.

The available options for each Kubernetes version are:

<version>_images.tar.gz

CODE

curl --output artifacts/images/"$VERSION"_images.tar.gz -O https://downloads.d2iq.com/dkp/airgapped/kubernetes-images/"$VERSION"_images.tar.gz

<version>_images_fips.tar.gz

CODE

curl --output artifacts/images/"$VERSION"_images_fips.tar.gz -O https://downloads.d2iq.com/dkp/airgapped/kubernetes-images/"$VERSION"_images_fips.tar.gz

Download the PIP packages using the command below. This bundle includes a few packages required by DKP to bootstrap machines.
CODE
```
curl --output artifacts/pip-packages.tar.gz -O https://downloads.d2iq.com/dkp/airgapped/pip-packages/pip-packages.tar.gz
```
Download the Containerd 1.14.13packages for the OS you plan to provision dkp on. The options for OS are listed below for replacement in the command before running:
- centos-7.9
- ol-7.9
- rhel-7.9
- rhel-8.2
- rhel-8.4
- sles-15.3
- ubuntu-18.04
- ubuntu-20.04
CODE
```
export CONTAINERD_OS=centos-7.9
```
BASH
```
curl --output artifacts/containerd-1.4.13-d2iq.1-"$CONTAINERD_OS"-x86_64.tar.gz --location https://packages.d2iq.com/dkp/containerd/containerd-1.4.13-d2iq.1-"$CONTAINERD_OS"-x86_64.tar.gz
```
To get the fips builds append _fips after -x86_64 in the url.
eTo get the fips build for centos-7.9 the url would be
https://packages.d2iq.com/dkp/containerd/containerd-1.4.13-d2iq.1-centos-7.9-x86_64_fips.tar.gz

The following OS’s have containerd fips builds:
- centos-7.9
- ol-7.9
- rhel-7.9
- rhel-8.2
- rhel-8.4

Export the following environment variables, ensuring that all control plane and worker nodes are included:

CODE

export CONTROL_PLANE_1_ADDRESS="<control-plane-address-1>"
export CONTROL_PLANE_2_ADDRESS="<control-plane-address-2>"
export CONTROL_PLANE_3_ADDRESS="<control-plane-address-3>"
export WORKER_1_ADDRESS="<worker-address-1>"
export WORKER_2_ADDRESS="<worker-address-2>"
export WORKER_3_ADDRESS="<worker-address-3>"
export WORKER_4_ADDRESS="<worker-address-4>"
export SSH_USER="<ssh-user>"
export SSH_PRIVATE_KEY_FILE="<private key file>"

SSH_PRIVATE_KEY_FILE must be either the name of the SSH private key file in your working directory or an absolute path to the file in your user’s home directory.

Generate an inventory.yaml to be used with konvoy-image upload in the next step:

CODE

cat <<EOF > inventory.yaml
all:
  vars:
    ansible_user: $SSH_USER
    ansible_port: 22
    ansible_ssh_private_key_file: $SSH_PRIVATE_KEY_FILE
  hosts:
    $CONTROL_PLANE_1_ADDRESS:
      ansible_host: $CONTROL_PLANE_1_ADDRESS
    $CONTROL_PLANE_2_ADDRESS:
      ansible_host: $CONTROL_PLANE_2_ADDRESS
    $CONTROL_PLANE_3_ADDRESS:
      ansible_host: $CONTROL_PLANE_3_ADDRESS
    $WORKER_1_ADDRESS:
      ansible_host: $WORKER_1_ADDRESS
    $WORKER_2_ADDRESS:
      ansible_host: $WORKER_2_ADDRESS
    $WORKER_3_ADDRESS:
      ansible_host: $WORKER_3_ADDRESS
    $WORKER_4_ADDRESS:
      ansible_host: $WORKER_4_ADDRESS
EOF

Upload the artifacts onto cluster hosts with the following command:

BASH

konvoy-image upload artifacts --container-images-dir=./artifacts/images/ \
              --os-packages-bundle=./artifacts/"$VERSION"_"$BUNDLE_OS".tar.gz \
              --pip-packages-bundle=./artifacts/pip-packages.tar.gz \
              --containerd-bundle=artifacts/containerd-1.4.13-d2iq.1-"$CONTAINERD_OS".tar.gz

Use the --overrides flag and reference either fips.yaml or offline-fips.yaml manifests located in the overrides directory or see these pages in the documentation:

Seed your docker registry

Before creating a Kubernetes cluster you must have the required images in a local docker registry. This registry must be accessible from both the bastion machine and the machines that will be created for the Kubernetes cluster.

Download the images bundle:

CODE

curl -o konvoy-image-bundle.tar -O downloads.d2iq.com/dkp/v2.3.3/konvoy_image_bundle_v2.3.3_linux_amd64.tar

Place the bundle in a location where you can load and push the images to your private docker registry.

Set an environment variable with your registry address:

CODE

export DOCKER_REGISTRY_ADDRESS=<registry-address>:<registry-port>

Run the following command to load the air-gapped image bundle into your private Docker registry:

CODE

dkp push image-bundle --image-bundle konvoy-image-bundle.tar.gz --to-registry $DOCKER_REGISTRY_ADDRESS

It may take a while to push all the images to your image registry, depending on the performance of the network between the machine you are running the script on and the Docker registry.

Then begin creating the bootstrap cluster.

This Docker image includes code from the MinIO Project (“MinIO”), which is © 2015-2021 MinIO, Inc. MinIO is made available subject to the terms and conditions of the GNU Affero General Public License 3.0. The complete source code for the versions of MinIO packaged with DKP/Kommander/Konvoy 2.2.1 are available at these URLs: https://github.com/minio/minio/tree/RELEASE.2022-02-24T22-12-01Z https://github.com/minio/minio/tree/RELEASE.2021-02-14T04-01-33Z

For a full list of attributed 3rd party software, see D2IQ Legal.