Bastion Host
When creating an air-gapped vSphere cluster, the bastion VM hosts the installation of the DKP Konvoy bundles and images, as well as the Docker registry, needed to create and operate your vSphere cluster. The bastion VM must have access to the vSphere API Server (vCenter Server). Ensure the items below are installed and the environment matches the requirements below:
Create a bastion VM host template for the cluster nodes to use within the air-gapped network. This bastion VM host also needs access to a Docker registry in lieu of an Internet connection for pulling Docker images. The recommended template naming pattern is
../folder-name/dkp-e2e-bastion-template
or similar.Find and record the bastion VM’s IP or host name.
Download the following required DKP Konvoy binaries and installation bundles discussed in step 5 below.
Docker® version 18.09.2 or later installed. You must have Docker installed on the host where the DKP Konvoy CLI runs. For example, if you are installing Konvoy on your laptop, ensure the laptop has a supported version of Docker. On macOS, Docker runs in a virtual machine which you configure with at least 8GB of memory.
kubectl for interacting with the running cluster, installed on the host where the DKP Konvoy command line interface (CLI) runs.
Depending on your OS, there are various commands for setting up your own bastion host for use with air-gapped vSphere.
This would be a generic example for RHEL Bastion nodes:
Once
base-rhel-os
boots, open anssh
terminal to host and install the tools and packages:CODEsudo yum install -y yum-utils bzip2 wget
Install kubectl as mentioned above, below is a RHEL example:
CODEcat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch enabled=1 gpgcheck=1 gpgkey=https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg EOF sudo yum install -y kubectl
Install Docker (Only on Bastion Host) and add the repo for upstream docker:
CODEsudo yum-config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo
NOTE: Other Docker repo downloads are available on docker.com: https://download.docker.com/linux/
Install Docker:
CODEsudo yum install -y docker-ce docker-ce-cli containerd.io
Create directory for Konvoy Image Builder and DKP CLI:
CODEmkdir kib && mkdir dkp
Get the needed D2iQ Software by downloading the air-gapped bundle:
Downloaddkp-air-gapped-bundle_v2.5.2_linux_amd64.tar.gz
, extract the tarball to a local directory:CODEtar -xzvf dkp-air-gapped-bundle_v2.5.2_linux_amd64.tar.gz && cd dkp-v2.5.2/kib
Install DKP CLI:
CODEcd .. cd dkp wget https://downloads.d2iq.com/dkp/v2.5.2/dkp_v2.5.2_linux_amd64.tar.gz
Set the following vSphere environment variables on the bastion VM host:
CODEexport VSPHERE_SERVER=your_vCenter_APIserver_URL export VSPHERE_USERNAME=your_vCenter_user_name export VSPHERE_PASSWORD=your_vCenter_password
Set the following environment variables to enable connection to an existing Docker registry. You must create the VM template with the Konvoy Image Builder to be able to use the registry mirror feature:
CODEexport DOCKER_REGISTRY_ADDRESS=<https/http>://<registry-address>:<registry-port> export DOCKER_REGISTRY_CA=<path to the CA on the bastion host>
DOCKER_REGISTRY_ADDRESS
: the address of an existing Docker registry accessible in the vSphere Zone where the new cluster nodes will be configured, to use a mirror registry when pulling images.DOCKER_REGISTRY_CA
: (optional) the path on the bastion host to the Docker registry CA. Konvoy configures the cluster nodes to trust this CA. This value is only needed if the registry is using a self-signed certificate and the VMs are not already configured to trust this CA.
More information:
Each infrastructure provider has its own set of bastion host instructions. Refer to your own OS instructions to setup a bastion host like AWS Bastion, Azure, GCP, or vSphere.