Skip to content

Provision

Follow the instructions below if you wish to provision a managed, upstream k8s cluster using the prepackaged OVA image in your Mac laptop/desktop.


Step 1: Download OVA image

Download the provided OVA image. The OVA image comprises the following components. These images are periodically updated to ensure the image is kept current with the latest components.

Note

The prepackaged OVA image is ~4 GB in size. So, ensure you start the download process while we configure Virtual Box.

Pre Packaged Component
Operating System (64-bit Ubuntu 18.04 LTS)
Kubernetes (Current/Recent Version)
k8s Mgmt Operator
Addons for Monitoring, Logging and Ingress Controller Components

Step 2: Configure Virtual Box

Create NAT Network

This is a critical step and should not be skipped. The NAT Network ensures that we can provide a static IP address to the Kubernetes cluster so that it can continue operating even if the laptop is moved from one network to another.

  • In VirtualBox, click on Preferences -> Network
  • Create a new NAT Network

NAT Network

  • Click on Settings for the NAT network to view the CIDR. Note that the default is typically "10.0.2.0/24" and we will be using an IP address from this IP range.

CIDR for NAT


Step 3: Import VM

Import VM Appliance

Import the downloaded OVA (VM image) with at least minimum specs: (4) vCPUs, (4-8) GB memory into Virtual Box. This can take approximately a minute or so.

NAT Network

Set the Network for the Virtual Machine to the "NAT Network" created above

Set NAT Network

Start VM

Start the Virtual Machine and login with the following credentials

Username: rafay_admin Password: Admin$321

Launch VM for Node

Configure Static IP

We will set a static IP address from the NAT CIDR pool. This will ensure that the Kubernetes cluster comes up regardless of what network the host is running on.

  • In the Virtual Box console, run "ifconfig -a"
  • Identify your primary network interface and use the name in the file below.

In this example, the name of the primary network interface is "enp0s17"

  • Edit the file /etc/netplan/50-cloud-init.yaml

sudo vi /etc/netplan/50-cloud-init.yaml
Configure Static IP

  • Save the file, ensure you apply it by using the command below
sudo netplan apply
  • Optionally verify that everything is configured by checking the output of "ifconfig"

Enable Port Forwarding

You will need the ability to SSH into the VM from your laptop. In this step, you will set up port forwarding in Virtual Box to help streamline this process.

  • In Virtual Box, Select Preferences and navigate to Network and NAT network settings
  • Click on port forwarding
  • Create a new rule with the following tuple (127.0.0.1:45555) and (10.0.2.100:22)

With this rule configured, you will be able to seamlessly SSH into the VM from your laptop.

Port Forwarding

  • Test SSH access to the VM by entering the command shown below and enter the password for the VM
ssh -p 45555 [email protected]

Successful SSH

With this step, we have successfully configured Virtual Box and the Imported VM with the required settings. We are now ready to create and provision Kubernetes.


Step 4: Create Cluster

In this step, you will configure and create a cluster object in the Controller.

  • Login into the Web Console and go to Infrastructure > Clusters.
  • Click on “New Cluster”.
  • Select "Create a New Cluster" option
  • Click "Continue" to go to the next configuration page

New OVA Cluster

  • Select "Data center/Edge" for Environment.
  • Then select "OVA/OVF" option for Package type
  • Then select "Upstream Kubernetes" for Kubernetes Distribution
  • Provide a friendly name for your cluster (the use of underscore is not allowed in the name)
  • Click "Continue" to go to the next configuration page
  • Click "Continue" to create the cluster

New OVA Cluster

Optional Settings

If necessary, you can select

  • A custom cluster blueprint from the "Blueprint" drop down
  • A different Kubernetes version from the drop down

Impact of Overrides A default upstream Kubernetes version, the central management Kubernetes operator and the default cluster blueprint components are pre-packaged in the OVA image.

If a "non default" version of Kubernetes is selected OR a different blueprint is selected, the required images will be downloaded and used for provisioning. Note that this will require additional time for downloading the remaining images over the Internet. Ensure you have a relatively fast Internet connection to ensure that the downloads are completed quickly before the Kubernetes wait timers expire and cluster provisioning times out.


Download Activation Secrets

Download the activation secrets (i.e. credentials and passphrase files) from the installation instructions. You will have two files that are ”unique” to this cluster and required for the VM to securely register with the controller and activate itself.

  • "clustername"-credentials.pem
  • "clustername"-passphrase.txt

New OVA Cluster

Important

Activation secrets are unique to this cluster and cannot be reused with other clusters. Treat them like secrets.


Copy Activation Secrets to VM

In this step, we will use SCP to copy the two activation secret files to the VM on Virtual Box

scp -P 45555 <file 1> <file 2> [email protected]:~/

SSH to VM

We will using SSH to securely access the VM to perform the final step.

  • Open terminal on your laptop and connect to the VM on Virtual Box. We will be leveraging the port redirection we configured earlier for this.
ssh -p 45555 [email protected]

SCP Credentials

  • Copy the conjurer binary from "/home/ubuntu" to "/home/rafay_admin" folder
cp /home/ubuntu/conjurer . 

Step 5 : Configure Cluster

In this step, we will perform a pre-flight check to verify the environment and then configure the cluster and other critical components for central management.

  • Copy the instructions for the installation script and execute it. An illustrative screenshot shown below:

Install

Once the installation script is run successfully with the activation secrets, the node agent will attempt to connect and register with the Controller. Once discovered, it will be automatically approved by the controller. An illustrative screenshot shown below.

Node Checkin


Step 6: Configure Cluster

In a few seconds, on the Web Console, you should see that the node has been discovered and approved.

  • Click on “Configure"
  • Ensure Master role is enabled because this is a single node cluster with both master/worker roles.
  • The network interface will be automatically detected and displayed.

Configure Node

Note that we will skip the Ingress configuration step because this laptop may not be directly connected to the Internet.


Step 7: Provision Cluster

  • In the web console, click on “Provision” to start provisioning and wait for the process to complete.
  • Depending on the resources provided to the VM, the end-to-end process can take ~10-15 minutes to complete.

The user will be provided progress and status updates on the web console as the software components are configured in the VM. An illustrative screenshot shown below.

Provision Cluster

Once all the components are successfully deployed, it can take a few minutes for all components to become operational and latest status/health to report back on the Web Console.

Cluster Card


Step 8: Validation

Once the cluster is successfully provisioned, verify the following to ensure that everything was performed properly.

Web Console

The cluster's control plane status will be reported "Green". The k8s management operator on the cluster maintains a continuous heartbeat with the controller and should display "last check in time" within 30 seconds.

Web KubeCTL

Click on the Kubectl icon on the web console. This will open a web based console where any authorized user on the console can perform KubeCTL operations on the provisioned cluster.

ztka

Review the following steps if you would like to perform KubeCTL operations directly on your VM.


Congratulations!

You have successfully provisioned a centrally managed Kubernetes cluster on your Mac laptop. You can now deploy workloads, apply blueprints and even have your colleagues securely and remotely access your cluster.