Installing KubeOps Compliance applications
5 minute read
Installing KubeOps Compliance applications
There is a predefined selection of applications included with KubeOps Compliance. These applications ensure a production-ready cluster deployment and can be individually configured as needed.
By separating the cluster values from the application values, the application values can be modified independently and installed at a later stage, providing greater flexibility and maintainability.
Prerequisits
KOSI Login Recommendation
Before performing any action with kubeopsctl, it is recommended to do a login with kosi.
Refer to the official KOSI documentation for details
here.
Example 1: Installing Applications in a non-airgap-environment
To install the KubeOps Compliance Applications in an existing cluster follow the next steps:
1. Define the Enterprise-Value-file
In the example value, the following applications are enabled:
- opa-gatekeeper
- rook-ceph
- harbor
- kubeops-dashboard
All other applications are disabled and will not be installed. For more information about available packages as well as parameters for each package check here.
The following file is only an example. Make sure to change the necessary values (ips, passwords, …) before usage
apiVersion: kubeops/kubeopsctl/enterprise/beta/v1
deleteNs: false
localRegistry: false
packages:
- name: opa-gatekeeper
enabled: true
values:
standard:
namespace: opa-gatekeeper
advanced:
- name: rook-ceph
enabled: true
values:
standard:
namespace: rook-ceph
cluster:
resources:
mgr:
requests:
cpu: "500m"
memory: "512Mi"
mon:
requests:
cpu: "1"
memory: "1Gi"
osd:
requests:
cpu: "1"
memory: "1Gi"
dashboard:
enabled: true
operator:
data:
rookLogLevel: "DEBUG"
- name: harbor
enabled: true
values:
standard:
namespace: harbor
harborpass: "topsecret"
databasePassword: "topsecret"
redisPassword: "topsecret"
externalURL: http://10.2.10.110:30002
nodePort: 30002
hostname: harbor.local
harborPersistence:
persistentVolumeClaim:
registry:
size: 40Gi
storageClass: "rook-cephfs"
jobservice:
jobLog:
size: 1Gi
storageClass: "rook-cephfs"
database:
size: 1Gi
storageClass: "rook-cephfs"
redis:
size: 1Gi
storageClass: "rook-cephfs"
trivy:
size: 5Gi
storageClass: "rook-cephfs"
advanced:
- name: kubeops-dashboard
enabled: true
values:
standard:
namespace: monitoring
hostname: kubeops-dashboard.local
service:
nodePort: 30007
advanced:
- name: filebeat-os
enabled: false
values:
standard:
namespace: logging
advanced:
2. Pull the KubeOps Compliance Applications packages
To pull the required application packages in the correct version for the release, use the following commands:
kubeopsctl pull -f enterprise-values.yaml --kubernetesVersion <x.xx.x>
or
kubeopsctl pull --tools enterprise-values.yaml --kubernetesVersion <x.xx.x>
3. The KubeOps Compliance Application installation process
Important for only installation of the tools is that you have set your flag changeCluster to false in your cluster-values.yaml.
The following file is only an example. Make sure to change the necessary values (ips, passwords, …) before usage
# file cluster-values.yaml
apiVersion: kubeops/kubeopsctl/cluster/beta/v1
imagePullRegistry: registry.kubeops.net/kubeops/kubeops
airgap: false # -> important
clusterName: myCluster
clusterUser: root
kubernetesVersion: 1.31.6
kubeVipEnabled: false
virtualIP: 10.2.10.110
firewall: nftables
pluginNetwork: calico
containerRuntime: containerd
kubeOpsRoot: /home/myuser/kubeops
serviceSubnet: 192.168.128.0/17
podSubnet: 192.168.0.0/17
debug: true
systemCpu: 250m
systemMemory: 256Mi
packageRepository: https://packagerepo.kubeops.net/
changeCluster: false # -> important
zones:
- name: zone1
nodes:
- name: demo-controlplane01
iPAddress: 10.2.10.110
type: controlplane
kubeVersion: 1.32.2
- name: demo-worker01
iPAddress: 10.2.10.210
type: worker
kubeVersion: 1.32.2
- name: zone2
nodes:
- name: demo-controlplane02
iPAddress: 10.2.10.120
type: controlplane
kubeVersion: 1.32.2
- name: demo-worker02
iPAddress: 10.2.10.220
type: worker
kubeVersion: 1.32.2
- name: zone3
nodes:
- name: demo-controlplane03
iPAddress: 10.2.10.130
type: controlplane
kubeVersion: 1.32.2
- name: demo-worker03
iPAddress: 10.2.10.230
type: worker
kubeVersion: 1.32.2
4. Validate your values and install the KubeOps Compliance Applications Once you finished defining your values, check them once again. If you are ready, just start the installation process with the command:
kubeopsctl apply -f cluster-values.yaml -f enterprise-values.yaml
Example 2: Installing Applications in an airgap-environment
To install the KubeOps Compliance Applications in an existing cluster follow the next steps:
1. Define the Enterprise-Value-file
In the example value, the following applications are enabled:
- opa-gatekeeper
- rook-ceph
- harbor
- kubeops-dashboard
All other applications are disabled and will not be installed. Value-parameter will be explained in the references and can be found here.
apiVersion: kubeops/kubeopsctl/enterprise/beta/v1
deleteNs: false
localRegistry: true # important for airgap, otherwise images are pulled from public registry
packages:
- name: opa-gatekeeper
enabled: true
values:
standard:
namespace: opa-gatekeeper
advanced:
- name: rook-ceph
enabled: true
values:
standard:
namespace: rook-ceph
cluster:
resources:
mgr:
requests:
cpu: "500m"
memory: "512Mi"
mon:
requests:
cpu: "1"
memory: "1Gi"
osd:
requests:
cpu: "1"
memory: "1Gi"
dashboard:
enabled: true
operator:
data:
rookLogLevel: "DEBUG"
- name: harbor
enabled: true
values:
standard:
namespace: harbor
harborpass: "topsecret"
databasePassword: "topsecret"
redisPassword: "topsecret"
externalURL: http://10.2.10.110:30002
nodePort: 30002
hostname: harbor.local
harborPersistence:
persistentVolumeClaim:
registry:
size: 40Gi
storageClass: "rook-cephfs"
jobservice:
jobLog:
size: 1Gi
storageClass: "rook-cephfs"
database:
size: 1Gi
storageClass: "rook-cephfs"
redis:
size: 1Gi
storageClass: "rook-cephfs"
trivy:
size: 5Gi
storageClass: "rook-cephfs"
advanced:
- name: kubeops-dashboard
enabled: true
values:
standard:
namespace: monitoring
hostname: kubeops-dashboard.local
service:
nodePort: 30007
advanced:
- name: filebeat-os
enabled: false
values:
standard:
namespace: logging
advanced:
2. Pull the KubeOps Compliance Applications packages
To pull the required application packages in the correct version for the release, use the following commands:
kubeopsctl pull -f enterprise-values.yaml --kubernetesVersion <x.xx.x>
or
kubeopsctl pull --tools enterprise-values.yaml --kubernetesVersion <x.xx.x>
3. The KubeOps Compliance Application installation process
Important for only installation of the tools is that you have set your flag changeCluster to false in your cluster-values.yaml.
The following file is only an example. Make sure to change the necessary values (ips, passwords, …) before usage
# file cluster-values.yaml
apiVersion: kubeops/kubeopsctl/cluster/beta/v1
imagePullRegistry: registry.kubeops.net/kubeops/kubeops
airgap: true # -> important
clusterName: myCluster
clusterUser: root
kubernetesVersion: 1.32.2
kubeVipEnabled: false
virtualIP: 10.2.10.110
firewall: nftables
pluginNetwork: calico
containerRuntime: containerd
kubeOpsRoot: /home/myuser/kubeops
serviceSubnet: 192.168.128.0/17
podSubnet: 192.168.0.0/17
debug: true
systemCpu: 250m
systemMemory: 256Mi
packageRepository: local
changeCluster: false # -> important
zones:
- name: zone1
nodes:
- name: demo-controlplane01
iPAddress: 10.2.10.110
type: controlplane
kubeVersion: 1.32.2
- name: demo-worker01
iPAddress: 10.2.10.210
type: worker
kubeVersion: 1.32.2
- name: zone2
nodes:
- name: demo-controlplane02
iPAddress: 10.2.10.120
type: controlplane
kubeVersion: 1.32.2
- name: demo-worker02
iPAddress: 10.2.10.220
type: worker
kubeVersion: 1.32.2
- name: zone3
nodes:
- name: demo-controlplane03
iPAddress: 10.2.10.130
type: controlplane
kubeVersion: 1.32.2
- name: demo-worker03
iPAddress: 10.2.10.230
type: worker
kubeVersion: 1.32.2
4. Validate your values and install the KubeOps Compliance Applications Once you finished defining your values, check them once again. If you are ready, just start the installation process with the command:
kubeopsctl apply -f cluster-values.yaml -f enterprise-values.yaml