Documentation-kubeopsctl
9 minute read
KubeOps kubeopsctl
this documentation shows all feature of kubeopsctl and how to use these features.
the kosi software must be installed from the start.
Prerequisites
Minimum hardware and OS requirments for a linux machine are
OS | Minimum Requirements |
---|---|
Red Hat Enterprise Linux 8 | 8 CPU cores, 16 GB memory |
OpenSUSE 15 | 8 CPU cores, 16 GB memory |
At least one machine should be used as an admin
machine for cluster lifecycle management.
Requirements on admin
The following requirements must be fulfilled on the admin machine.
- All the utilized users require sudo privileges. If you are using Kubeops as a user, you need a user with sudo rights, so for Opensuse and RHEL 8 Environments it is the
wheel
group the user should be added to. Make sure that you change your user with:
su -l <user>
-
Admin machine must be synchronized with the current time.
-
You need an internet connection to use the default KubeOps registry
registry1.kubernative.net/lima
.
A local registry can be used in the Airgap environment. KubeOps only supports secure registries.
It is important to list your registry as an insecure registry in registry.conf (/etc/containers/registries.conf for podman, /etc/docker/deamon.json for docker), in case of insecure registry usage.
Now you can create your own registry instead of using the default. Checkout how to Guide Create a new Repository. for more info.
-
kosi
2.8.0 must be installed on your machine. Click here to view how it is done in the Quick Start Guide. -
it is recommended that runc is uninstalled To uninstall runc on your OS use the following command:
dnf remove -y runc
zypper remove -y runc
-
tc should be installed. To install tc on your OS use the following command:
dnf install -y tc
zypper install -y iproute2
-
for opensearch, the /etc/sysctl.conf should be configured, the line
vm.max_map_count=262144
should be added. also the command
sysctl -p
should be executed after that.
- Podman must be installed on your machine.
To install podman on RHEL8 use command.
dnf install podman
zypper install podman
Warning
There can be an issue with conflicts with containerd, so it is recommended that containerd.io is removed before installing the podman package.-
You must install the kubeops-basic-plugins:0.4.0 .
Simply type in the following command to install the Basic-Plugins.
kosi install --hub=public pia/kubeops-basic-plugins:0.4.0
Noteable is that you must have to install it on a Root-User Machine.
-
You must install the kubeops-kubernetes-plugins:0.5.0.
Simply type in the following command to install the Kubernetes-Plugins.
kosi install --hub public pia/kubeops-kubernetes-plugins:0.5.0
Requirements for each node
The following requirements must be fulfilled on each node.
-
All the utilized users require sudo privileges. If you are using Kubeops as a user, you need a user with sudo rights, so for Opensuse and RHEL 8 Environments it is the
wheel
group the user should be added to. -
Every machine must be synchronized with the current time.
-
You have to assign lowercase unique hostnames for every machine you are using.
We recommended using self-explanatory hostnames.
To set the hostname on your machine use the following command:
hostnamectl set-hostname <name of node>
- Example
Use the commands below to set the hostnames on each machine asadmin
,master
,node1
node2
.hostnamectl set-hostname admin hostnamectl set-hostname master hostnamectl set-hostname node1 hostnamectl set-hostname node2
Requires sudo privileges
It is recommended that a dns service is running, or if you don’t have a dns service, you can change the /etc/hosts file. an example for a entry in the /etc/hosts file could be:
10.2.10.12 admin 10.2.10.13 master1 10.2.10.14 master2 10.2.10.15 master3 10.2.10.16 node1 10.2.10.17 node2 10.2.10.18 node3
- Example
-
To establish an SSH connection between your machines, you either need an SSH key or you need to install sshpass.
-
Generate an SSH key on admin machine using following command
ssh-keygen
There will be two keys generated in ~/.ssh directory.
The first key is theid_rsa(private)
and the second key is theid_rsa.pub(public)
. -
Copy the ssh key from admin machine to your node machine/s with following command
ssh-copy-id <ip address or hostname of your node machine>
-
Now try establishing a connection to your node machine/s
ssh <ip address or hostname of your node machine>
-
How to Configure Cluster/Nodes/Software using yaml file
you need to have a cluster definition file which describes the different aspects of your cluster. this files describes only one cluster.
Full yaml syntax
apiVersion: kubeops/kubeopsctl/alpha/v5 # mandatory
imagePullRegistry: "registry1.kubernative.net/lima"
localRegistry: true
clusterName: "example" # mandatory
clusterUser: "myuser" # mandatory
kubernetesVersion: "1.28.2" # mandatory
#masterHost: optional if you have an hostname, default value in "masterIP"
masterIP: 10.2.10.12 # mandatory
firewall: "nftables" # mandatory, default "nftables"
pluginNetwork: "calico" # mandatory, default "calico"
containerRuntime: "containerd" # mandatory
clusterOS: "Red Hat Enterprise Linux" # mandatory, can be "Red Hat Enterprise Linux" or "openSUSE Leap"
### Additional values for cluster configuration
useInsecureRegistry: false # optional, default is false
ignoreFirewallError: false # optional, default is false
serviceSubnet: 192.168.128.0/17 # optional, default "192.168.128.0/17"
podSubnet: 192.168.0.0/17 # optional, default "192.168.0.0/17"
debug: false # optional, default is false
logLevel: vvvvv # optional, default "vvvvv"
systemCpu: "1" # optional, default "1"
systemMemory: "2G" # optional, default "2G"
sudo: true # optional, default is true
tmpCopyDir: "/tmp" # optional, default is /tmp
createCluster: true # optional, default is true
updateRegistry: true # optional, default is true
zones:
- name: zone1
nodes:
master:
- name: cluster1master1
ipAdress: 10.2.10.11
user: myuser
systemCpu: 100m
systemMemory: 100Mi
status: active
kubeversion: 1.28.2
- name: cluster1master2
ipAdress: 10.2.10.12
user: myuser
systemCpu: 100m
systemMemory: 100Mi
status: active
kubeversion: 1.28.2
worker:
- name: cluster1worker1
ipAdress: 10.2.10.14
user: myuser
systemCpu: 100m
systemMemory: 100Mi
status: active
kubeversion: 1.28.2
- name: cluster1worker2
ipAdress: 10.2.10.15
systemCpu: 100m
systemMemory: 100Mi
status: active
kubeversion: 1.28.2
- name: zone2
nodes:
master:
- name: cluster1master3
ipAdress: 10.2.10.13
user: myuser
systemCpu: 100m
systemMemory: 100Mi
status: drained
kubeversion: 1.28.2
worker:
- name: cluster1worker1
ipAdress: 10.2.10.16
user: myuser
systemCpu: 100m
systemMemory: 100Mi
status: active
kubeversion: 1.28.2
# set to true if you want to install it into your cluster
rook-ceph: true # mandatory
harbor: true # mandatory
opensearch: true # mandatory
opensearch-dashboards: true # mandatory
logstash: true # mandatory
filebeat: true # mandatory
prometheus: true # mandatory
opa: true # mandatory
kubeops-dashboard: true # mandatory
certman: true # mandatory
ingress: true # mandatory
keycloak: true # mandatory
velero: true # mandatory
nameSpace: "kubeops" #optional, the default value is different for each application
storageClass: "rook-cephfs" # optional, default value is "rook-cephfs"
###Values for Rook-Ceph###
rookValues:
namespace: kubeops
cluster:
spec:
dataDirHostPath: "/var/lib/rook" # optional, default is /var/lib/rook
storage:
useAllNodes: true # optional, default value: true
useAllDevices: true # optional, default value: true
deviceFilter: "^sd[a-b]" # optional, will only be used if useAllDevices is set to false
config:
metadataDevice: "sda" # optional, only set this value, if there is a device available
nodes: # optional if useAllNodes is set to true, otherwise mandatory
- name: "<ip-adress of node_1>"
devices:
- name: "sdb"
- name: "<ip-adress of node_2>"
deviceFilter: "^sd[a-b]"
config:
metadataDevice: "sda" # optional
resources:
mgr:
requests:
cpu: "500m" # optional, default is 500m, limit: 1000m
memory: "512Mi" # optional, default is 1Gi, limit: 1Gi
mon:
requests:
cpu: "1" # optional, default is 1, limit: 2000m
memory: "1Gi" # optional, default is 1Gi, limit: 2Gi
osd:
requests:
cpu: "1" # optional, default is 1, limit: 2
memory: "1Gi" # optional, default is 4Gi, limit: 4Gi
operator:
data:
rookLogLevel: "DEBUG" # optional, default is DEBUG
#-------------------------------------------------------------------------------------------------------------------------------
### Values for Harbor deployment ###
## For detailed explaination for each key see: https://artifacthub.io/packages/helm/harbor/harbor/1.8.1#configuration ##
harborValues:
namespace: kubeops # optional, default is kubeops
harborpass: "password" # mandatory: set password for harbor access
databasePassword: "Postgres_Password" # mandatory: set password for database access
redisPassword: "Redis_Password" # mandatory: set password for redis access
externalURL: http://10.2.10.11:30002 # mandatory, the ip address and port, from which harbor is accessable outside of the cluster
nodePort: 30002 # mandatory
hostname: harbor.local # mandatory
harborPersistence:
persistentVolumeClaim:
registry:
size: 5Gi # mandatory, depending on storage capacity
storageClass: "rook-cephfs" #optional, default is rook-cephfs
jobservice:
jobLog:
size: 1Gi # mandatory: Depending on storage capacity
storageClass: "rook-cephfs" #optional, default is rook-cephfs
database:
size: 1Gi # mandatory, depending on storage capacity
storageClass: "rook-cephfs" #optional, default is rook-cephfs
redis:
size: 1Gi # mandatory, depending on storage capacity
storageClass: "rook-cephfs" #optional, default is rook-cephfs
trivy:
size: 5Gi # mandatory, depending on storage capacity
storageClass: "rook-cephfs" #optional, default is rook-cephfs
#--------------------------------------------------------------------------------------------------------------------------------------
###Values for filebeat deployment###
filebeatValues:
namespace: kubeops # optional, default is kubeops
#--------------------------------------------------------------------------------------------------------------------------------
###Values for Logstash deployment###
##For detailed explaination for each key see: https://github.com/elastic/helm-charts/releases/tag/v7.16.3###
logstashValues:
namespace: kubeops
volumeClaimTemplate:
accessModes:
- ReadWriteMany #optional, default is [ReadWriteMany]
resources:
requests:
storage: 1Gi # mandatory, depending on storage capacity
storageClass: "rook-cephfs" #optional, default is rook-cephfs
#--------------------------------------------------------------------------------------------------------------------------------------
###Values for OpenSearch-Dashboards deployment###
##For detailed explaination for each key see: https://github.com/opensearch-project/helm-charts/tree/main/charts/opensearch-dashboards###
openSearchDashboardValues:
namespace: kubeops
nodePort: 30050
#--------------------------------------------------------------------------------------------------------------------------------
###Values for OpenSearch deployment###
##For detailed explaination for each key see: https://github.com/opensearch-project/helm-charts/tree/main/charts/opensearch###
openSearchValues:
namespace: kubeops
opensearchJavaOpts: "-Xmx512M -Xms512M" # optional, default is -Xmx512M -Xms512M
resources:
requests:
cpu: "250m" # optional, default is 250m
memory: "1024Mi" # optional, default is 1024Mi
limits:
cpu: "300m" # optional, default is 300m
memory: "3072Mi" # optional, default is 3072Mi
persistence:
size: 4Gi # mandatory
enabled: "true" # optional, default is true
enableInitChown: "false" # optional, default is false
labels:
enabled: "false" # optional, default is false
storageClass: "rook-cephfs" # optional, default is rook-cephfs
accessModes:
- "ReadWriteMany" # optional, default is {ReadWriteMany}
securityConfig:
enabled: false # optional, default value: false
### Additional values can be set, if securityConfig is enabled:
# path: "/usr/share/opensearch/plugins/opensearch-security/securityconfig"
# actionGroupsSecret:
# configSecret:
# internalUsersSecret: internal-users-config-secret
# rolesSecret:
# rolesMappingSecret:
# tenantsSecret:
# config:
# securityConfigSecret: ""
# dataComplete: true
# data: {}
replicas: "3" # optional, default is 3
#--------------------------------------------------------------------------------------------------------------------------------
###Values for Prometheus deployment###
prometheusValues:
namespace: kubeops # optional, default is kubeops
privateRegistry: false # optional, default is false
grafanaUsername: "user" # optional, default is user
grafanaPassword: "password" # optional, default is password
grafanaResources:
storageClass: "rook-cephfs" # optional, default is rook-cephfs
storage: 5Gi # optional, default is 5Gi
nodePort: 30211 # optional, default is 30211
prometheusResources:
storageClass: "rook-cephfs" # optional, default is rook-cephfs
storage: 25Gi # optional, default is 25Gi
retention: 10d # optional, default is 10d
retentionSize: "24GB" # optional, default is 24GB
nodePort: 32090
#--------------------------------------------------------------------------------------------------------------------------------
###Values for OPA deployment###
opaValues:
namespace: kubeops
#--------------------------------------------------------------------------------------------------------------------------------
###Values for KubeOps-Dashboard (Headlamp) deployment###
kubeOpsDashboardValues:
service:
nodePort: 30007
#--------------------------------------------------------------------------------------------------------------------------------
###Values for cert-manager deployment###
certmanValues:
namespace: kubeops
replicaCount: 3
logLevel: 2
secretName: root-secret
#--------------------------------------------------------------------------------------------------------------------------------
###Values for ingress-nginx deployment###
ingressValues:
namespace: kubeops
keycloakValues:
namespace: "kubeops" # Optional, default is "keycloak"
storageClass: "rook-cephfs" # Optional, default is "rook-cephfs"
keycloak:
auth:
adminUser: admin # Optional, default is admin
adminPassword: admin # Optional, default is admin
existingSecret: "" # Optional, default is ""
postgresql:
auth:
postgresPassword: "" # Optional, default is ""
username: bn_keycloak # Optional, default is "bn_keycloak"
password: "" # Optional, default is ""
database: bitnami_keycloak # Optional, default is "bitnami_keycloak"
existingSecret: "" # Optional, default is ""
veleroValues:
namespace: "velero"
accessKeyId: "your_s3_storage_username"
secretAccessKey: "your_s3_storage_password"
useNodeAgent: false
defaultVolumesToFsBackup: false
provider: "aws"
bucket: "velero"
useVolumeSnapshots: false
backupLocationConfig:
region: "minio"
s3ForcePathStyle: true
s3Url: "http://minio.velero.svc:9000"
how to use kubeopsctl
apply changes to cluster
kubeopsctl apply -f kubeopsctl.yaml