In this topic, you can find the prerequisites required for the Kubernetes cluster deployment.
For Kubernetes cluster deployment, ensure that:
- Port 5000 is free on the deployment host for running a local Container registry.
- Port 8000 is free on the deployment host for running a local web server.
- Firewall must be deactivate on the deployment host and on all the Cluster VMs.
- Ensure connectivity exists between the YUM repository server and cluster VMs.
- On each VM of the cluster, ensure that update-crypto-policies are set to DEFAULT. To check the status of update-crypto-policies, running the following command:
$ update-crypto-policies --showDEFAULT. If the value is not DEFAULT, then set the value to DEFAULT and reboot the VM.
$ sudo update-crypto-policies --set DEFAULTSetting system policy to DEFAULTNote: System-wide crypto policies are applied on application start-up.It is recommended to restart the system for the change of policiesto fully take place. - Ensure you have the IP address and login credentials for the four VMs. Same credentials need to be used on all the cluster VMs.
- You need to have three static IP addresses reserved for the VMBased CLuster and VMware Telco Cloud Service Assurance Deployment:
- Harbor IP Address
- VMware Telco Cloud Service Assurance UI
- IP Kafka Edge IP
All the above static IP address must be in the same subnet as that of the Cluster Node VMs (Control and WorkerNodes).
- The K8s Deployment happens through passwordless communication between the Deployer VM and the VMware Telco Cloud Service Assurance VMs. Below are the two ways to generate SSH key required for passwordless communication:
- Generate the key with an EMPTY passphrase:
- Login to Deployer Host and execute the following commands to generate
ssh-key
:Note: When prompted for passphrase, do not provide any passphrase, press enter.[root@wdc-10-214-147-149 ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:/Cmj3Nau6rr8xREnEtRj7KoQpn5PrbvBwL2tAJoH++I [email protected] The key's randomart image is: +---[RSA 3072]----+ | .oo | | .= | | .oo.. | | + . o.+ | |.+ + . .S | |o+o o =. o . | |= .o * o=.o | |.+ o+.++.o. | |.Eo =@Oooo. | +----[SHA256]-----+ [root@wdc-10-214-147-149 ~]
- Once the
ssh-key
is generated, path of the SSH public key need to specified on the later part of the Kubernetes cluster deployment for passwordless communication:For example:
/root/.ssh/id_rsa.pub
- Login to Deployer Host and execute the following commands to generate
- Generate the key with NON-EMPTY passphrase:
- Login to Deployer Host and execute the following commands to generate
ssh-key
:[root@wdc-10-214-147-149 ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): <== Enter NON-EMPTY Passphrase Enter same passphrase again: <==Re-Enter NON-EMPTY Passphrase Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:NouBgxDzAB1vldmBceSSrpBiYus+348nZYI1ykKxl1E [email protected] The key's randomart image is: +---[RSA 3072]----+ |*....EoB+. | | *.o .++. | |. + = o . | | + * = . | |+o* * + S | |+o.= + * o | | .. . = . | |.. .... | |.oo. o+. | +----[SHA256]-----+ [root@wdc-10-214-147-149 ~]#
- Below command must be executed every time, during any Ansible script execution, in-order to use the Non-EMPTY Passphrase
ssh-key
:Note: The below commands needs to run in the Deployment Container inside the Deployer Host.[root@wdc-10-214-147-149 ~]# eval "$(ssh-agent -s)" Agent pid 3112829 [root@wdc-10-214-147-149 ~]# ssh-add ~/.ssh/id_rsa Enter passphrase for /root/.ssh/id_rsa: <==Enter the NON-EMPTY Passphrase that is being provided during the NON-EMPTY ssh-key Generation process Identity added: /root/.ssh/id_rsa ([email protected])
Note: Above commands needs to be executed in every session or every time you execute the Ansible scripts with NON-EMPTY passphrase.
- Login to Deployer Host and execute the following commands to generate
- Generate the key with an EMPTY passphrase: