Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AirGap Networks installation guide #885

Merged
merged 1 commit into from
Dec 5, 2024
Merged

AirGap Networks installation guide #885

merged 1 commit into from
Dec 5, 2024

Conversation

pchico83
Copy link
Contributor

@pchico83 pchico83 commented Oct 18, 2024

This is still work in progress, but I want to share it to visualize the expected results once all the work is done

Copy link

netlify bot commented Oct 18, 2024

Deploy Preview for okteto-docs ready!

Name Link
🔨 Latest commit 605628f
🔍 Latest deploy log https://app.netlify.com/sites/okteto-docs/deploys/67515d88bad014000874600d
😎 Deploy Preview https://deploy-preview-885--okteto-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@pchico83 pchico83 changed the title AirGap Network installation guide AirGap Networks installation guide Oct 18, 2024
Copy link
Contributor

@jvc5546 jvc5546 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@@ -245,6 +245,7 @@ module.exports = {
'self-hosted/manage/buildkit-high-performance',
'self-hosted/manage/backup',
'self-hosted/manage/custom-resource-definitions',
'self-hosted/manage/airgap',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we move this under the "Complete the installation section"?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is pretty advanced. Maybe we can start folding it into a different section? Maybe we should have an 'advanced scenarios' section or something.

IMO Fine-tuning buildkit, doing backups, interacting with CRDs, and doing air-gapped installations are not 'completing your installation' but a separate work stream. If we put everything, we risk that section of the docs becoming a hodge-podge of options without a straightforward narrative. We could even consider separating installation tasks from app-level configuration from dev-level configuration in a way that maps the personas that typically perform those tasks?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"Complete the installation section" is to have a production ready installation, this is more than that, it only applies to some scenarios. That's why sections like airgap, backups, CRDs, ... are under the "Operating" section

src/content/self-hosted/manage/airgap.mdx Show resolved Hide resolved
src/content/self-hosted/manage/airgap.mdx Show resolved Hide resolved
@@ -0,0 +1,117 @@
---
title: AirGap Networks
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
title: AirGap Networks
title: Air-Gapped Networks

@@ -0,0 +1,117 @@
---
title: AirGap Networks
description: Installing Okteto in AirGap Networks
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
description: Installing Okteto in AirGap Networks
description: Installing Okteto in Air-Gapped Network Environments

---
title: AirGap Networks
description: Installing Okteto in AirGap Networks
sidebar_label: AirGap Networks
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
sidebar_label: AirGap Networks
sidebar_label: Okteto in Air-Gapped Networks

Copy link
Member

@rberrelleza rberrelleza left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is great! It's going to simplify things a lot for potential air gap customers

src/content/self-hosted/manage/airgap.mdx Show resolved Hide resolved
src/content/self-hosted/manage/airgap.mdx Show resolved Hide resolved
This guide has been crafted to help you overcome these hurdles, but we encourage you to [talk to us](https://www.okteto.com/get-demo/) to guide you during the installation.


## Step 1: Disable Okteto Telemetry
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should start with the more complex scenarios before going into the 'easy' stuff :P

src/content/self-hosted/manage/airgap.mdx Show resolved Hide resolved
By default, all the images needed to deploy the Okteto Platform, and the images used by the Okteto CLI, are hosted in DockerHub.
In air-gapped environments, you’ll need to host these images in your private registry.

### Push Images to your Private Registry
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this subtitle is needed since there's no other 'subtask' in step 2.


Refer to [this community guide](https://community.okteto.com/t/how-do-i-configure-my-own-ingress-controller/887) for detailed instructions on disabling the installation of our Nginx Ingress Controller and exposing Okteto behind your own Ingress Controller.

## Install Okteto without a Wildcard Certificate (optional)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this truly optional on Air Gapped environments? I feel that this recommendation should be part of the Certificates page, since this might be the case even in other types of installations.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's more common on air-gapped. We can add it to the certificates section, but I call out here will also help

Okteto doesn't support `imagePullSecrets`, so your cluster must be configured to have access to your Private Registry,
:::

**Required Images for Okteto Platform Installation**
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
**Required Images for Okteto Platform Installation**
**Required Docker images**

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we use "okteto platform" in the docs (e.g. see https://www.okteto.com/docs/get-started/install/), let's stay with the same terminology we already use in the docs.

src/content/self-hosted/manage/airgap.mdx Show resolved Hide resolved

Push the following images to your private registry for the Okteto Chart installation:

- **okteto/backend:{variables.chartVersion}**
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we are missing the following images from here?

  1. buildkit rootless
  2. daemonset
  3. helm (used by support bundle)


For each Okteto CLI version, push the following images to your private registry:

- **okteto/okteto:{variables.cliVersion}**
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

okteto/bin and busybox are missing from this I believe

enabled: false
```

Disabling telemetry will automatically stop Okteto CLI analytics for all developers.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Im not sure but I think that we should disable it from the CLI too right?
From my testings I recall it was enabled by default. Im still testing other things before this but I have it in my notes

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CLI is disabled automatically if you disable telemetry on the chart. Have you seen a different behavior?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can't tell for sure cause I already disable it. But I think I installed Okteto with telemtry disabled and then I had to disable it in the CLI.

I can test it if you want from scratch, but we could add something like "Make sure that you have analytics disabled in the CLI" ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Try to enable the CLI analytics okteto analytics enabled and it should send metrics if it's disabled at the helm level. It would be a critical bug otherwise

src/content/self-hosted/manage/airgap.mdx Show resolved Hide resolved
## Optional: Use Your Own Ingress Controller

By default, Okteto deploy an [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/) to expose the Okteto Control Plane and the applications managed by Okteto.
Our NGINX Ingress Controller is usually exposed in a dedicated Load Balancer.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it is yes. But Im not sure if we could give more details here. Its not just the option of enable/disable it, we could add the MetalLB option, or using ours but adding the machine IP to it:

ingress-nginx:
  controller:
    service:
      externalIPs:
      - 10.132.0.2

But maybe thats something we want them to figure out internally...

@mnevadom
Copy link
Contributor

Another thing I would add is DNS problems. In the case of Elbit for example they had to talk to IT to be able to resolve Okteto domains. They needed to add all of them and I think they ended up adding the wildcard domain.

@mnevadom
Copy link
Contributor

Other things we should add is:

  • syncthing: the CLI downloads the binary and if they dont have access to it they need to add it manually and set an ENV variable with the version so that when the upgrade the CLI it doenst try to download a new one

  • docker/dockerfile:1: Buildkit is going to try to download this image and it will fail if the cluster does not have access. They should add this one to the registry and add it to the Dockerfiles right? Im exactly at this point now with testing.

@pchico83
Copy link
Contributor Author

  • syncthing: the CLI downloads the binary and if they dont have access to it they need to add it manually and set an ENV variable with the version so that when the upgrade the CLI it doenst try to download a new one

@mnevadom do you have instructions on how to do this? This is not documented anywhere at the momemnt

  • docker/dockerfile:1: Buildkit is going to try to download this image and it will fail if the cluster does not have access. They should add this one to the registry and add it to the Dockerfiles right? Im exactly at this point now with testing.

It's already listed on the CLI images list

@pchico83 pchico83 force-pushed the pchico83/airgap branch 2 times, most recently from 9333820 to aadf34b Compare October 22, 2024 05:48
@mnevadom
Copy link
Contributor

@pchico83 would this work for synthing? https://community.okteto.com/t/how-do-i-force-the-okteto-cli-to-use-a-specific-version-of-syncthing/1284

In addition we could add that you need to download the binary with that version and put it in ~/.okteto

https://github.com/syncthing/syncthing

@mnevadom
Copy link
Contributor

@pchico83

Regarding docker/dockerfile:1, right now is hardcoded in the CLI. Even if we add it to the private registry won't work I think

@pchico83
Copy link
Contributor Author

@pchico83 would this work for synthing? https://community.okteto.com/t/how-do-i-force-the-okteto-cli-to-use-a-specific-version-of-syncthing/1284

In addition we could add that you need to download the binary with that version and put it in ~/.okteto

https://github.com/syncthing/syncthing

@mnevadom that works, thanks! I will add it to the doc

@pchico83
Copy link
Contributor Author

@pchico83

Regarding docker/dockerfile:1, right now is hardcoded in the CLI. Even if we add it to the private registry won't work I think

@mnevadom right, it's part of the work we are doing for the next release

- **okteto/registry:{variables.chartVersion}**
- **okteto/pipeline-installer:{variables.chartVersion}**
- **okteto/pipeline-runner:{variables.chartVersion}**
- **okteto/daemon:{variables.chartVersion}**
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would add okteto/bin for the initContainer for okteto up. I added a FR to be able to add this image centralized and not in every manifest, I don't know if there is an ETA for it anyway :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

okteto/bin and okteto/busybox will be unified with okteto/okteto

@pchico83 pchico83 marked this pull request as draft November 6, 2024 17:44
@pchico83 pchico83 marked this pull request as ready for review November 27, 2024 16:14
@pchico83 pchico83 force-pushed the pchico83/airgap branch 5 times, most recently from 2745f2e to 6db67d1 Compare November 29, 2024 13:06
@pchico83
Copy link
Contributor Author

pchico83 commented Dec 5, 2024

@codyjlandstrom as talked offline, I will merge the PR as it is to avoid merging hell, and you add your edits on a fresh PR

@pchico83 pchico83 merged commit b86d537 into main Dec 5, 2024
4 checks passed
@pchico83 pchico83 deleted the pchico83/airgap branch December 5, 2024 15:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants