-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AirGap Networks installation guide #885
Conversation
✅ Deploy Preview for okteto-docs ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
@@ -245,6 +245,7 @@ module.exports = { | |||
'self-hosted/manage/buildkit-high-performance', | |||
'self-hosted/manage/backup', | |||
'self-hosted/manage/custom-resource-definitions', | |||
'self-hosted/manage/airgap', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we move this under the "Complete the installation section"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is pretty advanced. Maybe we can start folding it into a different section? Maybe we should have an 'advanced scenarios' section or something.
IMO Fine-tuning buildkit, doing backups, interacting with CRDs, and doing air-gapped installations are not 'completing your installation' but a separate work stream. If we put everything, we risk that section of the docs becoming a hodge-podge of options without a straightforward narrative. We could even consider separating installation tasks from app-level configuration from dev-level configuration in a way that maps the personas that typically perform those tasks?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"Complete the installation section" is to have a production ready installation, this is more than that, it only applies to some scenarios. That's why sections like airgap, backups, CRDs, ... are under the "Operating" section
@@ -0,0 +1,117 @@ | |||
--- | |||
title: AirGap Networks |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
title: AirGap Networks | |
title: Air-Gapped Networks |
@@ -0,0 +1,117 @@ | |||
--- | |||
title: AirGap Networks | |||
description: Installing Okteto in AirGap Networks |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
description: Installing Okteto in AirGap Networks | |
description: Installing Okteto in Air-Gapped Network Environments |
--- | ||
title: AirGap Networks | ||
description: Installing Okteto in AirGap Networks | ||
sidebar_label: AirGap Networks |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sidebar_label: AirGap Networks | |
sidebar_label: Okteto in Air-Gapped Networks |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is great! It's going to simplify things a lot for potential air gap customers
This guide has been crafted to help you overcome these hurdles, but we encourage you to [talk to us](https://www.okteto.com/get-demo/) to guide you during the installation. | ||
|
||
|
||
## Step 1: Disable Okteto Telemetry |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should start with the more complex scenarios before going into the 'easy' stuff :P
By default, all the images needed to deploy the Okteto Platform, and the images used by the Okteto CLI, are hosted in DockerHub. | ||
In air-gapped environments, you’ll need to host these images in your private registry. | ||
|
||
### Push Images to your Private Registry |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this subtitle is needed since there's no other 'subtask' in step 2.
|
||
Refer to [this community guide](https://community.okteto.com/t/how-do-i-configure-my-own-ingress-controller/887) for detailed instructions on disabling the installation of our Nginx Ingress Controller and exposing Okteto behind your own Ingress Controller. | ||
|
||
## Install Okteto without a Wildcard Certificate (optional) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this truly optional on Air Gapped environments? I feel that this recommendation should be part of the Certificates page, since this might be the case even in other types of installations.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's more common on air-gapped. We can add it to the certificates section, but I call out here will also help
Okteto doesn't support `imagePullSecrets`, so your cluster must be configured to have access to your Private Registry, | ||
::: | ||
|
||
**Required Images for Okteto Platform Installation** |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
**Required Images for Okteto Platform Installation** | |
**Required Docker images** |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we use "okteto platform" in the docs (e.g. see https://www.okteto.com/docs/get-started/install/), let's stay with the same terminology we already use in the docs.
|
||
Push the following images to your private registry for the Okteto Chart installation: | ||
|
||
- **okteto/backend:{variables.chartVersion}** |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we are missing the following images from here?
- buildkit rootless
- daemonset
- helm (used by support bundle)
|
||
For each Okteto CLI version, push the following images to your private registry: | ||
|
||
- **okteto/okteto:{variables.cliVersion}** |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
okteto/bin and busybox are missing from this I believe
enabled: false | ||
``` | ||
|
||
Disabling telemetry will automatically stop Okteto CLI analytics for all developers. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Im not sure but I think that we should disable it from the CLI too right?
From my testings I recall it was enabled by default. Im still testing other things before this but I have it in my notes
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CLI is disabled automatically if you disable telemetry on the chart. Have you seen a different behavior?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can't tell for sure cause I already disable it. But I think I installed Okteto with telemtry disabled and then I had to disable it in the CLI.
I can test it if you want from scratch, but we could add something like "Make sure that you have analytics disabled in the CLI" ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Try to enable the CLI analytics okteto analytics enabled
and it should send metrics if it's disabled at the helm level. It would be a critical bug otherwise
## Optional: Use Your Own Ingress Controller | ||
|
||
By default, Okteto deploy an [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/) to expose the Okteto Control Plane and the applications managed by Okteto. | ||
Our NGINX Ingress Controller is usually exposed in a dedicated Load Balancer. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it is yes. But Im not sure if we could give more details here. Its not just the option of enable/disable it, we could add the MetalLB option, or using ours but adding the machine IP to it:
ingress-nginx:
controller:
service:
externalIPs:
- 10.132.0.2
But maybe thats something we want them to figure out internally...
Another thing I would add is DNS problems. In the case of Elbit for example they had to talk to IT to be able to resolve Okteto domains. They needed to add all of them and I think they ended up adding the wildcard domain. |
Other things we should add is:
|
@mnevadom do you have instructions on how to do this? This is not documented anywhere at the momemnt
It's already listed on the CLI images list |
9333820
to
aadf34b
Compare
@pchico83 would this work for synthing? https://community.okteto.com/t/how-do-i-force-the-okteto-cli-to-use-a-specific-version-of-syncthing/1284 In addition we could add that you need to download the binary with that version and put it in ~/.okteto |
Regarding docker/dockerfile:1, right now is hardcoded in the CLI. Even if we add it to the private registry won't work I think |
@mnevadom that works, thanks! I will add it to the doc |
- **okteto/registry:{variables.chartVersion}** | ||
- **okteto/pipeline-installer:{variables.chartVersion}** | ||
- **okteto/pipeline-runner:{variables.chartVersion}** | ||
- **okteto/daemon:{variables.chartVersion}** |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would add okteto/bin for the initContainer for okteto up. I added a FR to be able to add this image centralized and not in every manifest, I don't know if there is an ETA for it anyway :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
okteto/bin and okteto/busybox will be unified with okteto/okteto
95ce6a2
to
e52a6c0
Compare
2745f2e
to
6db67d1
Compare
b318635
to
6db67d1
Compare
6db67d1
to
605628f
Compare
@codyjlandstrom as talked offline, I will merge the PR as it is to avoid merging hell, and you add your edits on a fresh PR |
This is still work in progress, but I want to share it to visualize the expected results once all the work is done