forked from pivotal-cf/docs-pks
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinstalling-pks-vsphere.html.md.erb
144 lines (90 loc) · 6.28 KB
/
installing-pks-vsphere.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
---
title: Installing PKS on vSphere
owner: PKS
iaas: vSphere
---
<strong><%= modified_date %></strong>
This topic describes how to install and configure Pivotal Container Service (PKS) on vSphere.
##<a id='prerequisites'></a>Prerequisites
Before performing the procedures in this topic, you must have deployed and configured Ops Manager.
For more information, see [vSphere Prerequisites and Resource Requirements](vsphere-requirements.html).
<%= partial 'prerequisites' %>
##<a id='install'></a> Step 1: Install PKS
<%= partial 'install-pks' %>
##<a id='configure'></a> Step 2: Configure PKS
Click the orange **Pivotal Container Service** tile to start the configuration process.
<p class="note warning"><strong>WARNING</strong>: When you configure the PKS tile,
do not use spaces in any field entries. This includes spaces between characters as well as
leading and trailing spaces. If you use a space in any field entry, the deployment of PKS fails.</p>
###<a id='azs-networks'></a> Assign AZs and Networks
<%= partial 'azs-networks' %>
###<a id='pks-api'></a> PKS API
<%= partial 'pks-api' %>
###<a id='plans'></a> Plans
<%= partial 'plans' %>
###<a id='cloud-provider'></a> Kubernetes Cloud Provider
<%= partial 'cloud-provider' %>
###<a id='syslog'></a> (Optional) Logging
<%= partial 'logging' %>
###<a id='networking'></a> Networking
To configure networking, do the following:
1. Click **Networking**.
1. Under **Container Networking Interface**, select **Flannel**.
<img src="images/networking-flannel.png" alt="Networking pane configuration" width="425">
1. (Optional) Enter values for **Kubernetes Pod Network CIDR Range** and **Kubernetes Service Network CIDR Range**.
* Ensure that the CIDR ranges do not overlap and have sufficient space for your deployed services.
* Ensure that the CIDR range for the **Kubernetes Pod Network CIDR Range** is large enough to accommodate the expected maximum number of pods.
1. (Optional) Configure a global proxy for all outgoing HTTP and HTTPS traffic from your Kubernetes clusters. This setting will not set the proxy for running Kubernetes workloads or pods.
<br><br>
Production environments can deny direct access to public Internet services and between internal services by placing an HTTP or HTTPS proxy in the network path between Kubernetes nodes and those services.
<br><br>
If your environment includes HTTP or HTTPS proxies, configuring PKS to use these proxies allows PKS-deployed Kubernetes nodes to access public Internet services and other internal services. Follow the steps below to configure a global proxy for all outgoing HTTP/HTTPS traffic from your Kubernetes clusters:
1. Under **HTTP/HTTPS proxy**, select **Enabled**.
<img src="images/networking-https-proxy.png" alt="Networking pane configuration" width="325">
1. Under **HTTP Proxy URL**, enter the URL of your HTTP/HTTPS proxy endpoint. For example, `http://myproxy.com:1234`.
1. (Optional) If your proxy uses basic authentication, enter the username and password under **HTTP Proxy Credentials**.
1. Under **No Proxy**, enter the service network CIDR where your PKS cluster is deployed. List any additional IP addresses or domain names that should bypass the proxy. The **No Proxy** property for vSphere accepts wildcard domains denoted by a prefixed `*.` or `.`, for example `*.example.com` and `.example.com`.
<p class="note"><strong>Note</strong>: By default, the <code>.internal</code>, <code>10.100.0.0/8</code>, and <code>10.200.0.0/8</code> IP address ranges are not proxied. This allows internal PKS communication.
<br><br>
Do not use the <code>-</code> character in the <b>No Proxy</b> field. Entering an
underscore character in this field can cause upgrades to fail.
<br><br>
Because some jobs in the VMs accept `*.` as a wildcard, while others only accept `.`, we recommend that you define a wildcard domain using both of them. For example, to denote `example.com` as a wildcard domain, add both `*.example.com` and `example.com` to the **No Proxy** property.</p>
1. Under **Allow outbound internet access from Kubernetes cluster vms (IaaS-dependent)**, ignore the **Enable outbound internet access** checkbox.
1. Click **Save**.
###<a id='uaa'></a> UAA
<%= partial 'uaa' %>
###<a id='monitoring'></a> (Optional) Monitoring
<%= partial 'monitoring' %>
###<a id='usage'></a> Usage Data
<%= partial 'usage-data' %>
###<a id='errands'></a> Errands
<%= partial 'errands' %>
###<a id='resource-config'></a> Resource Config
To modify the resource usage of PKS, click **Resource Config** and edit the **Pivotal Container Service** job.
<p class="note"><strong>Note</strong>: If you experience timeouts or slowness when interacting with the PKS API, select a <strong>VM Type</strong> with greater CPU and memory resources for the <strong>Pivotal Container Service</strong> job.</p>
## <a id='apply-changes'></a> Step 3: Apply Changes
<%= partial 'apply-changes' %>
##<a id='retrieve-pks-api'></a> Step 4: Retrieve the PKS API Endpoint
<%= partial 'share-endpoint' %>
## <a id='loadbalancer-pks-api'></a> Step 5: Configure External Load Balancer
After you install the PKS tile, configure an external load balancer to access the PKS API from outside the network.
You can use any external load balancer.
Your external load balancer forwards traffic to the PKS API endpoint on ports 8443 and 9021.
Configure the external load balancer to resolve to the domain name you set in the [PKS API](#pks-api) section of the tile configuration.
Configure your load balancer with the following information:
- IP address from [Retrieve PKS API Endpoint](#retrieve-pks-api)
- Ports 8443 and 9021
- HTTPS or TCP protocol
## <a id='clis'></a> Step 6: Install the PKS and Kubernetes CLIs
<%= partial 'install-cli' %>
## <a id='api'></a> Step 7: Configure PKS API Access
Follow the procedures in [Configuring PKS API Access](configure-api.html).
## <a name='auth'></a>Step 8: Configure Authentication for PKS
<%= partial 'configure-auth' %>
##<a id='next-steps'></a> Next Steps
After installing PKS on vSphere, you may want to do the following:
* <%= partial 'harbor' %>
* Create your first PKS cluster. For more information, see [Creating Clusters](create-cluster.html).