Requirements
We use Kubernetes, an open-source container orchestration system to manage our applications.
At the moment the only Kubernetes distribution supported is K3s (click here for the official documentation) by Suse Linux for both on-premise and cloud deployments. Our plan for the future is to extend the support to Amazon Elastic Kubernetes Service (EKS), Google Kubernetes Engine (GKE) and Azure Kubernetes Service (AKS).
The requirements for the Kubernetes cluster is a single node (1 virtual machine) with the following specs:
CPU cores: 8 (x86_64 processor with speed of 2.2 GHz or more)
RAM: 32GB
Disk: 500GB SSD
OS: we recommend Ubuntu 20.04.4 LTS Server (Focal Fossa), but you can also use RHEL 8.5, CentOS 7.9 or Suse Linux 15.3. If you are using CentOS or RHEL please refer to the official documentation for additional setup.
Firewall: the K3s server needs port 443/TCP to be open to access the application either via proxy or firewall by disabling ssl decryption and enabling auth bypass.
In order to download the application artifacts (Docker images and binaries), updates and configuration files, the cluster needs a public internet connection with download speed of 40 Mbps or more and upload speed of 8 Mbps or more. To speed up the initial setup process it is recommended to have a download speed of 100 Mbps or more.
Installation
Ensure the following items are in place and configured:
Domain Name Service (DNS)
Network Time Protocol (NTP)
Software Update Service - access to a network-based repository for software update packages.
Fixed private IPv4 address
Unique static hostname
As root run the following command to install of K3s
curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION="v1.23.9+k3s1" K3S_KUBECONFIG_MODE="644" sh -s - server --node-name=local-01
Run the registration command:
kubectl apply -f https://....k3s.getvisibility.com/v3/import/dxslsxcf84....yaml
Monitor the progress of the installation: watch -c "kubectl get deployments -A"
The K3s deployment is complete when elements of all the deployments (coredns, local-path-provisioner, metrics-server, traefik and cattle-cluster-agent) show at least "1" as "AVAILABLE"
In case of errors, you can inspect the logs of a pod using
kubectl logs, e.g.kubectl logs cattle-cluster-agent-d96d648d8-wjvl9 -n cattle-system
If the customer has slow internet connection, you may monitor the download of packages using kubectl get events -A command.
Once the above two commands are executed successfully then inform the Forcepoint/Getvisibility backend team to push the remaining packages from master server.
K3s support matrix
Please note that we don’t use Docker as the container runtime, instead we use containerd.
Public URLs
The customer’s firewall and/or proxy should be configured to allow the following public urls to be accessible over port 443 (HTTPS):
Note: replace $RESELLER_NAME with the name of the Rancher server which the customer will be connected to.
rancher.$RESELLER_NAME.k3s.getvisibility.com images.master.k3s.getvisibility.com charts.master.k3s.getvisibility.com www.getvisibility.com get.k3s.io github.com git.rancher.io api.github.com objects.githubusercontent.com raw.githubusercontent.com registry-1.docker.io auth.docker.io docker-images-prod.s3.dualstack.us-east-1.amazonaws.com charts.rancher.io quay.io quayio-production-s3.s3.amazonaws.com s3-1-w.amazonaws.com s3-r-w.dualstack.us-east-1.amazonaws.com s3-w.us-east-1.amazonaws.com prod-eu-west-1-starport-layer-bucket.s3.eu-west-1.amazonaws.com s3-r-w.eu-central-1.amazonaws.com s3-r-w.eu-west-1.amazonaws.com checkpoint-api.hashicorp.com registry.opensource.zalan.do os-registry.stups.zalan.do zalando-opensource-os-registry-eu-central-1.s3.eu-central-1.amazonaws.com lb-master-a9308935d5f9c90e.elb.eu-west-1.amazonaws.com