-
- Pack Registry
- URL: https://10.10.249.12:5000
- Username: XXXXXXXXX
- Password: XXXXXXXXX
- ```
-
-15. If you need to configure the instance with proxy settings, go ahead and do so now. You can configure proxy settings by using environment variables. Replace the values with your environment's respective values.
-
-
-
- ```shell
- export http_proxy=http://10.1.1.1:8888
- export https_proxy=https://10.1.1.1:8888
- export no_proxy=.example.dev,10.0.0.0/8
- ```
-
-16. The next set of steps will download the required binaries to support a Palette installation, such as the Palette Installer, required Kubernetes packages, and kubeadm packages. You can download these artifacts from the instance, or externally and transfer them to the instance. Click on each tab for further guidance.
-
-
-
- :::caution
-
- You must download the following three resources. Our support team will provide you with the credentials and download URL.
- Click on each tab to learn more about each resource and steps for downloading.
-
- :::
-
-
-
-
-
-
-
- Download the binary by using the URL provided by the Palette support team. Change the version number as needed.
-
-
-
- ```shell
- curl --user XXXX:YYYYY https:///airgap/packs/airgap-v3.3.15.bin \
- --output airgap-k8s-v3.3.15.bin
- ```
-
-:::tip
-
- If you receive a certificate error, use the `-k` or `--insecure` flag.
-
-:::
-
- Assign the proper permissions and start the download script.
-
-
-
- ```shell
- sudo chmod 755 ./airgap-k8s-v3.3.15.bin && sudo ./airgap-k8s-v3.3.15.bin
- ```
-
- Example Output:
- ```shell
- sudo ./airgap-k8s-v3.3.15.bin
- Verifying archive integrity... 100% MD5 checksums are OK. All good.
- Uncompressing Airgap K8S Images Setup - Version 3.3.15 100%
- Setting up Packs
- Setting up Images
- - Pushing image k8s.gcr.io/kube-controller-manager:v1.22.10
- - Pushing image k8s.gcr.io/kube-proxy:v1.22.10
- - Pushing image k8s.gcr.io/kube-apiserver:v1.22.10
- - Pushing image k8s.gcr.io/kube-scheduler:v1.22.10
- …
- Setup Completed
- ```
-
-
-
-
-
-
-
-
- Download the binary by using the URL provided by the Palette support team. Change the version number as needed.
-
-
-
- ```shell
- curl --user XXXX:YYYYY https:///airgap/packs/airgap-k8s-v3.3.15.bin \
- --output airgap-k8s-v3.3.15.bin
- ```
-
-
-:::tip
-
- If you receive a certificate error, use the `-k` or `--insecure` flag.
-
-:::
-
- Assign the proper permissions and start the download script.
-
-
-
- ```shell
- sudo chmod 755 ./airgap-k8s-v3.3.15.bin && sudo ./airgap-k8s-v3.3.15.bin
- ```
-
- Example Output:
- ```shell
- sudo ./airgap-k8s-v3.3.15.bin
- Verifying archive integrity... 100% MD5 checksums are OK. All good.
- Uncompressing Airgap K8S Images Setup - Version 3.3.15 100%
- Setting up Packs
- Setting up Images
- - Pushing image k8s.gcr.io/kube-controller-manager:v1.22.10
- - Pushing image k8s.gcr.io/kube-proxy:v1.22.10
- - Pushing image k8s.gcr.io/kube-apiserver:v1.22.10
- - Pushing image k8s.gcr.io/kube-scheduler:v1.22.10
- …
- Setup Completed
- ```
-
-
-
-
-
-
- Download the binary by using the URL provided by the Palette support team. Change the version number as needed.
-
-
-
- ```shell
- curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-kubeadm.bin \
- --output airgap-edge-kubeadm.bin
- ```
-
-:::tip
-
- If you receive a certificate error, use the `-k` or `--insecure` flag.
-
-:::
-
- Assign the proper permissions and start the download script.
-
-
-
- ```shell
- sudo chmod 755 ./airgap-edge-kubeadm.bin && sudo ./airgap-edge-kubeadm.bin
- ```
-
- Example Output:
- ```shell
- sudo ./airgap-edge-kubeadm.bin
- Verifying archive integrity... 100% MD5 checksums are OK. All good.
- Uncompressing Airgap Edge Packs - Kubeadm Images 100%
- Setting up Images
- - Skipping image k8s.gcr.io/coredns/coredns:v1.8.6
- - Pushing image k8s.gcr.io/etcd:3.5.1-0
- - Pushing image k8s.gcr.io/kube-apiserver:v1.23.12
- - Pushing image k8s.gcr.io/kube-controller-manager:v1.23.12
- - Pushing image k8s.gcr.io/kube-proxy:v1.23.12
- …
- Setup Completed
- ```
-
-
-
-
-
-
-
-
-17. If you will be using Edge deployments, go ahead and download the packages your Edge deployments will need. If you are not planning to use Edge, skip to end. You can come back to this step in the future and add the packages if needed. Click on the `...` tab for additional options.
-
-
-
-
-
-
-
- Download the binary by using the URL provided by the Palette support team. Change the version number as needed.
-
-
-
- ```shell
- curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-ubuntu22-k3s.bin \
- --output airgap-edge-ubuntu22-k3s.bin
- ```
-
-:::tip
-
- If you receive a certificate error, use the `-k` or `--insecure` flag.
-
-:::
-
- Assign the proper permissions and start the download script.
-
-
-
- ```shell
- sudo chmod 755 ./airgap-edge-ubuntu22-k3s.bin && sudo ./airgap-edge-ubuntu22-k3s.bin
- ```
-
-
-
-
-
-
-
- Download the binary by using the URL provided by the Palette support team. Change the version number as needed.
-
-
-
- ```shell
- curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-ubuntu22-rke.bin \
- --output airgap-edge-ubuntu22-rke.bin
- ```
-
-:::tip
-
- If you receive a certificate error, use the `-k` or `--insecure` flag.
-
-:::
-
- Assign the proper permissions and start the download script.
-
-
-
- ```shell
- sudo chmod 755 ./airgap-edge-ubuntu22-rke.bin && sudo ./airgap-edge-ubuntu22-rke.bin
- ```
-
-
-
-
-
- Download the binary by using the URL provided by the Palette support team. Change the version number as needed.
-
-
-
- ```shell
- curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-ubuntu22-kubeadm.bin \
- --output airgap-edge-ubuntu22-kubeadm.bin
- ```
-
-:::tip
-
-If you receive a certificate error, use the `-k` or `--insecure` flag.
-
-:::
-
- Assign the proper permissions and start the download script.
-
-
-
- ```shell
- sudo chmod 755 ./airgap-edge-ubuntu22-kubeadm.bin && sudo ./airgap-edge-ubuntu22-kubeadm.bin
- ```
-
-
-
-
-
- Download the binary by using the URL provided by the Palette support team. Change the version number as needed.
-
-
-
- ```shell
- curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-ubuntu20-k3s.bin \
- --output airgap-edge-ubuntu20-k3s.bin
- ```
-
-:::tip
-
-If you receive a certificate error, use the `-k` or `--insecure` flag.
-
-:::
-
- Assign the proper permissions and start the download script.
-
-
-
- ```shell
- sudo chmod 755 ./airgap-edge-ubuntu20-k3s.bin && sudo ./airgap-edge-ubuntu20-k3s.bin
- ```
-
-
-
-
-
- Download the binary by using the URL provided by the Palette support team. Change the version number as needed.
-
-
-
- ```shell
- curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-ubuntu20-rke.bin \
- --output airgap-edge-ubuntu20-rke.bin
- ```
-
-:::tip
-
-If you receive a certificate error, use the `-k` or `--insecure` flag.
-
-:::
-
- Assign the proper permissions and start the download script.
-
-
-
- ```shell
- sudo chmod 755 ./airgap-edge-ubuntu20-rke.bin && sudo ./airgap-edge-ubuntu20-rke.bin
- ```
-
-
-
-
-
-
- Download the binary by using the URL provided by the Palette support team. Change the version number as needed.
-
-
-
- ```shell
- curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-ubuntu20-kubeadm.bin \
- --output airgap-edge-ubuntu20-kubeadm.bin
- ```
-
-:::tip
-
-If you receive a certificate error, use the `-k` or `--insecure` flag.
-
-:::
-
- Assign the proper permissions and start the download script.
-
-
-
- ```shell
- sudo chmod 755 ./airgap-edge-ubuntu20-kubeadm.bin && sudo ./airgap-edge-ubuntu20-kubeadm.bin
- ```
-
-
-
-
-
- Download the binary by using the URL provided by the Palette support team. Change the version number as needed.
-
-
-
- ```shell
- curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-opensuse-k3s.bin \
- --output airgap-edge-opensuse-k3s.bin
- ```
-
-:::tip
-
-If you receive a certificate error, use the `-k` or `--insecure` flag.
-
-:::
-
- Assign the proper permissions and start the download script.
-
-
-
- ```shell
- sudo chmod 755 ./airgap-edge-opensuse-k3s.bin && sudo ./airgap-edge-opensuse-k3s.bin
- ```
-
-
-
-
-
- Download the binary by using the URL provided by the Palette support team. Change the version number as needed.
-
-
-
- ```shell
- curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-opensuse-rke.bin \
- --output airgap-edge-opensuse-rke.bin
- ```
-
-:::tip
-
-If you receive a certificate error, use the `-k` or `--insecure` flag.
-
-:::
-
- Assign the proper permissions and start the download script.
-
-
-
- ```shell
- sudo chmod 755 ./airgap-edge-opensuse-rke.bin && sudo ./airgap-edge-opensuse-rke.bin
- ```
-
-
-
-
-
- Download the binary by using the URL provided by the Palette support team. Change the version number as needed.
-
-
-
- ```shell
- curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-opensuse-kubeadm.bin \
- --output airgap-edge-opensuse-kubeadm.bin
- ```
-
-:::tip
-
-If you receive a certificate error, use the `-k` or `--insecure` flag.
-
-:::
-
- Assign the proper permissions and start the download script.
-
-
-
- ```shell
- sudo chmod 755 ./airgap-edge-opensuse-kubeadm.bin && sudo ./airgap-edge-opensuse-kubeadm.bin
- ```
-
-
-
-
-
-
-
-----
-
-
-The next step of the installation process is to begin the deployment of an appliance using the instructions in the [Instructions](install.md) guide. If you need to review the Spectro Cloud Repository details, issue the following command for detailed output.
-
-
-
-```shell
-sudo /bin/airgap-setup.sh
-```
-
-
-
-:::info
-
-You can review all the logs related to the setup of the private Spectro repository in **/tmp/airgap-setup.log**.
-
-:::
-
-
-## Validate
-
-You can validate that the Spectro Repository you deployed is available and ready for the next steps of the installation process. If you provided the appliance with an SSH key then you can skip to step five.
-
-
-1. Log in to vCenter Server by using the vSphere Client.
-
-
-2. Navigate to your Datacenter and locate your VM. Click on the VM to access its details page.
-
-
-3. Power on the VM.
-
-
-4. Click on **Launch Web Console** to access the terminal.
-
-
-5. Log in with the user `ubuntu` and the user password you specified during the installation. If you are using SSH, use the following command, and ensure you specify the path to your SSH private key and replace the IP address with your appliance's static IP.
-
-
-
- ```shell
- ssh --identity_file ~/path/to/your/file ubuntu@10.1.1.1
- ```
-
-
-6. Verify the registry server is up and available. Replace the `10.1.1.1` value with your appliance's IP address.
-
-
-
- ```shell
- curl --insecure https://10.1.1.1:5000/health
- ```
-
- Example Output:
- ```shell
- {"status":"UP"}
- ```
-
-7. Ensure you can log into your registry server. Use the credentials provided to you by the `airgap-setup.sh` script. Replace the `10.1.1.1` value with your appliance's IP address.
-
-
-
- ```shell
- curl --insecure --user admin:admin@airgap https://10.1.1.1:5000/v1/_catalog
- ```
-
- Example Output:
- ```
- {"metadata":{"lastUpdatedTime":"2023-04-11T21:12:09.647295105Z"},"repositories":[{"name":"amazon-linux-eks","tags":[]},{"name":"aws-efs","tags":[]},{"name":"centos-aws","tags":[]},{"name":"centos-azure","tags":[]},{"name":"centos-gcp","tags":[]},{"name":"centos-libvirt","tags":[]},{"name":"centos-vsphere","tags":[]},{"name":"cni-aws-vpc-eks","tags":[]},{"name":"cni-aws-vpc-eks-helm","tags":[]},{"name":"cni-azure","tags":[]},{"name":"cni-calico","tags":[]},{"name":"cni-calico-azure","tags":[]},{"name":"cni-cilium-oss","tags":[]},{"name":"cni-custom","tags":[]},{"name":"cni-kubenet","tags":[]},{"name":"cni-tke-global-router","tags":[]},{"name":"csi-aws","tags":[]},{"name":"csi-aws-ebs","tags":[]},{"name":"csi-aws-efs","tags":[]},{"name":"csi-azure","tags":[]},{"name":"csi-gcp","tags":[]},{"name":"csi-gcp-driver","tags":[]},{"name":"csi-longhorn","tags":[]},{"name":"csi-longhorn-addon","tags":[]},{"name":"csi-maas-volume","tags":[]},{"name":"csi-nfs-subdir-external","tags":[]},{"name":"csi-openstack-cinder","tags":[]},{"name":"csi-portworx-aws","tags":[]},{"name":"csi-portworx-gcp","tags":[]},{"name":"csi-portworx-generic","tags":[]},{"name":"csi-portworx-vsphere","tags":[]},{"name":"csi-rook-ceph","tags":[]},{"name":"csi-rook-ceph-addon","tags":[]},{"name":"csi-tke","tags":[]},{"name":"csi-topolvm-addon","tags":[]},{"name":"csi-vsphere-csi","tags":[]},{"name":"csi-vsphere-volume","tags":[]},{"name":"edge-k3s","tags":[]},{"name":"edge-k8s","tags":[]},{"name":"edge-microk8s","tags":[]},{"name":"edge-native-byoi","tags":[]},{"name":"edge-native-opensuse","tags":[]},{"name":"edge-native-ubuntu","tags":[]},{"name":"edge-rke2","tags":[]},{"name":"external-snapshotter","tags":[]},{"name":"generic-byoi","tags":[]},{"name":"kubernetes","tags":[]},{"name":"kubernetes-aks","tags":[]},{"name":"kubernetes-coxedge","tags":[]},{"name":"kubernetes-eks","tags":[]},{"name":"kubernetes-eksd","tags":[]},{"name":"kubernetes-konvoy","tags":[]},{"name":"kubernetes-microk8s","tags":[]},{"name":"kubernetes-rke2","tags":[]},{"name":"kubernetes-tke","tags":[]},{"name":"portworx-add-on","tags":[]},{"name":"spectro-mgmt","tags":[]},{"name":"tke-managed-os","tags":[]},{"name":"ubuntu-aks","tags":[]},{"name":"ubuntu-aws","tags":[]},{"name":"ubuntu-azure","tags":[]},{"name":"ubuntu-coxedge","tags":[]},{"name":"ubuntu-edge","tags":[]},{"name":"ubuntu-gcp","tags":[]},{"name":"ubuntu-libvirt","tags":[]},{"name":"ubuntu-maas","tags":[]},{"name":"ubuntu-openstack","tags":[]},{"name":"ubuntu-vsphere","tags":[]},{"name":"volume-snapshot-controller","tags":[]}],"listMeta":{"continue":""}}
- ```
-
-
-8. Next, validate the Spectro repository is available. Replace the IP with your appliance's IP address.
-
- ```shell
- curl --insecure --user spectro:admin@airgap https://10.1.1.1
- ```
-
- Output:
- ```html hideClipboard
-
-
-
- Welcome to nginx!
-
-
-
- Welcome to nginx!
- If you see this page, the nginx web server is successfully installed and
- working. Further configuration is required.
-
- For online documentation and support please refer to
- nginx.org.
- Commercial support is available at
- nginx.com.
-
- Thank you for using nginx.
-
-
- ```
diff --git a/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/install-on-kubernetes.md b/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/install-on-kubernetes.md
index 5382ec10da..6a8b3c5b9d 100644
--- a/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/install-on-kubernetes.md
+++ b/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/install-on-kubernetes.md
@@ -18,7 +18,4 @@ To get started with Palette on Kubernetes, refer to the [Install Instructions](i
- [Install Instructions](install.md)
-- [Airgap Install Instructions](airgap-instructions.md)
-
-
- [Helm Configuration Reference](palette-helm-ref.md)
diff --git a/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/install.md b/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/install.md
index 6fa86484c6..c5da9261e4 100644
--- a/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/install.md
+++ b/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/install.md
@@ -17,6 +17,15 @@ This installation method is common in secure environments with restricted networ
## Prerequisites
+
+:::caution
+
+If you are installing an airgap Palette, ensure you complete all the airgap pre-install steps before proceeding with the installation. Refer to the [Kubernetes Airgap Instructions](../airgap/kubernetes-airgap-instructions.md) guide for more information.
+
+:::
+
+
+
- [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) is installed and available.
@@ -87,79 +96,596 @@ Do not use a Palette-managed Kubernetes cluster when installing Palette. Palette
## Install Palette
-Use the following steps to install Palette on Kubernetes.
-
-
-:::info
-
The following instructions are written agnostic to the Kubernetes distribution you are using. Depending on the underlying infrastructure provider and your Kubernetes distribution, you may need to modify the instructions to match your environment. Reach out to our support team if you need assistance.
-:::
-
1. Open a terminal session and navigate to the directory where you downloaded the Palette Helm Charts provided by our support. We recommend you place all the downloaded files into the same directory. You should have the following Helm Charts:
-
+
- Spectro Management Plane Helm Chart.
- Cert Manager Helm Chart.
+ - Image Swap Helm Chart - Only required if you are using a private OCI registry with remote registry caching enabled or installing Palette in an air-gapped environment.
+
+
+
+ ```shell hideClipboard
+ .
+ ├── cert-manager
+ ├── cert-manager-1.11.0.tgz
+ ├── image-swap
+ ├── image-swap-1.5.2.tgz
+ ├── spectro-mgmt-plane
+ └── spectro-mgmt-plane-4.0.19.tgz
+
+ 3 directories, 3 files
+ ```
+
2. Extract each Helm Chart into its directory. Use the commands below as a reference. Do this for all the provided Helm Charts.
-
+
+
- ```shell
- tar xzvf spectro-mgmt-plane-*.tgz
- ```
-
+ ```shell
+ tar xzvf spectro-mgmt-plane-*.tgz
+ ```
+
+
+ ```shell
+ tar xzvf cert-manager-*.tgz
+ ```
+
+
+
+
+
+
+
+ ```shell
+ tar xzvf spectro-mgmt-plane-*.tgz
+ ```
+
+
+ ```shell
+ tar xzvf cert-manager-*.tgz
+ ```
+
+ ```shell
+ tar xzvf image-swap-*.tgz
+ ```
+
+
+
- ```yaml
- tar xzvf cert-manager-*.tgz
- ```
3. Install Cert Manager using the following command. Replace the actual file name of the Cert Manager Helm Chart with the one you downloaded, as the version number may be different.
-
- ```shell
- helm upgrade --values cert-manager/values.yaml cert-manager cert-manager-1.11.0.tgz --install
- ```
+```shell
+ helm upgrade --values cert-manager/values.yaml cert-manager cert-manager-1.11.0.tgz --install
+```
-
- :::info
+4. Open the **values.yaml** in the **spectro-mgmt-plane** folder with a text editor of your choice. The **values.yaml** contains the default values for the Palette installation parameters, however, you must populate the following parameters before installing Palette. You can learn more about the parameters in the **values.yaml** file in the [Helm Configuration Reference](palette-helm-ref.md) page.
- The Cert Manager Helm Chart provided by our support team is configured for Palette. Do not modify the **values.yaml** file unless instructed to do so by our support team.
+
+
- :::
-4. Open the **values.yaml** in the **spectro-mgmt-plane** folder with a text editor of your choice. The **values.yaml** contains the default values for the Palette installation parameters, however, you must populate the following parameters before installing Palette.
+ | **Parameter** | **Description** | **Type** |
+ | --- | --- | --- |
+ | `env.rootDomain` | The URL name or IP address you will use for the Palette installation. | string |
+ | `ociPackRegistry` or `ociPackEcrRegistry` | The OCI registry credentials for Palette FIPS packs. These credentials are provided by our support team.| object |
+ | `scar` | The Spectro Cloud Artifact Repository (SCAR) credentials for Palette FIPS images. These credentials are provided by our support team. | object |
-
- | **Parameter** | **Description** | **Type** |
- | --- | --- | --- |
- | `env.rootDomain` | The URL name or IP address you will use for the Palette installation. | string |
- | `ociPackRegistry` or `ociPackEcrRegistry` | The OCI registry credentials for Palette FIPS packs.| object |
- | `scar` | The Spectro Cloud Artifact Repository (SCAR) credentials for Palette FIPS images. These credentials are provided by our support team. | object |
+ Save the **values.yaml** file after you have populated the required parameters mentioned in the table. Expand the following sections to review an example of the **values.yaml** file with the required parameters highlighted.
-
- Save the **values.yaml** file after you have populated the required parameters mentioned in the table.
-
- :::info
-
- You can learn more about the parameters in the **values.yaml** file in the [Helm Configuration Reference](palette-helm-ref.md) page.
+
+Example - values.yaml
- :::
+```yaml {53,77-85,97-102}
+#########################
+# Spectro Cloud Palette #
+#########################
+# MongoDB Configuration
+mongo:
+ # Whether to deploy MongoDB in-cluster (internal == true) or use Mongo Atlas
+ internal: true
+ # Mongodb URL. Only change if using Mongo Atlas.
+ databaseUrl: "mongo-0.mongo,mongo-1.mongo,mongo-2.mongo"
+ # Mongo Atlas password, base64 encoded. Only enter if using Mongo Atlas.
+ databasePassword: ""
+ #No. of mongo replicas to run, default is 3
+ replicas: 3
+ # The following only apply if mongo.internal == true
+ cpuLimit: "2000m"
+ memoryLimit: "4Gi"
+ pvcSize: "20Gi"
+ storageClass: "" # leave empty to use the default storage class
-5. Install the Palette Helm Chart using the following command.
+config:
+ installationMode: "connected" #values can be connected or airgap.
+
+ # SSO SAML Configuration (Optional for self-hosted type)
+ sso:
+ saml:
+ enabled: false
+ acsUrlRoot: "myfirstpalette.spectrocloud.com"
+ acsUrlScheme: "https"
+ audienceUrl: "https://www.spectrocloud.com"
+ entityId: "https://www.spectrocloud.com"
+ apiVersion: "v1"
+
+ # Email Configurations. (Optional for self-hosted type)
+ email:
+ enabled: false
+ emailId: "noreply@spectrocloud.com"
+ smtpServer: "smtp.gmail.com"
+ smtpPort: 587
+ insecureSkipVerifyTls: true
+ fromEmailId: "noreply@spectrocloud.com"
+ password: "" # base64 encoded SMTP password
+
+ env:
+ # rootDomain is a DNS record which will be mapped to the ingress-nginx-controller load balancer
+ # E.g., myfirstpalette.spectrocloud.com
+ # - Mandatory if ingress.internal == false
+ # - Optional if ingress.internal == true (leave empty)
+ #
+ # IMPORTANT: a DNS record must be created separately and it must be a wildcard to account for Organization prefixes
+ # E.g., *.myfirstpalette.spectrocloud.com
+ rootDomain: "palette.example.com"
+
+ # stableEndpointAccess is used when deploying EKS clusters in Private network type.
+ # When your Saas installed instance have connectivity to the private VPC where you want to launch the cluster set the stableEndpointAccess to true
+ cluster:
+ stableEndpointAccess: false
+
+# registry:
+# endpoint: "" #
+# name: "" #
+# password: "" #
+# username: "" #
+# insecureSkipVerify: false
+# caCert: ""
+
+# ociPackRegistry:
+# endpoint: "" #
+# name: "" #
+# password: "" #
+# username: "" #
+# baseContentPath: "" #
+# insecureSkipVerify: false
+# caCert: ""
+
+ ociPackEcrRegistry:
+ endpoint: "15789037893.dkr.ecr.us-east-1.amazonaws.com" #
+ name: "Palette Packs OCI" #
+ accessKey: "*************" #
+ secretKey: "*************" #
+ baseContentPath: "production" #
+ isPrivate: true
+ insecureSkipVerify: false
+ caCert: ""
+
+ # ociImageRegistry:
+ # endpoint: "" #
+ # name: "" #
+ # password: "" #
+ # username: "" #
+ # baseContentPath: "" #
+ # insecureSkipVerify: false
+ # caCert: ""
+ # mirrorRegistries: ""
+
+ scar:
+ endpoint: "https://saas-repo.console.spectrocloud.com"
+ username: "**********"
+ password: "**********"
+ insecureSkipVerify: true
+ caCert: ""
+
+ imageSwapImages:
+ imageSwapInitImage: "gcr.io/spectro-images-public/release-fips/thewebroot/imageswap-init:v1.5.2"
+ imageSwapImage: "gcr.io/spectro-images-public/release-fips/thewebroot/imageswap:v1.5.2"
+
+ imageSwapConfig:
+ isEKSCluster: true #If the Cluster you are trying to install is EKS cluster set value to true else set to false
+
+
+nats:
+ # Should we install nats as part of the nats chart bundled with hubble charts
+ # If not enabled NATS service should be installed as a separate service.
+
+ enabled: true
+
+ # Whether to front NATS with a cloud load balancer (internal == false) or
+ # either share the ingress load balancer or use hostNetwork (internal == true).
+ # See nats.natsUrl comments for further detail.
+ internal: true
+
+ # NATS URL
+ # Comma separated list of mappings for nats load balancer service
+ # E.g., "message1.dev.spectrocloud.com:4222,message2.dev.spectrocloud.com:4222"
+ #
+ # Mandatory if nats.internal == false
+ # Otherwise, if nats.internal == true:
+ # - If ingress.ingress.internal == true: leave empty (use hostNetwork)
+ # - If ingress.ingress.internal == false: use ":4222" (share ingress lb)
+ natsUrl: ""
+
+ # *********************** IMPORTANT NOTE ******************************
+ # * if nats.internal == true, ignore all of the following NATS config *
+ # *********************************************************************
+
+ # NATS load balancer annotations
+ annotations: {}
+
+ # AWS example
+ # service.beta.kubernetes.io/aws-load-balancer-ssl-cert:
+ # service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "server-port"
+ # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
+
+ # Azure example
+ # service.beta.kubernetes.io/azure-load-balancer-internal: "true"
+ # service.beta.kubernetes.io/azure-dns-label-name: myserviceuniquelabel
+
+ # Static IP for the nats loadbalancer service. If empty, a dynamic IP will be generated.
+ natsStaticIP: ""
+grpc:
+ external: false
+ endpoint: "" #Please provide DNS endpoint with the port eg: msg.spectrocloud.com:443
+ caCertificateBase64: "" #Please provide caCertificate for the grpc server Cert
+ serverCrtBase64: ""
+ serverKeyBase64: ""
+ insecureSkipVerify: false
+
+ingress:
+ # When enabled nginx ingress controller would be installed
+ enabled: true
+
+ ingress:
+ # Whether to front NGINX Ingress Controller with a cloud
+ # load balancer (internal == false) or use host network
+ internal: false
+
+ # Default SSL certificate and key for NGINX Ingress Controller (Optional)
+ # A wildcard cert for config.env.rootDomain, e.g., *.myfirstpalette.spectrocloud.com
+ # If left blank, the NGINX ingress controller will generate a self-signed cert (when terminating TLS upstream of ingress-nginx-controller)
+ certificate: ""
+ key: ""
+
+ #If ACM is enabled please use grpc as a non internal and bring grpc on different LB. Provide certificate and dns for it.
+ annotations: {}
+ # AWS example
+ # service.beta.kubernetes.io/aws-load-balancer-internal: "true"
+ # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
+ # service.beta.kubernetes.io/aws-load-balancer-ssl-cert:
+ # service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
+
+ # Azure example
+ # service.beta.kubernetes.io/azure-load-balancer-internal: "true"
+ # service.beta.kubernetes.io/azure-dns-label-name: myserviceuniquelabel
+
+ # Static IP for the Ingress load balancer service. If empty, a dynamic IP will be generated.
+ ingressStaticIP: ""
+
+ # For Service like AWS Load Balancer using https we would want to terminate the HTTPS at Load Balancer.
+ terminateHTTPSAtLoadBalancer: false
+ nats:
+ enabled: true
+
+frps:
+ frps:
+ enabled: false
+ frpHostURL: proxy.sample.spectrocloud.com
+ server:
+ crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURqekNDQW5lZ0F3SUJBZ0lVZTVMdXBBZGljd0Z1SFJpWWMyWEgzNTFEUzJJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0tERW1NQ1FHQTFVRUF3d2RjSEp2ZUhrdWMyRnRjR3hsTG5Od1pXTjBjbTlqYkc5MVpDNWpiMjB3SGhjTgpNakl4TURFME1UTXlOREV5V2hjTk1qY3hNREV6TVRNeU5ERXlXakI3TVFzd0NRWURWUVFHRXdKVlV6RUxNQWtHCkExVUVDQk1DUTBFeEV6QVJCZ05WQkFjVENsTmhiblJoUTJ4aGNtRXhGVEFUQmdOVkJBb1RERk53WldOMGNtOUQKYkc5MVpERUxNQWtHQTFVRUN4TUNTVlF4SmpBa0JnTlZCQU1USFhCeWIzaDVMbk5oYlhCc1pTNXpjR1ZqZEhKdgpZMnh2ZFdRdVkyOXRNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXd5bEt3MmlxClBXM2JrQU0wV3RhaEFLbEppcWFHd05LUDVRRTZ6ZW5NM2FURko3TjIwN0dWcUNGYzJHTDNodmNhTDFranZjeEkKK2lybHpkbm9hcVhUSmV3ZkJiTGs2SGVhZmdXUVp3NHNNeE5QRUVYYlNXYm54Mm03Y2FlbVJiUWZSQWhPWXRvWgpIWG1IMzQ1Q25mNjF0RnhMeEEzb0JRNm1yb0JMVXNOOUh2WWFzeGE5QUFmZUNNZm5sYWVBWE9CVmROalJTN1VzCkN5NmlSRXpEWFgvem1nOG5WWFUwemlrcXdoS3pqSlBJd2FQa2ViaXVSdUJYdEZ0VlQwQmFzS3VqbURzd0lsRFQKVmR4SHRRQUVyUmM4Q2Nhb20yUkpZbTd1aHNEYlo2WVFzS3JiMmhIbU5rNENVWUd5eUJPZnBwbzR2bFd1S2FEcgpsVFNYUXlPN0M0ejM1d0lEQVFBQm8xNHdYREJhQmdOVkhSRUVVekJSZ2dsc2IyTmhiR2h2YzNTSEJIOEFBQUdDCkhYQnliM2g1TG5OaGJYQnNaUzV6Y0dWamRISnZZMnh2ZFdRdVkyOXRnaDhxTG5CeWIzaDVMbk5oYlhCc1pTNXoKY0dWamRISnZZMnh2ZFdRdVkyOXRNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUEvRFJFVm54SWJRdi9uMDEvSQpJd1d0ekhKNGNHOUp6UlB6dmszNUcvRGJOVzZYZ0M3djBoWlFIVHg5bzMrckxoSUFiWTNmbjc1VEtlN3hMRWpiCkI3M3pGWURJSStkYzM5NkQzZU51M2NxRGIvY01kYmlFalhod2ttZk9NRm9qMnpOdHJIdzFsSjA0QlNFMWw1YWgKMDk0Vy9aaEQ2YTVLU3B0cDh1YUpKVmNrejRYMEdRWjVPYjZadGdxZVVxNytqWVZOZ0tLQzJCMW1SNjMyMDNsZwozVFZmZEkrdmI3b292dVdOOFRBVG9qdXNuS25WMmRMeTFBOWViWXYwMEM3WWZ6Q0NhODgrN2dzTGhJaUJjRHBPClJkWjU3QStKanJmSU5IYy9vNm5YWFhDZ2h2YkFwUVk1QnFnMWIzYUpUZERNWThUY0hoQVVaQzB5eU04bXcwMnQKWHRRQwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+ key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBd3lsS3cyaXFQVzNia0FNMFd0YWhBS2xKaXFhR3dOS1A1UUU2emVuTTNhVEZKN04yCjA3R1ZxQ0ZjMkdMM2h2Y2FMMWtqdmN4SStpcmx6ZG5vYXFYVEpld2ZCYkxrNkhlYWZnV1FadzRzTXhOUEVFWGIKU1dibngybTdjYWVtUmJRZlJBaE9ZdG9aSFhtSDM0NUNuZjYxdEZ4THhBM29CUTZtcm9CTFVzTjlIdllhc3hhOQpBQWZlQ01mbmxhZUFYT0JWZE5qUlM3VXNDeTZpUkV6RFhYL3ptZzhuVlhVMHppa3F3aEt6akpQSXdhUGtlYml1ClJ1Qlh0RnRWVDBCYXNLdWptRHN3SWxEVFZkeEh0UUFFclJjOENjYW9tMlJKWW03dWhzRGJaNllRc0tyYjJoSG0KTms0Q1VZR3l5Qk9mcHBvNHZsV3VLYURybFRTWFF5TzdDNHozNXdJREFRQUJBb0lCQUFPVVZFeTFOTG9mczdFMgpmZFZVcm10R3I1U2RiVWRJRlYrTDREbzZtWWxQSmxhT0VoWGI0ZlROZDloNEtEWVBmaWwwSnhXcUU0U1RHTmZuCnNUMlRnUVhuQ01LZi8xYk1Lc2M0N3VjVStYYU9XaHJnVFI5UmhkckFjN0duODRLL3hQc0ljL2VZTEhHLzh1QUUKeWUvLzVmRkM2QmpXY0hUM1NkTlZnd3duamJudG5XTXIzTFJBVnJBamZBckxveWUwS0F2YytYdXJLTEVCcmMyVQpjaHlDbitZemJKN0VlSG44UXdQNGdBNXVSK0NCMFJPeFErYXIzS3M5YUhkZTQ1OEVNNEtLMnpUOXA4RWZRc1lFCkFtNUpxWjliR0JEVHV1dEkyNm9GK0pLQ1IzZzhXNERRcHVYRUZoVjlya0pMSm13RDhQb0JaclF6UzZvdmJhdkkKRk42QVM4RUNnWUVBOEcxQzFxZVh4dTQ4aEYxak5MTCswRmxkeWdFem9SMmFoRGJCai8weUZkQVVjU2pYTzk0NAozN1dORTBUUG10WG1Vc3NZTlBTR21XaWI2OUhicEFoMTY3SWVwNE9LaVlZdkozYm1oUC9WNzFvK3M0SWJlSHh1CkVJbWVVckFOZWRoQURVQnZ4c1lXRWxlVlVJSFFRcjY1VHM2ZjIrWkpTKzg4TU05bUorL3BmcmNDZ1lFQXo4MXgKR3JiSE5oak56RjhZMjhiK0hMNW5rdDR0SUdkU3hnbW9PMFFJeGkrQVNZTzB0WW42VFk0ZHI5ZXErMzE3b21ZawpMbDNtNENORDhudG1vYzRvWnM4SUpDQ0IrZjNqcTY4OHdoQU9vVHZ4dDhjZVJqOFRhRHl1SHZwS043OVNsVVd2CjBJd2ZRNDNIemd3SWJiSWhjcTRJVGswanI0VHdWbThia283VElGRUNnWUJoNnUzVXhHN0JHeGZVaE1BNW4waSsKREJkeGhPbkZEV3gzdW1FOHhrN1dxV2NaNnhzMWk3eTRCNVhNS2pNdkNUeURyYWxQTCtOOXFTZ1BjK216TmFybwo4aU1mOENmRStMeE5vMVFoQ0p6Vm5YaDUzVnhZeHJ5QXlidU1TNTFCYVh3MHFYQ2NrT0krV0NNOHBaSHZEUVFsCmYydUZ3SlZMY3NTZDBHbjNpL01ab3dLQmdBY1BzUjg2Uk15MnpROTd6OGx3R3FSNVorV2F2U2ZUdXdGVnhLeTIKNUNGdjdja1J1NnRMbEFEY3FtK1dRWTRvTm5KUFREMXpIV3hTWm5XdjhjM2Z4b212MFZRQThzbSs4ZVNjb05EcgpZTVBqMkpQcEpVTTMwMzRBU2Q1dG5PWUdEMVZaTjk4N1U3aWs4Ynd6dG5tYnl2MHRvc1NlWkc4TGNtdE5mVDllCnNSZnhBb0dCQUpTV1lDellyTlRMNnRUSnh5M2FqWm5jZkxrMEV0eWNCd05FRXZHVzVSVE9LOUFYTE96RzN0eHUKajZqWlRpaUFRU09aaVd0clJHU0U0bEkyQ1MvcjNjd3VuSGlnZlovd1dKZldkZ0JpRnZqOTVFbUVQWUZaRDRobQpkT3l5UHhRRXFTRmprQ21BS2plOFBpTDdpU01GbGhBZTZQWFljQlExdCtzd01UeXBnY3RrCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
+ ca:
+ crt : LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURNVENDQWhtZ0F3SUJBZ0lVSHhWK0ljVGZHUElzdW8yY3dqQ0Q0Z2RSTFFRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0tERW1NQ1FHQTFVRUF3d2RjSEp2ZUhrdWMyRnRjR3hsTG5Od1pXTjBjbTlqYkc5MVpDNWpiMjB3SGhjTgpNakl4TURFME1UTXlOREV5V2hjTk16WXdOakl5TVRNeU5ERXlXakFvTVNZd0pBWURWUVFEREIxd2NtOTRlUzV6CllXMXdiR1V1YzNCbFkzUnliMk5zYjNWa0xtTnZiVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0MKQVFvQ2dnRUJBSy90WXBHVi9HRURUWnZzL25QQ2lOK0U3K1dOQ21GeU1NQjdkazVOT3JzQWZIaVVvZ1JRVUo0WQptSjhwVmYrSzhTRFBsdGNYcW40WVVTbmxiUERsVlBkWU5zOTEwT3RaS1EwNW96aUtGV2pNbS85NHlLSjVyVzNsCndDNEN0ayttUm9Ib0ZQQS81dmFVbVZHdlVadjlGY0JuL0pKN2F4WnRIQk1PRiticXQ0Zmd0ci9YMWdOeWhPVzUKZTVScGpESkozRjJTVnc5NUpBQSt4a3V3UitFSmVseEtnQVpxdDc0ejB4U2ROODZ0QzNtK0wxRGs2WVVlQWEzZApvM3Rsa3ZkeDV6dUJvSmI2QmpZWEV4UE1PbThRcHFNVWRLK3lDZUdrem9XQStDOUtFdGtVaERCWktENStNWXRZCktVMUh1RXJCbmw2Z3BuWTRlbzJjVTRxdkNwZzZ4S3NDQXdFQUFhTlRNRkV3SFFZRFZSME9CQllFRklKMkRkTjgKc2ZtVjRCT1ZFL0FjZ0VEejArNmlNQjhHQTFVZEl3UVlNQmFBRklKMkRkTjhzZm1WNEJPVkUvQWNnRUR6MCs2aQpNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQWhQVi9RMVl1YWVTOTZVCmhjVGQ4RWdJaHhpbHFiTWlTQm5WaVdrdlJzWk94UUIwNTFScWtwT3g0UTRsckdaOGVJWWc3T0trTTdzejhuTVQKL2pxS21sZDY0MzJCcURCMlNkNVp5ZFdReHAwU1laRTlnVWszYk9KRGtZVXQ4b1cvZDBWeG9uU05LQVN3QmZKaApWV1VZUUlpNm55K0ZZZmtuRFNvRnFlY2Z3SDBQQVUraXpnMkI3KzFkbko5YisyQ21IOUVCallOZ2hoNlFzVlFQCkh2SkdQQURtandPNkJOam5HK0Z3K0Z6cmFXUTNCTjAwb08zUjF6UmgxZERmTTQzR3oxRmZGRW5GSXI5aGFuUnQKWHJFZm8vZWU5bjBLWUFESEJnV1g4dlhuNHZrRmdWRjgwYW9MUUJSQTBxWXErcW1pVlp6YnREeE9ldFEyRWFyTQpyNmVWL0lZPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+ service:
+ annotations: {}
+
+ui-system:
+ enabled: true
+ ui:
+ nocUI:
+ enable: true
+ mapBoxAccessToken: "" # Leave Empty to use Default Access Token from Palette
+ mapBoxStyledLayerID: "" # Leave Empty to use Default Style Layer ID
+
+reach-system:
+ reachSystem:
+ enabled: false
+ proxySettings:
+ http_proxy: ""
+ https_proxy: ""
+ no_proxy: ""
+ ca_crt_path: ""
+
+```
+
+
+
+
+
+
+
+
+
+ | **Parameter** | **Description** | **Type** |
+ | --- | --- | --- |
+ | `env.rootDomain` | The URL name or IP address you will use for the Palette installation. | string |
+ | `config.installationMode` | The installation mode for Palette. The values can be `connected` or `airgap`. Set this value to `airgap`. | string |
+ | `ociPackEcrRegistry` | The OCI registry credentials for the Palette FIPS packs repository.| object |
+ | `ociImageRegistry` | The OCI registry credentials for the Palette images repository.| object |
+ | `ociImageRegistry.mirrorRegistries`| Replace the placeholder string with the respective values of your OCI registry repository that is hosting the images.|
+ | `imageSwapConfig.isEKSCluster` | Set this value to `false` if you are NOT installing Palette on an EKS cluster. | boolean |
+ | `scar` | Specify your HTTP file server values. If your HTTP file server requires credentials ensure the provided values are base64 encoded. Example of the string "admin" in base64 encoding - `YWRtaW4=`. | object |
+
+
+ Save the **values.yaml** file after you have populated the required parameters mentioned in the table. Expand the following sections to review an example of the **values.yaml** file with the required parameters highlighted.
+
+
+
+
+Example - values.yaml
+
+```yaml {23,53,77-85,87-95,97-102,109}
+#########################
+# Spectro Cloud Palette #
+#########################
+# MongoDB Configuration
+mongo:
+ # Whether to deploy MongoDB in-cluster (internal == true) or use Mongo Atlas
+ internal: true
+
+ # Mongodb URL. Only change if using Mongo Atlas.
+ databaseUrl: "mongo-0.mongo,mongo-1.mongo,mongo-2.mongo"
+ # Mongo Atlas password, base64 encoded. Only enter if using Mongo Atlas.
+ databasePassword: ""
+
+ #No. of mongo replicas to run, default is 3
+ replicas: 3
+ # The following only apply if mongo.internal == true
+ cpuLimit: "2000m"
+ memoryLimit: "4Gi"
+ pvcSize: "20Gi"
+ storageClass: "" # leave empty to use the default storage class
+
+config:
+ installationMode: "airgap" #values can be connected or airgap.
+
+ # SSO SAML Configuration (Optional for self-hosted type)
+ sso:
+ saml:
+ enabled: false
+ acsUrlRoot: "myfirstpalette.spectrocloud.com"
+ acsUrlScheme: "https"
+ audienceUrl: "https://www.spectrocloud.com"
+ entityId: "https://www.spectrocloud.com"
+ apiVersion: "v1"
+
+ # Email Configurations. (Optional for self-hosted type)
+ email:
+ enabled: false
+ emailId: "noreply@spectrocloud.com"
+ smtpServer: "smtp.gmail.com"
+ smtpPort: 587
+ insecureSkipVerifyTls: true
+ fromEmailId: "noreply@spectrocloud.com"
+ password: "" # base64 encoded SMTP password
+
+ env:
+ # rootDomain is a DNS record which will be mapped to the ingress-nginx-controller load balancer
+ # E.g., myfirstpalette.spectrocloud.com
+ # - Mandatory if ingress.internal == false
+ # - Optional if ingress.internal == true (leave empty)
+ #
+ # IMPORTANT: a DNS record must be created separately and it must be a wildcard to account for Organization prefixes
+ # E.g., *.myfirstpalette.spectrocloud.com
+ rootDomain: "palette.example.com"
+
+ # stableEndpointAccess is used when deploying EKS clusters in Private network type.
+ # When your Saas installed instance have connectivity to the private VPC where you want to launch the cluster set the stableEndpointAccess to true
+ cluster:
+ stableEndpointAccess: false
+
+# registry:
+# endpoint: "" #
+# name: "" #
+# password: "" #
+# username: "" #
+# insecureSkipVerify: false
+# caCert: ""
+
+# ociPackRegistry:
+# endpoint: "" #
+# name: "" #
+# password: "" #
+# username: "" #
+# baseContentPath: "" #
+# insecureSkipVerify: false
+# caCert: ""
+
+ ociPackEcrRegistry:
+ endpoint: "123456789.dkr.ecr.us-east-1.amazonaws.com" #
+ name: "Airgap Packs OCI" #
+ accessKey: "*************" #
+ secretKey: "*************" #
+ baseContentPath: "spectro-packs" #
+ isPrivate: true
+ insecureSkipVerify: true
+ caCert: ""
+
+ ociImageRegistry:
+ endpoint: "public.ecr.aws/123456789" #
+ name: "Airgap Image OCI" #
+ password: "" #
+ username: "" #
+ baseContentPath: "spectro-images" #
+ insecureSkipVerify: true
+ caCert: ""
+ mirrorRegistries: "docker.io::public.ecr.aws/v2/123456789/spectro-images,gcr.io::public.ecr.aws/v2/123456789/spectro-images,ghcr.io::public.ecr.aws/v2/123456789/spectro-images,k8s.gcr.io::public.ecr.aws/v2/123456789/spectro-images,registry.k8s.io::public.ecr.aws/v2/123456789/spectro-images,quay.io::public.ecr.aws/v2/123456789/spectro-images"
+
+
+ scar:
+ endpoint: "http://10.15.20.15:2015"
+ username: "YWRtaW4="
+ password: "YWRtaW4="
+ insecureSkipVerify: true
+ caCert: ""
+
+ imageSwapImages:
+ imageSwapInitImage: "gcr.io/spectro-images-public/release-fips/thewebroot/imageswap-init:v1.5.2"
+ imageSwapImage: "gcr.io/spectro-images-public/release-fips/thewebroot/imageswap:v1.5.2"
+
+ imageSwapConfig:
+ isEKSCluster: true #If the Cluster you are trying to install is EKS cluster set value to true else set to false
+
+
+nats:
+ # Should we install nats as part of the nats chart bundled with hubble charts
+ # If not enabled NATS service should be installed as a separate service.
+
+ enabled: true
+
+ # Whether to front NATS with a cloud load balancer (internal == false) or
+ # either share the ingress load balancer or use hostNetwork (internal == true).
+ # See nats.natsUrl comments for further detail.
+ internal: true
+
+ # NATS URL
+ # Comma separated list of mappings for nats load balancer service
+ # E.g., "message1.dev.spectrocloud.com:4222,message2.dev.spectrocloud.com:4222"
+ #
+ # Mandatory if nats.internal == false
+ # Otherwise, if nats.internal == true:
+ # - If ingress.ingress.internal == true: leave empty (use hostNetwork)
+ # - If ingress.ingress.internal == false: use ":4222" (share ingress lb)
+ natsUrl: ""
+
+ # *********************** IMPORTANT NOTE ******************************
+ # * if nats.internal == true, ignore all of the following NATS config *
+ # *********************************************************************
+
+ # NATS load balancer annotations
+ annotations: {}
+
+ # AWS example
+ # service.beta.kubernetes.io/aws-load-balancer-ssl-cert:
+ # service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "server-port"
+ # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
+
+ # Azure example
+ # service.beta.kubernetes.io/azure-load-balancer-internal: "true"
+ # service.beta.kubernetes.io/azure-dns-label-name: myserviceuniquelabel
+
+ # Static IP for the nats loadbalancer service. If empty, a dynamic IP will be generated.
+ natsStaticIP: ""
+grpc:
+ external: false
+ endpoint: "" #Please provide DNS endpoint with the port eg: msg.spectrocloud.com:443
+ caCertificateBase64: "" #Please provide caCertificate for the grpc server Cert
+ serverCrtBase64: ""
+ serverKeyBase64: ""
+ insecureSkipVerify: false
+
+ingress:
+ # When enabled nginx ingress controller would be installed
+ enabled: true
+
+ ingress:
+ # Whether to front NGINX Ingress Controller with a cloud
+ # load balancer (internal == false) or use host network
+ internal: false
+
+ # Default SSL certificate and key for NGINX Ingress Controller (Optional)
+ # A wildcard cert for config.env.rootDomain, e.g., *.myfirstpalette.spectrocloud.com
+ # If left blank, the NGINX ingress controller will generate a self-signed cert (when terminating TLS upstream of ingress-nginx-controller)
+ certificate: ""
+ key: ""
+
+ #If ACM is enabled please use grpc as a non internal and bring grpc on different LB. Provide certificate and dns for it.
+ annotations: {}
+ # AWS example
+ # service.beta.kubernetes.io/aws-load-balancer-internal: "true"
+ # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
+ # service.beta.kubernetes.io/aws-load-balancer-ssl-cert:
+ # service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
+
+ # Azure example
+ # service.beta.kubernetes.io/azure-load-balancer-internal: "true"
+ # service.beta.kubernetes.io/azure-dns-label-name: myserviceuniquelabel
+
+ # Static IP for the Ingress load balancer service. If empty, a dynamic IP will be generated.
+ ingressStaticIP: ""
+
+ # For Service like AWS Load Balancer using https we would want to terminate the HTTPS at Load Balancer.
+ terminateHTTPSAtLoadBalancer: false
+ nats:
+ enabled: true
+
+frps:
+ frps:
+ enabled: false
+ frpHostURL: proxy.sample.spectrocloud.com
+ server:
+ crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURqekNDQW5lZ0F3SUJBZ0lVZTVMdXBBZGljd0Z1SFJpWWMyWEgzNTFEUzJJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0tERW1NQ1FHQTFVRUF3d2RjSEp2ZUhrdWMyRnRjR3hsTG5Od1pXTjBjbTlqYkc5MVpDNWpiMjB3SGhjTgpNakl4TURFME1UTXlOREV5V2hjTk1qY3hNREV6TVRNeU5ERXlXakI3TVFzd0NRWURWUVFHRXdKVlV6RUxNQWtHCkExVUVDQk1DUTBFeEV6QVJCZ05WQkFjVENsTmhiblJoUTJ4aGNtRXhGVEFUQmdOVkJBb1RERk53WldOMGNtOUQKYkc5MVpERUxNQWtHQTFVRUN4TUNTVlF4SmpBa0JnTlZCQU1USFhCeWIzaDVMbk5oYlhCc1pTNXpjR1ZqZEhKdgpZMnh2ZFdRdVkyOXRNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXd5bEt3MmlxClBXM2JrQU0wV3RhaEFLbEppcWFHd05LUDVRRTZ6ZW5NM2FURko3TjIwN0dWcUNGYzJHTDNodmNhTDFranZjeEkKK2lybHpkbm9hcVhUSmV3ZkJiTGs2SGVhZmdXUVp3NHNNeE5QRUVYYlNXYm54Mm03Y2FlbVJiUWZSQWhPWXRvWgpIWG1IMzQ1Q25mNjF0RnhMeEEzb0JRNm1yb0JMVXNOOUh2WWFzeGE5QUFmZUNNZm5sYWVBWE9CVmROalJTN1VzCkN5NmlSRXpEWFgvem1nOG5WWFUwemlrcXdoS3pqSlBJd2FQa2ViaXVSdUJYdEZ0VlQwQmFzS3VqbURzd0lsRFQKVmR4SHRRQUVyUmM4Q2Nhb20yUkpZbTd1aHNEYlo2WVFzS3JiMmhIbU5rNENVWUd5eUJPZnBwbzR2bFd1S2FEcgpsVFNYUXlPN0M0ejM1d0lEQVFBQm8xNHdYREJhQmdOVkhSRUVVekJSZ2dsc2IyTmhiR2h2YzNTSEJIOEFBQUdDCkhYQnliM2g1TG5OaGJYQnNaUzV6Y0dWamRISnZZMnh2ZFdRdVkyOXRnaDhxTG5CeWIzaDVMbk5oYlhCc1pTNXoKY0dWamRISnZZMnh2ZFdRdVkyOXRNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUEvRFJFVm54SWJRdi9uMDEvSQpJd1d0ekhKNGNHOUp6UlB6dmszNUcvRGJOVzZYZ0M3djBoWlFIVHg5bzMrckxoSUFiWTNmbjc1VEtlN3hMRWpiCkI3M3pGWURJSStkYzM5NkQzZU51M2NxRGIvY01kYmlFalhod2ttZk9NRm9qMnpOdHJIdzFsSjA0QlNFMWw1YWgKMDk0Vy9aaEQ2YTVLU3B0cDh1YUpKVmNrejRYMEdRWjVPYjZadGdxZVVxNytqWVZOZ0tLQzJCMW1SNjMyMDNsZwozVFZmZEkrdmI3b292dVdOOFRBVG9qdXNuS25WMmRMeTFBOWViWXYwMEM3WWZ6Q0NhODgrN2dzTGhJaUJjRHBPClJkWjU3QStKanJmSU5IYy9vNm5YWFhDZ2h2YkFwUVk1QnFnMWIzYUpUZERNWThUY0hoQVVaQzB5eU04bXcwMnQKWHRRQwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+ key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBd3lsS3cyaXFQVzNia0FNMFd0YWhBS2xKaXFhR3dOS1A1UUU2emVuTTNhVEZKN04yCjA3R1ZxQ0ZjMkdMM2h2Y2FMMWtqdmN4SStpcmx6ZG5vYXFYVEpld2ZCYkxrNkhlYWZnV1FadzRzTXhOUEVFWGIKU1dibngybTdjYWVtUmJRZlJBaE9ZdG9aSFhtSDM0NUNuZjYxdEZ4THhBM29CUTZtcm9CTFVzTjlIdllhc3hhOQpBQWZlQ01mbmxhZUFYT0JWZE5qUlM3VXNDeTZpUkV6RFhYL3ptZzhuVlhVMHppa3F3aEt6akpQSXdhUGtlYml1ClJ1Qlh0RnRWVDBCYXNLdWptRHN3SWxEVFZkeEh0UUFFclJjOENjYW9tMlJKWW03dWhzRGJaNllRc0tyYjJoSG0KTms0Q1VZR3l5Qk9mcHBvNHZsV3VLYURybFRTWFF5TzdDNHozNXdJREFRQUJBb0lCQUFPVVZFeTFOTG9mczdFMgpmZFZVcm10R3I1U2RiVWRJRlYrTDREbzZtWWxQSmxhT0VoWGI0ZlROZDloNEtEWVBmaWwwSnhXcUU0U1RHTmZuCnNUMlRnUVhuQ01LZi8xYk1Lc2M0N3VjVStYYU9XaHJnVFI5UmhkckFjN0duODRLL3hQc0ljL2VZTEhHLzh1QUUKeWUvLzVmRkM2QmpXY0hUM1NkTlZnd3duamJudG5XTXIzTFJBVnJBamZBckxveWUwS0F2YytYdXJLTEVCcmMyVQpjaHlDbitZemJKN0VlSG44UXdQNGdBNXVSK0NCMFJPeFErYXIzS3M5YUhkZTQ1OEVNNEtLMnpUOXA4RWZRc1lFCkFtNUpxWjliR0JEVHV1dEkyNm9GK0pLQ1IzZzhXNERRcHVYRUZoVjlya0pMSm13RDhQb0JaclF6UzZvdmJhdkkKRk42QVM4RUNnWUVBOEcxQzFxZVh4dTQ4aEYxak5MTCswRmxkeWdFem9SMmFoRGJCai8weUZkQVVjU2pYTzk0NAozN1dORTBUUG10WG1Vc3NZTlBTR21XaWI2OUhicEFoMTY3SWVwNE9LaVlZdkozYm1oUC9WNzFvK3M0SWJlSHh1CkVJbWVVckFOZWRoQURVQnZ4c1lXRWxlVlVJSFFRcjY1VHM2ZjIrWkpTKzg4TU05bUorL3BmcmNDZ1lFQXo4MXgKR3JiSE5oak56RjhZMjhiK0hMNW5rdDR0SUdkU3hnbW9PMFFJeGkrQVNZTzB0WW42VFk0ZHI5ZXErMzE3b21ZawpMbDNtNENORDhudG1vYzRvWnM4SUpDQ0IrZjNqcTY4OHdoQU9vVHZ4dDhjZVJqOFRhRHl1SHZwS043OVNsVVd2CjBJd2ZRNDNIemd3SWJiSWhjcTRJVGswanI0VHdWbThia283VElGRUNnWUJoNnUzVXhHN0JHeGZVaE1BNW4waSsKREJkeGhPbkZEV3gzdW1FOHhrN1dxV2NaNnhzMWk3eTRCNVhNS2pNdkNUeURyYWxQTCtOOXFTZ1BjK216TmFybwo4aU1mOENmRStMeE5vMVFoQ0p6Vm5YaDUzVnhZeHJ5QXlidU1TNTFCYVh3MHFYQ2NrT0krV0NNOHBaSHZEUVFsCmYydUZ3SlZMY3NTZDBHbjNpL01ab3dLQmdBY1BzUjg2Uk15MnpROTd6OGx3R3FSNVorV2F2U2ZUdXdGVnhLeTIKNUNGdjdja1J1NnRMbEFEY3FtK1dRWTRvTm5KUFREMXpIV3hTWm5XdjhjM2Z4b212MFZRQThzbSs4ZVNjb05EcgpZTVBqMkpQcEpVTTMwMzRBU2Q1dG5PWUdEMVZaTjk4N1U3aWs4Ynd6dG5tYnl2MHRvc1NlWkc4TGNtdE5mVDllCnNSZnhBb0dCQUpTV1lDellyTlRMNnRUSnh5M2FqWm5jZkxrMEV0eWNCd05FRXZHVzVSVE9LOUFYTE96RzN0eHUKajZqWlRpaUFRU09aaVd0clJHU0U0bEkyQ1MvcjNjd3VuSGlnZlovd1dKZldkZ0JpRnZqOTVFbUVQWUZaRDRobQpkT3l5UHhRRXFTRmprQ21BS2plOFBpTDdpU01GbGhBZTZQWFljQlExdCtzd01UeXBnY3RrCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
+ ca:
+ crt : LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURNVENDQWhtZ0F3SUJBZ0lVSHhWK0ljVGZHUElzdW8yY3dqQ0Q0Z2RSTFFRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0tERW1NQ1FHQTFVRUF3d2RjSEp2ZUhrdWMyRnRjR3hsTG5Od1pXTjBjbTlqYkc5MVpDNWpiMjB3SGhjTgpNakl4TURFME1UTXlOREV5V2hjTk16WXdOakl5TVRNeU5ERXlXakFvTVNZd0pBWURWUVFEREIxd2NtOTRlUzV6CllXMXdiR1V1YzNCbFkzUnliMk5zYjNWa0xtTnZiVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0MKQVFvQ2dnRUJBSy90WXBHVi9HRURUWnZzL25QQ2lOK0U3K1dOQ21GeU1NQjdkazVOT3JzQWZIaVVvZ1JRVUo0WQptSjhwVmYrSzhTRFBsdGNYcW40WVVTbmxiUERsVlBkWU5zOTEwT3RaS1EwNW96aUtGV2pNbS85NHlLSjVyVzNsCndDNEN0ayttUm9Ib0ZQQS81dmFVbVZHdlVadjlGY0JuL0pKN2F4WnRIQk1PRiticXQ0Zmd0ci9YMWdOeWhPVzUKZTVScGpESkozRjJTVnc5NUpBQSt4a3V3UitFSmVseEtnQVpxdDc0ejB4U2ROODZ0QzNtK0wxRGs2WVVlQWEzZApvM3Rsa3ZkeDV6dUJvSmI2QmpZWEV4UE1PbThRcHFNVWRLK3lDZUdrem9XQStDOUtFdGtVaERCWktENStNWXRZCktVMUh1RXJCbmw2Z3BuWTRlbzJjVTRxdkNwZzZ4S3NDQXdFQUFhTlRNRkV3SFFZRFZSME9CQllFRklKMkRkTjgKc2ZtVjRCT1ZFL0FjZ0VEejArNmlNQjhHQTFVZEl3UVlNQmFBRklKMkRkTjhzZm1WNEJPVkUvQWNnRUR6MCs2aQpNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQWhQVi9RMVl1YWVTOTZVCmhjVGQ4RWdJaHhpbHFiTWlTQm5WaVdrdlJzWk94UUIwNTFScWtwT3g0UTRsckdaOGVJWWc3T0trTTdzejhuTVQKL2pxS21sZDY0MzJCcURCMlNkNVp5ZFdReHAwU1laRTlnVWszYk9KRGtZVXQ4b1cvZDBWeG9uU05LQVN3QmZKaApWV1VZUUlpNm55K0ZZZmtuRFNvRnFlY2Z3SDBQQVUraXpnMkI3KzFkbko5YisyQ21IOUVCallOZ2hoNlFzVlFQCkh2SkdQQURtandPNkJOam5HK0Z3K0Z6cmFXUTNCTjAwb08zUjF6UmgxZERmTTQzR3oxRmZGRW5GSXI5aGFuUnQKWHJFZm8vZWU5bjBLWUFESEJnV1g4dlhuNHZrRmdWRjgwYW9MUUJSQTBxWXErcW1pVlp6YnREeE9ldFEyRWFyTQpyNmVWL0lZPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+ service:
+ annotations: {}
+
+ui-system:
+ enabled: true
+ ui:
+ nocUI:
+ enable: true
+ mapBoxAccessToken: "" # Leave Empty to use Default Access Token from Palette
+ mapBoxStyledLayerID: "" # Leave Empty to use Default Style Layer ID
+
+reach-system:
+ reachSystem:
+ enabled: false
+ proxySettings:
+ http_proxy: ""
+ https_proxy: ""
+ no_proxy: ""
+ ca_crt_path: ""
+
+```
+
+
+
+
+
+
+
+
+5. This step only applies to those who are installing an airgap Palette or who are using a self-hosted OCI registry with registry caching enabled. Otherwise, skip to the next step.
+
+ Go ahead and install the image-swap chart using the following command. Replace the `image-swap-0.0.0.tgz` file name with the name of the image-swap chart you downloaded. Point to the **values.yaml** file you configured in the previous step.
+
+
+
+ ```shell
+ helm upgrade --values spectro-mgmt-plane/values.yaml image-swap image-swap-0.0.0.tgz --install
+ ```
+
+
+6. Install the Palette Helm Chart using the following command.
@@ -168,7 +694,7 @@ The following instructions are written agnostic to the Kubernetes distribution y
```
-6. Track the installation process using the command below. Palette is ready when the deployments in the namespaces `cp-system`, `hubble-system`, `ingress-nginx`, `jet-system` , and `ui-system` reach the *Ready* state. The installation takes between two to three minutes to complete.
+7. Track the installation process using the command below. Palette is ready when the deployments in the namespaces `cp-system`, `hubble-system`, `ingress-nginx`, `jet-system` , and `ui-system` reach the *Ready* state. The installation takes between two to three minutes to complete.
@@ -177,7 +703,7 @@ The following instructions are written agnostic to the Kubernetes distribution y
```
-7. Create a DNS CNAME record that is mapped to the Palette `ingress-nginx-controller` load balancer. You can use the following command to retrieve the load balancer IP address. You may require the assistance of your network administrator to create the DNS record.
+8. Create a DNS CNAME record that is mapped to the Palette `ingress-nginx-controller` load balancer. You can use the following command to retrieve the load balancer IP address. You may require the assistance of your network administrator to create the DNS record.
@@ -194,22 +720,17 @@ The following instructions are written agnostic to the Kubernetes distribution y
:::
-8. Use the custom domain name or the IP address of the load balancer to visit the Palette system console. To access the system console, open a web browser and paste the custom domain URL in the address bar and append the value `/system`. Replace the domain name in the URL with your custom domain name or the IP address of the load balancer. Alternatively, you can use the load balancer IP address with the appended value `/system` to access the system console.
-
-
-
- :::info
+9. Use the custom domain name or the IP address of the load balancer to visit the Palette system console. To access the system console, open a web browser and paste the custom domain URL in the address bar and append the value `/system`. Replace the domain name in the URL with your custom domain name or the IP address of the load balancer. Alternatively, you can use the load balancer IP address with the appended value `/system` to access the system console.
- The first time you visit the Palette system console, a warning message about an untrusted SSL certificate may appear. This is expected, as you have not yet uploaded your SSL certificate to Palette. You can ignore this warning message and proceed.
+ The first time you visit the Palette system console, a warning message about a not trusted SSL certificate may appear. This is expected, as you have not yet uploaded your SSL certificate to Palette. You can ignore this warning message and proceed.
- :::
-9. Log in to the system console using the following default credentials.
+10. Log in to the system console using the following default credentials.
@@ -224,7 +745,7 @@ The following instructions are written agnostic to the Kubernetes distribution y
-10. After login, a summary page is displayed. Palette is installed with a self-signed SSL certificate. To assign a different SSL certificate you must upload the SSL certificate, SSL certificate key, and SSL certificate authority files to Palette. You can upload the files using the Palette system console. Refer to the [Configure HTTPS Encryption](../../system-management/ssl-certificate-management.md) page for instructions on how to upload the SSL certificate files to Palette.
+11. After login, a summary page is displayed. Palette is installed with a self-signed SSL certificate. To assign a different SSL certificate you must upload the SSL certificate, SSL certificate key, and SSL certificate authority files to Palette. You can upload the files using the Palette system console. Refer to the [Configure HTTPS Encryption](../../system-management/ssl-certificate-management.md) page for instructions on how to upload the SSL certificate files to Palette.
@@ -246,7 +767,7 @@ Use the following steps to validate the Palette installation.
-1. Open up a web browser and navigate to the Palette system console. To access the system console, open a web browser and paste the following URL in the address bar and append the value `/system`. Replace the domain name in the URL with your custom domain name or the IP address of the load balancer.
+1. Open up a web browser and navigate to the Palette system console. To access the system console, open a web browser and paste the `env.rootDomain` value you provided in the address bar and append the value `/system`. You can also use the IP address of the load balancer.
diff --git a/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/palette-helm-ref.md b/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/palette-helm-ref.md
index 79ee713604..2929b5a8b9 100644
--- a/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/palette-helm-ref.md
+++ b/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/palette-helm-ref.md
@@ -246,6 +246,36 @@ config:
caCert: ""
```
+
+#### OCI Image Registry
+
+You can specify an OCI registry for the images used by Palette.
+
+| **Parameters** | **Description** | **Type** | **Default value** |
+| --- | --- | --- | --- |
+| `ociImageRegistry.endpoint` | The endpoint URL for the registry. | String| `""` |
+| `ociImageRegistry.name` | The name of the registry. | String| `""` |
+| `ociImageRegistry.password` | The password for the registry. | String| `""` |
+| `ociImageRegistry.username` | The username for the registry. | String| `""` |
+| `ociImageRegistry.baseContentPath`| The base path for the registry. | String | `""` |
+| `ociImageRegistry.insecureSkipVerify` | Specifies whether to skip Transport Layer Security (TLS) verification for the registry connection. | Boolean | `false` |
+| `ociImageRegistry.caCert` | The registry's base64-encoded certificate authority (CA) certificate. | String | `""` |
+| `ociImageRegistry.mirrorRegistries` | A comma-separated list of mirror registries. | String | `""` |
+
+
+```yaml
+config:
+ ociImageRegistry:
+ endpoint: ""
+ name: ""
+ password: ""
+ username: ""
+ baseContentPath: ""
+ insecureSkipVerify: false
+ caCert: ""
+ mirrorRegistries: ""
+```
+
#### Spectro Cloud Artifact Repository (SCAR)
SCAR credentials are required to download the necessary FIPS manifests. Our support team provides the SCAR credentials.
diff --git a/docs/docs-content/enterprise-version/install-palette/install-on-vmware/airgap-instructions.md b/docs/docs-content/enterprise-version/install-palette/install-on-vmware/airgap-instructions.md
deleted file mode 100644
index ef4be316eb..0000000000
--- a/docs/docs-content/enterprise-version/install-palette/install-on-vmware/airgap-instructions.md
+++ /dev/null
@@ -1,716 +0,0 @@
----
-sidebar_label: "Airgap Instructions"
-title: "Install in an Air Gap Environment"
-description: "Learn how to install Palette into an air gap environment."
-icon: ""
-hide_table_of_contents: false
-sidebar_position: 20
-tags: ["self-hosted", "enterprise", "air-gap"]
----
-
-You can install a self-hosted version of Palette into a VMware environment without direct internet access. This type of installation is referred to as an *air gap* installation.
-
-In a standard Palette installation, the following artifacts are downloaded by default from the public Palette repository.
-
-* Palette platform manifests and required platform packages.
-
-
-* Container images for core platform components and 3rd party dependencies.
-
-
-* Palette Packs.
-
-
-The installation process changes a bit in an air gap environment due to the lack of internet access. Before the primary Palette installation step, you must download the three required Palette artifacts mentioned above. The other significant change is that Palette's default public repository is not used. Instead, a private repository supports all Palette operations pertaining to storing images and packages.
-
-The following diagram is a high-level overview of the order of operations required to deploy a self-hosted instance of Palette in an airgap environment.
-
-
-
-
-
-The airgap installation can be simplified into five major phases.
-
-
-1. Download the Open Virtual Appliance (OVA) image and deploy the instance hosting the private repository that supports the airgap environment.
-
-
-2. The private Spectro Cloud repository is initialized, and all the Palette-required artifacts are downloaded and available.
-
-
-3. The Palette Install OVA is deployed, configured, and initialized.
-
-
-4. The scale-up process to a highly available three-node installation begins.
-
-
-5. Palette is ready for usage.
-
-
-This guide focuses on the first two installation phases, as the remaining ones are covered in the [Instructions](install.md) guide.
-
-
-## Prerequisites
-
-* The following minimum resources are required to deploy Palette.
- * 2 vCPU
- * 4 GB of Memory
- * 100 GB of Storage. Storage sizing depends on your intended update frequency and data retention model.
-
-* Ensure the following ports allow inbound network traffic.
- * 80
- * 443
- * 5000
- * 8000
-
-
-* Request the Palette self-hosted installer image and the Palette air gap installer image. To request the installer images, please contact our support team by sending an email to support@spectrocloud.com. Kindly provide the following information in your email:
-
- - Your full name
- - Organization name (if applicable)
- - Email address
- - Phone number (optional)
- - A brief description of your intended use for the Palette Self-host installer image.
-
-Our dedicated support team will promptly get in touch with you to provide the necessary assistance and share the installer image.
-
-If you have any questions or concerns, please feel free to contact support@spectrocloud.com.
-
-
-## Deploy Air Gapped Appliance
-
-
-1. Log in to vCenter Server by using the vSphere Client.
-
-
-2. Navigate to the Datacenter and select the cluster you want to use for the installation. Right-click on the cluster and select **Deploy OVF Template**.
-
-
-3. Select the airgap OVA installer image you downloaded after receiving guidance from our support team.
-
-
-4. Select the folder where you want to install the Virtual Machine (VM) and assign a name to the VM.
-
-
-5. Next, select the compute resource.
-
-
-6. Review the details page. You may get a warning message stating the certificate is not trusted. You can ignore the message and click **Next**.
-
-
-7. Select your storage device and storage policy. Click on **Next** to proceed.
-
-
-8. Choose a network for your appliance and select **Next**.
-
-
-9. Fill out the remaining template customization options. You can modify the following input fields.
-
- | Parameter | Description | Default Value |
- | --- | --- | -- |
- | **Encoded user-data** | In order to fit into an XML attribute, this value is base64 encoded. This value will be decoded, and then processed normally as user-data. | - |
- | **ssh public keys** | This field is optional but indicates that the instance should populate the default user's `authorized_keys` with the provided public key. | -|
- | **Default User's password** | Setting this value allows password-based login. The password will be good for only a single login. If set to the string `RANDOM` then a random password will be generated, and written to the console. | - |
- | **A Unique Instance ID for this instance** | Specifies the instance id. This is required and used to determine if the machine should take "first boot" actions| `id-ovf`|
- | **Hostname** | Specifies the hostname for the appliance. | `ubuntuguest` |
- | **URL to seed instance data from** | This field is optional but indicates that the instance should 'seed' user-data and meta-data from the given URL.| -|
-
-10. Click on **Next** to complete the deployment wizard. Upon completion, the cloning process will begin. The cloning process takes a few minutes to complete.
-
-
-11. Power on the VM and click on the **Launch Web Console** button to access the instance's terminal.
-
-
-12. Configure a static IP address on the node by editing **/etc/netplan/50-cloud-init.yaml**.
-
- ```shell
- sudo vi /etc/netplan/50-cloud-init.yaml
- ```
-
- Use the following sample configuration as a starting point but feel free to change the configuration file as required for your environment. To learn more about Netplan, check out the [Netplan configuration examples](https://netplan.io/examples) from Canonical.
-
-
-
- ```yaml
- network:
- version: 2
- renderer: networkd
- ethernets:
- ens192:
- dhcp4: false
- addresses:
- - 10.10.244.9/18 # your static IP and subnet mask
- gateway4: 10.10.192.1 # your gateway IP
- nameservers:
- addresses: [10.10.128.8] # your DNS nameserver IP address.
- ```
-
- To exit Vi, press the **ESC** key and type `:wq` followed by the **Enter** key.
-
-13. Issue the `netplan` command to update the network settings.
-
-
-
- ```shell
- sudo netplan apply
- ```
-
-14. Give the instance one to two minutes before issuing the following command. The next step is to start the airgap setup script that stands up the Spectro Repository. Issue the command below and replace `X.X.X.X` with the static IP you provided to the Netplan configuration file.
-
-
-
- ```shell
- sudo /opt/spectro/airgap-setup.sh X.X.X.X
- ```
-
- Record the output of the setup command as you will use it when deploying the Quick Start appliance later on in the installation process.
-
- Example Output:
- ```shell hideClipboard
- Setting up Manifests
- Setting up Manifests
- Setting up SSL Certs
- Setup Completed
-
- Details:
- -------
- Spectro Cloud Repository
- UserName: XXXXXXXXX
- Password: XXXXXXXXXX
- Location: https://10.10.249.12
- Artifact Repo Certificate:
- LS0tLS1CRUdJ.............
-
- Pack Registry
- URL: https://10.10.249.12:5000
- Username: XXXXXXXXX
- Password: XXXXXXXXX
- ```
-
-15. If you need to configure the instance with proxy settings, go ahead and do so now. You can configure proxy settings by using environment variables. Replace the values with your environment's respective values.
-
-
-
- ```shell
- export http_proxy=http://10.1.1.1:8888
- export https_proxy=https://10.1.1.1:8888
- export no_proxy=.example.dev,10.0.0.0/8
- ```
-
-16. The next set of steps will download the required binaries to support a Palette installation, such as the Palette Installer, required Kubernetes packages, and kubeadm packages. You can download these artifacts from the instance, or externally and transfer them to the instance. Click on each tab for further guidance.
-
-
-
- :::caution
-
- You must download the following three resources. Our support team will provide you with the credentials and download URL.
- Click on each tab to learn more about each resource and steps for downloading.
-
- :::
-
-
-
-
-
-
-
- Download the binary by using the URL provided by the Palette support team. Change the version number as needed.
-
-
-
- ```shell
- curl --user XXXX:YYYYY https:///airgap/packs/airgap-v3.3.15.bin \
- --output airgap-k8s-v3.3.15.bin
- ```
-
-:::tip
-
- If you receive a certificate error, use the `-k` or `--insecure` flag.
-
-:::
-
- Assign the proper permissions and start the download script.
-
-
-
- ```shell
- sudo chmod 755 ./airgap-k8s-v3.3.15.bin && sudo ./airgap-k8s-v3.3.15.bin
- ```
-
- Example Output:
- ```shell
- sudo ./airgap-k8s-v3.3.15.bin
- Verifying archive integrity... 100% MD5 checksums are OK. All good.
- Uncompressing Airgap K8S Images Setup - Version 3.3.15 100%
- Setting up Packs
- Setting up Images
- - Pushing image k8s.gcr.io/kube-controller-manager:v1.22.10
- - Pushing image k8s.gcr.io/kube-proxy:v1.22.10
- - Pushing image k8s.gcr.io/kube-apiserver:v1.22.10
- - Pushing image k8s.gcr.io/kube-scheduler:v1.22.10
- …
- Setup Completed
- ```
-
-
-
-
-
-
-
-
- Download the binary by using the URL provided by the Palette support team. Change the version number as needed.
-
-
-
- ```shell
- curl --user XXXX:YYYYY https:///airgap/packs/airgap-k8s-v3.3.15.bin \
- --output airgap-k8s-v3.3.15.bin
- ```
-
-
-:::tip
-
- If you receive a certificate error, use the `-k` or `--insecure` flag.
-
-:::
-
- Assign the proper permissions and start the download script.
-
-
-
- ```shell
- sudo chmod 755 ./airgap-k8s-v3.3.15.bin && sudo ./airgap-k8s-v3.3.15.bin
- ```
-
- Example Output:
- ```shell
- sudo ./airgap-k8s-v3.3.15.bin
- Verifying archive integrity... 100% MD5 checksums are OK. All good.
- Uncompressing Airgap K8S Images Setup - Version 3.3.15 100%
- Setting up Packs
- Setting up Images
- - Pushing image k8s.gcr.io/kube-controller-manager:v1.22.10
- - Pushing image k8s.gcr.io/kube-proxy:v1.22.10
- - Pushing image k8s.gcr.io/kube-apiserver:v1.22.10
- - Pushing image k8s.gcr.io/kube-scheduler:v1.22.10
- …
- Setup Completed
- ```
-
-
-
-
-
-
- Download the binary by using the URL provided by the Palette support team. Change the version number as needed.
-
-
-
- ```shell
- curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-kubeadm.bin \
- --output airgap-edge-kubeadm.bin
- ```
-
-:::tip
-
- If you receive a certificate error, use the `-k` or `--insecure` flag.
-
-:::
-
- Assign the proper permissions and start the download script.
-
-
-
- ```shell
- sudo chmod 755 ./airgap-edge-kubeadm.bin && sudo ./airgap-edge-kubeadm.bin
- ```
-
- Example Output:
- ```shell
- sudo ./airgap-edge-kubeadm.bin
- Verifying archive integrity... 100% MD5 checksums are OK. All good.
- Uncompressing Airgap Edge Packs - Kubeadm Images 100%
- Setting up Images
- - Skipping image k8s.gcr.io/coredns/coredns:v1.8.6
- - Pushing image k8s.gcr.io/etcd:3.5.1-0
- - Pushing image k8s.gcr.io/kube-apiserver:v1.23.12
- - Pushing image k8s.gcr.io/kube-controller-manager:v1.23.12
- - Pushing image k8s.gcr.io/kube-proxy:v1.23.12
- …
- Setup Completed
- ```
-
-
-
-
-
-
-
-
-17. If you will be using Edge deployments, go ahead and download the packages your Edge deployments will need. If you are not planning to use Edge, skip to end. You can come back to this step in the future and add the packages if needed. Click on the `...` tab for additional options.
-
-
-
-
-
-
-
-
- Download the binary by using the URL provided by the Palette support team. Change the version number as needed.
-
-
-
- ```shell
- curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-ubuntu22-k3s.bin \
- --output airgap-edge-ubuntu22-k3s.bin
- ```
-
-:::tip
-
- If you receive a certificate error, use the `-k` or `--insecure` flag.
-
-:::
-
- Assign the proper permissions and start the download script.
-
-
-
- ```shell
- sudo chmod 755 ./airgap-edge-ubuntu22-k3s.bin && sudo ./airgap-edge-ubuntu22-k3s.bin
- ```
-
-
-
-
-
-
-
- Download the binary by using the URL provided by the Palette support team. Change the version number as needed.
-
-
-
- ```shell
- curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-ubuntu22-rke.bin \
- --output airgap-edge-ubuntu22-rke.bin
- ```
-
-:::tip
-
- If you receive a certificate error, use the `-k` or `--insecure` flag.
-
-:::
-
- Assign the proper permissions and start the download script.
-
-
-
- ```shell
- sudo chmod 755 ./airgap-edge-ubuntu22-rke.bin && sudo ./airgap-edge-ubuntu22-rke.bin
- ```
-
-
-
-
-
- Download the binary by using the URL provided by the Palette support team. Change the version number as needed.
-
-
-
- ```shell
- curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-ubuntu22-kubeadm.bin \
- --output airgap-edge-ubuntu22-kubeadm.bin
- ```
-
-:::tip
-
-If you receive a certificate error, use the `-k` or `--insecure` flag.
-
-:::
-
- Assign the proper permissions and start the download script.
-
-
-
- ```shell
- sudo chmod 755 ./airgap-edge-ubuntu22-kubeadm.bin && sudo ./airgap-edge-ubuntu22-kubeadm.bin
- ```
-
-
-
-
-
- Download the binary by using the URL provided by the Palette support team. Change the version number as needed.
-
-
-
- ```shell
- curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-ubuntu20-k3s.bin \
- --output airgap-edge-ubuntu20-k3s.bin
- ```
-
-:::tip
-
-If you receive a certificate error, use the `-k` or `--insecure` flag.
-
-:::
-
- Assign the proper permissions and start the download script.
-
-
-
- ```shell
- sudo chmod 755 ./airgap-edge-ubuntu20-k3s.bin && sudo ./airgap-edge-ubuntu20-k3s.bin
- ```
-
-
-
-
-
- Download the binary by using the URL provided by the Palette support team. Change the version number as needed.
-
-
-
- ```shell
- curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-ubuntu20-rke.bin \
- --output airgap-edge-ubuntu20-rke.bin
- ```
-
-:::tip
-
-If you receive a certificate error, use the `-k` or `--insecure` flag.
-
-:::
-
- Assign the proper permissions and start the download script.
-
-
-
- ```shell
- sudo chmod 755 ./airgap-edge-ubuntu20-rke.bin && sudo ./airgap-edge-ubuntu20-rke.bin
- ```
-
-
-
-
-
-
- Download the binary by using the URL provided by the Palette support team. Change the version number as needed.
-
-
-
- ```shell
- curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-ubuntu20-kubeadm.bin \
- --output airgap-edge-ubuntu20-kubeadm.bin
- ```
-
-:::tip
-
-If you receive a certificate error, use the `-k` or `--insecure` flag.
-
-:::
-
- Assign the proper permissions and start the download script.
-
-
-
- ```shell
- sudo chmod 755 ./airgap-edge-ubuntu20-kubeadm.bin && sudo ./airgap-edge-ubuntu20-kubeadm.bin
- ```
-
-
-
-
-
- Download the binary by using the URL provided by the Palette support team. Change the version number as needed.
-
-
-
- ```shell
- curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-opensuse-k3s.bin \
- --output airgap-edge-opensuse-k3s.bin
- ```
-
-:::tip
-
-If you receive a certificate error, use the `-k` or `--insecure` flag.
-
-:::
-
- Assign the proper permissions and start the download script.
-
-
-
- ```shell
- sudo chmod 755 ./airgap-edge-opensuse-k3s.bin && sudo ./airgap-edge-opensuse-k3s.bin
- ```
-
-
-
-
-
- Download the binary by using the URL provided by the Palette support team. Change the version number as needed.
-
-
-
- ```shell
- curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-opensuse-rke.bin \
- --output airgap-edge-opensuse-rke.bin
- ```
-
-:::tip
-
-If you receive a certificate error, use the `-k` or `--insecure` flag.
-
-:::
-
- Assign the proper permissions and start the download script.
-
-
-
- ```shell
- sudo chmod 755 ./airgap-edge-opensuse-rke.bin && sudo ./airgap-edge-opensuse-rke.bin
- ```
-
-
-
-
-
- Download the binary by using the URL provided by the Palette support team. Change the version number as needed.
-
-
-
- ```shell
- curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-opensuse-kubeadm.bin \
- --output airgap-edge-opensuse-kubeadm.bin
- ```
-
-:::tip
-
-If you receive a certificate error, use the `-k` or `--insecure` flag.
-
-:::
-
- Assign the proper permissions and start the download script.
-
-
-
- ```shell
- sudo chmod 755 ./airgap-edge-opensuse-kubeadm.bin && sudo ./airgap-edge-opensuse-kubeadm.bin
- ```
-
-
-
-
-
-
-
-----
-
-
-The next step of the installation process is to begin the deployment of an appliance using the instructions in the [Instructions](install.md) guide. If you need to review the Spectro Cloud Repository details, issue the following command for detailed output.
-
-
-
-```shell
-sudo /bin/airgap-setup.sh
-```
-
-
-
-:::info
-
-You can review all the logs related to the setup of the private Spectro repository in **/tmp/airgap-setup.log**.
-
-:::
-
-
-## Validate
-
-You can validate that the Spectro Repository you deployed is available and ready for the next steps of the installation process. If you provided the appliance with an SSH key then you can skip to step five.
-
-
-1. Log in to vCenter Server by using the vSphere Client.
-
-
-2. Navigate to your Datacenter and locate your VM. Click on the VM to access its details page.
-
-
-3. Power on the VM.
-
-
-4. Click on **Launch Web Console** to access the terminal.
-
-
-5. Log in with the user `ubuntu` and the user password you specified during the installation. If you are using SSH, use the following command, and ensure you specify the path to your SSH private key and replace the IP address with your appliance's static IP.
-
-
-
- ```shell
- ssh --identity_file ~/path/to/your/file ubuntu@10.1.1.1
- ```
-
-
-6. Verify the registry server is up and available. Replace the `10.1.1.1` value with your appliance's IP address.
-
-
-
- ```shell
- curl --insecure https://10.1.1.1:5000/health
- ```
-
- Example Output:
- ```shell
- {"status":"UP"}
- ```
-
-7. Ensure you can log into your registry server. Use the credentials provided to you by the `airgap-setup.sh` script. Replace the `10.1.1.1` value with your appliance's IP address.
-
-
-
- ```shell
- curl --insecure --user admin:admin@airgap https://10.1.1.1:5000/v1/_catalog
- ```
-
- Example Output:
- ```
- {"metadata":{"lastUpdatedTime":"2023-04-11T21:12:09.647295105Z"},"repositories":[{"name":"amazon-linux-eks","tags":[]},{"name":"aws-efs","tags":[]},{"name":"centos-aws","tags":[]},{"name":"centos-azure","tags":[]},{"name":"centos-gcp","tags":[]},{"name":"centos-libvirt","tags":[]},{"name":"centos-vsphere","tags":[]},{"name":"cni-aws-vpc-eks","tags":[]},{"name":"cni-aws-vpc-eks-helm","tags":[]},{"name":"cni-azure","tags":[]},{"name":"cni-calico","tags":[]},{"name":"cni-calico-azure","tags":[]},{"name":"cni-cilium-oss","tags":[]},{"name":"cni-custom","tags":[]},{"name":"cni-kubenet","tags":[]},{"name":"cni-tke-global-router","tags":[]},{"name":"csi-aws","tags":[]},{"name":"csi-aws-ebs","tags":[]},{"name":"csi-aws-efs","tags":[]},{"name":"csi-azure","tags":[]},{"name":"csi-gcp","tags":[]},{"name":"csi-gcp-driver","tags":[]},{"name":"csi-longhorn","tags":[]},{"name":"csi-longhorn-addon","tags":[]},{"name":"csi-maas-volume","tags":[]},{"name":"csi-nfs-subdir-external","tags":[]},{"name":"csi-openstack-cinder","tags":[]},{"name":"csi-portworx-aws","tags":[]},{"name":"csi-portworx-gcp","tags":[]},{"name":"csi-portworx-generic","tags":[]},{"name":"csi-portworx-vsphere","tags":[]},{"name":"csi-rook-ceph","tags":[]},{"name":"csi-rook-ceph-addon","tags":[]},{"name":"csi-tke","tags":[]},{"name":"csi-topolvm-addon","tags":[]},{"name":"csi-vsphere-csi","tags":[]},{"name":"csi-vsphere-volume","tags":[]},{"name":"edge-k3s","tags":[]},{"name":"edge-k8s","tags":[]},{"name":"edge-microk8s","tags":[]},{"name":"edge-native-byoi","tags":[]},{"name":"edge-native-opensuse","tags":[]},{"name":"edge-native-ubuntu","tags":[]},{"name":"edge-rke2","tags":[]},{"name":"external-snapshotter","tags":[]},{"name":"generic-byoi","tags":[]},{"name":"kubernetes","tags":[]},{"name":"kubernetes-aks","tags":[]},{"name":"kubernetes-coxedge","tags":[]},{"name":"kubernetes-eks","tags":[]},{"name":"kubernetes-eksd","tags":[]},{"name":"kubernetes-konvoy","tags":[]},{"name":"kubernetes-microk8s","tags":[]},{"name":"kubernetes-rke2","tags":[]},{"name":"kubernetes-tke","tags":[]},{"name":"portworx-add-on","tags":[]},{"name":"spectro-mgmt","tags":[]},{"name":"tke-managed-os","tags":[]},{"name":"ubuntu-aks","tags":[]},{"name":"ubuntu-aws","tags":[]},{"name":"ubuntu-azure","tags":[]},{"name":"ubuntu-coxedge","tags":[]},{"name":"ubuntu-edge","tags":[]},{"name":"ubuntu-gcp","tags":[]},{"name":"ubuntu-libvirt","tags":[]},{"name":"ubuntu-maas","tags":[]},{"name":"ubuntu-openstack","tags":[]},{"name":"ubuntu-vsphere","tags":[]},{"name":"volume-snapshot-controller","tags":[]}],"listMeta":{"continue":""}}
- ```
-
-
-8. Next, validate the Spectro repository is available. Replace the IP with your appliance's IP address.
-
-
-
- ```shell
- curl --insecure --user spectro:admin@airgap https://10.1.1.1
- ```
-
- Output:
- ```html hideClipboard
-
-
-
- Welcome to nginx!
-
-
-
- Welcome to nginx!
- If you see this page, the nginx web server is successfully installed and
- working. Further configuration is required.
-
- For online documentation and support please refer to
- nginx.org.
- Commercial support is available at
- nginx.com.
-
- Thank you for using nginx.
-
-
- ```
diff --git a/docs/docs-content/enterprise-version/install-palette/install-on-vmware/install-on-vmware.md b/docs/docs-content/enterprise-version/install-palette/install-on-vmware/install-on-vmware.md
index e16e808359..8d22c7c7c1 100644
--- a/docs/docs-content/enterprise-version/install-palette/install-on-vmware/install-on-vmware.md
+++ b/docs/docs-content/enterprise-version/install-palette/install-on-vmware/install-on-vmware.md
@@ -17,8 +17,5 @@ Palette can be installed on VMware vSphere with internet connectivity or an airg
- [Install on VMware](install.md)
-- [Airgap Install Instructions](airgap-instructions.md)
-
-
- [VMware System Requirements](vmware-system-requirements.md)
\ No newline at end of file
diff --git a/docs/docs-content/enterprise-version/install-palette/install-on-vmware/install.md b/docs/docs-content/enterprise-version/install-palette/install-on-vmware/install.md
index 71348c7cf6..1dd0589f37 100644
--- a/docs/docs-content/enterprise-version/install-palette/install-on-vmware/install.md
+++ b/docs/docs-content/enterprise-version/install-palette/install-on-vmware/install.md
@@ -5,17 +5,25 @@ description: "Learn how to install Palette on VMware."
icon: ""
sidebar_position: 10
hide_table_of_contents: false
+toc_max_heading_level: 3
tags: ["palette", "self-hosted", "vmware"]
---
-Palette can be installed on VMware vSphere with internet connectivity or an airgap environment. When you install Palette, a three-node cluster is created. You use the interactive Palette CLI to install Palette on VMware vSphere. Refer to [Access Palette](../../enterprise-version.md#access-palette) for instructions on requesting repository access.
+Palette can be installed on VMware vSphere with internet connectivity or in an airgap environment. When you install Palette, a three-node cluster is created. You use the interactive Palette CLI to install Palette on VMware vSphere. Refer to [Access Palette](../../enterprise-version.md#access-palette) for instructions on requesting repository access.
## Prerequisites
+:::caution
+
+If you are installing Palette in an airgap environment, ensure you complete all the airgap pre-install steps before proceeding with the installation. Refer to the [VMware vSphere Airgap Instructions](../airgap/vmware-vsphere-airgap-instructions.md) guide for more information.
+
+:::
+
+
- An AMD64 Linux environment with connectivity to the VMware vSphere environment.
@@ -75,15 +83,26 @@ Self-hosted Palette installations provide a system Private Cloud Gateway (PCG) o
-### Deployment
+## Deployment
-The video below provides a demonstration of the installation wizard and the prompts you will encounter. Take a moment to watch the video before you begin the installation process. Make sure to use values that are appropriate for your environment. Use the **three-dots Menu** in the lower right corner of the video to expand the video to full screen and to change the playback speed.
+The video below demonstrates the installation wizard and the prompts you will encounter. Take a moment to watch the video before you begin the installation process. Make sure to use values that are appropriate for your environment. Use the **three-dots Menu** in the lower right corner of the video to expand the video to full screen and to change the playback speed.
-
+
+
+
+
+
+
+
+
+
+
+
+
Use the following steps to install Palette.
@@ -100,16 +119,20 @@ Use the following steps to install Palette.
3. Type `y` if you want to use Ubuntu Pro. Otherwise, type `n`. If you choose to use Ubuntu Pro, you will be prompted to enter your Ubuntu Pro token.
-4. Provide the repository URL you received from our support team.
+4. Depending on that type of install of Palette you are using, the Spectro Cloud repository URL value will be different.
+ - Non-Airgap: `https://saas-repo.console.spectrocloud.com`
+ - Airgap: The URL or IP address of your HTTP file server that is hosting the manifest files.
-5. Enter the repository credentials.
+
+
+5. Enter the repository credentials. Our support team provides the credentials you need to access the public Spectro Cloud repository. Airgap installations, provide the credentials to your private repository. If your HTTP file server has no authentication, provide the username and password as `admin` and `admin` respectively.
6. Choose `VMware vSphere` as the cloud type. This is the default.
-7. Type an enterprise cluster name.
+7. Type an enterprise cluster name, or use the default value. Your VM instances will use this name as a prefix.
8. When prompted, enter the information listed in each of the following tables.
@@ -122,7 +145,7 @@ Use the following steps to install Palette.
|:-------------|----------------|
|**HTTPS Proxy**|Leave this blank unless you are using an HTTPS Proxy. This setting will be propagated to all EC nodes and all of its target cluster nodes. Example: `https://USERNAME:PASSWORD@PROXYIP:PROXYPORT`.|
|**HTTP Proxy**|Leave this blank unless you are using an HTTP Proxy. This setting will be propagated to all EC nodes and all of its target cluster nodes. Example: `http://USERNAME:PASSWORD@PROXYIP:PROXYPORT`.|
- |**No Proxy**|The default is blank. You can add a comma-separated list of local network CIDR addresses, hostnames, and domain names that should be excluded from being a proxy. This setting will be propagated to all the nodes to bypass the proxy server. Example if you have a self-hosted environment: `maas.company.com,10.10.0.0/16`.|
+ |**No Proxy**| You will be prompted to provide a list of local network CIDR addresses, hostnames, and domain names that should be excluded from being a proxy. This setting will be propagated to all the nodes to bypass the proxy server. Example if you have a self-hosted environment: `my.company.com,10.10.0.0/16`|
|**Proxy CA Certificate Filepath**|The default is blank. You can provide the filepath of a CA certificate on the installer host. If provided, this CA certificate will be copied to each host in the PCG cluster during deployment. The provided path will be used on the PCG cluster hosts. Example: `/usr/local/share/ca-certificates/ca.crt`.|
|**Pod CIDR**|Enter the CIDR pool IP that will be used to assign IP addresses to pods in the EC cluster. The pod IP addresses should be unique and not overlap with any machine IPs in the environment.|
|**Service IP Range**|Enter the IP address range that will be used to assign IP addresses to services in the EC cluster. The service IP addresses should be unique and not overlap with any machine IPs in the environment.|
@@ -130,7 +153,17 @@ Use the following steps to install Palette.
-9. Select the OCI registry type and provide the configuration values. Review the following table for more information.
+9. Select the tab below that matches your installation type for further guidance.
+
+
+
+
+ Select `y` to use the Spectro Cloud repository and proceed to the next step.
+
+
+
+
+Select the OCI registry type and provide the configuration values. Review the following table for more information.
@@ -142,20 +175,32 @@ Use the following steps to install Palette.
| **Registry Name** | Enter the name of the registry. |
| **Registry Endpoint** | Enter the registry endpoint. |
| **Registry Base Path** | Enter the registry base path. |
- |**Allow Insecure Connection** | Bypasses x509 verification. Type `Y` if using a vSphere instance with self-signed Transport Layer Security (TLS) certificates. Otherwise, type `n`.|
+ |**Allow Insecure Connection** | Bypasses x509 verification. Type `n` to specify a certificate authority in the follow-up prompt. |
+ | **Registry CA certificate filepath** | Specify the file path to the certificate authority. Use absolute paths. |
| **Registry Username** or **Registry Access Key** | Enter the registry username or the access key if using `OCI ECR`. |
| **Registry Password** or **Registry Secret Key** | Enter the registry password or the secret key if using `OCI ECR`. |
| **Registry Region** | Enter the registry region. This option is only available if you are using `OCI ECR`. |
| **ECR Registry Private** | Type `y` if the registry is private. Otherwise, type `n`. |
| **Use Public Registry for Images** | Type `y` to use a public registry for images. Type `n` to a different registry for images. If you are using another registry for images, you will be prompted to enter the registry URL, base path, username, and password. |
-
-10. Next, specify the database storage size to allocate for Palette. The default is 20 GB. Refer to the [size guidelines](../install-palette.md#size-guidelines) for additional information.
+ When prompted to "Pull images from public registry", type `n`. Go ahead and specify the OCI registry configuration values for your image registry. Refer to the table above for more information.
+
+
+:::info
+You will be provided with an opportunity to update the mirror registries values. To exit `vi` press the `Escape` key and type `:wq` to save and exit.
-11. The next set of prompts is for the VMware vSphere account information. Enter the information listed in the following table.
+:::
+
+
+
+
+
+---
+
+10. The next set of prompts is for the VMware vSphere account information. Enter the information listed in the following table.
@@ -189,7 +234,7 @@ Use the following steps to install Palette.
|**SSH Public Keys** | Provide any public SSH keys to access your Palette VMs. This option opens up your system's default text editor. Vi is the default text editor for most Linux distributions. To review basic vi commands, check out the [vi Commands](https://www.cs.colostate.edu/helpdocs/vi.html) reference. |
-12. Specify the IP pool configuration. The placement type can be Static or Dynamic Domain Name Server (DDNS). Choosing static placement creates an IP pool from which VMs are assigned IP addresses. Choosing DDNS assigns IP addresses using DNS.
+11. Specify the IP pool configuration. The placement type can be Static or Dynamic Domain Name Server (DDNS). Choosing static placement creates an IP pool from which VMs are assigned IP addresses. Choosing DDNS assigns IP addresses using DNS.
@@ -207,7 +252,7 @@ Use the following steps to install Palette.
-13. The last set of prompts is for the vSphere machine configuration. Enter the information listed in the following table.
+12. The last set of prompts are for the vSphere machine and database configuration. Use the following table for guidance.
@@ -215,19 +260,28 @@ Use the following steps to install Palette.
|**Parameter** | **Description**|
|-----------------------------------------|----------------|
- | **Number of CPUs** | The number of CPUs allocated to each VM node instance.|
- | **Memory** | The amount of memory allocated to each VM node instance.|
- | **Disk Size** | The size of the disk allocated to each VM node instance.|
+ | **Small** | Deploy VM nodes with 8 CPU, 16 GB memory, 60 GB storage. The database specs are 20 GB database with 2 CPU limit and 4 GB memory limit. |
+ | **Medium** | Deploy VM nodes with 16 CPU, 32 GB memory, 100 GB storage. The database specs are 60 GB database with 4 cpu limit and 8 GB memory limit. |
+ | **Large** | Deploy VM nodes with 32 CPU, 64 GB memory, 120 GB storage. The database specs are 80 GB database with 8 CPU limit and 16 GB memory limit. |
+ | **Custom** | Deploy VM nodes with custom CPU, memory, storage, database size, CPU limit, and memory limit. If you specify custom, you will be prompted for the CPU, memory, and storage. |
+
+
+ #### Additional vSphere Machine Configuration
+
+ |**Parameter** | **Description**|
+ |-----------------------------------------|----------------|
+ | **Node Affinity** | Select the node affinity. Enter `y` to schedule all Palette pods on control plane nodes. |
- The installation process stands up a [kind](https://kind.sigs.k8s.io/) cluster locally that will orchestrate the remainder of the installation. The installation takes some time.
+ The installation process stands up a [kind](https://kind.sigs.k8s.io/) cluster locally that will orchestrate the remainder of the installation. The installation takes some time to complete.
+
- Upon completion, the enterprise cluster configuration file named `ec.yaml` contains the information you provided, and its location is displayed in the terminal. Credentials and tokens are encrypted in the YAML file.
+ The Palette CLI creates a file named `ec.yaml` that contains the information you provided the wizard, and its location is displayed in the terminal. Credentials and tokens are encrypted in the YAML file.
@@ -238,21 +292,45 @@ Use the following steps to install Palette.
- When the installation is complete, Enterprise Cluster Details that include a URL and default credentials are displayed in the terminal. You will use these to access the Palette system console.
+:::tip
+
+ If an error occurs during installation, remove the `kind` cluster that was created and restart the installation. To remove the `kind` cluster, issue the following command. Replace `spectro-mgmt-cluster` with the name of your cluster if you used a different name.
+
+ ```bash
+ kind delete cluster spectro-mgmt-cluster
+ ```
+
+ Restart the install process by referencing the `ec.yaml` file that was created during the first installation attempt.
+ For example:
+
+ ```bash
+ palette ec install --config /home/spectro/.palette/ec/ec-20230706150945/ec.yaml
+ ```
+:::
+ When the installation is complete, Enterprise Cluster Details that include a URL and default credentials are displayed in the terminal. You will use these to access the Palette system console.
+
```bash hideClipboard
- ====================================
- ==== Enterprise Cluster Details ====
- ====================================
- Console URL: https://10.10.189.100/system
- Username: **********
- Password: **********
+ ===========================================
+ ==== Enterprise Cluster System Console ====
+ ===========================================
+ Console URL: https://10.10.100.0/system
+ Username: ************
+ Password: ************
+
+ The first of three Enterprise Cluster nodes is online and will now provision nodes two and three.
+
+ It will take another ~30-45 minutes for the installation to complete.
+
+ You can monitor its progress via kubectl/k9s or by viewing the System Console.
+
+ export KUBECONFIG=/ubuntu/.palette/ec/ec-20231012215923/spectro_mgmt.conf
```
-14. Copy the URL to the browser to access the system console. You will be prompted to reset the password.
+13. Copy the URL to the browser to access the system console. You will be prompted to reset the password.
@@ -269,13 +347,13 @@ Use the following steps to install Palette.
-15. Log in to the system console using the credentials provided in the Enterprise Cluster Details output. After login, you will be prompted to create a new password. Enter a new password and save your changes. You will be redirected to the Palette system console.
+14. Log in to the system console using the credentials provided in the Enterprise Cluster Details output. After login, you will be prompted to create a new password. Enter a new password and save your changes. You will be redirected to the Palette system console.
-16. After login, a Summary page is displayed. Palette is installed with a self-signed SSL certificate. To assign a different SSL certificate you must upload the SSL certificate, SSL certificate key, and SSL certificate authority files to Palette. You can upload the files using the Palette system console. Refer to the [Configure HTTPS Encryption](../../system-management/ssl-certificate-management.md) page for instructions on how to upload the SSL certificate files to Palette.
+15. After login, a Summary page is displayed. Palette is installed with a self-signed SSL certificate. To assign a different SSL certificate you must upload the SSL certificate, SSL certificate key, and SSL certificate authority files to Palette. You can upload the files using the Palette system console. Refer to the [Configure HTTPS Encryption](../../system-management/ssl-certificate-management.md) page for instructions on how to upload the SSL certificate files to Palette.
-17. The last step is to start setting up a tenant. To learn how to create a tenant, check out the [Tenant Management](../../system-management/tenant-management.md) guide.
+16. The last step is to start setting up a tenant. To learn how to create a tenant, check out the [Tenant Management](../../system-management/tenant-management.md) guide.
@@ -293,19 +371,16 @@ You can also validate that a three-node Kubernetes cluster is launched and Palet
1. Log in to the vCenter Server by using vSphere Client.
-2. Navigate to the Datacenter and locate your VM instance.
-
-
-3. Select the VM to access its details page, and verify three nodes are listed.
+2. Navigate to your vSphere Datacenter and locate your Palette VM instances. The VMs are prefixed with the name you provided during the installation. For example, if you provided `spectro-mgmt-cluster` as the name, the VMs are named `spectro-mgmt-cluster-`, followed by a unique set of alphanumeric values. Verify three nodes are available.
-4. Open a web browser session, and use the IP address provided in Enterprise Cluster Details at the completion of the installation to connect to the Palette system console. Copy the IP address to the address bar and append `/system`.
+3. Open a web browser session, and use the IP address provided in Enterprise Cluster Details at the completion of the installation to connect to the Palette system console. Copy the IP address to the address bar and append `/system`.
-5. Log in using your credentials.
+4. Log in using your credentials.
-6. A **Summary** page will be displayed that contains a tile with a **Go to Tenant Management** button. After initial installation, the **Summary** page shows there are zero tenants.
+5. A **Summary** page will be displayed that contains a tile with a **Go to Tenant Management** button. After initial installation, the **Summary** page shows there are zero tenants.
## Next Steps
@@ -317,3 +392,9 @@ After you create the tenant, you are ready to configure authentication types in
## Resources
- [Palette CLI](../../../palette-cli/install-palette-cli.md#download-and-setup)
+
+- [VMware System Requirements](vmware-system-requirements.md)
+
+- [System Management](../../system-management/system-management.md)
+
+- [Enterprise Install Troubleshooting](../../../troubleshooting/enterprise-install.md)
diff --git a/docs/docs-content/enterprise-version/install-palette/install-palette.md b/docs/docs-content/enterprise-version/install-palette/install-palette.md
index e82205846d..c060a7b7f3 100644
--- a/docs/docs-content/enterprise-version/install-palette/install-palette.md
+++ b/docs/docs-content/enterprise-version/install-palette/install-palette.md
@@ -12,10 +12,15 @@ Palette is available as a self-hosted application that you install in your envir
| **Supported Platform** | **Description** | **Install Guide** |
|------------------------|------------------------------------| ------------------|
-| VMware | Install Palette in VMware environment. | [Install on VMware](install-on-vmware/install-on-vmware.md) |
+| VMware | Install Palette in VMware environment. | [Install on VMware](install-on-vmware/install.md) |
| Kubernetes | Install Palette using a Helm Chart in an existing Kubernetes cluster. | [Install on Kubernetes](install-on-kubernetes/install.md) |
+You can also install Palette in an airgap environment. For more information, refer to the [Airgap Installation](airgap/airgap.md) section.
+| **Supported Airgap Platform** | **Description** |
+|------------------------|------------------------------------|
+| VMware | Install Palette in VMware environment using your own OCI registry server. |
+| Kubernetes | Install Palette using a Helm Chart in an existing Kubernetes cluster with your own OCI registry server OR use AWS ECR. |
The next sections provide sizing guidelines we recommend you review before installing Palette in your environment.
@@ -86,4 +91,8 @@ The recommended maximum number of deployed nodes and clusters in the environment
- [Install on Kubernetes](install-on-kubernetes/install.md)
-- [Architecture Diagram and Network Ports](../../architecture/networking-ports.md#self-hosted-network-communications-and-ports)
\ No newline at end of file
+- [Airgap Installation](airgap/airgap.md)
+
+- [Architecture Diagram and Network Ports](../../architecture/networking-ports.md#self-hosted-network-communications-and-ports)
+
+- [Enterprise Install Troubleshooting](../../troubleshooting/enterprise-install.md)
\ No newline at end of file
diff --git a/docs/docs-content/troubleshooting/enterprise-install.md b/docs/docs-content/troubleshooting/enterprise-install.md
new file mode 100644
index 0000000000..97fb433fa7
--- /dev/null
+++ b/docs/docs-content/troubleshooting/enterprise-install.md
@@ -0,0 +1,38 @@
+---
+sidebar_label: "Enterprise Install"
+title: "Enterprise Install"
+description: "Troubleshooting steps for errors encountered when installing an Enterprise Cluster."
+icon: ""
+hide_table_of_contents: false
+sidebar_position: 60
+tags: ["troubleshooting", "self-hosted", "palette", "vertex"]
+---
+
+Refer to the following sections to troubleshoot errors encountered when installing an Enterprise Cluster.
+
+
+## Scenario - Self-linking Error
+
+When installing an Enterprise Cluster, you may encounter an error stating that the enterprise cluster is unable to self-link. Self-linking is the process of Palette or VerteX becoming aware of the Kubernetes cluster it is installed on.
+This error may occur if the self-hosted pack registry specified in the installation is missing the Certificate Authority (CA).
+This issue can be resolved by adding the CA to the pack registry.
+
+### Debug Steps
+
+1. Log in to the pack registry server that you specified in the Palette or VerteX installation.
+
+2. Download the CA certificate from the pack registry server. Different OCI registries have different methods for downloading the CA certificate. For Harbor, check out the [Download the Harbor Certificate](https://goharbor.io/docs/1.10/working-with-projects/working-with-images/pulling-pushing-images/#download-the-harbor-certificate) guide.
+
+3. Log in to the system console. Refer to [Access Palette system console](../enterprise-version/system-management/system-management.md#access-the-system-console) or [Access Vertex system console](../vertex/system-management/system-management.md#access-the-system-console) for additional guidance.
+
+4. From the left navigation menu, select **Administration** and click on the **Pack Registries** tab.
+
+5. Click on the **three-dot Menu** icon for the pack registry that you specified in the installation and select **Edit**.
+
+6. Click on the **Upload file** button and upload the CA certificate that you downloaded in step 2.
+
+7. Check the box **Insecure Skip TLS Verify** and click on **Confirm**.
+
+ 
+
+After a few moments, a system profile will be created and Palette or VerteX will be able to self-link successfully. If you continue to encounter issues, contact our support team by emailing [support@spectrocloud.com](mailto:support@spectrocloud.com) so that we can provide you with further guidance.
\ No newline at end of file
diff --git a/docs/docs-content/troubleshooting/troubleshooting.md b/docs/docs-content/troubleshooting/troubleshooting.md
index d799b2b26a..129994eb10 100644
--- a/docs/docs-content/troubleshooting/troubleshooting.md
+++ b/docs/docs-content/troubleshooting/troubleshooting.md
@@ -17,28 +17,36 @@ Use the following troubleshooting resources to help you address issues that may
-- [Kubernetes Debugging](kubernetes-tips.md)
+- [Cluster Deployment](cluster-deployment.md)
-- [Cluster Deployment](cluster-deployment.md)
+- [Edge](edge.mdx)
+
+
+- [Enterprise Install](enterprise-install.md)
- [Nodes & Clusters](nodes.md)
+
+- [Kubernetes Debugging](kubernetes-tips.md)
+
+
+
- [Packs](pack-issues.md)
- [Palette Dev Engine](palette-dev-engine.md)
-- [Edge](edge.mdx)
+- [Palette Upgrade](palette-upgrade.md)
- [Private Cloud Gateway](pcg.md)
-- [Palette Upgrade](palette-upgrade.md)
+
diff --git a/docs/docs-content/vertex/install-palette-vertex/airgap/_category_.json b/docs/docs-content/vertex/install-palette-vertex/airgap/_category_.json
new file mode 100644
index 0000000000..304de170d3
--- /dev/null
+++ b/docs/docs-content/vertex/install-palette-vertex/airgap/_category_.json
@@ -0,0 +1,4 @@
+{
+ "position": 30
+ }
+
\ No newline at end of file
diff --git a/docs/docs-content/vertex/install-palette-vertex/airgap/airgap.md b/docs/docs-content/vertex/install-palette-vertex/airgap/airgap.md
new file mode 100644
index 0000000000..8e3ea0cd75
--- /dev/null
+++ b/docs/docs-content/vertex/install-palette-vertex/airgap/airgap.md
@@ -0,0 +1,76 @@
+---
+sidebar_label: "Airgap"
+title: "Airgap"
+description: "Learn about Palette VerteX in an airgap environment and how to install Palette in an airgap environment."
+icon: ""
+sidebar_position: 10
+hide_table_of_contents: false
+tags: ["vertex", "self-hosted", "airgap"]
+---
+
+
+You can install Palette VerteX in an airgapped environment. An airgap environment lacks direct access to the internet and is intended for environments with strict security requirements.
+
+The installation process for an airgap environment is different due to the lack of internet access. Before the primary VerteX installation steps, you must download the following artifacts.
+
+* Palette VerteX platform manifests and required platform packages.
+
+
+* Container images for core platform components and third party dependencies.
+
+
+* Palette VerteX packs.
+
+
+The other significant change is that VerteX's default public OCI registry is not used. Instead, a private OCI registry is utilized for storing images and packs.
+
+
+
+## Overview
+Before you can install VerteX in an airgap environment, you must complete all the required pre-install steps.
+The following diagram outlines the major pre-install steps for an airgap installation.
+
+
+
+
+1. Download the airgap setup binary from the support team. The airgap setup binary is a self-extracting archive that contains the Palette platform manifests, images, and required packs. The airgap setup binary is a one-time use binary for uploading VerteX images and packs to your OCI registry. You will not use the airgap setup binary again after the initial installation.
+
+2. Extract the manifest content from the airgap setup binary. The manifest content is hosted on a file server.
+
+3. Install VerteX using the Palette CLI. The Palette CLI is used to install VerteX into your vSphere environment.
+
+4. Configure your VerteX environment.
+
+
+## Get Started
+
+To get started with an airgap VerteX installation, check out the respective platform guide.
+
+- [Kubernetes Airgap Instructions](kubernetes-airgap-instructions.md)
+
+- [VMware vSphere Airgap Instructions](vmware-vsphere-airgap-instructions.md)
+
+
+Each platform guide provides detailed instructions on how to complete the pre-install steps. We also recommend you review the [Checklist](checklist.md) to ensure you have completed all the required steps before deploying the airgap VerteX installation.
+
+
+## Supported Platforms
+
+
+| **Platform** | **OCI Registry** | **Supported**|
+| ------------- | ------------ | -----|
+| Kubernetes | Harbor | ✅ |
+| Kubernetes | AWS ECR | ✅ |
+| VMware vSphere | Harbor | ✅ |
+| VMware vSphere | AWS ECR | ✅ |
+
+
+## Resources
+
+- [Kubernetes Airgap Instructions](kubernetes-airgap-instructions.md)
+
+- [VMware vSphere Airgap Instructions](vmware-vsphere-airgap-instructions.md)
+
+- [Checklist](checklist.md)
+
+- [Additional Packs](supplemental-packs.md)
\ No newline at end of file
diff --git a/docs/docs-content/vertex/install-palette-vertex/airgap/checklist.md b/docs/docs-content/vertex/install-palette-vertex/airgap/checklist.md
new file mode 100644
index 0000000000..72732b5c17
--- /dev/null
+++ b/docs/docs-content/vertex/install-palette-vertex/airgap/checklist.md
@@ -0,0 +1,85 @@
+---
+sidebar_label: "Checklist"
+title: "Checklist"
+description: "An airgap installation of VerteX requires a few steps to be completed before the installation can begin. This checklist will help you prepare for the installation."
+icon: ""
+sidebar_position: 40
+hide_table_of_contents: false
+tags: ["vertex", "self-hosted", "airgap"]
+---
+
+
+Use the following checklist to ensure you have completed all the required steps before deploying the airgap Palette VerteX installation.
+
+
+
+
+
+- [ ] `oras` CLI v1.1.0 or greater is installed and available.
+
+- [ ] `aws` CLI v2 or greater CLI is installed and available.
+
+- [ ] `zip` is installed and available.
+
+- [ ] Downloaded the airgap setup binary from the support team.
+
+- [ ] Created a private repository with the name `spectro-packs` in your OCI registry. You can use a different name if you prefer.
+
+- [ ] Created a public repository with the name `spectro-images` in your OCI registry. You can use a different name if you prefer.
+
+- [ ] Authenticated with your OCI registry and acquired credentials to both repositories.
+
+- [ ] Download the Certificate Authority (CA) certificate from your OCI registry.
+
+- [ ] Set the required environment variables for the airgap setup binary. The values are different depending on what type of OCI registry you use.
+
+- [ ] Started the airgap setup binary and verified the setup completed successfully.
+
+- [ ] Reviewed the list of pack binaries to download and upload to your OCI registry.
+
+- [ ] Extracted the manifest content from the airgap setup binary to an HTTP file server.
+
+- [ ] Ensured the manifest content is hosted on an HTTP file server that is accessible from the environment you are installing VerteX.
+
+
+
+
+
+
+
+- [ ] `oras` CLI v1.1.0 or greater is installed and available.
+
+- [ ] `aws` CLI v2 or greater CLI is installed and available.
+
+- [ ] `zip` is installed and available.
+
+- [ ] Downloaded the airgap setup binary from the support team.
+
+- [ ] Created a vSphere VM and Template folder with the name `spectro-templates`.
+
+- [ ] Imported the Operating System and Kubernetes distribution OVA required for the install and placed the OVA in the `spectro-templates` folder.
+
+- [ ] Appended an `r_` prefix to the OVA name after the import.
+
+- [ ] Created a private repository with the name `spectro-packs` in your OCI registry. You can use a different name if you prefer.
+
+- [ ] Created a public repository with the name `spectro-images` in your OCI registry. You can use a different name if you prefer.
+
+- [ ] Authenticated with your OCI registry and acquired credentials to both repositories.
+
+- [ ] Download the Certificate Authority (CA) certificate from your OCI registry.
+
+- [ ] Set the required environment variables for the airgap setup binary. Refer to step 8 in the [Preparation](#preperation) section for information.
+
+- [ ] Started the airgap setup binary and verified the setup completed successfully
+
+- [ ] Reviewed the list of pack binaries to download and upload to your OCI registry.
+
+- [ ] Extracted the manifest content from the airgap setup binary to an HTTP file server.
+
+- [ ] Ensured the manifest content is hosted on an HTTP file server that is accessible from the vSphere environment you are installing VerteX.
+
+
+
+
+
\ No newline at end of file
diff --git a/docs/docs-content/vertex/install-palette-vertex/airgap/kubernetes-airgap-instructions.md b/docs/docs-content/vertex/install-palette-vertex/airgap/kubernetes-airgap-instructions.md
new file mode 100644
index 0000000000..9a9e5e912b
--- /dev/null
+++ b/docs/docs-content/vertex/install-palette-vertex/airgap/kubernetes-airgap-instructions.md
@@ -0,0 +1,334 @@
+---
+sidebar_label: "Kubernetes Airgap Instructions"
+title: "Kubernetes Airgap Instructions"
+description: "Learn how to install VerteX into an air gap environment."
+icon: ""
+hide_table_of_contents: false
+sidebar_position: 20
+tags: ["vertex", "enterprise", "airgap", "kubernetes"]
+---
+
+
+
+
+
+This guide provides instructions to prepare your airgap environment for a Palette VerteX installation by completing the required preparatory steps 1 and 2 shown in the diagram. The respective installation guides for each platform cover the remaining installation process.
+
+
+## Prepare Airgap Installation
+
+Use the following steps to prepare your airgap environment for a VerteX installation.
+
+:::tip
+
+Carefully review the [prerequisites](#prerequisites) section before proceeding. This will save you time and frustration. Each prerequisite is required for a successful installation.
+
+:::
+
+## Prerequisites
+
+
+- An x86 Linux jumpbox or bastion host with connectivity to the target platform where you are installing VerteX.
+
+
+- 30 GB of disk space available for the airgap setup binary and temporary files. The airgap content uncompressed is approximately 20 GB.
+
+- An OCI registry such as [Harbor](https://goharbor.io/) or [AWS ECR](https://aws.amazon.com/ecr/) to store VerteX images and packages. The OCI registry must be accessible from the Kubernetes cluster. We have verified the installation against Harbor and AWS ECR. Other OCI registries may work but have not been tested.
+
+ :::caution
+
+ Ensure the OCI registries are set up with HTTPS. AWS ECR is enabled with HTTPS by default. Harbor requires you to enable HTTPS. If you are using Harbor, you must enable HTTPS to authenticate with the registry.
+ Refer to the [Harbor](https://goharbor.io/docs/2.9.0/install-config/configure-https) documentation for guidance.
+ :::
+
+
+- An HTTP file server to host the VerteX manifest. The file server must be accessible from the target environment where VerteX will be installed. Below is a list of common file servers:
+ - [Apache HTTP Server](https://httpd.apache.org/)
+
+ - [Nginx](https://www.nginx.com/)
+
+ - [Caddy](https://caddyserver.com/)
+
+
+
+ :::caution
+
+ Take the necessary steps to secure your file server and ensure it can automatically recover from a failure. The file server is a critical component of the airgap installation and must be available post-install for VerteX to function properly.
+
+ :::
+
+
+- jq - Command-line JSON processor installed and available. Refer to the [jq](https://jqlang.github.io/jq/download/) download page for guidance.
+
+
+- To interact with the OCI registry, you must have the following tools installed and available.
+
+ - [AWS CLI v2](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) - Required for AWS ECR.
+
+ - [Oras](https://oras.land/docs/installation.html) CLI v1.1.0 or greater - Required for the setup script.
+
+ - [zip](https://linux.die.net/man/3/zip) - Required for the setup script.
+
+ - [unzip](https://linux.die.net/man/1/unzip) - or equivalent for extracting the manifest content from the airgap setup binary.
+
+
+
+
+
+## Instructions
+
+Complete the following steps before deploying the airgap VerteX installation.
+
+
+1. Log in to the OCI registry where you will host the VerteX images and packages.
+
+2. Create a repository with the name `spectro-packs` and ensure the repository is private. This repository will host the VerteX packs.
+ - Refer to the [Create Projects](https://goharbor.io/docs/2.0.0/working-with-projects/create-projects/) guide for information about creating a repository in Harbor.
+ - Refer to the [Create a repository](https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-create.html) guide for information about creating a repository in AWS ECR.
+
+3. In your OCI registry, create another repository with the name `spectro-images` and ensure the repository is public. The public repositry will host the images required by VerteX.
+
+
+4. Download the Certificate Authority (CA) for your OCI registry. You will need to provide the installation process the CA, otherwise you may encounter errors when authenticating with the OCI registry which could result in an incomplete install.
+
+5. Log in to the Linux environment where you will download the airgap binaries and complete the remaining steps, including the VerteX installation.
+
+
+6. Authenticate with your OCI registry and acquire credentials to both repositories you created earlier. You will need these credentials when deploying the airgap VerteX installation.
+
+
+
+
+ Use `oras` to log in to your OCI registry. Replace the values below with your environment configuration values. Check out the [oras login](https://oras.land/docs/commands/oras_login) documentation for information about additional CLI flags and examples.
+
+ ```shell
+ oras login X.X.X.X --user 'yourUserNameHere' --password 'yourPasswordHere'
+ ```
+
+ If you are using a Harbor registry with a self-signed certificate, you will need to add the `--insecure` flag to the `oras` command.
+
+ ```shell
+ oras login X.X.X.X --insecure --user 'yourUserNameHere' --password 'yourPasswordHere'
+ ```
+
+
+
+
+ You can acquire the AWS ECR authentication command from the AWS ECR console. From the ECR repository details page, click on the **View push commands** button to access the command. Refer to the [AWS ECR Authentication](https://docs.aws.amazon.com/AmazonECR/latest/userguide/getting-started-cli.html#cli-authenticate-registry) documentation for more information.
+
+ Below is the command you will use to authenticate to AWS ECR. The output of the `aws` command is passed to `oras` to authenticate with the ECR registry. Replace the values below with your environment configuration values.
+
+ ```shell
+ aws ecr get-login-password --region xxxxx | oras login --username AWS --password-stdin 1234567890.dkr.ecr.us-east-1.amazonaws.com
+ ```
+
+ For the public image repository, use the `docker` CLI instead of using `oras`. Replace the values below with your environment configuration values.
+
+ ```shell
+ aws ecr-public get-login-password --region xxxxx | docker login --username AWS --password-stdin public.ecr.aws/xxxxxxx
+ ```
+
+
+
+
+ :::tip
+
+ Be aware of the timeout period for the authentication token. The process of uploading images and packages to the OCI registry can take a approximately an hour. If the authentication token expires, you will need to re-authenticate to the OCI registry and restart the upload process.
+
+ :::
+
+---
+
+7. The airgap setup binary requires a set of environment variables to be available and populated. The environment variables will be different depending on the OCI registry you are using. Select the OCI registry and populate the environment variables accordingly.
+
+
+
+
+
+
+ - `OCI_IMAGE_REGISTRY`: The IP address or domain name of the OCI registry.
+ - `OCI_PACK_BASE`: The namespace or repository name that hosts the VerteX Packs.
+ - `OCI_PACK_REGISTRY`: The IP address or domain name of the OCI registry.
+ - `OCI_IMAGE_BASE`: The namespace or repository name that hosts the VerteX images.
+
+ ```shell
+ export OCI_IMAGE_REGISTRY=
+ export OCI_PACK_BASE=spectro-packs
+ export OCI_PACK_REGISTRY=
+ export OCI_IMAGE_BASE=spectro-images
+ ```
+
+ Example
+
+ ```shell hideClipboard
+ export OCI_IMAGE_REGISTRY=example.internal.com
+ export OCI_PACK_BASE=spectro-packs
+ export OCI_PACK_REGISTRY=10.10.100.48
+ export OCI_IMAGE_BASE=spectro-images
+ ```
+
+
+
+
+
+
+ - `ECR_IMAGE_REGISTRY`: The IP address or domain name of the public OCI registry for images.
+ - `ECR_IMAGE_BASE`: The namespace or repository name that hosts the VerteX images.
+ - `ECR_IMAGE_REGISTRY_REGION`: The AWS region where the ECR registry is located.
+ - `ECR_PACK_BASE`: The namespace or repository name that hosts the VerteX Packs.
+ - `ECR_PACK_REGISTRY`: The IP address or domain name of the OCI registry.
+ - `ECR_PACK_REGISTRY_REGION`: The AWS region where the ECR registry is located.
+
+ ```shell
+ export ECR_IMAGE_REGISTRY=
+ export ECR_IMAGE_BASE=spectro-images
+ export ECR_IMAGE_REGISTRY_REGION=us-east-1
+ export ECR_PACK_REGISTRY=
+ export ECR_PACK_BASE=spectro-packs
+ export ECR_PACK_REGISTRY_REGION=us-east-1
+ ```
+
+ Example
+
+ ```shell hideClipboard
+ export ECR_IMAGE_REGISTRY=public.ecr.aws/1234567890
+ export ECR_IMAGE_BASE=spectro-images
+ export ECR_IMAGE_REGISTRY_REGION=us-east-1
+ export ECR_PACK_REGISTRY=123456789.dkr.ecr.us-east-1.amazonaws.com
+ export ECR_PACK_BASE=spectro-packs
+ export ECR_PACK_REGISTRY_REGION=us-east-1
+ ```
+
+
+
+
+---
+
+8. Download the airgap setup binary. Our support team will provide you with the proper version and credentials. Replace the values in the commands below with our support team's recommended version and credentials.
+
+ ```shell
+ VERSION=4.0.19
+ ```
+
+ ```shell
+ curl --user XXXXX:YYYYYYY https://software-private.spectrocloud.com/airgap-fips/$VERSION/airgap-fips-v$VERSION.bin \
+ --output airgap-fips-v$VERSION.bin
+ ```
+
+9. Update the airgap setup binary permissions to allow execution. Replace the file name below with the name of the airgap setup binary you downloaded.
+
+ ```shell
+ chmod +x airgap-fips-v$VERSION.bin
+ ```
+
+10. Start the airgap setup binary. Replace the file name below with the name of the airgap setup binary you downloaded.
+
+ ```shell
+ ./airgap-fips-v$VERSION.bin
+ ```
+ Upon completion, a success message will be displayed. The output is condensed for brevity.
+
+ ```shell hideClipboard {10}
+ Verifying archive integrity... 100% MD5 checksums are OK. All good.
+ Uncompressing Airgap Setup - Version 4.0.17 100%
+ Setting up Packs
+ - Pushing Pack cni-calico:3.25.1
+ ...
+ Setting up Images
+ - Pushing image docker.io/kindest/kindnetd:v20230227-15197099
+ - Pushing image gcr.io/cloud-provider-vsphere/cpi/release/manager:v1.22.8
+ .....
+ Preparing Manifests Archive
+ Manifests are available in /tmp/spectro-manifests-1696971110.zip. Extract the archive to a file server to serve as a Spectro Cloud Repository
+ Setup Completed
+ ```
+
+ :::info
+
+ If you encounter an error during the airgap setup process, verify the required environment variables are set and populated correctly. If you are still having issues, reach out to our support team for assistance.
+ :::
+
+
+11. Move the manifest file located in your temporary directory to the location of your file server. Unzip the manifest file to a folder accessible by the file server. Replace the file name below with the name of the manifest file provided to you by the airgap setup.
+
+ ```shell
+ unzip spectro-manifests-XXXXXXXXXXXX.zip -d /target/folder
+ ```
+
+ :::tip
+
+ If you want to get started quickly with a file server, install [Caddy](https://caddyserver.com/docs/quick-starts/static-files) or use Python3's [http sever](https://docs.python.org/3/library/http.server.html) and issue one of the following commands in the folder where you unzipped the manifest content. Each command will start a file server on port 2015.
+
+ ```shell
+ caddy file-server --listen :2015 --browse
+ ```
+
+ ```shell
+ python3 -m http.server 2015
+ ```
+
+ We do not recommend serving the manifest content over HTTP, but it is an option if you want to get started quickly. For production workloads, enable HTTPS on your file server.
+ :::
+
+
+12. Review the additional packs available for download. The supplemental packs are optional and not required for a successful installation. However, to create cluster profiles you may require several of the packs available for download. Refer to the [Additional Packs](supplemental-packs.md) resource for a list of available packs.
+
+
+
+13. Once you select the packs you want to install, download the pack binaries and start the binary to initiate the upload process.
+
+ In the example below, the `airgap-fips-pack-amazon-linux-eks-1.0.0.bin` binary is downloaded and started.
+
+ ```shell
+ chmod +x airgap-fips-pack-amazon-linux-eks-1.0.0.bin && \
+ ./airgap-fips-pack-amazon-linux-eks-1.0.0.bin
+ ```
+
+ ```shell hideClipboard
+ Verifying archive integrity... 100% MD5 checksums are OK. All good.
+ Uncompressing Airgap Pack - amazon-linux-eks Version 4.0.17 100%
+ Setting up Packs
+ - Pushing Pack amazon-linux-eks:1.0.0
+ Setup Completed
+ ```
+
+14. Repeat step 13 for each pack you want to install.
+
+You now have completed the preparation steps for an airgap installation. Check out the [Validate](#validate) section to ensure the airgap setup process completed successfully.
+
+
+## Validate
+
+Use the following steps to validate the airgap setup process completed successfully.
+
+
+1. Log in to your OCI registry and verify the VerteX images and packs are available.
+
+
+2. Verify the manifest file is accessible from the file server. The manifest file is required for the VerteX installation process. The screenshot below is an example of a file server hosting the unzipped manifest content. The example is using Caddy as the file server.
+
+ 
+
+
+3. Ensure your file server is accessible from the environment you are installing VerteX. Use the following command to verify the manifest content is accessible from the file server. Replace the hostname or IP address below with your file server hostname or IP address.
+
+ ```shell
+ curl http://:/roar/nickfury/versions.yaml
+ ```
+
+ ```yaml hideClipboard
+ versions:
+ - version: "3.3"
+ filepath: "/roar/nickfury/3.3/version.yaml"
+ patchVersionsFilepath: "/roar/nickfury/3.3/versions.yaml"
+ - version: "3.4"
+ filepath: "/roar/nickfury/3.4/version.yaml"
+ patchVersionsFilepath: "/roar/nickfury/3.4/versions.yaml"
+ - version: "4.0"
+ filepath: "/roar/nickfury/4.0/version.yaml"
+ patchVersionsFilepath: "/roar/nickfury/4.0/versions.yaml"
+ ```
+
+## Next Steps
+
+You are now ready to deploy the airgap VerteX installation. The important difference is that you will specify your OCI registry and file server during the installation process. Refer to the [Kubernetes Install Instructions](../install-on-kubernetes/install-on-kubernetes.md) guide for detailed guidance on installing VerteX.
\ No newline at end of file
diff --git a/docs/docs-content/vertex/install-palette-vertex/airgap/supplemental-packs.md b/docs/docs-content/vertex/install-palette-vertex/airgap/supplemental-packs.md
new file mode 100644
index 0000000000..4c10837bbc
--- /dev/null
+++ b/docs/docs-content/vertex/install-palette-vertex/airgap/supplemental-packs.md
@@ -0,0 +1,66 @@
+---
+sidebar_label: "Additional Packs"
+title: "Additional Packs"
+description: "Learn how to install additional packs for an airgap VerteX install."
+icon: ""
+sidebar_position: 50
+hide_table_of_contents: false
+tags: ["vertex", "self-hosted", "airgap"]
+---
+
+
+
+Review the following table to determine which pack binaries you need to download and upload to your OCI registry.
+
+
+| **File Name** | **Download URL** |
+|-------------------------------------------------------------|--------------------------------------------------------------------------------------------------------|
+| `airgap-fips-pack-amazon-linux-eks-1.0.0.bin` | https://software-private.spectrocloud.com/airgap-fips/packs/airgap-fips-pack-amazon-linux-eks-1.0.0.bin |
+| `airgap-fips-pack-cni-aws-vpc-eks-helm-fips-1.1.17.bin` | https://software-private.spectrocloud.com/airgap-fips/packs/airgap-fips-pack-cni-aws-vpc-eks-helm-fips-1.1.17.bin |
+| `airgap-fips-pack-cni-calico-3.24.1.bin` | https://software-private.spectrocloud.com/airgap-fips/packs/airgap-fips-pack-cni-calico-3.24.1.bin |
+| `airgap-fips-pack-cni-calico-3.25.1.bin` | https://software-private.spectrocloud.com/airgap-fips/packs/airgap-fips-pack-cni-calico-3.25.1.bin |
+| `airgap-fips-pack-csi-aws-ebs-1.17.0.bin` | https://software-private.spectrocloud.com/airgap-fips/packs/airgap-fips-pack-csi-aws-ebs-1.17.0.bin |
+| `airgap-fips-pack-csi-longhorn-fips-1.4.1.bin` | https://software-private.spectrocloud.com/airgap-fips/packs/airgap-fips-pack-csi-longhorn-fips-1.4.1.bin|
+| `airgap-fips-pack-csi-vsphere-csi-3.0.0.bin` | https://software-private.spectrocloud.com/airgap-fips/packs/airgap-fips-pack-csi-vsphere-csi-3.0.0.bin |
+| `airgap-fips-pack-edge-k3s-1.27.2.bin` | https://software-private.spectrocloud.com/airgap-fips/packs/airgap-fips-pack-edge-k3s-1.27.2.bin |
+| `airgap-fips-pack-edge-k8s-1.24.13.bin` | https://software-private.spectrocloud.com/airgap-fips/packs/airgap-fips-pack-edge-k8s-1.24.13.bin |
+| `airgap-fips-pack-edge-k8s-1.25.9.bin` | https://software-private.spectrocloud.com/airgap-fips/packs/airgap-fips-pack-edge-k8s-1.25.9.bin |
+| `airgap-fips-pack-edge-k8s-1.26.4.bin` | https://software-private.spectrocloud.com/airgap-fips/packs/airgap-fips-pack-edge-k8s-1.26.4.bin |
+| `airgap-fips-pack-edge-k8s-1.27.2.bin` | https://software-private.spectrocloud.com/airgap-fips/packs/airgap-fips-pack-edge-k8s-1.27.2.bin |
+| `airgap-fips-pack-edge-native-byoi-1.0.0.bin` | https://software-private.spectrocloud.com/airgap-fips/packs/airgap-fips-pack-edge-native-byoi-1.0.0.bin |
+| `airgap-fips-pack-edge-rke2-1.24.6.bin` | https://software-private.spectrocloud.com/airgap-fips/packs/airgap-fips-pack-edge-rke2-1.24.6.bin |
+| `airgap-fips-pack-edge-rke2-1.25.0.bin` | https://software-private.spectrocloud.com/airgap-fips/packs/airgap-fips-pack-edge-rke2-1.25.0.bin |
+| `airgap-fips-pack-edge-rke2-1.25.2.bin` | https://software-private.spectrocloud.com/airgap-fips/packs/airgap-fips-pack-edge-rke2-1.25.2.bin |
+| `airgap-fips-pack-edge-rke2-1.26.4.bin` | https://software-private.spectrocloud.com/airgap-fips/packs/airgap-fips-pack-edge-rke2-1.26.4.bin |
+| `airgap-fips-pack-edge-rke2-1.27.2.bin` | https://software-private.spectrocloud.com/airgap-fips/packs/airgap-fips-pack-edge-rke2-1.27.2.bin |
+| `airgap-fips-pack-generic-byoi-1.0.0.bin` | https://software-private.spectrocloud.com/airgap-fips/packs/airgap-fips-pack-generic-byoi-1.0.0.bin |
+| `airgap-fips-pack-kubernetes-1.25.10.bin` | https://software-private.spectrocloud.com/airgap-fips/packs/airgap-fips-pack-kubernetes-1.25.10.bin |
+| `airgap-fips-pack-kubernetes-1.25.9.bin` | https://software-private.spectrocloud.com/airgap-fips/packs/airgap-fips-pack-kubernetes-1.25.9.bin |
+| `airgap-fips-pack-kubernetes-1.26.4.bin` | https://software-private.spectrocloud.com/airgap-fips/packs/airgap-fips-pack-kubernetes-1.26.4.bin |
+| `airgap-fips-pack-kubernetes-1.26.5.bin` | https://software-private.spectrocloud.com/airgap-fips/packs/airgap-fips-pack-kubernetes-1.26.5.bin |
+| `airgap-fips-pack-kubernetes-1.27.1.bin` | https://software-private.spectrocloud.com/airgap-fips/packs/airgap-fips-pack-kubernetes-1.27.1.bin |
+| `airgap-fips-pack-kubernetes-1.27.2.bin` | https://software-private.spectrocloud.com/airgap-fips/packs/airgap-fips-pack-kubernetes-1.27.2.bin |
+| `airgap-fips-pack-kubernetes-eks-1.24.bin` | https://software-private.spectrocloud.com/airgap-fips/packs/airgap-fips-pack-kubernetes-eks-1.24.bin |
+| `airgap-fips-pack-kubernetes-eks-1.25.bin` | https://software-private.spectrocloud.com/airgap-fips/packs/airgap-fips-pack-kubernetes-eks-1.25.bin |
+| `airgap-fips-pack-kubernetes-rke2-1.25.10-rke2r1-build20230518.bin` | https://software-private.spectrocloud.com/airgap-fips/packs/airgap-fips-pack-kubernetes-rke2-1.25.10-rke2r1-build20230518.bin |
+| `airgap-fips-pack-kubernetes-rke2-1.26.5-rke2r1-build20230518.bin` | https://software-private.spectrocloud.com/airgap-fips/packs/airgap-fips-pack-kubernetes-rke2-1.26.5-rke2r1-build20230518.bin |
+| `airgap-fips-pack-spectro-proxy-1.3.0.bin` | https://software-private.spectrocloud.com/airgap-fips/packs/airgap-fips-pack-spectro-proxy-1.3.0.bin |
+| `airgap-fips-pack-spectro-proxy-1.4.0.bin` | https://software-private.spectrocloud.com/airgap-fips/packs/airgap-fips-pack-spectro-proxy-1.4.0.bin |
+| `airgap-fips-pack-ubuntu-aws-20.04.bin` | https://software-private.spectrocloud.com/airgap-fips/packs/airgap-fips-pack-ubuntu-aws-20.04.bin |
+| `airgap-fips-pack-ubuntu-vsphere-20.04.bin` | https://software-private.spectrocloud.com/airgap-fips/packs/airgap-fips-pack-ubuntu-vsphere-20.04.bin |
+
+
+## Download Instructions
+
+To download a binary you must provide the username and password for the support team's private repository. Reach out to our support team to [obtain the credentials](../../vertex.md#access-palette-vertex). The following example shows how to download the `airgap-fips-pack-amazon-linux-eks-1.0.0.bin` binary.
+
+```bash
+$ curl --user XXXXX:YYYYY https://software-private.spectrocloud.com/airgap-fips/packs/airgap-fips-pack-amazon-linux-eks-1.0.0.bin \
+ --output airgap-fips-pack-amazon-linux-eks-1.0.0.bin
+```
+
+:::info
+
+All binaries require the OCI environment variables to be set and for the registry credentials to be available.
+
+:::
\ No newline at end of file
diff --git a/docs/docs-content/vertex/install-palette-vertex/airgap/vmware-vsphere-airgap-instructions.md b/docs/docs-content/vertex/install-palette-vertex/airgap/vmware-vsphere-airgap-instructions.md
new file mode 100644
index 0000000000..48e20916e9
--- /dev/null
+++ b/docs/docs-content/vertex/install-palette-vertex/airgap/vmware-vsphere-airgap-instructions.md
@@ -0,0 +1,361 @@
+---
+sidebar_label: "VMware vSphere Airgap Instructions"
+title: "VMware vSphere Airgap Instructions"
+description: "Learn how to install VerteX in an air gap environment."
+icon: ""
+hide_table_of_contents: false
+sidebar_position: 30
+tags: ["vertex", "enterprise", "airgap", "vmware", "vsphere"]
+---
+
+
+
+
+
+This guide provides instructions for preparing your airgap environment for a Palette VerteX installation, by ensuring you complete all the required preparatory steps 1 and 2 shown in the diagram. The installation process is covered in the respective installation guides for each platform.
+
+
+## Prepare Airgap Installation
+
+Use the following steps to prepare your airgap environment for a VerteX installation.
+
+:::tip
+
+Carefully review the [prerequisites](#prerequisites) section before proceeding. This will save you time and frustration. Each prerequisite is required for a successful installation.
+
+:::
+
+## Prerequisites
+
+
+- An x86 Linux jumpbox or bastion host with connectivity to the target platform where you are installing VerteX.
+
+
+- 30 GB of disk space available for the airgap setup binary and temporary files. The uncompressed airgap content is approximately 20 GB.
+
+- An OCI registry such as [Harbor](https://goharbor.io/) or [AWS ECR](https://aws.amazon.com/ecr/) to store VerteX images and packages. The OCI registry must be accessible from the VMware vSphere environment. We have verified the installation against Harbor and AWS ECR. Other OCI registries may work but have not been tested.
+
+ :::caution
+
+ Ensure the OCI registries are set up with HTTPS. AWS ECR is enabled with HTTPS by default. Harbor requires you to enable HTTPS. If you are using Harbor, you must enable HTTPS to authenticate with the registry.
+ Refer to the [Harbor](https://goharbor.io/docs/2.9.0/install-config/configure-https) documentation for guidance.
+ :::
+
+
+- An HTTP file server to host the VerteX manifest. The file server must be accessible from the target environment where VerteX will be installed. Below is a list of common HTTP file servers:
+ - [Apache HTTP Server](https://httpd.apache.org/)
+
+ - [Nginx](https://www.nginx.com/)
+
+ - [Caddy](https://caddyserver.com/)
+
+
+
+ :::caution
+
+ Take the necessary steps to secure your file server and ensure it can automatically recover from a failure. The file server is a critical component of the airgap installation and must be available post-install for VerteX to function properly.
+
+ :::
+
+
+- jq - Command-line JSON processor installed and available. Refer to the [jq](https://jqlang.github.io/jq/download/) download page for guidance.
+
+
+- To interact with the OCI registry, you must have the following tools installed and available.
+
+ - [AWS CLI v2](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) - Required for AWS ECR.
+
+ - [Oras](https://oras.land/docs/installation.html) CLI v1.1.0 or greater - Required for the setup script.
+
+ - [zip](https://linux.die.net/man/3/zip) - required for the setup script.
+
+ - [unzip](https://linux.die.net/man/1/unzip) - or equivalent for extracting the manifest content from the airgap setup binary.
+
+
+- Palette CLI installed and available. Refer to the Palette CLI [Install](../../../palette-cli/install-palette-cli.md#download-and-setup) page for guidance.
+
+
+- Review the required vSphere [permissions](../install-on-vmware/vmware-system-requirements.md). Ensure you have created the proper custom roles and zone tags. Zone tagging is required for dynamic storage allocation across fault domains when provisioning workloads that require persistent storage. Refer to [Zone Tagging](../install-on-vmware/install-on-vmware.md#vsphere-machine-configuration) for information.
+
+
+
+
+:::info
+
+Self-hosted VerteX installations provide a system Private Cloud Gateway (PCG) out-of-the-box and typically do not require a separate, user-installed PCG. However, you can create additional PCGs as needed to support provisioning into remote data centers that do not have a direct incoming connection to VerteX. To learn how to install a PCG on VMware, check out the [VMware](../../../clusters/data-center/vmware.md) guide.
+
+:::
+
+
+
+## Instructions
+
+
+Complete the following steps before deploying the airgap VerteX installation.
+
+1. Log in to your vCenter environment.
+
+
+2. Create a vSphere VM and Template folder with the name `spectro-templates`. Ensure this folder is accessible by the user account you will use to deploy the airgap VerteX installation.
+
+
+3. Use the URL below to import the Operating System and Kubernetes distribution OVA required for the install. Place the OVA in the `spectro-templates` folder. Refer to the [Import Items to a Content Library](https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-vm-administration/GUID-B413FBAE-8FCB-4598-A3C2-8B6DDA772D5C.html?hWord=N4IghgNiBcIJYFsAOB7ATgFwAQYKbIjDwGcQBfIA) guide for information about importing an OVA in vCenter.
+
+ ```url
+ https://vmwaregoldenimage-console.s3.us-east-2.amazonaws.com/u-2004-0-k-12510-fips.ova
+ ```
+
+4. Append an `r_` prefix to the OVA name after the import. For example, `r_u-2004-0-k-12510-fips.ova`. This prefix is required for the install process to identify the OVA.
+
+
+5. In your OCI registry, create a repository with the name `spectro-packs` and ensure the repository is private. This repository will host the VerteX Packs.
+ - Refer to the [Create Projects](https://goharbor.io/docs/2.0.0/working-with-projects/create-projects/) guide for information about creating a repository in Harbor.
+ - Refer to the [Create a repository](https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-create.html) guide for information about creating a repository in AWS ECR.
+
+6. In your OCI registry, create another repository with the name `spectro-images` and ensure the repository is public. The repositry will host VerteX images.
+
+
+7. Download the Certificate Authority (CA) for your OCI registry. You will need to provide the CA during the installation process. Otherwise, you may encounter errors when authenticating with the OCI registry, which could result in an incomplete install.
+
+
+8. Log in to the Linux environment where you will download the airgap binaries and complete the remaining steps, including the VerteX installation.
+
+
+9. Authenticate with your OCI registry and acquire credentials to both repositories you created earlier. You will need these credentials when deploying the airgap VerteX installation.
+
+
+
+
+ Use `oras` to log in to your OCI registry. Replace the values below with your environment configuration values. Check out the [oras login](https://oras.land/docs/commands/oras_login) documentation for information about additional CLI flags and examples.
+
+ ```shell
+ oras login X.X.X.X --user 'yourUserNameHere' --password 'yourPasswordHere'
+ ```
+
+ If you are using a Harbor registry with a self-signed certificate, you will need to add the `--insecure` flag to the `oras` command.
+
+ ```shell
+ oras login X.X.X.X --insecure --user 'yourUserNameHere' --password 'yourPasswordHere'
+ ```
+
+
+
+
+ You can acquire the AWS ECR authentication command from the AWS ECR console. From the ECR repository details page, click on the **View push commands** button to access the command. Refer to the [AWS ECR Authentication](https://docs.aws.amazon.com/AmazonECR/latest/userguide/getting-started-cli.html#cli-authenticate-registry) documentation for more information.
+
+ Below is the command you will use to authenticate to AWS ECR. The output of the `aws` command is passed to `oras` to authenticate with the ECR registry. Replace the values below with your environment configuration values.
+
+ ```shell
+ aws ecr get-login-password --region xxxxx | oras login --username AWS --password-stdin 1234567890.dkr.ecr.us-east-1.amazonaws.com
+ ```
+
+ For the public image repository, use the `docker` CLI instead of using `oras`. Replace the values below with your environment configuration values.
+
+ ```shell
+ aws ecr-public get-login-password --region xxxxx | docker login --username AWS --password-stdin public.ecr.aws/xxxxxxx
+ ```
+
+
+
+
+ :::tip
+
+ Be aware of the timeout period for the authentication token. The process of uploading images and packages to the OCI registry can take a approximately an hour. If the authentication token expires, you will need to re-authenticate to the OCI registry and restart the upload process.
+
+ :::
+
+---
+
+10. The airgap setup binary requires a set of environment variables to be available and populated. The environment variables will be different depending on the OCI registry you are using. Select the OCI registry and populate the environment variables accordingly.
+
+
+
+
+
+
+ - `OCI_IMAGE_REGISTRY`: The IP address or domain name of the OCI registry.
+ - `OCI_PACK_BASE`: The namespace or repository name that hosts the VerteX Packs.
+ - `OCI_PACK_REGISTRY`: The IP address or domain name of the OCI registry.
+ - `OCI_IMAGE_BASE`: The namespace or repository name that hosts the VerteX images.
+
+ ```shell
+ export OCI_IMAGE_REGISTRY=
+ export OCI_PACK_BASE=spectro-packs
+ export OCI_PACK_REGISTRY=
+ export OCI_IMAGE_BASE=spectro-images
+ ```
+
+ Example
+
+ ```shell hideClipboard
+ export OCI_IMAGE_REGISTRY=example.internal.com
+ export OCI_PACK_BASE=spectro-packs
+ export OCI_PACK_REGISTRY=10.10.100.48
+ export OCI_IMAGE_BASE=spectro-images
+ ```
+
+
+
+
+
+
+ - `ECR_IMAGE_REGISTRY`: The IP address or domain name of the public OCI registry for images.
+ - `ECR_IMAGE_BASE`: The namespace or repository name that hosts the VerteX images.
+ - `ECR_IMAGE_REGISTRY_REGION`: The AWS region where the ECR registry is located.
+ - `ECR_PACK_BASE`: The namespace or repository name that hosts the VerteX Packs.
+ - `ECR_PACK_REGISTRY`: The IP address or domain name of the OCI registry.
+ - `ECR_PACK_REGISTRY_REGION`: The AWS region where the ECR registry is located.
+
+ ```shell
+ export ECR_IMAGE_REGISTRY=
+ export ECR_IMAGE_BASE=spectro-images
+ export ECR_IMAGE_REGISTRY_REGION=us-east-1
+ export ECR_PACK_REGISTRY=
+ export ECR_PACK_BASE=spectro-packs
+ export ECR_PACK_REGISTRY_REGION=us-east-1
+ ```
+
+ Example
+
+ ```shell hideClipboard
+ export ECR_IMAGE_REGISTRY=public.ecr.aws/1234567890
+ export ECR_IMAGE_BASE=spectro-images
+ export ECR_IMAGE_REGISTRY_REGION=us-east-1
+ export ECR_PACK_REGISTRY=123456789.dkr.ecr.us-east-1.amazonaws.com
+ export ECR_PACK_BASE=spectro-packs
+ export ECR_PACK_REGISTRY_REGION=us-east-1
+ ```
+
+
+
+
+---
+
+11. Download the airgap setup binary. Replace the placeholder values in the commands below with the recommended version and credentials that our support team provides.
+
+ ```shell
+ VERSION=4.0.19
+ ```
+
+ ```shell
+ curl --user XXXXX:YYYYYYY https://software-private.spectrocloud.com/airgap-fips/$VERSION/airgap-fips-v$VERSION.bin \
+ --output airgap-fips-v$VERSION.bin
+ ```
+
+12. Update the airgap setup binary permissions to allow execution. Replace the file name below with the name of the airgap setup binary you downloaded.
+
+ ```shell
+ chmod +x airgap-fips-v$VERSION.bin
+ ```
+
+13. Start the airgap setup binary. Replace the file name below with the name of the airgap setup binary you downloaded.
+
+ ```shell
+ ./airgap-fips-v$VERSION.bin
+ ```
+ Upon completion, a success message will be displayed. The output is condensed for brevity.
+
+ ```shell hideClipboard {10}
+ Verifying archive integrity... 100% MD5 checksums are OK. All good.
+ Uncompressing Airgap Setup - Version 4.0.17 100%
+ Setting up Packs
+ - Pushing Pack cni-calico:3.25.1
+ ...
+ Setting up Images
+ - Pushing image docker.io/kindest/kindnetd:v20230227-15197099
+ - Pushing image gcr.io/cloud-provider-vsphere/cpi/release/manager:v1.22.8
+ .....
+ Preparing Manifests Archive
+ Manifests are available in /tmp/spectro-manifests-1696971110.zip. Extract the archive to a file server to serve as a Spectro Cloud Repository
+ Setup Completed
+ ```
+
+ :::info
+
+ If you encounter an error during the airgap setup process, verify the required environment variables are set and populated correctly. If you are still having issues, reach out to our support team for assistance.
+ :::
+
+
+14. Move the manifest file located in your temporary directory to the location of your file server. Unzip the manifest file to a folder accessible by the file server. Replace the file name below with the name of the manifest file provided to you by the airgap setup.
+
+ ```shell
+ unzip spectro-manifests-XXXXXXXXXXXX.zip -d /target/folder
+ ```
+
+ :::tip
+
+ If you want to get started quickly with a file server, install [Caddy](https://caddyserver.com/docs/quick-starts/static-files) or use Python3's [http sever](https://docs.python.org/3/library/http.server.html) and issue one of the following commands in the folder where you unzipped the manifest content. Each command will start a file server on port 2015.
+
+ ```shell
+ caddy file-server --listen :2015 --browse
+ ```
+
+ ```shell
+ python3 -m http.server 2015
+ ```
+
+ We do not recommend serving the manifest content over HTTP, but it is an option if you want to get started quickly. For production workloads, enable HTTPS on your file server.
+ :::
+
+
+15. Review the additional packs available for download. The supplemental packs are optional and not required for a successful installation. However, to create cluster profiles you may require several of the packs available for download. Refer to the [Additional Packs](supplemental-packs.md) resource for a list of available packs.
+
+
+
+16. Once you select the packs you want to install, download the pack binaries and start the binary to initiate the upload process.
+
+ In the example below, the `airgap-fips-pack-amazon-linux-eks-1.0.0.bin` binary is downloaded and started.
+
+ ```shell
+ chmod +x airgap-fips-pack-amazon-linux-eks-1.0.0.bin && \
+ ./airgap-fips-pack-amazon-linux-eks-1.0.0.bin
+ ```
+
+ ```shell hideClipboard
+ Verifying archive integrity... 100% MD5 checksums are OK. All good.
+ Uncompressing Airgap Pack - amazon-linux-eks Version 4.0.17 100%
+ Setting up Packs
+ - Pushing Pack amazon-linux-eks:1.0.0
+ Setup Completed
+ ```
+
+17. Repeat step 16 for each pack you want to install.
+
+You now have completed the preparation steps for an airgap installation. Check out the [Validate](#validate) section to ensure the airgap setup process completed successfully.
+
+
+## Validate
+
+Use the following steps to validate the airgap setup process completed successfully.
+
+
+1. Log in to your OCI registry and verify the VerteX images and packs are available.
+
+
+2. Verify the manifest file is accessible from the file server. The manifest file is required for the VerteX installation process. The screenshot below is an example of a file server hosting the unzipped manifest content. The example is using Caddy as the file server.
+
+ 
+
+
+3. Ensure your file server is accessible from the environment in which you are installing VerteX. Use the following command to verify the manifest content is accessible from the file server. Replace the hostname or IP address below with your file server hostname or IP address.
+
+ ```shell
+ curl http://:/roar/nickfury/versions.yaml
+ ```
+
+ ```yaml hideClipboard
+ versions:
+ - version: "3.3"
+ filepath: "/roar/nickfury/3.3/version.yaml"
+ patchVersionsFilepath: "/roar/nickfury/3.3/versions.yaml"
+ - version: "3.4"
+ filepath: "/roar/nickfury/3.4/version.yaml"
+ patchVersionsFilepath: "/roar/nickfury/3.4/versions.yaml"
+ - version: "4.0"
+ filepath: "/roar/nickfury/4.0/version.yaml"
+ patchVersionsFilepath: "/roar/nickfury/4.0/versions.yaml"
+ ```
+
+## Next Steps
+
+You are now ready to deploy the airgap VerteX installation. You will specify your OCI registry and file server during the installation process. Refer to the [VMware Install Instructions](../install-on-vmware/install-on-vmware.md) guide for detailed guidance on installing VerteX.
\ No newline at end of file
diff --git a/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/install-on-kubernetes.md b/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/install-on-kubernetes.md
index fedbb6de89..b0533ce69c 100644
--- a/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/install-on-kubernetes.md
+++ b/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/install-on-kubernetes.md
@@ -18,7 +18,4 @@ To get started with Palette VerteX on Kubernetes, refer to the [Install Instruct
- [Install Instructions](install.md)
-
-
-
- [Helm Configuration Reference](vertex-helm-ref.md)
diff --git a/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/install.md b/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/install.md
index 16a20bca20..252a53b6df 100644
--- a/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/install.md
+++ b/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/install.md
@@ -1,42 +1,52 @@
---
sidebar_label: "Instructions"
-title: "Install VerteX"
-description: "Learn how to install Palette VerteX on VMware vSphere."
+title: "Instructions"
+description: "Learn how to deploy self-hosted VerteX to a Kubernetes cluster using a Helm Chart."
icon: ""
hide_table_of_contents: false
-sidebar_position: 0
-tags: ["vertex", "kubernetes"]
+sidebar_position: 10
+tags: ["vertex", "enterprise"]
---
+You can use the Palette VerteX Helm Chart to install VerteX in a multi-node Kubernetes cluster in your production environment.
+
+This installation method is common in secure environments with restricted network access that prohibits using VerteX SaaS. Review our [architecture diagrams](../../../architecture/networking-ports.md) to ensure your Kubernetes cluster has the necessary network connectivity for VerteX to operate successfully.
-Use the Palette VerteX Helm Chart to install Palette VerteX in a multi-node Kubernetes cluster in your production environment. Palette VerteX is a FIPS-compliant product that must be installed in a FIPS-compliant environment. This means that Operating System (OS) the Kubernetes cluster you are installing Palette VerteX into must be FIPS-compliant.
-Review our [architecture diagrams](../../../architecture/networking-ports.md) to ensure your Kubernetes cluster has the necessary network connectivity for Palette to operate successfully.
## Prerequisites
+
+:::caution
+
+If you are installing VerteX in an airgap environment, ensure you complete all the airgap pre-install steps before proceeding with the installation. Refer to the [Kubernetes Airgap Instructions](../airgap/kubernetes-airgap-instructions.md) guide for more information.
+
+:::
+
+
+
- [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) is installed and available.
- [Helm](https://helm.sh/docs/intro/install/) is installed and available.
-- Access to the target Kubernetes cluster's kubeconfig file. You must be able to interact with the cluster using `kubectl` commands and have sufficient permissions to install Palette VerteX. We recommend using a role with cluster-admin permissions to install Palette VerteX.
+- Access to the target Kubernetes cluster's kubeconfig file. You must be able to interact with the cluster using `kubectl` commands and have sufficient permissions to install VerteX. We recommend using a role with cluster-admin permissions to install VerteX.
- The Kubernetes cluster must be set up on a supported version of Kubernetes, which includes versions v1.25 to v1.27.
-- Ensure the Kubernetes cluster does not have Cert Manager installed. Palette VerteX requires a unique Cert Manager configuration to be installed as part of the installation process. If Cert Manager is already installed, you must uninstall it before installing Palette VerteX.
+- Ensure the Kubernetes cluster does not have Cert Manager installed. VerteX requires a unique Cert Manager configuration to be installed as part of the installation process. If Cert Manager is already installed, you must uninstall it before installing VerteX.
-- The Kubernetes cluster must have a Container Storage Interface (CSI) installed and configured. Palette VerteX requires a CSI to store persistent data. You may install any CSI that is compatible with your Kubernetes cluster.
+- The Kubernetes cluster must have a Container Storage Interface (CSI) installed and configured. VerteX requires a CSI to store persistent data. You may install any CSI that is compatible with your Kubernetes cluster.
-- We recommend the following resources for Palette VerteX. Refer to the [Palette VerteX size guidelines](../install-palette-vertex.md#size-guidelines) for additional sizing information.
+- We recommend the following resources for VerteX. Refer to the [VerteX size guidelines](../install-palette-vertex.md#size-guidelines) for additional sizing information.
- 8 CPUs per node.
@@ -48,23 +58,15 @@ Review our [architecture diagrams](../../../architecture/networking-ports.md) to
- A minimum of three worker nodes or three untainted control plane nodes.
-
- :::info
+- The following network ports must be accessible for VerteX to operate successfully.
- Refer to the Palette VerteX [size guidelines](../install-palette-vertex.md#size-guidelines) resource for additional sizing information.
+ - TCP/443: Inbound and outbound to and from the VerteX management cluster.
- :::
+ - TCP/6443: Outbound traffic from the VerteX management cluster to the deployed clusters' Kubernetes API server.
-- The following network ports must be accessible for Palette VerteX to operate successfully.
-
- - TCP/443: Inbound and outbound to and from the Palette VerteX management cluster.
-
- - TCP/6443: Outbound traffic from the Palette VerteX management cluster to the deployed clusters' Kubernetes API server.
-
-
-- Ensure you have an SSL certificate that matches the domain name you will assign to Palette VerteX. You will need this to enable HTTPS encryption for Palette VerteX. Reach out to your network administrator or security team to obtain the SSL certificate. You need the following files:
+- Ensure you have an SSL certificate that matches the domain name you will assign to VerteX. You will need this to enable HTTPS encryption for VerteX. Reach out to your network administrator or security team to obtain the SSL certificate. You need the following files:
- x509 SSL certificate file in base64 format.
@@ -73,13 +75,13 @@ Review our [architecture diagrams](../../../architecture/networking-ports.md) to
- x509 SSL certificate authority file in base64 format.
-- Ensure the OS and Kubernetes cluster you are installing Palette VerteX onto is FIPS-compliant. Otherwise, Palette VerteX and its operations will not be FIPS-compliant.
+- Ensure the OS and Kubernetes cluster you are installing VerteX onto is FIPS-compliant. Otherwise, VerteX and its operations will not be FIPS-compliant.
-- A custom domain and the ability to update Domain Name System (DNS) records. You will need this to enable HTTPS encryption for Palette VerteX.
+- A custom domain and the ability to update Domain Name System (DNS) records. You will need this to enable HTTPS encryption for VerteX.
-- Access to the Palette Helm Charts. Refer to the [Access Palette VerteX](../../vertex.md#access-palette-vertex) for instructions on how to request access to the Helm Chart.
+- Access to the VerteX Helm Charts. Refer to the [Access VerteX](../../vertex.md#access-palette-vertex) for instructions on how to request access to the Helm Chart.
@@ -87,92 +89,604 @@ Review our [architecture diagrams](../../../architecture/networking-ports.md) to
:::caution
-Do not use a Palette-managed Kubernetes cluster when installing Palette VerteX. Palette-managed clusters contain the Palette agent and Palette-created Kubernetes resources that will interfere with the installation of Palette VerteX.
+Do not use a VerteX-managed Kubernetes cluster when installing VerteX. VerteX-managed clusters contain the VerteX agent and VerteX-created Kubernetes resources that will interfere with the installation of VerteX.
:::
-## Install Palette VerteX
+## Install VerteX
-Use the following steps to install Palette VerteX on Kubernetes.
+The following instructions are written agnostic to the Kubernetes distribution you are using. Depending on the underlying infrastructure provider and your Kubernetes distribution, you may need to modify the instructions to match your environment. Reach out to our support team if you need assistance.
-
-:::info
+1. Open a terminal session and navigate to the directory where you downloaded the VerteX Helm Charts provided by our support. We recommend you place all the downloaded files into the same directory. You should have the following Helm Charts:
-The following instructions are written agnostic to the Kubernetes distribution you are using. Depending on the underlying infrastructure provider and your Kubernetes distribution, you may need to modify the instructions to match your environment. Reach out to our support team if you need assistance.
+ - Spectro Management Plane Helm Chart.
-:::
+ - Cert Manager Helm Chart.
+ - Image Swap Helm Chart - Only required if you are using a private OCI registry with remote registry caching enabled or installing VerteX in an air-gapped environment.
-1. Open a terminal session and navigate to the directory where you downloaded the Palette VerteX Helm Charts provided by our support team. We recommend you place all the downloaded files within the same directory. You should have the following Helm Charts:
-
- - Spectro Management Plane Helm Chart.
+ ```shell hideClipboard
+ .
+ ├── cert-manager
+ ├── cert-manager-1.11.0.tgz
+ ├── image-swap
+ ├── image-swap-1.5.2.tgz
+ ├── spectro-mgmt-plane
+ └── spectro-mgmt-plane-4.0.19.tgz
+
+ 3 directories, 3 files
+ ```
-
- - Cert Manager Helm Chart.
+2. Extract each Helm Chart into its directory. Use the commands below as a reference. Do this for all the provided Helm Charts.
+
+
-2. Extract each Helm Chart into its directory. Use the commands below as a reference. Do this for all the provided Helm Charts.
-
+ ```shell
+ tar xzvf spectro-mgmt-plane-*.tgz
+ ```
- ```shell
- tar xzvf spectro-mgmt-plane-*.tgz
- ```
-
+ ```shell
+ tar xzvf cert-manager-*.tgz
+ ```
+
+
+
+
+
+
+
+ ```shell
+ tar xzvf spectro-mgmt-plane-*.tgz
+ ```
+
+
+ ```shell
+ tar xzvf cert-manager-*.tgz
+ ```
+
+ ```shell
+ tar xzvf image-swap-*.tgz
+ ```
+
+
+
- ```yaml
- tar xzvf cert-manager-*.tgz
- ```
3. Install Cert Manager using the following command. Replace the actual file name of the Cert Manager Helm Chart with the one you downloaded, as the version number may be different.
-
- ```shell
- helm upgrade --values cert-manager/values.yaml cert-manager cert-manager-1.11.0.tgz --install
- ```
+```shell
+ helm upgrade --values cert-manager/values.yaml cert-manager cert-manager-1.11.0.tgz --install
+```
-
- :::info
+4. Open the **values.yaml** in the **spectro-mgmt-plane** folder with a text editor of your choice. The **values.yaml** contains the default values for the VerteX installation parameters. However, you must populate the following parameters before installing VerteX. You can learn more about the parameters in the **values.yaml** file in the [Helm Configuration Reference](vertex-helm-ref.md) page.
- The Cert Manager Helm Chart provided by our support team is configured for Palette VerteX. Do not modify the **values.yaml** file unless instructed to do so by our support team.
+
+
- :::
-4. Open the **values.yaml** in the **spectro-mgmt-plane** folder with a text editor of your choice. The **values.yaml** contains the default values for the Palette VerteX installation parameters. You must populate the following parameters in the YAML file before installing Palette VerteX.
+ | **Parameter** | **Description** | **Type** |
+ | --- | --- | --- |
+ | `env.rootDomain` | The URL name or IP address you will use for the VerteX installation. | string |
+ | `ociPackRegistry` or `ociPackEcrRegistry` | The OCI registry credentials for VerteX FIPS packs. These credentials are provided by our support team.| object |
+ | `scar` | The Spectro Cloud Artifact Repository (SCAR) credentials for VerteX FIPS images. These credentials are provided by our support team. | object |
-
- | **Parameter** | **Description** | **Type** |
- | --- | --- | --- |
- | `env.rootDomain` | The URL name or IP address you will use for the Palette VerteX installation. | string |
- | `ociPackRegistry` or `ociPackEcrRegistry` | The OCI registry credentials for Palette VerteX FIPS packs.| object |
- | `scar` | The Spectro Cloud Artifact Repository (SCAR) credentials for Palette VerteX FIPS images. These credentials are provided by our support team. | object |
+ Save the **values.yaml** file after you have populated the required parameters mentioned in the table. Expand the following sections to review an example of the **values.yaml** file with the required parameters highlighted.
-
-
- Save the **values.yaml** file after you have populated the required parameters listed in the table.
-
- :::info
-
- You can learn more about the parameters in the **values.yaml** file in the [Helm Configuration Reference](vertex-helm-ref.md) page.
+
+Example - values.yaml
- :::
+```yaml {53,77-85,97-102}
+#########################
+# Spectro Cloud VerteX #
+#########################
+# MongoDB Configuration
+mongo:
+ # Whether to deploy MongoDB in-cluster (internal == true) or use Mongo Atlas
+ internal: true
+
+ # Mongodb URL. Only change if using Mongo Atlas.
+ databaseUrl: "mongo-0.mongo,mongo-1.mongo,mongo-2.mongo"
+ # Mongo Atlas password, base64 encoded. Only enter if using Mongo Atlas.
+ databasePassword: ""
+
+ #No. of mongo replicas to run, default is 3
+ replicas: 3
+ # The following only apply if mongo.internal == true
+ cpuLimit: "2000m"
+ memoryLimit: "4Gi"
+ pvcSize: "20Gi"
+ storageClass: "" # leave empty to use the default storage class
+config:
+ installationMode: "connected" #values can be connected or airgap.
+ # SSO SAML Configuration (Optional for self-hosted type)
+ sso:
+ saml:
+ enabled: false
+ acsUrlRoot: "myfirstpalette.spectrocloud.com"
+ acsUrlScheme: "https"
+ audienceUrl: "https://www.spectrocloud.com"
+ entityId: "https://www.spectrocloud.com"
+ apiVersion: "v1"
-5. Install the Palette VerteX Helm Chart using the following command.
+ # Email Configurations. (Optional for self-hosted type)
+ email:
+ enabled: false
+ emailId: "noreply@spectrocloud.com"
+ smtpServer: "smtp.gmail.com"
+ smtpPort: 587
+ insecureSkipVerifyTls: true
+ fromEmailId: "noreply@spectrocloud.com"
+ password: "" # base64 encoded SMTP password
+
+ env:
+ # rootDomain is a DNS record which will be mapped to the ingress-nginx-controller load balancer
+ # E.g., myfirstpalette.spectrocloud.com
+ # - Mandatory if ingress.internal == false
+ # - Optional if ingress.internal == true (leave empty)
+ #
+ # IMPORTANT: a DNS record must be created separately and it must be a wildcard to account for Organization prefixes
+ # E.g., *.myfirstpalette.spectrocloud.com
+ rootDomain: "vertex.example.com"
+
+ # stableEndpointAccess is used when deploying EKS clusters in Private network type.
+ # When your Saas installed instance have connectivity to the private VPC where you want to launch the cluster set the stableEndpointAccess to true
+ cluster:
+ stableEndpointAccess: false
+
+# registry:
+# endpoint: "" #
+# name: "" #
+# password: "" #
+# username: "" #
+# insecureSkipVerify: false
+# caCert: ""
+
+# ociPackRegistry:
+# endpoint: "" #
+# name: "" #
+# password: "" #
+# username: "" #
+# baseContentPath: "" #
+# insecureSkipVerify: false
+# caCert: ""
+
+ ociPackEcrRegistry:
+ endpoint: "15789037893.dkr.ecr.us-east-1.amazonaws.com" #
+ name: "VerteX Packs OCI" #
+ accessKey: "*************" #
+ secretKey: "*************" #
+ baseContentPath: "production-fips" #
+ isPrivate: true
+ insecureSkipVerify: false
+ caCert: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURqekNDQW5lZ0F3SUJBZ0lVZTVMdXBBZGljd0Z1SFJpWWMyWEgzNTFEUzJJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0tERW1NQ1FHQTFVRUF3d2RjSEp2ZUhrdWMyRnRjR3hsTG5Od1pXTjBjbTlqYkc5MVpDNWpiMjB3SGhjTgpNakl4TURFME1UTXlOREV5V2hjTk1qY3hNREV6TVRNeU5ERXlXakI3TVFzd0NRWURWUVFHRXdKVlV6RUxNQWtHCkExVUVDQk1DUTBFeEV6QVJCZ05WQkFjVENsTmhiblJoUTJ4aGNtRXhGVEFUQmdOVkJBb1RERk53WldOMGNtOUQKYkc5MVpERUxNQWtHQTFVRUN4TUNTVlF4SmpBa0JnTlZCQU1USFhCeWIzaDVMbk5oYlhCc1pTNXpjR1ZqZEhKdgpZMnh2ZFdRdVkyOXRNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQV"
+
+ # ociImageRegistry:
+ # endpoint: "" #
+ # name: "" #
+ # password: "" #
+ # username: "" #
+ # baseContentPath: "" #
+ # insecureSkipVerify: false
+ # caCert: ""
+ # mirrorRegistries: ""
+
+ scar:
+ endpoint: "https://saas-repo-fips.console.spectrocloud.com"
+ username: "**********"
+ password: "**********"
+ insecureSkipVerify: true
+ caCert: ""
+
+ imageSwapImages:
+ imageSwapInitImage: "gcr.io/spectro-images-public/release-fips/thewebroot/imageswap-init:v1.5.2"
+ imageSwapImage: "gcr.io/spectro-images-public/release-fips/thewebroot/imageswap:v1.5.2"
+
+ imageSwapConfig:
+ isEKSCluster: true #If the Cluster you are trying to install is EKS cluster set value to true else set to false
+
+
+nats:
+ # Should we install nats as part of the nats chart bundled with hubble charts
+ # If not enabled NATS service should be installed as a separate service.
+
+ enabled: true
+
+ # Whether to front NATS with a cloud load balancer (internal == false) or
+ # either share the ingress load balancer or use hostNetwork (internal == true).
+ # See nats.natsUrl comments for further detail.
+ internal: true
+
+ # NATS URL
+ # Comma separated list of mappings for nats load balancer service
+ # E.g., "message1.dev.spectrocloud.com:4222,message2.dev.spectrocloud.com:4222"
+ #
+ # Mandatory if nats.internal == false
+ # Otherwise, if nats.internal == true:
+ # - If ingress.ingress.internal == true: leave empty (use hostNetwork)
+ # - If ingress.ingress.internal == false: use ":4222" (share ingress lb)
+ natsUrl: ""
+
+ # *********************** IMPORTANT NOTE ******************************
+ # * if nats.internal == true, ignore all of the following NATS config *
+ # *********************************************************************
+
+ # NATS load balancer annotations
+ annotations: {}
+
+ # AWS example
+ # service.beta.kubernetes.io/aws-load-balancer-ssl-cert:
+ # service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "server-port"
+ # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
+
+ # Azure example
+ # service.beta.kubernetes.io/azure-load-balancer-internal: "true"
+ # service.beta.kubernetes.io/azure-dns-label-name: myserviceuniquelabel
+
+ # Static IP for the nats loadbalancer service. If empty, a dynamic IP will be generated.
+ natsStaticIP: ""
+grpc:
+ external: false
+ endpoint: "" #Please provide DNS endpoint with the port eg: msg.spectrocloud.com:443
+ caCertificateBase64: "" #Please provide caCertificate for the grpc server Cert
+ serverCrtBase64: ""
+ serverKeyBase64: ""
+ insecureSkipVerify: false
+
+ingress:
+ # When enabled nginx ingress controller would be installed
+ enabled: true
+
+ ingress:
+ # Whether to front NGINX Ingress Controller with a cloud
+ # load balancer (internal == false) or use host network
+ internal: false
+
+ # Default SSL certificate and key for NGINX Ingress Controller (Optional)
+ # A wildcard cert for config.env.rootDomain, e.g., *.myfirstpalette.spectrocloud.com
+ # If left blank, the NGINX ingress controller will generate a self-signed cert (when terminating TLS upstream of ingress-nginx-controller)
+ certificate: ""
+ key: ""
+
+ #If ACM is enabled please use grpc as a non internal and bring grpc on different LB. Provide certificate and dns for it.
+ annotations: {}
+ # AWS example
+ # service.beta.kubernetes.io/aws-load-balancer-internal: "true"
+ # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
+ # service.beta.kubernetes.io/aws-load-balancer-ssl-cert:
+ # service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
+
+ # Azure example
+ # service.beta.kubernetes.io/azure-load-balancer-internal: "true"
+ # service.beta.kubernetes.io/azure-dns-label-name: myserviceuniquelabel
+
+ # Static IP for the Ingress load balancer service. If empty, a dynamic IP will be generated.
+ ingressStaticIP: ""
+
+ # For Service like AWS Load Balancer using https we would want to terminate the HTTPS at Load Balancer.
+ terminateHTTPSAtLoadBalancer: false
+ nats:
+ enabled: true
+
+frps:
+ frps:
+ enabled: false
+ frpHostURL: proxy.sample.spectrocloud.com
+ server:
+ crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURqekNDQW5lZ0F3SUJBZ0lVZTVMdXBBZGljd0Z1SFJpWWMyWEgzNTFEUzJJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0tERW1NQ1FHQTFVRUF3d2RjSEp2ZUhrdWMyRnRjR3hsTG5Od1pXTjBjbTlqYkc5MVpDNWpiMjB3SGhjTgpNakl4TURFME1UTXlOREV5V2hjTk1qY3hNREV6TVRNeU5ERXlXakI3TVFzd0NRWURWUVFHRXdKVlV6RUxNQWtHCkExVUVDQk1DUTBFeEV6QVJCZ05WQkFjVENsTmhiblJoUTJ4aGNtRXhGVEFUQmdOVkJBb1RERk53WldOMGNtOUQKYkc5MVpERUxNQWtHQTFVRUN4TUNTVlF4SmpBa0JnTlZCQU1USFhCeWIzaDVMbk5oYlhCc1pTNXpjR1ZqZEhKdgpZMnh2ZFdRdVkyOXRNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXd5bEt3MmlxClBXM2JrQU0wV3RhaEFLbEppcWFHd05LUDVRRTZ6ZW5NM2FURko3TjIwN0dWcUNGYzJHTDNodmNhTDFranZjeEkKK2lybHpkbm9hcVhUSmV3ZkJiTGs2SGVhZmdXUVp3NHNNeE5QRUVYYlNXYm54Mm03Y2FlbVJiUWZSQWhPWXRvWgpIWG1IMzQ1Q25mNjF0RnhMeEEzb0JRNm1yb0JMVXNOOUh2WWFzeGE5QUFmZUNNZm5sYWVBWE9CVmROalJTN1VzCkN5NmlSRXpEWFgvem1nOG5WWFUwemlrcXdoS3pqSlBJd2FQa2ViaXVSdUJYdEZ0VlQwQmFzS3VqbURzd0lsRFQKVmR4SHRRQUVyUmM4Q2Nhb20yUkpZbTd1aHNEYlo2WVFzS3JiMmhIbU5rNENVWUd5eUJPZnBwbzR2bFd1S2FEcgpsVFNYUXlPN0M0ejM1d0lEQVFBQm8xNHdYREJhQmdOVkhSRUVVekJSZ2dsc2IyTmhiR2h2YzNTSEJIOEFBQUdDCkhYQnliM2g1TG5OaGJYQnNaUzV6Y0dWamRISnZZMnh2ZFdRdVkyOXRnaDhxTG5CeWIzaDVMbk5oYlhCc1pTNXoKY0dWamRISnZZMnh2ZFdRdVkyOXRNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUEvRFJFVm54SWJRdi9uMDEvSQpJd1d0ekhKNGNHOUp6UlB6dmszNUcvRGJOVzZYZ0M3djBoWlFIVHg5bzMrckxoSUFiWTNmbjc1VEtlN3hMRWpiCkI3M3pGWURJSStkYzM5NkQzZU51M2NxRGIvY01kYmlFalhod2ttZk9NRm9qMnpOdHJIdzFsSjA0QlNFMWw1YWgKMDk0Vy9aaEQ2YTVLU3B0cDh1YUpKVmNrejRYMEdRWjVPYjZadGdxZVVxNytqWVZOZ0tLQzJCMW1SNjMyMDNsZwozVFZmZEkrdmI3b292dVdOOFRBVG9qdXNuS25WMmRMeTFBOWViWXYwMEM3WWZ6Q0NhODgrN2dzTGhJaUJjRHBPClJkWjU3QStKanJmSU5IYy9vNm5YWFhDZ2h2YkFwUVk1QnFnMWIzYUpUZERNWThUY0hoQVVaQzB5eU04bXcwMnQKWHRRQwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+ key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBd3lsS3cyaXFQVzNia0FNMFd0YWhBS2xKaXFhR3dOS1A1UUU2emVuTTNhVEZKN04yCjA3R1ZxQ0ZjMkdMM2h2Y2FMMWtqdmN4SStpcmx6ZG5vYXFYVEpld2ZCYkxrNkhlYWZnV1FadzRzTXhOUEVFWGIKU1dibngybTdjYWVtUmJRZlJBaE9ZdG9aSFhtSDM0NUNuZjYxdEZ4THhBM29CUTZtcm9CTFVzTjlIdllhc3hhOQpBQWZlQ01mbmxhZUFYT0JWZE5qUlM3VXNDeTZpUkV6RFhYL3ptZzhuVlhVMHppa3F3aEt6akpQSXdhUGtlYml1ClJ1Qlh0RnRWVDBCYXNLdWptRHN3SWxEVFZkeEh0UUFFclJjOENjYW9tMlJKWW03dWhzRGJaNllRc0tyYjJoSG0KTms0Q1VZR3l5Qk9mcHBvNHZsV3VLYURybFRTWFF5TzdDNHozNXdJREFRQUJBb0lCQUFPVVZFeTFOTG9mczdFMgpmZFZVcm10R3I1U2RiVWRJRlYrTDREbzZtWWxQSmxhT0VoWGI0ZlROZDloNEtEWVBmaWwwSnhXcUU0U1RHTmZuCnNUMlRnUVhuQ01LZi8xYk1Lc2M0N3VjVStYYU9XaHJnVFI5UmhkckFjN0duODRLL3hQc0ljL2VZTEhHLzh1QUUKeWUvLzVmRkM2QmpXY0hUM1NkTlZnd3duamJudG5XTXIzTFJBVnJBamZBckxveWUwS0F2YytYdXJLTEVCcmMyVQpjaHlDbitZemJKN0VlSG44UXdQNGdBNXVSK0NCMFJPeFErYXIzS3M5YUhkZTQ1OEVNNEtLMnpUOXA4RWZRc1lFCkFtNUpxWjliR0JEVHV1dEkyNm9GK0pLQ1IzZzhXNERRcHVYRUZoVjlya0pMSm13RDhQb0JaclF6UzZvdmJhdkkKRk42QVM4RUNnWUVBOEcxQzFxZVh4dTQ4aEYxak5MTCswRmxkeWdFem9SMmFoRGJCai8weUZkQVVjU2pYTzk0NAozN1dORTBUUG10WG1Vc3NZTlBTR21XaWI2OUhicEFoMTY3SWVwNE9LaVlZdkozYm1oUC9WNzFvK3M0SWJlSHh1CkVJbWVVckFOZWRoQURVQnZ4c1lXRWxlVlVJSFFRcjY1VHM2ZjIrWkpTKzg4TU05bUorL3BmcmNDZ1lFQXo4MXgKR3JiSE5oak56RjhZMjhiK0hMNW5rdDR0SUdkU3hnbW9PMFFJeGkrQVNZTzB0WW42VFk0ZHI5ZXErMzE3b21ZawpMbDNtNENORDhudG1vYzRvWnM4SUpDQ0IrZjNqcTY4OHdoQU9vVHZ4dDhjZVJqOFRhRHl1SHZwS043OVNsVVd2CjBJd2ZRNDNIemd3SWJiSWhjcTRJVGswanI0VHdWbThia283VElGRUNnWUJoNnUzVXhHN0JHeGZVaE1BNW4waSsKREJkeGhPbkZEV3gzdW1FOHhrN1dxV2NaNnhzMWk3eTRCNVhNS2pNdkNUeURyYWxQTCtOOXFTZ1BjK216TmFybwo4aU1mOENmRStMeE5vMVFoQ0p6Vm5YaDUzVnhZeHJ5QXlidU1TNTFCYVh3MHFYQ2NrT0krV0NNOHBaSHZEUVFsCmYydUZ3SlZMY3NTZDBHbjNpL01ab3dLQmdBY1BzUjg2Uk15MnpROTd6OGx3R3FSNVorV2F2U2ZUdXdGVnhLeTIKNUNGdjdja1J1NnRMbEFEY3FtK1dRWTRvTm5KUFREMXpIV3hTWm5XdjhjM2Z4b212MFZRQThzbSs4ZVNjb05EcgpZTVBqMkpQcEpVTTMwMzRBU2Q1dG5PWUdEMVZaTjk4N1U3aWs4Ynd6dG5tYnl2MHRvc1NlWkc4TGNtdE5mVDllCnNSZnhBb0dCQUpTV1lDellyTlRMNnRUSnh5M2FqWm5jZkxrMEV0eWNCd05FRXZHVzVSVE9LOUFYTE96RzN0eHUKajZqWlRpaUFRU09aaVd0clJHU0U0bEkyQ1MvcjNjd3VuSGlnZlovd1dKZldkZ0JpRnZqOTVFbUVQWUZaRDRobQpkT3l5UHhRRXFTRmprQ21BS2plOFBpTDdpU01GbGhBZTZQWFljQlExdCtzd01UeXBnY3RrCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
+ ca:
+ crt : LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURNVENDQWhtZ0F3SUJBZ0lVSHhWK0ljVGZHUElzdW8yY3dqQ0Q0Z2RSTFFRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0tERW1NQ1FHQTFVRUF3d2RjSEp2ZUhrdWMyRnRjR3hsTG5Od1pXTjBjbTlqYkc5MVpDNWpiMjB3SGhjTgpNakl4TURFME1UTXlOREV5V2hjTk16WXdOakl5TVRNeU5ERXlXakFvTVNZd0pBWURWUVFEREIxd2NtOTRlUzV6CllXMXdiR1V1YzNCbFkzUnliMk5zYjNWa0xtTnZiVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0MKQVFvQ2dnRUJBSy90WXBHVi9HRURUWnZzL25QQ2lOK0U3K1dOQ21GeU1NQjdkazVOT3JzQWZIaVVvZ1JRVUo0WQptSjhwVmYrSzhTRFBsdGNYcW40WVVTbmxiUERsVlBkWU5zOTEwT3RaS1EwNW96aUtGV2pNbS85NHlLSjVyVzNsCndDNEN0ayttUm9Ib0ZQQS81dmFVbVZHdlVadjlGY0JuL0pKN2F4WnRIQk1PRiticXQ0Zmd0ci9YMWdOeWhPVzUKZTVScGpESkozRjJTVnc5NUpBQSt4a3V3UitFSmVseEtnQVpxdDc0ejB4U2ROODZ0QzNtK0wxRGs2WVVlQWEzZApvM3Rsa3ZkeDV6dUJvSmI2QmpZWEV4UE1PbThRcHFNVWRLK3lDZUdrem9XQStDOUtFdGtVaERCWktENStNWXRZCktVMUh1RXJCbmw2Z3BuWTRlbzJjVTRxdkNwZzZ4S3NDQXdFQUFhTlRNRkV3SFFZRFZSME9CQllFRklKMkRkTjgKc2ZtVjRCT1ZFL0FjZ0VEejArNmlNQjhHQTFVZEl3UVlNQmFBRklKMkRkTjhzZm1WNEJPVkUvQWNnRUR6MCs2aQpNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQWhQVi9RMVl1YWVTOTZVCmhjVGQ4RWdJaHhpbHFiTWlTQm5WaVdrdlJzWk94UUIwNTFScWtwT3g0UTRsckdaOGVJWWc3T0trTTdzejhuTVQKL2pxS21sZDY0MzJCcURCMlNkNVp5ZFdReHAwU1laRTlnVWszYk9KRGtZVXQ4b1cvZDBWeG9uU05LQVN3QmZKaApWV1VZUUlpNm55K0ZZZmtuRFNvRnFlY2Z3SDBQQVUraXpnMkI3KzFkbko5YisyQ21IOUVCallOZ2hoNlFzVlFQCkh2SkdQQURtandPNkJOam5HK0Z3K0Z6cmFXUTNCTjAwb08zUjF6UmgxZERmTTQzR3oxRmZGRW5GSXI5aGFuUnQKWHJFZm8vZWU5bjBLWUFESEJnV1g4dlhuNHZrRmdWRjgwYW9MUUJSQTBxWXErcW1pVlp6YnREeE9ldFEyRWFyTQpyNmVWL0lZPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+ service:
+ annotations: {}
+
+ui-system:
+ enabled: true
+ ui:
+ nocUI:
+ enable: true
+ mapBoxAccessToken: "" # Leave Empty to use Default Access Token from VerteX
+ mapBoxStyledLayerID: "" # Leave Empty to use Default Style Layer ID
+
+reach-system:
+ reachSystem:
+ enabled: false
+ proxySettings:
+ http_proxy: ""
+ https_proxy: ""
+ no_proxy: ""
+ ca_crt_path: ""
+
+```
+
+
+
+
+
+
+
+
+
+ | **Parameter** | **Description** | **Type** |
+ | --- | --- | --- |
+ | `env.rootDomain` | The URL name or IP address you will use for the VerteX installation. | string |
+ | `config.installationMode` | The installation mode for VerteX. The values can be `connected` or `airgap`. Set this value to `airgap`. | string |
+ | `ociPackEcrRegistry` or `ociPackRegistry` | The OCI registry credentials for the VerteX FIPS packs repository. If you are using a Harbor registry, use the `ociPackRegistry` parameter block but ensure you have the OCI registry CA available.| object |
+ | `ociImageRegistry` | The OCI registry credentials for the VerteX images repository.| object |
+ | `ociImageRegistry.ca`| If you are using a self-hosted OCI, such as Harbor, ensure you provide the CA. If you are using AWS ECR, you can leave this parameter empty. | string |
+ | `ociImageRegistry.mirrorRegistries`| Replace the placeholder string with the respective values of your OCI registry repository that is hosting the images.|
+ | `imageSwapConfig.isEKSCluster` | Set this value to `false` if you are NOT installing VerteX on an EKS cluster. | boolean |
+ | `scar` | Specify your HTTP file server values. If your HTTP file server requires credentials ensure the provided values are base64 encoded. Example of the string "admin" in base64 encoding - `YWRtaW4=`. | object |
+
+
+ Save the **values.yaml** file after you have populated the required parameters mentioned in the table. Expand the following sections to review an example of the **values.yaml** file with the required parameters highlighted.
+
+
+
+
+Example - values.yaml
+
+```yaml {23,53,77-85,87-95,97-102,109}
+#########################
+# Spectro Cloud VerteX #
+#########################
+# MongoDB Configuration
+mongo:
+ # Whether to deploy MongoDB in-cluster (internal == true) or use Mongo Atlas
+ internal: true
+
+ # Mongodb URL. Only change if using Mongo Atlas.
+ databaseUrl: "mongo-0.mongo,mongo-1.mongo,mongo-2.mongo"
+ # Mongo Atlas password, base64 encoded. Only enter if using Mongo Atlas.
+ databasePassword: ""
+
+ #No. of mongo replicas to run, default is 3
+ replicas: 3
+ # The following only apply if mongo.internal == true
+ cpuLimit: "2000m"
+ memoryLimit: "4Gi"
+ pvcSize: "20Gi"
+ storageClass: "" # leave empty to use the default storage class
+
+config:
+ installationMode: "airgap" #values can be connected or airgap.
+
+ # SSO SAML Configuration (Optional for self-hosted type)
+ sso:
+ saml:
+ enabled: false
+ acsUrlRoot: "myfirstpalette.spectrocloud.com"
+ acsUrlScheme: "https"
+ audienceUrl: "https://www.spectrocloud.com"
+ entityId: "https://www.spectrocloud.com"
+ apiVersion: "v1"
+
+ # Email Configurations. (Optional for self-hosted type)
+ email:
+ enabled: false
+ emailId: "noreply@spectrocloud.com"
+ smtpServer: "smtp.gmail.com"
+ smtpPort: 587
+ insecureSkipVerifyTls: true
+ fromEmailId: "noreply@spectrocloud.com"
+ password: "" # base64 encoded SMTP password
+
+ env:
+ # rootDomain is a DNS record which will be mapped to the ingress-nginx-controller load balancer
+ # E.g., myfirstpalette.spectrocloud.com
+ # - Mandatory if ingress.internal == false
+ # - Optional if ingress.internal == true (leave empty)
+ #
+ # IMPORTANT: a DNS record must be created separately and it must be a wildcard to account for Organization prefixes
+ # E.g., *.myfirstpalette.spectrocloud.com
+ rootDomain: "vertex.example.com"
+
+ # stableEndpointAccess is used when deploying EKS clusters in Private network type.
+ # When your Saas installed instance have connectivity to the private VPC where you want to launch the cluster set the stableEndpointAccess to true
+ cluster:
+ stableEndpointAccess: false
+
+# registry:
+# endpoint: "" #
+# name: "" #
+# password: "" #
+# username: "" #
+# insecureSkipVerify: false
+# caCert: ""
+
+# ociPackRegistry:
+# endpoint: "" #
+# name: "" #
+# password: "" #
+# username: "" #
+# baseContentPath: "" #
+# insecureSkipVerify: false
+# caCert: ""
+
+ ociPackEcrRegistry:
+ endpoint: "123456789.dkr.ecr.us-east-1.amazonaws.com" #
+ name: "Airgap Packs OCI" #
+ accessKey: "*************" #
+ secretKey: "*************" #
+ baseContentPath: "spectro-packs" #
+ isPrivate: true
+ insecureSkipVerify: false
+ caCert: ""
+
+ ociImageRegistry:
+ endpoint: "public.ecr.aws/123456789" #
+ name: "Airgap Image OCI" #
+ password: "" #
+ username: "" #
+ baseContentPath: "spectro-images" #
+ insecureSkipVerify: true
+ caCert: ""
+ mirrorRegistries: "docker.io::public.ecr.aws/v2/123456789/spectro-images,gcr.io::public.ecr.aws/v2/123456789/spectro-images,ghcr.io::public.ecr.aws/v2/123456789/spectro-images,k8s.gcr.io::public.ecr.aws/v2/123456789/spectro-images,registry.k8s.io::public.ecr.aws/v2/123456789/spectro-images,quay.io::public.ecr.aws/v2/123456789/spectro-images"
+
+
+ scar:
+ endpoint: "http://10.15.20.15:2015"
+ username: "YWRtaW4="
+ password: "YWRtaW4="
+ insecureSkipVerify: true
+ caCert: ""
+
+ imageSwapImages:
+ imageSwapInitImage: "gcr.io/spectro-images-public/release-fips/thewebroot/imageswap-init:v1.5.2"
+ imageSwapImage: "gcr.io/spectro-images-public/release-fips/thewebroot/imageswap:v1.5.2"
+
+ imageSwapConfig:
+ isEKSCluster: true #If the Cluster you are trying to install is EKS cluster set value to true else set to false
+
+
+nats:
+ # Should we install nats as part of the nats chart bundled with hubble charts
+ # If not enabled NATS service should be installed as a separate service.
+
+ enabled: true
+
+ # Whether to front NATS with a cloud load balancer (internal == false) or
+ # either share the ingress load balancer or use hostNetwork (internal == true).
+ # See nats.natsUrl comments for further detail.
+ internal: true
+
+ # NATS URL
+ # Comma separated list of mappings for nats load balancer service
+ # E.g., "message1.dev.spectrocloud.com:4222,message2.dev.spectrocloud.com:4222"
+ #
+ # Mandatory if nats.internal == false
+ # Otherwise, if nats.internal == true:
+ # - If ingress.ingress.internal == true: leave empty (use hostNetwork)
+ # - If ingress.ingress.internal == false: use ":4222" (share ingress lb)
+ natsUrl: ""
+
+ # *********************** IMPORTANT NOTE ******************************
+ # * if nats.internal == true, ignore all of the following NATS config *
+ # *********************************************************************
+
+ # NATS load balancer annotations
+ annotations: {}
+
+ # AWS example
+ # service.beta.kubernetes.io/aws-load-balancer-ssl-cert:
+ # service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "server-port"
+ # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
+
+ # Azure example
+ # service.beta.kubernetes.io/azure-load-balancer-internal: "true"
+ # service.beta.kubernetes.io/azure-dns-label-name: myserviceuniquelabel
+
+ # Static IP for the nats loadbalancer service. If empty, a dynamic IP will be generated.
+ natsStaticIP: ""
+grpc:
+ external: false
+ endpoint: "" #Please provide DNS endpoint with the port eg: msg.spectrocloud.com:443
+ caCertificateBase64: "" #Please provide caCertificate for the grpc server Cert
+ serverCrtBase64: ""
+ serverKeyBase64: ""
+ insecureSkipVerify: false
+
+ingress:
+ # When enabled nginx ingress controller would be installed
+ enabled: true
+
+ ingress:
+ # Whether to front NGINX Ingress Controller with a cloud
+ # load balancer (internal == false) or use host network
+ internal: false
+
+ # Default SSL certificate and key for NGINX Ingress Controller (Optional)
+ # A wildcard cert for config.env.rootDomain, e.g., *.myfirstpalette.spectrocloud.com
+ # If left blank, the NGINX ingress controller will generate a self-signed cert (when terminating TLS upstream of ingress-nginx-controller)
+ certificate: ""
+ key: ""
+
+ #If ACM is enabled please use grpc as a non internal and bring grpc on different LB. Provide certificate and dns for it.
+ annotations: {}
+ # AWS example
+ # service.beta.kubernetes.io/aws-load-balancer-internal: "true"
+ # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
+ # service.beta.kubernetes.io/aws-load-balancer-ssl-cert:
+ # service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
+
+ # Azure example
+ # service.beta.kubernetes.io/azure-load-balancer-internal: "true"
+ # service.beta.kubernetes.io/azure-dns-label-name: myserviceuniquelabel
+
+ # Static IP for the Ingress load balancer service. If empty, a dynamic IP will be generated.
+ ingressStaticIP: ""
+
+ # For Service like AWS Load Balancer using https we would want to terminate the HTTPS at Load Balancer.
+ terminateHTTPSAtLoadBalancer: false
+ nats:
+ enabled: true
+
+frps:
+ frps:
+ enabled: false
+ frpHostURL: proxy.sample.spectrocloud.com
+ server:
+ crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURqekNDQW5lZ0F3SUJBZ0lVZTVMdXBBZGljd0Z1SFJpWWMyWEgzNTFEUzJJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0tERW1NQ1FHQTFVRUF3d2RjSEp2ZUhrdWMyRnRjR3hsTG5Od1pXTjBjbTlqYkc5MVpDNWpiMjB3SGhjTgpNakl4TURFME1UTXlOREV5V2hjTk1qY3hNREV6TVRNeU5ERXlXakI3TVFzd0NRWURWUVFHRXdKVlV6RUxNQWtHCkExVUVDQk1DUTBFeEV6QVJCZ05WQkFjVENsTmhiblJoUTJ4aGNtRXhGVEFUQmdOVkJBb1RERk53WldOMGNtOUQKYkc5MVpERUxNQWtHQTFVRUN4TUNTVlF4SmpBa0JnTlZCQU1USFhCeWIzaDVMbk5oYlhCc1pTNXpjR1ZqZEhKdgpZMnh2ZFdRdVkyOXRNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXd5bEt3MmlxClBXM2JrQU0wV3RhaEFLbEppcWFHd05LUDVRRTZ6ZW5NM2FURko3TjIwN0dWcUNGYzJHTDNodmNhTDFranZjeEkKK2lybHpkbm9hcVhUSmV3ZkJiTGs2SGVhZmdXUVp3NHNNeE5QRUVYYlNXYm54Mm03Y2FlbVJiUWZSQWhPWXRvWgpIWG1IMzQ1Q25mNjF0RnhMeEEzb0JRNm1yb0JMVXNOOUh2WWFzeGE5QUFmZUNNZm5sYWVBWE9CVmROalJTN1VzCkN5NmlSRXpEWFgvem1nOG5WWFUwemlrcXdoS3pqSlBJd2FQa2ViaXVSdUJYdEZ0VlQwQmFzS3VqbURzd0lsRFQKVmR4SHRRQUVyUmM4Q2Nhb20yUkpZbTd1aHNEYlo2WVFzS3JiMmhIbU5rNENVWUd5eUJPZnBwbzR2bFd1S2FEcgpsVFNYUXlPN0M0ejM1d0lEQVFBQm8xNHdYREJhQmdOVkhSRUVVekJSZ2dsc2IyTmhiR2h2YzNTSEJIOEFBQUdDCkhYQnliM2g1TG5OaGJYQnNaUzV6Y0dWamRISnZZMnh2ZFdRdVkyOXRnaDhxTG5CeWIzaDVMbk5oYlhCc1pTNXoKY0dWamRISnZZMnh2ZFdRdVkyOXRNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUEvRFJFVm54SWJRdi9uMDEvSQpJd1d0ekhKNGNHOUp6UlB6dmszNUcvRGJOVzZYZ0M3djBoWlFIVHg5bzMrckxoSUFiWTNmbjc1VEtlN3hMRWpiCkI3M3pGWURJSStkYzM5NkQzZU51M2NxRGIvY01kYmlFalhod2ttZk9NRm9qMnpOdHJIdzFsSjA0QlNFMWw1YWgKMDk0Vy9aaEQ2YTVLU3B0cDh1YUpKVmNrejRYMEdRWjVPYjZadGdxZVVxNytqWVZOZ0tLQzJCMW1SNjMyMDNsZwozVFZmZEkrdmI3b292dVdOOFRBVG9qdXNuS25WMmRMeTFBOWViWXYwMEM3WWZ6Q0NhODgrN2dzTGhJaUJjRHBPClJkWjU3QStKanJmSU5IYy9vNm5YWFhDZ2h2YkFwUVk1QnFnMWIzYUpUZERNWThUY0hoQVVaQzB5eU04bXcwMnQKWHRRQwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+ key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBd3lsS3cyaXFQVzNia0FNMFd0YWhBS2xKaXFhR3dOS1A1UUU2emVuTTNhVEZKN04yCjA3R1ZxQ0ZjMkdMM2h2Y2FMMWtqdmN4SStpcmx6ZG5vYXFYVEpld2ZCYkxrNkhlYWZnV1FadzRzTXhOUEVFWGIKU1dibngybTdjYWVtUmJRZlJBaE9ZdG9aSFhtSDM0NUNuZjYxdEZ4THhBM29CUTZtcm9CTFVzTjlIdllhc3hhOQpBQWZlQ01mbmxhZUFYT0JWZE5qUlM3VXNDeTZpUkV6RFhYL3ptZzhuVlhVMHppa3F3aEt6akpQSXdhUGtlYml1ClJ1Qlh0RnRWVDBCYXNLdWptRHN3SWxEVFZkeEh0UUFFclJjOENjYW9tMlJKWW03dWhzRGJaNllRc0tyYjJoSG0KTms0Q1VZR3l5Qk9mcHBvNHZsV3VLYURybFRTWFF5TzdDNHozNXdJREFRQUJBb0lCQUFPVVZFeTFOTG9mczdFMgpmZFZVcm10R3I1U2RiVWRJRlYrTDREbzZtWWxQSmxhT0VoWGI0ZlROZDloNEtEWVBmaWwwSnhXcUU0U1RHTmZuCnNUMlRnUVhuQ01LZi8xYk1Lc2M0N3VjVStYYU9XaHJnVFI5UmhkckFjN0duODRLL3hQc0ljL2VZTEhHLzh1QUUKeWUvLzVmRkM2QmpXY0hUM1NkTlZnd3duamJudG5XTXIzTFJBVnJBamZBckxveWUwS0F2YytYdXJLTEVCcmMyVQpjaHlDbitZemJKN0VlSG44UXdQNGdBNXVSK0NCMFJPeFErYXIzS3M5YUhkZTQ1OEVNNEtLMnpUOXA4RWZRc1lFCkFtNUpxWjliR0JEVHV1dEkyNm9GK0pLQ1IzZzhXNERRcHVYRUZoVjlya0pMSm13RDhQb0JaclF6UzZvdmJhdkkKRk42QVM4RUNnWUVBOEcxQzFxZVh4dTQ4aEYxak5MTCswRmxkeWdFem9SMmFoRGJCai8weUZkQVVjU2pYTzk0NAozN1dORTBUUG10WG1Vc3NZTlBTR21XaWI2OUhicEFoMTY3SWVwNE9LaVlZdkozYm1oUC9WNzFvK3M0SWJlSHh1CkVJbWVVckFOZWRoQURVQnZ4c1lXRWxlVlVJSFFRcjY1VHM2ZjIrWkpTKzg4TU05bUorL3BmcmNDZ1lFQXo4MXgKR3JiSE5oak56RjhZMjhiK0hMNW5rdDR0SUdkU3hnbW9PMFFJeGkrQVNZTzB0WW42VFk0ZHI5ZXErMzE3b21ZawpMbDNtNENORDhudG1vYzRvWnM4SUpDQ0IrZjNqcTY4OHdoQU9vVHZ4dDhjZVJqOFRhRHl1SHZwS043OVNsVVd2CjBJd2ZRNDNIemd3SWJiSWhjcTRJVGswanI0VHdWbThia283VElGRUNnWUJoNnUzVXhHN0JHeGZVaE1BNW4waSsKREJkeGhPbkZEV3gzdW1FOHhrN1dxV2NaNnhzMWk3eTRCNVhNS2pNdkNUeURyYWxQTCtOOXFTZ1BjK216TmFybwo4aU1mOENmRStMeE5vMVFoQ0p6Vm5YaDUzVnhZeHJ5QXlidU1TNTFCYVh3MHFYQ2NrT0krV0NNOHBaSHZEUVFsCmYydUZ3SlZMY3NTZDBHbjNpL01ab3dLQmdBY1BzUjg2Uk15MnpROTd6OGx3R3FSNVorV2F2U2ZUdXdGVnhLeTIKNUNGdjdja1J1NnRMbEFEY3FtK1dRWTRvTm5KUFREMXpIV3hTWm5XdjhjM2Z4b212MFZRQThzbSs4ZVNjb05EcgpZTVBqMkpQcEpVTTMwMzRBU2Q1dG5PWUdEMVZaTjk4N1U3aWs4Ynd6dG5tYnl2MHRvc1NlWkc4TGNtdE5mVDllCnNSZnhBb0dCQUpTV1lDellyTlRMNnRUSnh5M2FqWm5jZkxrMEV0eWNCd05FRXZHVzVSVE9LOUFYTE96RzN0eHUKajZqWlRpaUFRU09aaVd0clJHU0U0bEkyQ1MvcjNjd3VuSGlnZlovd1dKZldkZ0JpRnZqOTVFbUVQWUZaRDRobQpkT3l5UHhRRXFTRmprQ21BS2plOFBpTDdpU01GbGhBZTZQWFljQlExdCtzd01UeXBnY3RrCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
+ ca:
+ crt : LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURNVENDQWhtZ0F3SUJBZ0lVSHhWK0ljVGZHUElzdW8yY3dqQ0Q0Z2RSTFFRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0tERW1NQ1FHQTFVRUF3d2RjSEp2ZUhrdWMyRnRjR3hsTG5Od1pXTjBjbTlqYkc5MVpDNWpiMjB3SGhjTgpNakl4TURFME1UTXlOREV5V2hjTk16WXdOakl5TVRNeU5ERXlXakFvTVNZd0pBWURWUVFEREIxd2NtOTRlUzV6CllXMXdiR1V1YzNCbFkzUnliMk5zYjNWa0xtTnZiVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0MKQVFvQ2dnRUJBSy90WXBHVi9HRURUWnZzL25QQ2lOK0U3K1dOQ21GeU1NQjdkazVOT3JzQWZIaVVvZ1JRVUo0WQptSjhwVmYrSzhTRFBsdGNYcW40WVVTbmxiUERsVlBkWU5zOTEwT3RaS1EwNW96aUtGV2pNbS85NHlLSjVyVzNsCndDNEN0ayttUm9Ib0ZQQS81dmFVbVZHdlVadjlGY0JuL0pKN2F4WnRIQk1PRiticXQ0Zmd0ci9YMWdOeWhPVzUKZTVScGpESkozRjJTVnc5NUpBQSt4a3V3UitFSmVseEtnQVpxdDc0ejB4U2ROODZ0QzNtK0wxRGs2WVVlQWEzZApvM3Rsa3ZkeDV6dUJvSmI2QmpZWEV4UE1PbThRcHFNVWRLK3lDZUdrem9XQStDOUtFdGtVaERCWktENStNWXRZCktVMUh1RXJCbmw2Z3BuWTRlbzJjVTRxdkNwZzZ4S3NDQXdFQUFhTlRNRkV3SFFZRFZSME9CQllFRklKMkRkTjgKc2ZtVjRCT1ZFL0FjZ0VEejArNmlNQjhHQTFVZEl3UVlNQmFBRklKMkRkTjhzZm1WNEJPVkUvQWNnRUR6MCs2aQpNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQWhQVi9RMVl1YWVTOTZVCmhjVGQ4RWdJaHhpbHFiTWlTQm5WaVdrdlJzWk94UUIwNTFScWtwT3g0UTRsckdaOGVJWWc3T0trTTdzejhuTVQKL2pxS21sZDY0MzJCcURCMlNkNVp5ZFdReHAwU1laRTlnVWszYk9KRGtZVXQ4b1cvZDBWeG9uU05LQVN3QmZKaApWV1VZUUlpNm55K0ZZZmtuRFNvRnFlY2Z3SDBQQVUraXpnMkI3KzFkbko5YisyQ21IOUVCallOZ2hoNlFzVlFQCkh2SkdQQURtandPNkJOam5HK0Z3K0Z6cmFXUTNCTjAwb08zUjF6UmgxZERmTTQzR3oxRmZGRW5GSXI5aGFuUnQKWHJFZm8vZWU5bjBLWUFESEJnV1g4dlhuNHZrRmdWRjgwYW9MUUJSQTBxWXErcW1pVlp6YnREeE9ldFEyRWFyTQpyNmVWL0lZPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+ service:
+ annotations: {}
+
+ui-system:
+ enabled: true
+ ui:
+ nocUI:
+ enable: true
+ mapBoxAccessToken: "" # Leave Empty to use Default Access Token from VerteX
+ mapBoxStyledLayerID: "" # Leave Empty to use Default Style Layer ID
+
+reach-system:
+ reachSystem:
+ enabled: false
+ proxySettings:
+ http_proxy: ""
+ https_proxy: ""
+ no_proxy: ""
+ ca_crt_path: ""
+
+```
+
+
+
+
+
+
+
+
+5. This step only applies when installing VerteX in an airgap environment or when using a self-hosted OCI registry with registry caching enabled. Otherwise, skip to the next step.
+
+ Go ahead and install the image-swap chart using the following command. Replace the `image-swap-0.0.0.tgz` file name with the name of the image-swap chart you downloaded. Point to the **values.yaml** file you configured in the previous step.
+
+
+
+ ```shell
+ helm upgrade --values spectro-mgmt-plane/values.yaml image-swap image-swap-0.0.0.tgz --install
+ ```
+
+
+6. Install the VerteX Helm Chart using the following command.
@@ -181,7 +695,7 @@ The following instructions are written agnostic to the Kubernetes distribution y
```
-6. Track the installation process using the command below. Palette VerteX is ready when the deployments in the namespaces `cp-system`, `hubble-system`, `ingress-nginx`, `jet-system` , and `ui-system` reach the *Ready* state. The installation takes between two to three minutes to complete.
+7. Track the installation process using the command below. VerteX is ready when the deployments in the namespaces `cp-system`, `hubble-system`, `ingress-nginx`, `jet-system` , and `ui-system` reach the *Ready* state. The installation takes between two to three minutes to complete.
@@ -190,7 +704,7 @@ The following instructions are written agnostic to the Kubernetes distribution y
```
-7. Create a DNS CNAME record that is mapped to the Palette VerteX `ingress-nginx-controller` load balancer. You can use the following command to retrieve the load balancer IP address. You may require the assistance of your network administrator to create the DNS record.
+8. Create a DNS CNAME record that is mapped to the VerteX `ingress-nginx-controller` load balancer. You can use the following command to retrieve the load balancer IP address. You may require the assistance of your network administrator to create the DNS record.
@@ -202,27 +716,24 @@ The following instructions are written agnostic to the Kubernetes distribution y
:::info
- As you create tenants in Palette VerteX, the tenant name is prefixed to the domain name you assigned to Palette VerteX. For example, if you create a tenant named `tenant1` and the domain name you assigned to Palette VerteX is `vertex.example.com`, the tenant URL will be `tenant1.vertex.example.com`. You can create an additional wildcard DNS record to map all tenant URLs to the Palette VerteX load balancer.
+ As you create tenants in VerteX, the tenant name is prefixed to the domain name you assigned to VerteX. For example, if you create a tenant named `tenant1` and the domain name you assigned to VerteX is `vertex.example.com`, the tenant URL will be `tenant1.vertex.example.com`. You can create an additional wildcard DNS record to map all tenant URLs to the VerteX load balancer.
:::
-8. Use the custom domain name or the IP address of the load balancer to visit the Palette VerteX system console. To access the system console, open a web browser and paste the custom domain URL in the address bar and append the value `/system`. Replace the domain name in the URL with your custom domain name or the IP address of the load balancer. Alternatively, you can use the load balancer IP address with the appended value `/`system` to access the system console.
+9. Use the custom domain name or the IP address of the load balancer to visit the VerteX system console. To access the system console, open a web browser and paste the custom domain URL in the address bar and append the value `/system`. Replace the domain name in the URL with your custom domain name or the IP address of the load balancer. Alternatively, you can use the load balancer IP address with the appended value `/system` to access the system console.
-
+ The first time you visit the VerteX system console, a warning message about a not-trusted SSL certificate may appear. This is expected, as you still need to upload your SSL certificate to VerteX. You can ignore this warning message and proceed.
- :::info
- The first time you visit the Palette VerteX system console, a warning message about an untrusted SSL certificate may appear. This is expected, as you have not yet uploaded your SSL certificate to Palette VerteX. You can ignore this warning message and proceed.
+
- :::
-
+ 
- 
-9. Log in to the system console using the following default credentials.
+10. Log in to the system console using the following default credentials.
@@ -233,39 +744,40 @@ The following instructions are written agnostic to the Kubernetes distribution y
- After login, you will be prompted to create a new password. Enter a new password and save your changes. You will be redirected to the Palette VerteX system console.
+ After login, you will be prompted to create a new password. Enter a new password and save your changes. You will be redirected to the VerteX system console.
-10. After login, a summary page is displayed. Palette VerteX is installed with a self-signed SSL certificate. To assign a different SSL certificate you must upload the SSL certificate, SSL certificate key, and SSL certificate authority files to Palette VerteX. You can upload the files using the Palette VerteX system console. Refer to the [Configure HTTPS Encryption](../../system-management/ssl-certificate-management.md) page for instructions on how to upload the SSL certificate files to Palette VerteX.
+11. After login, a summary page is displayed. VerteX is installed with a self-signed SSL certificate. To assign a different SSL certificate you must upload the SSL certificate, SSL certificate key, and SSL certificate authority files to VerteX. You can upload the files using the VerteX system console. Refer to the [Configure HTTPS Encryption](../../system-management/ssl-certificate-management.md) page for instructions on how to upload the SSL certificate files to VerteX.
+
:::caution
-If you are planning to deploy host clusters into different networks, you may require a reverse proxy. Check out the [Configure Reverse Proxy](../../system-management/reverse-proxy.md) guide for instructions on configuring a reverse proxy for Palette VerteX.
+If you plan to deploy host clusters into different networks, you may require a reverse proxy. Check out the [Configure Reverse Proxy](../../system-management/reverse-proxy.md) guide for instructions on how to configure a reverse proxy for VerteX.
:::
-You now have a self-hosted instance of Palette VerteX installed in a Kubernetes cluster. Make sure you retain the **values.yaml** file as you may need it for future upgrades.
+You now have a self-hosted instance of VerteX installed in a Kubernetes cluster. Make sure you retain the **values.yaml** file as you may need it for future upgrades.
## Validate
-Use the following steps to validate the Palette VerteX installation.
+Use the following steps to validate the VerteX installation.
-1. Open up a web browser and navigate to the Palette VerteX system console. To access the system console, open a web browser and paste the following URL in the address bar and append the value `/system`. Replace the domain name in the URL with your custom domain name or the IP address of the load balancer.
+1. To access the VerteX system console, open a web browser and paste the `env.rootDomain` value you provided in the address bar and append the value `/system`. You can also use the IP address of the load balancer.
-2. Log in using the credentials you received from our support team. After login, you will be prompted to create a new password. Enter a new password and save your changes. You will be redirected to the Palette VerteX system console.
+2. Log in using the credentials you received from our support team. After login, you will be prompted to create a new password. Enter a new password and save your changes. You will be redirected to the VerteX system console.
-3. Open a terminal session and issue the following command to verify the Palette VerteX installation. The command should return a list of deployments in the `cp-system`, `hubble-system`, `ingress-nginx`, `jet-system` , and `ui-system` namespaces.
+3. Open a terminal session and issue the following command to verify the VerteX installation. The command should return a list of deployments in the `cp-system`, `hubble-system`, `ingress-nginx`, `jet-system` , and `ui-system` namespaces.
@@ -317,4 +829,10 @@ Use the following steps to validate the Palette VerteX installation.
## Next Steps
-You have successfully installed Palette VerteX in a Kubernetes cluster. Your next steps are to configure Palette VerteX for your organization. Start by creating the first tenant to host your users. Use the [Create a Tenant](../../system-management/tenant-management.md) page for instructions on how to create a tenant.
+You have successfully installed VerteX in a Kubernetes cluster. Your next steps are to configure VerteX for your organization. Start by creating the first tenant to host your users. Use the [Create a Tenant](../../system-management/tenant-management.md) page for instructions on how to create a tenant.
+
+
+
+## Resources
+
+- [Enterprise Install Troubleshooting](../../../troubleshooting/enterprise-install.md)
\ No newline at end of file
diff --git a/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/vertex-helm-ref.md b/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/vertex-helm-ref.md
index b2480549a0..be79566a3e 100644
--- a/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/vertex-helm-ref.md
+++ b/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/vertex-helm-ref.md
@@ -207,7 +207,7 @@ If you are using a self-hosted OCI registry, you must provide the required FIPS
| `ociPackRegistry.username` | The username for the registry. | String| `""` |
| `ociPackRegistry.baseContentPath`| The base path for the registry. | String | `""` |
| `ociPackRegistry.insecureSkipVerify` | Specifies whether to skip Transport Layer Security (TLS) verification for the registry connection. | Boolean | `false` |
-| `ociPackRegistry.caCert` | The registry's base64-encoded certificate authority (CA) certificate. | String | `""` |
+| `ociPackRegistry.caCert` | The registry's base64-encoded certificate authority (CA) certificate. Required for self-hosted OCI registries. | String | `""` |
```yaml
@@ -251,6 +251,35 @@ config:
caCert: ""
```
+#### OCI Image Registry
+
+You can specify an OCI registry for the images used by Palette.
+
+| **Parameters** | **Description** | **Type** | **Default value** |
+| --- | --- | --- | --- |
+| `ociImageRegistry.endpoint` | The endpoint URL for the registry. | String| `""` |
+| `ociImageRegistry.name` | The name of the registry. | String| `""` |
+| `ociImageRegistry.password` | The password for the registry. | String| `""` |
+| `ociImageRegistry.username` | The username for the registry. | String| `""` |
+| `ociImageRegistry.baseContentPath`| The base path for the registry. | String | `""` |
+| `ociImageRegistry.insecureSkipVerify` | Specifies whether to skip Transport Layer Security (TLS) verification for the registry connection. | Boolean | `false` |
+| `ociImageRegistry.caCert` | The registry's base64-encoded certificate authority (CA) certificate. Required for self-hosted OCI registries. | String | `""` |
+| `ociImageRegistry.mirrorRegistries` | A comma-separated list of mirror registries. | String | `""` |
+
+
+```yaml
+config:
+ ociImageRegistry:
+ endpoint: ""
+ name: ""
+ password: ""
+ username: ""
+ baseContentPath: ""
+ insecureSkipVerify: false
+ caCert: ""
+ mirrorRegistries: ""
+```
+
### Spectro Cloud Artifact Repository (SCAR)
SCAR credentials are required to download the necessary FIPS manifests. Our support team provides the SCAR credentials.
diff --git a/docs/docs-content/vertex/install-palette-vertex/install-on-vmware/install-on-vmware.md b/docs/docs-content/vertex/install-palette-vertex/install-on-vmware/install-on-vmware.md
index 29f56e1b42..6283abcb93 100644
--- a/docs/docs-content/vertex/install-palette-vertex/install-on-vmware/install-on-vmware.md
+++ b/docs/docs-content/vertex/install-palette-vertex/install-on-vmware/install-on-vmware.md
@@ -17,8 +17,5 @@ Palette VerteX can be installed on VMware vSphere with internet connectivity or
- [Install on VMware](install.md)
-
-
-
- [VMware System Requirements](vmware-system-requirements.md)
\ No newline at end of file
diff --git a/docs/docs-content/vertex/install-palette-vertex/install-on-vmware/install.md b/docs/docs-content/vertex/install-palette-vertex/install-on-vmware/install.md
index 4460a78a0f..519bd7b608 100644
--- a/docs/docs-content/vertex/install-palette-vertex/install-on-vmware/install.md
+++ b/docs/docs-content/vertex/install-palette-vertex/install-on-vmware/install.md
@@ -5,20 +5,20 @@ description: "Learn how to deploy Palette VerteX on VMware."
icon: ""
hide_table_of_contents: false
sidebar_position: 0
+toc_max_heading_level: 3
tags: ["vertex", "vmware"]
---
+You install Palette VerteX using the Palette Command Line Interface (CLI) that guides you for details to create a configuration file and a three-node enterprise cluster for high availability (HA). You can invoke the Palette CLI on any Linux x86-64 system with the Docker daemon installed and connectivity to the VMware vSphere environment where Palette VerteX will be deployed.
+## Prerequisites
+:::caution
+If you are installing Palette VerteX in an airgap environment, ensure you complete all the airgap pre-install steps before proceeding with the installation. Refer to the [VMware vSphere Airgap Instructions](../airgap/vmware-vsphere-airgap-instructions.md) guide for more information.
-# Install Palette VerteX on VMware vSphere
-
-You install Palette VerteX using the Palette Command Line Interface (CLI) that guides you for details to create a configuration file and a three-node enterprise cluster for high availability (HA). You can invoke the Palette CLI on any Linux x86-64 system with the Docker daemon installed and connectivity to the VMware vSphere environment where Palette VerteX will be deployed.
-
-
-## Prerequisites
+:::
- An AMD64 Linux environment with connectivity to the VMware vSphere environment.
@@ -82,19 +82,28 @@ Self-hosted Palette VerteX installations provide a system Private Cloud Gateway
:::
-## Install the Enterprise Cluster
+## Deployment
-The video below provides a demonstration of the installation wizard and the prompts you will encounter. Take a moment to watch the video before you begin the installation process. Make sure to use values that are appropriate for your environment. Use the **three-dot Menu** in the lower right corner of the video to expand the video to full screen and to change the playback speed.
+The video below demonstrates the installation wizard and the prompts you will encounter. Take a moment to watch the video before you begin the installation process. Make sure to use values that are appropriate for your environment. Use the **three-dot Menu** in the lower right corner of the video to expand the video to full screen and to change the playback speed.
-
+
+
-
+
+
+
-Use the following steps to install Palette VerteX.
+
+
+
+
+
+
+
+Use the following steps to install Palette VerteX.
-
1. Open a terminal window and invoke the Palette CLI by using the `ec` command to install the enterprise cluster. The interactive CLI prompts you for configuration details and then initiates the installation. For more information about the `ec` subcommand, refer to [Palette Commands](../../../palette-cli/commands.md#ec).
@@ -120,16 +129,20 @@ Use the following steps to install Palette VerteX.
-4. Provide the FIPS repository URL you received from our support team.
+4. Depending on that type of install of Palette you are using, the Spectro Cloud repository URL value will be different.
+ - Non-Airgap: `https://saas-repo-fips.console.spectrocloud.com`
+ - Airgap: The URL or IP address of your HTTP file server that is hosting the manifest files.
+
-5. Enter the FIPS repository credentials.
+
+5. Enter the repository credentials. Our support team provides the credentials you need to access the public Spectro Cloud repository. Airgap installations, provide the credentials to your private repository. If your HTTP file server has no authentication, provide the username and password as `admin` and `admin` respectively.
6. Choose `VMware vSphere` as the cloud type. This is the default.
-7. Type an enterprise cluster name.
+7. Type an enterprise cluster name. Your VM instances will use this name as a prefix.
8. When prompted, enter the information listed in each of the following tables.
@@ -151,7 +164,23 @@ Use the following steps to install Palette VerteX.
-9. Select the OCI registry type and provide the configuration values. Review the following table for more information.
+9. Select the tab below that matches your installation type for further guidance.
+
+
+
+
+ Select `y` to use the Spectro Cloud FIPS repository and proceed to the next step.
+
+
+
+
+Select the OCI registry type and provide the configuration values. Review the following table for more information.
+
+:::caution
+
+For self-hosted OCI registries, ensure you have the server Certificate Authority (CA) certificate file available on the host where you are using the Palette CLI. You will be prompted to provide the file path to the OCI CA certificate. Failure to provide the OCI CA certificate will result in self-linking errors. Refer to the [Self-linking Error](../../../troubleshooting/enterprise-install.md#scenario---self-linking-error) troubleshooting guide for more information.
+
+:::
@@ -163,20 +192,32 @@ Use the following steps to install Palette VerteX.
| **Registry Name** | Enter the name of the registry. |
| **Registry Endpoint** | Enter the registry endpoint. |
| **Registry Base Path** | Enter the registry base path. |
- |**Allow Insecure Connection** | Bypasses x509 verification. Type `Y` if using a VMware vSphere instance with self-signed Transport Layer Security (TLS) certificates. Otherwise, type `n`.|
+ |**Allow Insecure Connection** | Bypasses x509 verification. Type `n` to specify a certificate authority in the follow-up prompt. |
+ | **Registry CA certificate filepath** | Specify the file path to the certificate authority. Use absolute paths. |
| **Registry Username** or **Registry Access Key** | Enter the registry username or the access key if using `OCI ECR`. |
| **Registry Password** or **Registry Secret Key** | Enter the registry password or the secret key if using `OCI ECR`. |
| **Registry Region** | Enter the registry region. This option is only available if you are using `OCI ECR`. |
| **ECR Registry Private** | Type `y` if the registry is private. Otherwise, type `n`. |
| **Use Public Registry for Images** | Type `y` to use a public registry for images. Type `n` to a different registry for images. If you are using another registry for images, you will be prompted to enter the registry URL, base path, username, and password. |
-
-10. Next, specify the database storage size to allocate for Palette VerteX. The default is 20 GB. Refer to the [size guidelines](../install-palette-vertex.md#instance-sizing) for additional information.
+ When prompted to "Pull images from public registry", type `n` and specify the OCI registry configuration values for your image registry. Refer to the table above for more information.
+
+
+:::info
+You will be provided with an opportunity to update the mirror registries values. To exit `vi` press the `Escape` key and type `:wq` to save and exit.
+
+:::
+
+
+
+
+
+---
-11. The next set of prompts is for the VMware vSphere account information. Enter the information listed in the following table.
+10. The next set of prompts is for the VMware vSphere account information. Enter the information listed in the following table.
@@ -193,7 +234,7 @@ Use the following steps to install Palette VerteX.
#### VMware vSphere Cluster Configuration
- This information determines where Palette VerteX will be deployed in your VMware vSphere environment. The Palette CLI will use the provided VMware credentials to retrieve information from your VMware vSphere environment and present options for you to select from.
+ This information determines where Palette will be deployed in your VMware vSphere environment. The Palette CLI will use the provided VMware credentials to retrieve information from your VMware vSphere environment and present options for you to select from.
@@ -201,16 +242,17 @@ Use the following steps to install Palette VerteX.
|-----------------------------------------|----------------|
|**Datacenter**| The installer retrieves the Datacenter automatically. |
|**Folder** | Select the folder that contains the VM instance. |
- | **Cluster** | Select the cluster where you want to deploy Palette VerteX. |
- | **Network** | Select the network where you want to deploy Palette VerteX. |
- | **Resource Pool** | Select the resource pool where you want to deploy Palette VerteX. |
- | **Datastore** | Select the datastore where you want to deploy Palette VerteX. |
+ | **Cluster** | Select the cluster where you want to deploy Palette. |
+ | **Network** | Select the network where you want to deploy Palette. |
+ | **Resource Pool** | Select the resource pool where you want to deploy Palette. |
+ | **Datastore** | Select the datastore where you want to deploy Palette. |
|**Fault Domains** | Configure one or more fault domains by selecting values for these properties: Cluster, Network (with network connectivity), Resource Pool, and Storage Type (Datastore or VM Storage Policy). Note that when configuring the Network, if you are using a distributed switch, choose the network that contains the switch. |
|**NTP Servers** | You can provide a list of Network Time Protocol (NTP) servers. |
- |**SSH Public Keys** | Provide any public SSH keys to access your Palette VerteX VMs. This option opens up your system's default text editor. Vi is the default text editor for most Linux distributions. To review basic vi commands, check out the [vi Commands](https://www.cs.colostate.edu/helpdocs/vi.html) reference. |
+ |**SSH Public Keys** | Provide any public SSH keys to access your Palette VMs. This option opens up your system's default text editor. Vi is the default text editor for most Linux distributions. To review basic vi commands, check out the [vi Commands](https://www.cs.colostate.edu/helpdocs/vi.html) reference. |
-12. Specify the IP pool configuration. The placement type can be Static or Dynamic Domain Name Server (DDNS). Choosing static placement creates an IP pool from which VMs are assigned IP addresses. Choosing DDNS assigns IP addresses using DNS.
+
+11. Specify the IP pool configuration. The placement type can be Static or Dynamic Domain Name Server (DDNS). Choosing static placement creates an IP pool from which VMs are assigned IP addresses. Choosing DDNS assigns IP addresses using DNS.
@@ -228,7 +270,7 @@ Use the following steps to install Palette VerteX.
-13. The last set of prompts is for the VMware vSphere machine configuration. Enter the information listed in the following table.
+12. The last set of prompts are for the vSphere machine and database configuration. Use the following table for guidance.
@@ -236,22 +278,25 @@ Use the following steps to install Palette VerteX.
|**Parameter** | **Description**|
|-----------------------------------------|----------------|
- | **Number of CPUs** | The number of CPUs allocated to each VM node instance.|
- | **Memory** | The amount of memory allocated to each VM node instance.|
- | **Disk Size** | The size of the disk allocated to each VM node instance.|
-
+ | **Small** | Deploy VM nodes with 8 CPU, 16 GB memory, 60 GB storage. The database specs are 20 GB database with 2 CPU limit and 4 GB memory limit. |
+ | **Medium** | Deploy VM nodes with 16 CPU, 32 GB memory, 100 GB storage. The database specs are 60 GB database with 4 CPU limit and 8 GB memory limit. |
+ | **Large** | Deploy VM nodes with 32 CPU, 64 GB memory, 120 GB storage. The database specs are 80 GB database with 8 CPU limit and 16 GB memory limit. |
+ | **Custom** | Deploy VM nodes with custom CPU, memory, storage, database size, CPU limit, and memory limit. If you specify custom, you will be prompted for the CPU, memory, and storage. |
+ #### Additional vSphere Machine Configuration
+
+ |**Parameter** | **Description**|
+ |-----------------------------------------|----------------|
+ | **Node Affinity** | Select the node affinity. Enter `y` to schedule all Palette pods on control plane nodes. |
+
The installation process stands up a [kind](https://kind.sigs.k8s.io/) cluster locally that will orchestrate the remainder of the installation. The installation takes some time.
-
Upon completion, the enterprise cluster configuration file named `ec.yaml` contains the information you provided, and its location is displayed in the terminal. Credentials and tokens are encrypted in the YAML file.
-
-
```bash hideClipboard
==== Enterprise Cluster config saved ====
Location: :/home/spectro/.palette/ec/ec-20230706150945/ec.yaml
@@ -259,21 +304,47 @@ Use the following steps to install Palette VerteX.
+:::tip
+
+ If an error occurs during installation, remove the `kind` cluster that was created and restart the installation. To remove the `kind` cluster, issue the following command. Replace `spectro-mgmt-cluster` with the name of your cluster if you used a different name.
+
+ ```bash
+ kind delete cluster spectro-mgmt-cluster
+ ```
+
+ Restart the install process by referencing the `ec.yaml` file that was created during the first installation attempt.
+ For example:
+
+ ```bash
+ palette ec install --config /home/spectro/.palette/ec/ec-20230706150945/ec.yaml
+ ```
+:::
+
+
+
When the installation is complete, Enterprise Cluster Details that include a URL and default credentials are displayed in the terminal. You will use these to access the Palette VerteX System Console.
```bash hideClipboard
- ====================================
- ==== Enterprise Cluster Details ====
- ====================================
- Console URL: https://10.10.189.100/system
- Username: **********
- Password: **********
+ ===========================================
+ ==== Enterprise Cluster System Console ====
+ ===========================================
+ Console URL: https://10.10.100.0/system
+ Username: ************
+ Password: ************
+
+ The first of three Enterprise Cluster nodes is online and will now provision nodes two and three.
+
+ It will take another ~30-45 minutes for the installation to complete.
+
+ You can monitor its progress via kubectl/k9s or by viewing the system console.
+
+ export KUBECONFIG=/ubuntu/.palette/ec/ec-20231012215923/spectro_mgmt.conf
```
-14. Copy the URL to the browser to access the System Console. You will be prompted to reset the password.
+13. Copy the URL to the browser to access the system console. You will be prompted to reset the password.
@@ -290,13 +361,13 @@ Use the following steps to install Palette VerteX.
-15. Log in to the System Console using the credentials provided in the Enterprise Cluster Details output. After login, you will be prompted to create a new password. Enter a new password and save your changes. You will be redirected to the Palette VerteX system console.
+14. Log in to the System Console using the credentials provided in the Enterprise Cluster Details output. After login, you will be prompted to create a new password. Enter a new password and save your changes. You will be redirected to the Palette VerteX system console.
-16. After login, a Summary page is displayed. Palette VerteX is installed with a self-signed SSL certificate. To assign a different SSL certificate you must upload the SSL certificate, SSL certificate key, and SSL certificate authority files to Palette VerteX. You can upload the files using the Palette VerteX system console. Refer to the [Configure HTTPS Encryption](/vertex/system-management/ssl-certificate-management) page for instructions on how to upload the SSL certificate files to Palette VerteX.
+15. After login, a Summary page is displayed. Palette VerteX is installed with a self-signed SSL certificate. To assign a different SSL certificate you must upload the SSL certificate, SSL certificate key, and SSL certificate authority files to Palette VerteX. You can upload the files using the Palette VerteX system console. Refer to the [Configure HTTPS Encryption](/vertex/system-management/ssl-certificate-management) page for instructions on how to upload the SSL certificate files to Palette VerteX.
-17. The last step is to start setting up a tenant. To learn how to create a tenant, check out the [Tenant Management](../../system-management/tenant-management.md) guide.
+16. The last step is to start setting up a tenant. To learn how to create a tenant, check out the [Tenant Management](../../system-management/tenant-management.md) guide.
@@ -314,19 +385,16 @@ You can also validate that a three-node Kubernetes cluster is launched and Palet
1. Log in to the vCenter Server by using vSphere Client.
-2. Navigate to the Datacenter and locate your VM instance.
-
+2. Navigate to your vSphere Datacenter and locate your Palette VM instances. The VMs are prefixed with the name you provided during the installation. For example, if you provided `spectro-mgmt-cluster` as the name, the VMs are named `spectro-mgmt-cluster-`, followed by a unique set of alphanumeric values. Verify three nodes are available.
-3. Select the VM to access its details page, and verify three nodes are listed.
+3. Open a web browser session, and use the IP address provided in Enterprise Cluster Details at the completion of the installation to connect to the Palette system console. Copy the IP address to the address bar and append `/system`.
-4. Open a web browser session, and use the IP address provided in Enterprise Cluster Details at the completion of the installation to connect to the Palette VerteX System Console. Copy the IP address to the address bar and append `/system`.
+4. Log in using your credentials.
-5. Log in using your credentials.
-
-6. A **Summary** page will be displayed that contains a tile with a **Go to Tenant Management** button. After initial installation, the **Summary** page shows there are zero tenants.
+5. A **Summary** page will be displayed that contains a tile with a **Go to Tenant Management** button. After initial installation, the **Summary** page shows there are zero tenants.
## Next Steps
@@ -337,5 +405,19 @@ After you create the tenant, you are ready to configure authentication types in
## Resources
+- [Airgap Instructions](../airgap/vmware-vsphere-airgap-instructions.md)
+
- [Create a Tenant](../../system-management/tenant-management.md)
-
\ No newline at end of file
+
+- [Enterprise Install Troubleshooting](../../../troubleshooting/enterprise-install.md)
+
+- [Palette CLI](../../../palette-cli/install-palette-cli.md#download-and-setup)
+
+- [System Management](../../system-management/system-management.md)
+
+- [VMware System Requirements](vmware-system-requirements.md)
+
+
+
+
+
diff --git a/docs/docs-content/vertex/install-palette-vertex/install-palette-vertex.md b/docs/docs-content/vertex/install-palette-vertex/install-palette-vertex.md
index 117178bb0e..287d9b5e7b 100644
--- a/docs/docs-content/vertex/install-palette-vertex/install-palette-vertex.md
+++ b/docs/docs-content/vertex/install-palette-vertex/install-palette-vertex.md
@@ -10,37 +10,21 @@ tags: ["vertex"]
Palette VerteX is available as a self-hosted application that you install in your environment. The self-hosted version is a dedicated Palette VerteX environment hosted on VMware instances or in an existing Kubernetes cluster. Palette VerteX is available in the following modes:
-| **Supported Platform** | **Description** |
-|------------------------|------------------------------------|
-| VMware | Install Palette VerteX in VMware environment. |
-| Kubernetes | Install Palette VerteX using a Helm Chart in an existing Kubernetes cluster. |
+| **Supported Platform** | **Description** | **Install Guide** |
+|------------------------|------------------------------------|------------------|
+| VMware | Install Palette VerteX in VMware environment. | [Install on VMware](./install-on-vmware/install.md) |
+| Kubernetes | Install Palette VerteX using a Helm Chart in an existing Kubernetes cluster. | [Install on Kubernetes](./install-on-kubernetes/install.md) |
-The next sections describe specific requirements for installing Palette VerteX.
-## Proxy Requirements
+You can also install Palette VerteX in an airgap environment. For more information, refer to the [Airgap Installation](airgap/airgap.md) section.
-- A proxy used for outgoing connections should support both HTTP and HTTPS traffic.
-
-
-- Allow connectivity to domains and ports in the table.
+| **Supported Airgap Platform** | **Description** |
+|------------------------|------------------------------------|
+| VMware | Install Palette VerteX in VMware environment using your own OCI registry server. |
+| Kubernetes | Install Palette VerteX using a Helm Chart in an existing Kubernetes cluster with your own OCI registry server OR use AWS ECR. |
-
-
- | **Top-Level Domain** | **Port** | **Description** |
- |----------------------------|----------|-------------------------------------------------|
- | spectrocloud.com | 443 | Spectro Cloud content repository and pack registry |
- | s3.amazonaws.com | 443 | Spectro Cloud VMware OVA files |
- | gcr.io | 443 | Spectro Cloud and common third party container images |
- | ghcr.io | 443 | Kubernetes VIP images |
- | docker.io | 443 | Common third party content |
- | googleapis.com | 443 | For pulling Spectro Cloud images |
- | docker.com | 443 | Common third party container images |
- | raw.githubusercontent.com | 443 | Common third party content |
- | projectcalico.org | 443 | Calico container images |
- | quay.io | 443 | Common 3rd party container images |
- | grafana.com | 443 | Grafana container images and manifests |
- | github.com | 443 | Common third party content |
+The next sections describe specific requirements for installing Palette VerteX.
## Size Guidelines
@@ -77,9 +61,38 @@ The recommended maximum number of deployed nodes and clusters in the environment
+
+## Proxy Requirements
+
+- A proxy used for outgoing connections should support both HTTP and HTTPS traffic.
+
+
+- Allow connectivity to domains and ports in the table.
+
+
+
+ | **Top-Level Domain** | **Port** | **Description** |
+ |----------------------------|----------|-------------------------------------------------|
+ | spectrocloud.com | 443 | Spectro Cloud content repository and pack registry |
+ | s3.amazonaws.com | 443 | Spectro Cloud VMware OVA files |
+ | gcr.io | 443 | Spectro Cloud and common third party container images |
+ | ghcr.io | 443 | Kubernetes VIP images |
+ | docker.io | 443 | Common third party content |
+ | googleapis.com | 443 | For pulling Spectro Cloud images |
+ | docker.com | 443 | Common third party container images |
+ | raw.githubusercontent.com | 443 | Common third party content |
+ | projectcalico.org | 443 | Calico container images |
+ | quay.io | 443 | Common 3rd party container images |
+ | grafana.com | 443 | Grafana container images and manifests |
+ | github.com | 443 | Common third party content |
+
+
## Resources
- [Install on VMware vSphere](install-on-vmware/install-on-vmware.md)
-- [Install Using Helm Chart](install-on-kubernetes/install-on-kubernetes.md)
\ No newline at end of file
+- [Install Using Helm Chart](install-on-kubernetes/install-on-kubernetes.md)
+
+
+- [Airgap Installation](airgap/airgap.md)
\ No newline at end of file
diff --git a/docs/docs-content/vertex/vertex.md b/docs/docs-content/vertex/vertex.md
index aaefa0ab79..f3a174750a 100644
--- a/docs/docs-content/vertex/vertex.md
+++ b/docs/docs-content/vertex/vertex.md
@@ -42,5 +42,5 @@ Our dedicated support team will promptly get in touch with you to provide the ne
- [System Management](system-management/system-management.md)
-
+- [Enterprise Install Troubleshooting](../troubleshooting/enterprise-install.md)
diff --git a/static/assets/docs/images/enterprise-version_air-gap-repo_overview-order-diagram-focus.png b/static/assets/docs/images/enterprise-version_air-gap-repo_overview-order-diagram-focus.png
new file mode 100644
index 0000000000..6a327db306
Binary files /dev/null and b/static/assets/docs/images/enterprise-version_air-gap-repo_overview-order-diagram-focus.png differ
diff --git a/static/assets/docs/images/enterprise-version_air-gap-repo_overview-order-diagram.png b/static/assets/docs/images/enterprise-version_air-gap-repo_overview-order-diagram.png
index 9a8f1b7456..ccdb421b39 100644
Binary files a/static/assets/docs/images/enterprise-version_air-gap-repo_overview-order-diagram.png and b/static/assets/docs/images/enterprise-version_air-gap-repo_overview-order-diagram.png differ
diff --git a/static/assets/docs/images/enterprise-version_airgap_airgap-instructions_file-server-caddy.png b/static/assets/docs/images/enterprise-version_airgap_airgap-instructions_file-server-caddy.png
new file mode 100644
index 0000000000..be71ec36c0
Binary files /dev/null and b/static/assets/docs/images/enterprise-version_airgap_airgap-instructions_file-server-caddy.png differ
diff --git a/static/assets/docs/images/troubleshooting_enterprise-install_pack-registry-tls.png b/static/assets/docs/images/troubleshooting_enterprise-install_pack-registry-tls.png
new file mode 100644
index 0000000000..b4637242ea
Binary files /dev/null and b/static/assets/docs/images/troubleshooting_enterprise-install_pack-registry-tls.png differ
diff --git a/static/assets/videos/palette-airgap-install.mp4 b/static/assets/videos/palette-airgap-install.mp4
new file mode 100644
index 0000000000..c26cff8fad
Binary files /dev/null and b/static/assets/videos/palette-airgap-install.mp4 differ
diff --git a/static/assets/videos/palette-install.mp4 b/static/assets/videos/palette-install.mp4
index c39682d643..0fcbd1de60 100644
Binary files a/static/assets/videos/palette-install.mp4 and b/static/assets/videos/palette-install.mp4 differ
diff --git a/static/assets/videos/vertex-airgap-install.mp4 b/static/assets/videos/vertex-airgap-install.mp4
new file mode 100644
index 0000000000..9afccf9f38
Binary files /dev/null and b/static/assets/videos/vertex-airgap-install.mp4 differ
diff --git a/static/assets/videos/vertex-install.mp4 b/static/assets/videos/vertex-install.mp4
index ce66e6af6b..ad6046afce 100644
Binary files a/static/assets/videos/vertex-install.mp4 and b/static/assets/videos/vertex-install.mp4 differ
diff --git a/static/tape/palette-airgap-install.tape b/static/tape/palette-airgap-install.tape
new file mode 100644
index 0000000000..202bd12c99
--- /dev/null
+++ b/static/tape/palette-airgap-install.tape
@@ -0,0 +1,191 @@
+# Instructions:
+# You need to replace the the variables below with your own credentials.
+# Use envsubst to replace the variables in the file.
+# Source a .env file with the variables or export them in your shell.
+# You can use the following command to generate the file.
+# Assuming you have a .env file in the current directory.
+# source ../../.env && envsubst < palette-airgap-install.tape > palette-airgap-install-creds.tape
+Require palette
+Output palette-airgap-install.mp4
+
+Set FontSize 14
+Set Width 950
+Set Height 500
+Set TypingSpeed 0.1
+Set WindowBar Colorful
+Set Margin 20
+Set BorderRadius 10
+
+
+Show
+Type "palette ec install"
+Sleep 5s
+Enter
+Sleep 1s
+Enter
+Type "y"
+Sleep 2s
+Type "${UBUNTU_PRO}" # Ubuntu Pro Token. This is not required for a normal Palette installation.
+Enter
+Type "${AIRGAP_FILE_SERVER}" # Specify File Server
+Sleep 2s
+Enter
+Type "admin" # Username
+Sleep 2s
+Enter
+Type "admin" # Password
+Sleep 2s
+Enter
+Type "y" # Allow insecure connection
+Sleep 4s
+Enter # Select VMware
+Sleep 2s
+Enter # Cluster Name
+Sleep 2s
+Type "http://10.10.180.0:3128" # HTTPS Proxy
+Sleep 2s
+Enter
+Type "http://10.10.180.0:3128" # HTTP Proxy
+Sleep 2s
+Enter
+Escape
+Type "dd"
+Type "dd"
+Type "dd"
+Type "i"
+Type "10.10.128.10"
+Enter
+Type ".spectrocloud.dev"
+Enter
+Type "10.0.0.0/8"
+Escape
+Sleep 2s
+Type ":wq"
+Sleep 2s
+Enter
+Sleep 2s
+Enter # Proxy CA Cert
+Sleep 2s
+Enter # POD CIDR
+Sleep 2s
+Enter # Service IP Range
+Sleep 2s
+Enter # OCI Registry Choice
+Sleep 2s
+Type "Airgap Packs OCI"
+Enter
+Sleep 2s
+Type "${AIRGAP_OCI_REGISTRY}" # OCI Registry URL
+Enter
+Sleep 2s
+Type "${AIRGAP_PACKS_REPOSITORY}" # Base Path
+Enter
+Sleep 4s
+Escape
+Type ":wq"
+Sleep 2s
+Enter
+Sleep 2s
+Type "n" # Allow insecure connection
+Sleep 2s
+Type "/tmp/oci-airgap.crt" # OCI Registry CA Cert
+Enter
+Sleep 2s
+Type "${AIRGAP_OCI_REGISTRY_USERNAME}" # Username
+Enter
+Sleep 2s
+Type "${AIRGAP_OCI_REGISTRY_PASSWORD}" # Password
+Enter
+Sleep 2s
+Type "n"
+Sleep 2s
+Sleep 2s
+Type "n"
+Sleep 2s
+Type "Airgap Images OCI"
+Enter
+Sleep 2s
+Type "${AIRGAP_OCI_REGISTRY}" # OCI Registry URL
+Enter
+Sleep 2s
+Type "${AIRGAP_IMAGES_REPOSITORY}" # Base Path
+Enter
+Sleep 2s
+Escape
+Type ":wq"
+Sleep 2s
+Enter
+Sleep 2s
+Type "n" # Allow insecure connection
+Sleep 2s
+Type "/tmp/oci-airgap.crt" # OCI Registry CA Cert
+Enter
+Sleep 2s
+Type "${AIRGAP_OCI_REGISTRY_USERNAME}" # Username
+Enter
+Sleep 2s
+Type "${AIRGAP_OCI_REGISTRY_PASSWORD}" # Password
+Enter
+Sleep 2s
+Type "vcenter.spectrocloud.dev"
+Enter
+Sleep 2s
+Type "${VCENTER_USER}"
+Enter
+Sleep 2s
+Type "${VCENTER_PASSWORD}"
+Enter
+Sleep 2s
+Type "n" # Allow insecure connection
+Sleep 4s
+Enter # Select Datacenter
+Sleep 3s
+Type "sp-karl" # Select Folder
+Enter
+Sleep 3s
+Down 1
+Enter # Select Cluster
+Sleep 3s
+Down 1 # VM Network
+Enter
+Sleep 4s
+Enter # Resource Pool
+Sleep 3s
+Enter # Storage Policy
+Sleep 3s
+Enter # Select Datastore
+Sleep 2s
+Type "n" # Add another fault domain
+Sleep 2s
+Enter # NTP Servers
+Sleep 2s
+Type "dd"
+Type "i"
+Type "ssh-rsa AAAAB3NzaC1yc2EAA...."
+Escape
+Sleep 3s
+Type@500ms ":wq"
+Enter
+Sleep 2s
+Type "${AIRGAP_IP_START_RANGE}" # IP Start Range
+Enter
+Sleep 2s
+Type "${AIRGAP_IP_END_RANGE}" # IP End Range
+Enter
+Sleep 2s
+Enter # Network Prefix
+Sleep 2s
+Type "${AIRGAP_GATEWAY}" # Gateway
+Enter
+Type "${AIRGAP_DNS_SERVER}" # DNS Server
+Enter
+Type "spectrocloud.dev" # Name Server Domain
+Enter
+Sleep 2s
+Down 1 # Medium VM Size
+Enter
+Sleep 2s
+Type "y" # Node Affinity
+
+
+Sleep 35s
\ No newline at end of file
diff --git a/static/tape/palette-install.tape b/static/tape/palette-install.tape
index fc6ed80cc8..2a65f2b0c8 100644
--- a/static/tape/palette-install.tape
+++ b/static/tape/palette-install.tape
@@ -6,7 +6,7 @@
# Assuming you have a .env file in the current directory.
# source .env && envsubst < palette-install.tape > palette-install-creds.tape
Require palette
-Output static/assets/videos/palette-install.mp4
+Output palette-install.mp4
Set FontSize 14
Set Width 950
@@ -18,113 +18,87 @@ Set BorderRadius 10
Show
Type "palette ec install"
-Sleep 2s
+Sleep 5s
Enter
Sleep 1s
Enter
-Type "n"
+Type "y"
Sleep 2s
-# Enter
-# Type "${UBUNTU_PRO}" # Ubuntu Pro Token. This is not required for a normal Palette installation.
+Type "${UBUNTU_PRO}" # Ubuntu Pro Token. This is not required for a normal Palette installation.
Enter
-Type "https://repo-fips-rc40.rc.spectrocloud.com"
+Type "${PROD_SCAR_URL}"
Enter
-Type@200ms "spectro"
+Type@200ms "username"
+Hide
+Backspace 15
+Type "${PROD_SCAR_USERNAME}"
Enter
-Type "${FIPS_DEV_PACKS_REPOSITORY_PASSWORD}" # FIPS Packs Repository Password
+Show
+Sleep 2s
+Type "${PROD_SCAR_PASSWORD}" # FIPS Packs Repository Password
Enter
Sleep 2s
Type "y" # Allow Insecure Connection
+Sleep 2s
Enter
Sleep 3s
-Enter
-Sleep 1s
-Type "spectro-mgmt-cluster"
-Enter
-Sleep 2s
-Enter # HTTPS Proxy
-Sleep 2s
-Enter # HTTP Proxy
-Sleep 2s
-Enter # No Proxy
-Sleep 2s
-Enter # Proxy CA Cert
+Enter # Select VMware vSphere
Sleep 2s
-Type "172.16.0.0/20"
-Enter
-Sleep 1s
-Type "10.155.0.0/24"
-Enter
-Sleep 1s
-# Type "y" # The Packs & Image repository configurations.
-Down 1 # Registry Type OCI ECR
-Enter
-Sleep 1s
-Type "Palette Registry"
-Enter
+Enter # Cluster Name
Sleep 2s
-Type "${NON_FIPS_OCI_ECR_URL}"
-Enter
+Enter # HTTPS Proxy
Sleep 2s
-Type "${NON_FIPS_OCI_ECR_BASE_PATH}"
-Enter
+Enter # HTTP Proxy
Sleep 2s
-Type "y" # Allow Insecure Connection
-Enter
+Escape
+Type ":wq"
Sleep 2s
-Type "${NON_FIPS_OCI_ECR_ACCESS_KEY}" # AWS Access Key
Enter
Sleep 2s
-Type "${NON_FIPS_OCI_ECR_SECRET_KEY}"
-Enter
+Enter # Proxy CA Cert
Sleep 2s
-Type "${NON_FIPS_OCI_ECR_REGION}"
-Enter
+Enter # POD CIDR
Sleep 2s
-Type "y" # Is Registry private?
-Enter
+Enter # Service IP Range
Sleep 2s
-Type@500ms "y" # Pull images from public registry?
+Type "y" # Use default pack registry
Enter
-Sleep 3s
-Enter # Database Size
Sleep 2s
Type "vcenter.spectrocloud.dev"
Enter
Sleep 2s
-Type "${VCENTER_USER}" # vCenter User
+Type "${VCENTER_USER}"
Enter
Sleep 2s
-Type "${VCENTER_PASSWORD}" # vCenter Password
+Type "${VCENTER_PASSWORD}"
Enter
Sleep 2s
-Type@500ms "y" # Allow Insecure
+Type "y" # Allow insecure connection
Enter
Sleep 4s
-Enter
-Sleep 4s
-Type "sp-karl" # vSphere folder
-Sleep 2s
-Enter
+Enter # Select Datacenter
Sleep 3s
-Down 1
+Type "sp-karl" # Select Folder
Enter
Sleep 3s
Down 1
-Enter
+Enter # Select Cluster
Sleep 3s
+Down 1 # VM Network
Enter
+Sleep 4s
+Enter # Resource Pool
Sleep 3s
-Enter # VM Storage Policy
+Enter # Storage Policy
Sleep 3s
-Enter # Datastore
+Enter # Select Datastore
Sleep 2s
-Type@500ms "n" # Fault Domain
+Type "n" # Add another fault domain
Sleep 2s
-Enter # NPT servers
Enter
-Sleep 2s # SSH Key
-Escape
+Sleep 2s
+Enter # NTP Servers
+Sleep 2s
Type "dd"
Type "i"
Type "ssh-rsa AAAAB3NzaC1yc2EAA...."
@@ -132,25 +106,26 @@ Escape
Sleep 3s
Type@500ms ":wq"
Enter
-Sleep 2s
-Type@300ms "10.1.1.0" # IP Start Range
+Sleep 2s
+Type "${NON_AIRGAP_IP_START_RANGE}" # IP Start Range
Enter
-Type@300ms "10.1.63.255" # IP End Range
+Sleep 2s
+Type "${NON_AIRGAP_IP_END_RANGE}" # IP End Range
Enter
Sleep 2s
-Enter # Network CIDR
-Type@300ms "10.10.128.1" # Gateway
+Enter # Network Prefix
+Sleep 2s
+Type "${NON_AIRGAP_GATEWAY}" # Gateway
Enter
-Type@300ms "10.10.128.8" # DNS
+Type "${NON_AIRGAP_DNS_SERVER}" # DNS Server
Enter
-Type@300ms "spectrocloud.dev"
+Type "spectrocloud.dev" # Name Server Domain
+Enter
+Sleep 2s
+Down 1 # Medium VM Size
+Enter
+Sleep 2s
+Type "y" # Node Affinity
Enter
-Sleep 3s
-Enter # Number of CPUs
-Sleep 3s
-Enter # Memory
-Sleep 3s
-Enter # Disk Size
-
Sleep 35s
\ No newline at end of file
diff --git a/static/tape/vertex-airgap-install.tape b/static/tape/vertex-airgap-install.tape
new file mode 100644
index 0000000000..a204773581
--- /dev/null
+++ b/static/tape/vertex-airgap-install.tape
@@ -0,0 +1,191 @@
+# Instructions:
+# You need to replace the the variables below with your own credentials.
+# Use envsubst to replace the variables in the file.
+# Source a .env file with the variables or export them in your shell.
+# You can use the following command to generate the file.
+# Assuming you have a .env file in the current directory.
+# source .env && envsubst < vertex-airgap-install.tape > vertex-airgap-install-creds.tape
+Require palette
+Output vertex-airgap-install.mp4
+
+Set FontSize 14
+Set Width 950
+Set Height 500
+Set TypingSpeed 0.1
+Set WindowBar Colorful
+Set Margin 20
+Set BorderRadius 10
+
+
+Show
+Type "palette ec install"
+Enter
+Sleep 3s
+Down 1
+Enter
+Sleep 2s
+Type "y"
+Sleep 2s
+Type "${UBUNTU_PRO}" # Ubuntu Pro Token. This is not required for a normal Palette installation.
+Enter
+Type "${AIRGAP_FILE_SERVER}" # Specify File Server
+Sleep 2s
+Enter
+Type "admin" # Username
+Sleep 2s
+Enter
+Type "admin" # Password
+Sleep 2s
+Enter
+Type "y" # Allow insecure connection
+Sleep 4s
+Enter # Select VMware
+Sleep 2s
+Enter # Cluster Name
+Sleep 2s
+Type "http://10.10.180.0:3128" # HTTPS Proxy
+Sleep 2s
+Enter
+Type "http://10.10.180.0:3128" # HTTP Proxy
+Sleep 2s
+Enter
+Escape
+Type "dd"
+Type "dd"
+Type "dd"
+Type "i"
+Type "10.10.128.10"
+Enter
+Type ".spectrocloud.dev"
+Enter
+Type "10.0.0.0/8"
+Escape
+Sleep 2s
+Type ":wq"
+Sleep 2s
+Enter
+Sleep 2s
+Enter # Proxy CA Cert
+Sleep 2s
+Enter # POD CIDR
+Sleep 2s
+Enter # Service IP Range
+Sleep 2s
+Enter # OCI Registry Choice
+Sleep 2s
+Type "Airgap Packs OCI"
+Enter
+Sleep 2s
+Type "${AIRGAP_OCI_REGISTRY}" # OCI Registry URL
+Enter
+Sleep 2s
+Type "${AIRGAP_FIPS_PACKS_REPOSITORY}" # Base Path
+Enter
+Sleep 4s
+Escape
+Type ":wq"
+Sleep 2s
+Enter
+Sleep 2s
+Type "n" # Allow insecure connection
+Sleep 2s
+Type "/tmp/oci-airgap.crt" # OCI Registry CA Cert
+Enter
+Type "${AIRGAP_OCI_REGISTRY_USERNAME}" # Username
+Enter
+Sleep 2s
+Type "${AIRGAP_OCI_REGISTRY_PASSWORD}" # Password
+Enter
+Sleep 2s
+Type "n"
+Sleep 2s
+Sleep 2s
+Type "n"
+Sleep 2s
+Type "Airgap Images OCI"
+Enter
+Sleep 2s
+Type "${AIRGAP_OCI_REGISTRY}" # OCI Registry URL
+Enter
+Sleep 2s
+Type "${AIRGAP_FIPS_IMAGES_REPOSITORY}" # Base Path
+Enter
+Sleep 2s
+Escape
+Type ":wq"
+Sleep 2s
+Enter
+Sleep 2s
+Type "n" # Allow insecure connection
+Sleep 2s
+Type "/tmp/oci-airgap.crt" # OCI Registry CA Cert
+Enter
+Sleep 2s
+Type "${AIRGAP_OCI_REGISTRY_USERNAME}" # Username
+Enter
+Sleep 2s
+Type "${AIRGAP_OCI_REGISTRY_PASSWORD}" # Password
+Enter
+Sleep 2s
+Type "vcenter.spectrocloud.dev"
+Enter
+Sleep 2s
+Type "${VCENTER_USER}"
+Enter
+Sleep 2s
+Type "${VCENTER_PASSWORD}"
+Enter
+Sleep 2s
+Type "y" # Allow insecure connection
+Sleep 4s
+Enter # Select Datacenter
+Sleep 3s
+Type "sp-karl" # Select Folder
+Enter
+Sleep 3s
+Down 1
+Enter # Select Cluster
+Sleep 3s
+Down 1 # VM Network
+Enter
+Sleep 4s
+Enter # Resource Pool
+Sleep 3s
+Enter # Storage Policy
+Sleep 3s
+Enter # Select Datastore
+Sleep 2s
+Type "n" # Add another fault domain
+Sleep 2s
+Enter # NTP Servers
+Sleep 2s
+Type "dd"
+Type "i"
+Type "ssh-rsa AAAAB3NzaC1yc2EAA...."
+Escape
+Sleep 3s
+Type@500ms ":wq"
+Enter
+Sleep 2s
+Type "${AIRGAP_IP_START_RANGE}" # IP Start Range
+Enter
+Sleep 2s
+Type "${AIRGAP_IP_END_RANGE}" # IP End Range
+Enter
+Sleep 2s
+Enter # Network Prefix
+Sleep 2s
+Type "${AIRGAP_GATEWAY}" # Gateway
+Enter
+Type "${AIRGAP_DNS_SERVER}" # DNS Server
+Enter
+Type "spectrocloud.dev" # Name Server Domain
+Enter
+Sleep 2s
+Down 1 # Medium VM Size
+Enter
+Sleep 2s
+Type "y" # Node Affinity
+
+
+Sleep 35s
\ No newline at end of file
diff --git a/static/tape/vertex-install.tape b/static/tape/vertex-install.tape
index 1170ffc5a9..03f1185182 100644
--- a/static/tape/vertex-install.tape
+++ b/static/tape/vertex-install.tape
@@ -4,9 +4,9 @@
# Source a .env file with the variables or export them in your shell.
# You can use the following command to generate the file.
# Assuming you have a .env file in the current directory.
-# source .env && envsubst < vertex-install.tape > vertex-install-creds.tape
+# source ../../.env && envsubst < vertex-install.tape > vertex-install-creds.tape
Require palette
-Output static/assets/videos/vertex-install.mp4
+Output vertex-install.mp4
Set FontSize 14
Set Width 950
@@ -19,114 +19,87 @@ Set BorderRadius 10
Show
Type "palette ec install"
Enter
-Sleep 2s
+Sleep 3s
Down 1
-Sleep 1s
Enter
+Sleep 2s
Type "y"
-Sleep 1s
-Enter
Sleep 2s
-Type "${UBUNTU_PRO}" # Ubuntu Pro Token
+Type "${UBUNTU_PRO}" # Ubuntu Pro Token. This is not required for a normal Palette installation.
Enter
-Sleep 2s
-Type "${FIPS_PALETTE_ARTIFACT_REPOSITORY_URL}" # Artifact Repository
+Type "${PROD_FIPS_SCAR_URL}"
Enter
-Type@300ms "${FIPS_PALETTE_ARTIFACT_REPOSITORY_USERNAME}"
+Type@200ms "username"
+Hide
+Backspace 15
+Type "${PROD_FIPS_SCAR_USERNAME}"
Enter
-Type "${FIPS_PALETTE_ARTIFACT_REPOSITORY_PASSWORD}" # FIPS Packs Repository Password
+Show
+Sleep 2s
+Type "${PROD_FIPS_SCAR_PASSWORD}" # FIPS Packs Repository Password
Enter
-Sleep 3s
-Type "y" #Bypass X509 Verification
+Sleep 2s
+Type "y" # Allow Insecure Connection
+Sleep 2s
Enter
Sleep 3s
-Enter # Select Infrastructure Provider
+Enter # Select VMware vSphere
Sleep 2s
-Type "spectro-mgmt-cluster"
-Enter
+Enter # Cluster Name
Sleep 2s
Enter # HTTPS Proxy
Sleep 2s
-Enter # HTTP Proxy
-Sleep 2s
-Enter # No Proxy
-Sleep 2s
-Enter # Proxy CA Cert
+Enter # HTTP Proxy
Sleep 2s
-Type "172.16.0.0/20"
-Enter
-Sleep 1s
-Type "10.155.0.0/24"
-Enter
-Sleep 3s
-Down 1 # Select OCI ECR
-Enter
-Sleep 1s
-Type "Palette Registry"
-Enter
+Escape
+Type ":wq"
Sleep 2s
-Type "${FIPS_OCI_ECR_URL}"
Enter
Sleep 2s
-Type "${FIPS_OCI_ECR_BASE_PATH}"
-Enter
+Enter # Proxy CA Cert
Sleep 2s
-Type "y" # Allow Insecure Connection
-Enter
+Enter # POD CIDR
Sleep 2s
-Type "${FIPS_OCI_ECR_ACCESS_KEY}" # AWS Access Key
-Enter
+Enter # Service IP Range
Sleep 2s
-Type "${FIPS_OCI_ECR_SECRET_KEY}"
+Type "y" # Use default pack registry
Enter
Sleep 2s
-Type "${FIPS_OCI_ECR_REGION}"
+Type "vcenter.spectrocloud.dev"
Enter
Sleep 2s
-Type "y" # Is Registry private?
+Type "${VCENTER_USER}"
Enter
Sleep 2s
-Type@500ms "y" # Pull images from public registry?
+Type "${VCENTER_PASSWORD}"
Enter
-Sleep 3s
-Enter # Database Configurtion size
Sleep 2s
-Type "vcenter.spectrocloud.dev"
-Enter
-Sleep 3s
-Type "${VCENTER_USER}" # vCenter User
-Enter
-Sleep 3s
-Type "${VCENTER_PASSWORD}" # vCenter Password
+Type "y" # Allow insecure connection
Enter
-Sleep 3s
-Type "y" # Allow Insecure
-Enter
-Sleep 4s
-Enter # Datacenter
Sleep 4s
-Type "sp-karl" # vSphere folder
-Sleep 3s
-Enter
+Enter # Select Datacenter
Sleep 3s
-Down 1
+Type "sp-karl" # Select Folder
Enter
Sleep 3s
Down 1
-Enter
+Enter # Select Cluster
Sleep 3s
+Down 1 # VM Network
Enter
+Sleep 4s
+Enter # Resource Pool
Sleep 3s
-Enter # VM Storage Policy
-Sleep 3s
-Enter # Datastore
+Enter # Storage Policy
Sleep 3s
-Type@500ms "n" # Fault Domain
+Enter # Select Datastore
+Sleep 2s
+Type "n" # Add another fault domain
Sleep 2s
-Enter # NPT servers
Enter
-Sleep 2s # SSH Key
-Escape
+Sleep 2s
+Enter # NTP Servers
+Sleep 2s
Type "dd"
Type "i"
Type "ssh-rsa AAAAB3NzaC1yc2EAA...."
@@ -134,25 +107,26 @@ Escape
Sleep 3s
Type@500ms ":wq"
Enter
-Sleep 3s
-Type@300ms "10.1.1.0" # IP Start Range
+Sleep 2s
+Type "${NON_AIRGAP_IP_START_RANGE}" # IP Start Range
Enter
-Type@300ms "10.1.63.255" # IP End Range
+Sleep 2s
+Type "${NON_AIRGAP_IP_END_RANGE}" # IP End Range
Enter
-Sleep 3s
-Enter # Network CIDR
-Type@300ms "10.10.128.1" # Gateway
+Sleep 2s
+Enter # Network Prefix
+Sleep 2s
+Type "${NON_AIRGAP_GATEWAY}" # Gateway
Enter
-Type@300ms "10.10.128.8" # DNS
+Type "${NON_AIRGAP_DNS_SERVER}" # DNS Server
Enter
-Type@300ms "spectrocloud.dev"
+Type "spectrocloud.dev" # Name Server Domain
+Enter
+Sleep 2s
+Down 1 # Medium VM Size
+Enter
+Sleep 2s
+Type "y" # Node Affinity
Enter
-Sleep 3s
-Enter # Number of CPUs
-Sleep 3s
-Enter # Memory
-Sleep 3s
-Enter # Disk Size
-
-Sleep 70s
\ No newline at end of file
+Sleep 35s
\ No newline at end of file
diff --git a/vale/styles/Vocab/Internal/accept.txt b/vale/styles/Vocab/Internal/accept.txt
index 3cf63e4236..03bc7e68ad 100644
--- a/vale/styles/Vocab/Internal/accept.txt
+++ b/vale/styles/Vocab/Internal/accept.txt
@@ -147,3 +147,10 @@ Hotfix
Layer 2
L2
HashiCorp
+airgap
+Airgap
+jq
+Caddy
+jumpbox
+Oras
+oras
\ No newline at end of file