-
Notifications
You must be signed in to change notification settings - Fork 37
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[version-3-4] docs: backport PR 1597 (#1646)
* docs: backport PR 1597 * chore: gitleaks fix
- Loading branch information
1 parent
2cba35e
commit 6683412
Showing
43 changed files
with
3,971 additions
and
84 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
{ | ||
"position": 161 | ||
} |
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,92 @@ | ||
--- | ||
sidebar_label: "Self-Hosted Installation" | ||
title: "Self-Hosted Installation" | ||
description: "Understanding, installing and operating Spectro Cloud's Enterprise Self-Hosted variant." | ||
hide_table_of_contents: false | ||
sidebar_custom_props: | ||
icon: "cat" | ||
tags: ["self-hosted", "enterprise"] | ||
--- | ||
|
||
|
||
Palette is available as a self-hosted platform offering. You can install the self-hosted version of Palette in your data centers or public cloud providers to manage Kubernetes clusters. | ||
|
||
|
||
## VMware Quick Start | ||
|
||
A single-node Palette installation that is ideal for Proof of Concept (PoC) environments. Refer to the [Quick Start Installation](deploying-the-platform-installer.md) guide for more details. | ||
|
||
## VMware Enterprise | ||
|
||
A highly available multi-node Palette installation that is typically used for production purposes. Check out the [Enterprise Mode](deploying-an-enterprise-cluster.md) guide to get started. | ||
|
||
## Kubernetes Install Helm Chart | ||
|
||
Install Palette onto a Kubernetes cluster using a Helm Chart. Review the [Helm Chart Mode](deploying-palette-with-helm.md) guide to learn more. | ||
|
||
|
||
## Airgap Install | ||
|
||
Palette can be installed in a VMware environment without internet access, known as an air gap installation, which requires advance download of the following: | ||
- Platform manifests | ||
- Required platform packages | ||
- Container images for core components | ||
- Third-party dependencies | ||
- Palette packs | ||
|
||
## Download Palette Installer | ||
|
||
To request the Palette self-hosted installer image, contact our Support team by sending an email to [email protected]. Kindly provide the following information in your email: | ||
|
||
- Your full name | ||
- Organization name (if applicable) | ||
- Email address | ||
- Phone number (optional) | ||
- A brief description of your intended use for the Palette Self-host installer image. | ||
|
||
Our dedicated support team will promptly get in touch with you to provide the necessary assistance and share the installer image. | ||
|
||
If you have any questions or concerns, please feel free to contact [email protected]. | ||
|
||
|
||
## Upgrade Notes | ||
|
||
Review the [Upgrade Notes](upgrade.md) before attempting to upgrade Palette. | ||
|
||
|
||
|
||
## Resources | ||
|
||
|
||
* [System Requirements](on-prem-system-requirements.md) | ||
|
||
|
||
* [Quick Start Mode](deploying-the-platform-installer.md) | ||
|
||
|
||
* [Enterprise Mode](deploying-an-enterprise-cluster.md) | ||
|
||
|
||
* [Helm Chart Mode](deploying-palette-with-helm.md) | ||
|
||
|
||
* [System Console Dashboard](system-console-dashboard.md) | ||
|
||
|
||
* [Creating a VMware Cloud Gateway](../clusters/data-center/vmware.md#install-pcg) | ||
|
||
|
||
* [Create VMware Cloud Account](../clusters/data-center/vmware.md#create-vmware-cloud-gateway) | ||
|
||
|
||
* [Deploy a VMware Cluster](../clusters/data-center/vmware#deploy-a-vmware-cluster) | ||
|
||
|
||
* [PCG Troubleshooting](../troubleshooting/pcg.md) | ||
|
||
|
||
* [Upgrade Notes](upgrade.md) | ||
|
||
|
||
|
||
|
File renamed without changes.
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,252 @@ | ||
--- | ||
sidebar_label: "Configure Reverse Proxy" | ||
title: "Configure Reverse Proxy" | ||
description: "Learn how to configure a reverse proxy for Palette." | ||
icon: "" | ||
hide_table_of_contents: false | ||
sidebar_position: 80 | ||
--- | ||
|
||
You can configure a reverse proxy for Palette. The reverse proxy can be used by host clusters deployed in a private network. Host clusters deployed in a private network are not accessible from the public internet or by users in different networks. You can use a reverse proxy to access the cluster's Kubernetes API server from a different network. | ||
|
||
When you configure reverse proxy server for Palette, clusters that use the [Spectro Proxy pack](../integrations/frp.md) will use the reverse proxy server address in the kubeconfig file. Clusters not using the Spectro Proxy pack will use the default cluster address in the kubeconfig file. | ||
|
||
|
||
Use the following steps to configure a reverse proxy server for Palette. | ||
|
||
## Prerequisites | ||
|
||
|
||
- [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) is installed and available. | ||
|
||
|
||
- [Helm](https://helm.sh/docs/intro/install/) is installed and available. | ||
|
||
|
||
- Access to the kubeconfig file of the Palette Kubernetes cluster. You can download the kubeconfig file from the Palette system console. Navigate to **Enterprise System Migration**, select the Palette cluster, and click the **Download Kubeconfig** button for the cluster. | ||
|
||
|
||
- A domain name that you can use for the reverse proxy server. You will also need access to the DNS records for the domain so that you can create a CNAME DNS record for the reverse proxy server load balancer. | ||
|
||
|
||
- Ensure you have an SSL certificate that matches the domain name you will assign to Spectro Proxy. You will need this to enable HTTPS encryption for the Spectro Proxy. Contact your network administrator or security team to obtain the SSL certificate. You need the following files: | ||
- x509 SSL certificate file in base64 format | ||
|
||
- x509 SSL certificate key file in base64 format | ||
|
||
- x509 SSL certificate authority file in base64 format | ||
|
||
|
||
- The Spectro Proxy server must have internet access and network connectivity to the private network where the Kubernetes clusters are deployed. | ||
|
||
|
||
## Enablement | ||
|
||
1. Open a terminal session and navigate to the directory where you stored the **values.yaml** for the Palette installation. | ||
|
||
|
||
2. Use a text editor and open the **values.yaml** file. Locate the `frps` section and update the following values in the **values.yaml** file. Refer to the [Spectro Proxy Helm Configuration](helm-chart-install-reference.md#spectro-proxy) to learn more about the configuration options. | ||
|
||
| **Parameter** | **Description** | **Type** | | ||
| --- | --- | ---| | ||
| `enabled`| Set to `true` to enable the Spectro Proxy server. | boolean | | ||
| `frps.frpHostURL`| The domain name you will use for the Spectro Proxy server. For example, `frps.example.com`. | | ||
| `server.crt`| The x509 SSL certificate file in base64 format. | | ||
| `server.key`| The x509 SSL certificate key file in base64 format. | | ||
| `ca.crt`| The x509 SSL certificate authority file in base64 format. | | ||
|
||
<br /> | ||
|
||
The following is an example of the `frps` section in the **values.yaml** file. The SSL certificate files are truncated for brevity. | ||
|
||
<br /> | ||
|
||
```yaml | ||
frps: | ||
frps: | ||
enabled: true | ||
frpHostURL: "frps.palette.example.com" | ||
server: | ||
crt: "LS0tLS1CRU...........tCg==" | ||
key: "LS0tLS1CRU...........tCg==" | ||
ca: | ||
crt : "LS0tLS1CRU...........tCg==" | ||
``` | ||
3. Issue the `helm upgrade` command to update the Palette Kubernetes configuration. The command below assumes you are in the folder that contains the **values.yaml** file and the Palette Helm chart. Change the directory path if needed. | ||
|
||
<br /> | ||
|
||
```bash | ||
helm upgrade --values values.yaml hubble spectro-mgmt-plane-0.0.0.tgz --install | ||
``` | ||
|
||
|
||
4. After the new configurations are accepted, use the following command to get the IP address of the Spectro Proxy server's load balancer. | ||
|
||
<br /> | ||
|
||
```bash | ||
kubectl get svc --namespace proxy-system spectro-proxy-svc | ||
``` | ||
5. Update the DNS records for the domain name you used for the Spectro Proxy server. Create a CNAME record that points to the IP address of the Spectro Proxy server's load balancer. | ||
|
||
|
||
6. Log in to the Palette System API by using the `/v1/auth/syslogin` endpoint. Use the `curl` command below and replace the URL with the custom domain URL you assigned to Palette, or use the IP address. Ensure you replace the credentials below with your system console credentials. | ||
|
||
<br /> | ||
|
||
```bash | ||
curl --insecure --location 'https://palette.example.com/v1/auth/syslogin' \ | ||
--header 'Content-Type: application/json' \ | ||
--data '{ | ||
"password": "**********", | ||
"username": "**********" | ||
}' | ||
``` | ||
Output | ||
```json hideClipboard | ||
{ | ||
"Authorization": "**********.", | ||
"IsPasswordReset": true | ||
} | ||
``` | ||
|
||
7. Using the output you received, copy the authorization value to your clipboard and assign it to a shell variable. Replace the authorization value below with the value from the output. | ||
|
||
<br /> | ||
|
||
```shell hideClipboard | ||
TOKEN=********** | ||
``` | ||
|
||
8. Next, prepare a payload for the`/v1/system/config/` endpoint. This endpoint is used to configure Palette to use a reverse proxy. The payload requires the following parameters: | ||
|
||
<br /> | ||
|
||
| **Parameter** | **Description** | **Type** | | ||
| --- | --- | --- | | ||
| `caCert`| The x509 SSL certificate authority file in base64 format. | string | | ||
| `clientCert`| The x509 SSL certificate file in base64 format. | string | | ||
| `clientKey`| The x509 SSL certificate key file in base64 format. | string | | ||
| `port` | The port number for the reverse proxy server. We recommend using port `443`. | integer | | ||
| `protocol` | The protocol to use for the reverse proxy server. We recommend using `https`. | string | | ||
| `server`| The domain name you will use for the Spectro Proxy server. For example, `frps.example.com`. Do not include the HTTP schema in the value. | string | | ||
|
||
The following is an example payload. The SSL certificate files are truncated for brevity. | ||
|
||
<br /> | ||
|
||
```json hideClipboard | ||
{ | ||
"caCert": "-----BEGIN CERTIFICATE-----\n.............\n-----END CERTIFICATE-----", | ||
"clientCert": "-----BEGIN CERTIFICATE-----\n..........\n-----END CERTIFICATE-----", | ||
"clientKey": "-----BEGIN RSA PRIVATE KEY-----\n........\n-----END RSA PRIVATE KEY-----", | ||
"port": 443, | ||
"protocol": "https", | ||
"server": "frps.palette.example.com.com" | ||
} | ||
``` | ||
|
||
<br /> | ||
|
||
:::info | ||
|
||
You can save the payload to a file and use the `cat` command to read the file contents into the `curl` command. For example, if you save the payload to a file named `payload.json`, you can use the following command to read the file contents into the `curl` command. You can also save the payload as a shell variable and use the variable in the `curl` command. | ||
|
||
::: | ||
|
||
|
||
<br /> | ||
|
||
9. Issue a PUT request using the following `curl` command. Replace the URL with the custom domain URL you assigned to Palette or use the IP address. You can use the `TOKEN` variable you created earlier for the authorization header. Ensure you replace the payload below with the payload you created in the previous step. | ||
|
||
<br /> | ||
|
||
```bash | ||
curl --insecure --silent --include --output /dev/null -w "%{http_code}" --location --request PUT 'https://palette.example.com/v1/system/config/reverseproxy' \ | ||
--header "Authorization: $TOKEN" \ | ||
--header 'Content-Type: application/json' \ | ||
--data ' { | ||
"caCert": "-----BEGIN CERTIFICATE-----\n................\n-----END CERTIFICATE-----\n", | ||
"clientCert": "-----BEGIN CERTIFICATE-----\n.............\n-----END CERTIFICATE-----", | ||
"clientKey": "-----BEGIN RSA PRIVATE KEY-----\n............\n-----END RSA PRIVATE KEY-----\n", | ||
"port": 443, | ||
"protocol": "https", | ||
"server": "frps.palette.example.com.com" | ||
}' | ||
``` | ||
|
||
A successful response returns a `204` status code. | ||
|
||
Output | ||
```shell hideClipboard | ||
204 | ||
``` | ||
|
||
You now have a Spectro Proxy server that you can use to access Palette clusters deployed in a different network. Make sure you add the [Spectro Proxy pack](../integrations/frp.md) to the clusters you want to access using the Spectro Proxy server. | ||
|
||
|
||
## Validate | ||
|
||
Use the following command to validate that the Spectro Proxy server is active. | ||
|
||
<br /> | ||
|
||
|
||
|
||
1. Open a terminal session. | ||
|
||
|
||
2. Log in to the Palette System API by using the `/v1/auth/syslogin` endpoint. Use the `curl` command below and replace the URL with the custom domain URL you assigned to Palette or use the IP address. Ensure you replace the credentials below with your system console credentials. | ||
|
||
<br /> | ||
|
||
```bash | ||
curl --insecure --location 'https://palette.example.com/v1/auth/syslogin' \ | ||
--header 'Content-Type: application/json' \ | ||
--data '{ | ||
"password": "**********", | ||
"username": "**********" | ||
}' | ||
``` | ||
Output | ||
```json hideClipboard | ||
{ | ||
"Authorization": "**********.", | ||
"IsPasswordReset": true | ||
} | ||
``` | ||
|
||
3. Using the output you received, copy the authorization value to your clipboard and assign it to a shell variable. Replace the authorization value below with the value from the output. | ||
|
||
<br /> | ||
|
||
```shell hideClipboard | ||
TOKEN=********** | ||
``` | ||
|
||
4. Query the system API endpoint `/v1/system/config/reverseproxy` to verify the current reverse proxy settings applied to Palette. Use the `curl` command below and replace the URL with the custom domain URL you assigned to Palette, or use the IP address. You can use the `TOKEN` variable you created earlier for the authorization header. | ||
|
||
<br /> | ||
|
||
```bash | ||
curl --location --request GET 'https://palette.example.com/v1/system/config/reverseproxy' \ | ||
--header "Authorization: $TOKEN" | ||
``` | ||
|
||
If the proxy server is configured correctly, you will receive an output similar to the following that contains your settings. The SSL certificate outputs are truncated for brevity. | ||
|
||
<br /> | ||
|
||
```json hideClipboard | ||
{ | ||
"caCert": "-----BEGIN CERTIFICATE-----\n...............\n-----END CERTIFICATE-----\n", | ||
"clientCert": "-----BEGIN CERTIFICATE-----\n...........\n-----END CERTIFICATE-----", | ||
"clientKey": "-----BEGIN RSA PRIVATE KEY-----\n........\n-----END RSA PRIVATE KEY-----\n", | ||
"port": 443, | ||
"protocol": "https", | ||
"server": "frps.palette.example.com" | ||
} | ||
``` |
Oops, something went wrong.