Skip to content

Commit

Permalink
[version-3-4] docs: backport PR 1597 (#1646)
Browse files Browse the repository at this point in the history
* docs: backport PR 1597

* chore: gitleaks fix
  • Loading branch information
karl-cardenas-coding authored Oct 5, 2023
1 parent 2cba35e commit 6683412
Show file tree
Hide file tree
Showing 43 changed files with 3,971 additions and 84 deletions.
4 changes: 4 additions & 0 deletions .gitleaksignore
Original file line number Diff line number Diff line change
Expand Up @@ -97,3 +97,7 @@ d916ea8726a0c226beb82fef8567877f5f5ef3f0:docs/docs-content/enterprise-version/re
4e46c6c2a90d3bb1ea17b70c15c8262aabf11c05:docs/docs-content/integrations/kubernetes.md:generic-api-key:805
4e46c6c2a90d3bb1ea17b70c15c8262aabf11c05:docs/docs-content/integrations/kubernetes.md:generic-api-key:1068
4e46c6c2a90d3bb1ea17b70c15c8262aabf11c05:docs/docs-content/integrations/ubuntu.md:generic-api-key:96
eecf731008b962d7f5aefbeb6cfee251147b92b9:docs/docs-content/enterprise-version-bkup/reverse-proxy.md:private-key:145
eecf731008b962d7f5aefbeb6cfee251147b92b9:docs/docs-content/enterprise-version/system-management/reverse-proxy.md:private-key:150
109fd4325ea00c4c07d55e8f9bafecb091c43023:docs/deprecated/enterprise-version/reverse-proxy.md:private-key:145
109fd4325ea00c4c07d55e8f9bafecb091c43023:docs/docs-content/enterprise-version/system-management/reverse-proxy.md:private-key:150
3 changes: 3 additions & 0 deletions docs/deprecated/enterprise-version/_category_.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
{
"position": 161
}
92 changes: 92 additions & 0 deletions docs/deprecated/enterprise-version/enterprise-version.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
---
sidebar_label: "Self-Hosted Installation"
title: "Self-Hosted Installation"
description: "Understanding, installing and operating Spectro Cloud's Enterprise Self-Hosted variant."
hide_table_of_contents: false
sidebar_custom_props:
icon: "cat"
tags: ["self-hosted", "enterprise"]
---


Palette is available as a self-hosted platform offering. You can install the self-hosted version of Palette in your data centers or public cloud providers to manage Kubernetes clusters.


## VMware Quick Start

A single-node Palette installation that is ideal for Proof of Concept (PoC) environments. Refer to the [Quick Start Installation](deploying-the-platform-installer.md) guide for more details.

## VMware Enterprise

A highly available multi-node Palette installation that is typically used for production purposes. Check out the [Enterprise Mode](deploying-an-enterprise-cluster.md) guide to get started.

## Kubernetes Install Helm Chart

Install Palette onto a Kubernetes cluster using a Helm Chart. Review the [Helm Chart Mode](deploying-palette-with-helm.md) guide to learn more.


## Airgap Install

Palette can be installed in a VMware environment without internet access, known as an air gap installation, which requires advance download of the following:
- Platform manifests
- Required platform packages
- Container images for core components
- Third-party dependencies
- Palette packs

## Download Palette Installer

To request the Palette self-hosted installer image, contact our Support team by sending an email to [email protected]. Kindly provide the following information in your email:

- Your full name
- Organization name (if applicable)
- Email address
- Phone number (optional)
- A brief description of your intended use for the Palette Self-host installer image.

Our dedicated support team will promptly get in touch with you to provide the necessary assistance and share the installer image.

If you have any questions or concerns, please feel free to contact [email protected].


## Upgrade Notes

Review the [Upgrade Notes](upgrade.md) before attempting to upgrade Palette.



## Resources


* [System Requirements](on-prem-system-requirements.md)


* [Quick Start Mode](deploying-the-platform-installer.md)


* [Enterprise Mode](deploying-an-enterprise-cluster.md)


* [Helm Chart Mode](deploying-palette-with-helm.md)


* [System Console Dashboard](system-console-dashboard.md)


* [Creating a VMware Cloud Gateway](../clusters/data-center/vmware.md#install-pcg)


* [Create VMware Cloud Account](../clusters/data-center/vmware.md#create-vmware-cloud-gateway)


* [Deploy a VMware Cluster](../clusters/data-center/vmware#deploy-a-vmware-cluster)


* [PCG Troubleshooting](../troubleshooting/pcg.md)


* [Upgrade Notes](upgrade.md)




252 changes: 252 additions & 0 deletions docs/deprecated/enterprise-version/reverse-proxy.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,252 @@
---
sidebar_label: "Configure Reverse Proxy"
title: "Configure Reverse Proxy"
description: "Learn how to configure a reverse proxy for Palette."
icon: ""
hide_table_of_contents: false
sidebar_position: 80
---

You can configure a reverse proxy for Palette. The reverse proxy can be used by host clusters deployed in a private network. Host clusters deployed in a private network are not accessible from the public internet or by users in different networks. You can use a reverse proxy to access the cluster's Kubernetes API server from a different network.

When you configure reverse proxy server for Palette, clusters that use the [Spectro Proxy pack](../integrations/frp.md) will use the reverse proxy server address in the kubeconfig file. Clusters not using the Spectro Proxy pack will use the default cluster address in the kubeconfig file.


Use the following steps to configure a reverse proxy server for Palette.

## Prerequisites


- [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) is installed and available.


- [Helm](https://helm.sh/docs/intro/install/) is installed and available.


- Access to the kubeconfig file of the Palette Kubernetes cluster. You can download the kubeconfig file from the Palette system console. Navigate to **Enterprise System Migration**, select the Palette cluster, and click the **Download Kubeconfig** button for the cluster.


- A domain name that you can use for the reverse proxy server. You will also need access to the DNS records for the domain so that you can create a CNAME DNS record for the reverse proxy server load balancer.


- Ensure you have an SSL certificate that matches the domain name you will assign to Spectro Proxy. You will need this to enable HTTPS encryption for the Spectro Proxy. Contact your network administrator or security team to obtain the SSL certificate. You need the following files:
- x509 SSL certificate file in base64 format

- x509 SSL certificate key file in base64 format

- x509 SSL certificate authority file in base64 format


- The Spectro Proxy server must have internet access and network connectivity to the private network where the Kubernetes clusters are deployed.


## Enablement

1. Open a terminal session and navigate to the directory where you stored the **values.yaml** for the Palette installation.


2. Use a text editor and open the **values.yaml** file. Locate the `frps` section and update the following values in the **values.yaml** file. Refer to the [Spectro Proxy Helm Configuration](helm-chart-install-reference.md#spectro-proxy) to learn more about the configuration options.

| **Parameter** | **Description** | **Type** |
| --- | --- | ---|
| `enabled`| Set to `true` to enable the Spectro Proxy server. | boolean |
| `frps.frpHostURL`| The domain name you will use for the Spectro Proxy server. For example, `frps.example.com`. |
| `server.crt`| The x509 SSL certificate file in base64 format. |
| `server.key`| The x509 SSL certificate key file in base64 format. |
| `ca.crt`| The x509 SSL certificate authority file in base64 format. |

<br />

The following is an example of the `frps` section in the **values.yaml** file. The SSL certificate files are truncated for brevity.

<br />

```yaml
frps:
frps:
enabled: true
frpHostURL: "frps.palette.example.com"
server:
crt: "LS0tLS1CRU...........tCg=="
key: "LS0tLS1CRU...........tCg=="
ca:
crt : "LS0tLS1CRU...........tCg=="
```
3. Issue the `helm upgrade` command to update the Palette Kubernetes configuration. The command below assumes you are in the folder that contains the **values.yaml** file and the Palette Helm chart. Change the directory path if needed.

<br />

```bash
helm upgrade --values values.yaml hubble spectro-mgmt-plane-0.0.0.tgz --install
```


4. After the new configurations are accepted, use the following command to get the IP address of the Spectro Proxy server's load balancer.

<br />

```bash
kubectl get svc --namespace proxy-system spectro-proxy-svc
```
5. Update the DNS records for the domain name you used for the Spectro Proxy server. Create a CNAME record that points to the IP address of the Spectro Proxy server's load balancer.


6. Log in to the Palette System API by using the `/v1/auth/syslogin` endpoint. Use the `curl` command below and replace the URL with the custom domain URL you assigned to Palette, or use the IP address. Ensure you replace the credentials below with your system console credentials.

<br />

```bash
curl --insecure --location 'https://palette.example.com/v1/auth/syslogin' \
--header 'Content-Type: application/json' \
--data '{
"password": "**********",
"username": "**********"
}'
```
Output
```json hideClipboard
{
"Authorization": "**********.",
"IsPasswordReset": true
}
```

7. Using the output you received, copy the authorization value to your clipboard and assign it to a shell variable. Replace the authorization value below with the value from the output.

<br />

```shell hideClipboard
TOKEN=**********
```

8. Next, prepare a payload for the`/v1/system/config/` endpoint. This endpoint is used to configure Palette to use a reverse proxy. The payload requires the following parameters:

<br />

| **Parameter** | **Description** | **Type** |
| --- | --- | --- |
| `caCert`| The x509 SSL certificate authority file in base64 format. | string |
| `clientCert`| The x509 SSL certificate file in base64 format. | string |
| `clientKey`| The x509 SSL certificate key file in base64 format. | string |
| `port` | The port number for the reverse proxy server. We recommend using port `443`. | integer |
| `protocol` | The protocol to use for the reverse proxy server. We recommend using `https`. | string |
| `server`| The domain name you will use for the Spectro Proxy server. For example, `frps.example.com`. Do not include the HTTP schema in the value. | string |

The following is an example payload. The SSL certificate files are truncated for brevity.

<br />

```json hideClipboard
{
"caCert": "-----BEGIN CERTIFICATE-----\n.............\n-----END CERTIFICATE-----",
"clientCert": "-----BEGIN CERTIFICATE-----\n..........\n-----END CERTIFICATE-----",
"clientKey": "-----BEGIN RSA PRIVATE KEY-----\n........\n-----END RSA PRIVATE KEY-----",
"port": 443,
"protocol": "https",
"server": "frps.palette.example.com.com"
}
```

<br />

:::info

You can save the payload to a file and use the `cat` command to read the file contents into the `curl` command. For example, if you save the payload to a file named `payload.json`, you can use the following command to read the file contents into the `curl` command. You can also save the payload as a shell variable and use the variable in the `curl` command.

:::


<br />

9. Issue a PUT request using the following `curl` command. Replace the URL with the custom domain URL you assigned to Palette or use the IP address. You can use the `TOKEN` variable you created earlier for the authorization header. Ensure you replace the payload below with the payload you created in the previous step.

<br />

```bash
curl --insecure --silent --include --output /dev/null -w "%{http_code}" --location --request PUT 'https://palette.example.com/v1/system/config/reverseproxy' \
--header "Authorization: $TOKEN" \
--header 'Content-Type: application/json' \
--data ' {
"caCert": "-----BEGIN CERTIFICATE-----\n................\n-----END CERTIFICATE-----\n",
"clientCert": "-----BEGIN CERTIFICATE-----\n.............\n-----END CERTIFICATE-----",
"clientKey": "-----BEGIN RSA PRIVATE KEY-----\n............\n-----END RSA PRIVATE KEY-----\n",
"port": 443,
"protocol": "https",
"server": "frps.palette.example.com.com"
}'
```

A successful response returns a `204` status code.

Output
```shell hideClipboard
204
```

You now have a Spectro Proxy server that you can use to access Palette clusters deployed in a different network. Make sure you add the [Spectro Proxy pack](../integrations/frp.md) to the clusters you want to access using the Spectro Proxy server.


## Validate

Use the following command to validate that the Spectro Proxy server is active.

<br />



1. Open a terminal session.


2. Log in to the Palette System API by using the `/v1/auth/syslogin` endpoint. Use the `curl` command below and replace the URL with the custom domain URL you assigned to Palette or use the IP address. Ensure you replace the credentials below with your system console credentials.

<br />

```bash
curl --insecure --location 'https://palette.example.com/v1/auth/syslogin' \
--header 'Content-Type: application/json' \
--data '{
"password": "**********",
"username": "**********"
}'
```
Output
```json hideClipboard
{
"Authorization": "**********.",
"IsPasswordReset": true
}
```

3. Using the output you received, copy the authorization value to your clipboard and assign it to a shell variable. Replace the authorization value below with the value from the output.

<br />

```shell hideClipboard
TOKEN=**********
```

4. Query the system API endpoint `/v1/system/config/reverseproxy` to verify the current reverse proxy settings applied to Palette. Use the `curl` command below and replace the URL with the custom domain URL you assigned to Palette, or use the IP address. You can use the `TOKEN` variable you created earlier for the authorization header.

<br />

```bash
curl --location --request GET 'https://palette.example.com/v1/system/config/reverseproxy' \
--header "Authorization: $TOKEN"
```

If the proxy server is configured correctly, you will receive an output similar to the following that contains your settings. The SSL certificate outputs are truncated for brevity.

<br />

```json hideClipboard
{
"caCert": "-----BEGIN CERTIFICATE-----\n...............\n-----END CERTIFICATE-----\n",
"clientCert": "-----BEGIN CERTIFICATE-----\n...........\n-----END CERTIFICATE-----",
"clientKey": "-----BEGIN RSA PRIVATE KEY-----\n........\n-----END RSA PRIVATE KEY-----\n",
"port": 443,
"protocol": "https",
"server": "frps.palette.example.com"
}
```
Loading

0 comments on commit 6683412

Please sign in to comment.