Deploying the MetalSoft Global Controller¶

The MetalSoft Global Controller is a Kubernetes application and as such it runs as a collection of containers, services, configurations etc. Any flavor of Kubernetes is supported, including, Vanilla Kubernetes, RedHat OpenShift, AWS EKS etc.

Kubernetes cluster compute requirements¶

The MetalSoft Global Controller requires a Kubernetes cluster as per this link to deploy successfully:
Kubernetes Cluster Requirements

Other requirements¶

An SSL certificate is required for the domain that will be mapped to the MetalSoft application in DNS.
A load balancer mechanism such as MetalLB. (1 or 2 IPAddresses)
- Setup with 1 IP Address will use ports HTTP 80, 443 and TCP port 9091
- Setup with 2 IP Addresses, will use HTTP 80, 443 on one IP and port 443 on the other

Installing the MetalSoft controller kubernetes application¶

Copy the manifests to /opt/metalsoft/manifests/ && cd /opt/metalsoft/manifests/
Run ./initial_create_of_env.sh -i
Check if the controller components are all running:

K8S ng-metal root@k8s01: /opt/metalsoft/manifests/ng-qa $ k get pods
NAME                                           READY   STATUS    RESTARTS   AGE
auth-7f86d9555-ltnwp                           1/1     Running   0          41h
couchdb-76549b7fb9-4mtjh                       1/1     Running   0          39h
eli-67ff8dcd7f-ldt9l                           1/1     Running   0          6d20h
extensions-d4696cc46-9fncx                     1/1     Running   0          3d22h
gateway-api-9694f6c49-f4hf5                    1/1     Running   0          39h
image-builder-67bb6cb565-zw92w                 1/1     Running   0          41h
inventory-58f9d6cbf-dm9ng                      1/1     Running   0          41h
ipam-5d694c5c7-z5lmg                           1/1     Running   0          6d20h
kafka-76b5f88f97-tr89p                         1/1     Running   0          6d20h
license-6756cccbf9-jn7zb                       1/1     Running   0          2d19h
metalsoft-docs-6ff6575f87-8kzw8                1/1     Running   0          39h
ms-tunnel-6fff874d7c-qdk5z                     1/1     Running   0          3d15h
mysql-869897f8f4-k52sd                         2/2     Running   0          38h
network-microservice-6cd5f54649-2d8sq          1/1     Running   1          6d20h
notification-microservice-6d85cb7ddf-tfz6p     1/1     Running   0          39h
orchestrator-765657cb7b-5pjx4                  1/1     Running   0          38h
pdns-678f8fbd78-pbq8n                          1/1     Running   0          6d20h
redis-74d7b74cdf-9rmbp                         1/1     Running   0          6d20h
repo-7cd6b4595f-qfqnj                          1/1     Running   0          6d20h
servers-6d9789d46b-rqqtx                       1/1     Running   0          38h
storage-b698c4fb5-vrt7f                        1/1     Running   0          41h
switch-6864d57896-9584r                        1/1     Running   0          25h
template-7555884ff6-8tfv5                      1/1     Running   0          41h
traefik-eveng-qa02-metalcloud-79cd85fc-glmrp   1/1     Running   0          38h
ui-admin-8b84d7857-f9j6j                       1/1     Running   0          2d20h
ui-customer-5ff6bc6b4b-499x6                   1/1     Running   0          10h
vm-microservice-6b5c8b544d-ptcjv               1/1     Running   0          41h
zookeeper-dbd4c566f-9nwzm                      1/1     Running   0          6d20h

Required Global Controller firewall configuration¶

Ports open for inbound from Site Controllers¶

The following ports open on the Global Controller, on the MetalLB IP (the ip that moves between hosts), need to be accessible by Site Controller:

websecure: TCP port 443
ms-tunnel-9091: TCP port 9091
powerdns: UDP port 53

Ports open for inbound from clients¶

The following ports, on the MetalLB IP (the ip that moves between hosts), need to be accessed by end-clients (or admins).

websecure: TCP port 443
dns: TCP/UDP port 53

Outbound traffic¶

The Global Controller generates traffic towards the following destinations:

For Firmware Upgrades:¶

downloads.dell.com TCP port 443
downloads.linux.hpe.com TCP port 80

For pulling ISO files, can be hosted on customers own http storage:¶

repo.metalsoft.io TCP ports 80,443

For installing/upgrading Kubernetes:¶

apt.kubernetes.io TCP ports 80,443
k8s.io TCP port 443
registry.k8s.io TCP port 80,443
git.k8s.io TCP port 443
k8s.gcr.io TCP port 80,443
gcr.io TCP port 80,443 
cloud.google.com TCP port 80,443

For pulling MetalSoft images at installation/upgrade time:¶

registry.metalsoft.dev TCP port 443 or registry-qts.metalsoft.dev TCP port 443 => Based on country Global Controller will be installed in

For pulling standard images at installation/upgrade time:¶

quay.io TCP ports 80,443 => MetalLB and Ceph images
cdn.quay.io TCP ports 80,443 => MetalLB and Ceph images
cdn01.quay.io TCP ports 80,443 => MetalLB and Ceph images
cdn02.quay.io TCP ports 80,443 => MetalLB and Ceph images
cdn03.quay.io TCP ports 80,443 => MetalLB and Ceph images
helm.traefik.io TCP port 443 => Helm chart for Traefik
docker.io TCP ports 80,443 => traefik, busybox and Rancher images
hub.docker.com TCP ports 80,443 => traefik, busybox and Rancher images
registry.hub.docker.com TCP ports 80,443 => traefik, busybox and Rancher images
registry-1.docker.io TCP ports 80,443  => traefik, busybox and Rancher images

Mail Server requirements If using Office365 for email alerts:¶

smtp.office365.com TCP port 587

For base OS package updates:¶

archive.ubuntu.com TCP port 80
security.ubuntu.com TCP port 80

For testing connectivity:

1.1.1.1 ICMP
1.1.1.1 TCP ports 80,443

For installing kubernetes¶

download.opensuse.org TCP port 80,443
packages.cloud.google.com TCP port 443
github.com TCP port 80,443
raw.githubusercontent.com TCP port 80,443
metallb.universe.tf TCP port 80,443
helm.traefik.io TCP port 443

Inter-cluster traffic¶

kubernetes api TCP 6443
storage traffic (depends on the storage solution used)