Deploying the MetalSoft Global Controller¶
The MetalSoft Global Controller is a Kubernetes application and as such it runs as a collection of containers, services, configurations etc. Any flavor of Kubernetes is supported, including, Vanilla Kubernetes, RedHat OpenShift, AWS EKS etc.
Kubernetes cluster compute requirements¶
The MetalSoft Global Controller requires a Kubernetes cluster as per this link to deploy successfully: Kubernetes Cluster Requirements
Other requirements¶
An SSL certificate is required for the domain that will be mapped to the MetalSoft application in DNS.
A load balancer mechanism such as MetalLB. (1 or 2 IPAddresses)
Setup with 1 IP Address will use ports HTTP 80, 443 and TCP port 9091
Setup with 2 IP Addresses, will use HTTP 80, 443 on one IP and port 443 on the other
Installing the MetalSoft controller kubernetes application¶
Copy the manifests to /opt/metalsoft/manifests/
&& cd /opt/metalsoft/manifests/ Apply the manifests to the cluster:
kubectl -n <namespace> apply -f .Check if the controller components are all running:
K8S ng-metal root@k8s01: /opt/metalsoft/manifests/ng-qa $ kubectl -n <namespace> get pods
NAME READY STATUS RESTARTS AGE
auth-66fd54f9d8-pftpn 1/1 Running 1 (4h11m ago) 4h15m
couchdb-6c869cb756-rc2sz 1/1 Running 2 (4h11m ago) 10h
eli-5bc878bc7-cj4l6 1/1 Running 1 (4h11m ago) 10h
extensions-769b54d49b-vj2gv 1/1 Running 1 (4h11m ago) 10h
gateway-api-86476dbb7c-ml6w6 1/1 Running 1 (4h11m ago) 4h15m
image-builder-5565dbd9c7-hk5gq 1/1 Running 1 (4h11m ago) 4h15m
inventory-5c44c99f89-hdwpc 1/1 Running 1 (4h11m ago) 4h15m
ipam-6dc74bcf78-7plp9 1/1 Running 1 (4h11m ago) 10h
kafka-74b77ddd5b-f9lzc 1/1 Running 2 (4h11m ago) 10h
license-674bcc66b9-xgg78 1/1 Running 1 (4h11m ago) 4h15m
metalsoft-docs-5d45b56479-rx4kk 1/1 Running 2 (4h11m ago) 10h
ms-agent-8c9c4cdbc-fxqv5 1/1 Running 8 (4h11m ago) 10h
ms-tunnel-86ddbf8c86-6gjw5 1/1 Running 3 (4h11m ago) 10h
mysql-697f56958d-58tt2 1/1 Running 2 (4h11m ago) 10h
network-microservice-86cf6dc8fc-nqpb4 1/1 Running 1 (4h11m ago) 10h
notification-microservice-d685c974b-65zxc 1/1 Running 1 (4h11m ago) 10h
orchestrator-6cd869cb45-4st69 1/1 Running 2 (4h11m ago) 4h15m
pdns-6b658c4554-zt9km 1/1 Running 2 (4h11m ago) 10h
redis-764bff6bd6-bvdkz 1/1 Running 2 (4h11m ago) 10h
registry-local-5967b98b4c-6tz6n 1/1 Running 2 (4h11m ago) 10h
repo-7bdc745c68-7qcvr 1/1 Running 2 (4h11m ago) 10h
sc-ansible-runner-7b94846fdd-wmhcx 1/1 Running 2 (4h11m ago) 10h
servers-54bc6dc79b-j299l 1/1 Running 1 (4h11m ago) 10h
storage-6986748575-skk67 1/1 Running 1 (4h11m ago) 10h
switch-64f87c8659-s6dxz 1/1 Running 1 (4h11m ago) 10h
template-75cc88c59b-m2hg2 1/1 Running 1 (4h11m ago) 4h15m
traefik-demo-metalsoft-7dc8574dc9-ddz5p 1/1 Running 1 (4h11m ago) 4h15m
ui-admin-75f9977d54-chfzx 1/1 Running 1 (4h11m ago) 10h
ui-customer-68797dbf44-cjmv8 1/1 Running 1 (4h11m ago) 10h
vm-microservice-66d8d8b76-hlvjf 1/1 Running 1 (4h11m ago) 10h
zookeeper-b796dd65b-ffzw2 1/1 Running 2 (4h11m ago) 10h
Required Global Controller firewall configuration¶
Ports open for inbound from Site Controllers¶
The following ports open on the Global Controller, on the MetalLB IP (the ip that moves between hosts), need to be accessible by Site Controller:
websecure: TCP port 443
ms-tunnel-9091: TCP port 9091
powerdns: UDP port 53
Ports open for inbound from clients¶
The following ports, on the MetalLB IP (the ip that moves between hosts), need to be accessed by end-clients (or admins).
websecure: TCP port 443
dns: TCP/UDP port 53
Outbound traffic¶
The Global Controller generates traffic towards the following destinations:
For Firmware Upgrades:¶
downloads.dell.com TCP port 443
downloads.linux.hpe.com TCP port 80
For pulling ISO files, can be hosted on customers own http storage:¶
repo.metalsoft.io TCP ports 80,443
For installing/upgrading Kubernetes:¶
apt.kubernetes.io TCP ports 80,443
k8s.io TCP port 443
registry.k8s.io TCP port 80,443
git.k8s.io TCP port 443
k8s.gcr.io TCP port 80,443
gcr.io TCP port 80,443
cloud.google.com TCP port 80,443
For pulling MetalSoft images at installation/upgrade time:¶
registry.metalsoft.dev TCP port 443 or registry-qts.metalsoft.dev TCP port 443 => Based on country Global Controller will be installed in
For pulling standard images at installation/upgrade time:¶
quay.io TCP ports 80,443 => MetalLB and Ceph images
cdn.quay.io TCP ports 80,443 => MetalLB and Ceph images
cdn01.quay.io TCP ports 80,443 => MetalLB and Ceph images
cdn02.quay.io TCP ports 80,443 => MetalLB and Ceph images
cdn03.quay.io TCP ports 80,443 => MetalLB and Ceph images
helm.traefik.io TCP port 443 => Helm chart for Traefik
docker.io TCP ports 80,443 => traefik, busybox and Rancher images
hub.docker.com TCP ports 80,443 => traefik, busybox and Rancher images
registry.hub.docker.com TCP ports 80,443 => traefik, busybox and Rancher images
registry-1.docker.io TCP ports 80,443 => traefik, busybox and Rancher images
Mail Server requirements If using Office365 for email alerts:¶
smtp.office365.com TCP port 587
For base OS package updates:¶
archive.ubuntu.com TCP port 80
security.ubuntu.com TCP port 80
For testing connectivity:
1.1.1.1 ICMP
1.1.1.1 TCP ports 80,443
For installing kubernetes¶
download.opensuse.org TCP port 80,443
packages.cloud.google.com TCP port 443
github.com TCP port 80,443
raw.githubusercontent.com TCP port 80,443
metallb.universe.tf TCP port 80,443
helm.traefik.io TCP port 443
Inter-cluster traffic¶
kubernetes api TCP 6443
storage traffic (depends on the storage solution used)