Skip to content

Commit

Permalink
Cherry-pick of PR6672 (#6729)
Browse files Browse the repository at this point in the history
Co-authored-by: Chris Splinter <[email protected]>
  • Loading branch information
chrisnegus and csplinter authored Sep 26, 2023
1 parent ec4d7d8 commit f30edf6
Show file tree
Hide file tree
Showing 9 changed files with 146 additions and 176 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -5,39 +5,26 @@ weight: 20
aliases:
/docs/tasks/cluster/cluster-upgrades/airgapped-upgrades/
description: >
How to perform eks-anywhere upgrade for an airgapped cluster
Upgrading EKS Anywhere clusters in airgapped environments
---
If you want to upgrade EKS Anywhere version, or your cluster upgrade requires EKS Anywhere version upgrade in airgapped environment, perform the following steps to prepare new artifacts in your registry mirror:
The procedure to upgrade EKS Anywhere clusters in airgapped environments is similar to the procedure for creating new clusters in airgapped environments. The only difference is that you must upgrade your `eksctl anywhere` CLI before running the steps to download and import the EKS Anywhere dependencies to your local registry mirror.

1. [Upgrade EKS Anywhere version]({{< relref "./vsphere-and-cloudstack-upgrades.md#eks-anywhere-version-upgrades" >}}).
### Prerequisites
- An existing [Admin machine]({{< relref "../../getting-started/install" >}})
- **The upgraded version of the `eksctl anywhere` CLI installed on the Admin machine**
- Docker running on the Admin machine
- At least 80GB in storage space on the Admin machine to temporarily store the EKS Anywhere images locally before importing them to your local registry. Currently, when downloading images, EKS Anywhere pulls all dependencies for all infrastructure providers and supported Kubernetes versions.
- The download and import images commands must be run on an amd64 machine to import amd64 images to the registry mirror.

1. Use the upgraded binary to download new artifacts that will be used by the cluster nodes to the Admin machine:
```bash
eksctl anywhere download artifacts
```
A compressed file `eks-anywhere-downloads.tar.gz` will be downloaded.
### Procedure

1. Decompress this file:
```bash
tar -xvf eks-anywhere-downloads.tar.gz
```
This will create an eks-anywhere-downloads folder that we’ll be using later.
{{% content "../../getting-started/airgapped/airgap-steps.md" %}}

1. Use the upgraded binary to download new images:
```bash
eksctl anywhere download images -o images.tar
```
If the previous steps succeeded, all of the required EKS Anywhere dependencies are now present in your local registry. Before you upgrade your EKS Anywhere cluster, configure `registryMirrorConfiguration` in your EKS Anywhere cluster specification with the information for your local registry. For details see the [Registry Mirror Configuration documentation.]({{< relref "../../getting-started/optional/registrymirror/#registry-mirror-cluster-spec" >}})

1. Use the upgraded binary to import new images to your local registry mirror.
```bash
eksctl anywhere import images -i images.tar -r <registryUrl> \
--bundles ./eks-anywhere-downloads/bundle-release.yaml
```
>**_NOTE:_** If you are running EKS Anywhere on bare metal, you must configure `osImageURL` and `hookImagesURLPath` in your EKS Anywhere cluster specification with the location of the upgraded node operating system image and hook OS image. For details, reference the [bare metal configuration documentation.]({{< relref "../../getting-started/baremetal/bare-spec/#osimageurl" >}})
1. If you want to upgrade your curated packages, you can import the newest curated package artifacts by
```
eksctl anywhere copy packages --bundle ${BUNDLE_RELEASE_YAML_PATH} --dst-cert ${REGISTRY_MIRROR_CERT} ${REGISTRY_MIRROR_URL}
```
then [activate the new package bundles]({{< relref "../../packages/packagebundles/#activating-a-package-bundle" >}}).

1. You are now ready to [upgrade your cluster based on the cluster provider]({{< relref "../cluster-upgrades/" >}}).
### Next Steps
- [Build upgraded node operating system images for your cluster]({{< relref "../../osmgmt/artifacts/#building-images-for-a-specific-eks-anywhere-version" >}})
- [Upgrade a cluster on vSphere, Snow, Cloudstack, or Nutanix]({{< relref "./vsphere-and-cloudstack-upgrades" >}})
- [Upgrade a cluster on bare metal]({{< relref "./baremetal-upgrades" >}})
82 changes: 24 additions & 58 deletions docs/content/en/docs/getting-started/airgapped/_index.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,73 +2,39 @@
title: 2. Airgapped (optional)
weight: 15
description: >
Configuring EKS Anywhere for airgapped environments
Configure EKS Anywhere for airgapped environments
---

When creating an EKS Anywhere cluster, there may be times where you need to do so in an airgapped
environment.
In this type of environment, cluster nodes are connected to the Admin Machine, but not to the
internet.
In order to download images and artifacts, however, the Admin machine needs to be temporarily
connected to the internet.
EKS Anywhere can be used in airgapped environments, where clusters are not connected to the internet or external networks.

An airgapped environment is especially important if you require the most secure networks.
EKS Anywhere supports airgapped installation for creating clusters using a registry mirror.
For airgapped installation to work, the Admin machine must have:
If you are planning to run EKS Anywhere in an airgapped environments, before you create a cluster, you must temporarily connect your Admin machine to the internet to install the `eksctl` CLI and pull the required EKS Anywhere dependencies. Once these dependencies are downloaded and imported in a local registry, you no longer need internet access. In the EKS Anywhere cluster specification, you can configure EKS Anywhere to use your local registry mirror. When the registry mirror configuration is set in the EKS Anywhere cluster specification, EKS Anywhere configures containerd to pull from that registry instead of Amazon ECR during cluster creation and lifecycle operations. For more information, reference the [Registry Mirror Configuration documentation.]({{< relref "../optional/registrymirror" >}})

* Temporary access to the internet to download images and artifacts
* Ample space (80 GB or more) to store artifacts locally
If you are using Ubuntu or RHEL as the operating system for nodes in your EKS Anywhere cluster, you must connect to the internet while building the images with the EKS Anywhere image-builder tool. After building the operating system images, you can configure EKS Anywhere to pull the operating system images from a location of your chosing in the EKS Anywhere cluster specification. For more information on the image building process and operating system cluster specification, reference the [Operating System Management documentation.]({{< relref "../../osmgmt/overview" >}})

### Overview

To create a cluster in an airgapped environment, perform the following:
The process for preparing your airgapped environment for EKS Anywhere is summarized by the following steps:
1. Use the `eksctl anywhere` CLI to download EKS Anywhere artifacts. These artifacts are `yaml` files that contain the list and locations of the EKS Anywhere dependencies.
1. Use the `eksctl anywhere` CLI to download EKS Anywhere images. These images include EKS Anywhere dependencies including EKS Distro components, Cluster API provider components, and EKS Anywhere components such as the EKS Anywhere controllers, Cilium CNI, kube-vip, and cert-manager.
1. Set up your local registry following the steps in the [Registry Mirror Configuration documentation.]({{< relref "../optional/registrymirror" >}})
1. Use the `eksctl anywhere` CLI to import the EKS Anywhere images to your local registry.
1. Optionally use the `eksctl anywhere` CLI to copy EKS Anywhere Curated Packages images to your local registry.

1. Download the artifacts and images that will be used by the cluster nodes to the Admin machine using the following command:
```bash
eksctl anywhere download artifacts
```
A compressed file `eks-anywhere-downloads.tar.gz` will be downloaded.
### Prerequisites
- An existing [Admin machine]({{< relref "../install" >}})
- Docker running on the Admin machine
- At least 80GB in storage space on the Admin machine to temporarily store the EKS Anywhere images locally before importing them to your local registry. Currently, when downloading images, EKS Anywhere pulls all dependencies for all infrastructure providers and supported Kubernetes versions.
- The download and import images commands must be run on an amd64 machine to import amd64 images to the registry mirror.

1. To decompress this file, use the following command:
```bash
tar -xvf eks-anywhere-downloads.tar.gz
```
This will create an eks-anywhere-downloads folder that we’ll be using later.
### Procedure

1. In order for the next command to run smoothly, ensure that Docker has been pre-installed and is running. Then run the following:
```bash
eksctl anywhere download images -o images.tar
```
{{% content "./airgap-steps.md" %}}

1. If you want to use curated packages, refer to [Curated Packages]({{< relref "../../packages/prereq#prepare-curated-packages-for-airapped-clusters" >}}) to copy curated packages to your registry mirror.
If the previous steps succeeded, all of the required EKS Anywhere dependencies are now present in your local registry. Before you create your EKS Anywhere cluster, configure `registryMirrorConfiguration` in your EKS Anywhere cluster specification with the information for your local registry. For details see the [Registry Mirror Configuration documentation.]({{< relref "../../getting-started/optional/registrymirror/#registry-mirror-cluster-spec" >}})

{{% alert title="Warning" color="warning" %}}
`eksctl anywhere download images` and `eksctl anywhere import images` command need to be run on an amd64 machine to import amd64 images to the registry mirror.
{{% /alert %}}
>**_NOTE:_** If you are running EKS Anywhere on bare metal, you must configure `osImageURL` and `hookImagesURLPath` in your EKS Anywhere cluster specification with the location of your node operating system image and the hook OS image. For details, reference the [bare metal configuration documentation.]({{< relref "../baremetal/bare-spec/#osimageurl" >}})
**For the remaining steps, the Admin machine no longer needs to be connected to the internet or the bastion host.**

1. Next, you will need to set up a local registry mirror to host the downloaded EKS Anywhere images. In order to set one up, refer to [Registry Mirror configuration.]({{< relref "../../getting-started/optional/registrymirror.md" >}})

1. Now that you’ve configured your local registry mirror, you will need to import images to the local registry mirror using the following command (be sure to replace <registryUrl> with the url of the local registry mirror you created in step 4):
```bash
eksctl anywhere import images -i images.tar -r <registryUrl> \
--bundles ./eks-anywhere-downloads/bundle-release.yaml
```
You are now ready to deploy a cluster by selecting your provider from the [EKS Anywhere providers]({{< relref "/docs/getting-started/chooseprovider" >}}) page and following those instructions.

### For Bare Metal (Tinkerbell)
You will need to have hookOS and its OS artifacts downloaded and served locally from an HTTP file server.
You will also need to modify the [hookImagesURLPath]({{< relref "../baremetal/bare-spec/#hookimagesurlpath" >}}) and the [osImageURL]({{< relref "../baremetal/bare-spec/#osimageurl" >}}) in the cluster configuration files.
Ensure that structure of the files is set up as described in [hookImagesURLPath.]({{< relref "../baremetal/bare-spec/#hookimagesurlpath" >}})

### For vSphere
If you are using the vSphere provider, be sure that the requirements in the
[Prerequisite checklist]({{< relref "../vsphere/vsphere-prereq/" >}}) have been met.

## Deploy a cluster

Once you have the tools installed you can deploy a cluster by [choosing a provider]({{< relref "/docs/getting-started/chooseprovider/" >}})

## Upgrade an airgapped cluster

To upgrade an airgapped cluster, see [upgrade airgapped cluster]({{< relref "../../clustermgmt/cluster-upgrades/airgapped-upgrades.md" >}})
### Next Steps
- Review EKS Anywhere [cluster networking requirements]({{< relref "../ports" >}})
- Review EKS Anywhere [infrastructure providers and their prerequisites]({{< relref "../chooseprovider" >}})
- Review the [upgrade procedure]({{< relref "../../clustermgmt/cluster-upgrades/airgapped-upgrades.md" >}}) for EKS Anywhere in airgapped environments
13 changes: 13 additions & 0 deletions docs/content/en/docs/getting-started/airgapped/airgap-packages.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
---
toc_hide: true
---
If you are running in an airgapped environment and you set up a local registry mirror, you can copy curated packages from Amazon ECR to your local registry mirror with the following command.

The `$BUNDLE_RELEASE_YAML_PATH` should be set to the `eks-anywhere-downloads/bundle-release.yaml` location where you unpacked the tarball from the`eksctl anywhere download artifacts` command. The `$REGISTRY_MIRROR_CERT_PATH` and `$REGISTRY_MIRROR_URL` values must be the same as the `registryMirrorConfiguration` in your EKS Anywhere cluster specification.

```bash
eksctl anywhere copy packages \
--bundle ${BUNDLE_RELEASE_YAML_PATH} \
--dst-cert ${REGISTRY_MIRROR_CERT_PATH} \
${REGISTRY_MIRROR_URL}
```
36 changes: 36 additions & 0 deletions docs/content/en/docs/getting-started/airgapped/airgap-steps.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
---
toc_hide: true
---
1. Download the EKS Anywhere artifacts that contain the list and locations of the EKS Anywhere dependencies. A compressed file `eks-anywhere-downloads.tar.gz` will be downloaded. You can use the `eksctl anywhere download artifacts --dry-run` command to see the list of artifacts it will download.
```bash
eksctl anywhere download artifacts
```

1. Decompress the `eks-anywhere-downloads.tar.gz` file using the following command. This will create an `eks-anywhere-downloads` folder.
```bash
tar -xvf eks-anywhere-downloads.tar.gz
```

1. Download the EKS Anywhere image dependencies to the Admin machine. This command may take several minutes (10+) to complete. To monitor the progress of the command, you can run with the `-v 6` command line argument, which will show details of the images that are being pulled. Docker must be running for the following command to succeed.
```bash
eksctl anywhere download images -o images.tar
```

1. Set up a local registry mirror to host the downloaded EKS Anywhere images and configure your Admin machine with the certificates and authentication information if your registry requires it. For details, refer to the [Registry Mirror Configuration documentation.]({{< relref "../../getting-started/optional/registrymirror/#configure-local-registry-mirror" >}})

1. Import images to the local registry mirror using the following command. Set `REGISTRY_MIRROR_URL` to the url of the local registry mirror you created in the previous step. This command may take several minutes to complete. To monitor the progress of the command, you can run with the `-v 6` command line argument.
```bash
export REGISTRY_MIRROR_URL=<registryurl>
```
```bash
eksctl anywhere import images -i images.tar -r ${REGISTRY_MIRROR_URL} \
--bundles ./eks-anywhere-downloads/bundle-release.yaml
```

1. Optionally import curated packages to your registry mirror. The curated packages images are copied from Amazon ECR to your local registry mirror in a single step, as opposed to separate download and import steps. For post-cluster creation steps, reference the [Curated Packages documentation.]({{< relref "../../packages/prereq/#prepare-for-using-curated-packages-for-airgapped-environments" >}})

<details>
<summary>Expand for curated packages instructions</summary>
<br />
{{% content "airgap-packages.md" %}}
</details>
4 changes: 2 additions & 2 deletions docs/content/en/docs/getting-started/baremetal/bare-prereq.md
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ Here are other network requirements:

>**_NOTE:_**: If you have another DHCP service running on the network, you need to prevent it from interfering with the EKS Anywhere DHCP service. You can do that by configuring the other DHCP service to explicitly block all MAC addresses and exclude all IP addresses that you plan to use with your EKS Anywhere clusters.
* The administrative machine and the target workload environment will need network access to:
* If you have not followed the [steps for airgapped environments]({{< relref "../airgapped" >}}), then the administrative machine and the target workload environment need network access (TCP/443) to:

* public.ecr.aws
* anywhere-assets.eks.amazonaws.com: To download the EKS Anywhere binaries, manifests and OVAs
Expand All @@ -68,7 +68,7 @@ Here are other network requirements:

>**_NOTE:_** When you set up your cluster configuration YAML file, the endpoint and Tinkerbell addresses are set in the `ControlPlaneConfiguration.endpoint.host` and `tinkerbellIP` fields, respectively.
* Ports must be open to the Admin machine and cluster machines as described in Ports and protocols.
* Ports must be open to the Admin machine and cluster machines as described in the [Cluster Networking documentation]({{< relref "../ports" >}}).

## Validated hardware

Expand Down
27 changes: 9 additions & 18 deletions docs/content/en/docs/getting-started/chooseprovider/_index.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,25 +3,16 @@ title: 4. Choose provider
main_menu: true
weight: 17
description: >
Choose an EKS Anywhere provider to deploy a cluster
Choose an infrastructure provider for EKS Anywhere clusters
---

<!-- overview -->
EKS Anywhere supports many different types of infrastructure including VMWare vSphere, bare metal, Snow, Nutanix, and Apache CloudStack. You can also run EKS Anywhere on Docker for dev/test use cases only. EKS Anywhere clusters can only run on a single infrastructure provider. For example, you cannot have some vSphere nodes, some bare metal nodes, and some Snow nodes in a single EKS Anywhere cluster. Management clusters also must run on the same infrastructure provider as workload clusters.

EKS Anywhere can be deployed as a simple, unsupported local environment or as a production-quality environment that can become a supported on-premises Kubernetes platform.
This section lists the different ways to set up and run EKS Anywhere.
When you install EKS Anywhere, choose an installation type based on: ease of maintenance, security, control, available resources, and expertise required to operate and manage a cluster.
Detailed information on each infrastructure provider can be found in the sections below. Review the infrastructure provider's prerequisites in-depth before creating your first cluster.

<!-- body -->

[Install on Bare Metal]({{< relref "../baremetal/" >}})

[Install on vSphere]({{< relref "../vsphere/" >}})

[Install on CloudStack]({{< relref "../cloudstack/" >}})

[Install on Nutanix]({{< relref "../nutanix/" >}})

[Install on Snow]({{< relref "../snow/" >}})

[Install on Docker (dev only)]({{< relref "../docker/" >}})
##### [**Install on vSphere**]({{< relref "../vsphere/" >}})
##### [**Install on Bare Metal**]({{< relref "../baremetal/" >}})
##### [**Install on Snow**]({{< relref "../snow/" >}})
##### [**Install on CloudStack**]({{< relref "../cloudstack/" >}})
##### [**Install on Nutanix**]({{< relref "../nutanix/" >}})
##### [**Install on Docker (dev only)**]({{< relref "../docker/" >}})
3 changes: 2 additions & 1 deletion docs/content/en/docs/getting-started/install/_index.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,8 @@ See [Create cluster workflow]({{< relref "../overview" >}}) for an overview of t
- 4 CPU cores
- 16GB memory
- 30GB free disk space
- Administrative machine must be on the same Layer 2 network as the cluster machines (Bare Metal provider only).
- If you are running in an airgapped environment, the Admin machine must be amd64.
- If you are running EKS Anywhere on bare metal, the Admin machine must be on the same Layer 2 network as the cluster machines.

Here are a few other things to keep in mind:

Expand Down
Loading

0 comments on commit f30edf6

Please sign in to comment.