Before you begin
Before installing, ensure that your environment has the following basic requirements:
Docker version 18.09.2 or later
You must have Docker Desktop installed on the host where the Konvoy command line interface (CLI) will run. For example, if you are installing Konvoy on your laptop, be sure the laptop has a supported version of Docker Desktop.
kubectl v1.16.12 or later
To enable interaction with the running cluster, you must have
kubectlinstalled on the host where the Konvoy command line interface (CLI) will run.
konvoy_air_gapped.tar.bz2that contains the required artifacts to perform an air-gapped installation.
Control plane nodes
You should have at least three control plane nodes.
Each control plane node should have at least:
- 4 cores
- 16 GiB memory
- 80 GiB of free space in the root partition, and the root partition must be less than 85% full.
You should have at least four worker nodes.
The specific number of worker nodes required for your environment varies depending on the cluster workload and size of the nodes.
Each worker node should have at least:
- 8 cores
- 32 GiB memory
- 80 GiB of free space in the root partition and the root partition must be less than 85% full.
If you plan to use local volume provisioning to provide persistent volumes for the workloads, you must mount at least three volumes to
/mnt/disks/mount point on each node. Each volume must have at least 55 GiB of capacity if the default addon configurations are used.
Operating system and services for all nodes
For all hosts that are part of the cluster – except the deploy host – you should verify the following configuration requirements:
- Firewalld is disabled.
- Containerd is uninstalled.
- Docker-ce is uninstalled.
- Swap is disabled.
On highly secured clusters you may need to modify the
cluster.yaml file with additional options.
See the sample file below for possible changes that may be applied in your cluster.
Kubernetes CVE Patches
At times, CVEs may be discovered in the Kubernetes codebase. Based on the severity and the impact of a specific CVE, you may want to temporarily use alternative docker images for the core Kubernetes components instead of the default
To do so, set the
imageRepository as describe below.
docker.io/mesosphere will contain patched images with a suffix of
kind: ClusterConfiguration apiVersion: konvoy.mesosphere.io/v1beta1 spec: kubernetes: version: 1.16.12+d2iq.2 imageRepository: docker.io/mesosphere