FastX Kubernetes Installation


FastX 4 and later have been designed from the ground up to work seamlessly in a containerized environment. We provide a base kubernetes cluster installation kustomization for help getting started.

Prerequisites

  • git
  • kubectl
  • FastX Advanced License
  • FastX Container License
  • FastX License Server
    • The license server MAY be installed on a VM or physical machine
    • The license server MUST NOT be installed in a container since the MAC address will change on restart
  • OpenID Connect or SAML Identity Provider (e.g OKTA, Google etc)
    • Default (SSH authentication) will not work since there is only one user in a container

Installation Instructions

The kubernetes installation is shipped in a git repository to easily add it to your DevOps workflow.

Run the commands

git clone https://www.starnet.com/git/fastx-kubernetes.git
~/fastx-kubernetes/tools/install/create-cluster.sh

Follow the instructions on screen to create the initial cluster. A kustomization.yaml file will be created in the fastx-cluster directory and the git repository will be symbolically linked in that directory. You are free to modify and edit the files in the fastx-cluster directory as needed using standard kustomization rules.

The installation script installs the kubernetes cluster in the fastx namespace

Authentication

Admin Login

The kubernetes installation comes with a default admin login. YOU SHOULD CHANGE THIS. DO NOT USE IN PRODUCTION

  • Username: fastxadmin
  • Password: thisisasecret

Updating the Admin login

Run the command and follow the instructions to patch the admin login

~/fastx-cluster/base/tools/reset-admin

Users

Because of the nature of containers and kubernetes, FastX requires either OpenID Connect or SAML authentication to be set up.

You only need to set up SAML or OpenID Connect. Please follow the instructions of your Identity Provider.

Setting up SAML

cp ~/fastx-cluster/base/secrets/auth-saml.ini ~/fastx-cluster/patches

Edit the auth-saml.ini file to set the configuration

kubectl create secret generic auth-saml -n fastx --dry-run='client' --from-file='auth-saml.ini' -o yaml > ~/fastx-cluster/patches/patch-auth-saml.yaml

Download your certificate and save it to patches/saml.cert

kubectl create secret generic auth-saml-cert -n fastx --dry-run='client' --from-file=saml.crt=./patches/saml.cert > ~/fastx-cluster/patches/patch-auth-saml-cert.yaml

Edit ~/fastx-cluster/kustomization.yaml
Add the line to the patches: section

- target:
      kind: Secret
      name: auth-saml
      namespace: fastx
  path: patches/patch-auth-saml.yaml
- target:
      kind: Secret
      name: auth-saml-cert
      namespace: fastx
  path: patches/patch-auth-saml-cert.yaml

Setting up OpenID Connect

cp ~/fastx-cluster/base/secrets/auth-oidc.ini ~/fastx-cluster/patches

Edit the auth-oidc.ini file to set the configuration

kubectl create secret generic auth-oidc -n fastx --dry-run='client' --from-file='auth-oidc.ini' > ~/fastx-cluster/patches/patch-auth-oidc.yaml

Edit ~/fastx-cluster/kustomization.yaml
Add the line to the patches section

- target:
      kind: Secret
      name: auth-oidc
      namespace: fastx
  path: patches/patch-auth-oidc.yaml

Identity Provider for Testing

The git repository ships with a kustomization to install keycloak identity manager to get you up and running for testing.

See Keycloak Identity Provider for installation instructions