FastX Kubernetes Installation


FastX 4 and later have been designed from the ground up to work seamlessly in a containerized environment. We provide a base kubernetes cluster installation kustomization for help getting started.

Prerequisites

  • git
  • kubectl
  • FastX Advanced License
  • FastX Container License
  • FastX License Server
    • The license server MAY be installed on a VM or physical machine
    • The license server MUST NOT be installed in a container since the MAC address will change on restart
  • OpenID Connect or SAML Identity Provider (e.g OKTA, Google etc)
    • Default (SSH authentication) will not work since there is only one user in a container

Installation Instructions

The kubernetes installation is shipped in a git repository to easily add it to your DevOps workflow.

Run the commands

git clone https://www.starnet.com/git/fastx-kubernetes.git
./fastx-kubernetes/tools/install/create-cluster.sh

Follow the instructions on screen to create the initial cluster. A kustomization.yaml file will be created in the fastx-cluster directory and the git repository will be symbolically linked in that directory. You are free to modify and edit the files in the fastx-cluster directory as needed using standard kustomization rules.

The installation script installs the kubernetes cluster in the fastx namespace

Setting up the NFS Store

Install an NFS server on an external site (eg a VM). See Installing an NFS server

Set up the NFS service.

NFS_SERVER=change.your.nfs.hostname.com
OUTDIR=$HOME/fastx-cluster
mkdir -p "${OUTDIR}/patches"
kubectl create service externalname nfs -n fastx --dry-run='client' -o yaml --tcp=2049 --tcp=111 --external-name="${NFS_SERVER}" > "${OUTDIR}/patches/patch-license.yaml

Authentication

Admin Login

The kubernetes installation comes with a default admin login. YOU SHOULD CHANGE THIS. DO NOT USE IN PRODUCTION

  • Username: fastxadmin
  • Password: thisisasecret

Updating the Admin login

Run the command and follow the instructions to patch the admin login

"$HOME/fastx-cluster/base/tools/reset-admin" > "$HOME/fastx-cluster/patches/admin.secret"

Create the admin-secret patch

kubectl create secret generic admin.secret -n fastx –dry-run=’client’ –from-file=”$HOME/fastx-cluster/patches/admin.secret” -o yaml > “$HOME/fastx-cluster/patches/patch-admin-secret.yaml”

Edit “$HOME/fastx-cluster/kustomization.yaml
Add the line to the patches section

- target:
      kind: Secret
      name: admin.secret
      namespace: fastx
  path: patches/patch-admin-secret.yaml

Update the cluster

kubectl apply -k "$HOME/fastx-cluster"

Users

Because of the nature of containers and kubernetes, FastX requires either OpenID Connect or SAML authentication to be set up.

You only need to set up SAML or OpenID Connect. Please follow the instructions of your Identity Provider.

Setting up SAML

cp "$HOME/fastx-cluster/base/secrets/auth-saml.ini" "$HOME/fastx-cluster/patches"

Edit the auth-saml.ini file to set the configuration

kubectl create secret generic auth-saml -n fastx --dry-run='client' --from-file="$HOME/fastx-cluster/patches/auth-saml.ini" -o yaml > "$HOME/fastx-cluster/patches/patch-auth-saml.yaml"

Download your certificate and save it to patches/saml.cert

kubectl create secret generic auth-saml-cert -n fastx --dry-run='client' --from-file=saml.crt="$HOME/fastx-cluster/patches/saml.cert" > "$HOME/fastx-cluster/patches/patch-auth-saml-cert.yaml"

Edit “$HOME/fastx-cluster/kustomization.yaml
Add the line to the patches: section

- target:
      kind: Secret
      name: auth-saml
      namespace: fastx
  path: patches/patch-auth-saml.yaml
- target:
      kind: Secret
      name: auth-saml-cert
      namespace: fastx
  path: patches/patch-auth-saml-cert.yaml

Update the cluster

kubectl apply -k "$HOME/fastx-cluster"

Setting up OpenID Connect

cp "$HOME/fastx-cluster/base/secrets/auth-oidc.ini" "$HOME/fastx-cluster/patches"

Edit the auth-oidc.ini file to set the configuration

kubectl create secret generic auth-oidc -n fastx --dry-run='client' --from-file="$HOME/fastx-cluster/patches/auth-oidc.ini" > "$HOME/fastx-cluster/patches/patch-auth-oidc.yaml"

Edit $HOME/fastx-cluster/kustomization.yaml
Add the line to the patches section

- target:
      kind: Secret
      name: auth-oidc
      namespace: fastx
  path: patches/patch-auth-oidc.yaml

Update the cluster

kubectl apply -k "$HOME/fastx-cluster"

Kubernetes Cheat Sheet

Update the cluster kustomization

kubectl apply -k "$HOME/fastx-cluster"

Restart FastX Deployments

kubectl rollout restart -n fastx4 

Get a list of running pods

kuebctl get pods -n fastx

Describe a deployment

kubectl describe deploy/fastx4 -n fastx