FastX Kubernetes Installation
FastX 4 and later have been designed from the ground up to work seamlessly in a containerized environment. We provide a base kubernetes cluster installation kustomization for help getting started.
Prerequisites
- git
- kubectl
- FastX Advanced License
- FastX Container License
- FastX License Server
- The license server MAY be installed on a VM or physical machine
- The license server MUST NOT be installed in a container since the MAC address will change on restart
- OpenID Connect or SAML Identity Provider (e.g OKTA, Google etc)
- Default (SSH authentication) will not work since there is only one user in a container
Installation Instructions
The kubernetes installation is shipped in a git repository to easily add it to your DevOps workflow.
Run the commands
git clone https://www.starnet.com/git/fastx-kubernetes.git
./fastx-kubernetes/tools/install/create-cluster.sh
Follow the instructions on screen to create the initial cluster. A kustomization.yaml file will be created in the fastx-cluster directory and the git repository will be symbolically linked in that directory. You are free to modify and edit the files in the fastx-cluster directory as needed using standard kustomization rules.
The installation script installs the kubernetes cluster in the fastx namespace
Setting up the NFS Store
Install an NFS server on an external site (eg a VM). See Installing an NFS server
Set up the NFS service.
NFS_SERVER=change.your.nfs.hostname.com
OUTDIR=$HOME/fastx-cluster
mkdir -p "${OUTDIR}/patches"
kubectl create service externalname nfs -n fastx --dry-run='client' -o yaml --tcp=2049 --tcp=111 --external-name="${NFS_SERVER}" > "${OUTDIR}/patches/patch-license.yaml
Authentication
Admin Login
The kubernetes installation comes with a default admin login. YOU SHOULD CHANGE THIS. DO NOT USE IN PRODUCTION
- Username: fastxadmin
- Password: thisisasecret
Updating the Admin login
Run the command and follow the instructions to patch the admin login
"$HOME/fastx-cluster/base/tools/reset-admin" > "$HOME/fastx-cluster/patches/admin.secret"
Create the admin-secret patch
kubectl create secret generic admin.secret -n fastx –dry-run=’client’ –from-file=”$HOME/fastx-cluster/patches/admin.secret” -o yaml > “$HOME/fastx-cluster/patches/patch-admin-secret.yaml”
Edit “$HOME/fastx-cluster/kustomization.yaml“
Add the line to the patches section
- target:
kind: Secret
name: admin.secret
namespace: fastx
path: patches/patch-admin-secret.yaml
Update the cluster
kubectl apply -k "$HOME/fastx-cluster"
Users
Because of the nature of containers and kubernetes, FastX requires either OpenID Connect or SAML authentication to be set up.
You only need to set up SAML or OpenID Connect. Please follow the instructions of your Identity Provider.
Setting up SAML
cp "$HOME/fastx-cluster/base/secrets/auth-saml.ini" "$HOME/fastx-cluster/patches"
Edit the auth-saml.ini file to set the configuration
kubectl create secret generic auth-saml -n fastx --dry-run='client' --from-file="$HOME/fastx-cluster/patches/auth-saml.ini" -o yaml > "$HOME/fastx-cluster/patches/patch-auth-saml.yaml"
Download your certificate and save it to patches/saml.cert
kubectl create secret generic auth-saml-cert -n fastx --dry-run='client' --from-file=saml.crt="$HOME/fastx-cluster/patches/saml.cert" > "$HOME/fastx-cluster/patches/patch-auth-saml-cert.yaml"
Edit “$HOME/fastx-cluster/kustomization.yaml“
Add the line to the patches: section
- target:
kind: Secret
name: auth-saml
namespace: fastx
path: patches/patch-auth-saml.yaml
- target:
kind: Secret
name: auth-saml-cert
namespace: fastx
path: patches/patch-auth-saml-cert.yaml
Update the cluster
kubectl apply -k "$HOME/fastx-cluster"
Setting up OpenID Connect
cp "$HOME/fastx-cluster/base/secrets/auth-oidc.ini" "$HOME/fastx-cluster/patches"
Edit the auth-oidc.ini file to set the configuration
kubectl create secret generic auth-oidc -n fastx --dry-run='client' --from-file="$HOME/fastx-cluster/patches/auth-oidc.ini" > "$HOME/fastx-cluster/patches/patch-auth-oidc.yaml"
Edit $HOME/fastx-cluster/kustomization.yaml
Add the line to the patches section
- target:
kind: Secret
name: auth-oidc
namespace: fastx
path: patches/patch-auth-oidc.yaml
Update the cluster
kubectl apply -k "$HOME/fastx-cluster"
Kubernetes Cheat Sheet
Update the cluster kustomization
kubectl apply -k "$HOME/fastx-cluster"
Restart FastX Deployments
kubectl rollout restart -n fastx4
Get a list of running pods
kuebctl get pods -n fastx
Describe a deployment
kubectl describe deploy/fastx4 -n fastx