Skip to content

Installation#

Before installing Mirantis k0rdent Enterprise prepare a special values.yaml file to identify the registry and k0s binaries URL for the main components.

If you have registry with required authentication please refer to Install using registry with authentication section.

The following is an example of the values.yaml file. In this example, the k0s binaries are placed on the HTTP host binary.local. Thus it's expected that the k0s binary will be available on the URL http://binary.local/k0rdent-enterprise/k0s-v1.35.1-k0s.1-amd64 In addition, the registry is assumed to be at registry.local. Adjust your values.yaml file accordingly.

Warning

If you're using a registry with a self-signed certificate you must first create a secret with ca.crt with the value of the CA certificate used to sign the registry's certificate. The name of this secret must be set in the .controller.registryCertSecret value. You can find more details in the Configuring a Custom OCI Registry section.

controller:
  templatesRepoURL: "oci://registry.local/k0rdent-enterprise/charts"
  globalRegistry: "registry.local/k0rdent-enterprise"
  globalK0sURL: "http://binary.local/k0rdent-enterprise"

image:
  repository: registry.local/k0rdent-enterprise/kcm-controller

flux2:
  helmController:
    image: registry.local/k0rdent-enterprise/fluxcd/helm-controller
  sourceController:
    image: registry.local/k0rdent-enterprise/fluxcd/source-controller
  cli:
    image: registry.local/k0rdent-enterprise/fluxcd/flux-cli

regional:
  telemetry:
    controller:
      image:
        repository: registry.local/k0rdent-enterprise/kcm-telemetry

  cert-manager:
    image:
      repository: registry.local/k0rdent-enterprise/jetstack/cert-manager-controller
    webhook:
      image:
        repository: registry.local/k0rdent-enterprise/jetstack/cert-manager-webhook
    cainjector:
      image:
        repository: registry.local/k0rdent-enterprise/jetstack/cert-manager-cainjector
    startupapicheck:
      image:
        repository: registry.local/k0rdent-enterprise/jetstack/cert-manager-startupapicheck

  cluster-api-operator:
    image:
      manager:
        repository: registry.local/k0rdent-enterprise/capi-operator/cluster-api-operator

  velero:
    image:
      repository: registry.local/k0rdent-enterprise/velero/velero

  reloader:
    image:
      repository: registry.local/k0rdent-enterprise/stakater/reloader

rbac-manager:
  enabled: true
  image:
    repository: registry.local/k0rdent-enterprise/reactiveops/rbac-manager

k0rdent-ui:
  image:
    repository: registry.local/k0rdent-enterprise/k0rdent-ui

datasourceController:
  image:
    repository: registry.local/k0rdent-enterprise/datasource-controller

Start the installation itself with the following command:

helm install kcm oci://registry.local/k0rdent-enterprise/charts/k0rdent-enterprise --version 1.3.0 -n kcm-system --create-namespace -f kcm-values.yaml

From here you can verify the installation as normal.

Install using registry with authentication#

Before proceeding with the installation, additional secrets must be created to allow pulling images and charts from a registry that requires authentication.

The following secrets must be created:

  • Image Pull Secret
  • Registry Credential Secret

Details and format for each secret described in their respective sections.

Image Pull Secret#

The registry-pull-secret is a standard Kubernetes image pull secret (kubernetes.io/dockerconfigjson). For more details, refer to the official Kubernetes documentation on the topic.

Registry Credential Secret#

The registry credential Secret is required for authenticating additional components, e.g. pulling charts and authenticating child clusters' components that need access to the registry.

Example of a Secret format containing the registry credentials:

apiVersion: v1
kind: Secret
metadata:
  name: registry-creds-secret
  namespace: kcm-system
type: Opaque
stringData:
  username: <registry user name>
  password: <password>

The Secrets above must be created in the kcm-system namespace (or other namespace where k0rdent will be installed) before installation.

Once the secrets are created, you can proceed with installation using the following values as an example.

Note

You can find additional information regarding controller parameters in the Configuring a Custom OCI Registry section.

global:
  imagePullSecrets:
    - name: registry-pull-secret

controller:
  templatesRepoURL: "oci://registry.local/k0rdent-enterprise/charts"
  globalRegistry: "registry.local/k0rdent-enterprise"
  globalK0sURL: "http://binary.local/k0rdent-enterprise"
  registryCredsSecret: registry-creds-secret
  imagePullSecret: registry-pull-secret

image:
  repository: registry.local/k0rdent-enterprise/kcm-controller
  pullPolicy: Always

imagePullSecrets:
  - name: registry-pull-secret

flux2:
  imagePullSecrets:
    - name: registry-pull-secret
  helmController:
    image: registry.local/k0rdent-enterprise/fluxcd/helm-controller
  sourceController:
    image: registry.local/k0rdent-enterprise/fluxcd/source-controller
  cli:
    image: registry.local/k0rdent-enterprise/fluxcd/flux-cli

regional:
  telemetry:
    mode: disabled
    controller:
      image:
        repository: registry.local/k0rdent-enterprise/kcm-telemetry
  cert-manager:
    image:
      repository: registry.local/k0rdent-enterprise/jetstack/cert-manager-controller
    webhook:
      image:
        repository: registry.local/k0rdent-enterprise/jetstack/cert-manager-webhook
    cainjector:
      image:
        repository: registry.local/k0rdent-enterprise/jetstack/cert-manager-cainjector
    startupapicheck:
      image:
        repository: registry.local/k0rdent-enterprise/jetstack/cert-manager-startupapicheck

  cluster-api-operator:
    imagePullSecrets:
    - name: registry-pull-secret
    image:
      manager:
        repository: registry.local/k0rdent-enterprise/capi-operator/cluster-api-operator

  velero:
    image:
      imagePullSecrets:
      - registry-pull-secret
      repository: registry.local/k0rdent-enterprise/velero/velero
  reloader:
    image:
      repository: registry.mirantis.com/k0rdent-enterprise/stakater/reloader
rbac-manager:
  enabled: true
  image:
    imagePullSecrets:
    - registry-pull-secret
    repository: registry.local/k0rdent-enterprise/reactiveops/rbac-manager

k0rdent-ui:
  image:
    pullSecrets:
      - name: registry-pull-secret
    repository: registry.local/k0rdent-enterprise/k0rdent-ui

datasourceController:
  image:
    repository: registry.local/k0rdent-enterprise/datasource-controller