install¶
The install command installs MKE on the specified node. Specifically, the command initializes a new swarm, promotes the specified node into a manager node, and installs MKE.
The following customizations are possible when installing MKE:
Customize the MKE web server certificates:
Create a volume named
ucp-controller-server-certs
.Copy the
ca.pem
,cert.pem
, andkey.pem
files to the root directory.Run the install` command with the
--external-server-cert
flag.
Customize the license used by MKE using one of the following options:
Bind mount the file at
/config/docker_subscription.lic
in the tool. For example:-v /path/to/my/config/docker_subscription.lic:/config/docker_subscription.lic
Specify the
--license $(cat license.lic)
option.
If you plan to join more nodes to the swarm, open the following ports in your firewall:
443 or the value of
--controller-port
2376 or the value of
--swarm-port
2377 or the Swarm gRPC port
6443 or the value of
--kube-apiserver-port
179, 10250, 12376, 12379, 12380, 12381, 12382, 12383, 12384, 12385, 12386, 12387, 12388, 12390
4789 (UDP) and 7946 (TCP/UDP) for overlay networking
For more information, refer to Open ports to incoming traffic.
Note
If you are installing MKE on a public cloud platform, see the cloud-specific MKE installation documentation for the following platforms:
To use the install command:
docker container run --rm -it \
--name ucp \
-v /var/run/docker.sock:/var/run/docker.sock \
mirantis/ucp:3.x.y \
install <command-options>
Options¶
Option |
Description |
---|---|
|
Enables debug mode. |
|
Produces JSON-formatted output for easier parsing. |
|
Runs in interactive mode, prompting for configuration values. |
|
Sets the MKE administrator password, |
|
Sets the MKE administrator user name, |
|
Configures the number of IP addresses to be provisioned for each Azure Virtual Machine. Default: |
|
Sets the Docker Swarm scheduler to binpack mode, for backward compatibility. |
|
Sets the cluster cloud provider. |
|
Sets a URL that points to a Kubernetes YAML file that is used as an
installer for the cluster CNI plugin. If specified, the default CNI
plugin is not installed. If the URL uses the |
|
Sets the port for the web UI and the API Default: |
|
Sets the address or interface to use for data path traffic,
Format: IP address or network interface name |
|
Disables anonymous tracking and analytics. |
|
Disables anonymous usage reporting. |
|
Sets the DNS options for the MKE containers, |
|
Sets custom DNS search domains for the MKE containers, |
|
Sets custom DNS servers for the MKE containers, |
|
Enables performance profiling. |
|
Sets to use the latest existing MKE configuration during the installation. The installation will fail if a configuration is not found. |
|
Customizes the certificates used by the MKE web server. |
|
Sets the IP address of the load balancer where you can expect to reach published services. |
|
Forces the installation to continue despite unauthenticated Mirantis Container Runtime ports. |
|
Forces the installation to occur even if the system does not meet the minimum requirements. |
|
Sets the network address that advertises to other nodes,
Format: IP address or network interface name |
|
Sets the path to the host |
|
Sets the port for the Kubernetes API server. Default: |
|
Sets the number of changes between key-value store snapshots,
Default: |
|
Sets the timeout in milliseconds for the key-value store,
Default: |
|
Adds a license, Format: |
|
Sets the allowed port range for Kubernetes services of NodePort type. Default: |
|
Sets Kubernetes cluster IP pool for the Pods to be allocated from. Default: |
|
Sets so that certificates are not generated if they already exist. |
|
Pulls MKE images. Valid values: Default: |
|
Sets the Docker Swarm scheduler to random mode, for backward compatibility. |
|
Sets the password to use when pulling images, |
|
Sets the user name to use when pulling images, |
|
Adds subject alternative names to certificates, For example: |
|
Sets the Kubernetes cluster IP Range for services. Default: |
|
Disables checks which rely on detecting which cloud provider, if any, the cluster is currently running on. |
|
Enables experimental features in Kubernetes storage. |
|
Enables ISCSI-based PersistentVolumes in Kubernetes. |
|
Enables Docker Swarm experimental features, for backward compatibility. |
|
Sets the port for communication between nodes. Default: |
|
Sets the port for the Docker Swarm manager, for backward compatibility. Default: |
|
Sets the unlock key for this swarm-mode cluster, if one exists,
|
|
Indicates that Calico is the CNI provider, managed by MKE. Calico is the default CNI provider. |
|
Configures the kubelet data root directory on Linux when performing new MKE installations. |
|
Configures the containerd root directory on Linux when performing new
MKE installations. Any non-root directory containerd customizations
must be made along with the root directory customizations prior to
installation and with the |
SELinux¶
Installing MKE on a manager node with SELinux enabled at the daemon and the
operating system levels requires that you include
--security-opt label=disable
with your install command. This flag
disables SELinux policies on the installation container. The MKE
installation container mounts and configures the Docker socket as part
of the MKE installation container. Therefore, omitting this flag will result in
the failure of your MKE installation with the following error:
FATA[0000] unable to get valid Docker client: unable to ping Docker
daemon: Got permission denied while trying to connect to the Docker
daemon socket at unix:///var/run/docker.sock:
Get http://%2Fvar%2Frun%2Fdocker.sock/_ping:
dial unix /var/run/docker.sock: connect: permission denied -
If SELinux is enabled on the Docker daemon, make sure you run
MKE with "docker run --security-opt label=disable -v /var/run/docker.sock:/var/run/docker.sock ..."
To install MKE with SELinux enabled at the daemon level:
docker container run -rm -it \
--name ucp \
--security-opt label=disable \
-v /var/run/docker.sock:/var/run/docker.sock \
mirantis/ucp:3.x.y \
install <command-options>
See also