Skip to content

Custom Installation

Initialize PowerShell modules.

This command will install the necessary PowerShell modules that are needed to communicate with the middle tier server.

IMPORTANT: Before running the below command, check whether localPowershellAssembliesPath value mentioned in main_config.json file (located at ifsroot/config) exists. If not, create the empty folders manually.

ps>  .\main.ps1  -resource  'INIT'  

Create SSH key for remote access to Middle Tier Server.

This command will create authentication keys that are needed to communicate between the middle tier server.

IMPORTANT: Before continuing, open the main_config.json file located at ./config. You will then need to change the "Linuxhost" variable to your linux Middle-Tier Server host name.

ps>  .\main.ps1  -resource  'KEY'  
Accept all the prompts (eg: yes/y) and give the middle-tier server user (eg: ifs) password when required.

Install or Reinstall Kubernetes cluster.

This command copies all the snaps to the Linux machine and Installs Kubernetes into the Middle-Tier Server.

If a folder called microk8s is already present in the Linux machine, it will be replaced with a new microk8s folder which contains all the newest snaps available.

If a Kubernetes Cluster already exists in the Middle-Tier Server, the entire existing Kubernetes Cluster will be removed and a fresh Kubernetes Cluster is re-installed.

ps> .\main.ps1 -resource 'KUBERNETES'
Accept all the prompts (eg: yes/y) and give the middle-tier server user (eg: ifs) password when required.

Get the kubeconfig file from the Kubernetes cluster in Middle Tier Server.

This command grabs the kube config file from the Kubernetes cluster and copies it over to the Windows VM. This file is used to access Kubernetes when used with command line tools such as kubectl and helm. Ensure that port 16443 of the middle tier server is accessible from the management server before executing this command.

ps>  .\main.ps1  -resource  'GETKUBECONFIG'  

Copy the file ifsroot\config\kube\config to c:\users\.kube

ps> mkdir $HOME\.kube
ps>  copy .\config\kube\config $HOME\.kube\  

Disable AppArmor Profile

Disable AppArmor Profile for the Kubernetes Cluster. If an error "container process caused apparmor failed to apply profile: write /proc/self/attr/exec: operation not permitted" (or similar) is displayed in pods, this command needs to be re-applied as apparmor profiles might have been reloaded.

ps>  .\main.ps1  -resource  "DISABLEAPPARMORPROFILE"  

Set CoreDNS DNS server

By default, the DNS used by Kubernetes points to 8.8.8.8 8.8.4.4. This script is only needed if an internal DNS is needed (e.g. if public DNS servers are blocked or if internal hosts need to be resolved by the pods)

Edit the #Dns# tag in config\main_config.json and set it to the corporate DNS. If using a list of DNS servers, use spaces as separators.

ps>  .\main.ps1  -resource  "SETK8SDNS"  

Install ifs-ingress helm chart.

This command will install the ifs-ingress helm chart to the middle tier server.

The first time you will be prompted for Remote Artifactory credentials if you have not used them before.

Contact LE if you don't have these credentials yet.

IMPORTANT: After installing ifs-ingress helm chart using the below command, you may require to wait a few minutes before installing IFS Cloud, till all pods in ifs-ingress namespace start-up.

ps>  .\main.ps1  -resource  'INGRESS'  

Install ifs-storage helm chart.

This command will install the ifs-storage helm chart to the middle tier server.

IMPORTANT: After installing ifs-storage helm chart using the below command, you may require to wait a few minutes before installing IFS Cloud, till all pods in ifs-storage namespace start-up.

ps>  .\main.ps1  -resource  'STORAGE'  

Check Middle-Tier Server Firewall Status (Optional).

Check the status of the firewall

ps> .\main.ps1 -resource 'FIREWALL' -status 'STATUS'

Enable Middle-Tier Server Firewall

Enable the firewall

IMPORTANT: Before enabling the firewall, add the IP of the Management Server. For that, open the main_config.json file located at ifsroot/config and fill the "ManagementServerIP" variable to the IP of the Management Server.

ps> .\main.ps1 -resource 'FIREWALL' -status 'ENABLE'

Disable Middle-Tier Server Firewall (Optional).

Disable the firewall

ps> .\main.ps1 -resource 'FIREWALL' -status 'DISABLE'

Allow access to Additional Ports of the Middle-Tier Server in Firewall (Optional).

Allows access to additional Ports of the Middle-Tier Server in Firewall

IMPORTANT: Before allowing access to additional Ports of the Middle-Tier Server in Firewall open the main_config.json file located at ifsroot/config and fill the "FirewallPorts" variable with the port(s). e.g. You can allow a single port (TCP or UDP) as follows: "443/tcp." Alternatively, you can allow multiple ports (TCP or UDP) as follows: "8080,9000/tcp." Or you can add a range of ports in this manner: "11200:11299/tcp."

ps> .\main.ps1 -resource 'FIREWALL' -status 'ENABLE-PORTS'

Get Middle-Tier Server Process Information. (Optional)

This command will display the Middle-Tier Linux Server Process Information.

ps> .\main.ps1 -resource 'REMOTE-TOP'

Download and Install the latest Security Updates for the Middle-Tier Linux VM. (Optional)

Download and Install the latest Security updates / patches for the Middle-Tier Linux VM.

ps> .\main.ps1 -resource 'SECURITYUPDATES'

Reboot Middle-Tier Server. (Optional)

This command will reboot the Linux Middle-Tier VM.

ps> .\main.ps1 -resource 'REBOOT-LINUXBOX'

Change Pod IP Range.

Change the Kubernetes pod IP address range if it conflicts with the local network.

Explanation: The pods that runs inside the kubernetes cluster will be connected to an internal virtual network that if unchanged will be a 10.1.0.0/16 network. To see the IP's of the pods do a "kubectl get pods -A -o wide". If e.g. the DB has IP 10.1.2.3, then pods will not be able to connect to the DB. "Kubernetes" will think all IP addresses in the 10.1.0.0/16 range are pods, and not forward calls outside the internal network i.e. to the "physical" 10.1.0.0/16 network where the DB reside.

Later if the DB and the pods reside in the same network IP range it will cause a "The Network Adapter could not establish the connection" error in the ifs-db-init when running the IFS Cloud installer. So make sure the PodCidrRange is separated from the LocalNetworkIpRange.

IMPORTANT: Before running the script, change the LocalNetworkIpRange value in main_config.json file (located at ifsroot/config) to your local network IP range. It will check your local network IP range conflict with the Kubernetes default pod IP range. If it conflicts, change the PodCidrRange to a new IP range and run the script again.

If < 21R1 SU 11 or < 21R2 SU 4; Kubernetes default pod IP range is "10.1.0.0/16".

If >= 21R1 SU 11 or >= 21R2 SU 4; Kubernetes default pod IP range is "10.64.0.0/16". If 10.64.0.0/16 pod IP range is conflicting with your local network IP Range, and you still need to continue using 10.1.0.0/64 (the pod IP range in 21R1 SU 10/21R2 SU 3 or below) or some other IP Range, you can change the value of "PodCidrRange" in the ifsroot/config/main_config.json file to the IP Range you need to use. Also, fill in the "LocalNetworkIpRange" in ifsroot/config/main_config.json file.

Warning: Once you change the pod IP range, linux VM will restart. After restart, you may be required to close the existing PowerShell session and re-open, to run the rest of the commands.

ps> .\main.ps1 -resource 'CHANGE-POD-IP-RANGE'
  • Check if all the pods are in 'Running' status.
  • Check if the ip of the pods have been set to an IP within the range mentioned in the Ifs.PodCidrRange parameter of the ifsroot/config/main_config.json file.