Nutanix AHV Deployment

Prerequisites

Ensure you have access to your Nutanix AHV cluster.
Install the following tools on your workstation:
- Helm: Install Helm
- Kubectl: Install Kubectl
- AWS CLI: Install AWS CLI
- Nutanix Prism Central or Karbon CLI Tools for managing Nutanix resources.

Step 1: Kubernetes Cluster Requirements

Set up a Kubernetes cluster on Nutanix. Nutanix Kubernetes Engine docs here.

The cluster must meet the following minimum requirements:
- Node Requirements: 3 nodes, each with at least 8GB of RAM.

Step 2: Configure Persistent Storage

Nutanix AHV uses the Nutanix CSI (Container Storage Interface) driver for Kubernetes to manage persistent storage. Install and configure the CSI driver:

Install the Nutanix CSI driver for Kubernetes following the Nutanix CSI documentation.

Create a default StorageClass in Kubernetes for dynamic provisioning:

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: nutanix-sc
provisioner: csi.nutanix.com
parameters:
  csi.storage.k8s.io/fstype: ext4

Step 3: Configure Kubernetes Networking

Ensure an ingress controller is installed for external access to your services.

Initialize the Ingress-Nginx repository:

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx

Deploy the Ingress-Nginx Helm chart:

helm upgrade --install ingress-nginx ingress-nginx/ingress-nginx \
  --namespace ingress-nginx \
  --create-namespace \
  --set controller.replicaCount=2 \
  --set controller.allowSnippetAnnotations=true \
  --set controller.ingressClassResource.default=true \
  --set force-ssl-redirect=true \
  --version=4.8.3

Validate that the LoadBalancer service's external IP address is configured:

kubectl --namespace ingress-nginx get services -o wide -w ingress-nginx-controller

The Ingress-Nginx Controller is responsible for exposing application services externally to the cluster.

Step 4: Prepare Violet Configuration

Create a violet-values.yml configuration file for the deployment:

domain: # The domain where Violet will be served. Subdomain must be "violet": violet.mydomain.com
customerName: # The customer name of your license. Provided by Violet
licenseKey: # Your license key. Provided by Violet
adminEmail: # Admin user email for the customer
adminName: # Admin user full name ("Firstname Lastname") for the customer

aws:
  accessKeyId: # Leave blank or remove if not applicable
  accessKeySecret: # Leave blank or remove if not applicable

global:
  storageClass: nutanix-sc

# optional: This is required if you wish to use an external database 
# instead of an internal postgres db automatically spun up by the helm chart. 
# Do not add if using the internal db. 
postgresql:
  enabled: false # Disable internal database if using an external database
  auth:
    host: # hostname for external db
    password: # db user password
    username: # db user username
    adminPassword: # admin user password
    adminUsername: # admin username

Deploying or Updating Version-Locked Violet [OPTIONAL]

If you would like to lock the version of Violet that you are using and not automatically pull the latest version, add the following entry to your violet-values.yml file:

image:
  versionTag: # use correct version tag to lock a version and not always pull latest. Provided by Violet for initial deployment.

Violet changelog (& version tags) can be found here VioletLabs changelog | Productlane

If you are deploying Violet in this environment for the first time, continue to Step 5: Fetch Internal Secrets from Violet.

If you have already deployed Violet and are just locking the version or updating to a specific version of Violet, enter that versionTag in the violet-values.yml file and then skip to Step 6: Deploy Violet Helm Chart.

Step 5: Fetch Internal Secrets from Violet

For managing secrets securely on Nutanix, you can use Kubernetes Secrets or integrate with Nutanix Vault or HashiCorp Vault. This is used to load some customer-specific secrets from the Violet AWS cloud into the On-Prem Violet Deployment.

Install External Secrets:

helm repo add external-secrets <https://charts.external-secrets.io>
helm repo update
helm upgrade --namespace external-secrets --create-namespace --install --wait external-secrets external-secrets/external-secrets

Set up an AWS profile called violet-external

$ aws configure —profile violet-external
AWS Access Key ID [None]:[AWS_ACCESS_KEY from 1Pass]
AWS Secret Access Key [None]: [AWS_SECRET_ACCESS_KEY from 1Pass]
Default region name [None]: us-west-1
Default output format [None]: json

Create a namespace for Violet:
```
kubectl create namespace violet
```

Create a secret that allows Kubernetes to access the Violet Helm Chart repository:

kubectl create secret docker-registry --namespace violet ecr-creds --docker-server=911167899009.dkr.ecr.us-west-1.amazonaws.com --docker-username=AWS --docker-password=$(aws ecr --profile violet-external get-login-password)

Step 6: Deploy Violet Helm Chart

Log into the Violet Helm Chart Repository

aws ecr --profile violet-external get-login-password | helm registry login --username AWS --password-stdin 911167899009.dkr.ecr.us-west-1.amazonaws.com

Install the Violet Helm Chart:

helm upgrade --namespace violet --create-namespace --install myviolet oci://911167899009.dkr.ecr.us-west-1.amazonaws.com/violet-helm --version 1.0.0-main -f violet-values.yml

Step 7: Verify Installation

Note that it may take up to 5 minutes to run the database provisioning scripts. You can check the status of the deployment by looking at the pods:

Check the status of the pods in the Violet namespace:
```
kubectl get pods -n violet
```

Step 8: Post-Installation Configuration

After installation is complete the helm chart will print our some information and commands including the URL to access your new deployment, how to get the IP Address that the deployment is served at (for setting up DNS rules) and how to obtain the auto-generated password for the [email protected] account.

PreviousAWS Deployment NextSecurity & Compliance

Last updated 1 month ago

Was this helpful?