Deploying the Assets VM#

Caution

These steps are meant to be executed in the air-gapped environment.

The procedure to deploying the Assets VM is similar to deploying the EDA Talos Kubernetes cluster nodes and uses edaadm CLI to manage the deployment process.

Preparing the Assets VM EDAADM Configuration File#

The EDAADM configuration file declaratively defines the machine/VM configuration and the Kubernetes cluster parameters and is an abstraction on top of the Talos machine config. You will find the edaadm configuration for the Assets VM very similar to the config file used for EDA Kubernetes nodes with a few minor differences:

It is a config file for a single machine.
The clusterName must be unique and different from the EDA Kubernetes cluster.

The following additions fields must be present in the Assets VM edaadm config:

enableImageCache: true
localPathProvisioner: "/var/local-path-provisioner"

Notes

Consult with the full list of edaadm configuration file options to customize your Assets VM configuration further: EDAADM Configuration file fields.
The Assets VM only needs one network interface, preferably on the OAM network of the EDA Kubernetes cluster. It must be reachable from the OAM network of the EDA Kubernetes cluster.
The edaadm tool still expects the definition of a storage disk in the machine definition, but this can be a reference to a non-existing disk.

Consider an example edaadm configuration for an Assets VM that you can use as a reference when creating your own configuration file:

Example edaadm configuration for the Assets VM - eda-assets-deployment.yaml

version: 25.12.1 #(1)!
clusterName: eda-airgap-assets #(2)!
machines:
    - name: eda-assets
      endpoint: 192.0.2.228
      enableImageCache: true
      localPathProvisioner: "/var/local-path-provisioner"
      interfaces:
        - name: eth0
          dhcp: false
          interface: eth0
          addresses:
            - 192.0.2.228/23
          routes:
            - network: 0.0.0.0/0
              gateway: 192.0.2.1
          mtu: 9000 #(4)!
      disks:
        os: /dev/vda
        storage: /dev/vdb #(3)!
k8s:
    stack: ipv4
    primaryNode: eda-assets
    endpointUrl: https://192.0.2.228:6443
    allowSchedulingOnControlPlanes: true
    control-plane:
        - eda-assets
    time:
        disabled: false
        servers:
            - 192.0.2.253
            - 192.0.2.254
    nameservers:
        servers:
            - 192.0.2.254
            - 192.0.2.253

EDA version string. Not relevant for the Assets VM, but required by edaadm.
The kubernetes cluster name for the Assets VM, must be unique and not the same as the ones specified for the EDA Kubernetes cluster when deploying EDA.
The storage disk definition is required by edaadm, but the disk does not need to exist on the Assets VM. Can be set to any value.
Pay attention to the set MTU value as the linux bridges, interfaces, and networks between the Assets VM and the EDA Kubernetes cluster nodes must allow for the same MTU size.

Considering you are in the edaadm repository root, save the configuration file as eda-assets-deployment.yaml.

Generating the Talos Machine Configuration Files#

After creating the Assets VM EDAADM configuration file, the next step is to generate all the configuration files that are necessary to deploy the Kubernetes environment for the Assets VM.

Use the edaadm tool to generate the Talos configuration out of the EDAADM configuration file:

edaadm generate -c eda-assets-deployment.yaml

The output should look similar to the following (a portion has been removed):

ConfigFile is eda-assets-deployment.yaml
...
[1/6] Validating Machines
[1/6] Validated Machines
[2/6] Validating Primary Node
[2/6] Validated Primary Node
[3/6] Validating Endpoint URL
[3/6] Validated Endpoint URL
[4/6] Validating Stack
[4/6] Validated Stack
[5/6] Validating Virtual IP
[5/6] Validated Virtual IP
[6/6] Validating Storage
[6/6] Validated Storage
[  OK  ] Spec is validated
[ INFO ] Existing secrets file found - loading:eda-airgap-assets/secrets.yaml
[ INFO ] Loaded secrets bundle eda-airgap-assets/secrets.yaml
generating PKI and tokens
Created eda-airgap-assets/eda-assets.yaml
Created eda-airgap-assets/talosconfig.yaml
Created eda-airgap-assets/rook-ceph-operator-values.yaml
Created eda-airgap-assets/rook-ceph-cluster-values.yaml

The generated Talos configuration files will be available in the eda-airgap-assets folder which is named after the clusterName specified in the EDAADM configuration file.
The machine config file for the Assets VM is named eda-assets.yaml after the name field specified in the machines section of the EDAADM configuration file.

Deploy the Assets VM#

The Assets VM can be deployed on a KVM or VMware vSphere environment. Follow the steps below depending on your hypervisor.

Creating the Assets VM on KVM#

Caution

This procedure is executed on the KVM Hypervisor which will host the Assets VM.

Ensure that the virt-install and genisoimage tools are installed on the KVM hypervisor.

If you need to install the tools, use the following command:
```
sudo yum install virt-install genisoimage
```
or
```
sudo apt --no-install-recommends install virtinst genisoimage
```
Verify that the Assets VM ISO image is available.

The Assets VM ISO image was generated in the Creating the KVM Assets VM Image and should be available in the Air-gapped environment when you copied the assets from the public environment.
executing the ls command from the edaadm repository root
```
ls -lh ./bundles/eda-cargo/talos-asset-vm-boot-imgs/asset-vm-nocloud-amd64.iso
```
```
-rw-r--r-- 1 root root 684M Nov 12 18:10 eda-cargo/talos-asset-vm-boot-imgs/asset-vm-nocloud-amd64.iso
```
Prepare Assets VM cloud-init files.

The next step is to create the cloud-init ISO file with the machine configuration file and the necessary metadata.

Standing in the root of the edaadm repository, copy the machine configuration file generated for the Assets VM to a file called user-data. If you have been using the example edaadm configuration file from above, the command would be:
```
cp eda-airgap-assets/eda-assets.yaml user-data
```
Create a file called meta-data with the instance-id and local-hostname values:
```
cat <<'EOF' > meta-data
instance-id: eda-assets 
local-hostname: eda-assets
EOF
```
And lastly, create a file called network-config for the node with the following content:
```
cat <<'EOF' > network-config
version: 2
EOF
```
Create an ISO file containing the newly created files. For ease of use, name the ISO file with the name of the node for which you are creating the ISO.
```
mkisofs -o eda-assets-data.iso -V cidata -J -r meta-data network-config user-data 
```
Create the virtual machine. This step uses both the newly created ISO file and the ISO file downloaded from the Talos Machine Factory.
```
virt-install -n eda-assets \
--description "EDA Assets VM for EDA" \
--noautoconsole --os-variant=generic \ #(1)!
--memory 16384 --vcpus 4 --cpu host \
--disk eda-assets-rootdisk.qcow2,format=qcow2,bus=virtio,size=300 \
--cdrom ./bundles/eda-cargo/talos-asset-vm-boot-imgs/asset-vm-nocloud-amd64.iso \
--disk eda-assets-data.iso,device=cdrom \
--network bridge=br0,model=virtio
```
1. Depending on the virt-install version, the --os-variant=generic option might not be supported. In that case use --os-type=generic instead.
Warning

Pay attention to the MTU value set on the Linux bridge, interfaces, and networks between the Assets VM and the EDA Kubernetes cluster nodes must allow for the same MTU size.

Creating the Assets VM on VMware vSphere#

Caution

This procedure is executed in the Air-gapped environment for a VMware vSphere deployment.

Ensure that the ovftool is installed.

To deploy the Assets VM OVA image on VMware vSphere, the ovftool must be installed on the system from which you will create the deployment.

Deploy Assets VM OVA image.

Standing in the root of the edaadm repository, create a base64 encoded string from the Talos machine configuration for the Assets VM. If you have been using the example edaadm configuration file from above, the command would be:

export NODECONFIG=$(base64 -i eda-airgap-assets/eda-assets.yaml)

Deploy the Assets VM OVA image generated in the "Creating the VMware Assets VM image" section using the ovftool command:

ovftool --acceptAllEulas --noSSLVerify \
-dm=thin \
-ds=DATASTORE \
-n=eda-assets \
--net:"VM Network=OAM" \
--prop:talos.config="${NODECONFIG}" \
./bundles/eda-cargo/talos-asset-vm-boot-imgs/vmware-amd64.ova \
vi://admin%[email protected]/My-DC/host/Cluster/Resources/My-Resource-Group

Adjust the Assets VM resources.

After deploying the VM using the OVA image:
- Increase the number of vCPUs to 4.
- Increase the memory to 16G.
- Increase the main disk size to 300G. On boot, Talos automatically extends the file system.
- Enable 100% resource reservation for the CPU, memory and disk.

Bootstrap the Assets VM#

The Assets VM runs Talos Kubernetes and needs to be bootstrapped using the edaadm tool. Use the edaadm configuration file created previously to bootstrap the Assets VM.

edaadm bootstrap-k8s -c eda-assets-deployment.yaml

Obtaining the Kubernetes Config File#

Once the Assets VM Kubernetes cluster is bootstrapped, use the edaadm command to fetch the Kubernetes configuration file (kubeconfig) for use with kubectl.

Obtain the Kubernetes configuration file.

Execute the following command in the folder with the eda-assets-deployment.yaml EDAADM configuration file.
```
edaadm get-kubeconfig -c eda-assets-deployment.yaml
```
Configure the Kubernetes configuration file in your environment.

You can configure your environment to use the kubeconfig file for use with the kubectl command.
```
export KUBECONFIG=eda-airgap-assets/kubeconfig.yaml
```
Inspect your server and check if all nodes are up and running.

You can use the typical kubectl commands.
```
kubectl get nodes
```

When the node is up and ready, continue with deploying the Assets VM services.

Deploying the Assets VM Services#

After deploying and bootstrapping the Assets VM itself, the container registry, git server and web server need to be deployed.

make -C kpt/ eda-setup-shipyard

Uploading the Assets to the Assets VM#

Now that the Assets VM and its services are up and running, upload all the assets that you downloaded previously to the Assets VM.

Set the EDA_CORE_VERSION¹ environment variable (and any SKIP_... environment variables you used when downloading the assets)¹ in your shell. This will ensure that the correct version of the cache and assets is uploaded to the Assets VM.

export EDA_CORE_VERSION=25.12.1

Then execute the following command to upload all the assets to the Assets VM:

make -C bundles/ load-all-bundles \
    ASSET_HOST=192.0.2.228 \
    ASSET_HOST_GIT_USERNAME="ZWRh" \
    ASSET_HOST_GIT_PASSWORD="ZWRh" \
    ASSET_HOST_ARTIFACTS_USERNAME="ZWRh" \
    ASSET_HOST_ARTIFACTS_PASSWORD="ZWRh"

Notes

Make sure to replace the ASSET_HOST IP with the IP of your Asset VM.
The username and passwords will be configurable in the near future. The eda username and password are used by default.

Once all uploads have finished successfully, the Assets VM is ready to support the installation of the EDA Talos Kubernetes cluster in the Air-gapped environment.

If you used SKIP_... environment variables when downloading the assets, make sure to set the same variables when uploading the assets to the Assets VM. ↩↩