Cluster Install (Without Ingress Controller)

🚧 Do I want this?

If your Kubernetes cluster already has some applications that are exposed to the internet, odds are you'll want to go with this option! This way, you can use the same ingress controller and ours won't get in your way! 😊


Step 1: Install Kots

We use Kots to package and monitor our private cluster deployment of Opal. It makes it easier to validate that your environment meets our requirements and has a valid enterprise license. To install Kots, run the following command:

Shell

curl https://kots.io/install | bash


πŸ“˜ Air-Gapped Deployment

Please note that Opal provides an air-gapped deployment. If you'd like to use this option please contact your support representative.


Step 2: Deploy Opal

Next you'll deploy Opal to a specific namespace. By default, we use opal-onprem. To deploy Opal to your cluster, run the following command:

Shell

kubectl kots install opal-onprem

Step 3: Login to the admin console

Once Opal is finished installing, it should offer a port-forward to the admin console. Go ahead and proceed. You can re-access the admin console with the following command: kubectl kots admin-console --namespace opal-onprem

Step 4: Configure your deployment

The admin console should introduce you to some options and their purposes. Since you're installing to an existing cluster, you should consider the following:

  • Enable Ingress: Having this checked will deploy Opal with its own Ingress. Opal runs on a service named opal-web and exposes itself on port 80. Given the fairly simple setup, feel free to use our Ingress resource or port your own.

  • Custom annotations: These annotations will appear on your Ingress metadata annotations. Use them to configure custom ingress controller rules.

  • Full service ingress: You most likely won't want this if you have existing ingress resources. This will deploy a fully functioning NGINX ingress controller with a certificate issuer and manager. This is a decent option if you have an empty cluster to deploy to. See below for instructions on this setup before continuing.

The rest of the options are fairly self-explanatory. So continue along the prompts and hit continue.

Update TLS Certificate

You'll want to update the secret named opal-tls with proper credentials so you can enable your deployment to use SSL.

Login to Opal

Congratulations! Opal should be fully deployed and accessible at the hostname you provided. Go ahead and create your organization and invite your team.

Full Cluster Install (Includes NGINX Ingress Controller)

❗️Is this what I want?

If you know this is an empty cluster with no ingress controllers installed, then our full service install is for you! Otherwise, BE CAREFUL. Installing NGINX routing can really mess with other ingress controllers.


Step 0: Create a namespace

Shell

kubectl create namespace opal-onprem

To make things easier, go ahead and default your Kube config to this context:

Shell

kubectl config set-context --current --namespace=opal-onprem

Step 1: Install Helm and Kots

Requires Helm 3 (make sure it's not Helm 2!) which you can install using:

Shell

brew install kubernetes-helm 
curl https://kots.io/install | bash

Deploy the NGINX ingress controller and certificate manager by running:

Shell

# Fetch dependencies 
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx helm repo add jetstack https://charts.jetstack.io
helm repo update

helm install nginx-ingress-contoller ingress-nginx/ingress-nginx -n opal-onprem
helm install cert-manager jetstack/cert-manager --namespace opal-onprem --version v1.3.1 --set installCRDs=true

Step 3: Deploy Opal

You can deploy Opal using one command:

Text

kubectl kots install opal-onprem

When asked, make sure you use the right namespace, opal-onprem (or whatever you've been using).

Step 4: Access the Admin Console

Once Opal is finished installing, it should offer a port-forward to the admin console.

Go ahead and proceed. You can re-access the admin console with the following command: kubectl kots admin-console --namespace opal-onprem

Configure your deployment

The admin console should introduce you to some options and their purposes. Since you're installing to an empty cluster, you should use our full-service deployment. It will enable external routing while automatically managing TLS for you.

The rest of the options are fairly self-explanatory. So continue along the prompts and hit continue.

Step 5: Log in to Opal

You should now be able to access Opal at your desired hostname now! Log in and invite your team!

Debugging

General

  • Check the admin console logs: kubectl kots admin-console --namespace opal-onprem

  • Dump your logs using the analyzer in the admin console

  • Check the pod logs, all pods are prefixed with opal-web

  • Check your TLS certificate in the Secret opal-tls

Full Service

  • Check the events on your ingress kubectl describe ingress

  • Check the pod logs for your NGINX ingress controller for routing issues

  • Check the status of your certificate request from Let's Encrypt by using kubectl get/describe certificate


NEXT UP ➑️

Learn how to update Opal with ease.

Did this answer your question?