MicroK8s Install
TIP Controller Local Deployment
Base System
MicroK8s deployment is available as part of Release 1.0 candidate. API services, database, message bus and ability to adjust Kubernetes POD performance parameters are all possible with this system which may be useful to the Community for local on premises installations.
A snap capable operating system is required for MicroK8s installation. TIP Controller has been installed on an Ubuntu 20 system with 32Gb memory, 500Gb disk and Gigabit Ethernet network interface with a user account tip created.
The system should have a fully qualified domain name and the deployment of TIP controller will require additional DNS records to be created.
Local /etc/hosts should contain the following DNS entires for your controller assigned to the IP address your machine is using to connect to the network. This same IP will be used when configuring metallb address in a subsequent step.
When accessing the UI from a workstation or when AP is connecting to the local controller the local DNS server will need to provide authoritative response for these A records in the wlan.local domain. In a future release of TIP Controller instructions will be provided to modify the FQDN of all Controller services.
DNS default entries for /etc/hosts
Install microk8s
The above specifies latest stable release will be installed
Set user permissions
source or re-login to shell for environment to be applied to current user ($USER)
Setup MicroK8s
metlalb will request an IP address range. Specify the IP of Gigabit Ethernet interface. If your interface address is 10.1.1.10 then provide metallb with: 10.1.1.1-10.1.1.10
Begin Controller Setup
TIP Controller may be deployed with self-signed certificates for a local lab environment. The following steps will guide the reader through that process.
Install Keytool and Zip Packages
Enable Firewall to permit Controller traffic from Container Network Interface
Downloading TIP Controller Software
Change to a directory for configuring certificates and running controller. This can be within the tip home directory.
Obtain Controller PKI Certs Locally
This step only applies when using locally built AP images. All devices purchased via ODM partners from factory will ship with TIP Signed keys. Updating Redirector value for the device is the recommended way to connect to a local Cloud SDK
Obtain Controller Locally
From the current directory, two sub-directories now exist for wlan-pki-certs and wlan-cloud-helm.
Enter the PKI directory and the configs sub-directory cd /wlan-pki-cert-scripts/configs
Modify all certificate configuration files for the value of your organizationalUnitName_default value set to your organizational name or other string value used in each of the PKI certificate files. Optionally this may be left unchanged.
Within the following files, ensure the FQDN (Fully Qualified Domain Name) based on local setup for DNS aligns accordingly. The following files are updated per:
mqtt-server.cnf
commonName_default = opensync-mqtt-broker.FQDN
openssl-server.cnf
DNS.1 = opensync-redirector.FQDN
DNS.2 = opensync-controller.FQDN
Once complete generate the service certificates and copy these to the controller.
Note within the wlan-pki-cert-scripts folder, a subfolder /generated is present after key creation.
The AP.zip archive in the generated folder contains the Access Point certificates for loading onto APs in the AP /usr/opensync/certs device folder
Deploy Controller
TIP controller defaults to a domain of wlan.local. It is possible to operate a lab DNS service permitting local resolution of this domain for the TIP controller services. Certificate instructions for a self-signed private domain will follow in a subsequent release of service and documentation.
Helm will deploy the Controller containers within a TIP namespace to microk8s on the machine.
To check status of the PODs, Services, and Persistent Volume Claims (storage) use the following commands. Please note, depending on your server, all PODs may take several minutes to fully initialize.
Get svc will return the network Services of each container port maps as well as list of containers mapped to external IP address defined during the metallb config stage earlier.
Get pvc will return the Persistent Volume Claims of the containers to the microk8s storage service
Get pods will return the current state of all containers. The controller will require two to four minutes for all pods to reach 'Running' state.
Examples of all three commands:
Access Point Self-Signed Keys
In the earlier stage when self-signed keys were created for the controller, keys were also created to support Access Point connections over SSL to the newly deployed controller.
To obtain these keys, return to the /wlan-pki-cert-scripts/generated
folder and copy AP.zip
containing the Access Point keys.
Extract this archive and using sing secure copy (SCP) transfer keys to the /usr/opensync/certs
folder on the AP.
The above assumes the microk8s system has IP connectivity to the Access Point If this is not possible, copy the AP.zip file to a machine that will have SCP access to the AP, extract the files and copy to the AP folder per above.
Directing Access Point To Controller
In the current release of a TIP Controller using self-signed certificates, Access Points communicate to the TIP Controller using OpenSync. Access Points are directed to the controller at this time using local configuration.
The default TIP Open AP username and login are 'root' and 'openwifi'
The IP address (or FQDN) are the same as the metallb exposed External IP as shown in earlier steps
Last updated