Install Calyptia Core on Red Hat Enterprise Linux
Supported Versions
Version | Architecture |
---|---|
Red Hat Enterprise Linux 7.9 | x86_64 |
Red Hat Enterprise Linux 8.4 | x86_64, ARM64 |
Red Hat Enterprise Linux 9.x | x86_64, ARM64 |
Amazon Linux 2 | x86_64, ARM64 |
Download and Install
You can run the following command to install Calyptia Core on RHEL. This will install both Calyptia CLI and Calyptia Core. However, it does not onboard to https://core.calyptia.com (opens in a new tab) as this requires your project token to complete.
curl -sSfL https://core-packages.calyptia.com/install-core.sh | bash
After you have run the install command, you can navigate to https://core.calyptia.com (opens in a new tab) > New Core Instance. Follow the instructions here to create a Calyptia Core instance with all the relevant parameters.
If you are using custom certificates and CA, use the following --no-tls-verify
in the install script to still enable encryption
Health checks
As part of the install script, we perform the following checks to ensure proper installation.
- Installation of curl
- Installation of systemctl
- Basic system requirements
- FIPS mode not enabled
- Firewall not enabled
- Connectivity to https://cloud-api.calyptia.com (opens in a new tab)
- Connectivity to https://ghcr.io/calyptia/core (opens in a new tab)
- SELinux status
Troubleshooting
The initial step is to check the output of the health checks run during installation for any warnings or errors reported. Refer to the top-level networking and OS requirements to confirm they are met. Verify the K3s requirements are also met: https://docs.k3s.io/installation/requirements (opens in a new tab).
To troubleshoot, do the following to verify if it resolves the issue:
- Disable FIPS mode (RHEL 8 (opens in a new tab), RHEL 9 (opens in a new tab)) AND reboot:
fips-mode-setup --disable
- Disable the firewall:
systemctl disable firewalld --now
- Ensure SELinux is disabled (opens in a new tab) or in permissive (opens in a new tab) (not enforcing) mode.
- Ensure the crypto-policy is set to DEFAULT or LEGACY: https://access.redhat.com/documentation/fr-fr/red_hat_enterprise_linux/9/html/security_hardening/switching-the-system-wide-crypto-policy-to-mode-compatible-with-previous-systems_using-the-system-wide-cryptographic-policies (opens in a new tab)
If the nm-cloud-setup
service is enabled then this must be disabled AND the node rebooted.
systemctl disable nm-cloud-setup.service nm-cloud-setup.timer
reboot
Confirm the following network ranges that K3S defaults to using are not conflicting with your network or DNS resolution.
- Pods are allocated in the CIDR range
10.42.0.0/16
. UseINSTALL_CALYPTIA_CLUSTER_CIDR
environment variable to override. - Services are allocated in the CIDR range
10.43.0.0/16
. UseINSTALL_CALYPTIA_SERVICE_CIDR
environment variable to override. - Cluster DNS is set to
10.43.0.10
. UseINSTALL_CALYPTIA_CLUSTER_DNS
environment variable to override. - The cluster domain suffix is set to
cluster.local
. UseINSTALL_CALYPTIA_CLUSTER_DOMAIN
environment variable to override.
Node ports are allocated by K3s in the range 30000-32767 by default so ensure these do not conflict with any local services that are required.
Use the INSTALL_CALYPTIA_SERVICE_NODE_PORT_RANGE
environment variable to override during installation.
Check the local /etc/resolv.conf
specifically to verify as well - this will be used by K3s as well by default.
Verify it is not using a DNS server or specifying any overrides that may conflict with K3s.