Install Calyptia Core on Red Hat Enterprise Linux
Supported Versions
Version | Architecture |
---|---|
Red Hat Enterprise Linux 7.9 | x86_64 |
Red Hat Enterprise Linux 8.4 | x86_64, ARM64 |
Red Hat Enterprise Linux 9.x | x86_64, ARM64 |
Amazon Linux 2 | x86_64, ARM64 |
Download and Install
-
Run the following command to install Calyptia Core on RHEL. This installs both Calyptia CLI and Calyptia Core. However, it doesn't onboard to https://core.calyptia.com (opens in a new tab) as this requires your project token to complete.
curl -sSfL https://core-packages.calyptia.com/install-core.sh | bash
-
Navigate to https://core.calyptia.com (opens in a new tab) > New Core Instance. Follow the instructions here to create a Calyptia Core instance with all the relevant parameters.
If you are using custom certificates and CA, use the following --no-tls-verify
in
the install script to still enable encryption.
Health checks
As part of the install script, Telemetry Pipeline performs the following checks to ensure proper installation:
- Installation of curl
- Installation of systemctl
- Basic system requirements
- FIPS mode not enabled
- Firewall not enabled
- Connectivity to https://cloud-api.calyptia.com (opens in a new tab)
- Connectivity to https://ghcr.io/calyptia/core (opens in a new tab)
- SELinux status
Troubleshooting
The initial step is to review the output of the health checks run during installation for any warnings or errors reported. Refer to the top-level networking and OS requirements to confirm they're met. Verify the K3s requirements are also met: https://docs.k3s.io/installation/requirements (opens in a new tab).
To troubleshoot, do the following to verify if it resolves the issue:
- Disable FIPS mode (RHEL 8 (opens in a new tab), RHEL 9 (opens in a new tab)) AND reboot:
fips-mode-setup --disable
- Disable the firewall:
systemctl disable firewalld --now
- Ensure SELinux is disabled (opens in a new tab) or in permissive (opens in a new tab) (not enforcing) mode.
- Ensure the crypto-policy is set to DEFAULT or LEGACY: https://access.redhat.com/documentation/fr-fr/red_hat_enterprise_linux/9/html/security_hardening/switching-the-system-wide-crypto-policy-to-mode-compatible-with-previous-systems_using-the-system-wide-cryptographic-policies (opens in a new tab)
If the nm-cloud-setup
service is enabled then this must be disabled AND the node rebooted.
systemctl disable nm-cloud-setup.service nm-cloud-setup.timer
reboot
Confirm the following network ranges that K3S defaults to using are not conflicting with your network or DNS resolution.
- Pods are allocated in the CIDR range
10.42.0.0/16
. UseINSTALL_CALYPTIA_CLUSTER_CIDR
environment variable to override. - Services are allocated in the CIDR range
10.43.0.0/16
. UseINSTALL_CALYPTIA_SERVICE_CIDR
environment variable to override. - Cluster DNS is set to
10.43.0.10
. UseINSTALL_CALYPTIA_CLUSTER_DNS
environment variable to override. - The cluster domain suffix is set to
cluster.local
. UseINSTALL_CALYPTIA_CLUSTER_DOMAIN
environment variable to override.
Node ports are allocated by K3s in the range 30000-32767 by default so ensure these do not conflict with any local services that are required.
Use the INSTALL_CALYPTIA_SERVICE_NODE_PORT_RANGE
environment variable to override during installation.
Check the local /etc/resolv.conf
specifically to verify as well - this will be used by K3s as well by default.
Verify it is not using a DNS server or specifying any overrides that may conflict with K3s.