Kaptain DocumentationWARNING: Ensure the cluster that you want to use to deploy Kaptain is the only cluster in its workspace. Kaptain is meant to be deployed on workspaces with a single cluster.
Prerequisites
-
Ensure you meet all prerequisites.
-
Ensure you have added Kaptain to your DKP Catalog applications before you deploy it to your clusters. Refer to the corresponding documentation for your environment:
WARNING: (Enterprise only) If you are installing Kaptain on a Managed or Attached cluster, you must customize the deployment for Kaptain to communicate with the Management cluster via Dex (unless you have a dedicated dex instance running on said cluster). In the following workflow, we will show you when to do this.
NOTE: You have different configuration options for Kaptain. Some must take place during the deployment of the Kaptain instance, or the installation could fail.
Enable and deploy Kaptain using the DKP UI
Follow these steps to enable Kaptain in air-gapped and networked environments from the DKP UI:
-
Enterprise only: Select your target workspace, from the top menu bar.
-
Select Applications from the sidebar menu.
-
Type Kaptain in the Applications search bar. If Kaptain is not available in the UI, add Kaptain to your DKP catalog as stated in the prerequisites section.
-
Select the three dot menu > Enable, in the Kaptain tile. The
Enable Workspace Catalog Applicationpage is displayed. -
Verify that you deploy to the correct target workspace and Clusters.
- If the workspace is incorrect, go back to the main dashboard and select the correct workspace as in step 1.
- If you don’t want to deploy Kaptain to all clusters, interrupt deployment and manually move the clusters where you don’t want to deploy Kaptain to another workspace.
-
Select a version from the drop-down menu, if available. This drop-down menu will only be visible if there is more than one version.
-
Enterprise only: Customize the deployment so Kaptain can communicate with the Management cluster via Dex. For this, copy the required values or upload your customized YAML to the Configure Service. Here is an example:
ingress: externalDexClientId: dex-controller-kubeflow-authservice externalDexClientSecret: kubeflow-authservice oidcProviderEndpoint: https://management_cluster_endpoint/dex oidcProviderBase64CaBundle: LS0tLS1CRUd... -
Optional: If you want to override the default configuration values, copy any other customized configuration values into the text editor under Configure Service or upload your YAML file that contains the values.
-
Confirm the details are correct, and then select the Enable button to enable and trigger deployment. The status changes to Enabled.
-
Repeat these steps for each additional workspace, if you want to deploy Kaptain to other workspaces.
Alternately, you can use the CLI to enable your catalog applications.
Verify the status of deployment using the DKP UI
Follow these steps to verify the deployment of Kaptain:
-
Select Clusters, from the sidebar menu.
-
Select View Details, from your clusters tile.
-
Select the Applications tab and scroll down to find the Kaptain tile.
The status is Deployed when Kaptain’s deployment is successful.
NOTE: It can take several minutes until provisioning finishes and status changes to Deployed.
Enable and deploy Kaptain using the DKP CLI (Essential only)
Follow these steps to enable Kaptain in air-gapped and networked environments from the DKP CLI:
-
Ensure you reference the cluster on which you want to deploy Kaptain. For customers with an Essential license and a single-cluster experience, the
clusterKubeconfig.confis your Essential cluster. For customers with an Enterprise license and multi-cluster experience, yourclusterKubeconfig.confis the managed or attached cluster where you will install Kaptain. -
Enable Kaptain to deploy to your existing Management, Managed and Attached clusters with an
AppDeploymentresource. -
Within the
AppDeployment, define theappRefto specify whichAppto enable:cat <<EOF | kubectl apply -f - apiVersion: apps.kommander.d2iq.io/v1alpha2 kind: AppDeployment metadata: name: kaptain namespace: ${WORKSPACE_NAMESPACE} spec: appRef: kind: App name: kaptain-2.0.0 EOF -
Create the resource in the workspace you just created, which instructs Kommander to deploy the
AppDeploymentto theKommanderClusters in the same workspace.
Enable Kaptain with a custom configuration using the CLI (Essential and Enterprise)
IMPORTANT: If you are deploying Kaptain to a managed or attached cluster, ensure that the ConfigMap contains the ${WORKSPACE_NAMESPACE} in the global.workspace section of the values.yaml, as shown in the following example.
If you want to customize your installation and modify the custom domain name, external Dex, creation of profiles, certificates, for example, continue with these steps:
-
Ensure you reference the cluster on which you want to deploy Kaptain. For customers with an Essential license and a single-cluster experience, the
clusterKubeconfig.confis your Essential cluster. For customers with an Enterprise license and multi-cluster experience, yourclusterKubeconfig.confis the managed or attached cluster where you will install Kaptain. -
Create the
ConfigMapwith the custom configuration. In the following example, the ConfigMap is configuring Kaptain to communicate with the Management cluster via Dex, which is a necessary step when deploying Kaptain to a Managed or Attached cluster (Enterprise(…/…/…/…/kommander/2.2/licensing/enterprise/) only). Other configurations can be made in the same way.cat <<EOF | kubectl apply -f - apiVersion: v1 kind: ConfigMap metadata: namespace: ${WORKSPACE_NAMESPACE} name: kaptain-overrides data: values.yaml: | global: workspace: ${WORKSPACE_NAMESPACE} core: registrationFlow: true ingress: externalDexClientId: dex-controller-kubeflow-authservice externalDexClientSecret: kubeflow-authservice oidcProviderEndpoint: https://management_cluster_endpoint/dex oidcProviderBase64CaBundle: LS0tLS1CRUd... EOF -
Provide the name of the
ConfigMapyou created in theAppDeployment, which provides custom configuration on top of the default configuration:cat <<EOF | kubectl apply -f - apiVersion: apps.kommander.d2iq.io/v1alpha2 kind: AppDeployment metadata: name: kaptain namespace: ${WORKSPACE_NAMESPACE} spec: appRef: kind: App name: kaptain-2.0.0 configOverrides: name: kaptain-overrides EOF
Kommander waits for the ConfigMap to be present before deploying the AppDeployment to the attached clusters.
Verify the status of deployment using the DKP CLI
With Kaptain enabled, connect to the cluster and check the HelmReleases to verify the deployment:
kubectl get helmreleases -n ${WORKSPACE_NAMESPACE}
The output should look like this:
NAME AGE READY STATUS
kaptain-1 3m40s True Release reconciliation succeeded
Log in to Kaptain using the management cluster’s Dex instance
-
Get your Kaptain login credentials:
kubectl -n kommander get secret dkp-credentials -o go-template='Username: {{.data.username|base64decode}}{{ "\n"}}Password: {{.data.password|base64decode}}{{ "\n"}}'The output displays your username and password.
-
Discover the Kaptain endpoint:
- If you are running Kaptain on-premises:
kubectl get svc kaptain-ingress --namespace kaptain-ingress -o jsonpath="{.status.loadBalancer.ingress[*].ip}"- Or if you are running Kaptain on AWS:
kubectl get svc kaptain-ingress --namespace kaptain-ingress -o jsonpath="{.status.loadBalancer.ingress[*].hostname}"The output displays a URL to your Kaptain instance.
When calling up https://<Kaptain endpoint>, you will see the login page of the management cluster’s Dex instance. After entering your credentials, you will be redirected to Kaptain’s Kubeflow dashboard.
NOTE: It is possible that you receive a browser warning due your instance's self-signed certificate. This instance is safe. You can bypass the warning in the advanced settings of the browser or by typing thisisunsafe once the warning appears (there is no specific field for this).