mirror of
				https://github.com/gravitl/netmaker.git
				synced 2025-10-26 22:16:20 +08:00 
			
		
		
		
	
		
			
				
	
	
		
			1238 lines
		
	
	
		
			No EOL
		
	
	
		
			95 KiB
		
	
	
	
		
			HTML
		
	
	
	
	
	
			
		
		
	
	
			1238 lines
		
	
	
		
			No EOL
		
	
	
		
			95 KiB
		
	
	
	
		
			HTML
		
	
	
	
	
	
| 
 | ||
| <!DOCTYPE html>
 | ||
| 
 | ||
| <html>
 | ||
|   <head>
 | ||
|     <meta charset="utf-8" />
 | ||
|     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
 | ||
|   <meta name="viewport" content="width=device-width,initial-scale=1">
 | ||
|   <meta http-equiv="x-ua-compatible" content="ie=edge">
 | ||
|   <meta name="lang:clipboard.copy" content="Copy to clipboard">
 | ||
|   <meta name="lang:clipboard.copied" content="Copied to clipboard">
 | ||
|   <meta name="lang:search.language" content="en">
 | ||
|   <meta name="lang:search.pipeline.stopwords" content="True">
 | ||
|   <meta name="lang:search.pipeline.trimmer" content="True">
 | ||
|   <meta name="lang:search.result.none" content="No matching documents">
 | ||
|   <meta name="lang:search.result.one" content="1 matching document">
 | ||
|   <meta name="lang:search.result.other" content="# matching documents">
 | ||
|   <meta name="lang:search.tokenizer" content="[\s\-]+">
 | ||
| 
 | ||
|   
 | ||
|     <link href="https://fonts.gstatic.com/" rel="preconnect" crossorigin>
 | ||
|     <link href="https://fonts.googleapis.com/css?family=Roboto+Mono:400,500,700|Roboto:300,400,400i,700&display=fallback" rel="stylesheet">
 | ||
| 
 | ||
|     <style>
 | ||
|       body,
 | ||
|       input {
 | ||
|         font-family: "Roboto", "Helvetica Neue", Helvetica, Arial, sans-serif
 | ||
|       }
 | ||
| 
 | ||
|       code,
 | ||
|       kbd,
 | ||
|       pre {
 | ||
|         font-family: "Roboto Mono", "Courier New", Courier, monospace
 | ||
|       }
 | ||
|     </style>
 | ||
|   
 | ||
| 
 | ||
|   <link rel="stylesheet" href="_static/stylesheets/application.css"/>
 | ||
|   <link rel="stylesheet" href="_static/stylesheets/application-palette.css"/>
 | ||
|   <link rel="stylesheet" href="_static/stylesheets/application-fixes.css"/>
 | ||
|   
 | ||
|   <link rel="stylesheet" href="_static/fonts/material-icons.css"/>
 | ||
|   
 | ||
|   <meta name="theme-color" content="#3f51b5">
 | ||
|   <script src="_static/javascripts/modernizr.js"></script>
 | ||
|   
 | ||
|   
 | ||
|   
 | ||
|     <title>Advanced Server Installation — Netmaker 0.9.4 documentation</title>
 | ||
|     <link rel="stylesheet" type="text/css" href="_static/pygments.css" />
 | ||
|     <link rel="stylesheet" type="text/css" href="_static/material.css" />
 | ||
|     <script data-url_root="./" id="documentation_options" src="_static/documentation_options.js"></script>
 | ||
|     <script src="_static/jquery.js"></script>
 | ||
|     <script src="_static/underscore.js"></script>
 | ||
|     <script src="_static/doctools.js"></script>
 | ||
|     <link rel="author" title="About these documents" href="about.html" />
 | ||
|     <link rel="index" title="Index" href="genindex.html" />
 | ||
|     <link rel="search" title="Search" href="search.html" />
 | ||
|     <link rel="next" title="Advanced Client Installation" href="client-installation.html" />
 | ||
|     <link rel="prev" title="Relay Servers" href="relay-server.html" />
 | ||
|   
 | ||
|    
 | ||
| 
 | ||
|   </head>
 | ||
|   <body dir=ltr
 | ||
|         data-md-color-primary=indigo data-md-color-accent=light-blue>
 | ||
|   
 | ||
|   <svg class="md-svg">
 | ||
|     <defs data-children-count="0">
 | ||
|       
 | ||
|       <svg xmlns="http://www.w3.org/2000/svg" width="416" height="448" viewBox="0 0 416 448" id="__github"><path fill="currentColor" d="M160 304q0 10-3.125 20.5t-10.75 19T128 352t-18.125-8.5-10.75-19T96 304t3.125-20.5 10.75-19T128 256t18.125 8.5 10.75 19T160 304zm160 0q0 10-3.125 20.5t-10.75 19T288 352t-18.125-8.5-10.75-19T256 304t3.125-20.5 10.75-19T288 256t18.125 8.5 10.75 19T320 304zm40 0q0-30-17.25-51T296 232q-10.25 0-48.75 5.25Q229.5 240 208 240t-39.25-2.75Q130.75 232 120 232q-29.5 0-46.75 21T56 304q0 22 8 38.375t20.25 25.75 30.5 15 35 7.375 37.25 1.75h42q20.5 0 37.25-1.75t35-7.375 30.5-15 20.25-25.75T360 304zm56-44q0 51.75-15.25 82.75-9.5 19.25-26.375 33.25t-35.25 21.5-42.5 11.875-42.875 5.5T212 416q-19.5 0-35.5-.75t-36.875-3.125-38.125-7.5-34.25-12.875T37 371.5t-21.5-28.75Q0 312 0 260q0-59.25 34-99-6.75-20.5-6.75-42.5 0-29 12.75-54.5 27 0 47.5 9.875t47.25 30.875Q171.5 96 212 96q37 0 70 8 26.25-20.5 46.75-30.25T376 64q12.75 25.5 12.75 54.5 0 21.75-6.75 42 34 40 34 99.5z"/></svg>
 | ||
|       
 | ||
|     </defs>
 | ||
|   </svg>
 | ||
|   
 | ||
|   <input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer">
 | ||
|   <input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search">
 | ||
|   <label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
 | ||
|   <a href="#server-installation" tabindex="1" class="md-skip"> Skip to content </a>
 | ||
|   <header class="md-header" data-md-component="header">
 | ||
|   <nav class="md-header-nav md-grid">
 | ||
|     <div class="md-flex navheader">
 | ||
|       <div class="md-flex__cell md-flex__cell--shrink">
 | ||
|         <a href="index.html" title="Netmaker 0.9.4 documentation"
 | ||
|            class="md-header-nav__button md-logo">
 | ||
|           
 | ||
|             <i class="md-icon"></i>
 | ||
|           
 | ||
|         </a>
 | ||
|       </div>
 | ||
|       <div class="md-flex__cell md-flex__cell--shrink">
 | ||
|         <label class="md-icon md-icon--menu md-header-nav__button" for="__drawer"></label>
 | ||
|       </div>
 | ||
|       <div class="md-flex__cell md-flex__cell--stretch">
 | ||
|         <div class="md-flex__ellipsis md-header-nav__title" data-md-component="title">
 | ||
|           <span class="md-header-nav__topic">Netmaker Docs</span>
 | ||
|           <span class="md-header-nav__topic"> Advanced Server Installation </span>
 | ||
|         </div>
 | ||
|       </div>
 | ||
|       <div class="md-flex__cell md-flex__cell--shrink">
 | ||
|         <label class="md-icon md-icon--search md-header-nav__button" for="__search"></label>
 | ||
|         
 | ||
| <div class="md-search" data-md-component="search" role="dialog">
 | ||
|   <label class="md-search__overlay" for="__search"></label>
 | ||
|   <div class="md-search__inner" role="search">
 | ||
|     <form class="md-search__form" action="search.html" method="get" name="search">
 | ||
|       <input type="text" class="md-search__input" name="q" placeholder="Search"
 | ||
|              autocapitalize="off" autocomplete="off" spellcheck="false"
 | ||
|              data-md-component="query" data-md-state="active">
 | ||
|       <label class="md-icon md-search__icon" for="__search"></label>
 | ||
|       <button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
 | ||
|         
 | ||
|       </button>
 | ||
|     </form>
 | ||
|     <div class="md-search__output">
 | ||
|       <div class="md-search__scrollwrap" data-md-scrollfix>
 | ||
|         <div class="md-search-result" data-md-component="result">
 | ||
|           <div class="md-search-result__meta">
 | ||
|             Type to start searching
 | ||
|           </div>
 | ||
|           <ol class="md-search-result__list"></ol>
 | ||
|         </div>
 | ||
|       </div>
 | ||
|     </div>
 | ||
|   </div>
 | ||
| </div>
 | ||
| 
 | ||
|       </div>
 | ||
|       
 | ||
|         <div class="md-flex__cell md-flex__cell--shrink">
 | ||
|           <div class="md-header-nav__source">
 | ||
|             <a href="https://github.com/gravitl/netmaker/" title="Go to repository" class="md-source" data-md-source="github">
 | ||
| 
 | ||
|     <div class="md-source__icon">
 | ||
|       <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 24 24" width="28" height="28">
 | ||
|         <use xlink:href="#__github" width="24" height="24"></use>
 | ||
|       </svg>
 | ||
|     </div>
 | ||
|   
 | ||
|   <div class="md-source__repository">
 | ||
|     Netmaker
 | ||
|   </div>
 | ||
| </a>
 | ||
|           </div>
 | ||
|         </div>
 | ||
|       
 | ||
|       
 | ||
|   
 | ||
|   <script src="_static/javascripts/version_dropdown.js"></script>
 | ||
|   <script>
 | ||
|     var json_loc = ""versions.json"",
 | ||
|         target_loc = "../",
 | ||
|         text = "Versions";
 | ||
|     $( document ).ready( add_version_dropdown(json_loc, target_loc, text));
 | ||
|   </script>
 | ||
|   
 | ||
| 
 | ||
|     </div>
 | ||
|   </nav>
 | ||
| </header>
 | ||
| 
 | ||
|   
 | ||
|   <div class="md-container">
 | ||
|     
 | ||
|     
 | ||
|     
 | ||
|   <nav class="md-tabs" data-md-component="tabs">
 | ||
|     <div class="md-tabs__inner md-grid">
 | ||
|       <ul class="md-tabs__list">
 | ||
|           <li class="md-tabs__item"><a href="index.html" class="md-tabs__link">Netmaker 0.9.4 documentation</a></li>
 | ||
|       </ul>
 | ||
|     </div>
 | ||
|   </nav>
 | ||
|     <main class="md-main">
 | ||
|       <div class="md-main__inner md-grid" data-md-component="container">
 | ||
|         
 | ||
|           <div class="md-sidebar md-sidebar--primary" data-md-component="navigation">
 | ||
|             <div class="md-sidebar__scrollwrap">
 | ||
|               <div class="md-sidebar__inner">
 | ||
|                 <nav class="md-nav md-nav--primary" data-md-level="0">
 | ||
|   <label class="md-nav__title md-nav__title--site" for="__drawer">
 | ||
|     <a href="index.html" title="Netmaker 0.9.4 documentation" class="md-nav__button md-logo">
 | ||
|       
 | ||
|         <i class="md-icon"></i>
 | ||
|       
 | ||
|     </a>
 | ||
|     <a href="index.html"
 | ||
|        title="Netmaker 0.9.4 documentation">Netmaker Docs</a>
 | ||
|   </label>
 | ||
|     <div class="md-nav__source">
 | ||
|       <a href="https://github.com/gravitl/netmaker/" title="Go to repository" class="md-source" data-md-source="github">
 | ||
| 
 | ||
|     <div class="md-source__icon">
 | ||
|       <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 24 24" width="28" height="28">
 | ||
|         <use xlink:href="#__github" width="24" height="24"></use>
 | ||
|       </svg>
 | ||
|     </div>
 | ||
|   
 | ||
|   <div class="md-source__repository">
 | ||
|     Netmaker
 | ||
|   </div>
 | ||
| </a>
 | ||
|     </div>
 | ||
|   
 | ||
|   
 | ||
| 
 | ||
|   
 | ||
|   <ul class="md-nav__list">
 | ||
|     <li class="md-nav__item">
 | ||
|     
 | ||
|     
 | ||
|       <a href="about.html" class="md-nav__link">About</a>
 | ||
|       
 | ||
|     
 | ||
|     </li>
 | ||
|     <li class="md-nav__item">
 | ||
|     
 | ||
|     
 | ||
|       <a href="architecture.html" class="md-nav__link">Architecture</a>
 | ||
|       
 | ||
|     
 | ||
|     </li>
 | ||
|     <li class="md-nav__item">
 | ||
|     
 | ||
|     
 | ||
|       <a href="install.html" class="md-nav__link">Install</a>
 | ||
|       
 | ||
|     
 | ||
|     </li>
 | ||
|     <li class="md-nav__item">
 | ||
|     
 | ||
|     
 | ||
|       <a href="quick-start.html" class="md-nav__link">Quick Install</a>
 | ||
|       
 | ||
|     
 | ||
|     </li>
 | ||
|     <li class="md-nav__item">
 | ||
|     
 | ||
|     
 | ||
|       <a href="getting-started.html" class="md-nav__link">Getting Started</a>
 | ||
|       
 | ||
|     
 | ||
|     </li>
 | ||
|     <li class="md-nav__item">
 | ||
|     
 | ||
|     
 | ||
|       <a href="external-clients.html" class="md-nav__link">Ingress + External Clients</a>
 | ||
|       
 | ||
|     
 | ||
|     </li>
 | ||
|     <li class="md-nav__item">
 | ||
|     
 | ||
|     
 | ||
|       <a href="egress-gateway.html" class="md-nav__link">Egress Gateway</a>
 | ||
|       
 | ||
|     
 | ||
|     </li>
 | ||
|     <li class="md-nav__item">
 | ||
|     
 | ||
|     
 | ||
|       <a href="relay-server.html" class="md-nav__link">Relay Servers</a>
 | ||
|       
 | ||
|     
 | ||
|     </li>
 | ||
|     <li class="md-nav__item">
 | ||
|     
 | ||
|     
 | ||
|       <a href="https://k8s.netmaker.org" class="md-nav__link">Kubernetes</a>
 | ||
|       
 | ||
|     
 | ||
|     </li>
 | ||
|     <li class="md-nav__item">
 | ||
|     
 | ||
|     
 | ||
|     <input class="md-toggle md-nav__toggle" data-md-toggle="toc" type="checkbox" id="__toc">
 | ||
|     <label class="md-nav__link md-nav__link--active" for="__toc"> Advanced Server Installation </label>
 | ||
|     
 | ||
|       <a href="#" class="md-nav__link md-nav__link--active">Advanced Server Installation</a>
 | ||
|       
 | ||
|         
 | ||
| <nav class="md-nav md-nav--secondary">
 | ||
|     <label class="md-nav__title" for="__toc">Contents</label>
 | ||
|   <ul class="md-nav__list" data-md-scrollfix="">
 | ||
|         <li class="md-nav__item"><a href="#server-installation--page-root" class="md-nav__link">Advanced Server Installation</a><nav class="md-nav">
 | ||
|               <ul class="md-nav__list">
 | ||
|         <li class="md-nav__item"><a href="#system-compatibility" class="md-nav__link">System Compatibility</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#server-configuration-reference" class="md-nav__link">Server Configuration Reference</a><nav class="md-nav">
 | ||
|               <ul class="md-nav__list">
 | ||
|         <li class="md-nav__item"><a href="#variable-description" class="md-nav__link">Variable Description</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#config-file-reference" class="md-nav__link">Config File Reference</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#compose-file-annotated" class="md-nav__link">Compose File - Annotated</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#available-docker-compose-files" class="md-nav__link">Available docker-compose files</a>
 | ||
|         </li></ul>
 | ||
|             </nav>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#dns-mode-setup" class="md-nav__link">DNS Mode Setup</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#docker-compose-install" class="md-nav__link">Docker Compose Install</a><nav class="md-nav">
 | ||
|               <ul class="md-nav__list">
 | ||
|         <li class="md-nav__item"><a href="#test-install-no-dns-no-secure-grpc" class="md-nav__link">Test Install - No DNS, No Secure GRPC</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#traefik-proxy" class="md-nav__link">Traefik Proxy</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#no-dns-coredns-disabled" class="md-nav__link">No DNS - CoreDNS Disabled</a>
 | ||
|         </li></ul>
 | ||
|             </nav>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#linux-install-without-docker" class="md-nav__link">Linux Install without Docker</a><nav class="md-nav">
 | ||
|               <ul class="md-nav__list">
 | ||
|         <li class="md-nav__item"><a href="#database-setup-optional" class="md-nav__link">Database Setup (optional)</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#server-setup" class="md-nav__link">Server Setup</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#ui-setup" class="md-nav__link">UI Setup</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#coredns-setup-optional" class="md-nav__link">CoreDNS Setup (optional)</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#proxy-load-balancer" class="md-nav__link">Proxy / Load Balancer</a>
 | ||
|         </li></ul>
 | ||
|             </nav>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#kubernetes-install" class="md-nav__link">Kubernetes Install</a><nav class="md-nav">
 | ||
|               <ul class="md-nav__list">
 | ||
|         <li class="md-nav__item"><a href="#server-install" class="md-nav__link">Server Install</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#netclient-daemonset" class="md-nav__link">Netclient Daemonset</a>
 | ||
|         </li></ul>
 | ||
|             </nav>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#nginx-reverse-proxy-setup-with-https" class="md-nav__link">Nginx Reverse Proxy Setup with https</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#highly-available-installation-kubernetes" class="md-nav__link">Highly Available Installation (Kubernetes)</a><nav class="md-nav">
 | ||
|               <ul class="md-nav__list">
 | ||
|         <li class="md-nav__item"><a href="#requirements" class="md-nav__link">Requirements</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#recommended-settings" class="md-nav__link">Recommended Settings:</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#example-installations" class="md-nav__link">Example Installations:</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#ingress" class="md-nav__link">Ingress</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#kernel-wireguard" class="md-nav__link">Kernel WireGuard</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#dns" class="md-nav__link">DNS</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#values" class="md-nav__link">Values</a>
 | ||
|         </li></ul>
 | ||
|             </nav>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#highly-available-installation-vms-bare-metal" class="md-nav__link">Highly Available Installation (VMs/Bare Metal)</a><nav class="md-nav">
 | ||
|               <ul class="md-nav__list">
 | ||
|         <li class="md-nav__item"><a href="#load-balancer-setup" class="md-nav__link">1. Load Balancer Setup</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#rqlite-setup" class="md-nav__link">2. RQLite Setup</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#netmaker-setup" class="md-nav__link">3. Netmaker Setup</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#other-considerations" class="md-nav__link">4. Other Considerations</a>
 | ||
|         </li></ul>
 | ||
|             </nav>
 | ||
|         </li></ul>
 | ||
|             </nav>
 | ||
|         </li>
 | ||
|   </ul>
 | ||
| </nav>
 | ||
|       <ul class="md-nav__list"> 
 | ||
|     <li class="md-nav__item">
 | ||
|     
 | ||
|     
 | ||
|       <a href="#system-compatibility" class="md-nav__link">System Compatibility</a>
 | ||
|       
 | ||
|     
 | ||
|     </li>
 | ||
|     <li class="md-nav__item">
 | ||
|     
 | ||
|     
 | ||
|       <a href="#server-configuration-reference" class="md-nav__link">Server Configuration Reference</a>
 | ||
|       
 | ||
|     
 | ||
|     </li>
 | ||
|     <li class="md-nav__item">
 | ||
|     
 | ||
|     
 | ||
|       <a href="#dns-mode-setup" class="md-nav__link">DNS Mode Setup</a>
 | ||
|       
 | ||
|     
 | ||
|     </li>
 | ||
|     <li class="md-nav__item">
 | ||
|     
 | ||
|     
 | ||
|       <a href="#docker-compose-install" class="md-nav__link">Docker Compose Install</a>
 | ||
|       
 | ||
|     
 | ||
|     </li>
 | ||
|     <li class="md-nav__item">
 | ||
|     
 | ||
|     
 | ||
|       <a href="#linux-install-without-docker" class="md-nav__link">Linux Install without Docker</a>
 | ||
|       
 | ||
|     
 | ||
|     </li>
 | ||
|     <li class="md-nav__item">
 | ||
|     
 | ||
|     
 | ||
|       <a href="#kubernetes-install" class="md-nav__link">Kubernetes Install</a>
 | ||
|       
 | ||
|     
 | ||
|     </li>
 | ||
|     <li class="md-nav__item">
 | ||
|     
 | ||
|     
 | ||
|       <a href="#nginx-reverse-proxy-setup-with-https" class="md-nav__link">Nginx Reverse Proxy Setup with https</a>
 | ||
|       
 | ||
|     
 | ||
|     </li>
 | ||
|     <li class="md-nav__item">
 | ||
|     
 | ||
|     
 | ||
|       <a href="#highly-available-installation-kubernetes" class="md-nav__link">Highly Available Installation (Kubernetes)</a>
 | ||
|       
 | ||
|     
 | ||
|     </li>
 | ||
|     <li class="md-nav__item">
 | ||
|     
 | ||
|     
 | ||
|       <a href="#highly-available-installation-vms-bare-metal" class="md-nav__link">Highly Available Installation (VMs/Bare Metal)</a>
 | ||
|       
 | ||
|     
 | ||
|     </li></ul>
 | ||
|     
 | ||
|     </li>
 | ||
|     <li class="md-nav__item">
 | ||
|     
 | ||
|     
 | ||
|       <a href="client-installation.html" class="md-nav__link">Advanced Client Installation</a>
 | ||
|       
 | ||
|     
 | ||
|     </li>
 | ||
|     <li class="md-nav__item">
 | ||
|     
 | ||
|     
 | ||
|       <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
 | ||
|       
 | ||
|     
 | ||
|     </li>
 | ||
|     <li class="md-nav__item">
 | ||
|     
 | ||
|     
 | ||
|       <a href="usage.html" class="md-nav__link">External Guides</a>
 | ||
|       
 | ||
|     
 | ||
|     </li>
 | ||
|     <li class="md-nav__item">
 | ||
|     
 | ||
|     
 | ||
|       <a href="ui-reference.html" class="md-nav__link">UI Reference</a>
 | ||
|       
 | ||
|     
 | ||
|     </li>
 | ||
|     <li class="md-nav__item">
 | ||
|     
 | ||
|     
 | ||
|       <a href="api.html" class="md-nav__link">API Reference</a>
 | ||
|       
 | ||
|     
 | ||
|     </li>
 | ||
|     <li class="md-nav__item">
 | ||
|     
 | ||
|     
 | ||
|       <a href="upgrades.html" class="md-nav__link">Upgrades</a>
 | ||
|       
 | ||
|     
 | ||
|     </li>
 | ||
|     <li class="md-nav__item">
 | ||
|     
 | ||
|     
 | ||
|       <a href="troubleshoot.html" class="md-nav__link">Troubleshooting</a>
 | ||
|       
 | ||
|     
 | ||
|     </li>
 | ||
|     <li class="md-nav__item">
 | ||
|     
 | ||
|     
 | ||
|       <a href="support.html" class="md-nav__link">Support</a>
 | ||
|       
 | ||
|     
 | ||
|     </li>
 | ||
|     <li class="md-nav__item">
 | ||
|     
 | ||
|     
 | ||
|       <a href="conduct.html" class="md-nav__link">Code of Conduct</a>
 | ||
|       
 | ||
|     
 | ||
|     </li>
 | ||
|     <li class="md-nav__item">
 | ||
|     
 | ||
|     
 | ||
|       <a href="license.html" class="md-nav__link">License</a>
 | ||
|       
 | ||
|     
 | ||
|     </li>
 | ||
|   </ul>
 | ||
|   
 | ||
| 
 | ||
| </nav>
 | ||
|               </div>
 | ||
|             </div>
 | ||
|           </div>
 | ||
|           <div class="md-sidebar md-sidebar--secondary" data-md-component="toc">
 | ||
|             <div class="md-sidebar__scrollwrap">
 | ||
|               <div class="md-sidebar__inner">
 | ||
|                 
 | ||
| <nav class="md-nav md-nav--secondary">
 | ||
|     <label class="md-nav__title" for="__toc">Contents</label>
 | ||
|   <ul class="md-nav__list" data-md-scrollfix="">
 | ||
|         <li class="md-nav__item"><a href="#server-installation--page-root" class="md-nav__link">Advanced Server Installation</a><nav class="md-nav">
 | ||
|               <ul class="md-nav__list">
 | ||
|         <li class="md-nav__item"><a href="#system-compatibility" class="md-nav__link">System Compatibility</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#server-configuration-reference" class="md-nav__link">Server Configuration Reference</a><nav class="md-nav">
 | ||
|               <ul class="md-nav__list">
 | ||
|         <li class="md-nav__item"><a href="#variable-description" class="md-nav__link">Variable Description</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#config-file-reference" class="md-nav__link">Config File Reference</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#compose-file-annotated" class="md-nav__link">Compose File - Annotated</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#available-docker-compose-files" class="md-nav__link">Available docker-compose files</a>
 | ||
|         </li></ul>
 | ||
|             </nav>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#dns-mode-setup" class="md-nav__link">DNS Mode Setup</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#docker-compose-install" class="md-nav__link">Docker Compose Install</a><nav class="md-nav">
 | ||
|               <ul class="md-nav__list">
 | ||
|         <li class="md-nav__item"><a href="#test-install-no-dns-no-secure-grpc" class="md-nav__link">Test Install - No DNS, No Secure GRPC</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#traefik-proxy" class="md-nav__link">Traefik Proxy</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#no-dns-coredns-disabled" class="md-nav__link">No DNS - CoreDNS Disabled</a>
 | ||
|         </li></ul>
 | ||
|             </nav>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#linux-install-without-docker" class="md-nav__link">Linux Install without Docker</a><nav class="md-nav">
 | ||
|               <ul class="md-nav__list">
 | ||
|         <li class="md-nav__item"><a href="#database-setup-optional" class="md-nav__link">Database Setup (optional)</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#server-setup" class="md-nav__link">Server Setup</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#ui-setup" class="md-nav__link">UI Setup</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#coredns-setup-optional" class="md-nav__link">CoreDNS Setup (optional)</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#proxy-load-balancer" class="md-nav__link">Proxy / Load Balancer</a>
 | ||
|         </li></ul>
 | ||
|             </nav>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#kubernetes-install" class="md-nav__link">Kubernetes Install</a><nav class="md-nav">
 | ||
|               <ul class="md-nav__list">
 | ||
|         <li class="md-nav__item"><a href="#server-install" class="md-nav__link">Server Install</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#netclient-daemonset" class="md-nav__link">Netclient Daemonset</a>
 | ||
|         </li></ul>
 | ||
|             </nav>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#nginx-reverse-proxy-setup-with-https" class="md-nav__link">Nginx Reverse Proxy Setup with https</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#highly-available-installation-kubernetes" class="md-nav__link">Highly Available Installation (Kubernetes)</a><nav class="md-nav">
 | ||
|               <ul class="md-nav__list">
 | ||
|         <li class="md-nav__item"><a href="#requirements" class="md-nav__link">Requirements</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#recommended-settings" class="md-nav__link">Recommended Settings:</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#example-installations" class="md-nav__link">Example Installations:</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#ingress" class="md-nav__link">Ingress</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#kernel-wireguard" class="md-nav__link">Kernel WireGuard</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#dns" class="md-nav__link">DNS</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#values" class="md-nav__link">Values</a>
 | ||
|         </li></ul>
 | ||
|             </nav>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#highly-available-installation-vms-bare-metal" class="md-nav__link">Highly Available Installation (VMs/Bare Metal)</a><nav class="md-nav">
 | ||
|               <ul class="md-nav__list">
 | ||
|         <li class="md-nav__item"><a href="#load-balancer-setup" class="md-nav__link">1. Load Balancer Setup</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#rqlite-setup" class="md-nav__link">2. RQLite Setup</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#netmaker-setup" class="md-nav__link">3. Netmaker Setup</a>
 | ||
|         </li>
 | ||
|         <li class="md-nav__item"><a href="#other-considerations" class="md-nav__link">4. Other Considerations</a>
 | ||
|         </li></ul>
 | ||
|             </nav>
 | ||
|         </li></ul>
 | ||
|             </nav>
 | ||
|         </li>
 | ||
|   </ul>
 | ||
| </nav>
 | ||
|               </div>
 | ||
|             </div>
 | ||
|           </div>
 | ||
|         
 | ||
|         <div class="md-content">
 | ||
|           <article class="md-content__inner md-typeset" role="main">
 | ||
|             
 | ||
|   
 | ||
| <h1 id="server-installation--page-root">Advanced Server Installation<a class="headerlink" href="#server-installation--page-root" title="Permalink to this headline">¶</a></h1>
 | ||
| <p>This section outlines installing the Netmaker server, including Netmaker, Netmaker UI, rqlite, and CoreDNS</p>
 | ||
| 
 | ||
| <h2 id="system-compatibility">System Compatibility<a class="headerlink" href="#system-compatibility" title="Permalink to this headline">¶</a></h2>
 | ||
| <p>Netmaker will require elevated privileges to perform network operations. Netmaker has similar limitations to <a class="reference internal" href="client-installation.html"><span class="doc">netclient</span></a> (client networking agent).</p>
 | ||
| <p>Typically, Netmaker is run inside of containers (Docker). To run a non-docker installation, you must run the Netmaker binary, CoreDNS binary, database, and a web server directly on the host. Each of these components have their own individual requirements.</p>
 | ||
| <p>The quick install guide is recommended for first-time installs.</p>
 | ||
| <p>The following documents are meant for special cases like Kubernetes and LXC, or for more advanced setups.</p>
 | ||
| 
 | ||
| 
 | ||
| <h2 id="server-configuration-reference">Server Configuration Reference<a class="headerlink" href="#server-configuration-reference" title="Permalink to this headline">¶</a></h2>
 | ||
| <p>Netmaker sets its configuration in the following order of precendence:</p>
 | ||
| <ol class="arabic simple">
 | ||
| <li><p>Defaults</p></li>
 | ||
| <li><p>Config File</p></li>
 | ||
| <li><p>Environment Variables</p></li>
 | ||
| </ol>
 | ||
| 
 | ||
| <h3 id="variable-description">Variable Description<a class="headerlink" href="#variable-description" title="Permalink to this headline">¶</a></h3>
 | ||
| <dl>
 | ||
| <dt>VERBOSITY:</dt><dd><p><strong>Default:</strong> 0</p>
 | ||
| <p><strong>Description:</strong> Specify level of logging you would like on the server. Goes up to 3 for debugging.</p>
 | ||
| </dd>
 | ||
| <dt>GRPC_SSL:</dt><dd><p><strong>Default:</strong> “off”</p>
 | ||
| <p><strong>Description:</strong> Specifies if GRPC is going over secure GRPC or SSL. This is a setting for the clients and is passed through the access token. Can be set to “on” and “off”. Set to on if SSL is configured for GRPC.</p>
 | ||
| </dd>
 | ||
| <dt>SERVER_API_CONN_STRING</dt><dd><p><strong>Default:</strong> “”</p>
 | ||
| <p><strong>Description:</strong>  Allows specification of the string used to connect to the server api. Format: IP:PORT or DOMAIN:PORT. Defaults to SERVER_HOST if not specified.</p>
 | ||
| </dd>
 | ||
| <dt>SERVER_GRPC_CONN_STRING</dt><dd><p><strong>Default:</strong> “”</p>
 | ||
| <p><strong>Description:</strong>  Allows specification of the string used to connect to grpc. Format: IP:PORT or DOMAIN:PORT. Defaults to SERVER_HOST if not specified.</p>
 | ||
| </dd>
 | ||
| <dt>SERVER_HOST: <em>(depreciated, use SERVER_API_CONN_STRING and SERVER_GRPC_CONN_STRING)</em></dt><dd><p><strong>Default:</strong> Server will perform an IP check and set automatically unless explicitly set, or DISABLE_REMOTE_IP_CHECK is set to true, in which case it defaults to 127.0.0.1</p>
 | ||
| <p><strong>Description:</strong> Sets the SERVER_HTTP_HOST and SERVER_GRPC_HOST variables if they are unset. The address where traffic comes in.</p>
 | ||
| </dd>
 | ||
| <dt>SERVER_HTTP_HOST: <em>(depreciated, use SERVER_API_CONN_STRING and SERVER_GRPC_CONN_STRING)</em></dt><dd><p><strong>Default:</strong> Equals SERVER_HOST if set, “127.0.0.1” if SERVER_HOST is unset.</p>
 | ||
| <p><strong>Description:</strong> Set to make the HTTP and GRPC functions available via different interfaces/networks.</p>
 | ||
| </dd>
 | ||
| <dt>SERVER_GRPC_HOST: <em>(depreciated, use SERVER_API_CONN_STRING and SERVER_GRPC_CONN_STRING)</em></dt><dd><p><strong>Default:</strong> Equals SERVER_HOST if set, “127.0.0.1” if SERVER_HOST is unset.</p>
 | ||
| <p><strong>Description:</strong> Set to make the HTTP and GRPC functions available via different interfaces/networks.</p>
 | ||
| </dd>
 | ||
| <dt>API_PORT:</dt><dd><p><strong>Default:</strong> 8081</p>
 | ||
| <p><strong>Description:</strong> The HTTP API port for Netmaker. Used for API calls / communication from front end.</p>
 | ||
| </dd>
 | ||
| <dt>GRPC_PORT:</dt><dd><p><strong>Default:</strong> 50051</p>
 | ||
| <p><strong>Description:</strong> The GRPC port for Netmaker. Used for communications from nodes.</p>
 | ||
| </dd>
 | ||
| <dt>MASTER_KEY:</dt><dd><p><strong>Default:</strong> “secretkey”</p>
 | ||
| <p><strong>Description:</strong> The admin master key for accessing the API. Change this in any production installation.</p>
 | ||
| </dd>
 | ||
| <dt>CORS_ALLOWED_ORIGIN:</dt><dd><p><strong>Default:</strong> “*”</p>
 | ||
| <p><strong>Description:</strong> The “allowed origin” for API requests. Change to restrict where API requests can come from.</p>
 | ||
| </dd>
 | ||
| <dt>REST_BACKEND:</dt><dd><p><strong>Default:</strong> “on”</p>
 | ||
| <p><strong>Description:</strong> Enables the REST backend (API running on API_PORT at SERVER_HTTP_HOST). Change to “off” to turn off.</p>
 | ||
| </dd>
 | ||
| <dt>AGENT_BACKEND:</dt><dd><p><strong>Default:</strong> “on”</p>
 | ||
| <p><strong>Description:</strong> Enables the AGENT backend (GRPC running on GRPC_PORT at SERVER_GRPC_HOST). Change to “off” to turn off.</p>
 | ||
| </dd>
 | ||
| <dt>DNS_MODE:</dt><dd><p><strong>Default:</strong> “off”</p>
 | ||
| <p><strong>Description:</strong> Enables DNS Mode, meaning config files will be generated for CoreDNS.</p>
 | ||
| </dd>
 | ||
| <dt>DATABASE:</dt><dd><p><strong>Default:</strong> “sqlite”</p>
 | ||
| <p><strong>Description:</strong> Specify db type to connect with. Currently, options include “sqlite”, “rqlite”, and “postgres”.</p>
 | ||
| </dd>
 | ||
| <dt>SQL_CONN:</dt><dd><p><strong>Default:</strong> “<a class="reference external" href="http://">http://</a>”</p>
 | ||
| <p><strong>Description:</strong> Specify the necessary string to connect with your local or remote sql database.</p>
 | ||
| </dd>
 | ||
| <dt>SQL_HOST:</dt><dd><p><strong>Default:</strong> “localhost”</p>
 | ||
| <p><strong>Description:</strong> Host where postgres is running.</p>
 | ||
| </dd>
 | ||
| <dt>SQL_PORT:</dt><dd><p><strong>Default:</strong> “5432”</p>
 | ||
| <p><strong>Description:</strong> port postgres is running.</p>
 | ||
| </dd>
 | ||
| <dt>SQL_DB:</dt><dd><p><strong>Default:</strong> “netmaker”</p>
 | ||
| <p><strong>Description:</strong> DB to use in postgres.</p>
 | ||
| </dd>
 | ||
| <dt>SQL_USER:</dt><dd><p><strong>Default:</strong> “postgres”</p>
 | ||
| <p><strong>Description:</strong> User for posgres.</p>
 | ||
| </dd>
 | ||
| <dt>SQL_PASS:</dt><dd><p><strong>Default:</strong> “nopass”</p>
 | ||
| <p><strong>Description:</strong> Password for postgres.</p>
 | ||
| </dd>
 | ||
| <dt>CLIENT_MODE:</dt><dd><p><strong>Default:</strong> “on”</p>
 | ||
| <p><strong>Description:</strong> Specifies if server should deploy itself as a node (client) in each network. May be turned to “off” for more restricted servers.</p>
 | ||
| </dd>
 | ||
| <dt>RCE:</dt><dd><p><strong>Default:</strong> “off”</p>
 | ||
| <p><strong>Description:</strong> The server enables you to set PostUp and PostDown commands for nodes, which is standard for WireGuard with wg-quick, but is also <strong>Remote Code Execution</strong>, which is a critical vulnerability if the server is exploited. Because of this, it’s turned off by default, but if turned on, PostUp and PostDown become editable.</p>
 | ||
| </dd>
 | ||
| <dt>SERVER_GRPC_WIREGUARD</dt><dd><p><strong>Depreciated:</strong> no longer in use</p>
 | ||
| </dd>
 | ||
| <dt>DISPLAY_KEYS</dt><dd><p><strong>Default:</strong> “on”</p>
 | ||
| <p><strong>Description:</strong> If “on”, will allow you to always show the key values of “access keys”. This could be considered a vulnerability, so if turned “off”, will only display key values once, and it is up to the users to store the key values locally.</p>
 | ||
| </dd>
 | ||
| <dt>NODE_ID</dt><dd><p><strong>Default:</strong> <system mac addres></p>
 | ||
| <p><strong>Description:</strong> This setting is used for HA configurations of the server, to identify between different servers. Nodes are given ID’s like netmaker-1, netmaker-2, and netmaker-3. If the server is not HA, there is no reason to set this field.</p>
 | ||
| </dd>
 | ||
| <dt>TELEMETRY</dt><dd><p><strong>Default:</strong> “on”</p>
 | ||
| <p><strong>Description:</strong> If “on”, the server will send anonymous telemetry data once daily, which is used to improve the product. Data sent includes counts (integer values) for the number of nodes, types of nodes, users, and networks. It also sends the version of the server.</p>
 | ||
| </dd>
 | ||
| </dl>
 | ||
| 
 | ||
| 
 | ||
| <h3 id="config-file-reference">Config File Reference<a class="headerlink" href="#config-file-reference" title="Permalink to this headline">¶</a></h3>
 | ||
| <p>A config file may be placed under config/environments/<env-name>.yml. To read this file at runtime, provide the environment variable NETMAKER_ENV at runtime. For instance, dev.yml paired with ENV=dev. Netmaker will load the specified Config file. This allows you to store and manage configurations for different environments. Below is a reference Config File you may use.</p>
 | ||
| <div class="highlight-YAML notranslate"><div class="highlight"><pre><span></span><span class="nt">server</span><span class="p">:</span>
 | ||
|   <span class="nt">apihost</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># defaults to 127.0.0.1 or remote ip (SERVER_HOST) if DisableRemoteIPCheck is not set to true. SERVER_API_HOST if set</span>
 | ||
|   <span class="nt">apiport</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># defaults to 8081 or HTTP_PORT (if set)</span>
 | ||
|   <span class="nt">grpchost</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># defaults to 127.0.0.1 or remote ip (SERVER_HOST) if DisableRemoteIPCheck is not set to true. SERVER_GRPC_HOST if set.</span>
 | ||
|   <span class="nt">grpcport</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># defaults to 50051 or GRPC_PORT (if set)</span>
 | ||
|   <span class="nt">masterkey</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># defaults to 'secretkey' or MASTER_KEY (if set)</span>
 | ||
|   <span class="nt">allowedorigin</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># defaults to '*' or CORS_ALLOWED_ORIGIN (if set)</span>
 | ||
|   <span class="nt">restbackend</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># defaults to "on" or REST_BACKEND (if set)</span>
 | ||
|   <span class="nt">agentbackend</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># defaults to "on" or AGENT_BACKEND (if set)</span>
 | ||
|   <span class="nt">clientmode</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># defaults to "on" or CLIENT_MODE (if set)</span>
 | ||
|   <span class="nt">dnsmode</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># defaults to "on" or DNS_MODE (if set)</span>
 | ||
|   <span class="nt">sqlconn</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># defaults to "http://" or SQL_CONN (if set)</span>
 | ||
|   <span class="nt">disableremoteipcheck</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># defaults to "false" or DISABLE_REMOTE_IP_CHECK (if set)</span>
 | ||
|   <span class="nt">version</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># version of server</span>
 | ||
|   <span class="nt">rce</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># defaults to "off"</span>
 | ||
| </pre></div>
 | ||
| </div>
 | ||
| 
 | ||
| 
 | ||
| <h3 id="compose-file-annotated">Compose File - Annotated<a class="headerlink" href="#compose-file-annotated" title="Permalink to this headline">¶</a></h3>
 | ||
| <p>All environment variables and options are enabled in this file. It is the equivalent to running the “full install” from the above section. However, all environment variables are included, and are set to the default values provided by Netmaker (if the environment variable was left unset, it would not change the installation). Comments are added to each option to show how you might use it to modify your installation.</p>
 | ||
| <div class="highlight-YAML notranslate"><div class="highlight"><pre><span></span><span class="nt">services</span><span class="p">:</span>
 | ||
|   <span class="nt">rqlite</span><span class="p">:</span>
 | ||
|     <span class="nt">container_name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">rqlite</span>
 | ||
|     <span class="nt">image</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">rqlite/rqlite</span>
 | ||
|     <span class="nt">network_mode</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">host</span>
 | ||
|     <span class="nt">restart</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">always</span>
 | ||
|     <span class="nt">volumes</span><span class="p">:</span>
 | ||
|       <span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">sqldata:/rqlite/file/data</span>
 | ||
|   <span class="nt">netmaker</span><span class="p">:</span> <span class="c1"># The Primary Server for running Netmaker</span>
 | ||
|     <span class="nt">privileged</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">true</span> <span class="c1"># Necessary to run sudo/root level commands on host system. Take out if not running with CLIENT_MODE=on</span>
 | ||
|     <span class="nt">container_name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">netmaker</span>
 | ||
|     <span class="nt">depends_on</span><span class="p">:</span>
 | ||
|       <span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">rqlite</span>
 | ||
|     <span class="nt">image</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">gravitl/netmaker:v0.9.4</span>
 | ||
|     <span class="nt">volumes</span><span class="p">:</span> <span class="c1"># Volume mounts necessary for CLIENT_MODE to control wireguard networking on host (except dnsconfig, which is where dns config files are stored for use by CoreDNS)</span>
 | ||
|       <span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">dnsconfig:/root/config/dnsconfig</span> <span class="c1"># Netmaker writes Corefile to this location, which gets mounted by CoreDNS for DNS configuration.</span>
 | ||
|       <span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">/usr/bin/wg:/usr/bin/wg</span>
 | ||
|     <span class="nt">cap_add</span><span class="p">:</span> <span class="c1"># Necessary for CLIENT_MODE. Should be removed if turned off. </span>
 | ||
|       <span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">NET_ADMIN</span>
 | ||
|     <span class="nt">restart</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">always</span>
 | ||
|     <span class="nt">network_mode</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">host</span> <span class="c1"># Necessary for CLIENT_MODE. Should be removed if turned off, but then need to add port mappings</span>
 | ||
|     <span class="nt">environment</span><span class="p">:</span>
 | ||
|       <span class="nt">SERVER_HOST</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># All the Docker Compose files pre-populate this with HOST_IP, which you replace as part of the install instructions. This will set both HTTP and GRPC host.</span>
 | ||
|       <span class="nt">SERVER_HTTP_HOST</span><span class="p">:</span> <span class="s">"127.0.0.1"</span> <span class="c1"># Overrides SERVER_HOST if set. Useful for making HTTP and GRPC available via different interfaces/networks.</span>
 | ||
|       <span class="nt">SERVER_GRPC_HOST</span><span class="p">:</span> <span class="s">"127.0.0.1"</span> <span class="c1"># Overrides SERVER_HOST if set. Useful for making HTTP and GRPC available via different interfaces/networks.</span>
 | ||
|       <span class="nt">API_PORT</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">8081</span> <span class="c1"># The HTTP API port for Netmaker. Used for API calls / communication from front end. If changed, need to change port of BACKEND_URL for netmaker-ui.</span>
 | ||
|       <span class="nt">GRPC_PORT</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">50051</span> <span class="c1"># The GRPC port for Netmaker. Used for communications from nodes.</span>
 | ||
|       <span class="nt">CLIENT_MODE</span><span class="p">:</span> <span class="s">"on"</span> <span class="c1"># on if netmaker should run its own client, off if not.</span>
 | ||
|       <span class="nt">MASTER_KEY</span><span class="p">:</span> <span class="s">"secretkey"</span> <span class="c1"># The admin master key for accessing the API. Change this in any production installation.</span>
 | ||
|       <span class="nt">CORS_ALLOWED_ORIGIN</span><span class="p">:</span> <span class="s">"*"</span> <span class="c1"># The "allowed origin" for API requests. Change to restrict where API requests can come from.</span>
 | ||
|       <span class="nt">REST_BACKEND</span><span class="p">:</span> <span class="s">"on"</span> <span class="c1"># Enables the REST backend (API running on API_PORT at SERVER_HTTP_HOST). Change to "off" to turn off.</span>
 | ||
|       <span class="nt">AGENT_BACKEND</span><span class="p">:</span> <span class="s">"on"</span> <span class="c1"># Enables the AGENT backend (GRPC running on GRPC_PORT at SERVER_GRPC_HOST). Change to "off" to turn off.</span>
 | ||
|       <span class="nt">DNS_MODE</span><span class="p">:</span> <span class="s">"on"</span> <span class="c1"># Enables DNS Mode, meaning config files will be generated for CoreDNS. Note, turning "off" does not remove CoreDNS. You still need to remove CoreDNS from compose file.</span>
 | ||
|       <span class="nt">DISABLE_REMOTE_IP_CHECK</span><span class="p">:</span> <span class="s">"off"</span> <span class="c1"># If turned "on", Server will not set Host based on remote IP check. This is already overridden if SERVER_HOST is set. Turned "off" by default.</span>
 | ||
|       <span class="nt">GRPC_SSL</span><span class="p">:</span> <span class="s">"off"</span> <span class="c1"># Tells clients to use SSL to connect to GRPC. Switch to on to turn on.</span>
 | ||
|       <span class="nt">COREDNS_ADDR</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># Address of the CoreDNS server. Defaults to SERVER_HOST</span>
 | ||
|       <span class="nt">DISPLAY_KEYS</span><span class="p">:</span> <span class="s">"on"</span> <span class="c1"># Show keys permanently in UI (until deleted) as opposed to 1-time display.</span>
 | ||
|       <span class="nt">SERVER_API_CONN_STRING</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># Changes the api connection string. IP:PORT format. By default is empty and uses SERVER_HOST:API_PORT</span>
 | ||
|       <span class="nt">SERVER_GRPC_CONN_STRING</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># Changes the grpc connection string. IP:PORT format. By default is empty and uses SERVER_HOST:GRPC_PORT</span>
 | ||
|       <span class="nt">RCE</span><span class="p">:</span> <span class="s">"off"</span> <span class="c1"># Enables setting PostUp and PostDown (arbitrary commands) on nodes from the server. Off by default.</span>
 | ||
|       <span class="nt">NODE_ID</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># Sets the name/id of the nodes that the server creates. Necessary for HA configurations to identify between servers (for instance, netmaker-1, netmaker-2, etc). For non-HA deployments, is not necessary.</span>
 | ||
|       <span class="nt">TELEMETRY</span><span class="p">:</span> <span class="s">"on"</span> <span class="c1"># Whether or not to send telemetry data to help improve Netmaker. Switch to "off" to opt out of sending telemetry.</span>
 | ||
|   <span class="nt">netmaker-ui</span><span class="p">:</span> <span class="c1"># The Netmaker UI Component</span>
 | ||
|     <span class="nt">container_name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">netmaker-ui</span>
 | ||
|     <span class="nt">depends_on</span><span class="p">:</span>
 | ||
|       <span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">netmaker</span>
 | ||
|     <span class="nt">image</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">gravitl/netmaker-ui:v0.9.3</span>
 | ||
|     <span class="nt">links</span><span class="p">:</span>
 | ||
|       <span class="p p-Indicator">-</span> <span class="s">"netmaker:api"</span>
 | ||
|     <span class="nt">ports</span><span class="p">:</span>
 | ||
|       <span class="p p-Indicator">-</span> <span class="s">"8082:80"</span>
 | ||
|     <span class="nt">environment</span><span class="p">:</span>
 | ||
|       <span class="nt">BACKEND_URL</span><span class="p">:</span> <span class="s">"http://HOST_IP:8081"</span> <span class="c1"># URL where UI will send API requests. Change based on SERVER_HOST, SERVER_HTTP_HOST, and API_PORT</span>
 | ||
|   <span class="nt">coredns</span><span class="p">:</span> <span class="c1"># The DNS Server. Remove this section if DNS_MODE="off"</span>
 | ||
|     <span class="nt">depends_on</span><span class="p">:</span>
 | ||
|       <span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">netmaker</span> 
 | ||
|     <span class="nt">image</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">coredns/coredns</span>
 | ||
|     <span class="nt">command</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">-conf /root/dnsconfig/Corefile</span> <span class="c1"># Config location for Corefile. This is the path of file which is also mounted to Netmaker for modification.</span>
 | ||
|     <span class="nt">container_name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">coredns</span>
 | ||
|     <span class="nt">restart</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">always</span>
 | ||
|     <span class="nt">ports</span><span class="p">:</span>
 | ||
|       <span class="p p-Indicator">-</span> <span class="s">"53:53/udp"</span> <span class="c1"># Likely needs to run at port 53 for adequate nameserver usage.</span>
 | ||
|     <span class="nt">volumes</span><span class="p">:</span>
 | ||
|       <span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">dnsconfig:/root/dnsconfig</span>
 | ||
| <span class="nt">volumes</span><span class="p">:</span>
 | ||
|   <span class="nt">sqldata</span><span class="p">:</span> <span class="p p-Indicator">{}</span>
 | ||
|   <span class="nt">dnsconfig</span><span class="p">:</span> <span class="p p-Indicator">{}</span>
 | ||
| </pre></div>
 | ||
| </div>
 | ||
| 
 | ||
| 
 | ||
| <h3 id="available-docker-compose-files">Available docker-compose files<a class="headerlink" href="#available-docker-compose-files" title="Permalink to this headline">¶</a></h3>
 | ||
| <p>The default options for docker-compose can be found here: <a class="reference external" href="https://github.com/gravitl/netmaker/tree/master/compose">https://github.com/gravitl/netmaker/tree/master/compose</a></p>
 | ||
| <p>The following is a brief description of each:</p>
 | ||
| <ul class="simple">
 | ||
| <li><p><a class="reference external" href="https://github.com/gravitl/netmaker/blob/master/compose/docker-compose.contained.yml">docker-compose.contained.yml</a> - This is the default docker-compose, used in the quick start and deployment script in the README on GitHub. It deploys Netmaker with all options included (Caddy and CoreDNS) and has “self-contained” netclients, meaning they do not affect host networking.</p></li>
 | ||
| <li><p><a class="reference external" href="https://github.com/gravitl/netmaker/blob/master/compose/docker-compose.coredns.yml">docker-compose.coredns.yml</a> - This is a simple compose used to spin up a standalone CoreDNS server. Can be useful if, for instance, you are unning Netmaker on baremetal but need CoreDNS.</p></li>
 | ||
| <li><p><a class="reference external" href="https://github.com/gravitl/netmaker/blob/master/compose/docker-compose.hostnetwork.yml">docker-compose.hostnetwork.yml</a> - This is similar to the docker-compose.contained.yml but with a key difference: it has advanced permissions and mounts host volumes to control networking on the host level.</p></li>
 | ||
| <li><p><a class="reference external" href="https://github.com/gravitl/netmaker/blob/master/compose/docker-compose.nocaddy.yml">docker-compose.nocaddy.yml</a> -= This is the same as docker-compose.contained.yml but without Caddy, in case you need to use a different proxy like Nginx, Traefik, or HAProxy.</p></li>
 | ||
| <li><p><a class="reference external" href="https://github.com/gravitl/netmaker/blob/master/compose/docker-compose.nodns.yml">docker-compose.nodns.yml</a> - This is the same as docker-compose.contained.yml but without CoreDNS, in which case you will not have the Private DNS feature.</p></li>
 | ||
| <li><p><a class="reference external" href="https://github.com/gravitl/netmaker/blob/master/compose/docker-compose.reference.yml">docker-compose.reference.yml</a> - This is the same as docker-compose.contained.yml but with all variable options on display and annotated (it’s what we show right above this section). Use this to determine which variables you should add or change in your configuration.</p></li>
 | ||
| <li><p><a class="reference external" href="https://github.com/gravitl/netmaker/blob/master/compose/docker-compose.yml">docker-compose.yml</a> - This is a renamed docker-compose.contained.yml. It is meant only to act as a placeholder for what we consider the “primary” docker-compose that users should work with.</p></li>
 | ||
| </ul>
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| <h2 id="dns-mode-setup">DNS Mode Setup<a class="headerlink" href="#dns-mode-setup" title="Permalink to this headline">¶</a></h2>
 | ||
| <p>If you plan on running the server in DNS Mode, know that a <a class="reference external" href="https://coredns.io/manual/toc/">CoreDNS Server</a> will be installed. CoreDNS is a light-weight, fast, and easy-to-configure DNS server. It is recommended to bind CoreDNS to port 53 of the host system, and it will do so by default. The clients will expect the nameserver to be on port 53, and many systems have issues resolving a different port.</p>
 | ||
| <p>However, on your host system (for Netmaker), this may conflict with an existing process. On linux systems running systemd-resolved, there is likely a service consuming port 53. The below steps will disable systemd-resolved, and replace it with a generic (e.g. Google) nameserver. Be warned that this may have consequences for any existing private DNS configuration.</p>
 | ||
| <p>With the latest docker-compose, it is not necessary to perform these steps. But if you are running the install and find that port 53 is blocked, you can perform the following steps, which were tested on Ubuntu 20.04 (these should be run prior to deploying the docker containers).</p>
 | ||
| <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">systemctl</span> <span class="n">stop</span> <span class="n">systemd</span><span class="o">-</span><span class="n">resolved</span>
 | ||
| <span class="n">systemctl</span> <span class="n">disable</span> <span class="n">systemd</span><span class="o">-</span><span class="n">resolved</span>
 | ||
| <span class="n">vim</span> <span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">systemd</span><span class="o">/</span><span class="n">resolved</span><span class="o">.</span><span class="n">conf</span>
 | ||
|   <span class="o">*</span>  <span class="n">uncomment</span> <span class="n">DNS</span> <span class="ow">and</span> <span class="n">add</span> <span class="mf">8.8</span><span class="o">.</span><span class="mf">8.8</span> <span class="ow">or</span> <span class="n">whatever</span> <span class="n">reachable</span> <span class="n">nameserver</span> <span class="ow">is</span> <span class="n">your</span> <span class="n">preference</span>  <span class="o">*</span>
 | ||
|   <span class="o">*</span>  <span class="n">uncomment</span> <span class="n">DNSStubListener</span> <span class="ow">and</span> <span class="nb">set</span> <span class="n">to</span> <span class="s2">"no"</span>  <span class="o">*</span>
 | ||
| <span class="n">ln</span> <span class="o">-</span><span class="n">sf</span> <span class="o">/</span><span class="n">run</span><span class="o">/</span><span class="n">systemd</span><span class="o">/</span><span class="n">resolve</span><span class="o">/</span><span class="n">resolv</span><span class="o">.</span><span class="n">conf</span> <span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">resolv</span><span class="o">.</span><span class="n">conf</span>
 | ||
| </pre></div>
 | ||
| </div>
 | ||
| <p>Port 53 should now be available for CoreDNS to use.</p>
 | ||
| 
 | ||
| 
 | ||
| <h2 id="docker-compose-install">Docker Compose Install<a class="headerlink" href="#docker-compose-install" title="Permalink to this headline">¶</a></h2>
 | ||
| <p>The most simple (and recommended) way of installing Netmaker is to use one of the provided <a class="reference external" href="https://github.com/gravitl/netmaker/tree/master/compose">Docker Compose files</a>. Below are instructions for several different options to install Netmaker via Docker Compose, followed by an annotated reference Docker Compose in case your use case requires additional customization.</p>
 | ||
| 
 | ||
| <h3 id="test-install-no-dns-no-secure-grpc">Test Install - No DNS, No Secure GRPC<a class="headerlink" href="#test-install-no-dns-no-secure-grpc" title="Permalink to this headline">¶</a></h3>
 | ||
| <p>This install will run Netmaker on a server without HTTPS using an IP address. This is not secure and not recommended, but can be helpful for testing.</p>
 | ||
| <p>It also does not run the CoreDNS server, to simplify the deployment</p>
 | ||
| <dl class="simple">
 | ||
| <dt><strong>Prerequisites:</strong></dt><dd><ul class="simple">
 | ||
| <li><p>server ports 80, 8081, and 50051 are not blocked by firewall</p></li>
 | ||
| </ul>
 | ||
| </dd>
 | ||
| <dt><strong>Notes:</strong></dt><dd><ul class="simple">
 | ||
| <li><p>You can change the port mappings in the Docker Compose if the listed ports are already in use.</p></li>
 | ||
| </ul>
 | ||
| </dd>
 | ||
| </dl>
 | ||
| <p>Assuming you have Docker and Docker Compose installed, you can just run the following, replacing <strong>< Insert your-host IP Address Here ></strong> with your host IP (or domain):</p>
 | ||
| <div class="highlight-default notranslate"><div class="highlight"><pre><span></span>wget -O docker-compose.yml https://raw.githubusercontent.com/gravitl/netmaker/master/scripts/docker-compose.test.yml
 | ||
| sed -i ‘s/HOST_IP/< Insert your-host IP Address Here >/g’ docker-compose.yml
 | ||
| docker-compose up -d`
 | ||
| </pre></div>
 | ||
| </div>
 | ||
| 
 | ||
| 
 | ||
| <h3 id="traefik-proxy">Traefik Proxy<a class="headerlink" href="#traefik-proxy" title="Permalink to this headline">¶</a></h3>
 | ||
| <p>To install with Traefik, rather than Nginx or the default Caddy, check out this repo: <a class="reference external" href="https://github.com/bsherman/netmaker-traefik">https://github.com/bsherman/netmaker-traefik</a></p>
 | ||
| 
 | ||
| 
 | ||
| <h3 id="no-dns-coredns-disabled">No DNS - CoreDNS Disabled<a class="headerlink" href="#no-dns-coredns-disabled" title="Permalink to this headline">¶</a></h3>
 | ||
| <p>DNS Mode is currently limited to clients that can run resolvectl (systemd-resolved, see <a class="reference internal" href="architecture.html"><span class="doc">Architecture docs</span></a> for more info). You may wish to disable DNS mode for various reasons. This installation option gives you the full feature set minus CoreDNS.</p>
 | ||
| <p>To run without DNS, follow the <a class="reference internal" href="quick-start.html"><span class="doc">Quick Install</span></a> guide, omitting the steps for DNS setup. In addition, when the guide has you pull (wget) the Netmaker docker-compose template, use the following link instead:</p>
 | ||
| <ol class="arabic simple">
 | ||
| <li><p><code class="docutils literal notranslate"><span class="pre">wget</span> <span class="pre">-O</span> <span class="pre">docker-compose.yml</span> <span class="pre">https://raw.githubusercontent.com/gravitl/netmaker/master/scripts/docker-compose.nodns.yml</span></code></p></li>
 | ||
| </ol>
 | ||
| <p>This template is equivalent but omits CoreDNS.</p>
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| <span id="nodocker"></span><h2 id="linux-install-without-docker">Linux Install without Docker<a class="headerlink" href="#linux-install-without-docker" title="Permalink to this headline">¶</a></h2>
 | ||
| <p>Most systems support Docker, but some do not. In such environments, there are many options for installing Netmaker. Netmaker is available as a binary file, and there is a zip file of the Netmaker UI static HTML on GitHub. Beyond the UI and Server, you may want to optionally install a database (sqlite is embedded, rqlite or postgres are supported) and CoreDNS (also optional).</p>
 | ||
| <p>Once this is enabled and configured for a domain, you can continue with the below. The recommended server runs Ubuntu 20.04.</p>
 | ||
| 
 | ||
| <h3 id="database-setup-optional">Database Setup (optional)<a class="headerlink" href="#database-setup-optional" title="Permalink to this headline">¶</a></h3>
 | ||
| <p>You can run the netmaker binary standalone and it will run an embedded sqlite server. Data goes in the data/ directory. Optionally, you can run PostgreSQL or rqlite. Instructions for rqlite are below.</p>
 | ||
| <ol class="arabic simple">
 | ||
| <li><p>Install rqlite on your server: <a class="reference external" href="https://github.com/rqlite/rqlite">https://github.com/rqlite/rqlite</a></p></li>
 | ||
| <li><p>Run rqlite: rqlited -node-id 1 ~/node.1</p></li>
 | ||
| </ol>
 | ||
| <p>If using rqlite or postgres, you must change the DATABASE environment/config variable and enter connection details.</p>
 | ||
| 
 | ||
| 
 | ||
| <h3 id="server-setup">Server Setup<a class="headerlink" href="#server-setup" title="Permalink to this headline">¶</a></h3>
 | ||
| <ol class="arabic simple">
 | ||
| <li><p><strong>Run the install script:</strong></p></li>
 | ||
| </ol>
 | ||
| <p><code class="docutils literal notranslate"><span class="pre">sudo</span> <span class="pre">curl</span> <span class="pre">-sfL</span> <span class="pre">https://raw.githubusercontent.com/gravitl/netmaker/master/scripts/netmaker-server.sh</span> <span class="pre">|</span> <span class="pre">sh</span> <span class="pre">-</span></code></p>
 | ||
| <ol class="arabic simple" start="2">
 | ||
| <li><p>Check status:  <code class="docutils literal notranslate"><span class="pre">sudo</span> <span class="pre">journalctl</span> <span class="pre">-u</span> <span class="pre">netmaker</span></code></p></li>
 | ||
| <li><p>If any settings are incorrect such as host or mongo credentials, change them under /etc/netmaker/config/environments/< your env >.yaml and then run <code class="docutils literal notranslate"><span class="pre">sudo</span> <span class="pre">systemctl</span> <span class="pre">restart</span> <span class="pre">netmaker</span></code></p></li>
 | ||
| </ol>
 | ||
| 
 | ||
| 
 | ||
| <h3 id="ui-setup">UI Setup<a class="headerlink" href="#ui-setup" title="Permalink to this headline">¶</a></h3>
 | ||
| <p>The following uses Nginx as an http server. You may alternatively use Apache or any other web server that serves static web files.</p>
 | ||
| <ol class="arabic simple">
 | ||
| <li><p>Download and Unzip UI asset files</p></li>
 | ||
| <li><p>Copy Config to Nginx</p></li>
 | ||
| <li><p>Modify Default Config Path</p></li>
 | ||
| <li><p>Change Backend URL</p></li>
 | ||
| <li><p>Start Nginx</p></li>
 | ||
| </ol>
 | ||
| <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">sudo</span> <span class="n">wget</span> <span class="o">-</span><span class="n">O</span> <span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">share</span><span class="o">/</span><span class="n">nginx</span><span class="o">/</span><span class="n">html</span><span class="o">/</span><span class="n">netmaker</span><span class="o">-</span><span class="n">ui</span><span class="o">.</span><span class="n">zip</span> <span class="n">https</span><span class="p">:</span><span class="o">//</span><span class="n">github</span><span class="o">.</span><span class="n">com</span><span class="o">/</span><span class="n">gravitl</span><span class="o">/</span><span class="n">netmaker</span><span class="o">-</span><span class="n">ui</span><span class="o">/</span><span class="n">releases</span><span class="o">/</span><span class="n">download</span><span class="o">/</span><span class="n">latest</span><span class="o">/</span><span class="n">netmaker</span><span class="o">-</span><span class="n">ui</span><span class="o">.</span><span class="n">zip</span>
 | ||
| <span class="n">sudo</span> <span class="n">unzip</span> <span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">share</span><span class="o">/</span><span class="n">nginx</span><span class="o">/</span><span class="n">html</span><span class="o">/</span><span class="n">netmaker</span><span class="o">-</span><span class="n">ui</span><span class="o">.</span><span class="n">zip</span> <span class="o">-</span><span class="n">d</span> <span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">share</span><span class="o">/</span><span class="n">nginx</span><span class="o">/</span><span class="n">html</span>
 | ||
| <span class="n">sudo</span> <span class="n">cp</span> <span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">share</span><span class="o">/</span><span class="n">nginx</span><span class="o">/</span><span class="n">html</span><span class="o">/</span><span class="n">nginx</span><span class="o">.</span><span class="n">conf</span> <span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">nginx</span><span class="o">/</span><span class="n">conf</span><span class="o">.</span><span class="n">d</span><span class="o">/</span><span class="n">default</span><span class="o">.</span><span class="n">conf</span>
 | ||
| <span class="n">sudo</span> <span class="n">sed</span> <span class="o">-</span><span class="n">i</span> <span class="s1">'s/root \/var\/www\/html/root \/usr\/share\/nginx\/html/g'</span> <span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">nginx</span><span class="o">/</span><span class="n">sites</span><span class="o">-</span><span class="n">available</span><span class="o">/</span><span class="n">default</span>
 | ||
| <span class="n">sudo</span> <span class="n">sh</span> <span class="o">-</span><span class="n">c</span> <span class="s1">'BACKEND_URL=http://<YOUR BACKEND API URL>:PORT /usr/share/nginx/html/generate_config_js.sh >/usr/share/nginx/html/config.js'</span>
 | ||
| <span class="n">sudo</span> <span class="n">systemctl</span> <span class="n">start</span> <span class="n">nginx</span>
 | ||
| </pre></div>
 | ||
| </div>
 | ||
| 
 | ||
| 
 | ||
| <h3 id="coredns-setup-optional">CoreDNS Setup (optional)<a class="headerlink" href="#coredns-setup-optional" title="Permalink to this headline">¶</a></h3>
 | ||
| <p>CoreDNS is only required if you want private DNS features. Once installed, you must set the CoreDNS variables in the env settings of the server.</p>
 | ||
| <p>See <a class="reference external" href="https://coredns.io/manual/toc/#installation">https://coredns.io/manual/toc/#installation</a></p>
 | ||
| 
 | ||
| 
 | ||
| <h3 id="proxy-load-balancer">Proxy / Load Balancer<a class="headerlink" href="#proxy-load-balancer" title="Permalink to this headline">¶</a></h3>
 | ||
| <p>You will need to proxy connections to your UI and Server. By default the ports are 8081, 8082, and 50051 (grpc). This proxy should handle SSL certificates. We recommend Caddy or Nginx (you can follow the Nginx guide in these docs). The proxy must be able to handle gRPC connections.</p>
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| <span id="kubeinstall"></span><h2 id="kubernetes-install">Kubernetes Install<a class="headerlink" href="#kubernetes-install" title="Permalink to this headline">¶</a></h2>
 | ||
| 
 | ||
| <h3 id="server-install">Server Install<a class="headerlink" href="#server-install" title="Permalink to this headline">¶</a></h3>
 | ||
| <p>This template assumes your cluster uses Nginx for ingress with valid wildcard certificates. If using an ingress controller other than Nginx (ex: Traefik), you will need to manually modify the Ingress entries in this template to match your environment.</p>
 | ||
| <p>This template also requires RWX storage. Please change references to storageClassName in this template to your cluster’s Storage Class.</p>
 | ||
| <p><code class="docutils literal notranslate"><span class="pre">wget</span> <span class="pre">https://raw.githubusercontent.com/gravitl/netmaker/master/kube/netmaker-template.yaml</span></code></p>
 | ||
| <p>Replace the NETMAKER_BASE_DOMAIN references to the base domain you would like for your Netmaker services (ui,api,grpc). Typically this will be something like <strong>netmaker.yourwildcard.com</strong>.</p>
 | ||
| <p><code class="docutils literal notranslate"><span class="pre">sed</span> <span class="pre">-i</span> <span class="pre">‘s/NETMAKER_BASE_DOMAIN/<your</span> <span class="pre">base</span> <span class="pre">domain>/g’</span> <span class="pre">netmaker-template.yaml</span></code></p>
 | ||
| <p>Now, assuming Ingress and Storage match correctly with your cluster configuration, you can install Netmaker.</p>
 | ||
| <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">kubectl</span> <span class="n">create</span> <span class="n">ns</span> <span class="n">nm</span>
 | ||
| <span class="n">kubectl</span> <span class="n">config</span> <span class="nb">set</span><span class="o">-</span><span class="n">context</span> <span class="o">--</span><span class="n">current</span> <span class="o">--</span><span class="n">namespace</span><span class="o">=</span><span class="n">nm</span>
 | ||
| <span class="n">kubectl</span> <span class="n">apply</span> <span class="o">-</span><span class="n">f</span> <span class="n">netmaker</span><span class="o">-</span><span class="n">template</span><span class="o">.</span><span class="n">yaml</span> <span class="o">-</span><span class="n">n</span> <span class="n">nm</span>
 | ||
| </pre></div>
 | ||
| </div>
 | ||
| <p>In about 3 minutes, everything should be up and running:</p>
 | ||
| <p><code class="docutils literal notranslate"><span class="pre">kubectl</span> <span class="pre">get</span> <span class="pre">ingress</span> <span class="pre">nm-ui-ingress-nginx</span></code></p>
 | ||
| 
 | ||
| 
 | ||
| <h3 id="netclient-daemonset">Netclient Daemonset<a class="headerlink" href="#netclient-daemonset" title="Permalink to this headline">¶</a></h3>
 | ||
| <p>The following instructions assume you have Netmaker running and a network you would like to add your cluster into. The Netmaker server does not need to be running inside of a cluster for this.</p>
 | ||
| <div class="highlight-default notranslate"><div class="highlight"><pre><span></span>wget https://raw.githubusercontent.com/gravitl/netmaker/master/kube/netclient-template.yaml
 | ||
| sed -i ‘s/ACCESS_TOKEN_VALUE/< your access token value>/g’ netclient-template.yaml
 | ||
| kubectl apply -f netclient-template.yaml
 | ||
| </pre></div>
 | ||
| </div>
 | ||
| <p>For a more detailed guide on integrating Netmaker with MicroK8s, <a class="reference external" href="https://itnext.io/how-to-deploy-a-cross-cloud-kubernetes-cluster-with-built-in-disaster-recovery-bbce27fcc9d7">check out this guide</a>.</p>
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| <h2 id="nginx-reverse-proxy-setup-with-https">Nginx Reverse Proxy Setup with https<a class="headerlink" href="#nginx-reverse-proxy-setup-with-https" title="Permalink to this headline">¶</a></h2>
 | ||
| <p>The <a class="reference external" href="https://github.com/linuxserver/docker-swag">Swag Proxy</a> makes it easy to generate a valid ssl certificate for the config bellow. Here is the <a class="reference external" href="https://docs.linuxserver.io/general/swag">documentation</a> for the installation.</p>
 | ||
| <p>The following file configures Netmaker as a subdomain. This config is an adaption from the swag proxy project.</p>
 | ||
| <p>./netmaker.subdomain.conf:</p>
 | ||
| <div class="highlight-nginx notranslate"><div class="highlight"><pre><span></span><span class="k">server</span> <span class="p">{</span>
 | ||
|     <span class="kn">listen</span> <span class="mi">443</span> <span class="s">ssl</span><span class="p">;</span>
 | ||
|     <span class="kn">listen</span> <span class="s">[::]:443</span> <span class="s">ssl</span><span class="p">;</span>
 | ||
| 
 | ||
|     <span class="kn">server_name</span> <span class="s">netmaker.*</span><span class="p">;</span> <span class="c1"># The external URL</span>
 | ||
|     <span class="kn">client_max_body_size</span> <span class="mi">0</span><span class="p">;</span>
 | ||
| 
 | ||
|     <span class="c1"># A valid https certificate is needed.</span>
 | ||
|     <span class="kn">include</span> <span class="s">/config/nginx/ssl.conf</span><span class="p">;</span>
 | ||
| 
 | ||
|     <span class="kn">location</span> <span class="s">/</span> <span class="p">{</span>
 | ||
|         <span class="c1"># This config file can be found at:</span>
 | ||
|         <span class="c1"># https://github.com/linuxserver/docker-swag/blob/master/root/defaults/proxy.conf</span>
 | ||
|         <span class="kn">include</span> <span class="s">/config/nginx/proxy.conf</span><span class="p">;</span>
 | ||
| 
 | ||
|         <span class="c1"># if you use a custom resolver to find your app, needed with swag proxy</span>
 | ||
|         <span class="c1"># resolver 127.0.0.11 valid=30s;</span>
 | ||
|         <span class="kn">set</span> <span class="nv">$upstream_app</span> <span class="s">netmaker-ui</span><span class="p">;</span>                             <span class="c1"># The internal URL</span>
 | ||
|         <span class="kn">set</span> <span class="nv">$upstream_port</span> <span class="mi">80</span><span class="p">;</span>                                     <span class="c1"># The internal Port</span>
 | ||
|         <span class="kn">set</span> <span class="nv">$upstream_proto</span> <span class="s">http</span><span class="p">;</span>                                  <span class="c1"># the protocol that is being used</span>
 | ||
|         <span class="kn">proxy_pass</span> <span class="nv">$upstream_proto://$upstream_app:$upstream_port</span><span class="p">;</span> <span class="c1"># combine the set variables from above</span>
 | ||
|         <span class="p">}</span>
 | ||
|     <span class="p">}</span>
 | ||
| 
 | ||
| <span class="k">server</span> <span class="p">{</span>
 | ||
|     <span class="kn">listen</span> <span class="mi">443</span> <span class="s">ssl</span><span class="p">;</span>
 | ||
|     <span class="kn">listen</span> <span class="s">[::]:443</span> <span class="s">ssl</span><span class="p">;</span>
 | ||
| 
 | ||
|     <span class="kn">server_name</span> <span class="s">backend-netmaker.*</span><span class="p">;</span> <span class="c1"># The external URL</span>
 | ||
|     <span class="kn">client_max_body_size</span> <span class="mi">0</span><span class="p">;</span>
 | ||
|     <span class="kn">underscores_in_headers</span> <span class="no">on</span><span class="p">;</span>
 | ||
| 
 | ||
|     <span class="c1"># A valid https certificate is needed.</span>
 | ||
|     <span class="kn">include</span> <span class="s">/config/nginx/ssl.conf</span><span class="p">;</span>
 | ||
| 
 | ||
|     <span class="kn">location</span> <span class="s">/</span> <span class="p">{</span>
 | ||
|         <span class="c1"># if you use a custom resolver to find your app, needed with swag proxy</span>
 | ||
|         <span class="c1"># resolver 127.0.0.11 valid=30s;</span>
 | ||
| 
 | ||
|         <span class="kn">set</span> <span class="nv">$upstream_app</span> <span class="s">netmaker</span><span class="p">;</span>                                <span class="c1"># The internal URL</span>
 | ||
|         <span class="kn">set</span> <span class="nv">$upstream_port</span> <span class="mi">8081</span><span class="p">;</span>                                   <span class="c1"># The internal Port</span>
 | ||
|         <span class="kn">set</span> <span class="nv">$upstream_proto</span> <span class="s">http</span><span class="p">;</span>                                  <span class="c1"># the protocol that is being used</span>
 | ||
|         <span class="kn">proxy_pass</span> <span class="nv">$upstream_proto://$upstream_app:$upstream_port</span><span class="p">;</span> <span class="c1"># combine the set variables from above</span>
 | ||
| 
 | ||
|         <span class="c1"># Forces the header to be the one that is visible from the outside</span>
 | ||
|         <span class="kn">proxy_set_header</span>                <span class="s">Host</span> <span class="s">backend.netmaker.example.org</span><span class="p">;</span> <span class="c1"># Please cange to your URL</span>
 | ||
| 
 | ||
|         <span class="c1"># Pass all headers through to the backend</span>
 | ||
|         <span class="kn">proxy_pass_request_headers</span>      <span class="no">on</span><span class="p">;</span>
 | ||
|         <span class="p">}</span>
 | ||
|     <span class="p">}</span>
 | ||
| </pre></div>
 | ||
| </div>
 | ||
| 
 | ||
| 
 | ||
| <span id="hainstall"></span><h2 id="highly-available-installation-kubernetes">Highly Available Installation (Kubernetes)<a class="headerlink" href="#highly-available-installation-kubernetes" title="Permalink to this headline">¶</a></h2>
 | ||
| <p>Netmaker comes with a Helm chart to deploy with High Availability on Kubernetes:</p>
 | ||
| <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">helm</span> <span class="n">repo</span> <span class="n">add</span> <span class="n">netmaker</span> <span class="n">https</span><span class="p">:</span><span class="o">//</span><span class="n">gravitl</span><span class="o">.</span><span class="n">github</span><span class="o">.</span><span class="n">io</span><span class="o">/</span><span class="n">netmaker</span><span class="o">-</span><span class="n">helm</span><span class="o">/</span>
 | ||
| <span class="n">helm</span> <span class="n">repo</span> <span class="n">update</span>
 | ||
| </pre></div>
 | ||
| </div>
 | ||
| 
 | ||
| <h3 id="requirements">Requirements<a class="headerlink" href="#requirements" title="Permalink to this headline">¶</a></h3>
 | ||
| <p>To run HA Netmaker on Kubernetes, your cluster must have the following:
 | ||
| - RWO and RWX Storage Classes (RWX is only required if running Netmaker with DNS Management enabled).
 | ||
| - An Ingress Controller and valid TLS certificates
 | ||
| - This chart can currently generate ingress for Nginx or Traefik Ingress with LetsEncrypt + Cert Manager
 | ||
| - If LetsEncrypt and CertManager are not deployed, you must manually configure certificates for your ingress</p>
 | ||
| <p>Furthermore, the chart will by default install and use a postgresql cluster as its datastore.</p>
 | ||
| 
 | ||
| 
 | ||
| <h3 id="recommended-settings">Recommended Settings:<a class="headerlink" href="#recommended-settings" title="Permalink to this headline">¶</a></h3>
 | ||
| <p>A minimal HA install of Netmaker can be run with the following command:
 | ||
| <cite>helm install netmaker –generate-name –set baseDomain=nm.example.com</cite>
 | ||
| This install has some notable exceptions:
 | ||
| - Ingress <strong>must</strong> be manually configured post-install (need to create valid Ingress with TLS)
 | ||
| - Server will use “userspace” WireGuard, which is slower than kernel WG
 | ||
| - DNS will be disabled</p>
 | ||
| 
 | ||
| 
 | ||
| <h3 id="example-installations">Example Installations:<a class="headerlink" href="#example-installations" title="Permalink to this headline">¶</a></h3>
 | ||
| <p>An annotated install command:</p>
 | ||
| <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">helm</span> <span class="n">install</span> <span class="n">netmaker</span><span class="o">/</span><span class="n">netmaker</span> <span class="o">--</span><span class="n">generate</span><span class="o">-</span><span class="n">name</span> \ <span class="c1"># generate a random id for the deploy</span>
 | ||
| <span class="o">--</span><span class="nb">set</span> <span class="n">baseDomain</span><span class="o">=</span><span class="n">nm</span><span class="o">.</span><span class="n">example</span><span class="o">.</span><span class="n">com</span> \ <span class="c1"># the base wildcard domain to use for the netmaker api/dashboard/grpc ingress</span>
 | ||
| <span class="o">--</span><span class="nb">set</span> <span class="n">replicas</span><span class="o">=</span><span class="mi">3</span> \ <span class="c1"># number of server replicas to deploy (3 by default)</span>
 | ||
| <span class="o">--</span><span class="nb">set</span> <span class="n">ingress</span><span class="o">.</span><span class="n">enabled</span><span class="o">=</span><span class="n">true</span> \ <span class="c1"># deploy ingress automatically (requires nginx or traefik and cert-manager + letsencrypt)</span>
 | ||
| <span class="o">--</span><span class="nb">set</span> <span class="n">ingress</span><span class="o">.</span><span class="n">className</span><span class="o">=</span><span class="n">nginx</span> \ <span class="c1"># ingress class to use</span>
 | ||
| <span class="o">--</span><span class="nb">set</span> <span class="n">ingress</span><span class="o">.</span><span class="n">tls</span><span class="o">.</span><span class="n">issuerName</span><span class="o">=</span><span class="n">letsencrypt</span><span class="o">-</span><span class="n">prod</span> \ <span class="c1"># LetsEncrypt certificate issuer to use</span>
 | ||
| <span class="o">--</span><span class="nb">set</span> <span class="n">dns</span><span class="o">.</span><span class="n">enabled</span><span class="o">=</span><span class="n">true</span> \ <span class="c1"># deploy and enable private DNS management with CoreDNS</span>
 | ||
| <span class="o">--</span><span class="nb">set</span> <span class="n">dns</span><span class="o">.</span><span class="n">clusterIP</span><span class="o">=</span><span class="mf">10.245</span><span class="o">.</span><span class="mf">75.75</span> <span class="o">--</span><span class="nb">set</span> <span class="n">dns</span><span class="o">.</span><span class="n">RWX</span><span class="o">.</span><span class="n">storageClassName</span><span class="o">=</span><span class="n">nfs</span> \ <span class="c1"># required fields for DNS</span>
 | ||
| <span class="o">--</span><span class="nb">set</span> <span class="n">postgresql</span><span class="o">-</span><span class="n">ha</span><span class="o">.</span><span class="n">postgresql</span><span class="o">.</span><span class="n">replicaCount</span><span class="o">=</span><span class="mi">2</span> \ <span class="c1"># number of DB replicas to deploy (default 2)</span>
 | ||
| </pre></div>
 | ||
| </div>
 | ||
| <p>The below command will install netmaker with two server replicas, a coredns server, and ingress with routes of api.nm.example.com, grpc.nm.example.com, and dashboard.nm.example.com. CoreDNS will be reachable at 10.245.75.75, and will use NFS to share a volume with Netmaker (to configure dns entries).</p>
 | ||
| <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">helm</span> <span class="n">install</span> <span class="n">netmaker</span><span class="o">/</span><span class="n">netmaker</span> <span class="o">--</span><span class="n">generate</span><span class="o">-</span><span class="n">name</span> <span class="o">--</span><span class="nb">set</span> <span class="n">baseDomain</span><span class="o">=</span><span class="n">nm</span><span class="o">.</span><span class="n">example</span><span class="o">.</span><span class="n">com</span> \
 | ||
| <span class="o">--</span><span class="nb">set</span> <span class="n">replicas</span><span class="o">=</span><span class="mi">2</span> <span class="o">--</span><span class="nb">set</span> <span class="n">ingress</span><span class="o">.</span><span class="n">enabled</span><span class="o">=</span><span class="n">true</span> <span class="o">--</span><span class="nb">set</span> <span class="n">dns</span><span class="o">.</span><span class="n">enabled</span><span class="o">=</span><span class="n">true</span> \
 | ||
| <span class="o">--</span><span class="nb">set</span> <span class="n">dns</span><span class="o">.</span><span class="n">clusterIP</span><span class="o">=</span><span class="mf">10.245</span><span class="o">.</span><span class="mf">75.75</span> <span class="o">--</span><span class="nb">set</span> <span class="n">dns</span><span class="o">.</span><span class="n">RWX</span><span class="o">.</span><span class="n">storageClassName</span><span class="o">=</span><span class="n">nfs</span> \
 | ||
| <span class="o">--</span><span class="nb">set</span> <span class="n">ingress</span><span class="o">.</span><span class="n">className</span><span class="o">=</span><span class="n">nginx</span>
 | ||
| </pre></div>
 | ||
| </div>
 | ||
| <p>The below command will install netmaker with three server replicas (the default), <strong>no coredns</strong>, and ingress with routes of api.netmaker.example.com, grpc.netmaker.example.com, and dashboard.netmaker.example.com. There will be one UI replica instead of two, and one database instance instead of two. Traefik will look for a ClusterIssuer named “le-prod-2” to get valid certificates for the ingress.</p>
 | ||
| <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">helm3</span> <span class="n">install</span> <span class="n">netmaker</span><span class="o">/</span><span class="n">netmaker</span> <span class="o">--</span><span class="n">generate</span><span class="o">-</span><span class="n">name</span> \
 | ||
| <span class="o">--</span><span class="nb">set</span> <span class="n">baseDomain</span><span class="o">=</span><span class="n">netmaker</span><span class="o">.</span><span class="n">example</span><span class="o">.</span><span class="n">com</span> <span class="o">--</span><span class="nb">set</span> <span class="n">postgresql</span><span class="o">-</span><span class="n">ha</span><span class="o">.</span><span class="n">postgresql</span><span class="o">.</span><span class="n">replicaCount</span><span class="o">=</span><span class="mi">1</span> \
 | ||
| <span class="o">--</span><span class="nb">set</span> <span class="n">ui</span><span class="o">.</span><span class="n">replicas</span><span class="o">=</span><span class="mi">1</span> <span class="o">--</span><span class="nb">set</span> <span class="n">ingress</span><span class="o">.</span><span class="n">enabled</span><span class="o">=</span><span class="n">true</span> \
 | ||
| <span class="o">--</span><span class="nb">set</span> <span class="n">ingress</span><span class="o">.</span><span class="n">tls</span><span class="o">.</span><span class="n">issuerName</span><span class="o">=</span><span class="n">le</span><span class="o">-</span><span class="n">prod</span><span class="o">-</span><span class="mi">2</span> <span class="o">--</span><span class="nb">set</span> <span class="n">ingress</span><span class="o">.</span><span class="n">className</span><span class="o">=</span><span class="n">traefik</span>
 | ||
| </pre></div>
 | ||
| </div>
 | ||
| <p>Below, we discuss the considerations for Ingress, Kernel WireGuard, and DNS.</p>
 | ||
| 
 | ||
| 
 | ||
| <h3 id="ingress">Ingress<a class="headerlink" href="#ingress" title="Permalink to this headline">¶</a></h3>
 | ||
| <p>To run HA Netmaker, you must have ingress installed and enabled on your cluster with valid TLS certificates (not self-signed). If you are running Nginx as your Ingress Controller and LetsEncrypt for TLS certificate management, you can run the helm install with the following settings:</p>
 | ||
| <ul class="simple">
 | ||
| <li><p><cite>–set ingress.enabled=true</cite></p></li>
 | ||
| <li><p><cite>–set ingress.annotations.cert-manager.io/cluster-issuer=<your LE issuer name></cite></p></li>
 | ||
| </ul>
 | ||
| <p>If you are not using Nginx or Traefik and LetsEncrypt, we recommend leaving ingress.enabled=false (default), and then manually creating the ingress objects post-install. You will need three ingress objects with TLS:</p>
 | ||
| <ul class="simple">
 | ||
| <li><p><cite>dashboard.<baseDomain></cite></p></li>
 | ||
| <li><p><cite>api.<baseDomain></cite></p></li>
 | ||
| <li><p><cite>grpc.<baseDomain></cite></p></li>
 | ||
| </ul>
 | ||
| <p>If deploying manually, the gRPC ingress object requires special considerations. Look up the proper way to route grpc with your ingress controller. For instance, on Traefik, an IngressRouteTCP object is required.</p>
 | ||
| <p>There are some example ingress objects in the kube/example folder.</p>
 | ||
| 
 | ||
| 
 | ||
| <h3 id="kernel-wireguard">Kernel WireGuard<a class="headerlink" href="#kernel-wireguard" title="Permalink to this headline">¶</a></h3>
 | ||
| <p>If you have control of the Kubernetes worker node servers, we recommend <strong>first</strong> installing WireGuard on the hosts, and then installing HA Netmaker in Kernel mode. By default, Netmaker will install with userspace WireGuard (wireguard-go) for maximum compatibility, and to avoid needing permissions at the host level. If you have installed WireGuard on your hosts, you should install Netmaker’s helm chart with the following option:</p>
 | ||
| <ul class="simple">
 | ||
| <li><p><cite>–set wireguard.kernel=true</cite></p></li>
 | ||
| </ul>
 | ||
| 
 | ||
| 
 | ||
| <h3 id="dns">DNS<a class="headerlink" href="#dns" title="Permalink to this headline">¶</a></h3>
 | ||
| <p>By Default, the helm chart will deploy without DNS enabled. To enable DNS, specify with:</p>
 | ||
| <ul class="simple">
 | ||
| <li><p><cite>–set dns.enabled=true</cite></p></li>
 | ||
| </ul>
 | ||
| <p>This will require specifying a RWX storage class, e.g.:</p>
 | ||
| <ul class="simple">
 | ||
| <li><p><cite>–set dns.RWX.storageClassName=nfs</cite></p></li>
 | ||
| </ul>
 | ||
| <p>This will also require specifying a service address for DNS. Choose a valid ipv4 address from the service IP CIDR for your cluster, e.g.:</p>
 | ||
| <ul class="simple">
 | ||
| <li><p><cite>–set dns.clusterIP=10.245.69.69</cite></p></li>
 | ||
| </ul>
 | ||
| <p><strong>This address will only be reachable from hosts that have access to the cluster service CIDR.</strong> It is only designed for use cases related to k8s. If you want a more general-use Netmaker server on Kubernetes for use cases outside of k8s, you will need to do one of the following:
 | ||
| - bind the CoreDNS service to port 53 on one of your worker nodes and set the COREDNS_ADDRESS equal to the public IP of the worker node
 | ||
| - Create a private Network with Netmaker and set the COREDNS_ADDRESS equal to the private address of the host running CoreDNS. For this, CoreDNS will need a node selector and will ideally run on the same host as one of the Netmaker server instances.</p>
 | ||
| 
 | ||
| 
 | ||
| <h3 id="values">Values<a class="headerlink" href="#values" title="Permalink to this headline">¶</a></h3>
 | ||
| <p>To view all options for the chart, please visit the README in the code repo <a class="reference external" href="https://github.com/gravitl/netmaker/tree/master/kube/helm#values">here</a> .</p>
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| <h2 id="highly-available-installation-vms-bare-metal">Highly Available Installation (VMs/Bare Metal)<a class="headerlink" href="#highly-available-installation-vms-bare-metal" title="Permalink to this headline">¶</a></h2>
 | ||
| <p>For an enterprise Netmaker installation, you will need a server that is highly available, to ensure redundant WireGuard routing when any server goes down. To do this, you will need:</p>
 | ||
| <ol class="arabic simple">
 | ||
| <li><p>A load balancer</p></li>
 | ||
| <li><p>3+ Netmaker server instances</p></li>
 | ||
| <li><p>rqlite or PostgreSQL as the backing database</p></li>
 | ||
| </ol>
 | ||
| <p>These documents outline general HA installation guidelines. Netmaker is highly customizable to meet a wide range of enterprise environments. If you would like support with an enterprise-grade Netmaker installation, you can <a class="reference external" href="https://gravitl.com/book">schedule a consultation here</a> .</p>
 | ||
| <p>The main consideration for this document is how to configure rqlite. Most other settings and procedures match the standardized way of making applications HA: Load balancing to multiple instances, and sharing a DB. In our case, the DB (rqlite) is distributed, making HA data more easily achievable.</p>
 | ||
| <p>If using PostgreSQL, follow their documentation for <a class="reference external" href="https://www.postgresql.org/docs/14/high-availability.html">installing in HA mode</a> and skip step #2.</p>
 | ||
| 
 | ||
| <h3 id="load-balancer-setup">1. Load Balancer Setup<a class="headerlink" href="#load-balancer-setup" title="Permalink to this headline">¶</a></h3>
 | ||
| <p>Your load balancer of choice will send requests to the Netmaker servers. Setup is similar to the various guides we have created for Nginx, Caddy, and Traefik. SSL certificates must also be configured and handled by the LB.</p>
 | ||
| 
 | ||
| 
 | ||
| <h3 id="rqlite-setup">2. RQLite Setup<a class="headerlink" href="#rqlite-setup" title="Permalink to this headline">¶</a></h3>
 | ||
| <p>RQLite is the included distributed datastore for an HA Netmaker installation. If you have a different corporate database you wish to integrate, Netmaker is easily extended to other DB’s. If this is a requirement, please contact us.</p>
 | ||
| <p>Assuming you use Rqlite, you must run it on each Netmaker server VM, or alongside that VM as a container. Setup a config.json for database credentials (password supports BCRYPT HASHING) and mount in working directory of rqlite and specify with <cite>-auth config.json</cite> :</p>
 | ||
| <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="p">[{</span>
 | ||
|     <span class="s2">"username"</span><span class="p">:</span> <span class="s2">"netmaker"</span><span class="p">,</span>
 | ||
|     <span class="s2">"password"</span><span class="p">:</span> <span class="s2">"<YOUR_DB_PASSWORD>"</span><span class="p">,</span>
 | ||
|     <span class="s2">"perms"</span><span class="p">:</span> <span class="p">[</span><span class="s2">"all"</span><span class="p">]</span>
 | ||
| <span class="p">}]</span>
 | ||
| </pre></div>
 | ||
| </div>
 | ||
| <p>Once your servers are set up with rqlite, the first instance must be started normally, and then additional nodes must be added with the “join” command. For instance, here is the first server node:</p>
 | ||
| <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">sudo</span> <span class="n">docker</span> <span class="n">run</span> <span class="o">-</span><span class="n">d</span> <span class="o">-</span><span class="n">p</span> <span class="mi">4001</span><span class="p">:</span><span class="mi">4001</span> <span class="o">-</span><span class="n">p</span> <span class="mi">4002</span><span class="p">:</span><span class="mi">4002</span> <span class="n">rqlite</span><span class="o">/</span><span class="n">rqlite</span> <span class="o">-</span><span class="n">node</span><span class="o">-</span><span class="nb">id</span> <span class="mi">1</span> <span class="o">-</span><span class="n">http</span><span class="o">-</span><span class="n">addr</span> <span class="mf">0.0</span><span class="o">.</span><span class="mf">0.0</span><span class="p">:</span><span class="mi">4001</span> <span class="o">-</span><span class="n">raft</span><span class="o">-</span><span class="n">addr</span> <span class="mf">0.0</span><span class="o">.</span><span class="mf">0.0</span><span class="p">:</span><span class="mi">4002</span> <span class="o">-</span><span class="n">http</span><span class="o">-</span><span class="n">adv</span><span class="o">-</span><span class="n">addr</span> <span class="mf">1.2</span><span class="o">.</span><span class="mf">3.4</span><span class="p">:</span><span class="mi">4001</span> <span class="o">-</span><span class="n">raft</span><span class="o">-</span><span class="n">adv</span><span class="o">-</span><span class="n">addr</span> <span class="mf">1.2</span><span class="o">.</span><span class="mf">3.4</span><span class="p">:</span><span class="mi">4002</span> <span class="o">-</span><span class="n">auth</span> <span class="n">config</span><span class="o">.</span><span class="n">json</span>
 | ||
| </pre></div>
 | ||
| </div>
 | ||
| <p>And here is a joining node:</p>
 | ||
| <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">sudo</span> <span class="n">docker</span> <span class="n">run</span> <span class="o">-</span><span class="n">d</span> <span class="o">-</span><span class="n">p</span> <span class="mi">4001</span><span class="p">:</span><span class="mi">4001</span> <span class="o">-</span><span class="n">p</span> <span class="mi">4002</span><span class="p">:</span><span class="mi">4002</span> <span class="n">rqlite</span><span class="o">/</span><span class="n">rqlite</span> <span class="o">-</span><span class="n">node</span><span class="o">-</span><span class="nb">id</span> <span class="mi">2</span> <span class="o">-</span><span class="n">http</span><span class="o">-</span><span class="n">addr</span> <span class="mf">0.0</span><span class="o">.</span><span class="mf">0.0</span><span class="p">:</span><span class="mi">4001</span> <span class="o">-</span><span class="n">raft</span><span class="o">-</span><span class="n">addr</span> <span class="mf">0.0</span><span class="o">.</span><span class="mf">0.0</span><span class="p">:</span><span class="mi">4002</span> <span class="o">-</span><span class="n">http</span><span class="o">-</span><span class="n">adv</span><span class="o">-</span><span class="n">addr</span> <span class="mf">2.3</span><span class="o">.</span><span class="mf">4.5</span><span class="p">:</span><span class="mi">4001</span>  <span class="o">-</span><span class="n">raft</span><span class="o">-</span><span class="n">adv</span><span class="o">-</span><span class="n">addr</span> <span class="mf">2.3</span><span class="o">.</span><span class="mf">4.5</span><span class="p">:</span><span class="mi">4002</span> <span class="o">-</span><span class="n">join</span> <span class="n">https</span><span class="p">:</span><span class="o">//</span><span class="n">netmaker</span><span class="p">:</span><span class="o"><</span><span class="n">YOUR_DB_PASSWORD</span><span class="o">></span><span class="nd">@1</span><span class="o">.</span><span class="mf">2.3</span><span class="o">.</span><span class="mi">4</span><span class="p">:</span><span class="mi">4001</span>
 | ||
| </pre></div>
 | ||
| </div>
 | ||
| <ul class="simple">
 | ||
| <li><p>reference for rqlite setup: <a class="reference external" href="https://github.com/rqlite/rqlite/blob/master/DOC/CLUSTER_MGMT.md#creating-a-cluster">https://github.com/rqlite/rqlite/blob/master/DOC/CLUSTER_MGMT.md#creating-a-cluster</a></p></li>
 | ||
| <li><p>reference for rqlite security: <a class="reference external" href="https://github.com/rqlite/rqlite/blob/master/DOC/SECURITY.md">https://github.com/rqlite/rqlite/blob/master/DOC/SECURITY.md</a></p></li>
 | ||
| </ul>
 | ||
| <p>Once rqlite instances have been configured, the Netmaker servers can be deployed.</p>
 | ||
| 
 | ||
| 
 | ||
| <h3 id="netmaker-setup">3. Netmaker Setup<a class="headerlink" href="#netmaker-setup" title="Permalink to this headline">¶</a></h3>
 | ||
| <p>Netmaker will be started on each node with default settings, except with DATABASE=rqlite (or DATABASE=postgress) and SQL_CONN set appropriately to reach the local rqlite instance. Rqlite will maintain consistency with each Netmaker backend.</p>
 | ||
| <p>If deploying HA with PostgreSQL, you will connect with the following settings:</p>
 | ||
| <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">SQL_HOST</span> <span class="o">=</span> <span class="o"><</span><span class="n">sql</span> <span class="n">host</span><span class="o">></span>
 | ||
| <span class="n">SQL_PORT</span> <span class="o">=</span> <span class="o"><</span><span class="n">port</span><span class="o">></span>
 | ||
| <span class="n">SQL_DB</span>   <span class="o">=</span> <span class="o"><</span><span class="n">designated</span> <span class="n">sql</span> <span class="n">DB</span><span class="o">></span>
 | ||
| <span class="n">SQL_USER</span> <span class="o">=</span> <span class="o"><</span><span class="n">your</span> <span class="n">user</span><span class="o">></span>
 | ||
| <span class="n">SQL_PASS</span> <span class="o">=</span> <span class="o"><</span><span class="n">your</span> <span class="n">password</span><span class="o">></span>
 | ||
| <span class="n">DATABASE</span> <span class="o">=</span> <span class="n">postgres</span>
 | ||
| </pre></div>
 | ||
| </div>
 | ||
| 
 | ||
| 
 | ||
| <h3 id="other-considerations">4. Other Considerations<a class="headerlink" href="#other-considerations" title="Permalink to this headline">¶</a></h3>
 | ||
| <p>This is enough to get a functioning HA installation of Netmaker. However, you may also want to make the Netmaker UI or the CoreDNS server HA as well. The Netmaker UI can simply be added to the same servers and load balanced appropriately. For some load balancers, you may be able to do this with CoreDNS as well.</p>
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
|           </article>
 | ||
|         </div>
 | ||
|       </div>
 | ||
|     </main>
 | ||
|   </div>
 | ||
|   <footer class="md-footer">
 | ||
|     <div class="md-footer-nav">
 | ||
|       <nav class="md-footer-nav__inner md-grid">
 | ||
|           
 | ||
|             <a href="relay-server.html" title="Relay Servers"
 | ||
|                class="md-flex md-footer-nav__link md-footer-nav__link--prev"
 | ||
|                rel="prev">
 | ||
|               <div class="md-flex__cell md-flex__cell--shrink">
 | ||
|                 <i class="md-icon md-icon--arrow-back md-footer-nav__button"></i>
 | ||
|               </div>
 | ||
|               <div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title">
 | ||
|                 <span class="md-flex__ellipsis">
 | ||
|                   <span
 | ||
|                       class="md-footer-nav__direction"> Previous </span> Relay Servers </span>
 | ||
|               </div>
 | ||
|             </a>
 | ||
|           
 | ||
|           
 | ||
|             <a href="client-installation.html" title="Advanced Client Installation"
 | ||
|                class="md-flex md-footer-nav__link md-footer-nav__link--next"
 | ||
|                rel="next">
 | ||
|             <div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title"><span
 | ||
|                 class="md-flex__ellipsis"> <span
 | ||
|                 class="md-footer-nav__direction"> Next </span> Advanced Client Installation </span>
 | ||
|             </div>
 | ||
|             <div class="md-flex__cell md-flex__cell--shrink"><i
 | ||
|                 class="md-icon md-icon--arrow-forward md-footer-nav__button"></i>
 | ||
|             </div>
 | ||
|           
 | ||
|         </a>
 | ||
|         
 | ||
|       </nav>
 | ||
|     </div>
 | ||
|     <div class="md-footer-meta md-typeset">
 | ||
|       <div class="md-footer-meta__inner md-grid">
 | ||
|         <div class="md-footer-copyright">
 | ||
|           <div class="md-footer-copyright__highlight">
 | ||
|               © Copyright 2021, Alex Feiszli.
 | ||
|               
 | ||
|           </div>
 | ||
|             Created using
 | ||
|             <a href="http://www.sphinx-doc.org/">Sphinx</a> 4.3.0.
 | ||
|              and
 | ||
|             <a href="https://github.com/bashtage/sphinx-material/">Material for
 | ||
|               Sphinx</a>
 | ||
|         </div>
 | ||
|       </div>
 | ||
|     </div>
 | ||
|   </footer>
 | ||
|   <script src="_static/javascripts/application.js"></script>
 | ||
|   <script>app.initialize({version: "1.0.4", url: {base: ".."}})</script>
 | ||
|   </body>
 | ||
| </html> |