Single node K3s installation

Note: Fetch the registration command as explained in Fetch registration command.
Note:
  • Make sure you have /usr/local/bin configured in your PATH: export PATH=$PATH:/usr/local/bin). All the commands must be executed as root user.
  • Refer to System requirements.
  • For RHEL, K3s needs the following package to be installed: k3s-selinux (repo rancher-k3s-common-stable) and its dependencies container-selinux (repo rhel-8-appstream-rhui-rpms) and policycoreutils-python-utils (repo rhel-8-baseos-rhui-rpms).

Before proceeding with installation, check and ensure to fulfill requirements mentioned in System requirements section.

  1. (IF USING PROXY) Configure the VM environment:

    Set the default proxy environment variables for the shell - used by most commands ran from command line:

    1. Check variables with set | grep -i _proxy. Make sure they all must have the correct values. An example:
      HTTP_PROXY=10.1.2.3:8080
HTTPS_PROXY=10.1.2.3:8080
NO_PROXY=10.4.5.6,localhost,127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local
    2. Set the proxy variables in one of the below files (if not set already). Make sure the proxy variables are only set in one of these files (otherwise one may override others).
      1. ~/.profile (per user setting)
      2. /etc/profile.d/*
      3. /etc/profile (rare and not best practice)
      4. /etc/environment
      5. If in doubt, delete any *_proxy variables from these files, then restart the shell (disconnect and reconnect) and go to step 1.a.
    3. Restart the shell (disconnect and reconnect) and go to step 1.a to confirm that all has been set as expected
  2. Run prechecks eplacing the PRODUCT_NAME=dspm in the following command.
    curl -sfL https://assets.master.k3s.getvisibility.com/k3s/k3s.sh | \
INSTALL_K3S_VERSION="v1.26.10+k3s1" K3S_KUBECONFIG_MODE="644" PRODUCT_NAME=dspm ONLY_PRECHECK=true sh -s - server --node-name=local-01
    • For FDC, use PRODUCT_NAME=synergy.
    • For any other product kind, use PRODUCT_NAME=ultimate.

    Provided not all the checks have been skipped, it is possible for the installer to abort the installation process. If that happens, review the output paying special attention to any warn messages. Should you have any concerns or questions, contact the Forcepoint Technical Support with the result screenshot of the script's full output.

  3. Install k3s service by running the following command:
    curl -sfL https://assets.master.k3s.getvisibility.com/k3s/k3s.sh | \
INSTALL_K3S_VERSION="v1.26.10+k3s1" K3S_KUBECONFIG_MODE="644" PRODUCT_NAME=dspm sh -s - server --node-name=local-01
    Table 1. Optional K3s Install Script Arguments
    Argument Description
    SKIP_PRECHECK=true Skip all built in checks
    SKIP_SYSTEM_CHECKS=true Skip hardware checks
    SKIP_NETWORK_CHECKS=true Skip connectivity checks
    ONLY_PRECHECK=true Run precheck only

    The installer, depending on the arguments, will perform a set of actions before returning back to the command line.

  4. Monitor the progress of the K3s installation:
    watch -c "kubectl get deployments -A"

    The K3s deployment is complete when elements of all the deployments (coredns, local-path-provisioner, metrics-server, traefik and cattle-cluster- agent) show at least "1" as "AVAILABLE".

  5. (IF USING PROXY) Make sure k3s service has proper proxy variables in the file /etc/systemd/system/k3s.service.env. They should already show the required values, if not change them in the file. 
    http_proxy="$PROXY_IP" 
https_proxy="$PROXY_IP" 
no_proxy="$NO_PROXY"
    Note: After changing this file, it is required to restart the K3s service by running: k3s-killall.sh and then systemctl restart k3s.service
  6. (IF USING PROXY) Contact Forcepoint Technical Support and inform them to add the values of your proxy variables, the IP address of the DSPM server, your server certificate, and LDAPS certificate to the Rancher setup. Before proceeding further, wait for confirmation that they have added all the details to Rancher.
  7. See section Fetch registration command to obtain the registration command. Run the registration command. Following is just an example for the kubectl registration command.
    kubectl apply -f https://....k3s.getvisibility.com/v3/import/dxslsxcf84....yaml
    Note: For security reasons the registration command can be used only a single time, the command becomes invalid after the first use. In case you need to run it again you must contact the support team for a new registration command.
  8. Once Forcepoint Technical Support confirms that the product has been deployed, then login to the Keycloak console for further user configuration as explained in section Adding users.