K3s installation steps for single node

Note: Before proceeding with installation, check and ensure to fulfill requirements mentioned in System requirements section. Also, you need to be logged in as root to perform installation.
Note: Fetch the registration command as explained in Fetch installation command.
  1. Deploy the Linux VM.
  2. (IF USING PROXY) Set the local proxy variables in the script k3s.sh. You need to provide product name in a form of PRODUCT_NAME argument. This will instruct the installer to test your current environment against product requirements. Allowed product names are: synergy, dspm, enterprise, and ultimate. Capitalization of the name is important. If you provide a name that cannot be recognized or if you do not provide product name at all, the script will default to PRODUCT_NAME="dspm"
    export http_proxy="$PROXY_IP"
export https_proxy="$PROXY_IP"
no_proxy="$NODE_IP,localhost,127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local"
  3. Run prechecks to see if your environment meets all the requirements:
    Note: For airgap installation, use cat scripts/k3s.sh instead of the curl -sfL https://assets.master.k3s.getvisibility.com/k3s/k3s.sh.
    curl -sfL https://assets.master.k3s.getvisibility.com/k3s/k3s.sh | \
INSTALL_K3S_VERSION="v1.26.10+k3s1" K3S_KUBECONFIG_MODE="644" PRODUCT_NAME=dspm ONLY_PRECHECK=true sh -s - server --node-name=local-01

    Provided not all the checks have been skipped, it is possible for the installer to abort the installation process. If that happens, review the output paying special attention to any warn messages. Should you have any concerns or questions, contact the Support with the result screen attached.

    Table 1. Optional Precheck Arguments
    Argument Description
    SKIP_PRECHECK=true to skip all built in checks
    SKIP_SYSTEM_CHECKS=true to skip hardware checks
    SKIP_NETWORK_CHECKS=true to skip connectivity checks
    ONLY_PRECHECK=true will run precheck only and stop after that
    Note:

    Running product prechecks are necessary to ensure optimal performance with minimal required maintenance. However, if you want to skip checking how the installed memory size, number of required CPU cores and storage requirements fare against your environment: 

    curl -sfL https://assets.master.k3s.getvisibility.com/k3s/k3s.sh | \
INSTALL_K3S_VERSION="v1.26.10+k3s1" K3S_KUBECONFIG_MODE="644" SKIP_SYSTEM_CHECKS=true sh -s - server --node-name=local-01
  4. Install k3s service by running the below command. The below command installs the Forcepoint dspm product.
    curl -sfL https://assets.master.k3s.getvisibility.com/k3s/k3s.sh | \
INSTALL_K3S_VERSION="v1.26.10+k3s1" K3S_KUBECONFIG_MODE="644" PRODUCT_NAME=dspm sh -s - server --node-name=local-01

    The installer, depending on the combination of arguments provided, will perform a set of actions before returning back to the command line.

  5. Monitoring the progress of the installation:
    watch -c "kubectl get deployments -A"
    • The K3s deployment is complete when elements of all the deployments (coredns, local-path-provisioner, metrics-server, traefik and cattle-cluster- agent) show at least "1" as "AVAILABLE".
    • In case of errors, you can inspect the logs of a pod using kubectl logs , for example:
      kubectl logs cattle-cluster-agent-d96d648d8-wjvl9 -n cattle-system
  6. (IF USING PROXY) Make sure k3s service has proper proxy variables in the file /etc/systemd/system/k3s.service.env. They should already show the required values, if not change them in the file. 
    http_proxy="$PROXY_IP" | https_proxy="$PROXY_IP" |  no_proxy="$NO_PROXY"
  7. Contact Forcepoint Technical Support and inform them the values of your proxy variables from Step 5. Forcepoint Technical Support adds the proxy variables to the Rancher setup. Before proceeding further, wait for Forcepoint Technical Support to confirm that they have added the procxy variables to Rancher.
  8. For direct customers, Forcepoint Technical Support will provide the registration command, otherwise you should receive it in the Welcome Email. Following is just an example for the kubectl registration command.
    kubectl apply -f https://....k3s.getvisibility.com/v3/import/dxslsxcf84....yaml
    Note: For security reasons the registration command can be used only a single time, the command becomes invalid after the first use. In case you need to run it again you must contact the support team for a new registration command.
  9. Contact Forcepoint Technical Support with request to start the install/push product to cluster step. Once, Forcepoint Technical Support, confirms that the product is running initiate Keyclock configuration.