The Tectonic Installer creates bare metal Tectonic clusters within networks with PXE infrastructure and the
Installation requires the following items, which are discussed in more detail below:
virt-installwill be used to actually boot the machines.
Tectonic Installer requires the License and Pull Secret provided with a CoreOS account. To obtain this information and up to 10 free nodes, create a CoreOS account.
Go to https://account.coreos.com/login, and click Sign Up.
Check your inbox for a confirmation email. Click through to accept the terms of the license, activate your account, and be redirected to the Account Overview page.
Click "Free for use up to 10 nodes" under Tectonic. Enter your contact information, and click Get License for 10 nodes.
Once the update has processed, the Overview window will refresh to include links to download the License and Pull Secret.
The Tectonic Installer app runs on a user's laptop as a GUI for creating new clusters and pushing the right configs to
User machines must:
Bare metal Tectonic clusters are provisioned in a PXE network environment. Cluster nodes will PXE boot from the
matchbox service running on a provisioner node. Familiarity with your network topology is required.
Tectonic bare metal clusters store credentials in
user-data. To restrict access to sensitive information, provision bare metal machines within a trusted network and ensure that a firewall exists between cluster controllers and the public internet.
Ensure DHCP, TFTP and DNS services are available on your network. CoreOS provides a dnsmasq container, if you wish to use rkt or Docker for this.
Familiarize yourself with PXE booting. Cluster nodes should PXE boot from the network and delegate to the
matchbox service which serves configs to provision clusters. At a high level, you must:
matchboxiPXE HTTP endpoint (e.g.
For best results, assign DNS names to each node. The following three records are required for Tectonic Installer:
Cluster nodes must be able to pull docker images from quay.io and gcr.io. Be sure to whitelist these domains. If you must whitelist by IP, run
dig quay.io to list associated IP addresses.
Tectonic installer will add the installer machine's public SSH key to all machines in the cluster. The key must be on the installing machine's ssh-agent, and it is used to configure nodes.
Check if a key already exists in the ssh-agent using
ssh-add -l. If a key must be added to the agent, use
ssh-add Path/ToYour/KeyFile. Note that on OSX it may be necessary to re-add keys from your keyring to the agent on each login.
A minimum of 3 machines are required to run Tectonic. To configure machines:
Tectonic clusters consist of two types of nodes:
etcdand the control plane of the cluster.
Each node should meet the following technical specs:
|RAM||8GB / node|
|CPU||2 cores / node|
|Storage||30GB / node|
Configure cluster nodes to favor booting from disk, and use IPMI to request a PXE boot during installation and re-provisioning. Booting from disk allows Container Linux automatic updates to function normally and is the recommended configuration after provisioning.
Sites where cluster nodes always boot from PXE must plan to regularly update the Container Linux image served to clients.
A provisioner node (or Kubernetes cluster) runs the
matchbox network boot and provisioning service, along with PXE services if you don't already run them elsewhere. You may use CoreOS Container Linux or any Linux distribution for this node. It serves provisioning configs to nodes, but does not join Tectonic clusters.
The provisioner must: