Additional installation considerations
You may have to perform additional prerequisites in order to successfully install DSP in your system. These prerequisites vary depending on your own system configuration.
Starting from DSP 1.1.0, Gravity loads and configures the required kernel modules for you as part of the installation process. However, if your environment includes automation that overrides these modules, you need to load the required kernel modules manually. For a list of required kernel modules, see Kernel Modules in the Gravitational documentation.
Load network bridge drivers
Depending on your operating system, you may need to load network bridge drivers.
- Check to see if network bridge drivers have been loaded on your operating system. If enabled, the output number should be
1
.sysctl net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-iptables = 1
- If you receive an error message
sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-iptables: No such file or directory
you must add br_netfilter kernel module to the k8s.conf file and load the module into the kernel before you can load the network bridge drivers.- Add the br_netfilter kernel module to the configuration file.
cat <<EOF > /etc/modules-load.d/k8s.conf br_netfilter EOF
- Load the br_netfilter kernel module.
modprobe br_netfilter
- Add the br_netfilter kernel module to the configuration file.
- If the network bridge driver has not been loaded, run the following commands.
- Load network bridge drivers.
sysctl -w net.bridge.bridge-nf-call-iptables=1
- Persist this setting.
echo net.bridge.bridge-nf-call-iptables=1 >> /etc/sysctl.d/10-bridge-nf-call-iptables.conf
- Load network bridge drivers.
Increase inotify watches
When installing DSP on Centos or RedHat, you should increase inotify watches to 1048576.
- On each node, edit the
/etc/sysctl.d/99-sysctl.conf
file. - Add the following line:
fs.inotify.max_user_watches=1048576
- Save your changes.
- From the command-line of the controller node, type the following command:
sysctl -p /etc/sysctl.d/99-sysctl.conf
Enable IPv4 Forwarding
Depending on your operating system, you may need to enable IPv4 Forwarding.
- (Optional) Check to see if IPv4 forwarding is enabled on your operating system by running the following command. If enabled, the output number should be
1
.sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 1
- Enable IPv4 forwarding.
sysctl -w net.ipv4.ip_forward=1
- Save the IPv4 settings.
- (Optional) If you are using Ubuntu and you already have a
sysctl.conf
file, you can update the existingnet.ipv4.ip_forward
setting by opening the/etc/sysctl.conf
file, and uncommenting the line that has the IPv4 setting. After you've enabled IPv4 forwarding, skip to step 4. - Otherwise, run the following command:
echo net.ipv4.ip_forward=1 >> /etc/sysctl.d/10-ipv4-forwarding-on.conf
- (Optional) If you are using Ubuntu and you already have a
- Load the sysctl settings:
sysctl -p
Firewalld
If firewalld is enabled in the Operating System, Kubernetes services may not be able to communicate under default configuration. Run the following commands on each node in your cluster.
firewall-cmd --zone=trusted --add-source=10.244.0.0/16 --permanent # pod subnet firewall-cmd --zone=trusted --add-source=10.100.0.0/16 --permanent # service subnet firewall-cmd --zone=trusted --add-interface=eth0 --permanent # enable eth0 in trusted zone so nodes can communicate firewall-cmd --zone=trusted --add-masquerade --permanent # masquerading so packets can be routed back firewall-cmd --reload systemctl restart firewalld
Install and set up bash-completion
Kubectl provides autocompletion support for bash. Depending on your Linux install configuration, you may need to install bash-completion. You can check if you have bash-completion already installed by running type _init_completion
.
- Use your Linux distribution package manager to install bash-completion:
- For RedHat, CentoOS, and Amazon Linux, type:
yum install bash-completion
. - For Ubuntu, type:
apt-get install bash-completion
.
- For RedHat, CentoOS, and Amazon Linux, type:
- Verify that bash-completion is installed and configured:
type _init_completion
. If the command fails, edit your~/.bashrc
file and add:source /usr/share/bash-completion/bash_completion
. - Enable bash-completion in kubectl. There are two ways that this can be done:
- Source the kubectl bash-completion in your
~/.bashrc
file:echo 'source <(kubectl completion bash)' >>~/.bashrc
. - Add bash-complete to the
/etc/bash_completion.d
directory:kubectl completion bash >/etc/bash_completion.d/kubectl
.
- Source the kubectl bash-completion in your
- Restart your bash session.
For more information see Enabling shell autocompletion in the Kubernetes Install and Set Up kubectl manual.
Network Encryption Policy | Install the Data Stream Processor |
This documentation applies to the following versions of Splunk® Data Stream Processor: 1.1.0, 1.2.0, 1.2.1-patch02, 1.2.1, 1.2.2-patch02, 1.2.4, 1.2.5, 1.3.0, 1.3.1
Feedback submitted, thanks!