Skip to main content
Version: latest

Palette Management Appliance

tech preview

This is a Tech Preview feature and is subject to change. Upgrades from a Tech Preview deployment may not be available. Do not use this feature in production workloads.

The Palette Management Appliance is downloadable as an ISO file and is a solution for installing self-hosted Palette on your infrastructure. The ISO file contains all the necessary components needed for Palette to function. The ISO file is used to boot the nodes, which are then clustered to form a Palette management cluster.

Once Palette has been installed, you can download pack bundles and upload them to the internal Zot registry or an external registry. These pack bundles are used to create your cluster profiles. You will then be able to deploy clusters in your environment.

Third Party Packs

There is an additional option to download and install the Third Party packs that provide complementary functionality to Palette. These packs are not required for Palette to function, but they do provide additional features and capabilities as described in the following table.

FeatureIncluded with Palette Third Party PackIncluded with Palette Third Party Conformance Pack
Backup and Restore
Configuration Security
Penetration Testing
Software Bill Of Materials (SBOM) scanning
Conformance Testing

Architecture

The ISO file is built with the Operating System (OS), Kubernetes distribution, Container Network Interface (CNI), and Container Storage Interface (CSI). A Zot registry is also included in the Appliance Framework ISO. Zot is a lightweight, OCI-compliant container image registry that is used to store the Palette packs needed to create cluster profiles.

The following table displays the infrastructure profile for the self-hosted Palette appliance.

LayerComponentVersion
OSUbuntu: Immutable Kairos22.04
KubernetesPalette eXtended Kubernetes Edge (PXK-E)1.32.3
CNICalico3.29.2
CSIPiraeus2.8.1
RegistryZot0.1.67

Supported Platforms

The Palette Management Appliance can be used on the following infrastructure platforms:

  • VMware vSphere
  • Bare Metal
  • Machine as a Service (MAAS)

Limitations

  • Only public image registries are supported if you are choosing to use an external registry for your pack bundles.

Installation Steps

Follow the instructions to install Palette using the Palette Management Appliance on your infrastructure platform.

Prerequisites

  • ISO management software installed on your local machine, such as mkisofs or genisoimage.

  • Access to the Artifact Studio to download the Palette Enterprise ISO.

  • A minimum of three nodes must be provisioned in advance for the Palette installation. We recommended the following resources for each node. Refer to the Palette Size Guidelines for additional sizing information.

    • 8 CPUs per node.

    • 16 GB memory per node.

    • Two disks per node.

      • The first disk must be at least 250 GB and is used for the ISO stack. You specify the device in the user-data file during the ISO creation process in the first few steps.

      • The second disk must be at least 500 GB and is used for the storage pool. The default device selected is /dev/sdb. You can change the default device during the cluster creation steps in Local UI.

        danger

        The second disk is wiped as part of the installation process. If using an existing disk, ensure that you back up any important data before proceeding.

    • We recommend at least two removable media connections to attach both the Palette Enterprise ISO and the user-data ISO. These can be physical or virtual connections depending on your infrastructure provider.

      If your nodes only support a single removable media connection, you can still proceed by following the tips and additional steps mentioned in the Install Palette steps.

  • The following network ports must be accessible on each node for Palette to operate successfully.

    • TCP/443: Must be open between all Palette nodes and accessible for user connections to the Palette management cluster.

    • TCP/6443: Outbound traffic from the Palette management cluster to the deployed cluster's Kubernetes API server.

  • SSH access must be available to the nodes used for Palette installation.

  • Relevant permissions to install Palette on the nodes including permission to attach or mount an ISO and set nodes to boot from it.

    warning
    • The ISO is only supported on Unified Extensible Firmware Interface (UEFI) systems. Ensure you configure the nodes to boot from the ISO in UEFI mode.
    • Palette Management Appliance does not support Secure Boot. Disable it on the nodes before proceeding with the installation.

  • You can choose to use either an internal Zot registry that comes with Palette or an external registry of your choice. If using an external registry, you will need to provide the following information during the Palette installation process.

    • The DNS/IP endpoint and port for the external registry.
      • Ensure the nodes used to host the Palette management cluster have network access to the external registry server.
    • The username for the registry.
    • The password for the registry.
    • (Optional) The Certificate Authority (CA) certificate that was used to sign the external registry certificate in Base64 format.

    How to get Base64 encoded entries for a certificate

    You can get the Base64 encoded entry from your certificate by using the following command. Replace <certificate-file> with the filename of your certificate file.

    base64 --wrap 0 <certificate-file>

  • If you have an Ubuntu Pro subscription, you can provide the Ubuntu Pro token during the Palette installation process. This is optional but recommended for security and compliance purposes.

  • A virtual IP address (VIP) must be available for the Palette management cluster. This is assigned during the Palette installation process and is used for load balancing and high availability. The VIP must be accessible to all nodes in the Palette management cluster.

    How to discover free IPs in your environment

    You can discover free IPs in your environment by using a tool like arping or nmap. For example, you can issue the following command to probe a CIDR block for free IP addresses.

    nmap --unprivileged -sT -Pn 10.10.200.0/24

    This command will scan the CIDR block and output any hosts it finds.

    Example nmap output
    Nmap scan report for test-worker-pool-cluster2-6655ab7a-tyuio.company.dev (10.10.200.2)
    Host is up.
    All 1000 scanned ports on test-worker-pool-cluster2-6655ab7a-tyuio.company.dev (10.10.200.2) are in ignored states.
    Not shown: 1000 filtered tcp ports (no-response)

    For any free IP addresses, you can use arping to double-check if the IP is available.

    Example arping command
    arping -D -c 4 10.10.200.101
    Example arping output
    ARPING 10.10.200.101 from 0.0.0.0 ens103
    Sent 4 probes (4 broadcast(s))
    Received 0 response(s)

    If you receive no responses like the example output above, the IP address is likely free.

Install Palette

  1. Create a file called user-data using the following template and replace <storage-drive> with the drive to use for the Palette ISO stack, such as /dev/sda.

    If the device is not specified, the default value is auto. This means the installer selects the largest available drive, which may not be the desired behavior, especially in multi-drive environments.

    tip

    If your nodes only support a single removable media connection, skip to step 5.

    #cloud-config
    install:
      reboot: false
      poweroff: true
      device: <storage-drive>
      grub_options:
        extra_cmdline: "fips=1 selinux=0"
      bind_mounts:
      - /etc/lvm
      - /var/lib/drbd
      - /var/lib/linstor.d
      - /var/lib/piraeus-datastore
      - /var/lib/calico

    stylus:
      debug: false
      trace: false
      installationMode: airgap
      skipStylusUpgrade: true
      includeTui: true

    stages:
      after-reset:
          - commands:
              - |
                sudo lvchange -an drbd-vg
                sudo lvremove -f drbd-vg
                sudo vgremove drbd-vg
            if: "vgs drbd-vg >/dev/null 2>&1"
            name: Wipe and prepare secondary SSD for CSI...
      kairos-install.pre.after:
          - commands:
              - |
                sudo lvchange -an drbd-vg
                sudo lvremove -f drbd-vg
                sudo vgremove drbd-vg
            if: "vgs drbd-vg >/dev/null 2>&1"
            name: Wipe and prepare secondary SSD for CSI...

  2. Create an empty meta-data file.

    touch meta-data

  3. Create the user-data ISO using the following command.

    mkisofs -output user-data.iso -volid cidata -joliet -rock user-data meta-data

  4. Load the user-data ISO to a bootable device, such as a USB stick, or upload the ISO to a datastore in your VMware environment. You can use several software tools to create a bootable USB drive, such as balenaEtcher.

    • For VMware vSphere, you can upload the Palette Enterprise ISO to a datastore using the vSphere Client or the govc CLI tool. Refer to the vSphere or govc documentation for more information.
    • For Bare Metal, you can use tools like scp or rsync to transfer the Palette Enterprise ISO to the nodes, or use a USB drive to boot the nodes from the ISO.
    • For Machine as a Service (MAAS), you can upload and deploy ISOs using Packer. Refer to the MAAS documentation for more information.

    Ensure that the user-data ISO is accessible to all nodes that will be part of the Palette management cluster.

    info

    The user-data ISO only contains configuration data. If you use a tool like balenaEtcher to write the ISO file to a USB stick, it may display a warning stating that the user-data ISO is not bootable. You can safely ignore this warning and continue writing the image to USB.

  5. Download the Palette Enterprise ISO from the Artifact Studio. Refer to the Artifact Studio guide for instructions on how to access and download the ISO.

  6. Upload the Palette Enterprise ISO to your infrastructure provider. This can be done using the web interface of your infrastructure provider or using command-line tools.

    Ensure that the Palette Enterprise ISO is accessible to all nodes that will be part of the Palette management cluster.

  7. Attach the Palette Enterprise ISO and the user-data ISO to the nodes and ensure the boot order is set to boot from the Palette Enterprise ISO first.

    For example, in VMware vSphere, the VMs will have the Palette Enterprise ISO in CD/DVD drive 1 and the user-data ISO in CD/DVD drive 2. Refer to the documentation of your infrastructure provider for specific instructions on how to attach and boot from multiple ISOs.

    tip

    If your nodes only support a single removable media connection, attach the Palette Enterprise ISO only.

  8. Restart the nodes to start the installation process.

    If your nodes only support a single removable media connection, read and follow the additional steps below before restarting your nodes.

    Additional steps for single removable media connections

    1. Once the node has rebooted and entered the GRand Unified Bootloader (GRUB) menu, select the Palette eXtended Kubernetes Edge Install (manual) option and press ENTER.

      caution

      Ensure that you select the option within the first five seconds of the GRUB menu appearing, as it will automatically proceed with the default installation option after this time.

    2. Once the node has finished booting, in the terminal, issue the following command to list the block devices.

      lsblk --paths

      Use the output to identify the correct device name for the installation process. For example, /dev/sda.

      Example output
      NAME       MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
      /dev/loop0   7:0    0     1G  1 loop /run/rootfsbase
      /dev/sda     8:0    0   250G  0 disk
      /dev/sdb     8:16   0  5000G  0 disk
      /dev/sr0    11:0    1  17.3G  0 rom  /run/initramfs/live

    3. Issue the following command to edit the installation manifest.

      vi /oem/stylus_config.yaml

    4. Add the following install.device section to your manifest, replacing <storage-drive> with the device name identified in step 2.

      #cloud-config

      cosign: false
      verify: false
      install:
        device: <storage-drive>
        grub-entry-name: "Palette eXtended Kubernetes Edge"
        system:
          size: 8192
      ...

    5. Save the changes and exit the editor.

    6. Issue the following command to start the installation process.

      kairos-agent install

      Once the command is issued, proceed to the next step.

  9. Once the nodes are booted from the ISO, the GRand Unified Bootloader (GRUB) screen may be displayed with selectable options; this should be ignored as the installation will proceed automatically.

    Wait for the installation process to complete. This will take at least 15 minutes, depending on the resources available on the nodes. After completion, the nodes will reboot and display the Palette TUI.

  10. In the Palette TUI, provide credentials for the initial account. This account will be used to log in to Local UI and for SSH access to the node.

    FieldDescription
    UsernameProvide a username to use for the account.
    PasswordEnter a password for the account.
    Confirm PasswordRe-enter the password for confirmation.

    Press ENTER to continue.

  11. In the Palette TUI, the available configuration options are displayed and are described in the next three steps. Use the TAB key or the up and down arrow keys to switch between fields. When you make a change, press ENTER to apply the change. Use ESC to go back.

  12. In Hostname, check the existing hostname and, optionally, change it to a new one.

  13. In Host Network Adapters, select a network adapter you would like to configure. By default, the network adapters request an IP automatically from the Dynamic Host Configuration Protocol (DHCP) server. The CIDR block of an adapter's possible IP address is displayed in the Host Network Adapters screen without selecting an individual adapter.

    In the configuration page for each adapter, you can change the IP addressing scheme of the adapter and choose a static IP instead of DHCP. In Static IP mode, you will need to provide a static IP address and subnet mask, as well as the address of the default gateway. Specifying a static IP will remove the existing DHCP settings.

    You can also specify the Maximum Transmission Unit (MTU) for your network adapter. The MTU defines the largest size, in bytes, of a packet that can be sent over a network interface without needing to be fragmented.

  14. In DNS Configuration, specify the IP address of the primary and alternate name servers. You can optionally specify a search domain.

  15. After you are satisfied with the configurations, navigate to Quit and press ENTER to finish the configuration. Press ENTER again on the confirmation prompt.

    After a few seconds, the terminal displays the Device Info and prompts you to provision the device through Local UI.

    tip

    If you need to access the Palette TUI again, issue the palette-tui command in the terminal.

  16. Ensure you complete the configuration on each node before proceeding to the next step.

  17. Decide on the host that you plan to use as the leader of the group. Refer to Link Hosts for more information about leader hosts.

  18. Access the Local UI of the leader host. Local UI is used to manage the Palette nodes and perform administrative tasks. It provides a web-based interface for managing the Palette management cluster.

    In your web browser, go to https://<node-ip>:5080. Replace <node-ip> with the IP address of your node. If you have changed the default port of the console, replace 5080 with the Local UI port. The address of the Local UI console is also displayed on the terminal screen of the node.

    If you are accessing Local UI for the first time, a security warning may be displayed in your web browser. This is because Local UI uses a self-signed certificate. You can safely ignore this warning and proceed to Local UI.

  19. Log in to Local UI using the credentials you provided in step 10.

  20. (Optional) If you need to configure a HTTP proxy server for the node, follow the steps in the Configure HTTP-Proxy in Local UI guide. When done, proceed to the next step.

  21. From the left main menu, click Linked Edge Hosts.

  22. Click Generate token. The host begins generating tokens that you will use to link this host with other hosts. The Base64 encoded token contains the IP address of the host, as well as an OTP that will expire in two minutes. Once a token expires, the leader generates another token automatically.

  23. Click the Copy button to copy the token.

  24. Log in to Local UI on the host that you want to link to the leader host.

  25. From the left main menu, click Linked Edge Hosts.

  26. Click Link this device to another.

  27. In the pop-up box that appears, enter the token you copied from the leader host.

  28. Click Confirm.

  29. Repeat steps 24-28 for every host you want to link to the leader host.

  30. Confirm that all linked hosts appear in the Linked Edge Hosts table. The following columns should show the required statuses.

    ColumnStatus
    StatusReady
    ContentSynced
    HealthHealthy

    Content synchronization will take at least five minutes to complete, depending on your network resources.

  31. On the left main menu, click Cluster.

  32. Click Create cluster.

  33. For Basic Information, provide a name for the cluster and optional tags in key:value format.

  34. In Cluster Profile, the Imported Applications preview section displays the applications that are included with the Palette Management Appliance. These applications are pre-configured and used to deploy your Palette management cluster.

    Leave the default options in place and click Next.

  35. In Profile Config, configure the cluster profile settings to your requirements. Review the following tables for the available options.

    Cluster Profile Options

    OptionDescriptionTypeDefault
    Pod CIDRThe CIDR range for the pod network. This is used to allocate IP addresses to pods in the cluster.CIDR notation100.64.0.0/18
    Service CIDRThe CIDR range for the service network. This is used to allocate IP addresses to services in the cluster.CIDR notation100.64.64.0/18
    Ubuntu Pro Token (Optional)The token for your Ubuntu Pro subscription.StringNo default
    Storage Pool Drive (Optional)The storage pool device to use for the cluster. As mentioned in the Prerequisites, assign this to your second storage device.String/dev/sdb
    CSI Placement CountThe number of replicas for the Container Storage Interface (CSI) Persistent Volumes (PVs). The accepted values are 1 or 3. We recommend using 3 to provide high availability for the CSI volumes. This value must match the MongoDB Replicas value.Integer3

    Registry Options

    OptionDescriptionTypeDefault
    In Cluster Registry (Optional)- True - Use internal Zot registry
    - False - Use external registry.    		BooleanTrue
    Registry EndpointThe DNS/IP endpoint for the registry. Leave the default entry if using the internal Zot registry, which is a virtual IP address assigned by kube-vip. Adjust if using an external registry.String{{.spectro.system.cluster.kubevip}}
    Registry PortThe port for the registry. The default value can be changed for the internal Zot registry. Adjust if using an external registry.Integer30003
    OCI Registry Base Content Path (Optional)The base path for the registry content for the internal or external registry. Palette packs will be stored in this directory.Stringspectro-content
    OCI Pack Registry UsernameIf using the internal Zot registry, leave the default username or adjust to your requirements. If using an external registry, provide the appropriate username.Stringadmin
    OCI Pack Registry PasswordIf using the internal Zot registry, enter a password to your requirements. If using an external registry, provide the appropriate password.StringNo default - must be provided.
    OCI Registry Storage Size (GiB) (Optional)The size of the storage for the OCI registry. This is used to store the images and packs in the registry. The default value is set to 100 GiB, but this should be increased to at least 250 GiB for production environments.Integer100
    OCI Pack Registry Ca Cert (Optional)- Internal Zot registry - Not required.
    - External registry - The CA certificate that was used to sign the external registry certificate.    		Base64 encoded stringNo default
    Image Replacement Rules (Optional)Set rules for replacing image references when using an external registry. For example, all: oci-registry-ip:oci-registry-port/spectro-content. Leave empty if using the internal Zot registry.StringNo default
    Root Domain (Optional)The root domain for the registry. The default is set for the internal Zot registry, which is a virtual IP address assigned by kube-vip. If using an external registry, adjust this to the appropriate domain.String{{.spectro.system.cluster.kubevip}}
    Mongo ReplicasThe number of MongoDB replicas to create for the cluster. The accepted values are 1 or 3. We recommend using 3 to provide high availability for the MongoDB database. This value must match the CSI Placement Count value.Integer3

  36. Click Next when you are done.

  37. In Cluster Config, configure the following options.

    Cluster Config Options

    OptionDescriptionTypeDefault
    Network Time Protocol (NTP) (Optional)The NTP servers to synchronize time within the cluster.StringNo default
    SSH Keys (Optional)The public SSH keys to access the cluster nodes. Add additional keys by clicking Add Item.StringNo default
    Virtual IP Address (VIP)The virtual IP address for the cluster. This is used for load balancing and high availability.StringNo default

    Click Next when you are done.

  38. In Node Config, configure the following options.

    important

    You must assign at least three control plane nodes for high availability. You can remove the worker node pool as it is not required for the Palette management cluster. When doing this, ensure that the Allow worker capability option is enabled for the control plane node pool.

    Node Pool Options

    OptionDescriptionTypeDefault
    Node pool nameThe name of the control plane node pool. This will be used to identify the node pool in Palette.Stringcontrol-plane-pool
    Allow worker capability (Optional)Whether to allow workloads to be scheduled on this control plane node pool. Ensure that this is enabled if no worker pool is assigned to the cluster.BooleanTrue
    Additional Kubernetes Node Labels (Optional)Tags for the node pool in key:value format. These tags can be used to filter and search for node pools in Palette.StringNo default
    TaintsTaints for the node pool in key=value:effect format. Taints are used to prevent pods from being scheduled on the nodes in this pool unless they tolerate the taint.- Key = string
    - Value = string
    - Effect = string (enum)    		No default
    Pool Configuration

    The following options are available for both the control plane and worker node pools. You can configure these options to your requirements. You can also remove worker pools if not needed.

    OptionDescriptionTypeDefault
    ArchitectureThe CPU architecture of the nodes. This is used to ensure compatibility with the applications operating on the nodes.String (enum)amd64
    Add Edge HostsClick Add Item and select the other hosts that you installed using the Palette Management Appliance ISO. These hosts will be added to the node pool. Each pool must contain at least one node.N/A- Control Plane Pool = Current host selected
    - Worker Pool = No host selected
    NIC NameThe name of the network interface card (NIC) to use for the nodes. Leave on Auto to let the system choose the appropriate NIC, or select one manually from the drop-down menu.N/AAuto
    Host Name (Optional)The hostname for the nodes. This is used to identify the nodes in the cluster. A generated hostname is provided automatically, which you can adjust to your requirements.Stringedge-*

  39. Click Next when you are done.

  40. In Review, check that your configuration is correct. If you need to make changes, click on any of the sections in the left sidebar to go back and edit the configuration.

    When you are satisfied with your configuration, click Deploy Cluster. This will start the cluster creation process.

    The cluster creation process will take 20 to 30 minutes to complete. You can monitor progress from the Overview tab on the Cluster page in the left main menu. The cluster is fully provisioned when the status changes to Running and the health status is Healthy.

  41. Once the cluster is provisioned, access the Palette system console using the virtual IP address (VIP) you configured earlier. Open your web browser and go to https://<vip-address>/system. Replace <vip-address> with the VIP you configured for the cluster.

    The first time you visit the system console, a warning message about an untrusted TLS certificate may appear. This is expected, as you have not yet uploaded your TLS certificate. You can ignore this warning message and proceed.

  42. You will be prompted to log in to Palette system console. Use admin as the username and admin as the password. You will be prompted to change the password after logging in.

  43. In the Account Info window, provide the following information.

    FieldDescription
    Email addressThis is used for notifications and password recovery as well as logging in to the Palette system console. This will not be active until you configure SMTP settings in Palette system console and verify your email address.
    Current passwordUse admin as the current password.
    New passwordEnter a new password for the account.
    Confirm new passwordRe-enter the new password for confirmation.

    Refer to Password Requirements and Security to learn about password requirements.

After logging in, a summary page is displayed. You now have access to the Palette system console, where you can manage your Palette environment.

If you are accessing the Palette system console for the first time, a security warning may be displayed in your web browser. This is because Palette is configured with a self-signed certificate. You can replace the self-signed certificate with your own SSL certificates as guided later in Next Steps.

warning

If your installation is not successful, verify that the piraeus-operator pack was correctly installed. For more information, refer to the Self-Hosted Installation - Troubleshooting guide.

Validate

  1. Log in to the Local UI of the leader host using the URL https://<node-ip>:5080. Replace <node-ip> with the IP address of the leader host. If you have changed the default port of the console, replace 5080 with the Local UI port.

  2. In Local UI, click on Cluster in the left main menu.

  3. Check that the cluster status is Running and the health status is Healthy. In the Applications section on this page, the listed applications should be in the Running state.

  4. On the Cluster page, under Environment, click on the Admin Kubeconfig File to download it to your local machine.

  5. On your local machine, open a terminal session and export the KUBECONFIG environment variable to point to the downloaded kubeconfig file.

    export KUBECONFIG=/path/to/your/downloaded/kubeconfig

  6. Issue the following command to verify the Palette installation.

    kubectl get pods --all-namespaces --output custom-columns="NAMESPACE:metadata.namespace,NAME:metadata.name,STATUS:status.phase" \
    | grep --extended-regexp '^(cp-system|hubble-system|ingress-nginx|jet-system|ui-system)\s'

    Your output should look similar to the following.

    cp-system        spectro-cp-ui-5cb6d454f8-bndxb          Running
    hubble-system    auth-5586c867ff-mk6wn                   Running
    hubble-system    auth-5586c867ff-xm9mx                   Running
    hubble-system    cloud-7bfd6c7f55-bmpkm                  Running
    hubble-system    cloud-7bfd6c7f55-tmmjj                  Running
    hubble-system    configserver-697cf95f9f-z2tr6           Running
    hubble-system    event-8566675f7d-l7n8n                  Running
    hubble-system    event-8566675f7d-v8cmz                  Running
    hubble-system    event-8566675f7d-vtp8m                  Running
    hubble-system    foreq-59f8c6c584-47npj                  Running
    hubble-system    hashboard-5fcc8f448c-df5rj              Running
    hubble-system    hashboard-5fcc8f448c-xs6mr              Running
    hubble-system    hutil-5b49d6f5bc-5gcqc                  Running
    hubble-system    hutil-5b49d6f5bc-plg9j                  Running
    hubble-system    memstore-75b7d8bb5b-qtn7w               Running
    hubble-system    mgmt-5874d55cf6-2gh52                   Running
    hubble-system    mongo-0                                 Running
    hubble-system    mongo-1                                 Running
    hubble-system    mongo-2                                 Running
    hubble-system    msgbroker-0                             Running
    hubble-system    msgbroker-1                             Running
    hubble-system    oci-proxy-6bc464cf58-wwksw              Running
    hubble-system    reloader-reloader-59c87c446c-9cvk5      Running
    hubble-system    specman-0                               Running
    hubble-system    spectro-tunnel-647cf485b-xn87n          Running
    hubble-system    spectrocluster-85bf89dcdb-llsjj         Running
    hubble-system    spectrocluster-85bf89dcdb-m2c8w         Running
    hubble-system    spectrocluster-85bf89dcdb-tp9lk         Running
    hubble-system    spectrocluster-jobs-557bd5b798-fkzbm    Running
    hubble-system    spectrossh-74db5544bf-5t24s             Running
    hubble-system    system-6496bc487-cfchd                  Running
    hubble-system    system-6496bc487-mlxjk                  Running
    hubble-system    timeseries-7c4d6647b5-ckrnt             Running
    hubble-system    timeseries-7c4d6647b5-jb9tp             Running
    hubble-system    timeseries-7c4d6647b5-nl86q             Running
    hubble-system    user-57f7759745-8fjx8                   Running
    hubble-system    user-57f7759745-hxz4n                   Running
    ingress-nginx    ingress-nginx-controller-m5z54          Running
    ingress-nginx    ingress-nginx-controller-qsf6m          Running
    ingress-nginx    ingress-nginx-controller-w64pz          Running
    jet-system       jet-856db6655-k87k8                     Running
    ui-system        spectro-ui-bcff7f675-lds2l              Running

  7. Log in to the Palette system console using the virtual IP address (VIP) you configured earlier. Open your web browser and go to https://<vip-address>/system. Replace <vip-address> with the VIP you configured for the cluster.

  8. On the login page, use admin as the username and the new password you set during the initial login.

  9. On the Summary page, check that the On-prem system console is healthy message is displayed.

Upload Packs to Palette

Follow the instructions to upload packs to your Palette instance. Packs are used to create cluster profiles and deploy workload clusters in your environment.

Prerequisites

  • Access to the Artifact Studio to download the Palette Enterprise pack bundles.

  • If using the internal Zot registry, ensure you have access to the Local UI of the leader node of the Palette management cluster. Also, verify that your local machine can access the Local UI, as airgapped environments may have strict network policies preventing direct access.

    • (Optional) The Palette CLI installed on your local machine if you prefer to use the command line for uploading packs. Refer to the Palette CLI guide for installation instructions.

  • If using an external registry, the Palette CLI must be installed on your local machine to upload the content to the external registry. Refer to the Palette CLI guide for installation instructions.

    • Ensure your local machine has network access to the external registry server and you have the necessary permissions to push images to the registry.

Upload Packs

  1. Navigate to the Artifact Studio through a web browser, and under Create pack bundle, select Build bundle.

  2. Select the Palette Enterprise Appliance product on the Product selection step and build your pack bundles by following the prompts in the Artifact Studio.

    Refer to the Artifact Studio guide for detailed guidance on how to build pack bundles and verify the integrity of the downloaded files.

  3. Download the pack bundles to your local machine. Each pack is downloaded in .zst format.

  4. Log in to the Local UI of the leader host of the Palette management cluster. By default, Local UI is accessible at https://<node-ip>:5080. Replace <node-ip> with the IP address of the leader host.

  5. From the left main menu, click Content.

  6. Click Actions in the top right and select Upload Content from the drop-down menu.

  7. Click the upload icon to open the file selection dialog and select the downloaded pack ZST files from your local machine. You can select multiple files at once. Alternatively, you can drag and drop the files into the upload area.

    The upload process starts automatically once the files are selected. You can monitor the upload progress in the Upload Content dialog.

    Wait for the File(s) uploaded successfully confirmation message or the green check mark to appear next to the upload progress bar.

  8. Log in to the Palette system console.

  9. From the left main menu, select Administration, and then select the Pack Registries tab.

  10. Select the three-dot menu for the OCI Pack Registry and click Sync.

Validate

  1. Log in to the Local UI of the leader host of the Palette management cluster.

  2. From the left main menu, click Content.

  3. Enter the filename of the uploaded pack in the Filter by name search bar. The pack should appear in the table below. You can repeat this step for each pack you uploaded.

(Optional) Upload Third Party Packs

Follow the instructions to upload the Third Party packs to your Palette instance. The Third Party packs contain additional functionality and capabilities that enhance the Palette experience.

Prerequisites

  • Access to the Artifact Studio to download the Third Party packs.

  • If using the internal Zot registry, ensure you have access to the Local UI of the leader node of the Palette management cluster. Also, verify that your local machine can access the Local UI, as airgapped environments may have strict network policies preventing direct access.

    • (Optional) The Palette CLI installed on your local machine if you prefer to use the command line for uploading packs. Refer to the Palette CLI guide for installation instructions.

  • If using an external registry, the Palette CLI must be installed on your local machine to upload the content to the external registry. Refer to the Palette CLI guide for installation instructions.

    • Ensure your local machine has network access to the external registry server and you have the necessary permissions to push images to the registry.

Upload Packs

  1. Navigate to the Artifact Studio through a web browser, and under Create pack bundle, select Build bundle.

  2. Select the Palette Enterprise Appliance product on the Product selection step and select your current version on the Version selection step.

  3. On the Use case step, select the Add-on only option.

  4. On the Configure bundle step, enter Palette Third Party in the Search packs field and click Search. Alternatively, you can find the packs in the thirdparty category.

    Click the checkbox next to the Palette Third Party and Palette Third Party Conformance packs to select them, and click Next Step.

  5. On the Review and download step, click the I'm not a robot reCAPTCHA checkbox, and then click the Download bundle button to begin the download. Alternatively, you can click the Copy all URLs button to copy the download URLs to your clipboard.

    Wait until the packs have been downloaded to your local machine. The packs are downloaded in .zst format alongside a signature file in sig.bin format.

    tip

    Refer to the Artifact Studio guide for detailed guidance on how to verify the integrity of the downloaded files using the provided signature file.

  6. Log in to the Local UI of the leader host of the Palette management cluster. By default, Local UI is accessible at https://<node-ip>:5080. Replace <node-ip> with the IP address of the leader host.

  7. From the left main menu, click Content.

  8. Click Actions in the top right and select Upload Content from the drop-down menu.

  9. Click the upload icon to open the file selection dialog and select the Third Party ZST files from your local machine. Alternatively, you can drag and drop the files into the upload area.

    The upload process starts automatically once the files are selected. You can monitor the upload progress in the Upload Content dialog.

    Wait for the File(s) uploaded successfully confirmation message or the green check mark to appear next to the upload progress bar.

  10. Log in to the Palette system console.

  11. From the left main menu, select Administration, and then select the Pack Registries tab.

  12. Select the three-dot menu for the OCI Pack Registry and click Sync.

Validate

  1. Log in to the Local UI of the leader host of the Palette management cluster. By default, Local UI is accessible at https://<node-ip>:5080. Replace <node-ip> with the IP address of the leader host.

  2. From the left main menu, click Content.

  3. Enter the filename of each Third Party pack in the Filter by name search bar. The packs should appear in the table.

Next Steps

The following actions are recommended after installing Palette to ensure your environment is ready for use:

  • Assign your SSL certificates to Palette. Palette is installed with a self-signed SSL certificate. To assign a different SSL certificate, upload the certificate, key, and certificate authority files to Palette. You can upload the files using the system console. Refer to the Configure HTTPS Encryption page for instructions on how to upload the SSL certificate files to Palette.

  • Create a tenant in Palette to host your users. Refer to the Create a Tenant guide for instructions on how to create a tenant in Palette.

  • Activate your Palette installation before the trial mode expires. Refer to the Activate Installation guide for instructions on how to activate your installation.

  • Create additional system administrator accounts and assign roles to users in the system console. Refer to the Account Management guide for instructions on how to manage user accounts and roles in Palette.

  • Configure SMTP settings to enable email notifications and password recovery. Refer to the Configure SMTP Settings guide for instructions on how to configure SMTP settings in Palette.

For all system management options in Palette, refer to the System Management guide.