When using AxoRouter with an on-premises Axoflow Console deployment, you have to complete the following steps on the hosts you want to deploy AxoRouter on. These steps are specific to on-premises Axoflow Console deployments, and are not needed when using the SaaS Axoflow Console.
-
If the domain name of Axoflow Console cannot be resolved from the AxoRouter host, add it to the
/etc/hostsfile of the AxoRouter host in the following format. Use and IP address of Axoflow Console that can be accessed from the AxoRouter host.<AXOFLOW-CONSOLE-IP-ADDRESS> <AXOFLOW-CONSOLE-BASE-URL> kcp.<AXOFLOW-CONSOLE-BASE-URL> telemetry.<AXOFLOW-CONSOLE-BASE-URL> idp.<AXOFLOW-CONSOLE-BASE-URL> authenticate.<AXOFLOW-CONSOLE-BASE-URL> -
Import Axoflow Console certificates to AxoRouter hosts.
-
On the Axoflow Console host: Run the following command to extract certificates. The AxoRouter host will need these certificates to download the installation binaries and access management traffic.
k3s kubectl get secret -n axoflow kcp-ca -o=jsonpath='{.data.ca\.crt}'|base64 -d > $BASE_HOSTNAME-kcp-ca.crtk3s kubectl get secret -n axoflow pomerium-certificates -o=jsonpath='{.data.ca\.crt}'|base64 -d > $BASE_HOSTNAME-pomerium-ca.crtThis will create two files in the local folder. Copy them to the AxoRouter hosts.
-
On the AxoRouter hosts: Copy the certificate files extracted from the Axoflow Console host.
- On Red Hat: Copy the files into the
/etc/pki/ca-trust/source/anchors/folder, then runsudo update-ca-trust extract. (If needed, install theca-certificatespackage.) - On Ubuntu: Copy the files into the
/usr/local/share/ca-certificates/folder, then runsudo update-ca-certificates
- On Red Hat: Copy the files into the
-
curl https://kcp.<your-host.your-domain>
- Now you can deploy AxoRouter on the host.