Configure a Kubernetes Cloud


Be aware that these screen captures may change based on the Kubernetes container changes. They are provided in this section as a point of reference.

Prerequisites

Before mapping a Kubernetes cluster to a Kubernetes cloud in CloudCenter, verify the following Kubernetes requirements:

  • A valid Kubernetes service account.

  • A cluster-admin cluster role binding exists on the API server (see the Kubernetes Documentation).

  • A valid Service Account Token. You can retrieve the Service Account Token from Kubernetes using one of two methods:

    • Kubernetes Dashboard Method:

      1. Access the Kubernetes web UI and scroll the left menu bar down to Config and Storage and click Secrets. The list of secrets for the cluster is shown on the right panel:

      2. Click the link corresponding to the Service Account Token to view the token details screen:

      3. Click the eyeball icon to the left of the token at the end of the Data section to reveal the token. Copy and paste to the Service Account Token field in the CloudCenter platform's Add Cloud Account pop-up.

        The service account token must be in base64 format before pasting into the Add Cloud Accounts page. Retrieving the token form the Kubernetes Web UI assures this to be true.

    • The kubectl Command Method:

      1. Issue the following commands in sequence – the last command returns the token.

      2. Copy and paste this token to the Service Account Token field in the CloudCenter platform's Add Cloud Account pop-up.

        export NAMESPACE="default"
        
        export SERVICE_ACCOUNT_NAME="bob-the-bot3"
        
        kubectl create serviceaccount $SERVICE_ACCOUNT_NAME -n $NAMESPACE
        serviceaccount "bob-the-bot3" created
        
        kubectl create clusterrolebinding <name> --clusterrole=cluster-admin -serviceaccount=$NAMESPACE:$SERVICE_ACCOUNT_NAME
        
        export SECRET_NAME=$(kubectl get serviceaccount $SERVICE_ACCOUNT_NAME -n $NAMESPACE -o 'jsonpath={.secrets[0].name}' 2>/dev/null)
        
        kubectl get secret $SECRET_NAME -n $NAMESPACE -o "jsonpath={.data.token}" | openssl enc -d -base64 -
  • API Endpoint URL for the service account – you can retrieve this information using the following command:

    kubectl cluster-info
  • To further debug and diagnose cluster-related problems, you can additionally use the following command:

    kubectl cluster-info dump
  • API Version: By default, this setting is optional and not required.
    You may need to configure it based on your Kubernetes cluster settings.

    • Default API Version (Optional) – The API version of the Kubernetes cluster.

    • API Override Version (Optional) – When creating resources like network policy or persistent volume claim in a Kubernetes cluster, you may be using a specific API version that is different from the default API version. To address this difference, add an entry in this field using the following examples as guidance, where custom_api_version should be replaced by the specific API version in your environment:

      • Example 1:
        Secret:
        custom_api_version;Service:custom_api_version;PersistentVolumeClaim:custom_api_version;NetworkPolicy:custom_api_version;Pod:custom_api_version;Deployment:custom_api_version

      • Example 2:
        PersistentVolumeClaim:custom_api_version;NetworkPolicy:custom_api_version;Pod:custom_api_version;Deployment:custom_api_version

      • Example 3:
        PersistentVolumeClaim:custom_api_version;NetworkPolicy:custom_api_version

Configuration Process

To configure the logical mapping for a Kubernetes cloud, follow this procedure.

  1. Access the CCM UI > Admin > Clouds > Add Cloud in the CCM UI main menu.

  2. Select the Kubernetes option, provide a Name and Description for this cloud, and click OK.

  3. Locate the newly-added cloud and click the Add Cloud Account link. The Add Cloud Account pop-up displays:

    1. Assign a new cloud account name.

      Tip

      The name should not contain any space, dash, or special characters.

    2. Add the following Cloud Credentials associated with your Kubernetes cluster and click Save.

      Field

      Description

      Service Account Name

      The email address or username that you used to login to the Kubernetes cluster.

      Service Account Token

      The token used to access the Kubernetes service account as specified in the Prerequisites section above.

  4. Add the Kubernetes API endpoint information:

    1. Click the Details tab for this Kubernetes cloud:

    2. Click the Edit Kubernetes Settings link to bring up the Configure Cloud Settings pop-up page:

    3. Add the API Endpoint URL and optional Default API Version and/or API Version Override, if applicable, then click Save. The API endpoint URL can be obtained by running the kubectl cluster-info command on the master node. (See the Prerequisites section above).

  5. Add instance types to the cloud. From the details tab, click Add Instance Types. This brings up the Add Instance Types pop-up page. Populate the required fields and click Save. Repeat this process for all instance types you need to specify.

    You must explicitly create the Instance Types as required. See Manage Instance Types for additional context.

    The Instance Type reflects MilliCPUs for a Kubernetes container and (Virtual) CPUs for all other clouds.

  6. To complete the cloud configuration, you must register the CCO with the CCM.

     Register the CCO with the CCM

    Register the CCO with the CCM


    Cloud Region Nuances

    Once you register a CCO with the CCM, the CCO only works for the registered cloud region.

    CloudCenter

    Once you register a CCO with the CCM, the CloudCenter platform considers this cloud region to be active and you can only delete the cloud region from the CloudCenter platform under specific conditions. See Cloud Region Configuration > Delete Cloud Region for additional details.

    While the example provided references the AWS cloud, be aware that the screen captures may differ for each cloud.

    Registration Process

    To register the CCO with the CCM, follow this procedure:

    1. In the Configure Orchestrator popup, provide the CCO IP address that is accessible by CCM and select the cloud account that is used to host the CCO:

    2. If you are not already at this page, verify that you are in the Configure Regions page (Admin > Clouds > Configure Regions for the required cloud).

      1. Click Configure Orchestrator in the Regions tab.

      2. Orchestrator IP or DNS: Provide the IP or DNS address for the CCO server.

      3. Remote Desktop Gateway DNS or IP: The IP address of the Guacamole server (enables browser-based access to the VMs). If the Guacamole component resides in the AMQP server, provide the IP address of the AMQP server.

      4. Cloud Account: Select the cloud account that you want to use with this CCO.

        Amazon Cloud Nuance

        This setting is important if you have configured an IAM Role. Be sure to select the cloud account that contains this role.

    3. Click Save. The CCM and CCO have now established a mutual trust relationship. The CloudCenter platform now manages the cloud region with the deployed CCO.

      If in HA mode while registering, provide the IP or DNS of the CCO_LB server in the Orchestrator IP or DNS field and the AMQP_LB server IP or DNS in the Remote Desktop Gateway DNS or IP field.

    You have registered the CCO VM and completed your configuration.

    Next Steps

    You have the following options at this point:


    Caution

    If you Edit Kubernetes Settings, you must save the changes to the CCO to ensure that these changes are also propagated to CCOs inside a firewall configuration.

    If your CCO is already configured, you must re-register the CCO for these Cloud Settings to take effect.

Return to: Configure Cloud(s)

  • No labels
© 2017-2019 Cisco Systems, Inc. All rights reserved