| Info |
|---|
This article instructs on A Kubernetes cluster is a set of nodes that run containerized applications. This guide explains how to integrate Kubernetes Clusters (EKS or AKS) on-prem Kubernetes clusters with Cloudaware. |
To see how Cloudaware seamlessly integrates with Kubernetes Cluster in action, request a demo.
| Table of Contents |
|---|
Prerequisites
Adding Kubernetes Cluster
1. If Kubernetes cluster is private, set up TunHub gateway and use the TunHub route URL (e.g. https://tunhub.cloudaware.com:12345) as Cluster URL.
Add Kubernetes cluster
Log in to
...
Cloudaware account
...
→ Admin.
Find Kubernetes in the list of
...
cloud Integrations. Click +Add
...
3. Click Get New Certificate Request.
...
.
Fill out the form:
WHERE
Cluster Name - insert a meaningful cluster name
Cluster URL - insert the cluster URL*
*If Kubernetes cluster is public, use a direct web link to the cluster.
If Kubernetes cluster is private, install Breeze agent, set up TunHub gateway and use the TunHub route URL (e.g. https://tunhub.cloudaware.com:12345).
Select one of the options below:
Kubernetes certificate
1) Select Using Kubernetes Certificate. Click GET NEW CERTIFICATE REQUEST.
2) Insert the username that will be utilized in Kubernetes. Click Generate.
...
As a result, a The certificate will be generated in .csr format (e.g. cloudaware_test.csr)4. .
3) Sign the Cloudaware certificate request that will be used by Kubernetes control plane node - see the example below:
| Code Block |
|---|
openssl x509 -req -in cloudaware_test.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out cloudaware_test.crt -days 3650 |
5. 4) Set up authorization for the user on RBAC level. Create a custom Cluster role node-reader for Cloudaware to be able to fetch the information about Cluster nodes:
...
| Code Block |
|---|
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: cloudaware_test-binding subjects: - kind: User name: cloudaware_test namespace: default apiGroup: "" roleRef: kind: ClusterRole name: view apiGroup: "" --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: cloudaware_test-binding2 subjects: - kind: User name: cloudaware_test namespace: default apiGroup: "" roleRef: kind: ClusterRole name: node-reader apiGroup: "" |
5. ) Once the certificate is signed, go back to Cloudaware. Insert Cluster URL* and click Upload Signed Certificate to Click UPLOAD SIGNED CERTIFICATE and upload the certificate file. Click Save.
...
*If your Kubernetes Cluster is public, use a direct web link in 'Cluster URL'.
If your Kubernetes Cluster is private, install Breeze agent, set up TunHub Gateway and use the TunHub route URL (e.g. https://tunhub.cloudaware.com:12345) in 'Cluster URL'.
List of Kubernetes Cluster Objects
Cloudaware supports the following Kubernetes Cluster objects (to be updated)
Kubernetes service account
Ensure you have kubectl installed and configured.
1) Select Using Kubernetes Service Account.
2) Launch kubectl to access the cluster that will be added to Cloudaware. Create required Kubernetes objects using the following manifest:
| Code Block |
|---|
apiVersion: v1
kind: ServiceAccount
metadata:
name: cloudaware-sa
namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cloudaware-node-reader
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cloudaware-node-reader-binding
subjects:
- kind: ServiceAccount
name: cloudaware-sa
namespace: default
apiGroup: ""
roleRef:
kind: ClusterRole
name: cloudaware-node-reader
apiGroup: ""
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cloudaware-view-binding
subjects:
- kind: ServiceAccount
name: cloudaware-sa
namespace: default
apiGroup: ""
roleRef:
kind: ClusterRole
name: view
apiGroup: "" |
The manifest creates a service account named cloudaware-sa and grants it with the cluster-wide read-only access, along with the permissions to get/list/watch cluster nodes. Learn more on Kubernetes RBAC here.
2) Save the manifest content to a file, e.g. cloudaware-sa.yaml, and run the command:
| Code Block |
|---|
kubectl create -f cloudaware-sa.yaml |
3) Get the service account token using the command:
| Code Block |
|---|
kubectl get secret $(kubectl get secret | awk '/cloudaware-sa/{print $1}') -o jsonpath={.data.token} | base64 -d |
The newly created service account token is being stored in Kubernetes as a secret. The command above reads and decodes the token from the secret value. Learn more on Service Account Tokens here.
4) Go back to Cloudaware. Insert the service account token in the form. Click Save.
The green light in 'Status' means that Kubernetes integration has been successfully configured. If there is a red light, please contact support@cloudaware.com.
To view Kubernetes-related data, go to Cloudaware CMDB Navigator. Select KUBERNETES in the menu on the left:
List of Kubernetes objects
Cloudaware supports the following Kubernetes objects:
Kubernetes Cluster
Kubernetes Cluster Config Map
Kubernetes Cluster Daemon Set
Kubernetes Cluster Deployment
Kubernetes Cluster Endpoint
Kubernetes Cluster HPA
Kubernetes Cluster Ingress
Kubernetes Cluster Limit Range
Kubernetes Cluster Namespace
Kubernetes Cluster Network Policy
Kubernetes Cluster Network Policy Rule
Kubernetes Cluster Node
Kubernetes Cluster Node Address
Kubernetes Cluster Pod
Kubernetes Cluster Pod Container
Kubernetes Cluster Pod Disruption Budget
Kubernetes Cluster Replica Set
Kubernetes Cluster Resource Quota
Kubernetes Cluster Role
Kubernetes Cluster Role Binding
Kubernetes Cluster Secret
Kubernetes Cluster Service
Kubernetes Cluster Service Account
Kubernetes Cluster Service Account Secret
Kubernetes Cluster Stateful Set
Kubernetes Cluster Storage Class