Add K8S controller #22
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,81 @@ | ||
| JAAS: Add a K8S cloud to JIMM | ||
| ============================= | ||
|
|
||
| Introduction | ||
| ------------ | ||
| In this how-to, we will demonstrate adding a K8S cloud to JIMM | ||
|
There was a problem hiding this comment. nitpick.. we are not "demonstrating" we are showing users how to do it.. |
||
| and deploying a model. | ||
|
|
||
| Prerequisites | ||
| ------------- | ||
|
|
||
| For this how-to, you will require the following: | ||
|
|
||
| - Basic knowledge of Juju | ||
| - Have JIMM deployed with admin access | ||
| - Have a machine based controller added to JIMM | ||
| - Basic knowledge of K8S | ||
| - A controller running in the region next to your K8S deployment, whether that be | ||
|
There was a problem hiding this comment. This is confusing, There was a problem hiding this comment. Ah ok I meant same subnet or a subnet with specific routing rules to another subnet, I'll update to be clearer |
||
| microk8s, EKS, etc. | ||
|
|
||
| Ensure kube config is set correctly | ||
| ----------------------------------- | ||
|
|
||
| Firstly we'll need a local kube config correctly configured | ||
| with the K8S cluster you wish to add to JIMM. | ||
|
|
||
| The default location for this file can be found here: | ||
|
|
||
| ``cat ~/.kube/config`` | ||
|
|
||
| In this `contexts` object, locate your designed context and remember | ||
|
There was a problem hiding this comment. although.. to be fair.. we never tell users how to organize their .kube/config file.. they might not have multiple contexts There was a problem hiding this comment. it is typical to have them in one config file as k8s doesnt support config file aggregation There was a problem hiding this comment. +1 on desired, changed @kian99 |
||
| its "name" field. | ||
|
|
||
| Updating JIMM to be aware of this cloud | ||
| --------------------------------------- | ||
|
|
||
| Next we'll add the cloud by context to JIMM. | ||
|
|
||
| Firstly let us switch to the JIMM controller (note, this is not the controller JIMM is running on but JIMM itself), run: | ||
|
There was a problem hiding this comment. Then maybe we should just say "switch to JIMM", keeping the bits in brackets. There was a problem hiding this comment. I'm a bit lost with this, what do you mean? |
||
| ``juju switch <your jimm controller>`` | ||
|
|
||
| Add your K8S cloud using the following command: | ||
ale8k marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| ``juju add-k8s --context-name <context field from ~/.kube/config> --cloud=<cloud name> --region=<region name> <your k8s cloud name>`` | ||
ale8k marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| Presuming you are running on EKS, your command may look like: | ||
|
There was a problem hiding this comment. presuming your context name is "operatorinc" and the eks cluster is running in eu-west-2.. |
||
| ``juju add-k8s --context-name operatorinc --cloud=aws --region=eu-west-2 k8s-operatorinc`` | ||
|
|
||
| JIMM will now take these credentials, and add them to the controller within that cloud and region. | ||
ale8k marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| You can check if the credential have been uploaded to the controller managed by JIMM via: | ||
|
There was a problem hiding this comment. This is a bit confusing.. you're saying "if the credenital(s) have been uploaded" and in the next step you're telling users they need to update credentials. There was a problem hiding this comment. yes sorry, it should say "cloud" not credential, updated |
||
| ``juju clouds --controller <your controller name>`` | ||
|
|
||
| Finally, we need to update JIMM with the credentials for your user to add-models. | ||
| As you're an admin, no access grants are required: | ||
| ``juju add-credential <your k8s cloud name>`` | ||
|
|
||
| This will take you through an interactive input terminal, typically all fields can be skipped | ||
|
There was a problem hiding this comment. It would be nice to know what the other fields are for though |
||
| except one. When asked for what auth type you wish to use, select OAuth2.0 and retrieve your | ||
| access token and user for your cluster from `~/.kube/config`, this is located in the user section. | ||
|
There was a problem hiding this comment. Can users authenticate with a k8s cluster via username/password auth? Or other auth besides OAuth There was a problem hiding this comment. yup they can! updated to include |
||
|
|
||
| Finally, you can now add a K8S model to your JIMM managed controller! Try: | ||
| ``juju add-model test <your k8s cloud name>`` | ||
|
|
||
| Allowing users to create models using the new cloud | ||
| --------------------------------------------------- | ||
| For external users to create models on this new cloud, they will require access. | ||
|
|
||
| Firstly, have the user login: | ||
| ``juju login your.jimm.domain | ||
|
|
||
| Ask them for their username, this can be retrieved via: | ||
| ``juju whoami`` | ||
|
|
||
| On your JIMM instance where you are the administrator, run: | ||
| ``juju grant-cloud <username> add-model <your k8s cloud name>`` | ||
|
|
||
| Lastly, request the user runs the following on the JIMM controller: | ||
|
There was a problem hiding this comment. hmm.. should we show them how to create users in k8s.. i don't think we would want to advise them to share the same credential with all users that should have access to the new cloud. There was a problem hiding this comment. This can be really complicated as there's many ways to do it ... I feel this was more a "quick and dirty" how-to |
||
| ``juju add-credential <your k8s cloud name>`` | ||
|
|
||
| Please note, they will require their own credentials to the cluster and be | ||
| expected to enter them. | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A suggestion, how different is it adding a generic cloud versus a k8s cloud? Could we make this a guide for adding any kind of cloud and then include a ::note section example here, on what tweaks to make for a k8s cloud.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i think this should remain a very specific how-to.. other than k8s, i think users would only ever want to add maas as a cloud.. and that could be another tutorial
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mhmmm, idk here, happy to do whatever you guys conclude on