Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]

9 Kubernetes Integration Guide

9.1 Prerequisites

The prerequisites listed below should be met before proceeding.

  • At least one Kubernetes or _SUSE CaaS Platform _ cluster available on your network

  • SUSE Manager configured for container management

    Note
    Note

    Required channels are present, a registered build host available etc.

  • virtual-host-gatherer-Kubernetes package installed on your SUSE Manager server

9.2 Requirements

  • Kubernetes version 1.5.0 or higher. Alternatively use SUSE CaaS Platform (SUSE CaaS Platform includes Kubernetes 1.5.0 by default)

  • Docker version 1.12 or higher on the container build host

Note
Note

To enable all Kubernetes related features within the Web UI, the virtual-host-gatherer-Kubernetes package must be installed.

9.3 Register Kubernetes as a Virtual Host Manager

Kubernetes clusters are registered with SUSE Manager as virtual host managers. Registration and authorization begins with importing a kubeconfig file using Kubernetes official command line tool kubectl.

Procedure: Registering a Kubernetes Cluster with SUSE Manager
  1. Select Systems › Virtual Host Managers from the navigation menu.

  2. Expand the Create dropdown in the upper right corner of the page and select Kubernetes Cluster .

  3. Input a label for the new Virtual Host Manager.

  4. Select the kubeconfig file which contains the required data for the Kubernetes cluster.

  5. Select the correct context for the cluster, as specified in the kubeconfig file.

  6. Click Create.

9.4 View the List of Nodes in a Cluster

  1. Select Systems › Virtual Host Managers from the navigation menu.

  2. Select the desired Kubernetes cluster to view it.

  3. Node data is not refreshed during registration. To refresh node data, click on Schedule refresh data.

  4. Refresh the browser. If the node data is not available wait a few moments and try again.

9.5 Obtain Runtime Data about Images

See the following steps to find runtime data for images.

  1. Select Images › Images from the navigation menu.

  2. In the image list table, take notice of the new runtime columns. These are labeled: Revision, Runtime and Instances. Initially these columns will not provide useful data.

    • Revision: An artificial sequence number which increments on every rebuild for manager-built images, or on every reimport for externally built images.

    • Runtime: Overall status of the running instances of the image throughout the registered clusters. The status can be one of the following:

      • All instances are consistent with SUSE Manager: All the running instances are running the same build of the image as tracked by SUSE Manager.

      • Outdated instances found: Some of the instances are running an older build of the image. A redeploy of the image into the pod may be required.

      • No information: The checksum of the instance image does not match the image data contained in SUSE Manager. A redeploy of the image into the pod may be required.

    • Instances: Number of instances running this image across all the clusters registered in SUSE Manager. A breakdown of numbers can be seen by clicking on the pop-up icon next to the number.

9.6 Build an image for deployment in Kubernetes

The following steps will help you build an image for deployment in Kubernetes.

  1. Under Images › Stores, create an image store.

  2. Under Images › Profiles, create an image profile (with a Dockerfile which is suitable to deploy to Kubernetes).

  3. Under Images › Build, build an image with the new profile and wait for the build to finish.

  4. Deploy the image into one of the registered Kubernetes clusters (via kubectl).

  5. Notice the updated data in Runtime and Instances columns in the respective image row.

9.7 Import a Previously Deployed Image in Kubernetes

The following steps will guide you through importing a previously deployed image in Kubernetes.

  1. Select an image that has already been deployed to any of your registered Kubernetes clusters.

  2. Add the registry owning the image to SUSE Manager as an image store.

  3. Select Images › Images , click Import from the top-right corner, fill in the form fields and click Import.

  4. Notice the updated data in Runtime and Instances columns in the respective image row.

9.8 Obtain Additional Runtime Data

The following steps will help you find additional runtime data.

  1. Select to Images › Images , click the Details button on the right end of a row which has running instances.

  2. Under the Overview tab, notice the data in Runtime and Instances fields under Image Info section.

  3. Select the Runtime tab.

  4. Here is a breakdown of the Kubernetes pods running this image in all the registered clusters including the following data:

    • Pod name

    • Namespace which the pod resides in

    • The runtime status of the container in the specific pod. Status icons are explained in the preceeding example.

9.9 Rebuild a Previously Deployed Image in Kubernetes

The following steps will guide you through rebuilding an image which has been deployed to a Kubernetes cluster.

  1. Go to Images › Images , click the Details button on the right end of a row which has running instances. The image must be manager-built.

  2. Click the Rebuild button located under the Build Status section and wait for the build to finish.

  3. Notice the change in the Runtime icon and title, reflecting the fact that now the instances are running a previous build of the image.

9.10 Role Based Access Control Permissions and Certificate Data

Important
Important

Currently, only kubeconfig files containing all embedded certificate data may be used with SUSE Manager

The API calls from SUSE Manager are:

  • GET /api/v1/pods

  • GET /api/v1/nodes

According to this list, the minimum recommended permissions for SUSE Manager should be as follows:

  • A ClusterRole to list all the nodes:

    resources: ["nodes"]
    verbs: ["list"]
  • A ClusterRole to list pods in all namespaces (role binding must not restrict the namespace):

    resources: ["pods"]
    verbs: ["list"]

Due to a a 403 response from /pods, the entire cluster will be ignored by SUSE Manager.

For more information on working with RBAC Authorization see: https://kubernetes.io/docs/admin/authorization/rbac/

Print this page