VHM and Kubernetes

Table of Contents

1. Create a Kubernetes VHM
2. Retrieve Image Runtime Data
3. Permissions and Certificates

You can use a virtual host manager (VHM) to manage Kubernetes clusters.

The VHM allows SUSE Manager to obtain and report information about your clusters. For more information on VHMs, see Virtual Host Managers.

To use SUSE Manager with Kubernetes, you will need to have your SUSE Manager Server configured for container management, with all required channels present, and a registered container build host available.

You also require:

At least one Kubernetes cluster available on your network.
The virtual-host-gatherer-Kubernetes package installed on the SUSE Manager Server.
Kubernetes version 1.5.0 or higher.
Docker version 1.12 or higher on the container build host.

1. Create a Kubernetes VHM

Kubernetes clusters are registered with SUSE Manager as a VHM.

You will need a kubeconfig file to register and authorize your Kubernetes cluster. You can get a kubeconfig file using the Kubernetes command line tool kubectl. kubectl config view --flatten=true provides the configuration with the certificate files embedded as needed for the VHM.

Procedure: Creating a Kubernetes VHM

In the SUSE Manager Web UI, navigate to Systems Virtual Host Managers.
Click Create and select Kubernetes Cluster.
In the Add a Kubernetes Virtual Host Manager section, use these parameters:
- In the Label field, type a custom name for your VHM.
- Select the kubeconfig file that contains the required data for the Kubernetes cluster.
In the context field, select the appropriate context for the cluster. This is specified in the kubeconfig file.
Click Create.

Procedure: Viewing the Nodes in a Cluster

In the SUSE Manager Web UI, navigate to Systems Virtual Host Managers.
Select the Kubernetes cluster.
Refresh the node data by clicking Schedule refresh data.

The node data can take a few moments to update. You might need to refresh your browser window to see the updated information.

Any connection or authentication problems are logged to gatherer.log.

Node data is not refreshed during registration. You need to manually refresh the data to see it.

2. Retrieve Image Runtime Data

You can view runtime data about Kubernetes images in the SUSE Manager Web UI, by navigating to Images Image List.

The image list table contains three columns:

Revision:

A sequence number that increments on every rebuild for images built by SUSE Manager, or on every import for externally built images.
Runtime:

Overall status of the running instances for each image in registered clusters.
Instances:

Number of instances running this image across all the clusters registered in SUSE Manager. You can see a breakdown of numbers by clicking the pop-up icon next to the number.

The Runtime column displays one of these status messages:

All instances are consistent with SUSE Manager:

All the running instances are running the same build of the image as tracked by SUSE Manager.
Outdated instances found:

Some of the instances are running an older build of the image. You might need to redeploy the image.
No information:

The checksum of the instance image does not match the image data contained in SUSE Manager. You might need to redeploy the image.

Procedure: Building an Image

In the SUSE Manager Web UI, navigate to Images Stores.
Click Create to create an image store.
Navigate to Images Profiles.
Click Create to create an image profile. You will need to use a dockerfile that is suitable to deploy to Kubernetes.
Navigate to Images Build to build an image with the new profile.
Deploy the image into one of the registered Kubernetes clusters. You can do this with the kubectl tool.

The updated data should now be available in the image list at Images Image List.

Procedure: Importing a Previously Deployed Image

In the SUSE Manager Web UI, navigate to Images Image Stores.
Add the registry that owns the image you want to import, if it is not already there.
Navigate to Images Image List and click Import.
Complete the fields, select the image store you created, and click Import.

The imported image should now be available in the image list at Images Image List.

Procedure: Rebuilding a Previously Deployed Image

In the SUSE Manager Web UI, navigate to Images Image List, locate the row that contains the image you want to rebuild, and click Details.
Navigate to the Build Status section, and click Rebuild. The rebuild can take some time to complete.

When the rebuild has successfully completed, the runtime status of the image is updated in the image list at Images Image List. This shows that the instances are running a previous build of the image.

You can only rebuild images if they were originally built with SUSE Manager. You cannot rebuild imported images.

Procedure: Retrieving Additional Runtime Data

In the SUSE Manager Web UI, navigate to Images Image List, locate the row that contains the running instance, and click Details.
Navigate to the Overview tab. In the Image Info section, there is data in the Runtime and Instances fields.
Navigate to the Runtime tab. This section contains a information about the Kubernetes pods running this image in all the registered clusters. The information in this section includes:
- Pod name.
- Namespace which the pod resides in.
- The runtime status of the container in the specific pod.

3. Permissions and Certificates

You can only use kubeconfig files with SUSE Manager if they contain all embedded certificate data.

The API calls from SUSE Manager are:

GET /api/v1/pods
GET /api/v1/nodes

The minimum recommended permissions for SUSE Manager are:

A ClusterRole to list all the nodes:
```
resources: ["nodes"]
verbs: ["list"]
```
A ClusterRole to list pods in all namespaces (role binding must not restrict the namespace):
```
resources: ["pods"]
verbs: ["list"]
```

If /pods returns a 403 reponse, the entire cluster is ignored by SUSE Manager.

For more information on working with RBAC Authorization, see https://kubernetes.io/docs/admin/authorization/rbac/.