Install the Kubeslice Controller
The KubeSlice Controller orchestrates the creation and management of slices on the worker clusters. The KubeSlice Controller components and the worker cluster components can coexist on a cluster. Hence, the cluster running the KubeSlice Controller can also be used as a worker cluster. We recommend that you run the KubeSlice Controller on a separate cluster.
KubeSlice Controller Components
KubeSlice Controller installs the following:
- KubeSlice Controller specific ClusterResourceDefinitions(CRDs)
- ClusterRole, ServiceAccount and ClusterRoleBinding for KubeSlice Controller
- A Role and RoleBinding for KubeSlice Controller Leader Election
- KubeSlice Controller workload
- KubeSlice Controller API Gateway
Create KubeSlice Controller YAML
To install the KubeSlice Controller on one of the clusters, you need to create a controller.yaml file that requires the endpoint of the controller cluster. The endpoint is the location on which you install the KubeSlice Controller.
Get the Cluster Endpoint
Use the following command to get the cluster endpoint:
kubectl cluster-info
Example output
Kubernetes control plane is running at https://aks-controller-cluster-dns-06a5f5da.hcp.westus2.azmk8s.io:443
addon-http-application-routing-default-http-backend is running at https://aks-controller-cluster-dns-06a5f5da.hcp.westus2.azmk8s.io:443/api/v1/namespaces/kube-system/services/addon-http-application-routing-default-http-backend/proxy
addon-http-application-routing-nginx-ingress is running at http://40.125.122.238:80 http://40.125.122.238:443
healthmodel-replicaset-service is running at https://aks-controller-cluster-dns-06a5f5da.hcp.westus2.azmk8s.io:443/api/v1/namespaces/kube-system/services/healthmodel-replicaset-service/proxy
CoreDNS is running at https://aks-controller-cluster-dns-06a5f5da.hcp.westus2.azmk8s.io:443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
Metrics-server is running at https://aks-controller-cluster-dns-06a5f5da.hcp.westus2.azmk8s.io:443/ap
From the above output, copy the URL for the Kubernetes control plane to
add it as the cluster endpoint in the controller.yaml file.
For example,
https://aks-controller-cluster-dns-06a5f5da.hcp.westus2.azmk8s.io:443.
Controller Configuration Parameters
The following tables describe the configuration parameters used to install the KubeSlice Controller.
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| Kubeslice | Object | The cluster where the KubeSlice Controller is installed. | Mandatory |
| imagePullSecrets | Object | This contains the configuration to pull the Kubernetes dashboard image from. | Mandatory |
KubeSlice Parameters
This parameter contains the configuration object used in the KubeSlice Controller YAML file.
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| controller | Object | The cluster where the KubeSlice Controller is installed. | Mandatory |
| license | Object | This object describes the type of the license and its activation mode. | Optional |
Controller Parameters
This object contains the different parameters used in the KubeSlice Controller YAML file.
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| loglevel | String | The log level of Controller. The default value is INFO. The other values are DEBUG or ERROR. | Optional |
| rbacResourcePrefix | String | The RBAC resource prefix. | Optional |
| projectnsPrefix | String | The project namespace prefix. | Optional |
| endpoint | AlphaNumeric | The URL of the Kubernetes control plane. | Mandatory |
Controller License Parameters
This object contains the different parameters used in the KubeSlice Controller YAML file.
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| type | String | The type of the license for installing KubeSlice. The value must be always kubeslice-trial-license. Currently, we support only trial license. | Mandatory |
| mode | String | This is the license activation mode. For installing the KubeSlice Controller online, the value is auto, which is default. For installing the KubeSlice Controller on an airgap cluster, the value is manual. | Optional |
| customerName | String | Enter a name of the user or organization to easily identify. | Optional |
Controller Image Pull Secret Parameters
note
The values required for this section were supplied during the registration process. Refer to your registration email.
These parameters are required to access the repository to pull the image. They are configured in the KubeSlice Controller YAML file.
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| repository | String | This is the repository URL to pull the image from.Its value must always be https://index.docker.io/v1/. | Mandatory |
| username | String | This is your username to log in to the repository. | Mandatory |
| password | String | This is your user access token/password to log in to the repository. | Mandatory |
| String | This is your email address to log into the repository. | Mandatory |
Create Controller YAML
Create the controller.yaml file using the following template.
info
To understand more about the parameters, see Controller Configuration Parameters.
kubeslice:
controller:
loglevel: info
rbacResourcePrefix: kubeslice-rbac
projectnsPrefix: kubeslice
endpoint: <endpoint of your cluster>
license:
# possible license type values ["kubeslice-trial-license"]
type: kubeslice-trial-license
# possible license mode - ["auto", "manual"]
mode: auto
# please give company-name or user-name as customerName
customerName: ""
imagePullSecrets:
repository: https://index.docker.io/v1/
username: <Provide from Registration Email>
password: <Provide from Registration Email>
email: <Provide from Registration Email>
Apply Controller YAML
helm install kubeslice-controller kubeslice/kubeslice-controller -f <full path of the controller>.yaml --namespace kubeslice-controller --create-namespace
Expected Output
NAME: kubeslice-controller
LAST DEPLOYED: Tue May 3 13:12:49 2022
NAMESPACE: kubeslice-controller
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
kubeslice-controller installation successful!
Validate Controller Installation
Validate the installation of the KubeSlice Controller by checking the status of the pods
that belong to the kubeslice-controller namespace using the following command:
kubectl get pods -n kubeslice-controller
Expected Output
NAME READY STATUS RESTARTS AGE
kubeslice-controller-manager-5579bd8d74-4wx72 2/2 Running 0 16s
kubeslice-controller-prometheus-6bd88d7ddd-7nmg9 1/1 Running 0 16s
license-job-806180d5-f8mkn 0/1 Completed 0 11s
Install the KubeSlice Manager
KubeSlice Manager is a web-based user interface that allows you to register your worker cluster, create a slice on the registered worker cluster(s), and onboard your application namespaces with or without enabling the namespace isolation. KubeSlice Manager also enables you to access the Kubernetes dashboard to see the workload status of your worker cluster. You must install the KubeSlice Manager on the controller cluster.
KubeSlice Manager Configuration Parameters
These are the configuration parameters to install the KubeSlice Manager. They are configured in the KubeSlice Manager YAML file.
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| kubeslice | Object | This contains the configuration to pull the KubeSlice Manager and Kubernetes dashboard images from. This object also contains the proxy configuration to install the KubeSlice Manager. | Mandatory |
| imagePullSecrets | Object | This contains the secrets to access the repository to pull the KubeSlice image from. | Mandatory |
KubeSlice Parameters
This contains the configuration parameters that are required to install the KubeSlice Manager. They are configured in the KubeSlice Manager YAML file.
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| dashboard | Object | This contains the configuration to pull the Kubernetes dashboard image from. | Mandatory |
| uiproxy | Object | This contains the configuration to pull the UI proxy configuration from. | Mandatory |
Dashboard Parameters
These parameters are related to the Kubernetes dashboard that is installed as part of the KubeSlice Manager. They are configured in the KubeSlice Manager YAML file.
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| image | String | This is the URL of the image. | Mandatory |
| tag | String | This is a version of the image. | Mandatory |
| pullPolicy | String | This policy indicates the condition when the image is pulled. | Mandatory |
UI Proxy Parameters
These contains the KubeSlice Manager proxy information configured in the KubeSlice Manager YAML file.
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| image | String | This is the URL of the image. | Mandatory |
| tag | String | This is a version of the image. | Mandatory |
| pullPolicy | String | This policy indicates the condition when the image is pulled. | Mandatory |
| service | Object | This indicates the type of the Kubernetes service. | Mandatory |
Service Parameters
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| type | String | This is the type of the service in Kubernetes to access a logical set of pods. | Mandatory |
KubeSlice Manager Image Pull Secret Parameters
These parameters are required to access the repository to pull the image. They are configured in the KubeSlice Manager YAML file.
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| repository | String | This is the repository URL to pull the image from.Its value must always be https://index.docker.io/v1/. | Mandatory |
| username | String | This is your username to log in to the repository. | Mandatory |
| password | String | This is your user access token/password to log in to the repository. | Mandatory |
| String | This is your email address to log into the repository. | Mandatory |
Create KubeSlice Manager YAML
Create the kubeslice-manager.yaml file for the KubeSlice Manager using the following template.
imagePullSecrets:
repository: https://index.docker.io/v1/
username: <Provide from Registration Email>
password: <Provide from Registration Email>
email: <Provide from Registration Email>
Apply the KubeSlice Manager YAML File
Apply the kubeslice-manager.yaml file:
helm install kubeslice-ui kubeslice/kubeslice-ui -f kubeslice-manager.yaml -n kubeslice-controller
Validate the KubeSlice Manager Installation
To validate the installation, check the status of pods that belong to
the kubeSlice-controller namespace using the following command:
kubectl get pods -n kubeslice-controller
Expected Output
NAME READY STATUS RESTARTS AGE
kubeslice-api-gw-65d48fb47c-w8k6s 1/1 Running 0 3m38s
kubeslice-controller-manager-5579bd8d74-4wx72 2/2 Running 0 5m47s
kubeslice-controller-prometheus-6bd88d7ddd-7nmg9 1/1 Running 0 5m47s
kubeslice-ui-58d99447dc-bz78n 1/1 Running 0 3m38s
kubeslice-ui-proxy-65c68c9cbb-gjstn 1/1 Running 0 3m38s
kubeslice-ui-v2-f66879599-kfhp5 1/1 Running 0 3m38s
license-job-806180d5-f8mkn 0/1 Completed 0 5m42s
Validate Kubernetes Dashboard
To validate the installation of the Kubernetes dashboard, check the status of pods that belong to
the kubernetes-dashboard namespace using the following command:
kubectl get pods -n kubernetes-dashboard
Expected Output
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-c45b7869d-94n28 1/1 Running 0 12m
kubernetes-dashboard-5795797dcb-m9mfq 1/1 Running 0 12m
Access KubeSlice Manager URL
To access the KubeSlice Manager URL, you need to retrieve the external IP & high port of the kubeslice-ui-proxy load balancer service. To validate the installation of KubeSlice Manager, you can use the following command to get the services associated with the kubeslice-controller namespace:
kubectl get svc -n kubeslice-controller
Expected Output
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubeslice-api-gw ClusterIP 10.7.33.222 <none> 8080/TCP 12s
kubeslice-controller-controller-manager-metrics-service ClusterIP 10.7.42.35 <none> 8443/TCP 12s
kubeslice-controller-prometheus-service ClusterIP 10.7.33.23 <none> 9090/TCP 13s
kubeslice-controller-webhook-service ClusterIP 10.7.43.138 <none> 443/TCP 12s
kubeslice-ui ClusterIP 10.7.40.12 <none> 80/TCP 12s
kubeslice-ui-proxy LoadBalancer 10.7.41.182 34.159.124.158 443:30275/TCP 12s
kubeslice-ui-v2 ClusterIP 10.7.43.34 <none> 80/TCP 30s
URL Example
Using the above expected output the Kubslice URL is as follows:
https://34.159.124.159:30257
success
You have successfully installed the KubeSlice Manager on a controller cluster.
Integrate an Identity Provider with KubeSlice
You must integrate a supported Identity Provider (IdP) with KubeSlice to enable Slice RBAC functionality.
For more information, see Configure Identity Provider.
Create Project Namespace
A project may represent an individual customer or an organization or a department within an organization. Each project would have a dedicated auto-generated namespace, which will ensure that the resources of one project do not clash with the resources of another project.
For example, a slice with the same name can exist across multiple projects but with different configurations. Changes to the slice in one project will not affect the slice in another project. For more information, see the KubeSlice Architecture.
Project Namespace Configuration Parameters
The following tables describe the parameters in the configuration file used to create the project namespace.
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| apiVersion | String | The KubeSlice Controller API version. The value must be controller.kubeslice.io/v1alpha1. | Mandatory |
| kind | String | The name of a Mandatory particular object schema. The value must be Project. | Mandatory |
| metadata | Object | The metadata describes the parameters (names and types) and attributes that have been applied. | Mandatory |
| spec | Object | The specification of the desired state of an object. | Mandatory |
Project Metadata Parameters
These parameters are required for configuring the metadata in the project YAML file.
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| name | String | The name of the project you are creating. Each project should have a unique name. | Mandatory |
| namespace | String | The namespace on which you apply the project configuration file. The value must be kubeslice-controller. | Mandatory |
Project Spec Parameters
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| serviceAccount | Object | To specify permissions on the Project namespace. | Mandatory |
Service Account Parameters
A service account provides an identity for running processes in application pods. It contains the list of users configured in the project YAML file.
| Parameter | Parameter Type | Description | Required |
|---|---|---|---|
| readOnly | List of Strings | The user to be created with read-only permission. | Optional |
| readWrite | List of Strings | The user to be created with read-write permission. | Optional |
Create Project YAML
Create a project namespace by creating a <project_name>.yaml file using the following template:
apiVersion: controller.kubeslice.io/v1alpha1
kind: Project
metadata:
name: <project name>
namespace: kubeslice-controller
spec:
serviceAccount:
readOnly:
- <readonly user1>
- <readonly user2>
- <readonly user3>
readWrite:
- <readwrite user1>
- <readwrite user2>
- <readwrite user3>
Apply Project YAML
Use the <project_name>.yamlfile that you have created and apply it to create the project.
Apply the YAML file:
kubectl apply -f <full path of the project name>.yaml -n kubeslice-controller
Project Validation
After applying the YAML file on the project namespace, you can validate if the project and service accounts are created successfully.
Validate the Project
Use the following command on the kubeslice-controller namespace to get
the list of the project:
kubectl get project -n kubeslice-controller
Expected Output
NAME AGE
avesha 30s
Validate the Service Accounts
To validate the account creation, check the service accounts that belong to the project namespace using the following command:
kubectl get sa -n kubeslice-<project name>
Example:
kubectl get sa -n kubeslice-avesha
Example Output
NAME SECRETS AGE
default 1 30s
kubeslice-rbac-ro-user1 1 30s
kubeslice-rbac-rw-user2 1 30s
success
You have successfully installed the KubeSlice Controller and created the project with a dedicated namespace.