Skip to main content
Version: 1.14.0

Install the Kubeslice Controller

The KubeSlice Controller orchestrates the creation and management of slices across the worker clusters. The KubeSlice Controller components and the worker cluster components can coexist on a cluster. Hence, the cluster running the KubeSlice Controller can also be used as a worker cluster.

info

We recommend that you run the KubeSlice Controller on a separate cluster.

KubeSlice Controller Components

KubeSlice Controller installs the following:

  • KubeSlice Controller specific ClusterResourceDefinitions(CRDs)
  • ClusterRole, ServiceAccount and ClusterRoleBinding for KubeSlice Controller
  • A Role and RoleBinding for KubeSlice Controller Leader Election
  • KubeSlice Controller workload
  • KubeSlice Controller API Gateway

Controller Configuration Parameters

The following tables describe the configuration parameters used to install the KubeSlice Controller.

ParameterParameter TypeDescriptionRequired
globalObjectThis contains the configuration for global settings.Mandatory
KubesliceObjectThis contains the configuration for KubeSlice Controller.Mandatory
PrometheusObjectThis contains the configuration for Prometheus server.Mandatory
imagePullSecretsObjectThis contains the configuration to pull the Kubernetes dashboard image from.Mandatory

Global Parameters

ParameterParameter TypeDescriptionRequired
imageRegistryStringThe global image imageRegistry settings. The value must be docker.io/aveshasystems.Mandatory
ProfileObjectThis contains the configuration for OpenShift cluster.Mandatory
kubeTallyObjectThis contains the configuration for KubeTally.Optional

Profile Parameters

ParameterParameter TypeDescriptionRequired
openshiftStringThis is the controller settings for OpenShift cluster.Optional

KubeTally Parameters

The following table describes the configuration parameters used to enable cost management feature that is available on the KubeSlice Manager.

ParameterParameter TypeDescriptionRequired
enabledBooleanThis parameter value is set to false by default. If you want to use KubeTally, set the parameter value to true.Optional
postgresAddrStringThe IP or URL of the Postgres database.Mandatory
postgresPortStringThe port required to connect to the database.Mandatory
postgresUserStringThe username required to connect to the database.Mandatory
postgresPasswordStringThe password required to connect to the database.Mandatory
postgresDBStringThe database name.Mandatory
priceServiceTypeStringThe service type for the price service type.Mandatory
priceUpdaterWorkersStringThe number of workers for the price updater.Mandatory
prometheusUrlStringThe Prometheus URL for monitoring.Mandatory
dataProcessingHoursAgoStringThe data processing time window.Mandatory
chargeUpdaterScheduleStringThe cron expression to schedule charge updater.Mandatory
pricingUpdaterScheduleStringThe cron expression to schedule pricing updater.Mandatory

KubeSlice Parameters

This parameter contains the configuration object used in the KubeSlice Controller YAML file.

ParameterParameter TypeDescriptionRequired
controllerObjectThis contains the configuration for the KubeSlice Controller.Mandatory
prometheusObjectThis contains the configuration for Prometheus.Mandatory
eventsObjectThis contains the configuration for events.Optional
licenseObjectThis object describes the type of the license and its activation mode.Optional

Controller Parameters

This object contains the different parameters used in the KubeSlice Controller YAML file.

ParameterParameter TypeDescriptionRequired
loglevelStringThe log level of Controller. The default value is INFO. The other values are DEBUG or ERROR.Optional
rbacResourcePrefixStringThe RBAC resource prefix.Optional
projectnsPrefixStringThe project namespace prefix.Optional
endpointAlphaNumericThe URL of the Kubernetes control plane.Mandatory
kubeTallyObjectThe object that contains the kubeTally metrics cleanup interval.Only mandatory for resource cost management
replicationObjectThe object that contains the MinIO credentials required for replication slice.Only mandatory for replication slice

KubeTally Parameters

ParameterParameter TypeDescriptionRequired
enabledBooleanThe default value is false. If you want to switch to KubeTally, set the value to true.Optional

Replication Parameters

These parameters are required for installing MinIO that is a prerequisite for replication slice.

ParameterParameter TypeDescriptionRequired
minioObjectThis object contains the credentials, storage, and the Boolean expression to install MinIO. This object is required for replication slice.Only mandatory for replication slice

MinIO Parameters

These parameters are required for installing MinIO that is a prerequisite for replication slice.

ParameterParameter TypeDescriptionRequired
installBooleanThis is a Boolean expression to install MinIO and it must be set to true.Only mandatory for replication slice
storageStringThis value is the storage of the MinIO bucket in the controller that must be set to 1Gi.Only mandatory for replication slice
usernameStringThe user name you need to provide for installing MinIO.Only mandatory for replication slice
passwordStringThe password you need to provide for installing MinIO.Only mandatory for replication slice

Controller Prometheus Parameters

ParameterParameter TypeDescriptionRequired
enabledBooleanThis is a Boolean expression to enable the Prometheus server configuration. The value is true to enable the default Prometheus server.Optional
urlStringThis is the URL for the Prometheus service.Optional

Controller Events Parameters

ParameterParameter TypeDescriptionRequired
disabledStringThis is the Boolean expression to enabled to the Controller events. The default value is false. Set the value to true to enable the events.Optional

Controller License Parameters

This object contains the different parameters used in the KubeSlice Controller YAML file.

ParameterParameter TypeDescriptionRequired
typeStringThe type of the license for installing KubeSlice. The value must be kubeslice-trial-license for a trial license and kubeslice-vcpu-license for an enterprise License.Mandatory
modeStringThis is the license activation mode. For installing the KubeSlice Controller online, the value is auto, which is default. For installing the KubeSlice Controller on an airgap cluster, the value is manual.Optional
customerNameStringEnter a name of the user or organization to easily identify.Optional

Prometheus Configuration Parameters

Parameter TypeParameter TypeDescriptionRequired
imagePullSecretsObjectThe secrets tp pull the image.Mandatory
configmapReloadObjectThis contains the configuration for Prometheus config reloader.Mandatory
serverObjectThis contains the configuration for the Prometheus server.Mandatory

ImagePull Secrets Parameters

Parameter TypeParameter TypeDescriptionRequired
nameStringThis is the image name.Mandatory

Prometheus ConfigMap Reload Parameters

Parameter TypeParameter TypeDescriptionRequired
configmapReloadObjectThis contains the configuration for the Prometheus config reloader.Optional

Prometheus Parameters

Parameter TypeParameter TypeDescriptionRequired
PrometheusObjectThis contains the configuration for the Prometheus Config Reloader image.Optional

ConfigMap Reload Parameters

Parameter TypeParameter TypeDescriptionRequired
ImageObjectThis contains the Prometheus configMap image details.Optional

ConfigMap Reload Image Parameters

Parameter TypeParameter TypeDescriptionRequired
repositoryStringThe repository for the Prometheus config reloader image. The value must be docker.io/aveshasystems/prometheus-config-reloader.Optional
tagStringThe tag for the Prometheus server image (uses appVersion from Chart.yaml if not set)Optional
digestStringThe digest for the Prometheus server image (use tag if empty).Optional
pullPolicyStringThe Pull policy for the Prometheus server image.Optional

Prometheus Server Parameters

Parameter TypeParameter TypeDescriptionRequired
ImageObjectThis contains the information of the Prometheus configuration.Optional
serviceObjectThis contains the configuration for Prometheus server.Optional
persistentVolumeObjectThis contains the persistent volume configuration for Prometheus server.Optional
retentionAlphaNumericThis is the retention period for Prometheus. The default value is 30 days.Optional

Prometheus Server Image Parameters

Parameter TypeParameter TypeDescriptionRequired
repositoryStringThe repository for the Prometheus server image. The value must be docker.io/aveshasystems/prometheus.Optional
tagStringThe tag for the Prometheus server image (uses appVersion from Chart.yaml if not set).Optional
digestStringThe digest for the Prometheus server image (use tag if empty).Optional
pullPolicyStringThe Pull policy for the Prometheus server image.Optional

Prometheus Service Parameters

Parameter TypeParameter TypeDescriptionRequired
typeStringThe service type for the Prometheus server.Optional

Prometheus PV Parameters

Parameter TypeParameter TypeDescriptionRequired
enabledBooleanThis is the Boolean expression to enable or disable Persistent Volume claim (PVC) for Prometheus data.Optional
statefulSetNameOverrideStringThe override name for the created PVC (empty uses stateful set name).Optional
accessModesStringThe access modes for the PVC.Optional
labelsStringThe labels for the PVC.Optional
annotationsStringThe annotations for the PVC.Optional
existingClaimStringThe name of existing PVC to use (create manually if set).Optional
mountPathStringThe mount path for Prometheus data.Optional
sizeAlphaNumericThe size of the PVC.Optional

Image Pull Secret Parameters

note

The values required for this section were supplied during the registration process. Refer to your registration email.

These parameters are required to access the repository to pull the image. They are configured in the KubeSlice Controller YAML file.

ParameterParameter TypeDescriptionRequired
repositoryStringThis is the repository URL to pull the image from.Its value must always be https://index.docker.io/v1/.Mandatory
usernameStringThis is your username to log in to the repository.Mandatory
passwordStringThis is your user access token/password to log in to the repository.Mandatory
emailStringThis is your email address to log into the repository.Mandatory

Create KubeSlice Controller YAML

To install the KubeSlice Controller on one of the clusters, you need to create a controller.yaml file that requires the endpoint of the controller cluster. The endpoint is the location on which you install the KubeSlice Controller. Installing the KubeSlice Controller installs the Prometheus with default settings. The Prometheus will have Persistent Volume of 5GB and the retention period of 30 days. You can change the Prometheus default configuration.

Get the Cluster Endpoint

Use the following command to get the cluster endpoint:

kubectl cluster-info

Example output

Kubernetes control plane is running at https://aks-controller-cluster-dns-06a5f5da.hcp.westus2.azmk8s.io:443
addon-http-application-routing-default-http-backend is running at https://aks-controller-cluster-dns-06a5f5da.hcp.westus2.azmk8s.io:443/api/v1/namespaces/kube-system/services/addon-http-application-routing-default-http-backend/proxy
addon-http-application-routing-nginx-ingress is running at http://40.125.122.238:80 http://40.125.122.238:443
healthmodel-replicaset-service is running at https://aks-controller-cluster-dns-06a5f5da.hcp.westus2.azmk8s.io:443/api/v1/namespaces/kube-system/services/healthmodel-replicaset-service/proxy
CoreDNS is running at https://aks-controller-cluster-dns-06a5f5da.hcp.westus2.azmk8s.io:443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
Metrics-server is running at https://aks-controller-cluster-dns-06a5f5da.hcp.westus2.azmk8s.io:443/ap

From the above output, copy the URL for the Kubernetes control plane to add it as the cluster endpoint in the controller.yaml file.

For example, https://aks-controller-cluster-dns-06a5f5da.hcp.westus2.azmk8s.io:443.

View Cost Allocation

You can view the aggregated chargeback amounts for multi-cluster Kubernetes environments through the KubeSlice Manager. To enable the KubeTally feature in the KubeSlice Manager. You must enable the kubeTally in the YAML file. The default value is false. You must set the kubeTally:enabled value to true and configure the PostgreSQL database as a prerequisite in the YAML file.

warning

The current version of kubeTally only supports AWS clusters. Currently, you can view cost allocation only for AWS clusters.

Create the Controller YAML

Create the controller.yaml file using the following template.

# Default values for k-native.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

# if you're installing in openshift cluster make this variable true
global:
  imageRegistry: docker.io/aveshasystems
  # Profile settings (e.g., for OpenShift)
  profile:
    openshift: false
  kubeTally:
    # Enable or disable KubeTally
    enabled: false

    postgresSecretName: kubetally-db-credentials # Default value, secret name can be overridden

    # Ensure to configure the mandatory PostgreSQL database settings when 'kubetally enable' is true.
    postgresAddr: "" # Optional, can be specified here or retrieved from the secret
    postgresPort: # Optional, can be specified here or retrieved from the secret
    postgresUser: "" # Optional, can be specified here or retrieved from the secret
    postgresPassword: "" # Optional, can be specified here or retrieved from the secret
    postgresDB: "" # Optional, can be specified here or retrieved from the secret
    postgresSslmode: require

kubeslice:
  # Configuration for the KubeSlice controller
  controller:
    # Log level for the controller
    logLevel: info
    # Endpoint for the controller (should be specified if needed)
    endpoint: <control-plane endpoint>
    # Image pull policy for the KubeSlice controller
    pullPolicy: IfNotPresent

  # license details by default mode set to auto and license set to trial - please give company-name or user-name as customerName
  license:
    # possible license type values ["kubeslice-trial-license"]
    type: kubeslice-trial-license
    # possible license mode - ["auto", "manual"]
    mode: auto
    # please give company-name or user-name as customerName
    customerName: <customer name>

imagePullSecretsName: "kubeslice-image-pull-secret"
# leave the below fields empty if secrets are managed externally.
imagePullSecrets:
  repository: https://index.docker.io/v1/
  username: <user-name>
  password: <password>
  email: <email-address>
  dockerconfigjson: ## Value to be used if using external secret managers

Apply Controller YAML

helm install kubeslice-controller kubeslice/kubeslice-controller -f <full path of the controller>.yaml --namespace kubeslice-controller --create-namespace

Expected Output

NAME: kubeslice-controller
LAST DEPLOYED: Thu Nov  11 13:12:49 2024
NAMESPACE: kubeslice-controller
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
kubeslice-controller installation successful!

Validate Controller Installation

Validate the installation of the KubeSlice Controller by checking the status of the pods that belong to the kubeslice-controller namespace using the following command:

kubectl get pods -n kubeslice-controller

Expected Output

NAME                                                              READY   STATUS      RESTARTS   AGE
kubeslice-controller-manager-5bf66447b7-nmxr7                     2/2     Running     0          35h
kubeslice-controller-prometheus-service-7bdc699b5-jrgwj           2/2     Running     0          35h
license-job-f38c6fb9-fg4dm                                        0/1     Completed   0          35h

Expected Output when KubeTally is enabled

note

The KubeTally pricing updater job is a one-time job that will run to get the latest resource prices and updates in database.

NAME                                                              READY   STATUS      RESTARTS   AGE
kubeslice-controller-kubetally-pricing-service-b67cb59cc-h72bl   1/1     Running     0          23h
kubeslice-controller-kubetally-pricing-updater-job-vdmv5         0/1     Completed   0          23h
kubeslice-controller-kubetally-report-756dff5fb4-ztjnb           1/1     Running     0          4h22m
kubeslice-controller-manager-7dd5b4c7fd-kf9th                    2/2     Running     0          23h
kubeslice-controller-prometheus-service-7bdc699b5-5cmv5          2/2     Running     0          47h
license-job-9f5fb056-6jzz2                                       0/1     Completed   0          23h

Validate the MinIO Backup Storage

Validate the MinIO backup storage on the controller cluster using the following command:

kubectl get pods -n minio

Expected Output

NAMESPACE              NAME                                                  READY   STATUS      RESTARTS      AGE
minio                  minio-7459dd6949-hw55w                                1/1     Running     0             40s

Install the KubeSlice Manager

KubeSlice Manager is a web-based user interface that allows you to register your worker cluster, create a slice on the registered worker cluster(s), and onboard your application namespaces with or without enabling the namespace isolation. KubeSlice Manager also enables you to access the Kubernetes dashboard to see the workload status of your worker cluster. You must install the KubeSlice Manager on the controller cluster.

KubeSlice Manager Configuration Parameters

These are the configuration parameters to install the KubeSlice Manager. They are configured in the KubeSlice Manager YAML file.

ParameterParameter TypeDescriptionRequired
kubeTallyObjectThis object contains the configuration required to enable KubeTally.Optional
kubesliceObjectThis contains the configuration to pull the KubeSlice Manager and Kubernetes dashboard images from. This object also contains the proxy configuration to install the KubeSlice Manager.Mandatory
imagePullSecretsObjectThis contains the secrets to access the repository to pull the KubeSlice image from.Mandatory

KubeTally Parameters

This contains the configuration parameters that are required to install KubeTally. They are configured in the KubeSlice Manager YAML file.

ParameterParameter TypeDescriptionRequired
costApiUrlStringThis contains the URL to access KubeTallyOptional but mandatory for KubeTally
enabledBooleanThis parameter enables KubeTally when it is set to true. The default value is false.Mandatory only for KubeTally

KubeSlice Parameters

This contains the configuration parameters that are required to install the KubeSlice Manager. They are configured in the KubeSlice Manager YAML file.

ParameterParameter TypeDescriptionRequired
dashboardObjectThis contains the configuration to pull the Kubernetes dashboard image from.Mandatory
uiproxyObjectThis contains the configuration to pull the UI proxy configuration from.Mandatory

Dashboard Parameters

This parameter is related to the Kubernetes dashboard that is installed as part of the KubeSlice Manager. It is configured in the KubeSlice Manager YAML file.

ParameterParameter TypeDescriptionRequired
enableBooleanThe default value is set to true. If you do not want the Kubernetes dashboard, then set this parameter value to false.Optional

UI Proxy Parameters

These contains the KubeSlice Manager proxy information configured in the KubeSlice Manager YAML file.

ParameterParameter TypeDescriptionRequired
imageStringThis is the URL of the image.Mandatory
tagStringThis is a version of the image.Mandatory
pullPolicyStringThis policy indicates the condition when the image is pulled.Mandatory
serviceObjectThis indicates the type of the Kubernetes service.Mandatory

Service Parameters

ParameterParameter TypeDescriptionRequired
typeStringThis is the type of the service in Kubernetes to access a logical set of pods.Mandatory

KubeSlice Manager Image Pull Secret Parameters

These parameters are required to access the repository to pull the image. They are configured in the KubeSlice Manager YAML file.

ParameterParameter TypeDescriptionRequired
repositoryStringThis is the repository URL to pull the image from.Its value must always be https://index.docker.io/v1/.Mandatory
usernameStringThis is your username to log in to the repository.Mandatory
passwordStringThis is your user access token/password to log in to the repository.Mandatory
emailStringThis is your email address to log into the repository.Mandatory

Create KubeSlice Manager YAML

Create the kubeslice-manager.yaml file for the KubeSlice Manager using the following template.

# Default values for k-native.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global:
  imageRegistry: docker.io/aveshasystems
  profile:
    openshift: false

kubeTally:
  costApiUrl: http://kubetally-pricing-service:30001
  enabled: false

kubeslice:
  productName: kubeslice

  dashboard:
    enabled: true

  uiproxy:
    service:
      type: LoadBalancer

imagePullSecretsName: "kubeslice-ui-image-pull-secret"
# leave the below fields empty if secrets are managed externally.
imagePullSecrets:
  repository: https://index.docker.io/v1/
  username: "<username>"
  password: "<password>"
  email: "<email address>"
  dockerconfigjson: ## Value to be used if using external secret managers

Apply the KubeSlice Manager YAML File

Apply the kubeslice-manager.yaml file:

helm install kubeslice-ui kubeslice/kubeslice-ui -f kubeslice-manager.yaml -n kubeslice-controller

Validate the KubeSlice Manager Installation

To validate the installation, check the status of pods that belong to the kubeSlice-controller namespace using the following command:

kubectl get pods -n kubeslice-controller

Expected Output

NAME                                                              READY   STATUS      RESTARTS   AGE
kubeslice-api-gw-6bdd86c574-cgtfv                                 1/1     Running     0          35h
kubeslice-controller-manager-5bf66447b7-nmxr7                     2/2     Running     0          35h
kubeslice-controller-prometheus-service-7bdc699b5-jrgwj           2/2     Running     0          35h
kubeslice-ui-576f94544-5nb8w                                      1/1     Running     0          35h
kubeslice-ui-proxy-6645d66cb5-h779v                               1/1     Running     0          35h
kubeslice-ui-v2-57bdb69797-kk8rd                                  1/1     Running     0          8h
license-job-f38c6fb9-fg4dm                                        0/1     Completed   0          35h

Expected Output when KubeTally (Cost Management) is enabled

note

The KubeTally pricing updater job is a one-time job that will run to get the latest resource prices and updates in database.

NAME                                                             READY   STATUS      RESTARTS   AGE
kubeslice-api-gw-b9c7b7f7d-f4png                                 1/1     Running     0          23h
kubeslice-controller-kubetally-pricing-service-b67cb59cc-h72bl   1/1     Running     0          23h
kubeslice-controller-kubetally-pricing-updater-job-vdmv5         0/1     Completed   0          23h
kubeslice-controller-kubetally-report-756dff5fb4-ztjnb           1/1     Running     0          4h22m
kubeslice-controller-manager-7dd5b4c7fd-kf9th                    2/2     Running     0          23h
kubeslice-controller-prometheus-service-7bdc699b5-5cmv5          2/2     Running     0          47h
kubeslice-ui-66f7f686d5-77x78                                    1/1     Running     0          23h
kubeslice-ui-proxy-685d47f756-f57wk                              1/1     Running     0          23h
kubeslice-ui-v2-856c74c4f7-2vg2t                                 1/1     Running     0          23h
license-job-9f5fb056-6jzz2                                       0/1     Completed   0          23h

Validate Kubernetes Dashboard

To validate the installation of the Kubernetes dashboard, check the status of pods that belong to the kubernetes-dashboard namespace using the following command:

kubectl get pods -n kubernetes-dashboard

Expected Output

NAME                                                   READY   STATUS    RESTARTS   AGE
kubernetes-dashboard-api-6f89c48d74-rfs46              1/1     Running   0          2d10h
kubernetes-dashboard-auth-767d5d7864-xqxpd             1/1     Running   0          12d
kubernetes-dashboard-kong-7b7c75db8d-tspql             1/1     Running   0          2d10h
kubernetes-dashboard-metrics-scraper-fb7df48f5-xml67   1/1     Running   0          12d
kubernetes-dashboard-web-c74cddfcb-9bwtq               1/1     Running   0          2d10h

Access KubeSlice Manager URL

To access the KubeSlice Manager URL, you need to retrieve the external IP & high port of the kubeslice-ui-proxy load balancer service. To validate the installation of KubeSlice Manager, you can use the following command to get the services associated with the kubeslice-controller namespace:

kubectl get svc -n kubeslice-controller

Expected Output

NAME                                                      TYPE           CLUSTER-IP    EXTERNAL-IP      PORT(S)         AGE
kubeslice-api-gw                                          ClusterIP   10.96.33.222    <none>        8080/TCP        44m
kubeslice-controller-controller-manager-metrics-service   ClusterIP   10.96.14.102    <none>        8443/TCP        46m
kubeslice-controller-kubetally-pricing-service            ClusterIP   10.96.38.210    <none>        30001/TCP       3m54s
kubeslice-controller-prometheus-service                   ClusterIP   10.96.216.219   <none>        9090/TCP        46m
kubeslice-controller-webhook-service                      ClusterIP   10.96.168.219   <none>        443/TCP         46m
kubeslice-ui                                              ClusterIP   10.96.131.238   <none>        80/TCP          44m
kubeslice-ui-proxy                                        NodePort    10.96.169.126   <none>        443:31000/TCP   44m
kubeslice-ui-v2                                           ClusterIP   10.96.192.35    <none>        80/TCP          44m

URL Example Using the above expected output the Kubslice URL is as follows: https://34.159.124.159:30257

success

You have successfully installed the KubeSlice Manager on a controller cluster.

Integrate an Identity Provider with KubeSlice

You must integrate a supported Identity Provider (IdP) with KubeSlice to enable Slice RBAC functionality.

For more information, see Configure Identity Provider.

Create Project Namespace

A project may represent an individual customer or an organization or a department within an organization. Each project would have a dedicated auto-generated namespace, which will ensure that the resources of one project do not clash with the resources of another project.

For example, a slice with the same name can exist across multiple projects but with different configurations. Changes to the slice in one project will not affect the slice in another project. For more information, see the KubeSlice Architecture.

Project Namespace Configuration Parameters

The following tables describe the parameters in the configuration file used to create the project namespace.

ParameterParameter TypeDescriptionRequired
apiVersionStringThe KubeSlice Controller API version. The value must be controller.kubeslice.io/v1alpha1.Mandatory
kindStringThe name of a Mandatory particular object schema. The value must be Project.Mandatory
metadataObjectThe metadata describes the parameters (names and types) and attributes that have been applied.Mandatory
specObjectThe specification of the desired state of an object.Mandatory

Project Metadata Parameters

These parameters are required for configuring the metadata in the project YAML file.

ParameterParameter TypeDescriptionRequired
nameStringThe name of the project you are creating. Each project should have a unique name.Mandatory
namespaceStringThe namespace on which you apply the project configuration file. The value must be kubeslice-controller.Mandatory

Project Spec Parameters

ParameterParameter TypeDescriptionRequired
serviceAccountObjectTo specify permissions on the Project namespace.Mandatory

Service Account Parameters

A service account provides an identity for running processes in application pods. It contains the list of users configured in the project YAML file.

ParameterParameter TypeDescriptionRequired
readOnlyList of StringsThe user to be created with read-only permission.Optional
readWriteList of StringsThe user to be created with read-write permission.Optional

Create Project YAML

Create a project namespace by creating a <project_name>.yaml file using the following template:

apiVersion: controller.kubeslice.io/v1alpha1
kind: Project
metadata:
  name: <project name>
  namespace: kubeslice-controller
spec:
  serviceAccount:
    readOnly:
      - <readonly user1>
      - <readonly user2>
      - <readonly user3>
    readWrite:
      - <readwrite user1>
      - <readwrite user2>
      - <readwrite user3>

Apply Project YAML

Use the <project_name>.yamlfile that you have created and apply it to create the project.

Apply the YAML file:

kubectl apply -f <full path of the project name>.yaml -n kubeslice-controller

Project Validation

After applying the YAML file on the project namespace, you can validate if the project and service accounts are created successfully.

Validate the Project

Use the following command on the kubeslice-controller namespace to get the list of the project:

kubectl get project -n kubeslice-controller

Expected Output

NAME     AGE
avesha   30s

Validate the Service Accounts

To validate the account creation, check the service accounts that belong to the project namespace using the following command:

kubectl get sa -n kubeslice-<project name>

Example:

kubectl get sa -n kubeslice-avesha

Example Output

NAME                              SECRETS   AGE
default                           1         30s
kubeslice-rbac-ro-user1           1         30s
kubeslice-rbac-rw-user2           1         30s
success

You have successfully installed the KubeSlice Controller and created the project with a dedicated namespace.

Copyright © Avesha 2025. All rights reserved.  Terms and Conditions  and  Privacy Policy