Version: 1.15.0

Register Worker Clusters

Before creating a slice across clusters, you must register your worker clusters with the KubeSlice Controller. This topic describes the steps to register worker clusters with the KubeSlice Controller.

Create the Cluster Registration YAML File

You can list multiple clusters in a single registration YAML file and register them with the KubeSlice Controller.

Create your cluster registration.yaml file using the following template:

warning

Limit the cluster name and slice name to 15 characters or fewer, as exceeding the limit results in a service export error.

info

To know more about the configuration details, see cluster registration parameters.

apiVersion: controller.kubeslice.io/v1alpha1
kind: Cluster
metadata:
  name: <cluster-name-1>
  namespace: kubeslice-<projectname>
spec:
  networkInterface: <network_interface>
  clusterProperty:
    geoLocation:
      cloudProvider: "<cloud_provider>"
      cloudRegion: "<cloud_region>"
---
apiVersion: controller.kubeslice.io/v1alpha1
kind: Cluster
metadata:
  name: <cluster-name-2>
  namespace: <kubeslice-projectname>
spec:
  networkInterface: <network_interface>
  clusterProperty:   
    geoLocation:
      cloudProvider: "<cloud_provider>"
      cloudRegion: "<cloud_region>"

Example YAML File Only with Mandatory Parameters

apiVersion: controller.kubeslice.io/v1alpha1
kind: Cluster
metadata:
  name: worker-1
  namespace: kubeslice-avesha
spec:
  networkInterface: eth0
---
apiVersion: controller.kubeslice.io/v1alpha1
kind: Cluster
metadata:
  name: worker-2
  namespace: kubeslice-avesha
spec:
  networkInterface: eth0

Example YAML Expanded file

apiVersion: controller.kubeslice.io/v1alpha1
kind: Cluster
metadata:
  name: worker-cluster-1
  namespace: avesha
spec:
  networkInterface: eth0
  clusterProperty:   
    geoLocation:
      cloudProvider: "AZURE"
      cloudRegion: "eastus"
---
apiVersion: controller.kubeslice.io/v1alpha1
kind: Cluster
metadata:
  name: worker-cluster-2
  namespace: avesha
spec:
  networkInterface: eth0
  clusterProperty:   
    geoLocation:
      cloudProvider: "AZURE"
      cloudRegion: "westus2"

Apply the Cluster Registration YAML File

The following information is required.

Values	Description
`<cluster name>`	The name of the cluster.
`<project namespace>`	The namespace of your project.

Switch the context to the controller cluster.
```
kubectx <controller cluster name>
```

Use the following command to apply the registration.yaml file.

kubectl apply -f <full path to registration>.yaml -n <project namespace>

Validate the Registered Clusters

Validate the registered clusters by using the following command:

kubectl get clusters -n kubeslice-<project name>

Example

kubectl get clusters -n kubeslice-avesha

Expected Output

NAME           AGE
aks-worker-2   17s
gke-worker-1   17s

Install the Slice Operator

To install the Slice Operator on the worker cluster, you need to first register the worker cluster with the KubeSlice Controller as performed in the previous section. After the worker cluster is registered, you can obtain its secrets manually from the KubeSlice Controller. These secrets will then need to be used in the slice-operator.yaml file to install the Slice Operator. By completing these steps, the worker cluster can fully integrate with the KubeSlice Controller and utilize its features.

info

** THIS STEP NEEDS TO BE PERFORMED ON ALL WORKER CLUSTERS IN THE CONFIGURATION. **

Automated Retrieval of Registered Cluster Secrets

Get the Worker Network Interface

To install the Slice Operator, you will require the interface name of the gateway nodes which were either labeled at the time of installation or were created as node pools during the installation process.

warning

The below command does not work for OpenShift clusters.

Use the following command on the gateway node:

ip route get <external node IP> | awk '{ print $5 }'

Example

ip route get 8.8.8.8 | awk '{ print $5 }'

Example Output

eth0

Create the secrets.sh File

Copy and save the below script as secrets.sh.

info

To know more about the configuration details, see automated retrieval of secret parameters.

# The script returns a kubeconfig for the service account given
# you need to have kubectl on PATH with the context set to the cluster you want to create the config for

# Cosmetics for the created config
firstWorkerSecretName=$1

# cluster name what you given in clusters registration
clusterName=$2

# the Namespace and ServiceAccount name that is used for the config
namespace=$3

# Need to give correct network interface value like ens160, eth0 etc
networkInterface=$4

# kubectl cluster-info of respective worker-cluster
worker_endpoint=$5

# Enter your username getting through mail
dusername=$6
# Enter your password getting through mail
dpassword=$7

######################
# actual script starts
set -o errexit

### Fetch Worker cluster Secrets ###
PROJECT_NAMESPACE=$(kubectl get secrets $firstWorkerSecretName -n $namespace  -o jsonpath={.data.namespace})
CONTROLLER_ENDPOINT=$(kubectl get secrets $firstWorkerSecretName -n $namespace  -o jsonpath={.data.controllerEndpoint})
CA_CRT=$(kubectl get secrets $firstWorkerSecretName -n $namespace  -o jsonpath='{.data.ca\.crt}')
TOKEN=$(kubectl get secrets $firstWorkerSecretName -n $namespace  -o jsonpath={.data.token})

echo "
---
## Base64 encoded secret values from controller cluster
controllerSecret:
  namespace: ${PROJECT_NAMESPACE}
  endpoint: ${CONTROLLER_ENDPOINT}
  ca.crt: ${CA_CRT}
  token: ${TOKEN}
cluster:
  name: ${clusterName}                         
  endpoint: ${worker_endpoint}           
imagePullSecrets:
  repository: https://index.docker.io/v1/
  username: ${kubesliceRegistrationUsername}                             
  password: ${kubesliceRegistrationPassword}                             
  email: ${kubesliceRegistrationEmail}

Execute the secrets.sh File

The output of the script is Required for the Slice YAML file creation.

Use the following command to get the secrets of the worker cluster from the controller cluster.

sh secrets.sh <worker-secret-name> <worker-cluster-name> <kubeslice-projectname> <network-interface> <worker-api-endpoint> <docker-username> <docker-password>

Example

sh secrets.sh kubeslice-rbac-worker-gke-worker-1-token-85tmc gke-worker-1 kubeslice-avesha eth0 https://34.105.95.217 user1 5585799-5d5a-48fa-b805-f4a1ffb110

Example Output

---
## Base64 encoded secret values from controller cluster
controllerSecret:
  namespace: a3ViZXNsaWNlLWF2ZXNoYQ==
  endpoint: aHR0cHM6Ly9DNjgwNTQ5MUNBNTI2MzVFM0YzNEUwQTFDRTRDMkY3RS5ncjcudXMtZWFzdC0xLmVrcy5hbWF6b25hd3MuY29t
  ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeU1Ea3lNREEzTURZeE5Gb1hEVE15TURreE56QTNNRFl4TkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTXR2ClpXczQ1RVhicDdZMDJWdEJibUJITHBOTVN4VnpEQzBvWTh5N3R1YmJLWEJFRk9xbGVzU2trYWpmanJ5dGdTZzgKSmE2bXQ0TERjSlQrQ3FmYzMxYWN5RWpHdXlPeFM0Tmt4RGlBdkI0bHRyY2JLMmhnNkJmOWk1RDBTUzV5Rzh3WQpHZVV1bDkyOGlRcnVQeUxTY21wc0s3Y2sxL2FIQjAybDZpNmh5UWhyb1NMWSs5RHhobDdaVTBDMGpwTTQrZG1tClJ1cndVSEUvSGdFQ20yOUZuc3RiOTNZU2NsN3pERG4wdll1SVMrcWZoY2ZTSHR3VFRoZ1JkRlVtWStNUzM2dEYKSXBqNG8xT2xhdXRaMVZkUEJMbGRxUTdxTmlwVGtNbmZhTHA3U0h1QUUxSHV0N0xCOUxSMFAwQXlNU0NwbDV6QQpWWld1VVQ2cmw4TzZDMU5lUmY4Q0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZCNnJkejFRa0NoU2ZtcjBRVU5CeGt3M3pKeFZNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFBVWlaYnl2T1N6bVU5YnlWdVFreE9xaVZVdnBVUFlhZDJoZmJsejd0Z1krNWljYnR3SApoeDg1Rmp3WkZvRktkQVJiN1cxYnJnTG5OcXhDZEllWTVKZEkzTlBZRjZrVlc3ZmNMckUwK1BEWXhkc3dDZXdlCk9DSklUSFp3YjNQM05qMUNzTmVVaHg0Um4wd2FiYjlzS0xkUG5Bc0NRNFplTWxaalBSUllIeHg5QVU2ZWNxbXMKZWJWUkRpVTUzekJGd2tpSEhyZHRDTDNQQmxCZENvY0s5dXFQSi9nSXJDYVBrWGl3SlNZb0NrdWt4dm9rZk9xVgpONWd5QXFKL2o4RmkwUEh3UkVIUXNHVnVvajhxQjJzYUd4ZExhcTVWditsQVJpWktEVGhrVXJEeUE0YjB5c0w2CnZDUGtJRUl1ZE5SSGQ3eEJ6ckxPcVhVdXFGREJvTS92TFhaOQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
  token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklqWkdZVEpwTlZWb1drcEhaaTF6VWpSa09WaENlRjlCUzNaSU1uQlhaMEZEY2xGTldrOXFOVUppWjJjaWZRLmV5SnBjM01pT2lKcmRXSmxjbTVsZEdWekwzTmxjblpwWTJWaFkyTnZkVzUwSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXVZVzFsYzNCaFkyVWlPaUpyZFdKbGMyeHBZMlV0WVhabGMyaGhJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5elpXTnlaWFF1Ym1GdFpTSTZJbXQxWW1WemJHbGpaUzF5WW1GakxYZHZjbXRsY2kxbmEyVXRkMjl5YTJWeUxURXRkRzlyWlc0dE9EVjBiV01pTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxjblpwWTJVdFlXTmpiM1Z1ZEM1dVlXMWxJam9pYTNWaVpYTnNhV05sTFhKaVlXTXRkMjl5YTJWeUxXZHJaUzEzYjNKclpYSXRNU0lzSW10MVltVnlibVYwWlhNdWFXOHZjMlZ5ZG1salpXRmpZMjkxYm5RdmMyVnlkbWxqWlMxaFkyTnZkVzUwTG5WcFpDSTZJalJpT0RWak5tWmpMV1ZrWXpFdE5HRTNZeTFpT0dWaUxUVmxNVEUyTURrd1lXRmhNaUlzSW5OMVlpSTZJbk41YzNSbGJUcHpaWEoyYVdObFlXTmpiM1Z1ZERwcmRXSmxjMnhwWTJVdFlYWmxjMmhoT210MVltVnpiR2xqWlMxeVltRmpMWGR2Y210bGNpMW5hMlV0ZDI5eWEyVnlMVEVpZlEuRVNkVm1vajA3OXBrSmkzbktGMFhuZE9sa2Q4aGJJdUNaLURpdG1UOGZkVmRkeGhPWEdfcVFSSXZqN05tb1JMUC1xdzJacHliZmgtYWJRVUtNSHFTTGM0aFNBMFhaTTI2UnprWUpRZU9NUE80dGdqdjVQaWNYRkJDbFo0Vk93d2V0WE5Ldi1TLVhiOWVYeHBGQjVDZUozVm0tZjlBV2xXZkMzLUg3aTBoZVlXaWdOSU85SEFFeU43b1RtYXV3WFRRRUg3YVlNOURpZmRreHNaTjZyeTlPZ09TbzJMcUQyc2F2bzNVSU5iX3d6bzdkc2t3T0NuZjdOQk1pMzJOYmZTZ2dBaFdNOUVFM0hyUzFXMWgzZEJLZURMZjEzNXVGZjB4N29NM2lfSUliTzNnZlhYaDVKN3UwS1RIYXNvVFRwVFJhY29NVWkzZ3lnaFN5R0Y0dmVXSzZB
cluster:
  name: gke-worker-1
  endpoint: https://34.105.95.217
imagePullSecrets:
  repository: https://index.docker.io/v1/
  username: Kumar
  password: 5585799-5d5a-48fa-b805-f4a1ffb110
  email: aveshaenterprise@gmail.com

Manually Retrieve Registered Cluster Secrets

Create your secrets YAML file using the above output to install the Slice Operator on the worker cluster.

After registering the worker cluster with the KubeSlice Controller, you get a secret listed under the project namespace. The secret contains access information for the Slice Operator on the worker cluster to communicate with the KubeSlice Controller.

Switch the context to the controller cluster.
```
kubectx <cluster name>
```

Get the list of secrets that belong to the project namespace using the following command:

kubectl get secrets -n kubeslice-<projectname>

Example

kubectl get secrets -n kubeslice-avesha

Example Output

NAME                                           TYPE                                  DATA   AGE
default-token-q2gp9                            kubernetes.io/service-account-token   3      43s
kubeslice-rbac-ro-abc-token-kp9tq              kubernetes.io/service-account-token   3      43s
kubeslice-rbac-ro-xyz-token-vcph6              kubernetes.io/service-account-token   3      43s
kubeslice-rbac-rw-abc-token-vkhfb              kubernetes.io/service-account-token   3      43s
kubeslice-rbac-rw-xyz-token-rwqr9              kubernetes.io/service-account-token   3      43s
kubeslice-rbac-worker-aks-worker-1-token-hml58 kubernetes.io/service-account-token   5      43s
kubeslice-rbac-worker-aks-worker-2-token-lwzj2 kubernetes.io/service-account-token   5      43s

The name of the secret is in this format: kubeslice-rbac-<registered cluster secret name>-token. For example, kubeslice-rbac-worker-aks-worker-1-token-hml58 - this secret is meant for a worker cluster that was registered using the name aks-worker-1.

Retrieve the details of the secret using the following command:

kubectl get secrets <worker-cluster-secret-name> -o yaml -n kubeslice-<projectname>

Example Output

kubectl get secrets kubeslice-rbac-worker-aks-worker-1-token-hml58 -o yaml -n  kubeslice-cisco
apiVersion: v1
data:
  ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUU2VENDQXRHZ0F3SUJBZ0lSQUtkdGsrOTJWQlJaSlJ4K2w5SHFabWN3RFFZSktvWklodmNOQVFFTEJRQXcKRFRFTE1Ba0dBMVVFQXhNQ1kyRXdJQmNOTWpJd016RTFNRGN3TURNM1doZ1BNakExTWpBek1UVXdOekV3TXpkYQpNQTB4Q3pBSkJnTlZCQU1UQW1OaE1JSUNJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBCm1PZVNWQ3VVY0NNYlJtYkxsREFGSjljZk1ER0hHbWlVcy9PaU1zRm1QelZzcGkveEM0bFhqdStnSGtvNXMwcEEKeWZ6aURMU3cxeFA1RWk0S1NLMmhxZnBjYW04MFViTTV0RTIyaHowd21sOGlRblhES1Ztdm9JOFBqNm9SZHpiNApxcC9sMGFMZHUvOGtrVEhSWVU4MVJyWFJtWEVaUjJUcG9qaGZCYXd6UGxCNWFJall2YVc0djRERFpqRjFaTzNwCjdvNFg5RWZsZmZtd0wyNmlUSWZINjNwU3VBNjlob25RY0NLVjh3SmdDQVdxZHBDT0hJQlBUWjVzQThSWkdja2sKSDlzNXR3U00zbWVBcXEzaGhLVmNRL0YxNTlOLzdDRUZOZytjUTdtYkgxS21ISnEzYSsvYmRJM296L3R3cGRUZwppUUVEVS94UENxNTJHRnNFazNYTEcxSG5GUVpmZWVCNThQNVd6NS9Iak9KbHJwOExUN0RDdHFDK2FuLzNCRTh4ClJwMkRaOW9TT2UyblhyK3FreDRpampndVlKeCtiRHpGM2o0MVRrd1Q3am1teWlGMkZYN25nWGVpVk1nSU8xdisKZjFSdVRiTHpsYlFSNU12a09qUm9vVlBybWRXVVRFNVdaMFp4QnRkS1dtdUdHR2ZMOFljNndQc0NKUldianpORwppb2psZU9lVkg5UDB5S3VkREZPWkFINHp6Vk1CYTAvMHJXKzRnWnhtVzVpRkxaVE1BbEQ5QXhSclhPbFB4Uzg5CnFMY3NCMHNqbDNzeGlzb0lieEJGSUwzeGtRa0szK1RDYktIQmlnR1dBQmxlRGJHYWZHVjRDalpBL0E5MC93QlUKNjJRWUdEZ1FkVDhsN2U1anp0RjZWanBFbXo5T1IrUUphR3FXczFMQ04vRUNBd0VBQWFOQ01FQXdEZ1lEVlIwUApBUUgvQkFRREFnS2tNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdIUVlEVlIwT0JCWUVGSlp0UHlYZ0wrcXIxRzIyCmtVWllpN0E4U1dPME1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQWhXNG9QdVlEazNiamZSdlpYQmllTU5Sa3cKc1FCSjNoL3dCT3c5K0hMZ2lpYzJhNDdtWUJHcDlDV0ZvWTIvKzNDcjdZQThKYzZyY3QrcnlMeDUvQThlOVB3bApXV1VKbnVSalA5d3NoTkk0UUFKalRESEdMYVd4dXphOXFtVUxHUHV0VWpORkcySlJOTWxiV2pxakJzN1I1RFNMClVXazBEVi92dWU4YUhyRTJPRk5wVjFIK2V3VS9xdHFyRlVUWFI4d2NIRXdSNVU0cG9SSU9mOUl2OTdyOTdLY2gKTGFiQ1hJTWhpeVZMcDcvRXpGNVFyNFA0OUNhS0ZvMXhQQm1zcWUrV0lJZzFxbjk1ZlRHRjZmc3dwMHM0TE5pcQpJRnRsS3doR294VFNONXZWMU9EcTFWY3NOY2VRT0FNQVE0WE9zNGxBZURGTXFoaUtVcDJHZlZ2RWZKb2I4QzQ5CnAxcFB1ZWl5dksrc1ZUL2NWSkpzeUMvcnZBQUZ4ZnFlUytZbFlXajMwdG1pTitSdjRlS3V2c1ZadWZQSGVuNDcKdHVZSUQrNDZEL0x2ZVBBdGcwVVg4U3Qwakx4ZWg5bTFwRzZqSWk4NVlYQ0kzVy9XUms0aXpXMC85NldwZ1BJSAplOWQrRlhOZWY3eXJNWWExbGdGV1V2ajNiNG11aGlHQngvNE9oTWt6R3BUYU1aOWhCMUJyVlE5N1BwM0xkVHhxCnFESEJyZThETXN3MXJ4Uk12azVKNWEvVlMvUlBMS21KK2k2czN1RzlnaFVCSXIyQmVaS0gzdGFKUFpEaEhYNlUKaW1yS3F5KzV2MG9vTTl3OTU0MVlyMFVyUTZPSkpqNzRhc044MjRlVVJueFRCZDFTTVFMSGtYeThMS1FFYUVweQpZWXNrYUpPSys0cFJRREZTeFE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
  clusterName: YWtzLXNwb2tlLTE=
  controllerEndpoint: aHR0cHM6Ly8xMjcuMC4wLjE6MzY1MTU=
  namespace: a3ViZXNsaWNlLWNpc2Nv
  token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklsbFBVbUpqTVVGaU5ucDRiSFUwWm1wdVowdHVUREJ5V1RsemFtdEdjR1p5TTNaSk5FSkhVbkpGY2pnaWZRLmV5SnBjM01pT2lKcmRXSmxjbTVsZEdWekwzTmxjblpwWTJWaFkyTnZkVzUwSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXVZVzFsYzNCaFkyVWlPaUpyZFdKbGMyeHBZMlV0WTJselkyOGlMQ0pyZFdKbGNtNWxkR1Z6TG1sdkwzTmxjblpwWTJWaFkyTnZkVzUwTDNObFkzSmxkQzV1WVcxbElqb2lhM1ZpWlhOc2FXTmxMWEppWVdNdGMzQnZhMlV0WVd0ekxYTndiMnRsTFRFdGRHOXJaVzR0YUcxc05UZ2lMQ0pyZFdKbGNtNWxkR1Z6TG1sdkwzTmxjblpwWTJWaFkyTnZkVzUwTDNObGNuWnBZMlV0WVdOamIzVnVkQzV1WVcxbElqb2lhM1ZpWlhOc2FXTmxMWEppWVdNdGMzQnZhMlV0WVd0ekxYTndiMnRsTFRFaUxDSnJkV0psY201bGRHVnpMbWx2TDNObGNuWnBZMlZoWTJOdmRXNTBMM05sY25acFkyVXRZV05qYjNWdWRDNTFhV1FpT2lJd1l6Qm1ZalpoTWkwMlpUZG1MVFEwTkRVdE9UWTBaUzAwTURObVpqZzVPRGN6WldJaUxDSnpkV0lpT2lKemVYTjBaVzA2YzJWeWRtbGpaV0ZqWTI5MWJuUTZhM1ZpWlhOc2FXTmxMV05wYzJOdk9tdDFZbVZ6YkdsalpTMXlZbUZqTFhOd2IydGxMV0ZyY3kxemNHOXJaUzB4SW4wLnVYcnppc0U0ZkF6WklValV4Y2Q5d3dhVE41OGI0TVBlQjhOUUY0RHdWT1pwTzloQ293MU9BaE9Vc0k2cXdJeVNfcGN2T2tKeDBwN1hvTnVOZEZkdld5bThxUExNeThVNFhpZ2ZUeFhURUk4UG1RdGVzT2tRR3F3SFZlTExzME5LYUJ6ZUVaNFAwb2d4UWxXMVVxMzRTWFdJcTUzY3BNZFFJclZVdTBnYmdZMmZ6aUVrNnNlT3dVYkZ3ZGRuSElGUDN3Yi1qMDdTLUZpVG1ES042UmM3ZUFpNGNUZWtyXzNHZ0NOZllrbHdkdEd5czZETjg0ZlFQbVBqMmpUOS16QnRpcHJyS25SSzVPRHppWG4wT0FPQ0M3QlhpamJQeGswcHpNUG1jdDBBUzg0SGxFckd1WlVRUVNNQ2E5SEFwOG12UExYb3FaN1gxREI1bXBsTkxEM3gzaDgwcURZSExJUXZwNGhEUl8wdkpPSFZMaEl5akQ1NTNVUU5FMExhNThXTnhaTUhEZ1haRUtna3dlYXJBVWFXQ3U4VDRUNWdxS2dNMmFJMDU4RjhNWEVremdfWThCcjhJUnIzbmlJaEhnUXp2bHZFdG5ETl93ajNVXzZwUzJmRFZ4eFpDbURXSmlfUW9fWUpoN2JuVlh1bktDaVdqVWFZanQ1SjN4ZDhXcjkydVJBSDY3MzY4dmxjdWpVOTgyU2FjRTJBaks4NkhCR1FITTlfQ2FpZS1RUUgzc2hhUEVXVE5BT3FZWWMtbldUd29GcjJ0bUhFQnJsc0FVejVxaHdwcDVnMEV5dzFuMUdfS05MVWVwSUpCdF9VWjZpQ0NwX3NVbGZqSFdqb0R1OHJmd1ZIX3FudkZVNUViV0lpdnF4WkFVNTNqQmwtQkJELUlTbTJTMEoxWDJn
kind: Secret
metadata:
  annotations:
    kubernetes.io/service-account.name: kubeslice-rbac-worker-aks-worker-1
    kubernetes.io/service-account.uid: 0c0fb6a2-6e7f-4445-964e-403ff89873eb
  creationTimestamp: "2022-03-15T08:48:04Z"
  managedFields:
  - apiVersion: v1
    fieldsType: FieldsV1
    fieldsV1:
      f:data:
        .: {}
        f:ca.crt: {}
        f:namespace: {}
        f:token: {}
      f:metadata:
        f:annotations:
          .: {}
          f:kubernetes.io/service-account.name: {}
          f:kubernetes.io/service-account.uid: {}
      f:type: {}
    manager: kube-controller-manager
    operation: Update
    time: "2022-03-15T08:48:04Z"
  - apiVersion: v1
    fieldsType: FieldsV1
    fieldsV1:
      f:data:
        f:clusterName: {}
        f:controllerEndpoint: {}
    manager: manager
    operation: Update
    time: "2022-03-15T08:48:34Z"
  name: kubeslice-rbac-worker-aks-worker-1-token-hml58
  namespace: kubeslice-cisco
  resourceVersion: "21121"
  uid: 611af586-b11d-45d4-a6e0-cee3167e837c
type: kubernetes.io/service-account-token

Get the Worker Network Interface

Get the name of the network interface on the gateway nodes that is the egress interface for external traffic.

warning

The below command does not work for OpenShift clusters.

Use the following command on the gateway node:

ip route get <External IP Address> | awk '{ print $5 }'

Example

ip route get 8.8.8.8 | awk '{ print $5 }'

Example Output

eth0

Create the Slice Operator YAML File

Use base64 encoded values of the namespace, endpoint, ca.crt, and the token from the above secrets retrieved by using the secret.sh script or the output following the manual secret retrieval steps to create your sliceoperator.yaml file.

Get the Worker Cluster Control Plane Endpoint

Get the control plane's kube-apiserver endpoint of the worker cluster by using the following command:

kubectl cluster-info

Expected Output

https://34.159.173.186

Slice Operator YAML Template

Use the following template to create a file called sliceoperator.yaml file.

info

To know more about the configuration details, see Slice Operator parameters.

# Base64 encoded secret values for the namespace, endpoint, ca.crt and token from the controller cluster.
controllerSecret:
  namespace: <encoded_namespace> 
  endpoint: <encoded_endpoint>
  ca.crt: <encoded_ca.crt>
  token: <encoded_token>

# Provide the name and endpoint of the worker cluster.
cluster:
  name: <worker cluster>
  endpoint: <endpoint of control plane of the worker cluster>

# This parameter is optional. The default value is true. 
kubesliceNetworking:
  enabled: <boolean-value>

# Provide your username, password & email values from the KubeSlice Registration email under imagePullSecrets to create a secret.
imagePullSecrets:
  repository: https://index.docker.io/v1/
  username: <username from KubeSlice Registration email>
  password: <accesstoken from KubeSlice Registration email>
  email: <KubeSlice Registration email ID>

Example of the Slice Operator YAML for a Single or Multi-Network Slice

The following is an example of how to use the Slice Operator YAML for a single-network or multi-network slice.

controllerSecret:
  namespace: a3ViZXNsaWNlLWF2ZXNoYQ==
  endpoint: aHR0cHM6Ly8xNzIuMTguMC4yOjY0NDM=
  ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeU1EVXhNREEzTkRBd05sb1hEVE15TURVd056QTNOREF3Tmxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTlNaCnlFcnhHQitHZTczTDdwS3dKTDNHR0k2VDdjazkrdmFHbGNkZ1ZuNnA3bWVSdHh1SFZMQmZQYWJlM0JkZjJTaE4KKzZpVEtscVJoN0VPNmltRVdJbkk0UitING9Xb2xkU09uOEQ5b1VVeDcydGkrK211ak5CRmlmbHB1TG85bk9TMQpKUjAxWWdwaC9IMi9mVE0yeVVlRmlJelBFZEdpOXUxM0JzOHZqQnRjUmdsZzdobEE0bm1HSDRMMGtERjkrZHNWCmJBN3N1S1dOZ2ZBeHp5SnRKYkN5SkFFSHdKY0V0aHhOREpwRUZ2UEZRY29FYzl6SHFkdFJMejF0Z05yRUZwU2oKOCtBbHRMdEZVSFd0ZmF0RnJ1M05qOHNWN2JITVM3UTlKeWRjWkFMcDJNM3RkNkFSeGxzSVg4WlJRei9EWm5jcgo5UjhYS0JwUmxnOWMzOTZERDVrQ0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZEZmVYZC9YT0pSZWpVc2hzMnNPZ0E2RHdYcE5NQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBRHU0TVlNb2Rqa2JnQ0hndzZwbQpTWjhKWGMxNStWa0o0clNUbEtpTERlWVlYNit0dzdoek1FZFBieXkwSnprbTl6UWYrbnZlQlpYODhLeVhVTzIxCjI0NWZjanQxeEQ1ZEVMalR1ZlFFYjhqejByVmdMTnFKak5Gdm1OZXhtYzB0aTlXRVlMQUFtcVVoaUlFVVdCUjkKeEp3M2Z0eXI4OWRKZ1pRc2cyUkl5S3h0ajZacUtMRElZVlZKbzFLZjlUOUFFZUw4Qjc2RnJzU1RuQjIrek83OQpveUUrVGRvMFJOQUFOYlF2aVNRR3J2NHRTZlRja2t2c3lDNi9qL1ZCSGRGQ3Zhb3c5WXRtRnZJUkVJdWx4YjZ1Cmp4MjNJc0VuaEovSXlQblZhY3JJM29SNU9WVENIaGY5RGoxRHZTU0dDVkt1RTRjVGo0YjZ0clFrNm1qbUZMZlkKUlhVPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
  token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklrRjVTV0pEVEdObU4yOU1RM3BXZUY5MVNXSnNaVzVzVkhOdllrTlljRXN0ZDFRNU9VbGxlbTE0V2xFaWZRLmV5SnBjM01pT2lKcmRXSmxjbTVsZEdWekwzTmxjblpwWTJWaFkyTnZkVzUwSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXVZVzFsYzNCaFkyVWlPaUpyZFdKbGMyeHBZMlV0WVhabGMyaGhJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5elpXTnlaWFF1Ym1GdFpTSTZJbXQxWW1WemJHbGpaUzF5WW1GakxYZHZjbXRsY2kxcmFXNWtMWGR2Y210bGNpMHhMWFJ2YTJWdUxYZzVjVzV0SWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXpaWEoyYVdObExXRmpZMjkxYm5RdWJtRnRaU0k2SW10MVltVnpiR2xqWlMxeVltRmpMWGR2Y210bGNpMXJhVzVrTFhkdmNtdGxjaTB4SWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXpaWEoyYVdObExXRmpZMjkxYm5RdWRXbGtJam9pTlRsaE16RXpOVE10WVdRek9DMDBaRE5tTFRsaVpHRXRObUZrWlRGak4yTTJPVGszSWl3aWMzVmlJam9pYzNsemRHVnRPbk5sY25acFkyVmhZMk52ZFc1ME9tdDFZbVZ6YkdsalpTMWhkbVZ6YUdFNmEzVmlaWE5zYVdObExYSmlZV010ZDI5eWEyVnlMV3RwYm1RdGQyOXlhMlZ5TFRFaWZRLjBuQzVRR1B5NUxFb1lQV2FfYVpaY1hqM2tjWm9abUNYekE5UWw2U3FwMGRpQ0p2VHAtWmpDa1QzX3k5YVhxTVZKNWJIUnN2SVBELUZKYkZMdVhaV2FmY05INW44ZkNqT25maG5BQ1lJWTZHUEVQQTBDV3ZMMUtNeEpoMjh1aU5HN3dVVUsyTHNhT1BFWUd5OHFZSTN2UEpJR3VvRUlkS0JVYmh4ZUdwTnBFQkM1aDNtVTY2TlV3MUZkWkNSNHBwRWwtYThXbXEtMmNqQUpBSmQ4MDVyQjE1UGM2b1dnc2xqUm5aNVNfeS12clg2dTZ4bVc2UUpYdmQ0bzNMY2QxVnJ2Z2pRczdkSkkyY0I2dnJmVWVPSXFHWWpYM3dKQnBOakFjZlBXeTQ0aG9CY1gtdlFSQ2ZwSndtTDlZX0EyTTRpZG5taE5xZ2dNb1RtaURGZ1NsYy1pZw==

cluster:
  name: cluster-worker-1
  endpoint: https://10.1.75.49:6443

imagePullSecrets:
  repository: https://index.docker.io/v1/
  username: <username from KubeSlice Registration email>
  password: <accesstoken from KubeSlice Registration email>
  email: <KubeSlice Registration email ID>

Example of the Slice Operator YAML for a No-Network Slice

The following is an example of how to use the Slice Operator YAML for a no-network slice.

controllerSecret:
  ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJZ0lJWE5TNG54bkpmS013RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TkRBek1qWXdOREV6TkRSYUZ3MHpOREF6TWpRd05ERTRORFJhTUJVeApFekFSQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLCkFvSUJBUUMrZlFETXBOMTZTc01ERW5WREJjRVFYVTRTQ0l3NGFJei9IVFFZbFlLYU5rUEU4RXNMSmJJbW5INWEKRExPTDJiWnRxejNpT1lHUEZEazBVa1ZJWHpXTXozeEh5aTZOZVJlc0lMU1RUY0dZVDJONnNMRXcvVERPWnJHUgpSUmJVM2xkdUZwY2JwT21UNEk1aEg0aDR3WURSUHp6SHpQblFLYVJaRHhmNGJvckFNTFRjVS9CK2phQnFFekNBCjNJUUg3LzJMaTgvN1MzQTZWVVVLZHBCSGZVOUlaYjhicEk1NithbGE3REpOU25SeWNrblowSXpGckpKZlhYS1QKS3BweURseCs1OUx2TkZPMldFU2hnT2tlRnNEcDJISmFDc3gyMHRMK0tqVkgvZHpWckVrVERvSzUvNUpHQ04vbApxTXpzcHJQMW0vQ2FvbUNYczlWc0licnBPaEhYQWdNQkFBR2pXVEJYTUE0R0ExVWREd0VCL3dRRUF3SUNwREFQCkJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJRa3BxWlB4L1VtcDNhcm90ektTWmFCdnhjdzJqQVYKQmdOVkhSRUVEakFNZ2dwcmRXSmxjbTVsZEdWek1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQTRCaDFmU1JDQgpRRURKYnVqbFlSR2hDVWVRQ2lDeGJQeGxZTnkvYjBIV3RYMDl3dlFlMmVSa2w0K3J5bTg3Yk0rM3cyazNXckdZCjdUOSt0MmlmcG83WkdRU01rc3BrWWM3d3o3RmY0UG9Nd1F5ZUlVTTlLWkpIQVY4NlVieUdhck9vYnRRVit2RlcKRkU3K3BuRnFvZ05hczV6NzdSMVlOdklNcUpINDFqalR3SGdvcFF4Q2tTaWV0WnJ3elpQcDBZS2hKRzZyKzhHTgo1WVY3WTBweGxNNnEwc2tpVDNSZW1YMGNJWUlBSWJndmFWVHFnZ05OSkNPN0FrUlZ1bG5PZlBUc2tuWUFQVHRICkZXMWh0VXRoTldWMTJtdUpUMEQ4ekZrdGlLVVNjWWNOM0U4NlB6M3VINGRQdWYvTmJBZ3ZsdzNpRG1INXUxRW4KYTJpTjlWOElXcDRTCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
  endpoint: aHR0cHM6Ly9CNjlBODI1RkE5QjUwNEUzRDRFRjI0RjMwMzc0NjU0QS5ncjcudXMtZWFzdC0xLmVrcy5hbWF6b25hd3MuY29t
  namespace: a3ViZXNsaWNlLWF2ZXNoYQ==
  token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNkluTmlPV3RTWm5aeGFrVXphVkF3UnpKdFRFdFRRMEZHV0VOVmRXbEphVFJGVEd0UldETXRPWHB4WW04aWZRLmV5SnBjM01pT2lKcmRXSmxjbTVsZEdWekwzTmxjblpwWTJWaFkyTnZkVzUwSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXVZVzFsYzNCaFkyVWlPaUpyZFdKbGMyeHBZMlV0WVhabGMyaGhJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5elpXTnlaWFF1Ym1GdFpTSTZJbXQxWW1WemJHbGpaUzF5WW1GakxYZHZjbXRsY2kxamJIVnpkR1Z5TWlJc0ltdDFZbVZ5Ym1WMFpYTXVhVzh2YzJWeWRtbGpaV0ZqWTI5MWJuUXZjMlZ5ZG1salpTMWhZMk52ZFc1MExtNWhiV1VpT2lKcmRXSmxjMnhwWTJVdGNtSmhZeTEzYjNKclpYSXRZMngxYzNSbGNqSWlMQ0pyZFdKbGNtNWxkR1Z6TG1sdkwzTmxjblpwWTJWaFkyTnZkVzUwTDNObGNuWnBZMlV0WVdOamIzVnVkQzUxYVdRaU9pSTNObVprT0RFNE1pMDROR0poTFRRMFlqRXRPR1l3T0MxalltRTBaREkwTmpJd1kyUWlMQ0p6ZFdJaU9pSnplWE4wWlcwNmMyVnlkbWxqWldGalkyOTFiblE2YTNWaVpYTnNhV05sTFdGMlpYTm9ZVHByZFdKbGMyeHBZMlV0Y21KaFl5MTNiM0pyWlhJdFkyeDFjM1JsY2pJaWZRLnJUTVhvY2JJbWpRcWxEN0pVZUxLc0FrTGZZUG1ObllQTGsydV9OaHVqUWVzY3VxOTBzNFdMQmMtRGRpU0VEYTFsdGNfWFZJV3NPNi02c3BabVZwUHJsREtQUk93V0pfV2hpX3JyYllWdnk2YTdXUDhQRXVJNzVERm10R21NVkVjbTYtRUtGaVl1MnlFeTdwMDBDOUZJblU5UldvbDlHMU9BdHFSODZTSGQxbmdOYzhpUDE2bDFJcWZHdlh1TEtaSFR2aE1ubU1DTWZScGt3LXJXRlZmNWdVY21kNk5TMng4T2dGaGdJdUs4QVl1UUU5WXJlcW02T1BQcFc0bnh0bDh2dVpyb2tvZ0VrQ1JnUGNEaUtoSVNVWGJHS3JuNVpReDJQaVNCTmZJWDFTeFVKM0YxM0FmOEhidUUzY1NmN1lRWXJQc3YwbDBSUWRCOG8zb3hDa2E2QQ==

cluster:
  name: cluster2
  endpoint: https://10.1.75.49:6443

imagePullSecrets:
  repository: https://index.docker.io/v1/
  username: aveshadev
  password: dckr_pat_pcmsQ0PwWHRhH2baqqHKzVnFWhM
  email: <KubeSlice Registration email ID>

Apply the Slice Operator YAML File

The following information is required to apply the YAML file.

Parameter	Description
`<cluster name>`	The name of the cluster.
`<values>`	The file name with the values.

Apply the Slice Operator YAML file:

Switch the context to the worker cluster for which you have created the sliceoperator.yaml file.
```
kubectx <cluster name>
```

Apply the sliceoperator.yaml file on the kubeslice-system namespace using the following command:

helm install kubeslice-worker kubeslice/kubeslice-worker -f <full path of sliceoperator>.yaml -n kubeslice-system --create-namespace

Validate the Slice Operator Installation

To validate the Slice Operator installation on the worker cluster, check the pods status that belong to the kubeslice-system namespace.

To check if the pods are running, use the following command:

kubectl get pods -n kubeslice-system

Example Output

NAME                                         READY   STATUS      RESTARTS   AGE
forwarder-kernel-94c8q                       1/1     Running     0          8h
kubeslice-dns-679966fd4c-4ppdb               1/1     Running     0          8h
kubeslice-operator-77fc84cb54-9j2jm          2/2     Running     0          4h36m
nsm-admission-webhook-k8s-864c87f5d4-cqlxn   1/1     Running     0          8h
nsm-install-crds-lbvrx                       0/1     Completed   0          2m35s
nsmgr-zqzzg                                  2/2     Running     0          8h
registry-k8s-84f468f675-g9hzg                1/1     Running     0          8h
spire-install-clusterid-cr-488p6             0/1     Completed   0          2m21s
spire-install-crds-dcm75                     0/1     Completed   0          2m28s

You can also validate the spire installation using the following command:

kubectl get pods -n spire

Expected Output

NAME                      READY   STATUS    RESTARTS   AGE
spiffe-csi-driver-5nxw8   2/2     Running   0          2m30s
spire-agent-4nr5v         1/1     Running   0          2m30s
spire-server-0            2/2     Running   0          2m29s

success

You have successfully installed the Slice Operator on the worker cluster. Repeat the above steps to install the Slice Operator on all the participating worker clusters.

success

You have successfully registered the worker clusters with the KubeSlice Controller.

Register Worker Clusters

Create the Cluster Registration YAML File​

Example YAML File Only with Mandatory Parameters​

Example YAML Expanded file​

Apply the Cluster Registration YAML File​

Validate the Registered Clusters​

Install the Slice Operator​

Automated Retrieval of Registered Cluster Secrets​

Get the Worker Network Interface​

Create the secrets.sh File​

Execute the secrets.sh File​

Manually Retrieve Registered Cluster Secrets​

Get the Worker Network Interface​

Create the Slice Operator YAML File​

Get the Worker Cluster Control Plane Endpoint​

Slice Operator YAML Template​

Example of the Slice Operator YAML for a Single or Multi-Network Slice​

Example of the Slice Operator YAML for a No-Network Slice​

Apply the Slice Operator YAML File​

Validate the Slice Operator Installation​

Create the Cluster Registration YAML File

Example YAML File Only with Mandatory Parameters

Example YAML Expanded file

Apply the Cluster Registration YAML File

Validate the Registered Clusters

Install the Slice Operator

Automated Retrieval of Registered Cluster Secrets

Get the Worker Network Interface

Create the secrets.sh File

Execute the secrets.sh File

Manually Retrieve Registered Cluster Secrets

Get the Worker Network Interface

Create the Slice Operator YAML File

Get the Worker Cluster Control Plane Endpoint

Slice Operator YAML Template

Example of the Slice Operator YAML for a Single or Multi-Network Slice

Example of the Slice Operator YAML for a No-Network Slice

Apply the Slice Operator YAML File

Validate the Slice Operator Installation