...
Kindly be aware that pods running on shared nodes do not achieve full isolation as they share the same computing resources (virtual machine) and rely on the security capabilities of the container runtime, such as Docker or Containerd.
How to access the CaaS
Accessing the CaaS requires proper configuration of kubectl, the Kubernetes management client.
To simplify the configuration and authentication process, two distinct plugins for kubectl have been developed: kubectl-openstack and kubectl-iam. These plugins are differentiated based on the type of authentication required.
kubectl-openstack: This plugin is required for all users registered with CloudVeneto and is based on the OpenStack authentication model, using the Keystone token.
kubectl-iam: In case you wish to grant access to INFN users external to CloudVeneto, who are registered with one of the IAM services supported by our cluster (by default: "https://iam.cloud.infn.it" and "https://iam.quantumtea.it"), you will need to use the kubectl-iam plugin.
Configuring kubectl with the kubectl-openstack plugin
Prerequisites
- install kubectl (guide)
- have an OpenStack password configured through the CloudVeneto dashboard.
Plugin installation
Download the kubectl-openstack file and copy it to /usr/local/bin/ . You may need to make the file executable (chmod 755 kubectl-openstack).
Usage
To view the syntax and the list of parameters use the help:
| Code Block | ||||
|---|---|---|---|---|
| ||||
$ kubectl-openstack --help
Usage: kubectl-openstack [FLAG] -user <USERNAME> -password <PASSOWRD> -project <PROJECT>
Options:
-force
overwrite the existing configuration
-password string
your CloudVeneto password
-project string
your CloudVeneto project
-user string
your CloudVeneto username |