...
kubectl-openstack: This plugin is required for all users registered with CloudVeneto and is based on the OpenStack authentication model, using the Keystone token.
kubectl-iam: This plugin is required for all INFN-PD users external not registered to CloudVeneto, who are registered with one of the IAM services supported by our cluster (by default. Supported IAM services are: "https://iam.cloud.infn.it" and "https://iam.quantumtea.it"). QUESTO PUNTO VA CHIARITO
Configuring kubectl with the kubectl-openstack plugin
Prerequisites
- install kubectl (guideguide)
- have an OpenStack password configured through the CloudVeneto dashboard.
Plugin installation
Download the the kubectl-openstack file and copy it to /usr/local/bin/ . You may need to make the file executable (chmod 755 kubectl-openstack).
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
$ kubectl-openstack --help
Usage: kubectl-openstack [FLAG] -user <USERNAME> -password <PASSOWRD> -project <PROJECT>
Options:
-force
overwrite the existing configuration
-password string
your CloudVeneto password
-project string
your CloudVeneto project
-user string
your CloudVeneto username |
The following example configures kubectl selecting CMS as project:
| Code Block | ||||
|---|---|---|---|---|
| ||||
$ kubectl-openstack -user zangrand@infn.it -password ******** -project CMS
kubectl configured correctly |
After configuring kubectl with the kubectl-openstack plugin, the kubeconfig file (/home/<username>/.kube/config) is either created or updated if it already exists. This file contains the Keystone token and various parameters essential for kubectl to manage authentication.
In scenarios where you belong to multiple CloudVeneto projects, you can utilize the 'kubectl-openstack' command to configure kubectl for all your projects seamlessly.
The following example configures kubectl selecting CMS as projectNow you can access the CaaS:
| Code Block | ||||
|---|---|---|---|---|
| ||||
$ kubectl-openstack -user zangrand@infn.it -password ******** -project CMS kubectl configured correctly |
Now you can access the CaaS:
| Code Block | ||||
|---|---|---|---|---|
| ||||
$ kubectl get pods get pods No resources found in cms namespace. |
...
Prerequisites
- install kubectl (guideguide)
- be registered in INFN-PD affiliated and registered in one of the supported IAM services: "https://iam.cloud.infn.it" or "https://iam.quantumtea.it".
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
$ kubectl-iam --help
Usage: ./kubectl-iam [FLAG] -iam-url <URL> -group <GROUP>
Options:
-force
overwrite the existing configuration
-group string
your IAM group
-iam-url string
the IAM url (default the IAM url (default "https://iam.cloud.infn.it") "https://iam.cloud.infn.it") |
After configuring kubectl with the kubectl-iam plugin, the kubeconfig file (/home/<username>/.kube/config) is either created or updated if it already exists. This file contains the IAM token and various parameters essential for kubectl to manage authentication.
In scenarios where you belong to multiple CloudVeneto projects, you can utilize the 'kubectl-iam' command to configure kubectl for all your projects seamlessly.
The following example configures kubectl using IAM credentials:
| Code Block | ||||
|---|---|---|---|---|
| ||||
$ kubectl-iam -iam-url https://iam.quantumtea.it -group QST please open the link in your web browser: https://iam.quantumtea.it/device?user_code=BB3FXJ or scan the QR code █████████████████████████████████████████ █████████████████████████████████████████ ████ ▄▄▄▄▄ ██ █▀██▀▄█ ▄ ▄▄▄██ ▄▄▄▄▄ ████ ████ █ █ █ █ ▀▄█▄▀▄█▀█▄▄██ █ █ █ ████ ████ █▄▄▄█ █ ▀▀██▄▄▄▄█▀▀▄ █▀█ █▄▄▄█ ████ ████▄▄▄▄▄▄▄█ ▀ █ █ █ █▄▀ ▀ ▀ █▄▄▄▄▄▄▄████ ████▄█ ▄▄▄▀▀▀▄ █ ▄█ ▀▀▄▀██ ▄ ▀▀████ ████▀▄ ▀█▄█▀███▀ ▄ ▀█▀▀▀▀▄▀▀█ ▀ ▀████ ████▄▄▄▀▀▀▄▀▀▄▀ ▀▄ ▄▀▀█▄ ▄▄▄▄▀▄▄ ▀ ████ ████▀▄ ▄█ ▄█▀ ███ ▄▄▀█▄ ▀██ █ ▄█████ █████▀▄█▄▄▄ ██▀▄█▀▀▄▀▄▀▀ ▀▄ ▄▀ ▄ ▀▀ ████ ████ ▀ ▄▄█▄ ▀ ▄▄ ▀ ▀█▄█ ▀▄██ ▀ ▀█████ ████▀ ▀█ ▄▄▀▀▀▀ █▀ ▀▀▄▄▀▄ ▀▄▀██▄▀▄▀████ ████ █ ▀▀▀▄▀ ▄▀▀▀ ▄█▀█▄ ▀▀▄██▀▄ ▄ ▀ █████ ████▄████▄▄▄▀ ▄▀█▀ █ ▀█ █ ▄▄▄ █▀█▀████ ████ ▄▄▄▄▄ █▀▄▀█▄██▄ ▀█ █ █▄█ ▀ ▀████ ████ █ █ █ ▄██ ▄▀▄█▀██ ▄▀ ▄▄ ▀▀▀████ ████ █▄▄▄█ █▄██▄▀▄▄ ▄█▀▀█ ▄█▄▀▄▄▀ ██████ ████▄▄▄▄▄▄▄█▄█▄▄█▄▄▄█▄▄▄▄█▄▄▄██▄█▄█▄█████ █████████████████████████████████████████ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ .................................................................................. kubectl configured correctly |
How to Create and Manage Kubernetes Cluster Nodes (ONLY with kubectl-openstack plugin)
Prerequisites
Before you can create and manage nodes in your Kubernetes cluster, make sure you have completed the following prerequisites:
Configure kubectl with the kubectl-openstack plugin: Ensure that your kubectl is correctly configured with the kubectl-* openstack plugin.
- Currently users accessing with IAM credentials cannot create nodes
- Verify the existence of the 'K8S' security group in the CloudVeneto project with the following rules, or create it:
...