Skip to main content
Version: 1.0.0

Install the Kubeslice Controller

The KubeSlice Controller orchestrates the creation and management of slices on the worker clusters. The KubeSlice Controller components and the worker cluster components can coexist on a cluster. Hence, the cluster running the KubeSlice Controller can also be used as a worker cluster. We recommend that you run the KubeSlice Controller on a separate cluster.

KubeSlice Controller Components

KubeSlice Controller installs the following:

  • KubeSlice Controller specific ClusterResourceDefinitions(CRDs)
  • ClusterRole, ServiceAccount and ClusterRoleBinding for KubeSlice Controller
  • A Role and RoleBinding for KubeSlice Controller Leader Election
  • KubeSlice Controller workload
  • KubeSlice Controller API Gateway

Create KubeSlice Controller YAML

To install the KubeSlice Controller on one of the clusters, you need to create a controller.yaml file that requires the endpoint of the controller cluster. The endpoint is the location on which you install the KubeSlice Controller.

Get the Cluster Endpoint

Use the following command to get the cluster endpoint:

kubectl cluster-info

Example output

Kubernetes control plane is running at https://aks-controller-cluster-dns-06a5f5da.hcp.westus2.azmk8s.io:443
addon-http-application-routing-default-http-backend is running at https://aks-controller-cluster-dns-06a5f5da.hcp.westus2.azmk8s.io:443/api/v1/namespaces/kube-system/services/addon-http-application-routing-default-http-backend/proxy
addon-http-application-routing-nginx-ingress is running at http://40.125.122.238:80 http://40.125.122.238:443
healthmodel-replicaset-service is running at https://aks-controller-cluster-dns-06a5f5da.hcp.westus2.azmk8s.io:443/api/v1/namespaces/kube-system/services/healthmodel-replicaset-service/proxy
CoreDNS is running at https://aks-controller-cluster-dns-06a5f5da.hcp.westus2.azmk8s.io:443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
Metrics-server is running at https://aks-controller-cluster-dns-06a5f5da.hcp.westus2.azmk8s.io:443/ap

From the above output, copy the URL for the Kubernetes control plane to add it as the cluster endpoint in the controller.yaml file.

For example, https://aks-controller-cluster-dns-06a5f5da.hcp.westus2.azmk8s.io:443.

Controller Configuration Parameters

The following tables describe the configuration parameters used to install the KubeSlice Controller.

ParameterParameter TypeDescriptionRequired
KubesliceObjectThe cluster where the KubeSlice Controller is installed.Mandatory

KubeSlice Parameters

This parameter contains the configuration object used in the KubeSlice Controller YAML file.

ParameterParameter TypeDescriptionRequired
controllerObjectThe cluster where the KubeSlice Controller is installed.Mandatory

Controller Parameters

This object contains the different parameters used in the KubeSlice Controller YAML file.

ParameterParameter TypeDescriptionRequired
loglevelStringThe log level of Controller. The default value is INFO. The other values are DEBUG or ERROR.Optional
rbacResourcePrefixStringThe RBAC resource prefix.Optional
projectnsPrefixStringThe project namespace prefix.Optional
endpointAlphaNumericThe URL of the Kubernetes control plane.Mandatory

| Optional |

Create Controller YAML

Create the controller.yaml file using the following template.

info

To understand more about the parameters, see Controller Configuration Parameters.

kubeslice:
controller:
loglevel: info
rbacResourcePrefix: kubeslice-rbac
projectnsPrefix: kubeslice
endpoint: <endpoint of your cluster>

Apply Controller YAML

helm install kubeslice-controller kubeslice/kubeslice-controller -f <full path of the controller>.yaml --namespace kubeslice-controller --create-namespace

Expected Output

NAME: kubeslice-controller
LAST DEPLOYED: Tue May 3 13:12:49 2022
NAMESPACE: kubeslice-controller
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
kubeslice-controller installation successful!

Validate Controller Installation

Validate the installation of the KubeSlice Controller by checking the status of the pods that belong to the kubeslice-controller namespace using the following command:

kubectl get pods -n kubeslice-controller

Expected Output

NAME                                               READY   STATUS      RESTARTS   AGE
kubeslice-controller-manager-74f4d9cb8b-8spsq 2/2 Running 0 31s

Create Project Namespace

A project may represent an individual customer or an organization or a department within an organization. Each project would have a dedicated auto-generated namespace, which will ensure that the resources of one project do not clash with the resources of another project.

For example, a slice with the same name can exist across multiple projects but with different configurations. Changes to the slice in one project will not affect the slice in another project. For more information, see the KubeSlice Architecture.

Project Namespace Configuration Parameters

The following tables describe the parameters in the configuration file used to create the project namespace.

ParameterParameter TypeDescriptionRequired
apiVersionStringThe KubeSlice Controller API version. The value must be controller.kubeslice.io/v1alpha1.Mandatory
kindStringThe name of a Mandatory particular object schema. The value must be Project.Mandatory
metadataObjectThe metadata describes the parameters (names and types) and attributes that have been applied.Mandatory
specObjectThe specification of the desired state of an object.Mandatory

Project Metadata Parameters

These parameters are required for configuring the metadata in the project YAML file.

ParameterParameter TypeDescriptionRequired
nameStringThe name of the project you are creating. Each project should have a unique name.Mandatory
namespaceStringThe namespace on which you apply the project configuration file. The value must be kubeslice-controller.Mandatory

Project Spec Parameters

ParameterParameter TypeDescriptionRequired
serviceAccountObjectTo specify permissions on the Project namespace.Mandatory

Service Account Parameters

A service account provides an identity for running processes in application pods. It contains the list of users configured in the project YAML file.

ParameterParameter TypeDescriptionRequired
readOnlyList of StringsThe user to be created with read-only permission.Optional
readWriteList of StringsThe user to be created with read-write permission.Optional

Create Project YAML

Create a project namespace by creating a <project_name>.yaml file using the following template:

apiVersion: controller.kubeslice.io/v1alpha1
kind: Project
metadata:
name: <project name>
namespace: kubeslice-controller
spec:
serviceAccount:
readOnly:
- <readonly user1>
- <readonly user2>
- <readonly user3>
readWrite:
- <readwrite user1>
- <readwrite user2>
- <readwrite user3>

Apply Project YAML

Use the <project_name>.yamlfile that you have created and apply it to create the project.

Apply the YAML file:

kubectl apply -f <full path of the project name>.yaml -n kubeslice-controller

Project Validation

After applying the YAML file on the project namespace, you can validate if the project and service accounts are created successfully.

Validate the Project

Use the following command on the kubeslice-controller namespace to get the list of the project:

kubectl get project -n kubeslice-controller

Expected Output

NAME     AGE
avesha 30s

Validate the Service Accounts

To validate the account creation, check the service accounts that belong to the project namespace using the following command:

kubectl get sa -n kubeslice-<project name>

Example:

kubectl get sa -n kubeslice-avesha

Example Output

NAME                              SECRETS   AGE
default 1 30s
kubeslice-rbac-ro-user1 1 30s
kubeslice-rbac-rw-user2 1 30s
success

You have successfully installed the KubeSlice Controller and created the project with a dedicated namespace.