Install the Kubeslice Controller
The KubeSlice Controller orchestrates the creation and management of slices on the worker clusters. The KubeSlice Controller components and the worker cluster components can coexist on a cluster. Hence, the cluster running the KubeSlice Controller can also be used as a worker cluster. We recommend that you run the KubeSlice Controller on a separate cluster.
KubeSlice Controller Components
KubeSlice Controller installs the following:
- KubeSlice Controller specific ClusterResourceDefinitions(CRDs)
- ClusterRole, ServiceAccount and ClusterRoleBinding for KubeSlice Controller
- A Role and RoleBinding for KubeSlice Controller Leader Election
- KubeSlice Controller workload
- KubeSlice Controller API Gateway
Create KubeSlice Controller YAML
To install the KubeSlice Controller on one of the clusters, you need to create a controller.yaml
file that requires the endpoint of the controller cluster. The endpoint is the location on which you install the KubeSlice Controller.
Get the Cluster Endpoint
Use the following command to get the cluster endpoint:
kubectl cluster-info
Example output
Kubernetes control plane is running at https://aks-controller-cluster-dns-06a5f5da.hcp.westus2.azmk8s.io:443
addon-http-application-routing-default-http-backend is running at https://aks-controller-cluster-dns-06a5f5da.hcp.westus2.azmk8s.io:443/api/v1/namespaces/kube-system/services/addon-http-application-routing-default-http-backend/proxy
addon-http-application-routing-nginx-ingress is running at http://40.125.122.238:80 http://40.125.122.238:443
healthmodel-replicaset-service is running at https://aks-controller-cluster-dns-06a5f5da.hcp.westus2.azmk8s.io:443/api/v1/namespaces/kube-system/services/healthmodel-replicaset-service/proxy
CoreDNS is running at https://aks-controller-cluster-dns-06a5f5da.hcp.westus2.azmk8s.io:443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
Metrics-server is running at https://aks-controller-cluster-dns-06a5f5da.hcp.westus2.azmk8s.io:443/ap
From the above output, copy the URL for the Kubernetes control plane to
add it as the cluster endpoint in the controller.yaml
file.
For example,
https://aks-controller-cluster-dns-06a5f5da.hcp.westus2.azmk8s.io:443
.
Controller Configuration Parameters
The following tables describe the configuration parameters used to install the KubeSlice Controller.
Parameter | Parameter Type | Description | Required |
---|---|---|---|
Kubeslice | Object | The cluster where the KubeSlice Controller is installed. | Mandatory |
KubeSlice Parameters
This parameter contains the configuration object used in the KubeSlice Controller YAML file.
Parameter | Parameter Type | Description | Required |
---|---|---|---|
controller | Object | The cluster where the KubeSlice Controller is installed. | Mandatory |
Controller Parameters
This object contains the different parameters used in the KubeSlice Controller YAML file.
Parameter | Parameter Type | Description | Required |
---|---|---|---|
loglevel | String | The log level of Controller. The default value is INFO . The other values are DEBUG or ERROR . | Optional |
rbacResourcePrefix | String | The RBAC resource prefix. | Optional |
projectnsPrefix | String | The project namespace prefix. | Optional |
endpoint | AlphaNumeric | The URL of the Kubernetes control plane. | Mandatory |
| Optional |
Create Controller YAML
Create the controller.yaml
file using the following template.
To understand more about the parameters, see Controller Configuration Parameters.
kubeslice:
controller:
loglevel: info
rbacResourcePrefix: kubeslice-rbac
projectnsPrefix: kubeslice
endpoint: <endpoint of your cluster>
Apply Controller YAML
helm install kubeslice-controller kubeslice/kubeslice-controller -f <full path of the controller>.yaml --namespace kubeslice-controller --create-namespace
Expected Output
NAME: kubeslice-controller
LAST DEPLOYED: Tue May 3 13:12:49 2022
NAMESPACE: kubeslice-controller
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
kubeslice-controller installation successful!
Validate Controller Installation
Validate the installation of the KubeSlice Controller by checking the status of the pods
that belong to the kubeslice-controller
namespace using the following command:
kubectl get pods -n kubeslice-controller
Expected Output
NAME READY STATUS RESTARTS AGE
kubeslice-controller-manager-74f4d9cb8b-8spsq 2/2 Running 0 31s
Create Project Namespace
A project may represent an individual customer or an organization or a department within an organization. Each project would have a dedicated auto-generated namespace, which will ensure that the resources of one project do not clash with the resources of another project.
For example, a slice with the same name can exist across multiple projects but with different configurations. Changes to the slice in one project will not affect the slice in another project. For more information, see the KubeSlice Architecture.
Project Namespace Configuration Parameters
The following tables describe the parameters in the configuration file used to create the project namespace.
Parameter | Parameter Type | Description | Required |
---|---|---|---|
apiVersion | String | The KubeSlice Controller API version. The value must be controller.kubeslice.io/v1alpha1 . | Mandatory |
kind | String | The name of a Mandatory particular object schema. The value must be Project . | Mandatory |
metadata | Object | The metadata describes the parameters (names and types) and attributes that have been applied. | Mandatory |
spec | Object | The specification of the desired state of an object. | Mandatory |
Project Metadata Parameters
These parameters are required for configuring the metadata in the project YAML file.
Parameter | Parameter Type | Description | Required |
---|---|---|---|
name | String | The name of the project you are creating. Each project should have a unique name. | Mandatory |
namespace | String | The namespace on which you apply the project configuration file. The value must be kubeslice-controller . | Mandatory |
Project Spec Parameters
Parameter | Parameter Type | Description | Required |
---|---|---|---|
serviceAccount | Object | To specify permissions on the Project namespace. | Mandatory |
Service Account Parameters
A service account provides an identity for running processes in application pods. It contains the list of users configured in the project YAML file.
Parameter | Parameter Type | Description | Required |
---|---|---|---|
readOnly | List of Strings | The user to be created with read-only permission. | Optional |
readWrite | List of Strings | The user to be created with read-write permission. | Optional |
Create Project YAML
Create a project namespace by creating a <project_name>.yaml
file using the following template:
apiVersion: controller.kubeslice.io/v1alpha1
kind: Project
metadata:
name: <project name>
namespace: kubeslice-controller
spec:
serviceAccount:
readOnly:
- <readonly user1>
- <readonly user2>
- <readonly user3>
readWrite:
- <readwrite user1>
- <readwrite user2>
- <readwrite user3>
Apply Project YAML
Use the <project_name>.yaml
file that you have created and apply it to create the project.
Apply the YAML file:
kubectl apply -f <full path of the project name>.yaml -n kubeslice-controller
Project Validation
After applying the YAML file on the project namespace, you can validate if the project and service accounts are created successfully.
Validate the Project
Use the following command on the kubeslice-controller
namespace to get
the list of the project:
kubectl get project -n kubeslice-controller
Expected Output
NAME AGE
avesha 30s
Validate the Service Accounts
To validate the account creation, check the service accounts that belong to the project namespace using the following command:
kubectl get sa -n kubeslice-<project name>
Example:
kubectl get sa -n kubeslice-avesha
Example Output
NAME SECRETS AGE
default 1 30s
kubeslice-rbac-ro-user1 1 30s
kubeslice-rbac-rw-user2 1 30s
You have successfully installed the KubeSlice Controller and created the project with a dedicated namespace.