Skip to main content
Version: 1.0.0

Register Worker Clusters

To create a slice across your Kubernetes clusters, register worker clusters with the KubeSlice Controller. This topic describes how to register a worker cluster with the KubeSlice Controller.

Cluster Registration Configuration Parameters

The following tables describe the configuration parameters used to register the worker cluster with the controller cluster.

ParameterParameter TypeRequiredDescription
apiVersionStringThe KubeSlice Controller API version. The value must be controller.kubeslice.io/v1alpha1.Mandatory
kindStringThe name of a particular object schema. The value must be Cluster.Mandatory
metadataObjectThe metadata parameters (names and types) and attributes that have been applied.Mandatory
specObjectThe specification of the desired state of an object.Mandatory

Cluster Registration Metadata Parameters

The parameters are related to metadata configured in the worker cluster registration YAML file.

ParameterParameter TypeDescriptionRequired
nameStringThe given name of the cluster.Mandatory
namespaceStringThe project namespace on which you apply the project configuration file.Mandatory

Cluster Registration Spec Parameters

The parameters are related to the specification configured in the worker cluster registration YAML file.

ParameterParameter TypeDescriptionRequired
networkInterfaceStringThe name of the network interface for egress traffic on a gateway node. The QoS profile for a slice will be applied to this interface.Default Interface: eth0Mandatory
clusterPropertyObjectIt contains the worker cluster details.Mandatory

Cluster Property Parameters

The parameters are related to the cluster property configured in the worker cluster registration YAML file.

ParameterParameter TypeDescriptionRequired
geoLocationObjectIt contains information on the geological location of the worker cluster.Optional

Geolocation Parameters

ParameterParameter TypeDescriptionRequired
cloudProviderStringThe name of your cloud providerOptional
cloudRegionStringThe cloud provider region where your cluster is located.Optional

Create Cluster Registration YAML

You can list multiple clusters in a single registration YAML file and register them with the KubeSlice Controller.

Create your cluster registration.yaml file using the following template:

apiVersion: controller.kubeslice.io/v1alpha1
kind: Cluster
metadata:
name: <cluster-name-1>
namespace: kubeslice-<projectname>
spec:
clusterProperty:
geoLocation:
cloudProvider: "<cloud_provider>"
cloudRegion: "<cloud_region>"
nodeIPs: # Optional
- <IP address -1>
- <IP address -2>
---
apiVersion: controller.kubeslice.io/v1alpha1
kind: Cluster
metadata:
name: <cluster-name-2>
namespace: <kubeslice-projectname>
spec:
clusterProperty:
geoLocation:
cloudProvider: "<cloud_provider>"
cloudRegion: "<cloud_region>"
nodeIPs: # Optional
- <IP address -1>
- <IP address -2>
info

The IP addresses are used for inter-cluster tunnel creation (supports IPv4 and IPv6 IP address). If a node IP is not provided, Kubeslice will auto detect it from the gateway nodes.

The following is the example YAML file:

apiVersion: controller.kubeslice.io/v1alpha1
kind: Cluster
metadata:
name: worker-cluster-1
namespace: avesha
spec:
clusterProperty:
geoLocation:
cloudProvider: "AZURE"
cloudRegion: "eastus"
nodeIPs: # Optional
- <IP address -1>
- <IP address -2>
---
apiVersion: controller.kubeslice.io/v1alpha1
kind: Cluster
metadata:
name: worker-cluster-2
namespace: avesha
spec:
clusterProperty:
geoLocation:
cloudProvider: "AZURE"
cloudRegion: "westus2"
nodeIPs: # Optional
- <IP address -1>
- <IP address -2>

The following is the example YAML file only with the mandatory parameters:

apiVersion: controller.kubeslice.io/v1alpha1
kind: Cluster
metadata:
name: worker-1
namespace: kubeslice-avesha
spec:
networkInterface: eth0
clusterProperty:
geoLocation:
cloudProvider: "GCP"
cloudRegion: "europe-west3"
---
apiVersion: controller.kubeslice.io/v1alpha1
kind: Cluster
metadata:
name: worker-2
namespace: kubeslice-avesha
spec:
networkInterface: eth0
clusterProperty:
geoLocation:
cloudProvider: "GCP"
cloudRegion: "europe-west3"

Apply the Cluster Registration YAML File

The following information is required.

ValuesDescription
<cluster name>The name of the cluster.
<project namespace>The namespace of your project.
  1. Switch the context to the controller cluster.

    kubectx <controller cluster name>
  2. Use the following command to apply the registration.yaml file.

    kubectl apply -f <full path to registration>.yaml -n <project namespace>

Validate the Registered Clusters

Validate the registered clusters by using the following command:

kubectl get clusters -n kubeslice-<project name>

Example

kubectl get clusters -n kubeslice-avesha

Expected Output

NAME           AGE
aks-worker-2 17s
gke-worker-1 17s

Install the Slice Operator

To install the Slice Operator on the worker cluster, you need to first register the worker cluster with the KubeSlice Controller as performed in the previous section. After the worker cluster is registered, you can obtain its secrets manually from the KubeSlice Controller. These secrets will then need to be used in the slice-operator.yaml file to install the Slice Operator. By completing these steps, the worker cluster can fully integrate with the KubeSlice Controller and utilize its features.

info

THIS STEP NEEDS TO BE PERFORMED ON ALL WORKER CLUSTERS IN THE CONFIGURATION.

Automated Retrieval of Registered Cluster Secrets

Script Parameter Descriptions

ParameterDescription
<worker-secret-name>The worker secret name that you get by running this command on the KubeSlice Controller: kubectl get secrets -n kubeslice-<projectname>. For example, kubeslice-rbac-worker-kind-worker-1-token-s9d96.
<worker-cluster-name>The given name of the worker cluster.
kubeslice-<projectname>The given name of your project. For example, add kubeslice-avesha as the project namespace.
<network-interface>The worker network interface you get in the above output by doing route lookup on the EXTERNAL IP address. For example, add eth0 as the parameter value.
<worker-api-endpointThe endpoint of the worker cluster you get by running this command: kubectl cluster-info. For example, add https://34.105.95.217 as the endpoint.

Getting the Worker Network Interface

To install the Slice Operator, you will require the interface name of the gateway nodes which were either labeled at the time of installation or were created as node pools during the installation process.

Use the following command on the gateway node:

warning

The below command does not work for OpenShift clusters.

ip route get <external node IP> | awk '{ print $5 }'

Example

ip route get 8.8.8.8 | awk '{ print $5 }'

Example Output

eth0

Create the secrets.sh File

Copy and save the below script as secrets.sh

# The script returns a kubeconfig for the service account given
# you need to have kubectl on PATH with the context set to the cluster you want to create the config for

# Cosmetics for the created config
firstWorkerSecretName=$1

# cluster name what you given in clusters registration
clusterName=$2

# the Namespace and ServiceAccount name that is used for the config
namespace=$3

# Need to give correct network interface value like ens160, eth0 etc
networkInterface=$4

# kubectl cluster-info of respective worker-cluster
worker_endpoint=$5


######################
# actual script starts
set -o errexit

### Fetch Worker cluster Secrets ###
PROJECT_NAMESPACE=$(kubectl get secrets $firstWorkerSecretName -n $namespace -o jsonpath={.data.namespace})
CONTROLLER_ENDPOINT=$(kubectl get secrets $firstWorkerSecretName -n $namespace -o jsonpath={.data.controllerEndpoint})
CA_CRT=$(kubectl get secrets $firstWorkerSecretName -n $namespace -o jsonpath='{.data.ca\.crt}')
TOKEN=$(kubectl get secrets $firstWorkerSecretName -n $namespace -o jsonpath={.data.token})

echo "
---
## Base64 encoded secret values from controller cluster
controllerSecret:
namespace: ${PROJECT_NAMESPACE}
endpoint: ${CONTROLLER_ENDPOINT}
ca.crt: ${CA_CRT}
token: ${TOKEN}
cluster:
name: ${clusterName}
endpoint: ${worker_endpoint}
netop:
networkInterface: ${networkInterface}

Execute the secrets.sh File

The output of the script is Required for the Slice YAML file creation:

Use the following command to get the secrets of the worker cluster from the controller cluster.

sh secrets.sh <worker-secret-name> <worker-cluster-name> <kubeslice-projectname> <network-interface> <worker-api-endpoint> <docker-username> <docker-password>

Example

sh secrets.sh kubeslice-rbac-worker-gke-worker-1-token-85tmc gke-worker-1 kubeslice-avesha eth0 https://34.105.95.217 user1 5585799-5d5a-48fa-b805-f4a1ffb110

Example Output

---
## Base64 encoded secret values from controller cluster
controllerSecret:
namespace: a3ViZXNsaWNlLWF2ZXNoYQ==
endpoint: aHR0cHM6Ly9DNjgwNTQ5MUNBNTI2MzVFM0YzNEUwQTFDRTRDMkY3RS5ncjcudXMtZWFzdC0xLmVrcy5hbWF6b25hd3MuY29t
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeU1Ea3lNREEzTURZeE5Gb1hEVE15TURreE56QTNNRFl4TkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTXR2ClpXczQ1RVhicDdZMDJWdEJibUJITHBOTVN4VnpEQzBvWTh5N3R1YmJLWEJFRk9xbGVzU2trYWpmanJ5dGdTZzgKSmE2bXQ0TERjSlQrQ3FmYzMxYWN5RWpHdXlPeFM0Tmt4RGlBdkI0bHRyY2JLMmhnNkJmOWk1RDBTUzV5Rzh3WQpHZVV1bDkyOGlRcnVQeUxTY21wc0s3Y2sxL2FIQjAybDZpNmh5UWhyb1NMWSs5RHhobDdaVTBDMGpwTTQrZG1tClJ1cndVSEUvSGdFQ20yOUZuc3RiOTNZU2NsN3pERG4wdll1SVMrcWZoY2ZTSHR3VFRoZ1JkRlVtWStNUzM2dEYKSXBqNG8xT2xhdXRaMVZkUEJMbGRxUTdxTmlwVGtNbmZhTHA3U0h1QUUxSHV0N0xCOUxSMFAwQXlNU0NwbDV6QQpWWld1VVQ2cmw4TzZDMU5lUmY4Q0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZCNnJkejFRa0NoU2ZtcjBRVU5CeGt3M3pKeFZNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFBVWlaYnl2T1N6bVU5YnlWdVFreE9xaVZVdnBVUFlhZDJoZmJsejd0Z1krNWljYnR3SApoeDg1Rmp3WkZvRktkQVJiN1cxYnJnTG5OcXhDZEllWTVKZEkzTlBZRjZrVlc3ZmNMckUwK1BEWXhkc3dDZXdlCk9DSklUSFp3YjNQM05qMUNzTmVVaHg0Um4wd2FiYjlzS0xkUG5Bc0NRNFplTWxaalBSUllIeHg5QVU2ZWNxbXMKZWJWUkRpVTUzekJGd2tpSEhyZHRDTDNQQmxCZENvY0s5dXFQSi9nSXJDYVBrWGl3SlNZb0NrdWt4dm9rZk9xVgpONWd5QXFKL2o4RmkwUEh3UkVIUXNHVnVvajhxQjJzYUd4ZExhcTVWditsQVJpWktEVGhrVXJEeUE0YjB5c0w2CnZDUGtJRUl1ZE5SSGQ3eEJ6ckxPcVhVdXFGREJvTS92TFhaOQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklqWkdZVEpwTlZWb1drcEhaaTF6VWpSa09WaENlRjlCUzNaSU1uQlhaMEZEY2xGTldrOXFOVUppWjJjaWZRLmV5SnBjM01pT2lKcmRXSmxjbTVsZEdWekwzTmxjblpwWTJWaFkyTnZkVzUwSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXVZVzFsYzNCaFkyVWlPaUpyZFdKbGMyeHBZMlV0WVhabGMyaGhJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5elpXTnlaWFF1Ym1GdFpTSTZJbXQxWW1WemJHbGpaUzF5WW1GakxYZHZjbXRsY2kxbmEyVXRkMjl5YTJWeUxURXRkRzlyWlc0dE9EVjBiV01pTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxjblpwWTJVdFlXTmpiM1Z1ZEM1dVlXMWxJam9pYTNWaVpYTnNhV05sTFhKaVlXTXRkMjl5YTJWeUxXZHJaUzEzYjNKclpYSXRNU0lzSW10MVltVnlibVYwWlhNdWFXOHZjMlZ5ZG1salpXRmpZMjkxYm5RdmMyVnlkbWxqWlMxaFkyTnZkVzUwTG5WcFpDSTZJalJpT0RWak5tWmpMV1ZrWXpFdE5HRTNZeTFpT0dWaUxUVmxNVEUyTURrd1lXRmhNaUlzSW5OMVlpSTZJbk41YzNSbGJUcHpaWEoyYVdObFlXTmpiM1Z1ZERwcmRXSmxjMnhwWTJVdFlYWmxjMmhoT210MVltVnpiR2xqWlMxeVltRmpMWGR2Y210bGNpMW5hMlV0ZDI5eWEyVnlMVEVpZlEuRVNkVm1vajA3OXBrSmkzbktGMFhuZE9sa2Q4aGJJdUNaLURpdG1UOGZkVmRkeGhPWEdfcVFSSXZqN05tb1JMUC1xdzJacHliZmgtYWJRVUtNSHFTTGM0aFNBMFhaTTI2UnprWUpRZU9NUE80dGdqdjVQaWNYRkJDbFo0Vk93d2V0WE5Ldi1TLVhiOWVYeHBGQjVDZUozVm0tZjlBV2xXZkMzLUg3aTBoZVlXaWdOSU85SEFFeU43b1RtYXV3WFRRRUg3YVlNOURpZmRreHNaTjZyeTlPZ09TbzJMcUQyc2F2bzNVSU5iX3d6bzdkc2t3T0NuZjdOQk1pMzJOYmZTZ2dBaFdNOUVFM0hyUzFXMWgzZEJLZURMZjEzNXVGZjB4N29NM2lfSUliTzNnZlhYaDVKN3UwS1RIYXNvVFRwVFJhY29NVWkzZ3lnaFN5R0Y0dmVXSzZB
cluster:
name: gke-worker-1
endpoint: https://34.105.95.217
netop:
networkInterface: eth0

Manually Retrieve Registered Cluster Secrets

Create your secrets YAML file using the above output to install the Slice Operator on the worker cluster.

After registering the worker cluster with the KubeSlice Controller, you get a secret listed under the project namespace. The secret contains access information for the Slice Operator on the worker cluster to communicate with the KubeSlice Controller.

  1. Switch the context to the controller cluster.

    kubectx <cluster name>
  2. Get the list of secrets that belong to the project namespace using the following command:

    kubectl get secrets -n kubeslice-<projectname>

    Example

    kubectl get secrets -n kubeslice-avesha

    Example Output

    NAME                                           TYPE                                  DATA   AGE
    default-token-q2gp9 kubernetes.io/service-account-token 3 43s
    kubeslice-rbac-ro-abc-token-kp9tq kubernetes.io/service-account-token 3 43s
    kubeslice-rbac-ro-xyz-token-vcph6 kubernetes.io/service-account-token 3 43s
    kubeslice-rbac-rw-abc-token-vkhfb kubernetes.io/service-account-token 3 43s
    kubeslice-rbac-rw-xyz-token-rwqr9 kubernetes.io/service-account-token 3 43s
    kubeslice-rbac-worker-aks-worker-1-token-hml58 kubernetes.io/service-account-token 5 43s
    kubeslice-rbac-worker-aks-worker-2-token-lwzj2 kubernetes.io/service-account-token 5 43s

    The name of the secret is in this format: kubeslice-rbac-<registered cluster secret name>-token. For example, the kubeslice-rbac-worker-aks-worker-1-token-hml58 secret is meant for a worker cluster that is registered using the name aks-worker-1.

  3. Retrieve the details of the secret using the following command:

    kubectl get secrets <worker-cluster-secret-name> -o yaml -n kubeslice-<projectname>

    Example Output

    kubectl get secrets kubeslice-rbac-worker-aks-worker-1-token-hml58 -o yaml -n  kubeslice-cisco
    apiVersion: v1
    data:
    ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUU2VENDQXRHZ0F3SUJBZ0lSQUtkdGsrOTJWQlJaSlJ4K2w5SHFabWN3RFFZSktvWklodmNOQVFFTEJRQXcKRFRFTE1Ba0dBMVVFQXhNQ1kyRXdJQmNOTWpJd016RTFNRGN3TURNM1doZ1BNakExTWpBek1UVXdOekV3TXpkYQpNQTB4Q3pBSkJnTlZCQU1UQW1OaE1JSUNJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBCm1PZVNWQ3VVY0NNYlJtYkxsREFGSjljZk1ER0hHbWlVcy9PaU1zRm1QelZzcGkveEM0bFhqdStnSGtvNXMwcEEKeWZ6aURMU3cxeFA1RWk0S1NLMmhxZnBjYW04MFViTTV0RTIyaHowd21sOGlRblhES1Ztdm9JOFBqNm9SZHpiNApxcC9sMGFMZHUvOGtrVEhSWVU4MVJyWFJtWEVaUjJUcG9qaGZCYXd6UGxCNWFJall2YVc0djRERFpqRjFaTzNwCjdvNFg5RWZsZmZtd0wyNmlUSWZINjNwU3VBNjlob25RY0NLVjh3SmdDQVdxZHBDT0hJQlBUWjVzQThSWkdja2sKSDlzNXR3U00zbWVBcXEzaGhLVmNRL0YxNTlOLzdDRUZOZytjUTdtYkgxS21ISnEzYSsvYmRJM296L3R3cGRUZwppUUVEVS94UENxNTJHRnNFazNYTEcxSG5GUVpmZWVCNThQNVd6NS9Iak9KbHJwOExUN0RDdHFDK2FuLzNCRTh4ClJwMkRaOW9TT2UyblhyK3FreDRpampndVlKeCtiRHpGM2o0MVRrd1Q3am1teWlGMkZYN25nWGVpVk1nSU8xdisKZjFSdVRiTHpsYlFSNU12a09qUm9vVlBybWRXVVRFNVdaMFp4QnRkS1dtdUdHR2ZMOFljNndQc0NKUldianpORwppb2psZU9lVkg5UDB5S3VkREZPWkFINHp6Vk1CYTAvMHJXKzRnWnhtVzVpRkxaVE1BbEQ5QXhSclhPbFB4Uzg5CnFMY3NCMHNqbDNzeGlzb0lieEJGSUwzeGtRa0szK1RDYktIQmlnR1dBQmxlRGJHYWZHVjRDalpBL0E5MC93QlUKNjJRWUdEZ1FkVDhsN2U1anp0RjZWanBFbXo5T1IrUUphR3FXczFMQ04vRUNBd0VBQWFOQ01FQXdEZ1lEVlIwUApBUUgvQkFRREFnS2tNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdIUVlEVlIwT0JCWUVGSlp0UHlYZ0wrcXIxRzIyCmtVWllpN0E4U1dPME1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQWhXNG9QdVlEazNiamZSdlpYQmllTU5Sa3cKc1FCSjNoL3dCT3c5K0hMZ2lpYzJhNDdtWUJHcDlDV0ZvWTIvKzNDcjdZQThKYzZyY3QrcnlMeDUvQThlOVB3bApXV1VKbnVSalA5d3NoTkk0UUFKalRESEdMYVd4dXphOXFtVUxHUHV0VWpORkcySlJOTWxiV2pxakJzN1I1RFNMClVXazBEVi92dWU4YUhyRTJPRk5wVjFIK2V3VS9xdHFyRlVUWFI4d2NIRXdSNVU0cG9SSU9mOUl2OTdyOTdLY2gKTGFiQ1hJTWhpeVZMcDcvRXpGNVFyNFA0OUNhS0ZvMXhQQm1zcWUrV0lJZzFxbjk1ZlRHRjZmc3dwMHM0TE5pcQpJRnRsS3doR294VFNONXZWMU9EcTFWY3NOY2VRT0FNQVE0WE9zNGxBZURGTXFoaUtVcDJHZlZ2RWZKb2I4QzQ5CnAxcFB1ZWl5dksrc1ZUL2NWSkpzeUMvcnZBQUZ4ZnFlUytZbFlXajMwdG1pTitSdjRlS3V2c1ZadWZQSGVuNDcKdHVZSUQrNDZEL0x2ZVBBdGcwVVg4U3Qwakx4ZWg5bTFwRzZqSWk4NVlYQ0kzVy9XUms0aXpXMC85NldwZ1BJSAplOWQrRlhOZWY3eXJNWWExbGdGV1V2ajNiNG11aGlHQngvNE9oTWt6R3BUYU1aOWhCMUJyVlE5N1BwM0xkVHhxCnFESEJyZThETXN3MXJ4Uk12azVKNWEvVlMvUlBMS21KK2k2czN1RzlnaFVCSXIyQmVaS0gzdGFKUFpEaEhYNlUKaW1yS3F5KzV2MG9vTTl3OTU0MVlyMFVyUTZPSkpqNzRhc044MjRlVVJueFRCZDFTTVFMSGtYeThMS1FFYUVweQpZWXNrYUpPSys0cFJRREZTeFE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
    clusterName: YWtzLXNwb2tlLTE=
    controllerEndpoint: aHR0cHM6Ly8xMjcuMC4wLjE6MzY1MTU=
    namespace: a3ViZXNsaWNlLWNpc2Nv
    token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklsbFBVbUpqTVVGaU5ucDRiSFUwWm1wdVowdHVUREJ5V1RsemFtdEdjR1p5TTNaSk5FSkhVbkpGY2pnaWZRLmV5SnBjM01pT2lKcmRXSmxjbTVsZEdWekwzTmxjblpwWTJWaFkyTnZkVzUwSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXVZVzFsYzNCaFkyVWlPaUpyZFdKbGMyeHBZMlV0WTJselkyOGlMQ0pyZFdKbGNtNWxkR1Z6TG1sdkwzTmxjblpwWTJWaFkyTnZkVzUwTDNObFkzSmxkQzV1WVcxbElqb2lhM1ZpWlhOc2FXTmxMWEppWVdNdGMzQnZhMlV0WVd0ekxYTndiMnRsTFRFdGRHOXJaVzR0YUcxc05UZ2lMQ0pyZFdKbGNtNWxkR1Z6TG1sdkwzTmxjblpwWTJWaFkyTnZkVzUwTDNObGNuWnBZMlV0WVdOamIzVnVkQzV1WVcxbElqb2lhM1ZpWlhOc2FXTmxMWEppWVdNdGMzQnZhMlV0WVd0ekxYTndiMnRsTFRFaUxDSnJkV0psY201bGRHVnpMbWx2TDNObGNuWnBZMlZoWTJOdmRXNTBMM05sY25acFkyVXRZV05qYjNWdWRDNTFhV1FpT2lJd1l6Qm1ZalpoTWkwMlpUZG1MVFEwTkRVdE9UWTBaUzAwTURObVpqZzVPRGN6WldJaUxDSnpkV0lpT2lKemVYTjBaVzA2YzJWeWRtbGpaV0ZqWTI5MWJuUTZhM1ZpWlhOc2FXTmxMV05wYzJOdk9tdDFZbVZ6YkdsalpTMXlZbUZqTFhOd2IydGxMV0ZyY3kxemNHOXJaUzB4SW4wLnVYcnppc0U0ZkF6WklValV4Y2Q5d3dhVE41OGI0TVBlQjhOUUY0RHdWT1pwTzloQ293MU9BaE9Vc0k2cXdJeVNfcGN2T2tKeDBwN1hvTnVOZEZkdld5bThxUExNeThVNFhpZ2ZUeFhURUk4UG1RdGVzT2tRR3F3SFZlTExzME5LYUJ6ZUVaNFAwb2d4UWxXMVVxMzRTWFdJcTUzY3BNZFFJclZVdTBnYmdZMmZ6aUVrNnNlT3dVYkZ3ZGRuSElGUDN3Yi1qMDdTLUZpVG1ES042UmM3ZUFpNGNUZWtyXzNHZ0NOZllrbHdkdEd5czZETjg0ZlFQbVBqMmpUOS16QnRpcHJyS25SSzVPRHppWG4wT0FPQ0M3QlhpamJQeGswcHpNUG1jdDBBUzg0SGxFckd1WlVRUVNNQ2E5SEFwOG12UExYb3FaN1gxREI1bXBsTkxEM3gzaDgwcURZSExJUXZwNGhEUl8wdkpPSFZMaEl5akQ1NTNVUU5FMExhNThXTnhaTUhEZ1haRUtna3dlYXJBVWFXQ3U4VDRUNWdxS2dNMmFJMDU4RjhNWEVremdfWThCcjhJUnIzbmlJaEhnUXp2bHZFdG5ETl93ajNVXzZwUzJmRFZ4eFpDbURXSmlfUW9fWUpoN2JuVlh1bktDaVdqVWFZanQ1SjN4ZDhXcjkydVJBSDY3MzY4dmxjdWpVOTgyU2FjRTJBaks4NkhCR1FITTlfQ2FpZS1RUUgzc2hhUEVXVE5BT3FZWWMtbldUd29GcjJ0bUhFQnJsc0FVejVxaHdwcDVnMEV5dzFuMUdfS05MVWVwSUpCdF9VWjZpQ0NwX3NVbGZqSFdqb0R1OHJmd1ZIX3FudkZVNUViV0lpdnF4WkFVNTNqQmwtQkJELUlTbTJTMEoxWDJn
    kind: Secret
    metadata:
    annotations:
    kubernetes.io/service-account.name: kubeslice-rbac-worker-aks-worker-1
    kubernetes.io/service-account.uid: 0c0fb6a2-6e7f-4445-964e-403ff89873eb
    creationTimestamp: "2022-03-15T08:48:04Z"
    managedFields:
    - apiVersion: v1
    fieldsType: FieldsV1
    fieldsV1:
    f:data:
    .: {}
    f:ca.crt: {}
    f:namespace: {}
    f:token: {}
    f:metadata:
    f:annotations:
    .: {}
    f:kubernetes.io/service-account.name: {}
    f:kubernetes.io/service-account.uid: {}
    f:type: {}
    manager: kube-controller-manager
    operation: Update
    time: "2022-03-15T08:48:04Z"
    - apiVersion: v1
    fieldsType: FieldsV1
    fieldsV1:
    f:data:
    f:clusterName: {}
    f:controllerEndpoint: {}
    manager: manager
    operation: Update
    time: "2022-03-15T08:48:34Z"
    name: kubeslice-rbac-worker-aks-worker-1-token-hml58
    namespace: kubeslice-cisco
    resourceVersion: "21121"
    uid: 611af586-b11d-45d4-a6e0-cee3167e837c
    type: kubernetes.io/service-account-token

Get the Worker Network Interface

Get the name of the network interface on the gateway nodes that is the egress interface for external traffic.

Use the following command on the gateway node:

warning

The below command does not work for OpenShift clusters.

ip route get <External IP Address> | awk '{ print $5 }'

Example

ip route get 8.8.8.8 | awk '{ print $5 }'

Example Output

eth0

Slice Operator Configuration Parameters

The following tables describe the configuration parameters used to install the Slice Operator on the worker cluster.

ParameterParameter TypeDescriptionRequired
operatorObjectThis contains the Slice Operator information.Optional
controllerSecretObjectThis contains the secrets to connect to controller cluster.Optional
clusterObjectThis contains the information about the worker cluster.Optional
netopObjectThis contains the parameters related to network operations such as enforcing the QoS profile configured for a slice.Mandatory

Slice Operator Parameters

These parameters are related to the installation of the Slice Operator and they are configured in the Slice Operator YAML file.

ParameterParameter TypeDescriptionRequired
logLevelStringThe log level can be set to INFO or DEBUG. The default value is set to INFO.Optional

Controller Secret Parameters

These parameters are related to the KubeSlice Controller that are required to install the Slice Operator and they are configured in the Slice Operator YAML file.

ParameterParameter TypeDescriptionRequired
namespaceStringThe namespace that you get from the secret.Mandatory
endpointStringThe controllerEndpoint that you get from the secret.Mandatory
ca.crtStringThe ca.crt that you get from the secret.Mandatory
tokenStringThe token that you get from the secret.Mandatory

Cluster Parameters

These parameters are related to the worker cluster that are configured in the Slice Operator YAML file.

ParameterParameter TypeDescriptionRequired
nameStringThe name of the cluster that is registered with the KubeSlice controller. The cluster name must be unique in the project.Mandatory
endpointStringThe control plane's kube-apiserver endpoint of the worker cluster that you get in the output after running the kubectl cluster-info command.Mandatory

Network Operator Parameter

This parameter is related to network operations such as enforcing the QoS profile configured for a slice and is configured in the Slice Operator YAML file.

ParameterParameter TypeDescriptionRequired
networkInterfaceAlphaNumericThe name of the network interface on the gateway nodes that is the egress interface for external traffic. It may be obtained by doing a route lookup on a well-known public IP address like the Google public DNS IP address 8.8.8.8.Mandatory

Create the Slice Operator YAML

Use base64 encoded values of the namespace, endpoint, ca.crt, and the token from the above secrets retrieved by using the secret.sh script or the output following the manual secret retrieval steps to create the sliceoperator.yaml file.

Create the YAML File

Copy and paste the below template into a file called sliceoperator.yaml.

## Base64 encoded secret values for the namespace, endpoint, ca.crt and token from the controller cluster
controllerSecret:
namespace: <encoded_namespace>
endpoint: <encoded_endpoint>
ca.crt: <encoded_ca.crt>
token: <encoded_token>

cluster:
name: <worker cluster>
endpoint: <endpoint of control plane of the worker cluster>

netop:
networkInterface: <network interface value>

Get the Worker Cluster Control Plane Endpoint

Get the control plane's kube-apiserver endpoint of the worker cluster by using the following command:

kubectl cluster-info

Expected Output

https://34.159.173.186 

Example of the Slice Operator YAML

controllerSecret:
namespace: a3ViZXNsaWNlLWF2ZXNoYQ==
endpoint: aHR0cHM6Ly8xNzIuMTguMC4yOjY0NDM=
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeU1EVXhNREEzTkRBd05sb1hEVE15TURVd056QTNOREF3Tmxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTlNaCnlFcnhHQitHZTczTDdwS3dKTDNHR0k2VDdjazkrdmFHbGNkZ1ZuNnA3bWVSdHh1SFZMQmZQYWJlM0JkZjJTaE4KKzZpVEtscVJoN0VPNmltRVdJbkk0UitING9Xb2xkU09uOEQ5b1VVeDcydGkrK211ak5CRmlmbHB1TG85bk9TMQpKUjAxWWdwaC9IMi9mVE0yeVVlRmlJelBFZEdpOXUxM0JzOHZqQnRjUmdsZzdobEE0bm1HSDRMMGtERjkrZHNWCmJBN3N1S1dOZ2ZBeHp5SnRKYkN5SkFFSHdKY0V0aHhOREpwRUZ2UEZRY29FYzl6SHFkdFJMejF0Z05yRUZwU2oKOCtBbHRMdEZVSFd0ZmF0RnJ1M05qOHNWN2JITVM3UTlKeWRjWkFMcDJNM3RkNkFSeGxzSVg4WlJRei9EWm5jcgo5UjhYS0JwUmxnOWMzOTZERDVrQ0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZEZmVYZC9YT0pSZWpVc2hzMnNPZ0E2RHdYcE5NQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBRHU0TVlNb2Rqa2JnQ0hndzZwbQpTWjhKWGMxNStWa0o0clNUbEtpTERlWVlYNit0dzdoek1FZFBieXkwSnprbTl6UWYrbnZlQlpYODhLeVhVTzIxCjI0NWZjanQxeEQ1ZEVMalR1ZlFFYjhqejByVmdMTnFKak5Gdm1OZXhtYzB0aTlXRVlMQUFtcVVoaUlFVVdCUjkKeEp3M2Z0eXI4OWRKZ1pRc2cyUkl5S3h0ajZacUtMRElZVlZKbzFLZjlUOUFFZUw4Qjc2RnJzU1RuQjIrek83OQpveUUrVGRvMFJOQUFOYlF2aVNRR3J2NHRTZlRja2t2c3lDNi9qL1ZCSGRGQ3Zhb3c5WXRtRnZJUkVJdWx4YjZ1Cmp4MjNJc0VuaEovSXlQblZhY3JJM29SNU9WVENIaGY5RGoxRHZTU0dDVkt1RTRjVGo0YjZ0clFrNm1qbUZMZlkKUlhVPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklrRjVTV0pEVEdObU4yOU1RM3BXZUY5MVNXSnNaVzVzVkhOdllrTlljRXN0ZDFRNU9VbGxlbTE0V2xFaWZRLmV5SnBjM01pT2lKcmRXSmxjbTVsZEdWekwzTmxjblpwWTJWaFkyTnZkVzUwSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXVZVzFsYzNCaFkyVWlPaUpyZFdKbGMyeHBZMlV0WVhabGMyaGhJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5elpXTnlaWFF1Ym1GdFpTSTZJbXQxWW1WemJHbGpaUzF5WW1GakxYZHZjbXRsY2kxcmFXNWtMWGR2Y210bGNpMHhMWFJ2YTJWdUxYZzVjVzV0SWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXpaWEoyYVdObExXRmpZMjkxYm5RdWJtRnRaU0k2SW10MVltVnpiR2xqWlMxeVltRmpMWGR2Y210bGNpMXJhVzVrTFhkdmNtdGxjaTB4SWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXpaWEoyYVdObExXRmpZMjkxYm5RdWRXbGtJam9pTlRsaE16RXpOVE10WVdRek9DMDBaRE5tTFRsaVpHRXRObUZrWlRGak4yTTJPVGszSWl3aWMzVmlJam9pYzNsemRHVnRPbk5sY25acFkyVmhZMk52ZFc1ME9tdDFZbVZ6YkdsalpTMWhkbVZ6YUdFNmEzVmlaWE5zYVdObExYSmlZV010ZDI5eWEyVnlMV3RwYm1RdGQyOXlhMlZ5TFRFaWZRLjBuQzVRR1B5NUxFb1lQV2FfYVpaY1hqM2tjWm9abUNYekE5UWw2U3FwMGRpQ0p2VHAtWmpDa1QzX3k5YVhxTVZKNWJIUnN2SVBELUZKYkZMdVhaV2FmY05INW44ZkNqT25maG5BQ1lJWTZHUEVQQTBDV3ZMMUtNeEpoMjh1aU5HN3dVVUsyTHNhT1BFWUd5OHFZSTN2UEpJR3VvRUlkS0JVYmh4ZUdwTnBFQkM1aDNtVTY2TlV3MUZkWkNSNHBwRWwtYThXbXEtMmNqQUpBSmQ4MDVyQjE1UGM2b1dnc2xqUm5aNVNfeS12clg2dTZ4bVc2UUpYdmQ0bzNMY2QxVnJ2Z2pRczdkSkkyY0I2dnJmVWVPSXFHWWpYM3dKQnBOakFjZlBXeTQ0aG9CY1gtdlFSQ2ZwSndtTDlZX0EyTTRpZG5taE5xZ2dNb1RtaURGZ1NsYy1pZw==

cluster:
name: cluster-worker-1
endpoint: https://10.1.75.49:6443

netop:
networkInterface: eth0

Apply the Slice Operator YAML

The following information is required to apply the YAML file.

ParameterDescription
<cluster name>The name of the cluster.
<values>The file name with the values.

Apply Slice Operator:

  1. Switch the context to the worker cluster for which you have created the sliceoperator.yaml file.
    kubectx <cluster name>
  2. Apply the sliceoperator.yaml file on the kubeslice-system namespace using the following command:
    helm install kubeslice-worker kubeslice/kubeslice-worker -f <full path of sliceoperator>.yaml -n kubeslice-system --create-namespace

Validate the Slice Operator Installation

To validate the Slice Operator installation on the worker cluster, check the pods status that belong to the kubeslice-system namespace.

To check if the pods are running, use the following command:

kubectl get pods -n kubeslice-system

Example Output

NAME                                      READY  STATUS     RESTARTS  AGE
forwarder-kernel-4cwvc 1/1 Running 0 95s
kubeslice-dns-54698f7cd-bdsxw 1/1 Running 0 95s
kubeslice-install-crds-zjvww 0/1 Completed 0 2m37s
kubeslice-netop-65jbq 1/1 Running 0 95s
kubeslice-operator-74b9f67548-zt2hd 2/2 Running 0 95s
nsm-admission-webhook-k8s-9bf7d8b5-b6cd7 1/1 Running 0 95s
nsm-install-crds-482cn 0/1 Completed 0 2m10s
nsmgr-fghdh 2/2 Running 0 95s
registry-k8s-5b5679ff54-lhs9k 1/1 Running 0 95s
spire-install-clusterid-cr-klqzj 0/1 Completed 0 112s
spire-install-crds-pl2m2 0/1 Completed 0 2m1s

Validate the spire installation using the following command:

k get pods -n spire                                                   

Expected Output

NAME                      READY   STATUS    RESTARTS   AGE
spiffe-csi-driver-5nxw8 2/2 Running 0 2m30s
spire-agent-4nr5v 1/1 Running 0 2m30s
spire-server-0 2/2 Running 0 2m29s
success

You have successfully installed the Slice Operator on the worker cluster. Repeat the above steps to install the Slice Operator on all the participating worker clusters.

success

You have successfully registered the worker clusters with the KubeSlice Controller.