Kubernetes

Prerequisites

The prerequisites listed below should be met before proceeding.

  • At least one Kubernetes or _SUSE CaaS Platform _ cluster available on your network

  • SUSE Manager configured for container management

    Required channels are present, a registered container build host available, etc.

  • virtual-host-gatherer-Kubernetes package installed on your SUSE Manager server

Requirements

  • Kubernetes version 1.5.0 or higher. Alternatively use SUSE CaaS Platform (SUSE CaaS Platform includes Kubernetes 1.5.0 by default)

  • Docker version 1.12 or higher on the container build host

To enable all Kubernetes related features within the Web UI, the virtual-host-gatherer-Kubernetes package must be installed.

Register Kubernetes as a Virtual Host Manager

Kubernetes clusters are registered with SUSE Manager as virtual host managers. Registration and authorization begins with importing a kubeconfig file using Kubernetes official command line tool kubectl.

Procedure: Registering a Kubernetes Cluster with SUSE Manager

  1. In the SUSE Manager Web UI, navigate to Systems  Virtual Host Managers.

  2. In the Create menu, select Kubernetes Cluster.

  3. Enter a label for the new virtual host manager.

  4. Select the kubeconfig file that contains the required data for the Kubernetes cluster.

  5. Select the correct context for the cluster, as specified in the kubeconfig file.

  6. Click Create.

View the List of Nodes in a Cluster

  1. Select Systems  Virtual Host Managers from the navigation menu.

  2. Select the Kubernetes cluster to view it.

  3. Node data is not refreshed during registration. To refresh node data, click Schedule refresh data.

  4. Refresh the browser. If the node data is not available wait a few moments, and try again.

Obtain Runtime Data about Images

See the following steps to find runtime data for images.

  1. In the SUSE Manager Web UI, navigate to Images  Image List.

  2. In the image list table, the runtime columns are labeled Revision, Runtime, and Instances. In these columns find the following information:

    • Revision: An artificial sequence number that increments on every rebuild for manager-built images or on every re-import for externally built images.

    • Runtime: Overall status of the running instances of the image throughout the registered clusters. The status can be one of the following:

      • All instances are consistent with SUSE Manager: All the running instances are running the same build of the image as tracked by SUSE Manager.

      • Outdated instances found: Some of the instances are running an older build of the image. A redeploy of the image into the pod may be required.

      • No information: The checksum of the instance image does not match the image data contained in SUSE Manager. A redeploy of the image into the pod may be required.

    • Instances: Number of instances running this image across all the clusters registered in SUSE Manager. A breakdown of numbers can be seen by clicking the pop-up icon next to the number.

Build an image for deployment in Kubernetes

The following steps will help you build an image for deployment in Kubernetes.

  1. Under Images  Stores, create an image store.

  2. In Images  Profiles, create an image profile (with a dockerfile that is suitable to deploy to Kubernetes).

  3. Under Images  Build, build an image with the new profile and wait for the build to finish.

  4. Deploy the image into one of the registered Kubernetes clusters using kubectl.

In the Runtime and Instances columns in the respective image row you can now see the updated data.

Import a Previously Deployed Image in Kubernetes

The following steps will guide you through importing a previously deployed image in Kubernetes.

  1. Select an image that has already been deployed to any of your registered Kubernetes clusters.

  2. Add the registry owning the image to SUSE Manager as an image store.

  3. Navigate to Images  Image List, click Import from the top-right corner, fill in the form fields and click Import.

In the Runtime and Instances columns in the respective image row you can now see the updated data.

Obtain Additional Runtime Data

The following steps will help you find additional runtime data.

  1. Navigate to Images  Image List, locate the row that contains the running instance, and click Details on the right end. Under the Overview tab, notice the data in Runtime and Instances fields under the Image Info section.

  2. Select the Runtime tab.

  3. In the Runtime tab is a breakdown of the Kubernetes pods running this image in all the registered clusters including the following data:

    • Pod name

    • Namespace which the pod resides in

    • The runtime status of the container in the specific pod. For more about status icons, see the next section.

Rebuild a Previously Deployed Image in Kubernetes

These steps will guide you through rebuilding an image that has been deployed to a Kubernetes cluster.

  1. Go to Images  Image List. Click the Details button on the right end of a row that has running instances. The image must be manager-built.

  2. Click the Rebuild button located under the Build Status section and wait for the build to finish.

  3. Notice the change in the Runtime icon and title, reflecting the fact that now the instances are running a previous build of the image.

Role Based Access Control Permissions and Certificate Data

Currently, only kubeconfig files containing all embedded certificate data can be used with SUSE Manager.

The API calls from SUSE Manager are:

  • GET /api/v1/pods

  • GET /api/v1/nodes

According to this list, the minimum recommended permissions for SUSE Manager should be as follows:

  • A ClusterRole to list all the nodes:

    resources: ["nodes"]
verbs: ["list"]

  • A ClusterRole to list pods in all namespaces (role binding must not restrict the namespace):

    resources: ["pods"]
verbs: ["list"]

Due to a a 403 response from /pods, the entire cluster will be ignored by SUSE Manager.

For more information on working with RBAC Authorization, see https://kubernetes.io/docs/admin/authorization/rbac/.