Configure Kubernetes Cluster Connection Details

You can deploy your containerized applications on a Kubernetes cluster from within the Lazsa Platform. Here we assume that you already have a running Kubernetes cluster.

Prerequisites and Required Permissions

The following table contains the details of the user inputs required in the Kubernetes cluster connection details in the Lazsa Platform and the permissions that must be assigned to the Kubernetes account.

User Input Required in Lazsa Required Permissions

  • Cluster name

  • Cluster URL

  • Certificate authority data

  • Token

  • Namespace- Create or list a namespace

  • Deployment- Create, update, or delete a deployment

  • Ingress - Create, update, or delete an ingress

  • HorizontalPodAutoscaler (HPA)- Create, update, or delete HPA

 

To access this cluster from within the Lazsa Platform, you must configure the cluster connection details as described in the following steps:

  1. Sign in to the Lazsa Platform and click Configuration in the left navigation pane.
  2. On the Platform Setup screen, on the Cloud Platform, Tools & Technologies tile, click Configure.
  3. On the Cloud Platform, Tools & Technologies screen, in the Kubernetes section, click Configure.

    (After you save your first cluster connection details, you see the Modify button here.)

    4. Configure Kubernetes cluster connection details

  4. On the Kubernetes Cluster Configuration screen, in the Kubernetes tile, click CONFIGURE.

    5. Proceed to configure Kubernetes cluster connection details

  5. Configure the following cluster connection details and other options:
    • Configuration Name: Give a name to your configuration. Your Kubernetes cluster connection details are saved by this name in the Lazsa Platform.
    • Description: Provide a description of your configuration. When you save multiple connection details in the Lazsa Platform, a brief description always helps you identify the saved connection details easily.
    • Use one of the following options to provide authentication details of your Kubernetes cluster:

      • With this option, you can use the authentication token to authenticate to your Kubernetes cluster. Perform these steps to enter the cluster details and use the token options.

      1. Do one of the following:

        • Fetch cluster connection properties from a configured cloud account

          1. To fetch the details (such as name, URL, and certificate authority data) of a Kubernetes cluster running in your cloud account that you have configured in the Lazsa Platform, enable the Use from a service provider option.

          2. Select the cloud service provider: AWS or Microsoft Azure.

          3. Depending on your selection in the previous step, the AWS or Azure cloud accounts that you have configured in the Lazsa Platform are available for selection in the Cloud Account list. Select he desired cloud account.

          4. Names of Kubernetes clusters that you have configured in the selected cloud account are available for selection in the EKS Cluster list.

          5. After you select the cluster name, the URL to connect to this cluster, and its certificate authority data are auto-populated.

            Kubernetes cluster connection details autopopulated from configured cloud account

        • Enter connection properties manually

          To add connection details of a Kubernetes cluster other than the ones running on the cloud accounts configured in the Lazsa Platform, keep the Use from a service provider option disabled, and manually enter the Cluster Name, URL, and the Certificate Authority data for the cluster.

      2. Depending on how you want your Kubernetes credentials to be managed, do one of the following:

        • Connect using Lazsa Orchestrator Agent
          Turn on this toggle to use Lazsa Orchestrator Agent to programmatically retrieve the Kubernetes token value stored in your secrets management tool within your private network and to establish communication with your Kubernetes cluster.

          In the Lazsa Orchestrator Agent dropdown list, all your configured agents are displayed. Select the one you want to use to connect to your Kubernetes cluster.

          The secrets management tool that the selected Orchestrator Agent is authorized to access for retrieving secrets is auto-selected. Specify the details of Kubernetes secrets that the agent should retrieve from the secrets management tool. Currently, we support AWS Secrets Manager and Azure Key Vault.

          For AWS Secrets Manager, provide the secret name and token key where you store your Kubernetes authentication token.

          Enter Secret Name and Secret Key for Kubernetes cluster token stored in AWS Secrets Manager

          For Azure Key Vault, provide the vault name and the name of the secret where you have stored the token.

          Enter Secret Name and Secret Key for Kubernetes cluster token stored in Azure Key Vault

        • Select Secret Manager

          If you don't use the Lazsa Orchestrator Agent, you can directly provide your Kubernetes token in the configuration, or retrieve it from a secrets management tool of your choice (such as AWS Secrets Manager or Azure Key Vault). Do one of the following:

          • Select Lazsa and in the Token field, provide the authentication token. In this case, the token is securely stored in the Lazsa-managed secrets store.
          • Select AWS Secrets Manager. In the Secrets Management Tool dropdown list, the AWS Secrets Manager configurations that you save and activate in the Secret Management section on the Cloud Platform, Tools & Technologies screen are listed for selection. Select the configuration of your choice. Provide the secret name and the token key where you have stored the token.
          • Select Azure Key Vault. In the Vault Configuration dropdown list, the Azure Key Vault configurations that you save and activate in the Secret Management section on the Cloud Platform, Tools & Technologies screen are listed for selection. Select the configuration of your choice. Provide the vault name and the name of the secret where you have stored the token.

      Kubeconfig file is a YAML file that contains the Kubernetes cluster details, certificate authority data, and the secret token to authenticate the cluster. You can use a Kubeconfig file to establish a connection with your running Kubernetes cluster from within the Lazsa Platform. To connect with your Kubernetes cluster by using the Kubeconfig file, do the following:

      1. Provide the name of your running Kubernetes cluster that you want to access from within the Lazsa Platform.

      2. Depending on where you want to store the Kubeconfig file, do one of the following:

        • Connect using Lazsa Orchestrator Agent

          Turn on this toggle to use Lazsa Orchestrator Agent to programmatically resolve the details in the Kubeconfig file stored in your secrets management tool within your private network and to establish communication with your Kubernetes cluster.

          In the Lazsa Orchestrator Agent dropdown list, all your configured agents are displayed. Select the one you want to use to connect to your Kubernetes cluster.

          The secrets management tool that the selected Orchestrator Agent is authorized to access for retrieving secrets is auto-selected. Specify the details of Kubernetes secrets that the agent should retrieve from the secrets management tool. Currently, we support AWS Secrets Manager as the secrets management tool to store your Kubeconfig file. Provide the name of the secret in AWS Secrets Manager where you store the Kubeconfig file details.

          Note:

          Currently, Azure Key Vault is not supported for the Upload Kubeconfig File option. If you use Azure Key Vault, go ahead with the Use Token option instead.

        • Select Secret Manager

          If you don't use the Lazsa Orchestrator Agent, you can directly upload the Kubeconfig file in the configuration, or retrieve it from AWS Secrets Manager. Do one of the following:

          • Select Lazsa and upload the Kubeconfig file in the drop zone. In this case, the Kubeconfig file is securely stored in the Lazsa-managed secrets store.
          • Select AWS Secrets Manager. In the Secrets Management Tool dropdown list, the AWS Secrets Manager configurations that you save and activate in the Secret Management section on the Cloud Platform, Tools & Technologies screen are listed for selection. Select the configuration of your choice. In the Secret Name field, provide the name of the secret where you have stored the Kubeconfig file as plain text.

            Note:

            Currently, Azure Key Vault is not supported for the Upload Kubeconfig File option. If you use Azure Key Vault, go ahead with the Use Token option instead.

    • Ingress Controller (Optional)
      In this section, you can configure the details of an ingress controller which can be used as a predefined configuration for all deployments that are done in your Kubernetes cluster from within the Lazsa Platform.
      As per your requirements and policies, you can allow or disallow modifications to this configuration at a stage level in the Deploy phase.

      To provide the details of an ingress controller, do the following:

      1. Click Configure.
      2. In the Configure Ingress Controller side drawer, do the following:
        1. In the Ingress Controller Class list, select a class to target your desired ingress controller instance.
        2. Provide the ingress controller IP or DNS address, or the host name.

          • In the Host Name field, provide a fully qualified domain name (FQDN).
            The following are the guidelines for a valid host name:

            • Your host name must be between 1 and 63 ASCII characters in length.
            • It may contain letters (A-Z, a-z), numbers (0-9), '.', and '-'.
            • It must start and end with a lowercase letter or a number.
            • Your FQDN can be up to 253 ASCII characters long.

          • If you provide both a host name and an ingress controller address, the host name takes precedence when displaying the live URL, and the ingress controller address is ignored.

          • If you leave the Host Name field empty, it is assumed to be "*" (wildcard), and the ingress controller address becomes the live URL.

        3. Allow modification to ingress controller configuration in Deploy workflow
          If this toggle is on, the global ingress controller configuration can be modified at the stage level in the Deploy phase. To restrict any changes to the configuration, turn it off.

          Configure the details of global ingress controller for all deployments within the Kubernetes cluster

        4. Click Configure.
          The configured ingress controller details are listed on your Kubernetes cluster connection details screen. In the saved ingress controller configuration details, click the ellipsis (...) to do the following:

          More actions on saved ingress controller confguration details

          Note:

          Editing ingress controller configuration may affect your existing technology deployments. You may need to redeploy the technologies for products that use the configuration that you edit.

          You can select a different ingress controller class and modify the ingress controller address or host name. After you save your ingress controller configuration changes, you must save and activate your Kubernetes cluster connection details configuration to make your changes effective.

          After you edit the global ingress controller configuration, a message informing users about the configuration changes is displayed at the stage level within the Deploy phase where the Kubernetes cluster in question is used for deployments.

          Global ingress controller configuration modified

          Users can review the ingress controller configuration changes and apply them for all future deployments. If you allow modifications to this configuration at the stage level, users can edit it to their requirements.

          To delete the ingress controller configuration, click Delete. In the confirmation box that appears, click Delete again to confirm. Your ingress controller configuration details are deleted after your confirmation.

          Click View Usage Details to view the products, their respective features and stages in which technologies are deployed in the Kubernetes cluster in question.

          When you edit the ingress controller configuration, access to usage details helps you assess the potential impact of the ingress controller configuration changes on the cluster's deployments.

    • Prometheus Monitoring of Kubernetes Cluster (Optional)

      Prometheus and Grafana provide monitoring and visualization capabilities within Kubernetes clusters. Prometheus collects metrics, while Grafana offers customizable dashboards for data visualization.

      1. Turn on this toggle to install Prometheus and Grafana in your Kubernetes cluster.

      2. In the Grafana Password field, set a strong password for your Grafana dashboard. Ensure the password is between 8 to 20 characters long and includes at least one number (0-9), one upper-case letter (A-Z), one lower-case letter (a-z), and one special character (!@#$%^&()+=*).

      3. The installation starts after you click Save and Activate and takes some time to complete.

      After you deploy a technology by using the Kubernetes Cluster mode in the Deploy phase, in the technology deployment details, you can access the monitoring URL, which takes you to the Grafana interface.

      Sign in to Grafana by using admin as the username and the password you set in step 2 earlier. You can then view your Kubernetes cluster infrastructure metrics and performance data on the Grafana dashboards.

    • Secure configuration details with a password
      To password-protect your Kubernetes cluster connection details, enable the Secure configuration details with a password option, enter a password, and then retype it to confirm.

      This is optional but recommended. When you share the connection details with multiple users, password protection helps you ensure authorized access to the connection details.

    • Click Test Connection to check if you can connect to the configured Kubernetes cluster successfully.

    • After you save and activate the configured connection details, you can see them listed on the Cloud Platform, Tools & Technologies screen.

With this, you are all set to connect with your Kubernetes cluster from within the Lazsa Platform. You can select this cluster when you deploy your tech stack. You may want to configure the next tool required for your product development.

Related Topics Link IconRecommended Topics

What's next? Configure Source Code Repository Connection Details