VHM and Kubernetes

You can use a virtual host manager (VHM) to manage Kubernetes clusters.

The VHM allows Uyuni to obtain and report information about your clusters. For more information on VHMs, see Virtual Host Managers.

To use Uyuni with Kubernetes, you will need to have your Uyuni Server configured for container management, with all required channels present, and a registered container build host available.

You also require:

  • At least one Kubernetes cluster available on your network.

  • The virtual-host-gatherer-Kubernetes package installed on the Uyuni Server.

  • Kubernetes version 1.5.0 or higher.

  • Docker version 1.12 or higher on the container build host.

1. Create a Kubernetes VHM

Kubernetes clusters are registered with Uyuni as a VHM.

You will need a kubeconfig file to register and authorize your Kubernetes cluster. You can get a kubeconfig file using the Kubernetes command line tool kubectl. kubectl config view --flatten=true provides the configuration with the certificate files embedded as needed for the VHM.

Procedure: Creating a Kubernetes VHM
  1. In the Uyuni Web UI, navigate to Systems  Virtual Host Managers.

  2. Click Create and select Kubernetes Cluster.

  3. In the Add a Kubernetes Virtual Host Manager section, use these parameters:

    • In the Label field, type a custom name for your VHM.

    • Select the kubeconfig file that contains the required data for the Kubernetes cluster.

  4. In the context field, select the appropriate context for the cluster. This is specified in the kubeconfig file.

  5. Click Create.

Procedure: Viewing the Nodes in a Cluster
  1. In the Uyuni Web UI, navigate to Systems  Virtual Host Managers.

  2. Select the Kubernetes cluster.

  3. Refresh the node data by clicking Schedule refresh data.

The node data can take a few moments to update. You might need to refresh your browser window to see the updated information.

Any connection or authentication problems are logged to gatherer.log.

Node data is not refreshed during registration. You need to manually refresh the data to see it.

2. Retrieve Image Runtime Data

You can view runtime data about Kubernetes images in the Uyuni Web UI, by navigating to Images  Image List.

The image list table contains three columns:

  • Revision:

    A sequence number that increments on every rebuild for images built by Uyuni, or on every import for externally built images.

  • Runtime:

    Overall status of the running instances for each image in registered clusters.

  • Instances:

    Number of instances running this image across all the clusters registered in Uyuni. You can see a breakdown of numbers by clicking the pop-up icon next to the number.

The Runtime column displays one of these status messages:

  • All instances are consistent with SUSE Manager:

    All the running instances are running the same build of the image as tracked by Uyuni.

  • Outdated instances found:

    Some of the instances are running an older build of the image. You might need to redeploy the image.

  • No information:

    The checksum of the instance image does not match the image data contained in Uyuni. You might need to redeploy the image.

Procedure: Building an Image
  1. In the Uyuni Web UI, navigate to Images  Stores.

  2. Click Create to create an image store.

  3. Navigate to Images  Profiles.

  4. Click Create to create an image profile. You will need to use a Dockerfile that is suitable to deploy to Kubernetes.

  5. Navigate to Images  Build to build an image with the new profile.

  6. Deploy the image into one of the registered Kubernetes clusters. You can do this with the kubectl tool.

The updated data should now be available in the image list at Images  Image List.

Procedure: Importing a Previously Deployed Image
  1. In the Uyuni Web UI, navigate to Images  Image Stores.

  2. Add the registry that owns the image you want to import, if it is not already there.

  3. Navigate to Images  Image List and click Import.

  4. Complete the fields, select the image store you created, and click Import.

The imported image should now be available in the image list at Images  Image List.

Procedure: Rebuilding a Previously Deployed Image
  1. In the Uyuni Web UI, navigate to Images  Image List, locate the row that contains the image you want to rebuild, and click Details.

  2. Navigate to the Build Status section, and click Rebuild. The rebuild can take some time to complete.

When the rebuild has successfully completed, the runtime status of the image is updated in the image list at Images  Image List. This shows that the instances are running a previous build of the image.

You can only rebuild images if they were originally built with Uyuni. You cannot rebuild imported images.

Procedure: Retrieving Additional Runtime Data
  1. In the Uyuni Web UI, navigate to Images  Image List, locate the row that contains the running instance, and click Details.

  2. Navigate to the Overview tab. In the Image Info section, there is data in the Runtime and Instances fields.

  3. Navigate to the Runtime tab. This section contains a information about the Kubernetes pods running this image in all the registered clusters. The information in this section includes:

    • Pod name.

    • Namespace which the pod resides in.

    • The runtime status of the container in the specific pod.

3. Permissions and Certificates

You can only use kubeconfig files with Uyuni if they contain all embedded certificate data.

The API calls from Uyuni are:

  • GET /api/v1/pods

  • GET /api/v1/nodes

The minimum recommended permissions for Uyuni are:

  • A ClusterRole to list all the nodes:

    resources: ["nodes"]
    verbs: ["list"]
  • A ClusterRole to list pods in all namespaces (role binding must not restrict the namespace):

    resources: ["pods"]
    verbs: ["list"]

If /pods returns a 403 reponse, the entire cluster is ignored by Uyuni.

For more information on working with RBAC Authorization, see https://kubernetes.io/docs/admin/authorization/rbac/.