Kubernetes Endpoints
Kubernetes (K8s) is an open-source system for automating deployment, scaling, and management of containerized applications
Stratos provides easy access to Kubernetes features such as
- Browsing Kubernetes resources and their state
- Terminal with kubectl (and helm) CLI tools (Tech Preview)
- Run Security Observability Tools (Tech Preview)
- Browsing Kubernetes Workloads
- The Kubernetes Dashboard (Tech Preview)
Adding a Stratos Helm Endpoint alongside a Kubernetes endpoint unlocks additional features
- Install a Helm chart into the kubernetes
- Upgrade new or existing Helm charts
Registering a Kubernetes Endpoint
Stratos Administrator's can register endpoints via the Endpoints page.
Usually all that's needed is the Kubernetes API address, as well as a friendly name to identify the endpoint in Stratos.
Some basic information for finding the endpoint address for specific kubernetes clusters can be found bellow in the connecting section.
Connecting a Kubernetes Endpoint
Stratos supports a number of different ways to authenticate with your Kubernetes cluster. There are a few generic ways that cover many types of clusters, but also authentication methods specific to some providers.
The currently supported connection methods and types of cluster are:
- Certificate based Kubernetes authentication
- Username and password based Kubernetes authentication
- SUSE CaaSP (OIDC)
- AWS EKS (AWS IAM auth)
- Azure AKS
- K3S
Certificate based authentication
Some kubernetes clusters use TLS certificates for authentication. The following example shows how to register and connect to one of these called Minikube.
To find the Minikube endpoint URL, locate the minikube entry in your local kubeconfig file. In the following example, the minikube endpoint URL is https://192.168.99.100:8443.
To connect to the cluster, locate the relevant entry in the users section in your kubernetes config file.
The two files specified under client-certificate and client-key are required to connect to the cluster.
Select the Kubernetes Cert Auth option as the Auth Type in the connect dialog and select the two files to connect.
Username and password based authentication
To connect using a username and password simply select the Username and Password option as the Auth Type in the connect dialog.
CAASP (OIDC)
To connect a CAASP cluster to Stratos, download a kubeconfig from Velum.
- To find the endpoint URL, inspect the file. The
serverproperty details the endpoint URL
- Specify the Endpoint URL when adding the endpoint to Stratos.
- To connect to Kubernetes, select the
CAASP (OIDC)option as the Auth Type, and upload thekubeconfigfile downloaded from Velum.
Amazon EKS
To Connect the following details are required:
- Cluster Name (See the following example)
- AWS Access Key
- AWS Secret Key
EKS Endpoint URL And Cluster Name
You can locate the EKS cluster endpoint URL and the cluster name, by inspecting the generated cluster configuration in your local kubeconfig.
The endpoint URL is specified in the server property (i.e. https://40BCD34B7E297903DA2EAF19B6164521.sk1.us-east-1.eks.amazonaws.com), while the cluster name is the last part of the name property (i.e BRSSCF).
Azure AKS
To connect an AKS kubernetes instance, the following is required:
- AKS Endpoint URL, which can be found from the AKS console or the generated kubernetes configuration.
- To connect to the cluster, provide the
kubeconfigfile.
For a quick way to registered all endpoints
For a quick way to register kubernetes endpoints and in some cases also connect, the user can select Import Kubeconfig instead of the
endpoint types listed above. Once the user has provided the file they can then select which contexts to register and, if applicable, how to connect to it. Not all connection types are supported this way, for instance where files are reference in config. These can still be registered, and via the Endpoints page connected to, just not connected at that time.