Introducing AgileStacks to Your Cluster

Importing a Kubernetes Cluster into the Control Plane

While AgileStacks can deploy Kubernetes clusters into the cloud provider of your choice, sometimes all you need is the Stack management without the cluster deployment. AgileStacks can manage any Kubernetes cluster that is version 1.11 or newer. After importing the cluster, you will be able to manage it using infrastructure as code approach, deploy overlay stacks, applications, and machine learning pipelines.

Prerequisites

1. An onboarded cloud account that contains the k8s cluster that you wish to integrate. For on-prem environments, an AWS account is currently required, as we store many relevant details and configs in an s3 bucket under your account. If you have not yet onboarded a cloud account, please complete the relevant task under Account Onboarding
2. An environment that has been created to host the imported cluster.
3. Depending on the platform, you might need a Kubeconfig file with valid admin credentials.

Importing an Amazon EKS Cluster

Phase I

Importing an EKS Cluster has two major steps, the first step is to create a ConfigMap in your EKS cluster that grants permissions to the IAM user. Without this, the SuperHub would not be allowed to execute any automation on your behalf. This yaml file contains a ConfigMap that you must edit the file and set the value with the ARN of the IAM Role that was granted to AgileStacks.

Example configmap.yaml:

apiVersion: v1
kind: ConfigMap
metadata:
  name: aws-auth
  namespace: kube-system
data:
  mapRoles: |
    - rolearn: <ARN of instance role (not instance profile)>
      username: system:node:
      groups:
        - system:bootstrappers
        - system:nodes
# Add this in order to grand permission for AgileStacks to import cluster
# and replace `rolearn` with onboard AgileStacks ARN
    - rolearn: <ARN of Agilestacks onboarded role>
      username: agilestacks
      groups:
        - system:masters
  mapUsers: |
    - userarn: <ARN of cloud account user>
      username: admin
      groups:
        - system:masters

You can find the relevant ARNs by opening up your AWS console and navigating to IAM then Roles. The AgileStacks arn should be named "agilestacks<date><longnumber>" such as the following:

Once you have added your intended rolearn and that of the agilestacks onboarded role, install this into your cluster:

kubectl apply -f configmap.yaml

If that succeeded, then your cluster will now trust the AgileStacks SuperHub to invoke changes.

Phase II

The rest of the import process is almost entirely automatic, just a few details are required, such as the exact name of the EKS cluster with which you need to connect.

1. In the ControlPlane, at the top navigation bar, click Stacks, then Import

You should see the screen below.

1. Select Cluster type Amazon EKS

This should take you to a screen that loks like the following.

1. Select existing adapter template for EKS cluster.
2. Select Environment that you have identified as the proper home for this cluster.
3. Enter same name of EKS Cluster with it was created in AWS.
4. As part of the import process, the SuperHub will install a standard component to help automate the management of TLS certificates, you can choose either ACM or our own LetsEncrypt component. If you're not sure, choose ACM.
5. Press Import
6. You will be redirected to the cluster provisioning screen. Be patient, as cluster import might take up to 10 minutes, You can observe the full log of your deployment in real-time from this screen.
   Once the process has completed, if you navigate to Stacks -> List you should see your cluster with a ✔️ Deployed tag.

Importing a Microsoft Azure AKS Cluster

1. In the ControlPlane, at the top navigation bar, click Stacks, then Import

You should see the screen below.

1. Go ahead and click on Microsoft AKS

Fill in the form:

1. Select the Environment where your stack will be deployed. The Cloud Account you have provided during the creation of the environment will be used for your stack and your stack will be able to access all of the licenses and secrets defined on the environment.
2. Select a Template for import cluster stack. If you have not provisioned this type of clusters for the selected Environment before, then the only available option will be (+) Create a new one.
3. Enter a valid domain name where all of the web services of the components deployed on your stack will be accessible.
4. Select the AKS cluster you want to import from the AKS Cluster dropdown list. We use Azure Service Account credentials from your Azure Cloud Account to fetch AKS clusters that are available for import from your Azure subscription.
5. In Included Components section optionally select components, such as Kubernetes Dashboard or TLS provider, which can be provisioned with the cluster.
6. Press import.

You will be redirected to the cluster provisioning screen. Be patient, as cluster import might take up to 10 minutes, You can observe the full log of your deployment in real-time from this screen.

Once the process has completed, if you navigate to Stacks -> List you should see your cluster with a ✔️ Deployed tag.

Importing a Google GCP Cluster

1. In the ControlPlane, at the top navigation bar, click Stacks, then Import

You should see the screen below:

1. Go ahead and select the Google Kubernetes Engine

Fill in the form:

1. Select the Environment where your stack will be deployed. The Cloud Account you have provided during the creation of the environment will be used for your stack and your stack will be able to access all of the licenses and secrets defined on the environment.
2. Select a Template for import cluster stack. If you have not provisioned this type of clusters for the selected Environment before, then the only available option will be (+) Create a new one.
3. Enter a valid domain name where all of the web services of the components deployed on your stack will be accessible.
4. Select the GKE cluster you want to import from the GKE Cluster dropdown list. We use GCP service account credentials from your GCP Cloud Account to fetch GKE clusters that are available for import from your GCP project.
5. In Included Components section optionally select components, such as Kubernetes Dashboard or TLS provider, which can be provisioned with the cluster.
6. Press import.

You will be redirected to the cluster provisioning screen. Be patient, as cluster import might take up to 10 minutes, You can observe the full log of your deployment in real-time from this screen.

Once the process has completed, you may navigate to Stacks -> List you should see your cluster with a ✔️ Deployed tag.

Importing a Vanilla Kubernetes Cluster

When importing any other Kubernetes cluster, everything that is needed is listed in the Kubeconfig file. It is important to note that the API URL listed in cluster.cluster.server: field must be accessible from the internet or via a private VPC network link from AgileStacks' SuperHub.

1. In the ControlPlane, at the top navigation bar, click Stacks, then Import

You should see the screen below:

Select

1. Select Cluster type Kubernetes Cluster

apiVersion: v1
kind: Config
clusters:
- name: example.dev.superhub.io
  cluster:
    server: https://api.example.dev.superhub.io:6443            <-- Step 4
    certificate-authority-data: LS0tLS1CRUdJTi...0tLS0tCg==     <-- Step 5a
users:
- name: admin
  user:
    client-certificate-data: LS0tLS1CRUdJTiB...0tLS0K==         <-- Step 5b
    client-key-data: LS0tLS1CRUdJTiBSU0E...tLS0tCg==            <-- Step 5c
contexts:
- context:
    cluster: example.dev.superhub.io
    user: admin

1. Select existing adapter template for K8S cluster or select Create a new one
2. Select Environment which is using onboarded Cloud Account
3. Enter name of Cluster
4. Specify Kubernetes API endpoint, this is the variable found at clusters: cluster: server:
5. Copy and paste the data from the kubeconfig certificates:
   1. cluster:certificate-authority-data -> Certificate of authority
   2. users:user:client-certificate-data -> Client certificate
   3. users:user:client-key-data -> Client key
6. Finally, select the component that the SuperHub will use to automatically issue certificates. For on-prem deployments, LetsEncrypt is recommended, for cloud, ACM will work as well.
7. Press the Import button

You will be redirected to the cluster provisioning screen. Be patient, as cluster import might take up to 10 minutes, You can observe the full log of your deployment in real-time from this screen.

Once the process has completed, you may navigate to Stacks -> List you should see your cluster with a ✔️ Deployed tag.

Like what you see? Request a demo today!