Setup vCluster

Instructions to setup a vCluster using the Helm chart.

Prerequisites

• kubectl, Install instructions
• helm, Install instructions
• commodore, Install instructions

Create Cluster in Lieutenant

To interact with the Lieutenant API create the following environment variables and aliases.

Environment Variables

export LIEUTENANT_API_URL="https://syn.example.com"
export LIEUTENANT_AUTH="Authorization: Bearer $(commodore fetch-token)"

Aliases

alias lt_tenant='curl -H "${LIEUTENANT_AUTH}" "${LIEUTENANT_API_URL}/tenants"'
alias lt_cluster='curl -H "${LIEUTENANT_AUTH}" "${LIEUTENANT_API_URL}/clusters"'

Create Tenant

Info

This step is only required if the Tenant does not exist yet.

Create the following environment variables and files.

Environment Variables

export TENANT_ID="t-my-tenant"

1. Create a file named tenant.json.

   cat <<EOF > tenant.json
   {
     "id": ${CLUSTER_ID},
     "tenant": ${TENANT_ID},
     "displayName": "My Beautifull vCluster",
     "facts": {
       "cloud": "vcluster",
       "distribution": "k3s",
     },
   }
   EOF
   

2. Add the tenant to Lieutenant.

   lt_tenant -X POST --data @tenant.json
   

Create Cluster

Create the following environment variables and files.

Environment Variables

export CLUSTER_ID="c-my-cluster"
export TENANT_ID="t-my-tenant"

1. Create a file named cluster.json.

   cat <<EOF > cluster.json
   {
     "id": ${CLUSTER_ID},
     "tenant": ${TENANT_ID},
     "displayName": "My Beautifull vCluster",
     "facts": {
       "cloud": "vcluster",
       "distribution": "k3s",
     },
   }
   EOF
   

2. Add the cluster to Lieutenant.

   lt_cluster -X POST --data @cluster.json
   

Prepare Host Cluster

Create a namespace and service account on the host cluster.

Environment Variables

export TARGET_NAMESPACE="my-vcluster"
export TARGET_SERVICEACCOUNT="gitlab-deployer"

1. Create the namespace on the host cluster.

   kubectl create ns ${TARGET_NAMESPACE}
   

2. Create a service account and token for the GitLab pipeline.

   kubectl -n ${TARGET_NAMESPACE} create serviceaccount ${TARGET_SERVICEACCOUNT}
   
   cat <<EOF | kubectl -n ${TARGET_NAMESPACE} apply -f -
   apiVersion: v1
   kind: Secret
   metadata:
     annotations:
       kubernetes.io/service-account.name: ${TARGET_SERVICEACCOUNT}
     name: ${TARGET_SERVICEACCOUNT}-token
   type: kubernetes.io/service-account-token
   EOF
   

3. Create the rolebinding for the new service account.

   cat <<EOF | kubectl -n ${TARGET_NAMESPACE} apply -f -
   apiVersion: rbac.authorization.k8s.io/v1
   kind: RoleBinding
   metadata:
     name: ${TARGET_SERVICEACCOUNT}
   roleRef:
     apiGroup: rbac.authorization.k8s.io
     kind: ClusterRole
     name: admin
   subjects:
   - kind: ServiceAccount
     name: ${TARGET_SERVICEACCOUNT}
   EOF
   

Compile Cluster Catalog

Warning

From here on its a construction site 🤷‍♂️

Clone tenant repository to adjust some initial values.

mkdir -p inventory/classes

git clone <TENANT_REPO> inventory/classes/${TENANT_ID}

pushd inventory/classes/${TENANT_ID}

Setup component-efk-provisioning

yq eval -i ".parameters.efk_provisioning.type = \"vcluster\"" ${CLUSTER_ID}.yml

yq eval -i ".parameters.efk_provisioning.infrastructure.kubernetes.namespace = \"${TARGET_NAMESPACE}\"" ${CLUSTER_ID}.yml