Skip to content

Commit

Permalink
cloud auth
Browse files Browse the repository at this point in the history
  • Loading branch information
seemywingz committed Jul 29, 2024
1 parent fd804f7 commit 3356e70
Show file tree
Hide file tree
Showing 4 changed files with 89 additions and 49 deletions.
88 changes: 63 additions & 25 deletions pages/how-to/set-up/new-mgmt-cluster.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,23 @@ description: Using Plural CLI to Deploy a MGMT Kubernetes Cluster
### Prerequisites
[Plural CLI](/how-to/set-up/plural-cli)

##### Ensure AWS CLI Authentication
Plural uses the _default_ profile when deploying resources in AWS
##### Ensure Cloud Provider CLI Authentication
Plural uses the _default_ profile when deploying resources

AWS
```sh
aws sts get-caller-identity
```
AZ
```sh
az account show
```
GCP
```sh
gcloud auth list
```


### Create a New Repo for Plural
```sh
git clone [email protected]:pluralsh/plrl-how-to.git
Expand All @@ -29,38 +40,65 @@ plural up
```

# Troubleshooting
### "Console failed to become ready"
Sometimes the DNS Resolution can take longer than the expected five minutes
It's also possible the console services take a bit longer to become ready
### Get Kubeconfig for the MGMT Cluster
AWS
```sh
Apply complete! Resources: 5 added, 0 changed, 2 destroyed.

Outputs:

identity = "arn:aws:iam::312272277431:role/how-to-plrl-plrl-stacks"
Querying console.how-to-plrl.onplural.sh...
...
Querying console.how-to-plrl.onplural.sh...
DNS fully resolved, testing if console is functional...
Pinging https://console.how-to-plrl.onplural.sh...
...
Pinging https://console.how-to-plrl.onplural.sh...
2024/07/29 12:31:03 Console failed to become ready after 5 minutes, you might want to inspect the resources in the plrl-console namespace
aws eks update-kubeconfig --name [CLUSTER_NAME]
```
This example is an EKS cluster
I am able to get the _kubeconfig_ via the AWS CLI
AZ
```sh
aws eks update-kubeconfig --name [cluster name] --alias [context name]
az aks get-credentials --name [CLUSTER_NAME]
```
I'm now able to use `kubectl` with the newly added kube context
and see what's happening in all the _`plrl`_ namespaces
GCP
```sh
gcloud container clusters get-credentials [CLUSTER_NAME]
```

Use `kubectl` with the newly added kube context
The key namespaces to check are:
* plrl-console
* plrl-deploy-operator
* plrl-runtime

In this instance I saw images in the _`plrl-console`_ namespace
### "Console failed to become ready"
Sometimes the DNS Resolution can take longer than the expected five minutes
It's also possible the console services take a bit longer to become ready
```sh
2024/07/29 12:31:03 Console failed to become ready after 5 minutes, you might want to inspect the resources in the plrl-console namespace
```
In this instance the images in the _`plrl-console`_ namespace
were taking a bit longer to download and initialize.
Once the services were _up_ in the cli, I was able to access the console url

### User "[email protected]" cannot list resource
### Cannot list resources in the Kubernetes Dashboard
This is due to missing [RBAC Bindings](https://github.com/pluralsh/documentation/blob/8e205adfede17b0e412a2c8d81ac511dd71fe59b/pages/deployments/dashboard.md) for the console users
![alt text](/images/how-to/k8s-dash-403.png)

##### Add the RBAC Helm Values in the MGMT Cluster Repo
```sh
./helm-values/ConsoleClusterRoleBindings.yaml
```
##### Configure the Cluster Role Binding for console User
```sh
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: console-binding-someone-your-company-com
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: [email protected]
```
You can list existing Cluster Roles with `kubectl get clusterroles`
There are several ways to manage [RBAC Bindings](https://github.com/pluralsh/documentation/blob/8e205adfede17b0e412a2c8d81ac511dd71fe59b/pages/deployments/dashboard.md)
This example binds the _`admin`_ cluster role to a single _[email protected]_ user


##### Apply the Bindings
```sh
kubectl apply -f ./helm-values/ConsoleClusterRoleBindings.yaml
```
14 changes: 8 additions & 6 deletions pages/how-to/set-up/plural-console.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,14 @@ description: How to Deploy the Plural Console to a MGMT Cluster

### Prerequisites
[Plural CLI](/how-to/set-up/plural-cli)
[AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) Access


##### Ensure AWS CLI Authentication
### Deploy Plural Console
```sh
aws sts get-caller-identity
plural login
# Note: If you deployed using bootstrap terraform you can get the PSQL connection string from running: terraform output --json
plural cd control-plane
helm repo add plrl-console https://pluralsh.github.io/console
helm upgrade --install --create-namespace -f values.secret.yaml console plrl-console/console -n plrl-console
```


The `plural cd control-plane` command creates the _`values.secret.yaml`_
and we use `helm` to apply them to the cluster
Binary file added public/images/how-to/k8s-dash-403.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
36 changes: 18 additions & 18 deletions src/NavData.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -122,24 +122,24 @@ const rootNavData: NavMenu = deepFreeze([
},
],
},
{
href: '/how-to/use',
title: 'Use',
sections: [
{
title: 'Plural Documentation',
href: '/how-to/use/plural-docs',
},
{
title: 'Plural Console',
href: '/how-to/use/plural-console',
},
{
title: 'Plural API',
href: '/how-to/use/plural-api',
},
],
},
// {
// href: '/how-to/use',
// title: 'Use',
// sections: [
// {
// title: 'Plural Documentation',
// href: '/how-to/use/plural-docs',
// },
// {
// title: 'Plural Console',
// href: '/how-to/use/plural-console',
// },
// {
// title: 'Plural API',
// href: '/how-to/use/plural-api',
// },
// ],
// },
],
},
{
Expand Down

0 comments on commit 3356e70

Please sign in to comment.