Add Cluster
This page provides comprehensive instructions on how to integrate an external cluster into the KubeRocketCI workloads. By doing so, it creates an opportunity for users to employ multi-cluster deployment, thereby facilitating the segregation of different environments across various clusters.
Prerequisites​
Before moving ahead, ensure you have already performed the guidelines outlined in the Argo CD Integration page. Besides, user needs to have a cluster admin role to add clusters.
Integrate External Cluster​
To deploy an application to a remote cluster, follow the steps below:
-
Navigate to Configuration -> Deployment -> Clusters and click the + Add cluster button:
-
In the Add cluster window, choose the credentials type and specify the required fields. Click the Save button to add the cluster:
- Bearer Token
- IRSA
- Cluster Name: a unique and descriptive name for the external cluster;
- Cluster Host: the cluster’s endpoint URL (e.g., example-cluster-domain.com);
- Cluster Token: a Kubernetes token with permissions to access the cluster. This token is required for proper authorization;
- Skip TLS verification: allows connect to cluster without cluster certificate verification;
- Cluster Certificate: a Kubernetes certificate essential for authentication. Obtain this certificate from the configuration file of the user account you intend to use for accessing the cluster.
noteThe
Cluster Certificate
field is hidden if theskip TLS verification
option is enabled.- Cluster Name: a unique and descriptive name for the external cluster (e.g., prod-cluster);
- Cluster Host: the cluster’s endpoint URL (e.g., example-cluster-domain.com);
- Certificate Authority Data: base64-encoded Kubernetes certificate essential for authentication. Obtain this certificate from the configuration file of the user account you intend to use for accessing the cluster;
- Role ARN: arn:aws:iam::<AWS_ACCOUNT_B_ID>:role/AWSIRSA_{cluster_name}_CDPipelineAgent.
noteFor more details on how to work with clusters integrated using IRSA approach, please refer to the Deploy Application In Remote Cluster via IRSA page.
-
As soon as the cluster is added, switch the KubeRocketCI portal to the Kubernetes mode:
-
In the Configuration section, select Config maps:
-
In the Config maps list, enter the krci-config config map:
-
In the krci-config config map, click the pencil icon in the top right corner of the screen:
-
In the YAML file, add the
available_clusters
parameter, insert the cluster name, and click Save & apply:edp-config.yamldata:
available_clusters: <cluster-name> -
Ensure the
available_clusters
parameter is added into the config map:
Integrate ArgoCD with External Cluster​
- Static Token
- IRSA
apiVersion: v1
kind: Secret
metadata:
name: <cluster-name>-cluster
namespace: argocd
labels:
argocd.argoproj.io/secret-type: cluster
stringData:
config: |
{
"tlsClientConfig": {
"insecure": false,
"caData": ""
},
"bearerToken": ""
}
name: "<cluster-name>"
server: "https://EXAMPLED539D4633E53DE1B71EXAMPLE.gr7.<AWS_REGION>.eks.amazonaws.com"
- Manifests
- External Secrets Operator
apiVersion: v1
kind: Secret
metadata:
name: <cluster-name>-cluster
namespace: argocd
labels:
argocd.argoproj.io/secret-type: cluster
stringData:
config: |
{
"awsAuthConfig": {
"clusterName": "<cluster-name>",
"roleARN": "arn:aws:iam::<AWS_ACCOUNT_A_ID>:role/AWSIRSA_{cluster_name}_ArgoCDMaster"
},
"tlsClientConfig": {
"insecure": false,
"caData": "<Base64-encoded CA certificate of the target cluster>"
}
}
name: "<cluster-name>"
server: "https://EXAMPLED539D4633E53DE1B71EXAMPLE.gr7.<AWS_REGION>.eks.amazonaws.com"
"<cluster-name>-cluster": {
"config": {
"awsAuthConfig": {
"clusterName": "<cluster-name>",
"roleARN": "arn:aws:iam::<AWS_ACCOUNT_B_ID>:role/AWSIRSA_{cluster_name}_ArgoCDMaster"
},
"tlsClientConfig": {
"insecure": false,
"caData": "<Base64-encoded CA certificate of the target cluster>"
}
},
"name": "<cluster-name>",
"server": "https://EXAMPLED539D4633E53DE1B71EXAMPLE.gr7.<AWS_REGION>.eks.amazonaws.com"
}
After applying the configuration, you can verify the cluster connection ArgoCD
-> Settings
-> Clusters
-> <cluster-name>
:
Deploy application on new cluster​
Create Deployment Flow​
To create a deployment flow, follow the steps below:
-
Navigate to the Deployment Flows tab and click the + Create Deployment Flow button.
-
The Enter name tab of the Create Deployment Flow:
-
Enter the deployment flow name that will be displayed in the Deployment Flows list. Enter at least two characters, use the lower-case letters, numbers, and dashes.
-
Click the Next button to move onto the Add applications tab.
The namespace created by the environment has the following pattern combination: [KubeRocketCI namespace]-[environment name]-[stage name]. Please be aware that the namespace length should not exceed 63 symbols.
- The Component tab of the Environments menu is presented below:
-
Click the Create button to finish deployment flow configuration and proceed with configuring environment.
-
On the Environments menu, click the Create Environment button.
-
The Configure Stage tab of the Create Stage menu is presented below:
Set the proper cluster options:
- Cluster - Choose the
<cluster-name>
to deploy the stage in; - Stage name - Enter the stage name;
- Description - Enter the description for this stage;
-
Click the Next button to move onto the Add quality gates tab.
-
Click the Create button to start the provisioning of the pipeline. cluster-irsa-krci-deployed-application.png