Add Cluster

This page provides comprehensive instructions on how to integrate an external cluster into the KubeRocketCI workloads. By doing so, it creates an opportunity for users to employ multi-cluster deployment, thereby facilitating the segregation of different environments across various clusters.

Prerequisites

Before moving ahead, ensure you have already performed the guidelines outlined in the Argo CD Integration page. Besides, user needs to have a cluster admin role to add clusters.

Integrate External Cluster

To deploy an application to a remote cluster, follow the steps below:

1. Navigate to Configuration -> Deployment -> Clusters and click the + Add cluster button:

   

2. In the Add cluster window, choose the credentials type and specify the required fields. Click the Save button to add the cluster:

   Bearer Token

   • Cluster Name: a unique and descriptive name for the external cluster;
   • Cluster Host: the cluster’s endpoint URL (e.g., example-cluster-domain.com);
   • Cluster Token: a Kubernetes token with permissions to access the cluster. This token is required for proper authorization;
   • Skip TLS verification: allows connect to cluster without cluster certificate verification;
   • Cluster Certificate: a Kubernetes certificate essential for authentication. Obtain this certificate from the configuration file of the user account you intend to use for accessing the cluster.

   note

   The Cluster Certificate field is hidden if the skip TLS verification option is enabled.

   

   IRSA

   • Cluster Name: a unique and descriptive name for the external cluster (e.g., prod-cluster);
   • Cluster Host: the cluster’s endpoint URL (e.g., example-cluster-domain.com);
   • Certificate Authority Data: base64-encoded Kubernetes certificate essential for authentication. Obtain this certificate from the configuration file of the user account you intend to use for accessing the cluster;
   • Role ARN: arn:aws:iam::<AWS_ACCOUNT_B_ID>:role/AWSIRSA_{cluster_name}_CDPipelineAgent.

   note

   For more details on how to work with clusters integrated using IRSA approach, please refer to the Deploy Application In Remote Cluster via IRSA page.

   

3. As soon as the cluster is added, switch the KubeRocketCI portal to the Kubernetes mode:

   

4. In the Configuration section, select Config maps:

   

5. In the Config maps list, enter the krci-config config map:

   

6. In the krci-config config map, click the pencil icon in the top right corner of the screen:

   

7. In the YAML file, add the available_clusters parameter, insert the cluster name, and click Save & apply:

   edp-config.yaml

   data:
     available_clusters: <cluster-name>

   

8. Ensure the available_clusters parameter is added into the config map:

   

Integrate ArgoCD with External Cluster

Static Token

apiVersion: v1
kind: Secret
metadata:
  name: <cluster-name>-cluster
  namespace: argocd
  labels:
    argocd.argoproj.io/secret-type: cluster
stringData:
  config: |
  {
    "tlsClientConfig": {
      "insecure": false,
      "caData": ""
    },
    "bearerToken": ""
  }
  name: "<cluster-name>"
  server: "https://EXAMPLED539D4633E53DE1B71EXAMPLE.gr7.<AWS_REGION>.eks.amazonaws.com"

IRSA

Manifests

apiVersion: v1
kind: Secret
metadata:
  name: <cluster-name>-cluster
  namespace: argocd
  labels:
    argocd.argoproj.io/secret-type: cluster
stringData:
  config: |
    {
      "awsAuthConfig": {
        "clusterName": "<cluster-name>",
        "roleARN": "arn:aws:iam::<AWS_ACCOUNT_A_ID>:role/AWSIRSA_{cluster_name}_ArgoCDMaster"
      },
      "tlsClientConfig": {
        "insecure": false,
        "caData": "<Base64-encoded CA certificate of the target cluster>"
      }
    }
  name: "<cluster-name>"
  server: "https://EXAMPLED539D4633E53DE1B71EXAMPLE.gr7.<AWS_REGION>.eks.amazonaws.com"

External Secrets Operator

"<cluster-name>-cluster": {
  "config": {
    "awsAuthConfig": {
      "clusterName": "<cluster-name>",
      "roleARN": "arn:aws:iam::<AWS_ACCOUNT_B_ID>:role/AWSIRSA_{cluster_name}_ArgoCDMaster"
    },
    "tlsClientConfig": {
      "insecure": false,
      "caData": "<Base64-encoded CA certificate of the target cluster>"
    }
  },
  "name": "<cluster-name>",
  "server": "https://EXAMPLED539D4633E53DE1B71EXAMPLE.gr7.<AWS_REGION>.eks.amazonaws.com"
}

After applying the configuration, you can verify the cluster connection ArgoCD -> Settings -> Clusters -> <cluster-name>:

Deploy application on new cluster

Create Deployment Flow

To create a deployment flow, follow the steps below:

1. Navigate to the Deployment Flows tab and click the + Create Deployment Flow button.

2. The Enter name tab of the Create Deployment Flow:

1. Enter the deployment flow name that will be displayed in the Deployment Flows list. Enter at least two characters, use the lower-case letters, numbers, and dashes.

2. Click the Next button to move onto the Add applications tab.

note

The namespace created by the environment has the following pattern combination: [KubeRocketCI namespace]-[environment name]-[stage name]. Please be aware that the namespace length should not exceed 63 symbols.

3. The Component tab of the Environments menu is presented below:

4. Click the Create button to finish deployment flow configuration and proceed with configuring environment.

5. On the Environments menu, click the Create Environment button.

6. The Configure Stage tab of the Create Stage menu is presented below:

Set the proper cluster options:

• Cluster - Choose the <cluster-name> to deploy the stage in;
• Stage name - Enter the stage name;
• Description - Enter the description for this stage;

7. Click the Next button to move onto the Add quality gates tab.

8. Click the Create button to start the provisioning of the pipeline. cluster-irsa-krci-deployed-application.png

Related Articles

• Argo CD Integration
• Add Application
• Add Library
• Add Autotest
• Add Deployment Flow