Attach an existing Mirantis Kubernetes Engine cluster

Note

The Container Cloud web UI communicates with Keycloak to authenticate users. Keycloak is exposed using HTTPS with self-signed TLS certificates that are not trusted by web browsers.

To use your own TLS certificates for Keycloak, refer to Configure TLS certificates for cluster applications.

Using the Container Cloud web UI, you can attach an existing Mirantis Kubernetes Engine (MKE) cluster that is not deployed by Container Cloud to a management cluster. This feature allows for visualization of all your MKE clusters details in one place including clusters health, capacity, and usage.

The following table describes the main features and limitations of an existing MKE cluster attached to Container Cloud:

Features

Limitations

  • Visualize vital cluster details in the Container Cloud web UI such as cluster health, capacity, and usage.

  • Manage cluster permissions.

  • Enable cluster logging, monitoring, and alerting using StackLight.

  • Update the cluster to the latest available Cluster release with the MKE version update, when available. For details, see Update a managed cluster.

  • Enable maintenance mode on the cluster and its machines to perform operating system configuration or node reboot without affecting the workloads. For details, see Enable cluster and machine maintenance mode.

  • No control over the cluster infrastructure. Container Cloud controls Keycloak integration, reflects the cluster nodes as Machine objects, and provides cluster updates.

  • No possibility to add or remove machines, manage operating system configuration (for example, Docker upgrade).

  • The proxy and cache feature is not supported.

  • Nodes of the attached cluster do not contain LCM Agent.

For supported MKE versions that can be attached to Container Cloud, see Compatibility matrix of components versions and Support matrix of MKE versions for cluster attachment.

For supported configurations of existing MKE clusters that are not deployed by Container Cloud, see MKE, MSR, and MCR Compatibility Matrix.

Note

Attachment of MKE clusters is tested on the following operating systems:

  • Ubuntu 20.04

  • RHEL 7.9

  • CentOS 7.9

Note

Using the free Mirantis license, you can create up to three Container Cloud managed clusters with three worker nodes on each cluster. Within the same quota, you can also attach existing MKE clusters that are not deployed by Container Cloud. If you need to increase this quota, contact Mirantis support for further details.

Using the instruction below, you can also deploy StackLight on your existing MKE cluster during the attach procedure. Before that, consider the following:

  • For StackLight in non-HA mode, make sure that you have the default storage class configured on the MKE cluster being attached. To select and configure a persistent storage for StackLight, refer to MKE documentation: Persistent Kubernetes storage.

  • Allow the StackLight monitoring agents (Node Exporter and Fluentd) to schedule on the MKE manager and MSR nodes as described in Allow services deployment on Kubernetes MKE manager or MSR nodes.

  • StackLight requires the capability to create LoadBalancer Services in the cluster to externally expose StackLight web UIs.

For details on StackLight requirements, see StackLight requirements for an MKE attached cluster.

Caution

An MKE cluster can be attached to only one management cluster. Attachment of a Container Cloud-based MKE cluster to another management cluster is not supported.

To attach an existing MKE cluster:

  1. Log in to the Container Cloud web UI with the m:kaas:namespace@operator or m:kaas:namespace@writer permissions.

  2. Switch to the required project using the Switch Project action icon located on top of the main left-side navigation panel.

  3. In the Clusters tab, expand the Create Cluster menu and click Attach Existing MKE Cluster.

  4. In the wizard that opens, fill out the form with the following parameters as required:

    1. Configure general settings:

      • Cluster Name - specify the cluster name.

      • Region - select the required cloud provider: OpenStack, AWS, Azure, Equinix Metal, vSphere, or bare metal.

    2. Select from the following options:

      • Since Container Cloud 2.21.0, upload the MKE client bundle using upload MKE client bundle or fill in the fields manually.

      • Before Container Cloud 2.21.0, fill in the fields of the MKE client bundle manually or use the workaround steps of the known issue 26416 to upload the MKE bundle automatically.

      To download the MKE client bundle, refer to MKE user access: Download client certificates.

    3. For StackLight, make sure that you have the default storage class configured on the MKE cluster being attached.

      To select and configure a persistent storage for StackLight, refer to MKE documentation: Persistent Kubernetes storage.

    4. Configure StackLight:

      StackLight configuration

      Section

      Parameter name

      Description

      StackLight

      Enable Monitoring

      Selected by default. Deselect to skip StackLight deployment.

      Note

      You can also enable, disable, or configure StackLight parameters after deploying a managed cluster. For details, see Change a cluster configuration or Configure StackLight.

      Enable Logging

      Select to deploy the StackLight logging stack. For details about the logging components, see Deployment architecture.

      Note

      The logging mechanism performance depends on the cluster log load. In case of a high load, you may need to increase the default resource requests and limits for fluentdLogs. For details, see StackLight configuration parameters: Resource limits.

      HA Mode

      Select to enable StackLight monitoring in the HA mode. For the differences between HA and non-HA modes, see Deployment architecture.

      StackLight Default Logs Severity Level

      Log severity (verbosity) level for all StackLight components. The default value for this parameter is Default component log level that respects original defaults of each StackLight component. For details about severity levels, see Log verbosity.

      StackLight Component Logs Severity Level

      The severity level of logs for a specific StackLight component that overrides the value of the StackLight Default Logs Severity Level parameter. For details about severity levels, see Log verbosity.

      Expand the drop-down menu for a specific component to display its list of available log levels.

      OpenSearch

      Logstash Retention Time Available since 2.17.0

      Available if you select Enable Logging. Specifies the logstash-* index retention time.

      Events Retention Time Available since 2.17.0

      Available if you select Enable Logging. Specifies the kubernetes_events-* index retention time.

      Notifications Retention Time Available since 2.17.0

      Available if you select Enable Logging. Specifies the notification-* index retention time and is used for Mirantis OpenStack for Kubernetes.

      Retention Time Removed since 2.17.0

      Available if you select Enable Logging. The OpenSearch logs retention period.

      Persistent Volume Claim Size

      Available if you select Enable Logging. The OpenSearch persistent volume claim size.

      Collected Logs Severity Level

      Available if you select Enable Logging. The minimum severity of all Container Cloud components logs collected in OpenSearch. For details about severity levels, see Logging.

      Prometheus

      Retention Time

      The Prometheus database retention period.

      Retention Size

      The Prometheus database retention size.

      Persistent Volume Claim Size

      The Prometheus persistent volume claim size.

      Enable Watchdog Alert

      Select to enable the Watchdog alert that fires as long as the entire alerting pipeline is functional.

      Custom Alerts

      Specify alerting rules for new custom alerts or upload a YAML file in the following exemplary format:

      - alert: HighErrorRate
        expr: job:request_latency_seconds:mean5m{job="myjob"} > 0.5
        for: 10m
        labels:
          severity: page
        annotations:
          summary: High request latency
      

      For details, see Official Prometheus documentation: Alerting rules. For the list of the predefined StackLight alerts, see Operations Guide: Available StackLight alerts.

      StackLight Email Alerts

      Enable Email Alerts

      Select to enable the StackLight email alerts.

      Send Resolved

      Select to enable notifications about resolved StackLight alerts.

      Require TLS

      Select to enable transmitting emails through TLS.

      Email alerts configuration for StackLight

      Fill out the following email alerts parameters as required:

      • To - the email address to send notifications to.

      • From - the sender address.

      • SmartHost - the SMTP host through which the emails are sent.

      • Authentication username - the SMTP user name.

      • Authentication password - the SMTP password.

      • Authentication identity - the SMTP identity.

      • Authentication secret - the SMTP secret.

      StackLight Slack Alerts

      Enable Slack alerts

      Select to enable the StackLight Slack alerts.

      Send Resolved

      Select to enable notifications about resolved StackLight alerts.

      Slack alerts configuration for StackLight

      Fill out the following Slack alerts parameters as required:

      • API URL - The Slack webhook URL.

      • Channel - The channel to send notifications to, for example, #channel-for-alerts.

  5. Click Create.

    To monitor the cluster readiness, hover over the status icon of a specific cluster in the Status column of the Clusters page.

    Once the orange blinking status icon is green and Ready, the cluster deployment or update is complete.

    You can monitor live deployment status of the following cluster components:

    Component

    Description

    Bastion

    For the OpenStack and AWS-based clusters, the Bastion node IP address status that confirms the Bastion node creation

    Helm

    Installation or upgrade status of all Helm releases

    Kubelet

    Readiness of the node in a Kubernetes cluster, as reported by kubelet

    Kubernetes

    Readiness of all requested Kubernetes objects

    Nodes

    Equality of the requested nodes number in the cluster to the number of nodes having the Ready LCM status

    OIDC

    Readiness of the cluster OIDC configuration

    StackLight

    Health of all StackLight-related objects in a Kubernetes cluster

    Swarm

    Readiness of all nodes in a Docker Swarm cluster

    LoadBalancer

    Readiness of the Kubernetes API load balancer

    ProviderInstance

    Readiness of all machines in the underlying infrastructure (virtual or bare metal, depending on the provider type)

  6. For StackLight, add the StackLight label to worker nodes. For details, see Node Labels in Create a machine using web UI.

    1. On the Machines page, click the More action icon in the last column of the required machine field and select Configure machine.

    2. In Node Labels, select StackLight.

Caution

To detach an MKE cluster, use the Detach button in the cluster menu of the Container Cloud web UI. Do not delete the cluster machines using the cloud provider tools directly to prevent issues with cluster detachment or cleaning of machines resources manually.