Create a managed cluster¶
Caution
The public networking mode for the Equinix Metal based clusters is deprecated for the sake of the private networking mode. Deployments with public networks will become unsupported in one of the following Container Cloud releases.
This section describes how to create a managed cluster that is based on Equinix Metal using the Mirantis Container Cloud web UI of the Equinix Metal or AWS-based management cluster.
To create a managed cluster based on Equinix Metal:
Configure BGP for your Equinix Metal project as described in Equinix Metal project setup.
Verify that the default Border Gateway Protocol (BGP)
max_prefix
parameter set to10
is enough for the new cluster workloads as described in Increase BGP max_prefix. If required, increase the limit.Note
You can increase the BGP
max_prefix
limit after cluster deployment if the originally planned limit is reached.Log in to the Container Cloud web UI with the
m:kaas:namespace@operator
orm:kaas:namespace@writer
permissions.Switch to the required non-
default
project using the Switch Project action icon located on top of the main left-side navigation panel.To create a project, refer to Create a project for managed clusters.
Optional. In the SSH Keys tab, click Add SSH Key to upload the public SSH key(s) for creation of the Equinix Metal devices.
In the Credentials tab:
Click Add Credential to add your Equinix Metal credential.
Configure the following parameters:
Credential configuration¶ Parameter
Description
Credential Name
Equinix Metal credential name.
Provider
Provider name. Select Equinix.
Region
From the drop-down list, select the region for the new cluster. For example, region-one.
Project ID
Equinix Metal project ID located in the Equinix Metal console in the Project Settings > General section.
API Token
Equinix Metal user-level API token located in the Equinix Metal console in the Profile Settings > Personal API Keys section.
If you do not have an API token, create one using the Equinix Metal console:
In the Profile Settings > Personal API Keys section, click Add New Key.
Fill in the Description and select Read/Write permissions.
Click Add Key.
Click Create.
Verify that the new credential status is Ready. If the status is Error, hover over the status to determine the reason.
In the Clusters tab, click Create Cluster and fill out the form with the following parameters as required:
Configure general settings and Kubernetes parameters:
Managed cluster configuration¶ Section
Parameter
Description
General settings
Name
Cluster name.
Provider
Select Equinix Metal.
Provider Credential
From the drop-down list, select the Equinix Metal credential name that you have previously added.
Manual Ceph Configuration
Enables manual Ceph configuration. Select to manually configure Ceph roles on each cluster machine. For Ceph configuration options, see Ceph advanced configuration.
If unset, the Ceph roles will be configured automatically.
Caution
Switching from manual to automatic configuration of Ceph roles is forbidden.
Switching from automatic to manual configuration is available after the cluster creation through the Configure Cluster menu.
Release Version
The Container Cloud version.
SSH keys
From the drop-down list, select the SSH key name(s) that you have previously added for SSH access to VMs.
Container Registry
From the drop-down list, select the Docker registry name that you have previously added using the Container Registries tab. For details, see Define a custom CA certificate for a private Docker registry.
Provider
Facility
The location in which the Equinix Metal server will be deployed.
Kubernetes
Node CIDR
The Kubernetes nodes CIDR block. For example,
10.10.10.0/24
.Services CIDR Blocks
The Kubernetes Services CIDR block. For example,
172.21.0.0/18
.Pods CIDR Blocks
The Kubernetes Pods CIDR block. For example,
172.21.128.0/18
.Note
The network subnet size of Kubernetes pods influences the number of nodes that can be deployed in the cluster. The default subnet size
/18
is enough to create a cluster with up to 256 nodes. Each node uses the/26
address blocks (64 addresses), at least one address block is allocated per node. These addresses are used by the Kubernetes pods withhostNetwork: false
. The cluster size may be limited further when some nodes use more than one address block.Configure StackLight:
Section
Parameter name
Description
StackLight
Enable Monitoring
Selected by default. Deselect to skip StackLight deployment. You can also enable, disable, or configure StackLight parameters after deploying a managed cluster. For details, see Change a cluster configuration or Configure StackLight.
Enable Logging
Select to deploy the StackLight logging stack.
For details about the logging components, see Deployment architecture.
Note
The logging mechanism performance depends on the cluster log load. In case of a high load, you may need to increase the default resource requests and limits for
fluentdLogs
. For details, see StackLight configuration parameters: Resource limits.HA Mode
Select to enable StackLight monitoring in the HA mode. For the differences between HA and non-HA modes, see Deployment architecture.
StackLight Default Logs Severity Level
Log severity (verbosity) level for all StackLight components. The default value for this parameter is Default component log level that respects original defaults of each StackLight component. For details about severity levels, see Log verbosity.
StackLight Component Logs Severity Level
The severity level of logs for a specific StackLight component that overrides the value of the StackLight Default Logs Severity Level parameter. For details about severity levels, see Log verbosity.
Expand the drop-down menu for a specific component to display its list of available log levels.
OpenSearch
Logstash Retention Time
Available if you select Enable Logging. Specifies the
logstash-*
index retention time.Events Retention Time
Available if you select Enable Logging. Specifies the
kubernetes_events-*
index retention time.Notifications Retention
Available if you select Enable Logging. Specifies the
notification-*
index retention time and is used for Mirantis OpenStack for Kubernetes.Persistent Volume Claim Size
Available if you select Enable Logging. The OpenSearch persistent volume claim size.
Collected Logs Severity Level
Available if you select Enable Logging. The minimum severity of all Container Cloud components logs collected in OpenSearch. For details about severity levels, see Logging.
Prometheus
Retention Time
The Prometheus database retention period.
Retention Size
The Prometheus database retention size.
Persistent Volume Claim Size
The Prometheus persistent volume claim size.
Enable Watchdog Alert
Select to enable the Watchdog alert that fires as long as the entire alerting pipeline is functional.
Custom Alerts
Specify alerting rules for new custom alerts or upload a YAML file in the following exemplary format:
- alert: HighErrorRate expr: job:request_latency_seconds:mean5m{job="myjob"} > 0.5 for: 10m labels: severity: page annotations: summary: High request latency
For details, see Official Prometheus documentation: Alerting rules. For the list of the predefined StackLight alerts, see Operations Guide: Available StackLight alerts.
StackLight Email Alerts
Enable Email Alerts
Select to enable the StackLight email alerts.
Send Resolved
Select to enable notifications about resolved StackLight alerts.
Require TLS
Select to enable transmitting emails through TLS.
Email alerts configuration for StackLight
Fill out the following email alerts parameters as required:
To - the email address to send notifications to.
From - the sender address.
SmartHost - the SMTP host through which the emails are sent.
Authentication username - the SMTP user name.
Authentication password - the SMTP password.
Authentication identity - the SMTP identity.
Authentication secret - the SMTP secret.
StackLight Slack Alerts
Enable Slack alerts
Select to enable the StackLight Slack alerts.
Send Resolved
Select to enable notifications about resolved StackLight alerts.
Slack alerts configuration for StackLight
Fill out the following Slack alerts parameters as required:
API URL - The Slack webhook URL.
Channel - The channel to send notifications to, for example, #channel-for-alerts.
StackLight optional settings
Enable Reference Application
Available since Container Cloud 2.22.0. Enables Reference Application that is a small microservice application that enables workload monitoring on non-MOSK managed clusters.
Disabled by default. You can also enable this option after deployment from the Configure cluster menu.
Click Create.
To monitor the cluster readiness, hover over the status icon of a specific cluster in the Status column of the Clusters page.
Once the orange blinking status icon becomes green and Ready, the cluster deployment or update is complete.
You can monitor live deployment status of the following cluster components:
Component
Description
Bastion
For the OpenStack and AWS-based clusters, the Bastion node IP address status that confirms the Bastion node creation
Helm
Installation or upgrade status of all Helm releases
Kubelet
Readiness of the node in a Kubernetes cluster, as reported by kubelet
Kubernetes
Readiness of all requested Kubernetes objects
Nodes
Equality of the requested nodes number in the cluster to the number of nodes having the
Ready
LCM statusOIDC
Readiness of the cluster OIDC configuration
StackLight
Health of all StackLight-related objects in a Kubernetes cluster
Swarm
Readiness of all nodes in a Docker Swarm cluster
LoadBalancer
Readiness of the Kubernetes API load balancer
ProviderInstance
Readiness of all machines in the underlying infrastructure (virtual or bare metal, depending on the provider type)
For the history of a cluster deployment or update, refer to Inspect the history of a cluster and machine deployment or update.
Proceed with Add a machine.
See also