Skip to content

KOF Verification#

Finally, verify that KOF installed properly.

Grafana#

  • Effective immediately, Mirantis will no longer distribute Grafana as part of its products or services. This change is being made to proactively avoid potential licensing, redistribution, or compliance considerations related to third-party software. For more information, please contact Mirantis.
  • Review the Using KOF and Grafana in KOF guides in the latest Mirantis k0rdent Enterprise version for instruction on how to install Grafana and Mirantis-provided Grafana dashboards, and to optionally install and integrate with grafana-operator for Grafana lifecycle management.

Verification steps#

  1. Wait until the value of HELMCHARTS and POLICYREFS changes from Provisioning to Provisioned: 

    kubectl get clustersummaries -A -o wide
    If you see the Failed/Provisioning loop, check status and logs: 
    kubectl get clustersummaries -A -o yaml \
  | yq '.items[].status.featureSummaries[]
  | select(.status != "Provisioned")'

kubectl logs -n kof deploy/kof-mothership-kof-operator

  2. Wait for all pods in the regional and child clusters to show as Running in the namespaces kof, kube-system, projectsveltos: 

    kubectl get secret -n kcm-system $REGIONAL_CLUSTER_NAME-kubeconfig \
  -o=jsonpath={.data.value} | base64 -d > regional-kubeconfig

kubectl get secret -n kcm-system $CHILD_CLUSTER_NAME-kubeconfig \
  -o=jsonpath={.data.value} | base64 -d > child-kubeconfig

KUBECONFIG=regional-kubeconfig kubectl get pod -A
KUBECONFIG=child-kubeconfig kubectl get pod -A

  3. Wait until the value of READY changes to True for all certificates in the regional cluster: 

    KUBECONFIG=regional-kubeconfig kubectl get cert -n kof

Manual DNS config#

If you've opted out of DNS auto-config and Istio, you will need to do the following:

  1. Get the EXTERNAL-IP of ingress-nginx: 

    KUBECONFIG=regional-kubeconfig kubectl get svc \
  -n kof ingress-nginx-controller
    It should look like REDACTED.us-east-2.elb.amazonaws.com

  2. Create these DNS records of type A, all pointing to that EXTERNAL-IP: 

    echo grafana.$REGIONAL_DOMAIN
echo jaeger.$REGIONAL_DOMAIN
echo vmauth.$REGIONAL_DOMAIN

Sveltos#

Use the Sveltos dashboard to verify secrets have been auto-distributed to the required clusters:

  1. Start by preparing the system:

    kubectl create sa platform-admin
kubectl create clusterrolebinding platform-admin-access \
  --clusterrole cluster-admin --serviceaccount default:platform-admin

kubectl create token platform-admin --duration=24h
kubectl port-forward -n kof svc/dashboard 8081:80

  2. Now open http://127.0.0.1:8081/login and paste the token output in step 1 above.

  3. Open the ClusterAPI tab: http://127.0.0.1:8081/sveltos/clusters/ClusterAPI/1
  4. Check both regional and child clusters:
    • Cluster profiles should be Provisioned.
    • Secrets should be distributed.

sveltos-demo