Monday, April 3, 2023

Kubernetes: Add and Manage External Clusters

Background


We've all wanted to make our work easier and handling all the Kubernetes clusters from a single instance will definitely help. In this post, we look at how we can add external Kubernetes cluster and manage it from a single Kubernetes cluster. The original idea was to deploy applications to multiple Kubernetes clusters from a single ArgoCD instance. For that, we had to add multiple clusters to a single cluster where the ArgoCD was hosted.

For this post I have setup two clusters and we will add the second cluster to the first cluster's kubeconfig and manage it from there. We will authenticate to the external cluster using a service account token. However, there are other ways of authenticating such as certificates and username/password credentials.

Configuring the External Cluster


These configurations will be done in the external cluster.

First, we will create a new serviceaccount for the external cluster.

Second, we will create clusterrolebinding.


The service account has been created as shown below:


The clusterrolebinding has been created as shown below:


Now, we check the cluster admin token cluster-admin-token-asldf created white creating the serviceaccount.


Adding the External Cluster


First, we add the external cluster. Here I have used the IP and Port for the external cluster,  named it test-cluster and skipped TLS verification.

Second, we set the cluster context.

Third, we set the credentials for the external cluster authentication.

The final contents of kubeconfig are as shown below from the command: kubectl config view

Adding the External Cluster in ArgoCD


We can only add the external cluster in ArgoCD from commandline. So, we are going to run the below commands in the argocd-server pod. 

First, we login as admin.

Second, we add the cluster.

Third, we can list the clusters available for deployment.

Finally, we can see the added external cluster in the ArgoCD UI.























No comments:

Post a Comment

Note: Only a member of this blog may post a comment.