- Print
- PDF
Onboarding a K3s Cluster
- Print
- PDF
In this section, the steps involved in onboarding a K3s cluster to Britive.
Britive configuration
- Login to Britive with administrator privileges.
- Click Admin -> Application and Access Profile Management.
- From the Tenant Applications page, click on CREATE APPLICATION.
- On the Add Application page, click Add (+) sign inline to the Kubernetes application.
- In the Application tab, enter the following values:
- Enter the Application Name.
- Enter the Application Description, if required.
- Click NEXT. The Settings tab is displayed.
- Check Display programmatic access keys to allow the user to copy the credentials to the clipboard after they check out programmatic access profiles. Users can only access the keys through CLI or scripts if the option is not selected.
Profile Settings: Configure the maximum session duration for profiles. You can select the duration between 15 minutes to 7 calendar days. This allows to setup expiration duration for each profile while creating/updating the profile up to this configured value. If existing profiles are created with more than 12 hours and the above setting is changed, then it cannot be lowered until all profiles are updated with a lower expiration duration.
- Click SAVE.
- Click the CREATE ENTITY button.
- Enter the following details in the Create Environment/Environment Group page:
- Select Environment in the Entity Type.
- Enter Entity Name.
- Enter Entity Description.
- Click SAVE.
- On the Settings tab, Britive automatically creates OIDC attributes to use when setting up the federation trust with the K3s cluster. You need to add these attributes to the cluster’s API server configuration in the following steps.
- Enter the API Server endpoint in the Kubernetes API Server URL. Copy this URL from the K3s Admin portal.
- Enter certificate authority information in the Certificate (CA Cert). You can get the certificate authority information from the K3s admin portal. Typically, this would be the Base64 encoded string of the server ca.crt file.
Cluster configuration
Set up the K3s cluster configuration with the following options. The OIDC information is provided within Britive on a per “environment” basis. You may store this configuration in the config.yaml file for the cluster and restart the service.
kube-apiserver-arg:
- "oidc-issuer-url=<<from-britive-ui>>"
- "oidc-client-id=<<from-britive-ui>>"
- "oidc-username-claim=sub"
- "oidc-groups-claim=groups"