top of page
Abstract Linear Background

Quick Start

How to configure and work with both Cli's is provided below in comprehensive manner.

Home: Welcome
K8Cli - Quick Start
Operations supported by the K8Cli:

  • Init

  • Cluster

  • Addons

  • NameSpace

  • Storage

  • ResourceQuota

  • DefaultQuota

  • ServiceAccounts

  • Resource-All

  • Backup

Home: Services
bxsblue.png
Init Operation

This operation is used for initializing folder structure which holds all the configuration files needed for cluster operation. Init operation will create sample configuration files which needs to be updated by users for cli to use for other operations.

clustrconfig-initp.png

Figure 1 - Cluster Configuration

clustrfolderstrc-initop.png

Figure 2 - Config Cluster folder structure

Cluster Operation

This operation is used for creating/updating K8 clusters. It will create VPC; and create and update Master/Nodes. This operation will support managing blue/green clusters. Currently, this is supported only for AWS cloud and other clouds are support for future releases.

clustryml-qkstrt.png

Figure 3 - Cluster.yml

Addons Operations

This is supported for all the cluster and dependent on helm3. Users can provide path to addons list yml file and cli to install the addons. K8Cli supports multiple chart repositories support helm charts.

addonsyml-qkstrt.png

Figure 4 - Addons.yml

Backup Operations

This is supported for all the cluster and dependent on Valero. This will trigger Velero installed in the cluster.

Resource Management operations

These operations are used for managing cluster once it is operational. They are used for creating Name Spaces, Storage Accounts, Default Quotas, Resource Quotas and Service Accounts.

rsrcmgmt-qkstrt.png

Figure 5 - Resource mgmt folder structure

Namespace Operation

This operation will create/update/delete Name Spaces needed for applications to push their apps. This is admin level operation needed proper privileges for the service accounts to execute this operation. This will be discussed in following topics.

 

This operation will provide Delete flag which can be enabled to delete the NameSpaces not listed in the configuration file.

 

The default quota and resource quota will be defined in separate yml files, discussed below, which will be read when creating namespaces.

namespceyml-qkstrt.png

Figure 6 - NameSpace.yml

ResourceQuota Operation

This operation will create resources quotas listed in ResourceQuota.yml. This Quotas are attached to the NameSpace defined in NameSpace.yml. The yml file enables the operator to define CPU / Memory / StorageClasses limits needed for attaching to the NameSpaces.

Figure 6 - NameSpace.yml

rsrcquta-qkstrt.png

Figure 7 - ResourceQuota.yml

StorageClass Operation

This is operation used for creating Storage Classes needs for cluster operations. This is cloud depended, i.e, the respective storage classes listed needs to be supported by the cloud environment.

strgeclases-qkstrt.png

Figure 8 - StorageClasses.yml

DefaultQuota Operation

This is used for creating default quota. It provides flags for defining CPU/Memory min, max, and default request limits for both containers and pods.

defaultqta-qkstrt.png

Figure 9 - DefaultQuota.yml

DefaultNameSpaceRole Operation

This operation can used for creating default roles needed for accessing Namespaces created by Cli. Once the Operator triggers namespace operation, it will create a corresponding service account. The role/permission set needed for creating this service account is defined in default namespace role operation. Updating this yml, will lead to updating role in the backend and changing access control for all the service accounts.

defltnamespc-qkstrt.png

Figure 10 - DefaultNameSpaceRole.yml

C9Cli – Quick Start
Operations supported by the C9Cli:

  • Init

  • Org-init

  • Create-Quota

  • Audit-Quota

  • Create-Org

  • Audit-Org

  • Create-Space

  • Audit-Space

  • Create-Org-Users

  • Audit-Org-Usrs

  • Create-Space-Users

  • Audit-Space-Users

  • Create-ASGs

  • Audit-ASGs

Init Operation

This operation is used for initiating Parent repo setup. This will create Sample Configuration files which can used for setting up pipelines.

Org-Init Operation

This operation is used for cloning child repos to Parent if subtree is enabled, to create new/missing state files, and to create Org folders and sample org config files if subtree is not enabled.

Create Operations

All the create operation will create resources doesn’t exit the resource exist or update the resource it already exists and this some these operations can be controlled using Admin Privileges.

Audit Operations

All Audit operations have option to list/delete for resources and few has option to rename the resources removed from the yml file. Audit function can be set at org level, but administrative setting will the precedence.

C9Cf-mgmt Pipeline

All Task run in sequence:

  • Org-Int

  • Create-Quota

  • Audit-Quota

  • Create-Org

  • Audit-Org

  • Create-Space & Create-Org-Users

  • Audit-Space & Audit-Org-Usrs

  • Create-Space-Users & Create-ASGs

  • Audit-Space-Users & Audit-ASGs

C9Cf-mgmt-Orgs Pipelines

Functions:

  • Create/Audit Quotas

  • Create/Audit Orgs

  • Create/Audit Spaces

C9Cf-mgmt-Asgs Pipelines

  • Create/Audit Asgs

C9Cf-mgmt-Users Pipelines

  • Create/Audit Org Users

  • Create/Audit Space Users

Self-Service Capabilities

All the self service capabilities available to applications teams (except creating Spaces) can be controlled by Platform team using administrative flags.

List of Self-Service Capabilities:
Manage User permissions for Orgs and Spaces

Roles:

  • OrgAuditors

  • OrgManagers

  • SpaceManagers

  • SpaceDevelopers

​

Controls:

  • Set/UnSet/List

 

Corresponding Concourse Tasks:

  • Create-Org-Users

  • Audit-Org-Users

  • Create-Space-Users

  • Audit-Space-Users

 

Note: Administrative flags will have precedence over this controls

Manage Spaces

Controls:

  • Create/List/Delete/Rename

 

Corresponding Concourse Tasks:

  • Create-Space

  • Audit-Space

​

Note: Application teams are enabled to Create or List Spaces but Platform team has option enable delete spaces for the application team

Map Spaces to Isolation Segments

Controls:

  • Set / List / Unset Isolation segments attached to Spaces

 

Corresponding Concourse Tasks:

  • Create-Space

  • Audit-Space

​

Note: Application teams are enabled to Set or List Isolation segments attached to Spaces but enabling unset can be controlled by administrative privileges

Manage ASGs for Orgs and Spaces

Controls:

  • Add/list/Delete ASGs

 

Corresponding Concourse Tasks:

  • Create-Space-asg

  • Audit-Space-asg

​

Note: Application teams are enabled to Add or List or but delete ASGs attached to Spaces can be controlled by administrative privileges 

List of self-service flags:

SpaceAudit:

Enables Org Owners to list/delete/rename unneeded space during space audit operation.

 

UserAudit:

Enables Org Owners to list/unset unneeded Org/Space users during usr audit operation.

 

ASGAudit:

Enables Org Owners to list/delete unneeded asgs during asg audit operation.

 

IsolationAudit:

Enables Org Owners to list/unbind Isolation segments during create space operation.

List of administrative capabilities:
Pull Child repo - Orgs

Controls:

  • Create/Map Child Repo to Org

 

Corresponding Concourse Tasks:

  • Org-init

Manage Orgs

Controls:

  • Create/Rename/Delete/List Org

 

Corresponding Concourse Tasks:

  • Create-Org

  • Audit-Org

Manage Quotas

Controls:

  • Add/list/Update/Rename/delete

 

Corresponding Concourse Tasks:

  • Create-Quotas

  • Audit-Quotas

Attach Quotas

Controls:

  • Attach/Change Quotas

​

Corresponding Concourse Tasks:

  • Create-Org

  • Audit-Org

Define Protected Orgs and Quotas

Controls:

  • Add/Change/Remove Orgs and Quotas from the protected Org list

​

Corresponding Concourse Tasks:

  • Create-Protected-ASG

Define Protected ASG

Controls:

  • Add/Remove/Update Default ASG

​

Corresponding Concourse Tasks:

  • Create-Protected-ASG

List of administrative flags:

EnableASG:

To enable Application teams to use ASGs

​

SetOrgAuditor:

To enable Application teams to set Org Audtor access

​

EnableASGAudit: 

To enable Application teams to delete ASGs

 

SetOrgManager: 

To enable Application teams to set Org Manager access

 

EnableUserAudit: 

To enable Application teams to unset users

 

SetSpaceAuditor: 

To enable Application teams to set Space Audtor access

 

SetSpaceManager: 

To enable Application teams to set Space Manager access

 

EnableGitSubTree: 

To enable git sub tree

 

SetSpaceDeveloper: 

To enable Application teams to set Space Developer access

 

EnableSpaceAudit: 

To enable Application teams to delete/rename

 

EnableIsolationAudit: 

To enable Application teams to unbind Isolation segments

C9Cli Setup
Repo type selection

C9Cli supports two different repository configurations, i.e, Bare-Repo and Parent-Child Repo configuration. Platform team can avail either of the two options depending upon their need. The bare – repo configuration is generally recommended when policies permit application teams to commit to parent repo, whereas, Parent-child configuration is much suited when every team is allowed to have their own child repo and commit to parent is restricted.

repotypesel1.png
repotypesel2.png
Repo Initialization

C9Cli init operation helps to create sample configuration files and folder structure once the repo type has been selected. Init operation creates a folder with repo name, and two subfolders one with name of api endpoint, called config folder for holding configuration files and Org folders and other, called state folder, with “-state” appended to api endpoint which is used for storing state/metadata files and this folder can initialized as git repo for subsequent operations.

 

The init operation should need to be provided with Git repo name and api endpoint.

C9Cli -i init -gr < repo-name >.git -e < api endpoint >

 

OS: Windows/Linux/Mac

Dependencies: Git cli, cf cli support v3 api

repoiniti1.png
repoiniti2.png

C9Cli does supports other flags which can viewed with –h argument but this flags can be added/enabled anytime during the operation depending on policy requirements.

repoiniti3.png
Repo Configuration

Operators are provided with sample config.yml file in the config folder which includes all the flags needed for C9Cli to operate. To enable subtree or Parent - Child repo configuration, EnableGitSubtree flag has to be set to true. If not then C9Cli will treat the configuration as Bare - Repo configuration.

repoconfig.png

Depending on the state of EnableGitSubtree flag, C9Cli will look for either of available Orglist.yml files (Orglist/GitOrglist.yml). If Subtree is enabled then C9Cli uses GitOrglist.yml else Orglist.yml. This yml has be populated by the platform operator for subsequent C9Cli operations. If Subtree is enabled then Operators has to create the child repos before adding them to GitOrgList.yml file.

 

Now operators has to create ssh key pair for C9Cli to commit git pull and push operations in both the repo configuration for all the participating repos. C9Cli does support only SSH git URLs

Running Cli

Once the Repo is configured, C9Cli can be run on docker container or a VM with Windows or Linux or Mac operating systems which has cf cli supporting v3, and git installed. This can be run on Concourse or Non-Concourse CICD tools.

 

All the operations except init needs the following parameters to be passed for successful execution.

C9Cli -i < operation > -e < endpoint> -p < pwd > -gr < git-repo > -gb < git-branch > -sshkey < path to SSH Key >

 

  • endpoint:

cf login endpoint – api.sys.<domain>

 

  • pwd:

cf login password

 

  • git repo:

SSH GIT Repo URL of parent/bare repository

Operations:

  • Org-init

  • Create-Quota

  • Audit-Quota

  • Create-Org

  • Audit-Org

  • Create-Space

  • Audit-Space

  • Create-Org-Users

  • Audit-Org-Usrs

  • Create-Space-Users

  • Audit-Space-Users

  • Create-ASGs

  • Audit-ASGs

Conact
Connect to us for more info on setup & support

For any query and customized solution related to installation, maintenance or troubleshooting, reach out to us. 

Arna Cloud

©2023 by Arna Cloud

  • Facebook
  • Twitter
  • LinkedIn
bottom of page