Configure your environment#

To use Rackspace KaaS, review the following sections:

Requirements#

Rackspace KaaS enables you to run Kubernetes workloads on top of an Amazon EKS or a Rackspace Private Cloud Powered by OpenStack or Red Hat. Rackspace deployment engineers deploy all the underlying infrastructure for you.

Before you begin using Rackspace KaaS, you must have the following items on your client machine:

  • kubectl: An official Kubernetes command-line client. All the examples in this guide use kubectl.
  • Docker Community Edition: Required to execute examples described in this guide.

Resource limits#

Rackspace KaaS custom builds clusters to the customer’s specifications.

The minimum Kubernetes cluster configuration, with three worker nodes, includes the following elements:

Kubernetes worker nodes:

  • vCPU: 4
  • RAM: 8 GB
  • Local storage: 40 GB of local storage

Private Docker registry:

  • Database: 10 GB

Note

The private Docker registry database stores metadata for Docker images. Rackspace KaaS stores the actual Docker images in an object storage system, such as Ceph™ RADOS Gateway (RGW), OpenStack Swift, AWS S3, or another compatible object store that you deploy as part of your cloud.

If you need to resize your cluster, contact your Rackspace representative and request additional resources.

Access your Kubernetes cluster with kubectl#

To access your Kubernetes cluster, log in to the Kubernetes Access Manager(KAM) with your identity credentials, and get a kubeconfig file to use with kubectl commands. Complete the following steps to access your cluster with kubectl:

  1. Access KAM.
  2. Enter your Identity Provider credentials.
  3. Select the group to use when getting credentials.
  4. Save the kubeconfig file locally.
  5. If you are using EKS, add the AWS credentials.
  6. Configure kubectl to use your newly created kubeconfig file.

See the list of Rackspace KaaS dashboards at Access the Rackspace KaaS dashboards.

To use KAM to get your credentials and configure a kubeconfig file, see Access KAM and Authentication.

Configure application metrics monitoring#

Rackspace KaaS provides an easy to use and configure Prometheus cloud monitoring solution that visualizes alerts and metrics through Grafana dashboards. You can configure Prometheus to collect metrics from your Kubernetes applications through a Kubernetes Custom Resource Definition (CRD) called a ServiceMonitor. You can define the ServiceMonitor in a simple yaml file and apply this file to your configuration by using kubectl. Then, configure a Grafana alert notification channel of choice as described in the Grafana documentation. Rackspace KaaS supports the following Grafana notifications types:

  • Slack
  • PagerDuty
  • Webhook

To configure application metrics monitoring, complete the following steps:

  1. Create a yaml configuration file similar to the following example:

    apiVersion: monitoring.coreos.com/v1alpha1
    kind: ServiceMonitor
    metadata:
      name: your-application
      namespace: rackspace-monitoring
      labels:
      monitor: rackspace-prometheus # This label enables the
      managed prometheus resource can detect the service.
    spec:
      selector:
        matchLabels:
          some-label: <that-will-match-your-application-service>
      namespaceSelector:
        matchNames:
        - the-namespace-where-your-application-lives # needs to be the namespace
          the app got deployed to
      endpoints:
      - port: the-name-of-the-port-that-exposes-your-metrics-endpoint
    
  2. Save the file as service-monitor.yaml.

  3. Apply the following configuration:

    $ kubectl apply -f service-monitor.yaml
    
  4. Configure Grafana alert notifications for your application as described in the Grafana documentation.

For more information about using Prometheus and Grafana with Rackspace KaaS, see Monitoring.

Access the Rackspace KaaS dashboards#

Rackspace KaaS enables you to access the managed services user interface by using your web browser. KAM provides authentication for all of the dashboards. For more informations, see Integrated Authentication.

To access the dashboards, you need the following information:

  • Your Kubernetes cluster name
  • Your Kubernetes cluster domain name
  • Your Identity Provider username or email and password

For example, if your cluster name is test and the domain name is mk8s.systems, the URL to access the Kubernetes UI would be https://kam.test.mk8s.systems.

The following table lists the customer-facing dashboards.

Managed service URL
KAM https://kam.<cluster-name>.<domain-name>/graph
Prometheus Monitoring https://prometheus.<cluster-name>.<domain-name>/graph
Grafana Dashboard https://grafana.<cluster-name>.<domain-name>
Logging https://kibana.<cluster-name>.<domain-name>
Private registry https://registry.<cluster-name>.<domain-name>

Access deployment URLs#

During the deployment and lifecycle management of a Kubernetes cluster, Rackspace KaaS might need to access specific websites to acquire software artifacts.

The following table lists the URLs that Kubernetes nodes and virtual machines must be able to access:

List of URLs for deployment#
URL Port Protocol Description
*.cloudfront.net 443 TCP Amazon CloudFront® data
console.cloud.google.com 443 TCP Google Cloud Platform
coreos.com 443 TCP CoreOS data
docker.io 443 TCP Docker software
docker.elastic.co 443 TCP Elasticsearch Docker registry
docker-auth.elastic.co 443 TCP Elasticsearch Docker registry authentication
git.alpinelinux.com 443 TCP Alpine Linux Security database
github.com 443 TCP Alpine Linux Security database
gcr.io 443 TCP Google container registry
hub.docker.com 443 TCP Docker Hub registry
k8s.gcr.io 443 TCP Kubernetes Google Cloud registry
launchpad.net/ubuntu-cve-tracker 443 TCP Ubuntu operating system data
linux.oracle.com 443 TCP Oracle® Linux security feed
monitoring.api.rackspacecloud.com 443 TCP Rackspace monitoring API
public.update.core-os.net 443 TCP CoreOS updates
quay.io 443 TCP Quay.io registry
quay-registry.s3.amazonaws.com 443 TCP Quay.io registry
www.redhat.com 443 TCP Red Hat Enterprise Linux security feed
http://registry-1.docker.io/ 443 TCP Docker registry data
replicate.npmjs.com 443 TCP NPM Registry package data
salsa.debian.org 443 TCP Debian security feed
s3-us-west-2.amazonaws.com 443 TCP Ruby gems data feed (stored in Amazon S3)
security-tracker.debian.org 443 TCP Debian security feed
stable.packages.cloudmonitoring.rackspace.com 443 TCP Rackspace cloud monitoring packages
static.nvd.nist.gov 443 TCP NVD database
storage.googleapis.com 443 TCP Google Cloud Storage API data
update.release.core-os.net 443 TCP CoreOS updates

See also

For more information, see the following documents: