Onboarding a Cluster - Easy Method

Deploy and manage cert-orchestrator on multiple Kubernetes clusters using a common deployment configuration.

The common deployment template enables the DevOps team to generate a generic command that can be executed at multiple clusters where these commands just need Cluster Name and Vendor name to be changed accordingly while executed in the respective clusters.

A credential will be generated with a default user group associated to the OOB role and resource which is downloadable as a YAML and the object type is a Kubernetes secret. The credential can be changed by editing the cluster once it's successfully managed in the inventory.

Additionally, the common deployment configuration enables default services, including discovery of certificates and provisioning of certificates from the Kubernetes cluster. Administrator can modify the services after managing the cluster in the cluster inventory.

If the on-boarding policy is enabled, new clusters will be onboarded with automated policy and PKI configuration. To configure on-boarding policy, follow the Configuring Policy Settings steps.

To obtain the common deployment template for Kubernetes cluster:

  1. Go to menu > KUBE+ > INVENTORY > Cluster Inventory.
  2. Click Connect Cluster on the menu bar.
  3. On the Onboard Cluster popup window, select Get Started under Generic Onboarding.
  4. Select Get Started under Easy Onboarding.
  5. On the Cluster Easy Onboard page, enter values in the form fields to generate the deployment/installation command. Details on the mapping of each field are provided in the table below:
    Table 1. Generating Helm Command - Fields and Description Table
    Field Description
    Cluster Details
    Enter Cluster Name* Enter a unique cluster name in the format of FQDN. Example: my-cluster.net.
    Vendor* Select the K8s vendor where the cert orchestrator is deployed from the dropdown list. The options are:

    • EKS

    • AKS

    • GKE

    • OpenShift

    • Self-Managed

    *: Mandatory fields
  6. Click Generate Installation Command to get the Helm command in the Commands field.
    Note:
    • To see the commands in the full screen view, click the (Expand) icon.
    • To copy the command, click (Copy) icon.
  7. Click Download Credentials to download the credentials of your AppViewX environment. Once deployed in the cluster, this credentials enables connectivity between the Kubernetes cluster and AppViewX environment from the cert-orchestrator deployed in the Kubernetes cluster.
    Note:

    • The downloaded credential creates a default OAuth svc account in AppViewX named kube-svc-account with a client ID and client secret.

    • The kube-svc-account is linked to a default user group named kube-svc-usergroup, which, in turn, is associated with the OOB kube-cert-orchestrator role and super access resource.

    • The downloaded credential includes the connectivity URL, serving as the AppViewX login URL.

    • After successful onboarding and managing the cluster in the cluster inventory, the user or admin with access to the inventory can edit the cluster.