servala/servala-portal
3
0
Fork 0
Code Issues 23 Pull requests 1 Projects 1 Releases Packages 2 Activity Actions

Register and Manage Control Planes #12

New issue
Closed
opened 2025-03-18 07:26:13 +00:00 by tobru · 1 comment
tobru commented 2025-03-18 07:26:13 +00:00
Owner
Copy link

Stories

As a portal admin, I want to register and manage control planes so that they’re available for service deployment

As a portal admin, I want to configure system-level service account credentials so that the portal can interact with control planes

See Service Provider Control Planes for more details.

Implementation Notes

  • CRUD of the control planes can happen in the Django Admin interface
  • Connection to the Kubernetes API must happen via the Kubernetes Python API Client
  • When adding a new control plane, verify the connection to the Kubernetes API to make sure the connection works as expected
  • Store the credentials encrypted in the database (if possible without too much hassle)
## Stories _As a portal admin, I want to register and manage control planes so that they’re available for service deployment_ _As a portal admin, I want to configure system-level service account credentials so that the portal can interact with control planes_ See [Service Provider Control Planes](https://docs.servala.com/control-planes.html) for more details. ## Implementation Notes - CRUD of the control planes can happen in the Django Admin interface - Connection to the Kubernetes API must happen via the [Kubernetes Python API Client](https://github.com/kubernetes-client/python) - When adding a new control plane, verify the connection to the Kubernetes API to make sure the connection works as expected - Store the credentials encrypted in the database (if possible without too much hassle)
tobru added the
enhancement
 label 2025-03-18 07:26:13 +00:00
tobru added this to the Servala Portal project 2025-03-18 07:26:13 +00:00
tobru added this to the Servala Portal MVP milestone 2025-03-18 07:26:16 +00:00
tobru commented 2025-03-18 14:54:22 +00:00
Author
Owner
Copy link

Example Kubeconfig for the dev cluster:

apiVersion: v1
clusters:
  - cluster:
      certificate-authority-data: REDACTED
      server: https://vcluster.127.0.0.1.nip.io:8443
    name: vcluster_controlplane_vcluster_kind-kindev
contexts:
  - context:
      cluster: vcluster_controlplane_vcluster_kind-kindev
      namespace: syn-appcat
      user: appcat-service-cluster
    name: vcluster_controlplane_vcluster_kind-kindev
current-context: vcluster_controlplane_vcluster_kind-kindev
kind: Config
preferences: {}
users:
  - name: appcat-service-cluster
    user:
      token: REDACTED

Important parts to be available in the database to connect to the Kubernetes API:

  • certificate-authority-data
  • server
  • token

https://github.com/kubernetes-client/python/blob/master/examples/remote_cluster.py
-> aConfiguration.verify_ssl = True we want to verify the certificate!

Maybe we could also directly put the Kubeconfig YAML into the database and use

kubeconfig_dict = yaml.safe_load(kubeconfig_content)
client_config = client.Configuration()
config.load_kube_config_from_dict(
    config_dict=kubeconfig_dict,
    client_configuration=client_config
)
Example Kubeconfig for the dev cluster: ``` apiVersion: v1 clusters: - cluster: certificate-authority-data: REDACTED server: https://vcluster.127.0.0.1.nip.io:8443 name: vcluster_controlplane_vcluster_kind-kindev contexts: - context: cluster: vcluster_controlplane_vcluster_kind-kindev namespace: syn-appcat user: appcat-service-cluster name: vcluster_controlplane_vcluster_kind-kindev current-context: vcluster_controlplane_vcluster_kind-kindev kind: Config preferences: {} users: - name: appcat-service-cluster user: token: REDACTED ``` Important parts to be available in the database to connect to the Kubernetes API: - certificate-authority-data - server - token https://github.com/kubernetes-client/python/blob/master/examples/remote_cluster.py -> `aConfiguration.verify_ssl = True` we want to verify the certificate! Maybe we could also directly put the Kubeconfig YAML into the database and use ```Python kubeconfig_dict = yaml.safe_load(kubeconfig_content) client_config = client.Configuration() config.load_kube_config_from_dict( config_dict=kubeconfig_dict, client_configuration=client_config ) ```
rixx closed this issue 2025-03-24 15:11:44 +00:00
Sign in to join this conversation.
main
Branches Tags
Clear current reference
main
54-billing-entity-management
renovate/lock-file-maintenance
Clear current reference
2025.04.14-1
Labels
Clear labels   
dependencies

Dependencies Update

  
bug

Something is not working

  
change

Change an existing feature

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
wontfix

This won't be fixed

No labels
dependencies
bug
change
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No milestone
Servala Portal MVP
Projects
Clear projects
No items
No project
Servala Portal
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: servala/servala-portal#12
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?