Overview
The Bring Your Own Kubernetes (BYOK) offering allows you to take a Kubernetes cluster and plug it into the Control Plane Cloud Platform. It works by installing a few additional components into the cluster and then it registers as a new Location in the API for your Org(s). Any Workloads that are configured for that Location will be managed by Control Plane and roll out onto your cluster. You get all the benefits of Control Plane with the added flexibility and security of running in your own cloud account or data center.
Requirements
- Label at least one nodegroup in the cluster with
cpln.io/nodeType=core
. This label deploys critical system pods and workloads managed by the Control Plane Platform. - Minimum 2 CPUs per node (4 CPUs or more recommended)
- Minimum 8 GB of RAM per node (16 GB or more recommended)
- Minimum 2 nodes per cluster (3 or more recommended)
- Node processor architecture: x86
- Supports the three most recent minor releases of Kubernetes for installation. For information on Kubernetes releases, click here.
- Full network connectivity between all nodes in the cluster (either public or private network)
- Enable egress access for all nodes (contact customer support for alternatives if this is not feasible)
- Exclude service-mesh from your cluster. Control Plane provides an out-of-the-box Istio-based service-mesh
Setup Procedure
Step 1 - Create BYOK Location Using the UI Console
-
Create a new location by either:
- Clicking
Locations
in the left menu and then clickingNew
, or - Clicking the
Create
dropdown in the upper right corner and selectingLocation
.
- Clicking
-
Enter a unique name. Click
Next (Tags)
. -
Enter any optional tags. Click
Create
.
You have now created a new location. To use it, install this location on at least one Kubernetes cluster as described in the next step.
Step 2 - Install Location on a Kubernetes Cluster
- Generate the install command:
- Click
Actions
in the upper right corner of the created location page and chooseInstall
.
- Click
-
Copy the generated kubectl command. You will need to apply the command within about 5 and a half minutes, as the manifests contain sensitive tokens.
-
Connect to your Kubernetes cluster that you wish to integrate as a location in Control Plane and apply the kubectl command generated in the previous step.
-
Follow the
cpln-byok-agent
deployment in thekube-system
namespace. Use the following command to fetch its status:kubectl get pod -l app=cpln-byok-agent -n kube-system
The
cpln-byok-agent
will create and maintain the necessary deployments for your location to function. Allow a few minutes for all necessary components to finish deploying.
Ensure at least one of the node groups is labeled with cpln.io/nodeType=core
, as it is required to deploy essential components.
You can now add the BYOK location to a GVC in your Org.
Repeat Step 2 - Install Location on a Kubernetes Cluster if you need to add more clusters to the same location, or start from Step 1 - Create BYOK Location Using the UI Console to add another location.
Uninstall Procedure
- Generate the uninstall command:
- Click
Actions
in the upper right corner of the location you want to remove and chooseUninstall
.
- Click
-
Copy the generated
kubectl
command. You will need to apply the command within about 5 and a half minutes, as the manifests contain sensitive tokens. -
Connect to your Kubernetes cluster that you wish to remove from the location in Control Plane and apply the
kubectl
command generated in the previous step. -
The job
cpln-agent-uninstall
will be created in thekube-system
namespace. It will clean up all BYOK components from the cluster.
Cloud Provider Recommendations
GKE
- Private Cluster: Enabled
- Default SNAT: Enabled
- Stack type: IPv4
- VPC-native traffic routing: Enabled
- Intranode visibility: Disabled
- HTTP Load Balancing: Enabled
- Calico Network Policy: Enabled
- DNS provider: Kube-DNS
- Shielded GKE Nodes: Enabled
- Application -layer secrets encryption: Enabled
- Compute Engine persistent disk CSI Driver: Enabled
- Service Mesh: Disabled
After the GKE cluster is created you must provide the IP Address of the kube-dns service in the kube-system namespace to support.
kubectl get svc -n kube-system kube-dns
Once the Control Plane configuration has been applied to the cluster, scale down the kube-dns deployments.
kubectl scale --replicas=0 deployment/kube-dns-autoscaler --namespace=kube-system
kubectl scale --replicas=0 deployment/kube-dns --namespace=kube-system
EKS
- Enabled Add-ons:
- Amazon VPC CNI
- kube-proxy
- CoreDNS
- Amazon EBS CSI Driver
Settings
When using a BYOK Location with Control Plane there are additional settings available to control the behavior of that location.
- Agent Configuration: Agent settings are used during the installation and upgrade of all BYOK components.
- Actuator Settings: Actuator settings are used to control ingress and other changes to the way workloads are created in Kubernetes.
- Workload Settings: Additional workload settings when using a BYOK Location.
- Volume Set Settings: Additional volume set settings when using a BYOK Location.