This topic describes how developers use a9s Kubernetes.
Use a9s Kubernetes with kubectl
To use a9s Kubernetes with kubectl, create a service instance and a Service Key. For more information on managing service instances, see Managing Service Instances with the cf CLI.
View the a9s Kubernetes Service
After the service is installed, you can see the
a9s-kubernetes and its service plans appear in your CF marketplace. Run
cf marketplace to see the service listing:
$ cf marketplace
Getting services from marketplace in org test / space test as admin...
service plans description
a9s-kubernetes kubernetes-single-small This is a service creating and managing dedicated Kubernetes service instances and clusters, powered by the anynines Service Framework.
Create a Service Instance
To provision a Kubernetes service, run
cf create-service. For example:
cf create-service a9s-kubernetes kubernetes-single-small my-kubernetes-service
Depending on your infrastructure and service broker utilization, it may take several minutes to create the service instance.
cf services command to view the creation status. This command displays a list of all your service instances. To view the status of a specific service instance, run
cf service NAME-OF-YOUR-SERVICE.
Create a Service Key
After your Kubernetes service is created, run
cf create-service-key NAME-OF-YOUR-SERVICE NAME-OF-SERVICE-KEY in order to create a Service Key for you Kubernetes Service:
cf create-service-key my-kubernetes-service my-service-key
Obtain Service Instance Access Credentials
After a Service Key is created, the credentials of your Kubernetes service can be displayed by running
cf service-key NAME-OF-YOUR-SERVICE NAME-OF-SERVICE-KEY:
$ cf service-key my-kubernetes-service my-service-key
Getting key my-service-key for service instance my-kubernetes-service as admin...
You need the
token and either
certificate-authority-data values to connect to our Kubernetes Service with kubectl.
certificate-authority is the CA file in PEM format, which can be saved in a file and used in the kubeconfig file with
certificate-authority-data is the
certificate-authority Base64 encoded and can be used in the kubeconfig file with
Connect to Kubernetes with kubectl
Important: For ease of use the Kuberentes plan now provides developers with a kubectl config file within the service key. To use simply save the string in kube config path as described below.
The kubeconfig string contains unescaped '
\n'. To easily remove them, just use:
echo "paste here the copied kubeconfig" > new_kubeconfig.yaml
It is also possible to create the config file by hand according to the template underneath. All necessary values (
EXAMPLE_... in the template) are contained in the service key.
#Either use `certificate-authority-data` OR `certificate-authority`
- name: "EXAMPLE_USERNAME"
Use the following command to connect to your Kubernetes Cluster by using the previously created config file:
kubectl --kubeconfig=/path/to/kube.conf get all
Currently TLS Verify needs to be disabled, since the certificate could not be delivered to the customer.
Use Image from Harbor
If you want to make a deployment based on an Image from an a9s Harbor service perform the following steps:
1 . Create a secret to grant access to the Harbor service by invoking:
kubectl create secret docker-registry registry-cred \
--docker-server=<HARBOR URI> \
--docker-username=<HARBOR USER> \
--docker-password=<HARBOR PASSWORD> \
- Create a manifest file based on the following example:
- name: private-reg-container
- name: registry-cred
- Trigger deployment with
kubectl create -f <MANIFEST FILE>
Access Cluster using the Dashboard
The Kubernetes plan can be used with the Kubernetes Web UI (Dashboard)
The dashboard can be accessed via the
dashboard_url provided inside the service
Delete an a9s Kubernetes Service Instance
Before you can delete a service instance, you must delete all existing Service Key associated to that service instance.
List Service Keys for Service Instance
cf service-keys NAME-OF-YOUR-SERVICE to list all Service Keys for the respective service.
$ cf service-keys my-kubernetes-service
Getting keys for service instance my-kubernetes-service as admin...
Delete Service Keys for Service Instance
cf delete-service-key to delete the service key.
cf delete-service-key my-kubernetes-service my-service-key
Delete a Service Instance
After deleting all Service Keys, you can run
cf delete-service to delete the service:
cf delete-service my-kubernetes-service
It may take several minutes to delete the service. Deleting a service deprovisions the corresponding infrastructure resources.
cf services command to view the deletion status.
Upgrade the Service Instance to another Service Plan
Once created, you can upgrade your service instance to another, larger service plan. A larger service plan provides more CPU, RAM and storage. For more information, see the Update a Service Instance of the Managing Service Instances with the cf CLI topic.
cf update-service my-kubernetes-service -p a-bigger-plan
Cloud Foundry Application Security Groups
This topic describes how to check whether a security group was created.
Each a9s Data Service will automatically create and update Cloud Foundry security groups in order to protected service instances to be accessed by applications not running in the same Cloud Foundry applications space. To get a better understanding about Security Groups you can have a look on the Understanding Application Security Groups topic.
Get Service Instance GUID
cf service INSTANCE_NAME --guid to get the guid of the service instance.
$ cf service my-kubernetes --guid
Check available Security Groups
To see all available security groups use
$ cf security-groups
Getting security groups as firstname.lastname@example.org
Name Organization Space
#3 guard_432fb752-876d-443b-a311-a075f4df2237 demonstrations demo
#4 guard_ca16f111-5073-40b7-973a-156c75dd3028 demonstrations demo
There you can see a security group named
was successfully created.
NOTE: in some circumstances the connection between the application and the service instance is not possible, in this case check if a security group was created.
Setup Disk Usage Alerts
Each service comes with the a9s Parachute. This component monitors ephemeral and persistent disk usage. See the a9s Parachute documentation how to configure the component.