Definition and Scope¶
Scalr provides a built-in integration with Kubernetes to manage existing clusters and give a view into the overall health, capacity and workloads on the cluster. Currently, Scalr supports:
- GKE Kubernetes
- Amazon EKS
- Native Kubernetes
The following Kubernetes offerings will be supported soon:
- Azure AKS
The integration of GKE Permissions clusters requires a few permissions to be granted for the service account that is used to add Kubernetes clusters in Scalr:
- roles/container.viewer role permission (could also be visible as Kubernetes Engine Clusters Viewer)
- roles/compute.viewer role permissions to view list of instances where the Kubernetes cluster is running
- container.clusters.getCredentials (to obtain cluster credentials)
Here is more info on permissions to call Google GKE
These are the permissions needed for upgrading the master node:
- container.clusters.update on the requested cluster
- container.operations.get on the requested operations (included by roles/container.viewer)
- container.operations.list on the requested Cloud project (included by roles/container.viewer)
In order to use the kube-config file downloaded from Kubernetes page you need gcloud to be installed in your system.
gcloud to use your service account. If you have access to the service-account file you can use
gcloud auth activate-service-account --key-file=<path_to_file>.
Then to connect to the cluster you can either export the config path as environment variable(
export KUBECONFIG=<path_to_config>) or specify it directly in kubectl command:
There are few things need to be done before you can add a EKS Cluster to your Scalr account:
- Your AWS cloud credential has to have EKS view permissions.
- The IAM entity of your AWS cloud credentials has to be added to cluster RBAC (EKS IAM Userguide) .
When an Amazon EKS cluster is created, the IAM entity (user or role) that creates the cluster is added to the Kubernetes RBAC authorization table as the administrator. Initially, only that IAM user can make calls to the Kubernetes API server using
In order to collect nodes CPU/MEM metrics
merics-server need to be deployed on the cluster.
In order to use the kube-config file downloaded from the Kubernetes page you need aws-iam-authenticator to be installed and added to
$PATH on your system. Make sure you are using correct credentials while calling
Self - Managed Kubernetes Clusters¶
Scalr supports the following authorization for native Kubernetes clusters:
cluster_ca_cert- basic authorization should be enabled in order for this method to work.
- x509 client certs:
Depending on the type of authorization kube-config will contain either username + pass or client x509 certs.
Adding a Cluster to Scalr¶
To discover a new cluster, click on New Cluster, select your cluster type and enter the details:
Once it is successfully added the cluster operation dashboard will appear:
From here you can look into cluster details, download the kubeconfig, upgrade the master, etc:
You can also drill down into each cluster and look at the pods within it:
By clicking on the Pod dashboard you will be able to see the details per Pod as well as manage them: