Cloud Automation Manager Kubernetes resource controller for Cloud Automation Manager templates

The Cloud Automation Manager Kubernetes custom resource definition and controller provides you with the ability to deploy, update (Plan/Apply), and delete Cloud Automation Manager templates instances using Kubernetes yaml resource files. The templates in Cloud Automation Manager are declarative Terraform templates that allow you to deploy infrastructure as code. With this capability, a single Kubernetes yaml can be created to deploy a composite application that consists of both Kubernetes deployable resources and traditional infrastructure resources, which are deployed with Terraform in Cloud Automation Manager. A typical containerized application is an example of a kubernetes deployable resource. Examples of traditional infrastructure resources are Virtual machines, storage, and so on.

About the task

The Cloud Automation Manager Kubernetes resource controller deploys the Cloud Automation Manager template and waits for SUCCESS status. If the deployment FAILS, then the controller continues to issue PLAN/APPLY requests until the APPLY request returns with SUCCESS status. If one or more of the template parameter values are changed, then the controller issues a PLAN/APPLY until the APPLY request returns with a status of SUCCESS.

Before you begin

A role binding must be defined for a user or group to have the authority to create/apply a templates.cloudautomationmgr.ibm.com resource or to deploy a template in Cloud Automation Manager.

The following is an example for the icp:camgroup:operator user group:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:  
   name: icp:camgroup:operator:template
roleRef:  
   apiGroup: rbac.authorization.k8s.io  
   kind: ClusterRole  
   name: cam-controller-manager-role
subjects:
- apiGroup: rbac.authorization.k8s.io  
   kind: Group  
   name: icp:camgroup:operator

Procedure

• Deploying a Cloud Automation Manager template
• Displaying the status of a Cloud Automation Manager template
• Deleting a deployed Cloud Automation Manager template

Deploying a Cloud Automation Manager template

1. Go to your Kubernetes environment that is same as Cloud Automation Manager.

2. Create your YAML file. The file allows the definition of the template deployment to be placed under the source control that allows changes to be tracked. An example Cloud Automation Manager Kubernetes resource controller yaml file:

    apiVersion: cloudautomationmgr.ibm.com/v1alpha1
    kind: Template
    metadata:
     name: template-ibmcloud-sample # The name of the resource. This name is used for the Cloud Automation Manager deployed instance name. Therefore, the kubernetes resource name and the Cloud Automation Manager deployed instance name match with each other. 
     namespace: "default"  # Specifies the Kubernetes and Cloud Automation Manager namespace to use for the deployment. 
    spec:
     connection: "IBMCloud"  # It specifies the name of the Cloud Automation Manager cloud connection to use.
     template:
       name: "Virtual Server with SSH key"  # The name of the Cloud Automation Manager template to deploy. 
       version: "2.3"  # The version of the Cloud Automation Manager template to deploy
       parameters:
         parameters:
           datacenter: "dal09"
           hostname: "lrhibmcloud1"
           domain: "raleigh.ibm.com"
   

   • parameters - It is the collection of name/value pairs that map to the Cloud Automation Manager Template Input Parameter Key and Value.

       parameters:
         datacenter: "dal09"
         hostname: "lrh1hostname"
     

     The following sharedParameters parameter is an optional parameter and is dependent on the Cloud Automation Manager template that is deployed:

   • sharedParameters - List of Cloud Automation Manager shared parameter data objects to use with the deployed template. For example:

       sharedParameters: 
       - name: DefaultNoBastionHostRequired
         dataType: bastionhost
     

     • secretParameters - (Optional) List of Cloud Automation Manager secret parameter data objects to use with the deployed template. For example:

       secretParameters: 
       name: vm_password_lrh 
       secretKeyRef: 
         name: vm-password-lrh-secret 
         key: password
       

       where

       name: name of template parameter

       secretKeyRef:

       ​ name: Name of the kubernetes secret

       ​ key: key is the name of the secret data defined in the secret

3. Run the following kubectl command to deploy a Cloud Automation Manager template:

   kubectl create -f <yaml file name>
   

   Note: A template that is deployed by using the kubernetes controller can be viewed in the deployed template instances page of Cloud Automation Manager user interface.

   After deployment, if you want to modify and do a plan/apply, run the following kubectl command:

   kubectl apply -f <yaml file name>
   

Displaying the status of a Cloud Automation Manager template

1. Verfiy the status of a deployed Cloud Automation Manager template by using either of the following commands:

   kubectl describe -f <yaml file name>
   

   or

   kubectl describe templates.cloudautomationmgr.ibm.com nodejs-ibmcloud-test1 -n default
   

   Example:

   Name:         nodejs-ibmcloud-test1
   Namespace:    default
   Labels:       controller-tools.k8s.io=1.0
   API Version:  cloudautomationmgr.ibm.com/v1alpha1
   Kind:         Template
   Metadata:
     Creation Timestamp:  2019-05-29T20:12:06Z
     Finalizers:
       template.cloudautomationmgr.ibm.com
     Generation:        2
     Resource Version:  7528303
     Self Link:         /apis/cloudautomationmgr.ibm.com/v1alpha1/namespaces/default/templates/nodejs-ibmcloud-test1
     UID:               08075b85-824e-11e9-b7be-00163e01cbab
   Spec:
     Connection:  IBMCloud
     Template:
       Name:  Virtual Server with SSH key
       Parameters:
         Parameters:
           Datacenter:      dal09
           Domain:          raleigh.ibm.com
           Hostname:        lrh1hostname
           Public Ssh Key:  ssh-rsa
       Version:             2.3
   Status:
     Action:  CREATE
     Conditions:
       Last Transition Time:  2019-05-29T20:15:41Z
       Reason:                SUCCESS
       Status:                True
       Type:                  CREATE
     Message:
     Outputs:
       Name:    vm_ip
       Type:    string
       Value:   "Public : 9.9.9.9"
     Stack ID:  5ceee797cdb119001c082077
     Status:    SUCCESS
   Events:
     Type    Reason              Age    From                     Message
     ----    ------              ----   ----                     -------
     Normal  CREATE:IN_PROGRESS  5m34s  cam-template-controller  CREATE status changed for default/nodejs-ibmcloud-test1
     Normal  CREATE:SUCCESS      2m1s   cam-template-controller  CREATE status changed for default/nodejs-ibmcloud-test1
   

   • The Status fields returned from the kubectl describe command:

     • Action - Last action performed, that is, CREATE, PLAN, APPLY.
     • Message - Last error message, blank if no error message.
     • Stack ID - Cloud Automation Manager stack ID of the deployment.
     • Status - Status of the last action performed.
     • Conditions
       • Last Transition Time - Last update time of the condition.
       • Reason - The status of the Cloud Automation Manager action.
       • Status - It is 'True' when the condition is valid.
       • Type - The type of the condition - the Cloud Automation Manager action (i.e. CREATE, PLAN, APPLY).
     • Outputs
       • Name - Name of the output parameter.
       • Type - The type of the parameter, that is, string, list, map.
       • Value - The value of the output parameter in json format.

   • The Event fields returned from the kubectl describe command are Type, Reason, Age, and From. Example:

      Type    Reason                Age   From                      Message
      ----    ------                ---   ----                      -------
      Normal  CREATE:IN_PROGRESS    15m   cam-template-controller   CREATE status changed for default/nodejs-ibmcloud-1
      Normal  CREATE:SUCCESS        69s   cam-template-controller   CREATE status changed for default/nodejs-ibmcloud-1
     

2. Optionally, you can also use Cloud Automation Manager Kubernetes controller startup parameters - controller parameter. They are defined in cam-controller-statefulset.yaml file. The args parameter are specified in the pod definition.

   The -syncPeriod is a controller parameter for the time duration between resource status checks. Value units are 's', 'm', 'h'." (Default is 2m).

   For example:

   • -syncPeriod=2h30m
   • -syncPeriod=300s
   • -syncPeriod=30m

Deleting a deployed Cloud Automation Manager template

If you no longer require the deployed instance of a template, run either of the following commands to delete it:

   kubectl delete -f <yaml file name>

or

   kubectl delete templates.cloudautomationmgr.ibm.com nodejs-ibmcloud-test1 -n default

Note: The command deletes the Cloud Automation Manager resources for the deployed instance and then the Cloud Automation Manager instance. After the Cloud Automation Manager instance is successfully deleted, the kubernetes resource that represents the Cloud Automation Manager instance is also deleted.