Turbonomic instance and credentials for Kubeturbo
Kubeturbo connects to Turbonomic to manage containerized workloads in your clusters. For seamless connection, be sure that Turbonomic is deployed with a valid trial or premium license, and is up and running.
Turbonomic instance information
One Kubeturbo agent can communicate with only one Turbonomic instance. If your environment has multiple instances, configure one Kubeturbo agent per Turbonomic instance. Multiple Kubeturbo agents can occupy the same namespace or separate namespaces.
Record the following information for your Turbonomic instance. You will need this information when you deploy Kubeturbo.
-
Turbonomic instance URL, such as
https://10.1.1.1
orhttps://myinstance.com
-
Turbonomic version
Deployment requires the Kubeturbo image tag version.
The image tag version should be in the format
x.x.x
. This version depends on, and should always match, your Turbonomic instance version. For example, if your Turbonomic instance version is 8.15.0, specify the same instance version as the image tag version.To get the version of your Turbonomic instance, open the Turbonomic user interface and click the Help icon in the navigation menu.
-
Turbonomic instance credentials (see the next section)
Turbonomic instance credentials
Kubeturbo can use the following credentials to connect to your Turbonomic instance.
Turbonomic instance | Kubeturbo deployment | Supported credentials |
---|---|---|
SaaS |
|
|
|
|
|
Non-SaaS (OVA, Red Hat OpenShift/AWS EKS cluster) |
|
|
Using secure tokens as credentials
If you use a SaaS instance of Turbonomic and manage targets through the secure client, use a secure token for the client.
To generate a secure token, open the Turbonomic SaaS user interface and navigate to Settings > Secure Client Management. For complete instructions, see the secure client deployment topics for OperatorHub and other deployments.
When you deploy Kubeturbo, you do not need to configure any credentials.
Using OAuth 2.0 as credentials
Use the Turbonomic API to create and manage OAuth 2.0 client credentials. These credentials are more secure than the local account credentials created from the Turbonomic user interface.
To create the OAuth 2.0 client credentials, perform the following steps:
-
Log in to your Turbonomic instance.
-
In your browser's address bar, change the URL to
https://{your_instance_address}/swagger/#/Authorization/createClient
.For example, change the URL to
https://my-instance.com/swagger/#/Authorization/createClient
. -
Click Try it out.
-
In the body section, replace the sample request with the following request. This request has all the required parameters for generating OAuth 2.0 credentials for Kubeturbo.
{ "clientName": "kubeturbo", "grantTypes": [ "client_credentials" ], "clientAuthenticationMethods": [ "client_secret_post" ], "scopes": [ "role:PROBE_ADMIN" ], "tokenSettings": { "accessToken": { "ttlSeconds": 600 } } }
-
Click Execute and then scroll to the Server response section. If the credentials were generated successfully, a response with a code of
200
displays. -
In the response, find and record the
clientID
andclientSecret
credentials. These credentials cannot be retrieved after you close the API so it is important that you record them.
The credentials that you created for Kubeturbo must be converted to Base64.
In Linux, you can run the following command to convert each credential to Base64.
echo {credential} | base64
If your credential fails to convert to Base64, it might have invalid or unsupported characters and must be changed before it can be converted to Base64 successfully.
Be sure to record the Base64 credentials for use in your Kubeturbo deployment.
Using local account username and password as credentials
Support for these credentials will be discontinued in a future release.
You can set up a local user account in the Turbonomic user interface. As part of setting up the account, you configure a username and password as credentials. When you deploy Kubeturbo, you can use a secret that stores the username and password, or specify the username and password in Base64.
Guidelines and instructions:
-
Before creating a user account
Review the following requirements before creating the user account that Kubeturbo will use to connect to your Turbonomic instance.
-
Kubeturbo requires a Turbonomic local user account with the site administrator or administrator role. This level of privilege allows Kubeturbo to automatically add itself as container platform target in the Turbonomic user interface. SSO user accounts are not supported.
-
If you manage Turbonomic user accounts through Active Directory (LDAP), the account can be a local or Active Directory user. For an Active Directory user, the format is
//
. -
If you use SSO or Multi-Factor Authentication (MFA), the user account must be a local user and not an SSO user.
-
-
Creating a user account
For general instructions on creating the required user account, see this topic. After you create the user account, record the plain text username and password.
-
Converting the plain text username and password to Base64
The credentials that you created for Kubeturbo must be converted to Base64.
In Linux, you can run the following command to convert each credential to Base64.
echo {credential} | base64
Note:If your credential fails to convert to Base64, it might have invalid or unsupported characters and must be changed before it can be converted to Base64 successfully.
Be sure to record the Base64 username and password. You will need this information when you deploy Kubeturbo.
-
User account credentials accepted in Kubeturbo
When you deploy Kubeturbo, you have the following options:
-
Use a secret that stores the username and password.
Turbonomic recommends using a secret because it is more secure.
The steps for configuring the secret vary by deployment method. Review the topic for a particular deployment method to see the relevant steps.
By default, Kubeturbo looks for and uses the credentials in a secret, if the secret exists. If a secret does not exist, Kubeturbo uses the plain text username and password.
-
Specify the username and password in plain text. This option is not recommended because it is not secure.
-