The top top-level deployment organization abstraction in Cloud Manager is a Space, which maps directly to a Kubernetes namespace. Each Space/Namespace, defines an isolated naming space and administrative area for deployments and configuration resources running in the same Cluster.
Cloud Manager support management of many Clusters, with each Cluster supports multiple/many Spaces/Namespaces. Conversely, each Space/Namespace has a corresponding Cluster defined at creation time, and which is immutable — can not be changed after creation.
Spaces like Namespaces in K8s, need to have a unique name per Cluster. Spaces can also have a display name, which does not have thid uniqueness requirement. As per K8s riles, names must be made of alphanumeric characters, start with alphabetic character, and separator chars like ‘-’, and may not container any other characters including the spaces. The display name does not have any strict character requirements, and can contain spaces.
So if you are using a pre-available Cluster in the public EInnovator Cloud installation you need to make sure you select a free name. The Cloud Manager UI proposes some free name suggestions, and provides feedback if the selected namespace is already in use. For Clusters that you or your organization own, you have naturally more freedom.
The Space list display all Spaces a user has at least read access to. This includes Space created and owned by the user, spaces created by the user but owned by groups a user owners, and spaces shared by other users.
The Space creation page/wizard in Cloud Manager is used to create a Space.
From the Cloud Manager dashboard, go to the Space List and press Add New to go Space creation page. (Dashboard > Spaces > Create New Space
)
The following field need to be specified when creating a space:
The administrator of Cloud Manager will setup one or more Clusters from which non-administrator users can select when creating a Space.
In EInnovator public Cloud several Clusters are made pre-available in different regions (e.g EU-Central, US-Central, etc.).
A unique name for the Space/Namespace is automatically suggested when/if the display is entered and checked for uniqueness.
Image below shows a snapshots of the UI for the Space creation page.
Most resource in Kubernetes live in a Space/Namespace. The Cloud Manager Space details* page allows to list of the core resources supported by Kubernetes that live inside a Space/Namespace including:
Image below shows a snapshot of the UI for the Space details page.
Cloud Manager allows to easy access and share a space using the K8s command line tool kubectl
. This is done by generating a certificate and downloading a configuration file to access the cluster. The permission of the space are also set appropriate so acceess is allowed from outside the Cloud Manager UI.
A button on the right side Download Config+Certificate
is used for this purpose.
A modal dialog shows the content of the configuration file and button download
allow to download the configuration file.
Image below shows a snapshots of the UI for the certification+configuration modal.
Once downloaded the files should by put the in default configuration directory for kubectl
($HOME.kube), with name config
.
Cloud Manager provides a simplified access-control model for Spaces and K8s namespaces. A small set of high-level roles are defined for each Space, and users and groups can be assigned to this roles. This roles control the visibility and what operations users can do with each Space. The roles are:
When a user is assigned a role (authority) in a Space it will be able to see it in its list of Spaces. It also receives a notification (if the user did not disable notifications for this type of event).
Collaborators are manage in tab Settings > Collaborators
.
Image below shows a snapshots of the UI for managing collaborators.
Role assignments in Cloud Manager are mapped to Roles and Role Bindings in the underlying K8s namespace, by pre-selecting a fixed set of verbs and resources for each role. Table below summarizes the role definitions for the roles definied by Cloud Manager:
Role | Verb | Resource |
---|---|---|
Developer | get, list, watch, create, update, patch, delete | pods, pods/log, services, configmap, secrets, pods/portforward, deployments, jobs |
Manager | get, list, watch, create, update, patch, delete | pods, pods/log, services, configmap, secrets, pods/portforward, deployments, jobs |
Auditor | get, list,watch | pods, pods/log, services, configmap, secrets, pods/portforward, deployments, jobs |
Images below shows a snapshots with the Kubernetes role definitions automatically setup by Cloud Manager for roles Developer, Manager, Autidor:
Cloud Manager integrates with EInnovato Social Hub to support comments/discussion on Spaces, and allow devops teams to collaborate more effectivelly. A button on the right side panel can be used to enable comments on a channel. Once channels are enables, user which have permissions on a Space can post and read comments.
Image below shows a snapshots of the UI with comments after the comments channel has been enabled.
Comments and Discussion