Kubernetes Integration: Deploy Ratl Load Injectors On-Premises

Integrate Ratl with your Kubernetes cluster to deploy load injectors directly within your infrastructure. Leverage this setup to reduce resource costs while maintaining full control over your testing environment.

Guide 1: Setting up Ratl Load Injectors Using User-Provided Kubeconfig

This documentation provides a step-by-step guide for setting up Ratl on-premise load injectors using a user-provided kubeconfig file. The guide details how to configure the kubeconfig for GCP, AWS, and Azure, including generating the required access tokens.

Using a User-Provided Kubeconfig

1. Prerequisites

• The user must provide a kubeconfig file for their cluster.

• The kubeconfig must be updated with an access token, replacing the exec section for GCP, AWS, and Azure.

2. Example Kubeconfig Structure

Below is an example of a kubeconfig structure. Ensure this format is maintained when updating the file.

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQVRF...
    server: https://<CLUSTER_ENDPOINT>
  name: <CLUSTER_NAME>
contexts:
- context:
    cluster: <CLUSTER_NAME>
    user: <USER_NAME>
  name: <CONTEXT_NAME>
current-context: <CONTEXT_NAME>
kind: Config
preferences: {}
users:
- name: <USER_NAME>
  user:
    token: <ACCESS_TOKEN>

3. Generating Access Tokens

For GCP

1. Install and configure the Google Cloud SDK.

2. Use the following command to generate an access token:

   Copy

   gcloud auth print-access-token

3. Replace the exec section in the kubeconfig file with the token:

   Copy

   users:
   - name: <USER_NAME>
     user:
       token: <ACCESS_TOKEN>

For AWS

1. Install the AWS CLI and configure it with your credentials.

2. Use the following command to generate a token:

   Copy

   aws eks get-token --cluster-name <CLUSTER_NAME>

3. Extract the token field from the output JSON and replace it in the kubeconfig:

   Copy

   users:
   - name: <USER_NAME>
     user:
       token: <ACCESS_TOKEN>

For Azure

1. Install the Azure CLI and sign in to your Azure account.

2. Use the following command to generate an access token:

   Copy

   az account get-access-token --resource https://management.azure.com/

3. Extract the accessToken field from the output JSON and replace it in the kubeconfig:

   Copy

   users:
   - name: <USER_NAME>
     user:
       token: <ACCESS_TOKEN>

4. Updating the Kubeconfig

After generating the token, update the kubeconfig file:

1. Remove or comment out the exec section (if present).

2. Replace it with the generated token under the users section:

   Copy

   users:
   - name: <USER_NAME>
     user:
       token: <ACCESS_TOKEN>

5. Verifying the Setup

1. Save the updated kubeconfig file.

2. Test access to the cluster:

   Copy

   kubectl --kubeconfig=<UPDATED_KUBECONFIG_PATH> get pods

3. If successful, you will see a list of pods in the cluster.

Notes

• Ensure that the namespace in the kubeconfig matches the cluster’s namespace.

• Tokens typically expire after a certain duration. Regenerate the token as needed.

• Use kubectl describe for debugging any issues.

Guide 2: Setting up Ratl Load Injectors Using YAML Configurations

This documentation offers a detailed, step-by-step guide for setting up Ratl on-premise load injectors. It walks you through the complete process of configuring your Kubernetes cluster efficiently.

Prerequisites

1. Ensure you have kubectl installed and configured with access to the cluster.

2. A Kubernetes cluster is already running and accessible.

YAML Configurations

1. ServiceAccount Definition

Save the following configuration as ratl-load-sa.yaml:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: ratl-load-injectors-sa
  namespace: default
  annotations:
    kubernetes.io/service-account.name: "ratl-load-injectors-sa"

2. ServiceAccount Token

Save the following configuration as ratl-load-sa-token.yaml:

apiVersion: v1
kind: Secret
metadata:
  name: ratl-load-injectors-sa-token
  annotations:
    kubernetes.io/service-account.name: "ratl-load-injectors-sa"
  namespace: default
type: kubernetes.io/service-account-token

3. Role Definition

Save the following configuration as ratl-load-role.yaml:

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: default
  name: ratl-load-role
rules:
  - apiGroups: [""]
    resources: ["configmaps"]
    verbs: ["create", "delete", "get", "list"]
  - apiGroups: [""]
    resources: ["pods"]
    verbs: ["create", "delete", "get", "list"]
  - apiGroups: [""]
    resources: ["pods/log"]
    verbs: ["create", "delete", "get", "list"]
  - apiGroups: [""]
    resources: ["services"]
    verbs: ["create", "delete", "get", "list"]
  - apiGroups: ["batch"]
    resources: ["jobs"]
    verbs: ["create", "delete", "get", "list"]

4. RoleBinding Definition

Save the following configuration as ratl-load-role-binding.yaml:

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: ratl-load-role-binding
  namespace: default
subjects:
  - kind: ServiceAccount
    name: ratl-load-injectors-sa
    namespace: default
roleRef:
  kind: Role
  name: ratl-load-role
  apiGroup: rbac.authorization.k8s.io

Deploy YAML Files

Run the following commands to deploy the YAML files to your Kubernetes cluster:

kubectl apply -f ratl-load-sa.yaml
kubectl apply -f ratl-load-sa-token.yaml
kubectl apply -f ratl-load-role.yaml
kubectl apply -f ratl-load-role-binding.yaml

Generating the kubeconfig File

Run the following commands to generate a kubeconfig.yaml file for accessing the Ratl load injectors:

TOKEN_NAME=$(kubectl get secret -n default -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='ratl-load-injectors-sa')].metadata.name}")
TOKEN=$(kubectl get secret $TOKEN_NAME -n default -o jsonpath='{.data.token}' | base64 --decode)
SERVER=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}')
CA_DATA=$(kubectl get secret $TOKEN_NAME -n default -o jsonpath='{.data.ca\.crt}')
ENCODED_CA_CERT=$(echo "$CA_DATA" | base64 | tr -d '\n')

cat <<EOF > kubeconfig.yaml
apiVersion: v1
kind: Config
clusters:
- name: ratl-load-injectors-cluster
  cluster:
    certificate-authority-data: $CA_DATA
    server: $SERVER
contexts:
- name: ratl-load-injectors-context
  context:
    cluster: ratl-load-injectors-cluster
    user: ratl-load-injectors-sa
current-context: ratl-load-injectors-context
users:
- name: ratl-load-injectors-sa
  user:
    token: $TOKEN
EOF

Test the kubeconfig

To verify the setup, use the following command:

kubectl --kubeconfig=kubeconfig.yaml get pods

If the setup is successful, you should see a list of pods in your default namespace.

Notes

• Ensure that the namespace used in the YAML files matches your cluster’s namespace.

• Use kubectl describe to debug any issues during deployment.