search

castai / kvisor

Real time Kubernetes issues and vulnerabilities scanning
Apache License 2.0
24 stars 2 forks source link

Custom ClusterID #170

Open aprohorov-callsign opened 1 year ago

aprohorov-callsign commented 1 year ago

Hey team! I was perplexed with Cluster ID parameter. How can I get it with Helm? I have CastAI-Agent helm installed and it registers my EKS cluster and generates Cluster ID. If I tried to pass STATIC_CLUSTER_ID parameter to the Agent it failed with the "cluster not found" error.

What is the right way to install Agent and Kvisor without manually copy-pasting Cluster ID from UI?

anjmao commented 1 year ago

Hi @aprohorov-callsign

Few questions:

  1. Do I understand correctly that you are generating STATIC_CLUSTER_ID yourself? We do not support passing your own clusterID if it doesn't exist.
  2. Are you interested only in security or autoscaling and security?

Few options:

  1. Use terraform to automate both agent and kvisor install. https://docs.cast.ai/docs/terraform-provider
  2. Install agent without passing clusterID. Once it's installed fetch cluster from public api using curl and get clusterID with jq. https://api.cast.ai/v1/spec/#/ExternalClusterAPI/ExternalClusterAPIListClusters
aprohorov-callsign commented 1 year ago

Hey @anjmao, thanks for reply!

Sure, let me clarify my needs.

As for now, we have installed CastAI agents in all our EKS clusters (like 30 in total and it's pretty frequently creating/destroying) and I need to add kvisor to extend functionality. CastAI agents were installed perfectly via flux I'm very happy with that. But to deploy kvisor I have to retrieve somehow cluster_id.

I saw Terraform provider, but managing dynamic Kubernetes resources by Terraform against GitOps principals and our company policy.

So I thought I could generate a cluster ID and use it for all CastAI deployments, but the CastAI agent doesn't register a cluster if cluster_id was provided.

anjmao commented 12 months ago

Hi @aprohorov-callsign

STATIC_CLUSTER_ID should valid be uuid. You can try to install k8s agent with STATIC_CLUSTER_ID by setting id of kube-system namespace uuid.

Our public https://api.cast.ai/v1/spec/#/ExternalClusterAPI/ExternalClusterAPIRegisterCluster allows to create cluster with custom uuid.

If that works you should be able to provide the same cluster id to kvisor.

aprohorov-callsign commented 8 months ago

Hi @anjmao

I've tried STATIC_CLUSTER_ID and it doesn't work. Because STATIC_CLUSTER_ID means the cluster with that ID is already registered on the CastAI side.

I need a feature to provide STATIC_CLUSTER_ID that will be used to register a new cluster on the CastAI side if it doesn't exist.

OR

The CastAI-Agent should somehow publish the CLUSTER_ID after it's registered