All Products
Search

This Product

    Alibaba Cloud DevOps:Manage Kubernetes clusters

    Document Center

    Alibaba Cloud DevOps:Manage Kubernetes clusters

    Last Updated:Apr 10, 2025

    This topic describes how to establish a connection between Flow and Kubernetes services to manage Kubernetes clusters.

    Connect to a Kubernetes cluster

    You can use Kubernetes cloud service authorization and certificate files to enable Flow to release applications to Kubernetes clusters. Flow provides the following connection method:

    Connect to a custom Kubernetes cluster

    1. Obtain the config file of the cluster

      Manually generate the config certificate

      To perform fine-grained access control on the client, you can manually generate the config file by using the following method:

      curl -k https://<YOUR_API_SERVER_PUBLIC_IP>:6443

      Create the ~/.kube/config file and modify the file content.

      apiVersion: v1
clusters:
- cluster:
    # needed if you get error "Unable to connect to the server: x509: certificate signed by unknown authority"
    insecure-skip-tls-verify: true
    server: https://YOUR_API_SERVER_PUBLIC_IP:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: LS0tLS1CRUdJTi... (base64 /etc/kubernetes/ssl/node-node1.pem)
    client-key-data: LS0tLS1CRUdJTiBS.. (base64 /etc/kubernetes/ssl/node-node1-key.pem)

      client-certificate-data is obtained from the output of the following command:

      cat /etc/kubernetes/ssl/node-node1.pem | base64 -w 0

      client-key-data is obtained from the output of the following command:

      cat /etc/kubernetes/ssl/node-node1-key.pem | base64 -w 0

      Verify the certificate.

      $ kubectl get nodes
NAME      STATUS    AGE       VERSION
my-kube   Ready     2h        v1.6.7+coreos.0
      Obtain the config file from the ACK console

      If you use ACK, you can directly log on to the ACK console, and click Clusters from the left-side navigation pane. On the Clusters page, find the cluster to be associated, and click Details in the Actions column. On the Connection Information tab of the cluster details page, you can obtain the required config file.

      Important

      To use the config certificate, you must make sure that the API server of the cluster exposes the public endpoint.

      imageimage

    2. Create a Kubernetes cluster

      Select Custom Cluster for Cluster Type, enter a cluster name, add a cluster config file, and then click Save. You can use the config file for subsequent release jobs to release applications to the remote cluster.高的 (50)

    3. Manage permissions of the Kubernetes cluster

      Click Modify in the Operation column of the cluster and manage member permissions.高的 (52)

    Use a Kubernetes cluster

    In the Edit panel of the pipeline, click the Kubernetes Deploy job. In Build Steps, expand Kubectl Apply, and then select the created Kubernetes cluster from the Cluster Connection drop-down list. When a pipeline runs, applications are automatically released to the desired Kubernetes cluster. For more information, see Use Kubernetes kubectl to release applications.

    image