Documentation forOrion Platform

Kubernetes requirements, installation script examples, and container removal steps

This Orion Platform topic applies only to the following products:

SAMVMAN

Kubernetes (K8s) is one of the environments supported by the Container Monitoring feature. Starting with SAM 6.9 and VMAN 8.4, you can also monitor Kubernetes services in Microsoft Azure.

To monitor Kubernetes containers in the Orion Platform, you'll need:

  • A Kubernetes platform with one of the following API versions enabled:

    • v1
    • rbac.authorization.k8s.io/v1beta1
    • rbac.authorization.k8s.io
    • apps/v1beta1
    • extensions/v1beta1
  • Ports:
    • 4043: Target port/Container port (internal K8s communication)
    • 10250: Listening port for Kubelet agent
    • 30043: Node port (internal K8s communication)
  • SSH access to the master server
  • Sudo privileges on the master server

You can also monitor containers hosted in the Azure Kubernetes Service (AKS). See Azure Kubernetes Service documentation for requirements.

Third-party links in this section are attributed to © 2020 Microsoft Corp., available at docs.microsoft.com, obtained on October 30, 2020.

Kubernetes installation script

When you add a container service, the Add Container Service wizard generates a script that you can copy to the Windows Clipboard. Connect to the master server via SSH, open a command line, and run the script, which looks something like this:

curl -o orion-kubernetes.yaml #endpoint#
sudo kubectl apply -f orion-kubernetes.yaml

The script downloads an orion-kubernetes.yaml file to define an orion namespace, and the deploys the Orion Aggregator and Orion Monitor containers to the namespace.

Set up Azure Kubernetes Service (AKS) container monitoring

Starting with SAM 6.9 and VMAN 8.4, you can monitor containers hosted in the Azure Kubernetes Service (AKS). This section offers an overview of setting up the AKS service; refer to AKS documentation for details. It also includes Orion Platform configuration tasks.

  1. If a VPN does not yet exist, create a point-to-site VPN connection from Azure to your local network, which involves setting up a Virtual Network (VNet), a VNet gateway subnet, VNet gateway, a VM, and a root certificate for the VPN client.

  2. Create the Kubernetes service in Azure. To set up permissions, see Security concepts for applications and clusters.

  3. On the Orion server:

    1. Connect to the Azure VPN.

    2. Install the Azure Command-Line IntefaceCLI.

    3. Log into Azure and connect to the Azure Kubernetes cluster. Click here for details.

      If you cannot locate the cluster, use the --subscription trigger in the get credentials command.

      You can use the Kubernetes web dashboard or Kubernetes resource view to monitor your configuration. If you encounter permission issues with the web dashboard, use the following command:

      kubectl create clusterrolebinding kubernetes-dashboard --clusterrole=cluster-admin --serviceaccount=kube-system:kubernetes-dashboard

  4. Follow steps in Add a container service to finish adding the service via the Add Container Service wizard.

Delete Kubernetes namespaces from nodes

For Docker, Docker Swarm, and Apache Mesos, you need to delete containers and container images from nodes before you deleting a container service in the Orion Web Console. For Kubernetes, delete namespaces from the node instead. With Kubernetes, namespaces are logical entities that represent cluster resources for usage of a set of users — in this case, the "user" is the Orion Platform.

  1. Connect to the node via SSH.
  2. Run the following command:

    sudo kubectl delete namespaces orion

  3. When the service status switches to Down on the Container Services page, delete the container service by selecting it, and then clicking Delete.