Kubernetes Engine

• 1: Overview
• 1.1: Monitoring Metrics
• 1.2: ServiceWatch Metrics
• 2: How-to guides
• 2.1: Managing Nodes
• 2.2: Managing Namespaces
• 2.3: Manage Workloads
• 2.4: Manage services and ingresses
• 2.5: Managing Storage
• 2.6: Configuration(Configuration) Management
• 2.7: Manage Permissions
• 3: Kubernetes Engine Usage Guide
• 3.1: Access Cluster
• 3.2: Authentication and Authorization
• 3.3: Using type LoadBalancer service
• 3.4: Usage Considerations
• 3.5: Version information
• 4: API Reference
• 5: CLI Reference
• 6: Release Note

1 - Overview

Service Overview

Kubernetes Engine is a service that provides lightweight virtual computing, containers, and a Kubernetes cluster to manage them. Users can leverage a Kubernetes environment without complex preparation by installing, operating, and maintaining the Kubernetes Control Plane.

Features

• Standard Kubernetes Environment Setup: You can use a standard Kubernetes environment without additional configuration through the built-in Kubernetes Control Plane. It is compatible with applications in other standard Kubernetes environments, allowing you to use standard Kubernetes applications without modifying code.

• Easy Kubernetes Deployment: provides secure communication between the worker node (Worker Node) and the managed control plane, and quickly provisions worker nodes so users can focus on building applications on the provided container environment.

• Convenient Kubernetes Management: For enterprise environments, we provide various management features to conveniently use the created Kubernetes clusters, including cluster information lookup and management via a dashboard, namespace management, and workload management functions.

Service Diagram

Provided features

Kubernetes Engine provides the following features.

• Cluster Management: You can create and manage clusters to use the Kubernetes Engine service. After creating a cluster, you can add services needed for operation such as nodes, namespaces, and workloads.
• Node Management: A node is a set of machines that run containerized applications. Every cluster must have at least one worker node to deploy applications. Nodes can be used by defining node pools. Nodes belonging to a node pool must have the same server type, size, and OS image, and creating multiple node pools enables flexible deployment strategies.
• Namespace Management: A namespace is a logical partition within a Kubernetes cluster and is used to specify access permissions or resource usage limits per namespace.
• Workload Management: A workload is an application running on Kubernetes Engine. After creating a namespace, you can add or delete workloads. Workloads are created and managed per item such as Deployment, Pod, StatefulSet, DaemonSet, Job, and CronJob.
• Service and Ingress Management: A service is an abstraction that exposes applications running in a set of pods as a network service, and an ingress is used to expose HTTP and HTTPS paths from outside the cluster to inside the cluster. After creating a namespace, you can create or delete services, endpoints, ingresses, and ingress classes.
• Storage Management: You can create and manage the storage to be used when using Kubernetes Engine. Storage is created and managed per PVC, PV, and StorageClass items.
• Configuration Management: When you need to manage values that change inside containers across multiple environments such as Dev/Prod, creating separate images to handle them via environment variables is inconvenient and wasteful. In Kubernetes, you can manage environment variables or configuration settings as variables that can be changed externally and injected when a Pod is created; at that point you can use ConfigMaps and Secrets.
• Permission Management: When multiple users access a Kubernetes cluster, you can assign permissions per specific API or namespace to define the access scope. By applying Kubernetes’ role-based access control (RBAC) feature, you can set permissions for clusters or namespaces. You can create and manage ClusterRoles, ClusterRoleBindings, Roles, and RoleBindings.

Component

control plane

Control Plane is the component that serves as the master node in the Kubernetes Engine service. The master node is the cluster’s management node, responsible for managing the other nodes in the cluster. A cluster is the basic creation unit of the Kubernetes Engine service and is used for managing node pools, objects, controllers, etc., that belong to it. Users configure the cluster name (cluster name), control plane, network, File Storage, and then create node pools within the cluster for use. The master node assigns work to the cluster, monitors node status, and handles data communication between nodes.

The cluster name creation rules are as follows.

• It must start with a letter and can be set using letters, numbers, and special characters (-) within 3 to 30 characters.
• It must not duplicate an already existing cluster name.

worker node

The worker node (Worker Node) is a compute node in the cluster that performs tasks. It receives task assignments from the cluster’s master node, executes them, and reports the results back to the master node. All nodes created within a node pool and namespace serve as worker nodes.

The rules for creating a node pool, which is a collection of worker nodes, are as follows.

• A node pool must contain at least one node for the application deployment to be possible.
• A maximum of 100 nodes can be created within a node pool.
• Since the maximum number of nodes is 100, you can freely create up to 100 nodes—for example, with 100 node pools you get 1 node per pool, and with 50 node pools you get 2 nodes per pool.
• It is possible to configure block storage attached to a node pool.
• You can configure the server type, size, and OS image for nodes in a node pool, and they must all be identical.
• Through the Auto-Scaling service, you can configure automatic scaling and shrinking of node pools according to the requirements of the deployed application.

Preliminary Service

This is a list of services that must be pre-configured before creating the service. Please refer to the guide provided for each service for details and prepare in advance.

1.1 - Monitoring Metrics

Kubernetes Engine monitoring metrics

The table below shows the monitoring metrics of Kubernetes Engine that can be viewed through Cloud Monitoring. For detailed usage of Cloud Monitoring, refer to the Cloud Monitoring guide.

1.2 - ServiceWatch Metrics

Kubernetes Engine sends metrics to ServiceWatch. The metrics provided by default monitoring are data collected at a 1‑minute interval.

Basic Metrics

The following are the basic metrics for the Kubernetes Engine namespace.

The metrics whose names are displayed in bold below are the metrics selected as key metrics among the default metrics provided by Kubernetes Engine. Key metrics are used to configure service dashboards that are automatically generated for each service in ServiceWatch.

Each metric indicates through the user guide which statistical values are meaningful when viewing that metric, and among the meaningful statistics, the values displayed in bold are the primary statistics. In the service dashboard, you can view key metrics using these primary statistical values.

2 - How-to guides

Users can create a service by entering the required information for the Kubernetes Engine and selecting detailed options through the Samsung Cloud Platform Console.

Create Kubernetes Engine

You can create and use the Kubernetes Engine service in the Samsung Cloud Platform Console.

You can create and manage clusters to use the Kubernetes Engine service. After creating the cluster, you can add services needed for operation such as nodes, namespaces, and workloads.

Create a cluster

You can create and use a Kubernetes Engine cluster service in the Samsung Cloud Platform Console.

To create a Kubernetes Engine cluster, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click the Create Cluster button. 2. Navigate to the Create Cluster page.
3. Create Cluster page, enter the information needed to create the service, and select detailed options.
   • In the Service Information Input area, enter or select the required information.

     Category	Required	Detailed description
     Cluster name	Required	Cluster name must start with an English letter and be entered using English letters, numbers, and special characters (-) within 3 - 30 characters
     Control plane settings > Kubernetes version	Required	Select Kubernetes version
     Control plane settings > Private endpoint allowed resources	Select	After selecting Enable, click Add to select the resource to allow access to the private endpoint Only resources in the same account and the same region can be registered Regardless of whether Enable is enabled, the nodes of the cluster can access the private endpoint
     Control Plane Settings > Public Endpoint	Select	After selecting Use, enter the public endpoint Allowed IP range for access as 192.168.99.0/24 Set the access control IP range to allow external access to the Kubernetes API server endpoint If external access is not required, you can disable it to reduce security threats
     ServiceWatch log collection	Select	Set whether to enable log collection so that cluster logs can be viewed in ServiceWatch Enable selection provides 5 GB of log storage free for all services within the Account, and charges apply based on storage volume when exceeding 5 GB If you need to view cluster logs, it is recommended to enable the ServiceWatch log collection feature
     Cloud Monitoring log collection	Select	Set whether to enable log collection so that logs for the cluster can be viewed in Cloud Monitoring If you select Use, 1 GB of log storage is provided for free across all services in the Account, and any data exceeding 1 GB will be deleted sequentially
     Network Settings	Essential	Network connection settings for the node pool VPC name: Select a pre‑created VPC Subnet name: Select a standard Subnet to use from the subnets of the selected VPC Security Group: Click the Select button and then choose a Security Group in the Select Security Group popup Up to 4 Security Group can be selected
     StorageClass setting	Required	Select the storage volume to use in the cluster NFS Volume: After clicking the Search button, select the file storage in the File Storage Selection popup. The default file storage supports only the NFS format

     Table. Kubernetes Engine service information input items
   • Additional Information Input area, please enter or select the required information.

     Category	required status	Detailed description
     tag	Select	Add Tag Up to 50 per resource can be added After clicking the Add Tag button, input or select Key, Value values

     Table. Kubernetes Engine additional information input fields
4. Summary Check the detailed information and estimated charges generated in the panel, and click the Create button.
   • Once creation is complete, verify the created resources on the Cluster List page.

View cluster details

The Kubernetes Engine service allows you to view and edit the full list of resources and detailed information. Cluster Details page consists of Details, Node Pools, Tags, Job History tabs.

To view detailed cluster information, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Navigate to the Service Home page of Kubernetes Engine.
2. Click the Cluster menu on the Service Home page. 2. Navigate to the Cluster List page.
3. Cluster List page, click the resource (cluster) whose detailed information you want to view. 3. Navigate to the Cluster Details page.
   • Cluster Details page displays the cluster’s status information and detailed information, and it consists of Details, Node Pools, Tags, Job History tabs.

     Category	Detailed description
     Cluster status	Kubernetes Engine cluster status Creating: in progress Running: creation complete / operational Updating: version upgrade in progress Deleting: in progress Error: error occurred
     Service cancellation	Button to delete a Kubernetes Engine cluster To delete a Kubernetes Engine service, you must delete all node pools added to the cluster If the service is deleted, the running service may be terminated immediately, so deletion is required after considering the impact of service interruption

     Table. Cluster status information and additional features

Detailed Information

On the Cluster List page, you can view detailed information of the selected resource and edit the information if needed.

Node Pool

You can view, add, modify, or delete cluster node pool information. For detailed information on using node pools, refer to 노드 관리하기.

Tag

On the Cluster List page, you can view the tag information of the selected resource, and you can add, modify, or delete it.

Job History

You can view the operation history of the selected resource on the Cluster List page.

Managing Cluster Resources

To manage cluster resources, we provide cluster version upgrades, kubeconfig downloads, and control‑plane logging modification features.

Cluster version upgrade

If there is a version available for upgrade from the cluster’s Kubernetes version, you can perform the upgrade on the Cluster Details page.

Pre-upgrade preparation for cluster version

When upgrading the cluster version, there is no need to delete and recreate API objects. For the migrated API, all existing API objects can be read and updated using the new API version. However, due to the deprecated API in older versions of Kubernetes, you may be unable to read or modify existing objects, or create new objects. Therefore, for system stability, we recommend migrating the client and manifest before upgrading.

Migrate the client and manifest using the following method.

• Download the latest version of the client (e.g., kubectl) and install it on the cluster, then modify the YAML to reference the new API.
• Or use a separate plugin (kubectl convert) to convert automatically. For detailed instructions, refer to the Kubernetes official documentation > Install and configure kubectl on Linux.

Upgrading Cluster and Node Pool Versions

To update the cluster and node pool, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Go to the Service Home page of Kubernetes Engines.
2. On the Service Home page, click the Cluster menu. 2. Navigate to the Cluster List page.
3. On the Cluster List page, click the resource (cluster) to upgrade the version. 3. Navigate to the Cluster Details page.
4. On the Cluster Details page, click the Edit icon of the Kubernetes version. 4. Cluster version upgrade A popup window opens.
5. Select the Kubernetes version to upgrade, and click the Confirm button.
   • It may take a few minutes for the cluster upgrade to complete.
   • During the upgrade, the cluster status is shown as Updating, and when the upgrade is complete, it is shown as Running.
6. When the upgrade is complete, select the Node Pool tab. 6. Navigate to the Node Pool page.
7. Click the More button of the node pool item, then click Node Pool Upgrade. 7. Node Pool Version Upgrade A popup window opens.
8. Node Pool Version Upgrade After reviewing the message in the popup window, click the Confirm button.
   • It may take a few minutes for the node pool upgrade to complete.
   • While the upgrade is in progress, the node pool status is shown as Updating, and when the upgrade is complete, it is shown as Running.

Download kubeconfig

You can download the administrator/user kubeconfig settings for the cluster’s public and private endpoints as a yaml document.

To download the cluster’s kubeconfig configuration, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engines.
2. On the Service Home page, click the Cluster menu. 2. Navigate to the Cluster List page.
3. On the Cluster List page, click the resource (cluster) to download the kubeconfig. 3. Navigate to the Cluster Details page.
4. On the Cluster Details page, click the Download admin kubeconfig/Download user kubeconfig button of the desired endpoint.
   • You can download the kubeconfig file in YAML format for each permission.

Modify resources that allow private endpoint access

You can modify the resource settings that allow private endpoint access to the cluster.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Go to the Service Home page of Kubernetes Engines.
2. On the Service Home page, click the Cluster menu. 2. Navigate to the Cluster List page.
3. Cluster List page, click the resource (cluster) whose private endpoint access control you want to modify. 3. Navigate to the Cluster Details page.
4. On the Cluster Details page, click the Edit icon for Private Endpoint Access Allowed Resources. 4. Private endpoint access allowed resource edit The popup window opens.
5. Private Endpoint Access Allowed Resource Modification In the popup, set the Private Endpoint Access Allowed Resource’s Usage and add the allowed access resource, then click the Confirm button.

Modify public endpoint

You can change the public endpoint settings of the cluster.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engines.
2. On the Service Home page, click the Cluster menu. 2. Navigate to the Cluster List page.
3. On the Cluster List page, click the resource (cluster) whose public endpoint access control you want to modify. 3. Navigate to the Cluster Details page.
4. On the Cluster Details page, click the Edit icon of the Public Endpoint. 4. Public Endpoint Edit The popup window opens.
5. Public Endpoint Edit In the Public Endpoint popup, configure the usage setting and add the allowed IP address range, then click the Confirm button.

Modify control plane log collection settings

You can change the log collection settings of the cluster’s control plane. Detailed logs of the cluster can be viewed in the ServiceWatch service or the Cloud Monitoring service.

To change the cluster’s control plane log collection settings, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Go to the Service Home page of Kubernetes Engines.
2. On the Service Home page, click the Cluster menu. 2. Navigate to the Cluster List page.
3. Cluster List page, click the resource (cluster) whose control plane logging you want to modify. 3. Go to the Cluster Details page.
4. On the Cluster Details page, click the Edit icon of ServiceWatch log collection. 4. ServiceWatch log collection The popup window opens.
   • The Cloud Monitoring log collection feature can also be configured in the same way.
5. In the ServiceWatch Log Collection popup, after setting the Use option for ServiceWatch Log Modification, click the Confirm button.

Modify Security Group

You can modify the cluster’s Security Group.

To modify the cluster’s Security Group, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engines.
2. On the Service Home page, click the Cluster menu. 2. Navigate to the Cluster List page.
3. On the Cluster List page, click the resource (cluster) whose Security Group you want to modify. 3. Navigate to the Cluster Details page.
4. On the Cluster Details page, click the Edit icon of the Security Group. 4. Security Group Edit The popup window opens.
5. After selecting or deselecting the Security Group to modify, click the Confirm button.

Terminate Cluster

To terminate the cluster, follow the steps below.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engines.
2. On the Service Home page, click the Cluster menu. 2. Navigate to the Cluster List page.
3. Cluster List page, click the resource (cluster) whose detailed information you want to view. 3. Navigate to the Cluster Details page.
4. On the Cluster Details page, click Cancel Service.
5. Service Termination After reviewing the content in the popup window, click the Confirm button.

2.1 - Managing Nodes

A node is a set of machines that run containerized applications. A cluster must have at least one node to deploy an application. Nodes can be defined in a node pool for use. Nodes belonging to a node pool must have the same server type, size, and OS image, and flexible deployment strategies can be established by creating multiple node pools.

After creating a Kubernetes Engine cluster, add a node pool and modify or delete it as needed.

Add node pool

A node refers to a machine that runs containerized applications, and at least one node is required to deploy applications in a Kubernetes cluster. After the Kubernetes Engine cluster has been created, add a node pool from the details page.

• In Kubernetes Engine, you can define and use a node pool, which is a set of nodes. * Since the nodes in a node pool use the same server type, size, and OS image, users can devise flexible deployment strategies by using multiple node pools.

To add a node pool, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click the Cluster menu. 2. Navigate to the Cluster List page.
3. On the Cluster List page, select the cluster to which you want to add a node pool. 3. Navigate to the Cluster Details page.
4. On the Cluster Details page, select the Node Pool tab, then click the Add Node Pool button. 4. Navigate to the Add Cluster Node Pool page.
5. On the Add Cluster Node Pool page, enter the information required to create a node pool and select detailed options.
   • In the Service Information Input area, enter or select the required information.

     Category	Required status	Detailed description
     Node pool name	Required	Node pool name must start with a lowercase English letter and be entered using lowercase English letters, numbers, and special characters (-) within 3 - 20 characters cannot end with a special character (-)
     Node Pool > Server Type	Required	Virtual Server server types for the node Standard: Standard specifications commonly used High Capacity: Large-scale server specifications beyond Standard GPU: GPU specifications available when securing resources for special requirements such as AI/ML For detailed information about the server types offered by Virtual Server, refer to Virtual Server 서버 타입
     Node Pool > Server OS	Essential	Node’s Virtual Sever OS image Standard: RHEL 8.10, Ubuntu 22.04 Custom: Custom image for Kubernetes created from the Virtual Server product (RHEL, Ubuntu)
     Node Pool > Block Storage	Essential	Block storage settings used by the node’s Virtual Server SSD: High‑performance general volume HDD: General volume SSD/HDD_KMS: Additional encrypted volume that uses encryption keys from Samsung Cloud Platform KMS(Key Management System) Encryption can be applied only at initial creation and cannot be changed after the service is created Performance degradation occurs when using the SSD_KMS disk type SSD_Provisioned: Enter detailed settings for the selected storage type Enter a value between 5,000 and 20,000 for the Max IOPS field, and between 250 and 1,000 for the Max Throughput field For a Custom Image with SSD_Provisioned, the predetermined values are auto‑filled and the fields are disabled Capacity is entered in Units, with a value between 13 and 125 Since 1 Unit equals 8 GB, this creates 104 ~ 1,000 GB
     Node Pool > Server Group	Select	Apply a pre‑created Server Group in the Virtual Server service on the node Click Use to set the Server Group usage When usage is enabled, select a Server Group Supports Affinity or Anti‑Affinity policies Partition policy is not supported Cannot modify after creating a node pool GPU server type cannot be selected
     Node pool auto scaling	Essential	Automatically adjust the number of nodes in a node pool For configuration, refer to 노드 풀 자동 확장/축소하기
     Number of nodes	Required	Number of nodes to create within a node pool Enter a value in the range 1 - 100
     Automatic node recovery	Required	When an abnormal node is detected in the node pool, automatically delete and create a new one For configuration, refer to 노드 풀 자동 복구하기
     Keypair	Essential	User authentication method used to connect to a node’s Virtual Server New: Create a new one if a new Keypair is required Refer to Keypair 생성하기 for how to create a new Keypair Default login account list by OS Alma Linux: almalinux RHEL: cloud-user Rocky Linux: rocky Ubuntu: ubuntu Windows: sysadmin
     Label	Selection	Optionally schedule the workload on a node Click the Add button to enter the label key and value Refer to 노드 풀 레이블 설정하기 for configuration
     Tint	Select	Prevent workloads from being scheduled onto nodes Add button to click for taint effect, enter key and value Refer to 노드 풀 테인트 설정하기 for configuration method
     Advanced Settings	Selection	Settings for detailed areas such as pods and logs for the node Click Use to choose whether to apply the advanced settings for the node pool you will create Refer to Configure advanced node pool settings for the configuration method
     Connection resource	Select	Configure File Storage and Object Storage resources for nodes at the node pool level Click the Add button to select the File Storage and Object Storage resources to attach to the node pool you will create Refer to Configure Linked Resources for Node Pools for the configuration method

     Table. Input fields for Kubernetes Engine node pool service information
6. Summary Verify the detailed information and estimated charges generated in the panel, then click the Create button.
   • When creation is complete, check the created resources on the Cluster Details > Node Pool tab > Node Pool list page.
7. When the notification popup opens, click the Confirm button.

Update Node Pool

If needed, modify the number of nodes in the node pool on the Kubernetes Engine details page.

To modify the number of nodes, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engine.
2. Click the Cluster menu on the Service Home page. 2. Navigate to the Cluster List page.
3. Select the cluster whose node count you want to modify on the Cluster List page. 3. Navigate to the Cluster Details page.
4. On the Cluster Details page, select the Node Pool tab, then click the Node Pool Name you want to edit. 4. Navigate to the Node Pool Details page.
5. On the Node Pool Details page, click the Edit icon to the right of Node Pool Information. 5. Node Pool Edit The popup window opens.
6. Edit Node Pool In the popup window, edit the node pool information, then click the Confirm button.

Upgrade Node Pool

If the Kubernetes version of the control plane and the version of the node pool differ, you can upgrade the node pool to synchronize the versions.

To upgrade the node pool, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click the Cluster menu. 2. Navigate to the Cluster List page.
3. On the Cluster List page, select the cluster for which you want to perform a node pool version upgrade. 3. Navigate to the Cluster Details page.
4. Cluster Details page, select the Node Pool tab, then click More > Node Pool Upgrade at the far right end of the node pool row. 4. Node Pool Version Upgrade A popup window opens.
   • You can upgrade the node pool only when the node’s status is Running.
5. Node Pool Version Upgrade After reviewing the information in the popup window, click the Confirm button.

Auto-scaling node pools

Node pool auto-scaling is a feature that automatically adjusts the number of node pools by adding new nodes to a specified node pool or removing existing nodes based on workload demands. This feature operates based on the node pool.

• When automatically scaling a node pool up or down, it is adjusted based on the resource requests of the pods running on the node pool’s nodes rather than the actual resource utilization, and it periodically checks the status of pods and nodes and executes automatic scaling operations.

To set up automatic scaling for a node pool, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click the Cluster menu. 2. Navigate to the Cluster List page.
3. On the Cluster List page, select the cluster for which you want to use the node auto-scaling feature. 3. Navigate to the Cluster Details page.
4. Cluster Details page, after selecting the Node Pool tab, click the Node Pool name you wish to modify. 4. Navigate to the Node Pool Details page.
5. Node Pool Details page, click the Edit icon on the right of Node Pool Information. 5. Edit Node Pool The popup window opens.
6. Edit Node Pool in the popup window, select Node Pool Auto Scaling as Enable.
7. After entering the minimum and maximum node counts, click the Confirm button.
   Reference

   Node pool auto-scaling settings can also be configured on the cluster node pool creation page.

   • Node pool scaling conditions
     • When a pod fails to start in the cluster due to insufficient resources (Pending pod occurs)
   • Node pool reduction criteria (when all are met)
     • If the sum of resource requests (CPU/Memory) of all pods running on a node is less than 50 % of the node’s allocatable resources.
     • When all pods running on a node can be scheduled on another node (there must be no pods subject to PDB restrictions, etc.)
   • When using automatic node pool scaling, to prevent deletion caused by node reduction, add the following annotation to the node.
     • cluster-autoscaler.kubernetes.io/scale-down-disabled: “true”

Automatically Restore Node Pool

Node auto-recovery is a feature that automatically deletes an abnormal node detected in the cluster and creates a new node to restore the node count in the node pool to a normal state. This feature operates based on the node pool.

To configure the node auto-recovery feature, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click the Cluster menu. 2. Go to the Cluster List page.
3. On the Cluster List page, select the cluster for which you want to use the node auto-recovery feature. 3. Go to the Cluster Details page.
4. On the Cluster Details page, after selecting the Node Pool tab, click the Node Pool name you wish to edit. 4. Navigate to the Node Pool Details page.
5. On the Node Pool Details page, click the Edit icon on the right of Node Pool Information. 5. Edit Node Pool A popup window opens.
6. Node Pool Edit in the popup window, after selecting Node Auto Recovery as Enable, click the Confirm button.

Setting node pool labels

Node pool labels are a feature for optionally scheduling workloads onto nodes.

To set the node pool label, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Navigate to the Service Home page of Kubernetes Engine.
2. Click the Cluster menu on the Service Home page. 2. Navigate to the Cluster List page.
3. On the Cluster List page, select the cluster for which you want to set the node pool label. 3. Navigate to the Cluster Details page.
4. On the Cluster Details page, select the Node Pool tab, then click the Node Pool Name you want to edit. 4. Navigate to the Node Pool Details page.
5. On the Node Pool Details page, when you click the Edit icon of a label, the Edit Label popup opens.
6. In the Label Edit popup, click the Add button to add as many labels as needed.
7. Enter the label information and click the Confirm button.

Configure Node Pool Taint

Node pool taint is a feature that prevents workloads from being scheduled onto nodes.

To configure the node pool taint, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click the Cluster menu. 2. Navigate to the Cluster List page.
3. Select the cluster for which you want to set a node pool taint on the Cluster List page. 3. Navigate to the Cluster Details page.
4. Cluster Details page, after selecting the Node Pool tab, click the Node Pool name you wish to modify. 4. Navigate to the Node Pool Details page.
5. On the Node Pool Details page, clicking the Edit icon of a taint opens the Edit Taint popup window.
6. Tint Edit In the popup window, click the Add button to add the required number of tints.
7. Enter the tint information and click the Confirm button.

Configure advanced node pool settings

Node pool advanced settings are a feature for applying detailed configurations such as the number of pods per node, PID, logs, and image garbage collection.

To configure advanced settings for the node pool, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click the Cluster menu. 2. Navigate to the Cluster List page.
3. On the Cluster List page, select the cluster for which you want to configure advanced node pool settings. 3. Navigate to the Cluster Details page.
4. Cluster Details page, after selecting the Node Pool tab, click Create Node Pool. 4. Go to the Create Node Pool page.
5. On the Node Pool Creation page, select Advanced Settings to Enable.
6. After selecting Use, enter the required information for the displayed items.
7. After confirming that the required information has been entered correctly in the Summary tab, click the Create button.

Configure linked resources for node pool

Node pool connection resources are a feature for connecting or disconnecting File Storage and Object Storage on a per‑node‑pool basis.

To configure node pool connection resources, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click the Cluster menu. 2. Navigate to the Cluster List page.
3. On the Cluster List page, select the cluster for which you want to configure node pool connection resources. 3. Navigate to the Cluster Details page.
4. On the Cluster Details page, select the Node Pool tab, then click the Node Pool Name you want to edit. 4. Navigate to the Node Pool Details page.
5. When you click the Edit icon of a connection resource on the Node Pool Details page, the Edit Connection Resource popup opens.
6. In the Edit Connected Resource popup, clicking the Add button opens the Add Connected Resource popup.
7. Add Connected Resource In the popup window, select File Storage and Object Storage.
8. After verifying the resources to connect to the node pool, click the Confirm button.

Delete Node Pool

If needed, delete the node pool from the Kubernetes Engine details page.

To delete a node pool, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click the Cluster menu. 2. Navigate to the Cluster List page.
3. On the Cluster List page, select the cluster whose node count you want to modify. 3. Navigate to the Cluster Details page.
4. On the Cluster Details page, select the Node Pool tab, then click the More button at the far right of the node pool row. 4. Click Delete Node Pool in the More button.
5. Node Pool Deletion In the popup window, select the checkbox, enter the name of the node pool to delete, and click the Confirm button.
   • You must select the checkbox in the node deletion confirmation message for the confirm button to become active.

View node details

After creating the cluster, you can view metadata, object information, and other details of the added nodes, and edit resource files using a YAML editor.

To view detailed information about the node pool, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click the Node menu. 2. Go to the Node List page.
3. On the Node List page, select the cluster whose detailed information you want to view from the gear button at the top left, then click the Confirm button.
4. Select the node whose detailed information you want to view and click. 4. Navigate to the Node Details page.

   Category	Detailed description
   Status Indicator	Display the current status of the node
   Detailed Information	Check the node’s Account information, metadata, and object information
   YAML	Node resources can be edited in the YAML editor Click the Edit button, modify the resource, then click the Save button to apply the changes When editing content, click the Diff button to view the changes
   event	Check events that occurred on the node
   Pod	Check node pod information A Pod (pod) is the smallest compute unit that can be created, managed, and deployed in Kubernetes Engine
   Account Information	Check basic information about the Account, such as the Account name, location, and creation time.
   Metadata Information	Check metadata information such as node labels, annotations, and taints.
   Object Information	Internal IP and machine ID, capacity, resources, etc., the object information of the created node is displayed If GPU resources exist, check the GPU count in the Capacity > Nvidia.com/GPU column

   Table. Node detailed information items

2.2 - Managing Namespaces

A namespace is a logical separation unit within a Kubernetes cluster, used to specify access permissions or resource usage limits per namespace.

Create a namespace

To create a namespace, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click the Namespace menu. 2. Navigate to the Namespace List page.
3. On the Namespace List page, select the cluster where you want to create a namespace from the gear button at the top left, then click Create Object.
4. Enter the object information in the Object Creation Popup and click the Confirm button.

Check detailed namespace information

On the namespace detail page, you can view the namespace status and detailed information.

To view detailed namespace information, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click the Namespace menu. 2. Navigate to the Namespace List page.
3. On the Namespace List page, select the cluster that the namespace requiring detailed information belongs to from the gear button at the top left, then click Confirm.
4. On the Namespace List page, select the item you want to view details for and click it. 4. Go to the Namespace Details page.

   Category	Detailed description
   Status indicator	Display the current state of the namespace
   Delete Namespace	Delete namespace A namespace containing workloads cannot be deleted. To delete a namespace, you must delete all associated workloads
   Detailed Information	Check the Account information and metadata of the namespace
   YAML	Namespaces can be edited in the YAML editor Click the Edit button, modify the namespace, then click the Done button to apply the changes When editing content, click the Diff button to view the changes
   event	Check events that occurred within the namespace
   Pod	Check the pod information in the namespace
   Account information	Check basic information about the Account, such as name, location, and creation timestamp.
   Metadata Information	Check the metadata information of the namespace

   Table. Namespace detailed information items

Delete namespace

To delete a namespace, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click the Namespace menu. 2. Navigate to the Namespace List page.
3. On the Namespace List page, select the cluster that the namespace you want to delete belongs to from the gear button at the top left, then click the Confirm button.
4. On the Namespace List page, select the item you want to view details for and click it. 4. Navigate to the Namespace Details page.
5. On the Namespace Details page, click Delete Namespace.
6. When the notification confirmation window appears, click the Confirm button.

2.3 - Manage Workloads

The workload is an application running on Kubernetes Engine. You can create a namespace and then add or delete workloads. Workloads are created and then managed for each item: Deployment, Pod, StatefulSet, DaemonSet, Job, and CronJob.

Managing Deployments

A Deployment refers to a resource that provides updates for Pods and ReplicaSets (ReplicaSet). You can create a deployment in the workload, view its details, or delete it.

Create Deployment

To create a deployment, follow the steps below.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Deployment under the Workload menu. 2. Go to the Deployment List page.
3. On the Deployment List page, select the cluster and namespace from the gear button at the top left, then click Create Object.
4. Enter the object information in the Object Creation Popup and click the Confirm button.
   • The following is an example .yaml file that shows the required fields and object spec for creating a Deployment. * (application/deployment.yaml)
     • Tab 0

     Sample Code Download

     Copy Code

     Color mode

      apiVersion: apps/v1
      kind: Deployment
      metadata:
        name: nginx-deployment
      spec:
        selector:
           matchLabels:
              app: nginx
        replicas: 2 # tells deployment to run 2 pods matching the template
        template:
          metadata:
             labels:
                app: nginx
          spec:
             containers:
             - name: nginx
               image: nginx:1.14.2
               ports:
               - containerPort: 80

      apiVersion: apps/v1
      kind: Deployment
      metadata:
        name: nginx-deployment
      spec:
        selector:
           matchLabels:
              app: nginx
        replicas: 2 # tells deployment to run 2 pods matching the template
        template:
          metadata:
             labels:
                app: nginx
          spec:
             containers:
             - name: nginx
               image: nginx:1.14.2
               ports:
               - containerPort: 80

View deployment details

To view deployment details, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Deployment under the Workload menu. 2. Go to the Deployment List page.
3. On the Deployment List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the item you want to view detailed information for on the Deployment List page. 4. Deployment Details page will be opened.
   • If you select Show system objects at the top of the list, all items except the Kubernetes object entries will be displayed.
5. Click each tab to view the service information.

   Category	Detailed description
   Delete Deployment	Delete the deployment
   Detailed Information	Detailed deployment information can be viewed
   YAML	The deployment’s resource file can be edited in the YAML editor Edit button, click and modify the resource, then click the Done button to apply the changes When editing content, click the Diff button to view the changes
   event	Check events that occurred within the deployment
   Pod	Check the pod information of the deployment A Pod (pod) is the smallest compute unit that can be created, managed, and deployed in Kubernetes Engine
   Account information	Check basic information about the Account, such as the Account name, location, and creation time.
   Metadata Information	Check the deployment’s metadata information
   Object Information	Check the deployment’s object information

   Table. Deployment detailed information items

Delete Deployment

To delete the deployment, follow the steps below.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Deployment under the Workload menu. 2. Navigate to the Deployment List page.
3. On the Deployment list page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the item you want to delete on the Deployment List page. 4. Navigate to the Deployment Details page.
5. On the Deployment Details page, click Delete Deployment.
6. When the notification confirmation window appears, click the Confirm button.

Managing Pods

A pod (Pod) is the smallest compute unit in Kubernetes that can be created, managed, and deployed, representing a group of one or more containers. You can create pods in the workload, view their details, or delete them.

Create Pod

To create a pod, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Pod under the Workload menu. 2. Navigate to the Pod List page.
3. On the Pod List page, select the cluster and namespace from the gear button at the top left, then click Create Object.
4. Enter the object information in the Object Creation Popup and click the Confirm button.

Check pod detailed information

To view detailed pod information, follow these steps.

1. All Services > Container > Kubernetes Engine menu, click it. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Pod under the Workload menu. 2. Navigate to the Pod List page.
3. On the Pod List page, select the cluster and namespace using the gear button at the top left, then click Confirm.
4. Select the item you want to view detailed information for on the Pod List page. 4. Navigate to the Pod Details page.
   • If you select Show system objects at the top of the list, all items except the Kubernetes object entries will be displayed.
5. Click each tab to view the service information.

   Category	Detailed description
   Status indicator	Display the current status of the pod
   Delete pod	Delete the pod
   Detailed Information	Can view detailed pod information
   YAML	The pod’s resource file can be edited in the YAML editor Click the Edit button, modify the resource, then click the Done button to apply the changes When editing content, you can click the Diff button to view the changes
   event	Check events that occurred within the pod
   log	Select a container to view the pod’s container information.
   Account Information	Check basic information about the Account, such as name, location, and creation timestamp.
   Metadata Information	Check the pod’s metadata information
   Object Information	Check the pod’s object information
   Initialization Container Information	Check the pod’s init container information
   Container Information	Check the pod’s container information

   Table. Pod detailed information items

Delete Pod

To delete a pod, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Pod under the Workload menu. 2. Go to the Pod List page.
3. On the Pod List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the items you want to delete on the Pod List page. 4. Navigate to the Pod Details page.
5. On the Pod Details page, click Delete Pod.
6. When the notification dialog appears, click the Confirm button.

Managing StatefulSets

A StatefulSet is a workload API object used to manage an application’s stateful components. You can create a StatefulSet in the workload, view its details, or delete it.

Creating a StatefulSet

To create a StatefulSet, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click StatefulSet under the Workload menu. 2. StatefulSet list page is opened.
3. On the StatefulSet list page, select the cluster and namespace from the gear button at the top left, then click Create Object.
4. Enter the object information in the Object Creation Popup and click the Confirm button.

Check detailed information of StatefulSet

To view detailed information about a StatefulSet, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click StatefulSet under the Workload menu. 2. StatefulSet list page is opened.
3. On the StatefulSet List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the item whose detailed information you want to view on the StatefulSet List page. 4. Navigate to the StatefulSet Details page.
   • If you select Show system objects at the top of the list, all items except the Kubernetes object entries will be displayed.
5. Click each tab to view the service information.

   Category	Detailed description
   Delete StatefulSet	Delete the StatefulSet
   Detailed Information	Can view detailed information of a StatefulSet
   YAML	The resource file of a StatefulSet can be edited in the YAML editor Click the Edit button, modify the resource, then click the Done button to apply the changes When editing content, click the Diff button to view the changes
   event	Check events that occurred within the StatefulSet
   Pod	Check the pod information of the StatefulSet
   Account Information	Check basic information about the Account, such as name, location, creation time, etc.
   Metadata Information	Check the metadata information of the StatefulSet
   Object Information	Check the object information of the StatefulSet

   Table. StatefulSet detailed information items

Delete StatefulSet

To delete a StatefulSet, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click StatefulSet under the Workload menu. 2. Navigate to the StatefulSet list page.
3. On the StatefulSet List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. StatefulSet list page, select the items you want to delete. 4. Navigate to the StatefulSet Details page.
5. On the StatefulSet Details page, click Delete StatefulSet.
6. When the notification confirmation window appears, click the Confirm button.

Managing DaemonSets

A DaemonSet is a resource that ensures a copy of a pod runs on every node or on a subset of nodes. You can create a DaemonSet in the workload, view its details, or delete it.

Creating a DaemonSet

To create a DaemonSet, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click DaemonSet under the Workload menu. 2. Go to the DaemonSet list page.
3. On the DaemonSet list page, select the cluster and namespace from the gear button at the top left, then click Create object.
4. Enter the object information in the Object Creation Popup and click the Confirm button.

Check DaemonSet detailed information

To view detailed information about a DaemonSet, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click DaemonSet under the Workload menu. 2. Go to the DaemonSet List page.
3. On the DaemonSet list page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the item you want to view details for on the DaemonSet List page. 4. Navigate to the DaemonSet Details page.
   • If you select Show system objects at the top of the list, all items except the Kubernetes object entries are displayed.
5. Click each tab to view the service information.

   Category	Detailed description
   Delete DaemonSet	Delete the DaemonSet
   Detailed Information	Can view detailed DaemonSet information
   YAML	The DaemonSet’s resource file can be edited in the YAML editor Click the Edit button, modify the resource, then click the Done button to apply the changes When editing content, you can click the Diff button to view the changed content
   event	Check events that occurred within the DaemonSet
   Pod	Check DaemonSet pod information
   Account Information	Check basic information about the Account, such as name, location, creation time, etc.
   Metadata Information	Check the DaemonSet’s metadata information
   Object Information	Check the DaemonSet object information

   Table. DaemonSet detailed information items

Delete DaemonSet

To delete a DaemonSet, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click DaemonSet under the Workload menu. 2. Navigate to the DaemonSet list page.
3. On the DaemonSet list page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the items you want to delete on the DaemonSet List page. 4. DaemonSet Details Navigate to the page.
5. On the DaemonSet Details page, click Delete DaemonSet.
6. When the notification confirmation window appears, click the Confirm button.

Job Management

A Job is a resource that creates one or more Pods and continues to run Pods until the specified number of Pods have completed successfully. You can create a job in the workload, view its details, or delete it.

Create Job

To create a job, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Job under the Workload menu. 2. Go to the Job List page.
3. On the Job List page, select the cluster and namespace from the gear button at the top left, then click Create Object.
4. Enter the object information in the Object Creation Popup and click the Confirm button.

Check job details

To view the job details, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Job under the Workload menu. 2. Navigate to the Job List page.
3. On the Job List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the item you want to view detailed information for on the Job List page. 4. Go to the Job Details page.
   • If you select Show system objects at the top of the list, all items except the Kubernetes object entries will be displayed.
5. Click each tab to view the service information.

   Category	Detailed description
   Delete Job	Delete the job
   Detailed Information	Detailed job information can be viewed
   YAML	You can edit the job’s resource file in the YAML editor Click the Edit button, modify the resource, then click the Done button to apply the changes When editing content, click the Diff button to view the changes
   event	Check events that occurred within the job
   Pod	Check the pod information of the job
   Account Information	Check basic information about the Account, such as name, location, creation time, etc.
   Metadata Information	Check the job’s metadata information
   Object Information	Check job object information

   Table. Job detail information items

Delete job

To delete a job, follow the steps below.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Job under the Workload menu. 2. Go to the Job List page.
3. Job List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the items you want to delete on the Job List page. 4. Navigate to the Job Details page.
5. On the Job Details page, click Delete Job.
6. When the notification dialog appears, click the Confirm button.

Managing Cron Jobs

A cron job is a resource that runs a job periodically according to a schedule written in cron format. It can be used when executing repetitive tasks at regular intervals, such as backups and report generation. In the workload, you can create a cron job and view or delete its details.

Create a cron job

To create a cron job, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click CronJob under the Workload menu. 2. Navigate to the Cron Job List page.
3. On the CronJob List page, select the cluster and namespace from the gear button at the top left, then click Create Object.
4. Enter the object information in the Object Creation Popup and click the Confirm button.

Check detailed cron job information

To view detailed information about the cron job, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click CronJob under the Workload menu. 2. Navigate to the Cron Job List page.
3. On the CronJob List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the item you want to view detailed information for on the Cron Job List page. 4. Navigate to the Cron Job Details page.
   • If you select Show system objects at the top of the list, all items except the Kubernetes object entries will be displayed.
5. Click each tab to view the service information.

   Category	Detailed description
   Delete cron job	Delete the cron job
   Detailed Information	View detailed information of cron jobs
   YAML	The resource file of the cron job can be edited in the YAML editor Edit button, click and modify the resource, then click the Done button to apply the changes When editing content, you can click the Diff button to view the changed content
   event	Check events that occurred within the cron job
   job	View the cron job’s information. Selecting a job item navigates to the job detail page.
   Account Information	Check basic information about the Account, such as name, location, creation time, etc.
   Metadata Information	Check the metadata information of the cron job
   Object Information	Check the object information of the cron job

   Table. Cron job detailed information items

Delete cron job

To delete a cron job, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click CronJob under the Workload menu. 2. Go to the Cron Job List page.
3. On the CronJob List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the items you want to delete on the Cron Job List page. 4. Go to the Cron Job Details page.
5. On the Cron Job Details page, click Delete Cron Job.
6. When the notification confirmation window appears, click the Confirm button.

2.4 - Manage services and ingresses

A Service is an abstraction that exposes applications running in a set of Pods as a network service, and an Ingress is used to expose HTTP and HTTPS routes from outside the cluster to inside the cluster. After creating a namespace, you can create or delete services, endpoints, ingresses, and ingress classes.

Manage Services

You can create a service and view or delete its details.

Create Service

To create a service, follow these steps.

1. All Services > Container > Kubernetes Engine click the menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Service under the Service and Ingress menu. 2. Go to the Service List page.
3. On the Service List page, select the cluster and namespace from the gear button at the top left, then click Create Object.
4. Enter the object information in the Object Creation Popup and click the Confirm button.

Check service detailed information

To view the service details, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Service under the Service and Ingress menu. 2. Go to the Service List page.
3. Service List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. On the Service List page, select the item for which you want to view detailed information. 4. Go to the Service Details page.
   • If you select Show system objects at the top of the list, all items except the Kubernetes object entries will be displayed.
5. Click each tab to view the service information.

   Category	Detailed description
   Delete Service	Delete the service
   Detailed Information	View detailed service information.
   YAML	You can edit the service’s resource file in the YAML editor Click the Edit button, modify the resource, and then click the Done button to apply the changes When editing content, you can click the Diff button to view the changes
   event	Check events that occurred within the service
   Account Information	Check basic information about the Account, such as name, location, creation time, etc.
   Metadata Information	Check the service metadata information
   Object Information	Check the service’s object information

   Table. Service detailed information items

Delete Service

To delete the service, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Service under the Service and Ingress menu. 2. Navigate to the Service List page.
3. Service List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Service List page, select the item you want to delete. 4. Go to the Service Details page.
5. On the Service Details page, click Delete Service.
6. When the notification dialog appears, click the Confirm button.

Managing Endpoints

You can create an endpoint and view or delete its details.

Create Endpoint

To create an endpoint, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Endpoint under the Service and Ingress menu. 2. Go to the Endpoint List page.
3. On the Endpoint List page, select the cluster and namespace from the gear button at the top left, then click Create Object.
4. Enter the object information in the Object Creation Popup and click the Confirm button.

View endpoint details

To view detailed endpoint information, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Endpoint under the Service and Ingress menu. 2. Go to the Endpoint List page.
3. On the Endpoint List page, select the cluster and namespace using the gear button at the top left, then click Confirm.
4. On the Endpoint List page, select the item for which you want to view detailed information. 4. Navigate to the Endpoint Details page.
   • When you select Show system objects at the top of the list, the remaining items, excluding the Kubernetes object entries, are displayed.
5. Click each tab to view the service information.

   Category	Detailed description
   Delete Endpoint	Delete the endpoint
   Detailed Information	Can view detailed endpoint information
   YAML	The endpoint’s resource file can be edited in the YAML editor Edit button, click and modify the resource, then click the Done button to apply the changes When editing content, you can click the Diff button to view the changed content
   event	Check events that occurred within the endpoint
   Account information	Check basic information about the Account, such as the Account name, location, and creation date/time.
   Metadata Information	Check the endpoint’s metadata information
   Object Information	Check the endpoint’s object information

   Table. Endpoint detailed information items

Delete endpoint

To delete the endpoint, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Endpoint under the Service and Ingress menu. 2. Go to the Endpoint List page.
3. On the Endpoint List page, select the cluster and namespace from the gear button in the top-left, then click Confirm.
4. Select the item you want to delete on the Endpoint List page. 4. Navigate to the Endpoint Details page.
5. On the Endpoint Details page, click Delete Endpoint.
6. When the notification dialog appears, click the Confirm button.

Managing Ingress

Ingress is an API object that manages external access (HTTP, HTTPS) to services within Kubernetes Engine, used to expose workloads externally, and provides L7 load balancing functionality.

Create Ingress

To create an Ingress, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Ingress under the Service and Ingress menu. 2. Navigate to the Ingress List page.
3. On the Ingress List page, select the cluster and namespace from the gear button at the top left, then click Create Object.
4. Enter the object information in the Object Creation Popup and click the Confirm button.

Check Ingress detailed information

To view the ingress details, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Ingress under the Service and Ingress menu. 2. Navigate to the Ingress List page.
3. On the Ingress List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the item whose detailed information you want to view on the Ingress List page. 4. Navigate to the Ingress Details page.
   • If you select Show system objects at the top of the list, all items except the Kubernetes object entries will be displayed.
5. Click each tab to view the service information.

   Category	Detailed description
   Delete Ingress	Delete ingress
   Detailed Information	Ingress detailed information can be viewed
   YAML	The Ingress resource file can be edited in the YAML editor Click the Edit button, modify the resource, then click the Done button to apply the changes When editing content, you can click the Diff button to view the changes
   event	Check events that occurred within the ingress
   Account information	Check basic information about the Account, such as name, location, creation time, etc.
   Metadata Information	Check the metadata information of the Ingress
   Object Information	Check the Ingress object’s information

   Table. Ingress detailed information items

Delete Ingress

To delete the ingress, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Ingress under the Service and Ingress menu. 2. Navigate to the Ingress List page.
3. Ingress List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the item you want to delete on the Ingress List page. 4. Navigate to the Ingress Details page.
5. On the Ingress Details page, click Delete Ingress.
6. When the notification confirmation dialog appears, click the Confirm button.

Manage Ingress Class

IngressClass refers to an API resource that enables the use of multiple ingress controllers within a single cluster. Each Ingress must specify a reference class for the IngressClass resource that includes a configuration, including a controller that must implement the class.

Create Ingress Class

To create an Ingress class, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click IngressClass under the Service and Ingress menu. 2. Navigate to the IngressClass List page.
3. On the IngressClass List page, select the cluster and namespace from the gear button at the top left, then click Create Object.
4. Enter the object information in the Object Creation Popup and click the Confirm button.

Check detailed information of Ingress class

To view detailed information about the Ingress class, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Ingress Class under the Service and Ingress menu. 2. Navigate to the IngressClass List page.
3. IngressClass list page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the item you want to view detailed information for on the IngressClass List page. 4. Navigate to the IngressClass Details page.
   • When you select Show system objects at the top of the list, the remaining items, excluding the Kubernetes object entries, are displayed.
5. Click each tab to view the service information.

   Category	Detailed description
   Delete IngressClass	Delete Ingress class
   Detailed Information	Detailed information of the Ingress class can be viewed.
   YAML	The resource file of the IngressClass can be edited in the YAML editor Click the Edit button, modify the resource, then click the Done button to apply the changes When editing content, click the Diff button to view the changed content
   event	Check events that occurred within the Ingress class
   Account information	Check basic information about the Account, such as name, location, and creation date/time.
   Metadata Information	Check the metadata information of the Ingress class
   Object Information	Check the object information of the Ingress class

   Table. Ingress class detailed information items

Delete Ingress Class

To delete an Ingress class, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Ingress Class under the Service and Ingress menu. 2. Navigate to the IngressClass List page.
3. IngressClass list page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. On the IngressClass List page, select the items you want to delete. 4. Navigate to the IngressClass Details page.
5. On the IngressClass Details page, click Delete IngressClass.
6. When the notification dialog appears, click the Confirm button.

2.5 - Managing Storage

You can create and manage storage for use with Kubernetes Engine. Storage is created and managed for each PVC, PV, and StorageClass.

Managing PVC

Persistent Volume Claim(PVC) is an object defined to allocate the required storage capacity. PVC provides high usability through abstraction and can prevent the problem of data being deleted when the container lifecycle (Container Lifecycle) expires (maintaining Data Persistence).

Create PVC

To create a PVC, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click PVC under the Storage menu. 2. Go to the PVC List page.
3. PVC List page, select the cluster and namespace from the gear button at the top left, then click Create Object.
4. Enter the object information in the Object Creation Popup and click the Confirm button.

Check PVC detailed information

To view detailed PVC information, follow the steps below.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click PVC under the Storage menu. 2. PVC List Navigate to the page.
3. On the PVC List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the item you want to view detailed information for on the PVC List page. 4. PVC Details Go to the page.
   • If you select Show system objects at the top of the list, all items except the Kubernetes object entries will be displayed.
5. Click each tab to view the service information.

   Category	Detailed description
   Status display	Displays the current status of the PVC. Bound: Normal connection
   Delete PVC	Delete PVC
   Detailed Information	Detailed PVC information can be viewed
   YAML	The PVC resource file can be edited in the YAML editor Click the Edit button, modify the resource, then click the Done button to apply the changes When editing content, you can click the Diff button to view the changed content
   event	Check events that occurred within the PVC
   Account Information	Check basic information about the Account, such as name, location, creation time, etc.
   Metadata Information	Check the PVC metadata information
   Object Information	Check the PVC object information

   Table. PVC detailed information items

Delete PVC

To delete a PVC, follow the steps below.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click PVC under the Storage menu. 2. PVC List go to the page.
3. On the PVC List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. PVC List page, select the items you want to delete. 4. Go to the PVC Details page.
5. On the PVC Details page, click Delete PVC.
6. When the notification confirmation window appears, click the Confirm button.

Manage PV

Persistent Volume (PV) refers to the physical disk that a system administrator creates in Kubernetes Engine.

Create PV

To create a PV, follow the steps below.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click PV under the Storage menu. 2. Go to the PV List page.
3. On the PV List page, select the cluster and namespace from the gear button at the top left, then click Create Object.
4. Enter the object information in the Object Creation Popup and click the Confirm button.

Check PV detailed information

To view detailed PV information, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click PV under the Storage menu. 2. Navigate to the PV list page.
3. PV List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. On the PV List page, select the item for which you want to view detailed information. 4. Navigate to the PV Details page.
   • If you select Show system objects at the top of the list, all items except the Kubernetes object entries will be displayed.
5. Click each tab to view the service information.

   Category	Detailed description
   Status display	Displays the current status of the PV. Bound: Normal connection
   Delete PV	Delete PV
   Detailed Information	Detailed information of the PV can be viewed
   YAML	The PV’s resource file can be edited in the YAML editor Click the Edit button, modify the resource, then click the Done button to apply the changes When editing content, you can click the Diff button to view the changes
   event	Check events that occurred within the PV
   Account Information	Check basic information about the Account, such as name, location, creation time, etc.
   Metadata Information	Check the PV metadata information
   Object Information	Check PV object information

   Table. PV detailed information items

Delete PV

To delete a PV, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click PV under the Storage menu. 2. Go to the PV List page.
3. On the PV List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the item you want to delete on the PV list page. 4. Go to the PV Details page.
5. Click Delete PV on the PV Details page.
6. When the notification dialog appears, click the Confirm button.

Managing StorageClass

Storage Class (Storage Class) is a Kubernetes resource that defines the type, performance, and other levels of storage.

Predefined storage class

Creating a StorageClass

To create a storage class, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Storage Class under the Storage menu. 2. Navigate to the StorageClass List page.
3. StorageClass list on the page, select the cluster and namespace from the top‑left gear button, then click Create Object.
4. Enter the object information in the Object Creation Popup and click the Confirm button.
   Reference

   For detailed information on the concept of storage classes and object creation, please refer to 쿠버네티스 공식 문서 > 스토리지 클래스.

View detailed storage class information

To view detailed information about the storage class, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click StorageClass under the Storage menu. 2. Navigate to the StorageClass List page.
3. On the StorageClass List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the item you want to view detailed information for on the StorageClass List page. 4. Navigate to the StorageClass Details page.
   • If you select Show system objects at the top of the list, all items except the Kubernetes object entries will be displayed.
5. Click each tab to view the service information.

   Category	Detailed description
   Delete StorageClass	Delete the StorageClass
   Detailed Information	Detailed information of the storage class can be viewed
   YAML	The resource file of the StorageClass can be edited in the YAML editor Click the Edit button, modify the resource, then click the Done button to apply the changes When editing content, click the Diff button to view the changes
   event	Check events that occurred within the storage class
   Account information	Check basic information about the Account, such as name, location, and creation time.
   Metadata Information	Check the metadata information of the StorageClass
   Object Information	Check the object information of the storage class

   Table. StorageClass detailed information items

Delete StorageClass

To delete a storage class, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click StorageClass under the Storage menu. 2. Navigate to the StorageClass List page.
3. StorageClass list page, select the cluster and namespace from the top-left gear button, then click Confirm.
4. On the StorageClass List page, select the items you want to delete. 4. Navigate to the StorageClass Details page.
5. On the StorageClass Details page, click Delete StorageClass.
6. When the notification dialog appears, click the Confirm button.
   Caution

   On the storage class list page, after selecting the item you want to delete, click Delete to delete the selected storage class.

2.6 - Configuration(Configuration) Management

When you need to manage values that change inside a container across various environments such as development and production, creating separate images to handle them via environment variables is inconvenient and costly. In Kubernetes, you can manage environment variables or configuration values as variables so they can be changed externally and injected when a Pod is created; at this point, you can use ConfigMap and Secret.

Managing ConfigMaps

Config information used in a namespace can be defined in a ConfigMap and managed.

Create ConfigMap

To create a ConfigMap, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click ConfigMap under the Configuration menu. 2. Navigate to the ConfigMap List page.
3. On the ConfigMap List page, select the cluster and namespace from the gear button at the top left, then click Create Object.
4. Enter the object information in the Object Creation Popup and click the Confirm button.

View ConfigMap detailed information

To view detailed ConfigMap information, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click ConfigMap under the Configuration menu. 2. Navigate to the ConfigMap list page.
3. On the ConfigMap List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the item you want to view detailed information for on the ConfigMap List page. 4. Go to the ConfigMap Details page.
   • If you select Show system objects at the top of the list, all items except the Kubernetes object entries will be displayed.
5. Click each tab to view the service information.

   Category	Detailed description
   Delete ConfigMap	Delete ConfigMap
   Detailed Information	Detailed ConfigMap information can be viewed
   YAML	The resource file of a ConfigMap can be edited in the YAML editor Click the Edit button, modify the resource, then click the Done button to apply the changes When editing content, you can click the Diff button to view the changed content
   event	Check events that occurred in the ConfigMap
   Account Information	Check basic information about the Account, such as name, location, and creation time.
   Metadata Information	Check the metadata information of the ConfigMap
   Object Information	Check the object information of the ConfigMap Data separates rows with - - -, and value is displayed in a textarea format Binary data’s value outputs the length value

   Table. ConfigMap detailed information items

Delete ConfigMap

To delete a ConfigMap, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click ConfigMap under the Configuration menu. 2. Go to the ConfigMap list page.
3. On the ConfigMap List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. On the ConfigMap List page, select the item you want to delete. 4. Navigate to the ConfigMap Details page.
5. On the ConfigMap Details page, click Delete ConfigMap.
6. When the notification confirmation window appears, click the Confirm button.

Managing Secrets

Using secrets allows you to securely store and manage sensitive information such as passwords, OAuth tokens, and SSH keys.

Create Secret

To create a secret, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Secret under the Configuration menu. 2. Go to the Secret List page.
3. On the Secret List page, select the cluster and namespace from the gear button at the top left, then click Create Object.
4. In the Object Creation Popup, enter the object information and click the Confirm button.

Check secret detailed information

To view the secret details, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Secret under the Configuration menu. 2. Go to the Secret List page.
3. On the Secret List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the item you want to view detailed information for on the Secret List page. 4. Go to the Secret Details page.
   • If you select Show system objects at the top of the list, all items except the Kubernetes object entries will be displayed.
5. Click each tab to view the service information.

   Category	Detailed description
   Delete secret	Delete the secret
   Detailed Information	Detailed information of the secret can be viewed
   YAML	The secret’s resource file can be edited in the YAML editor Click the Edit button, modify the resource, then click the Done button to apply the changes When editing content, you can click the Diff button to view the changed content
   event	View events that occurred within the secret
   Account information	Check basic information about the Account, such as name, location, and creation timestamp.
   Metadata Information	Check the secret’s metadata information
   Object Information	Check the secret object’s information

   Table. Secret detailed information items

Delete secret

To delete the secret, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Secret under the Configuration menu. 2. Go to the Secret List page.
3. On the Secret List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the items you want to delete on the Secret List page. 4. Navigate to the Secret Details page.
5. On the Secret Details page, click Delete Secret.
6. When the notification confirmation window appears, click the Confirm button.

2.7 - Manage Permissions

When multiple users access a Kubernetes cluster, you can assign permissions for specific APIs or namespaces to define access scopes. You can apply Kubernetes’ role-based access control (RBAC) feature to set permissions for each cluster or namespace. You can create and manage ClusterRoles, ClusterRoleBindings, Roles, and RoleBindings.

Managing Cluster Roles

You can set and manage access permissions at the cluster level. You can also set permissions for APIs or resources that are not limited to a namespace.

Create ClusterRole

To create a cluster role, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Cluster Role under the Permissions menu. 2. Go to the Cluster role list page.
3. On the Cluster Role List page, select the cluster and namespace from the gear button at the top left, then click Create Object.
4. Enter the object information in the Object Creation Popup and click the Confirm button.

Check detailed information of the cluster role

To view detailed information about the cluster role, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Cluster Role under the Permissions menu. 2. Go to the Cluster role list page.
3. Cluster role list page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. ClusterRole list page, select the item you want to view detailed information for. 4. Navigate to the Cluster role details page.
   • If you select Show system objects at the top of the list, all items except the Kubernetes object entries will be displayed.
5. Click each tab to view the service information.

   Category	Detailed description
   Delete ClusterRole	Delete the ClusterRole
   Detailed Information	View detailed information of the cluster role
   YAML	The resource file of the ClusterRole can be edited in the YAML editor Click the Edit button, modify the resource, then click the Done button to apply the changes When editing content, click the Diff button to view the changes
   event	Check events that occurred within the cluster role
   Account Information	Check basic information about the Account, such as name, location, creation time, etc.
   Metadata Information	Check the metadata information of the ClusterRole
   Policy Rule Information	View the policy rule information of a ClusterRole Resources: List of resources to which the rule applies Non-Resource URLs: Non-Resource URLs are the set of partial URLs that a user needs to access * is allowed, but only as the final segment of the entire path Non-resource URLs are not namespaced, so this field can only be used in a ClusterRole referenced by a ClusterRoleBinding A rule can apply to an API resource (e.g., “pods” or “secrets”) or a non-resource URL path (e.g., “/api”), but not to both ResourceNames: ResourceNames is an optional whitelist of names that the rule applies to. An empty set means everything is allowed Verbs: Verbs are the API actions used in resource requests such as get, list, create, update, patch, watch, delete, deletecollection For more information, see the Kubernetes official documentation > API Verbs

   Table. Cluster role detailed information items

Delete cluster role

To delete the cluster role, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Cluster Role under the Permissions menu. 2. Navigate to the Cluster Role List page.
3. On the Cluster role list page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the items you want to delete on the Cluster role list page. 4. Navigate to the Cluster role details page.
5. On the Cluster role details page, click Delete cluster role.
6. When the notification confirmation window appears, click the Confirm button.

Managing ClusterRoleBinding

You can create and manage a cluster role binding by linking a cluster role with a specific target.

Create ClusterRoleBinding

To create a ClusterRoleBinding, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click ClusterRoleBinding under the Permissions menu. 2. Navigate to the ClusterRoleBinding List page.
3. ClusterRoleBinding List on the page, select the cluster and namespace from the gear button at the top left, then click Create Object.
4. Enter the object information in the Object Creation Popup and click the Confirm button.

View detailed information of ClusterRoleBinding

To view detailed information about the cluster role binding, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click ClusterRoleBinding under the Permissions menu. 2. Navigate to the Cluster Role Binding List page.
3. On the ClusterRoleBinding List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the item you want to view details for on the Cluster Role Binding List page. 4. Navigate to the Cluster Role Binding Details page.
   • If you select Show system objects at the top of the list, all items except the Kubernetes object entries will be displayed.
5. Click each tab to view the service information.

   Category	Detailed description
   Delete ClusterRoleBinding	Delete the cluster role binding
   Detailed Information	View detailed information of the ClusterRoleBinding
   YAML	The resource file of the cluster role binding can be edited in the YAML editor Edit button to click and after modifying the resource, click the Done button to apply the changes When editing content, click the Diff button to view the changed content
   event	Check the events that occurred within the ClusterRoleBinding
   Account Information	Check basic information about the Account, such as name, location, creation time, etc.
   Metadata Information	Check the metadata information of the ClusterRoleBinding
   Role/Target Information	Check the role and target information of the ClusterRole

   Table. Cluster Role Binding detailed information items

Delete ClusterRoleBinding

To delete a ClusterRoleBinding, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click ClusterRoleBinding under the Permissions menu. 2. Go to the Cluster Role Binding List page.
3. ClusterRoleBinding List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the item you want to delete on the Cluster Role Binding List page. 4. Navigate to the Cluster Role Binding Details page.
5. On the Cluster Role Binding Details page, click Delete Cluster Role Binding.
6. When the notification confirmation window appears, click the Confirm button.

Manage roles

A role is a rule that specifies permissions for a specific API or resource. You can create and manage permissions that allow access only to the namespace to which the role belongs.

Create role

To create a role, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Role under the Permissions menu. 2. Go to the Roll List page.
3. Roles page, select the cluster and namespace from the gear button at the top left, then click Create Object.
4. Enter the object information in the Object Creation Popup and click the Confirm button.

Check roll detailed information

To view detailed roll information, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Role under the Permissions menu. 2. Go to the Role List page.
3. On the Roles List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the item you want to view detailed information for on the Roll List page. 4. Roll Details navigate to the page.
   • If you select Show system objects at the top of the list, all items except the Kubernetes object entries will be displayed.
5. Click each tab to view the service information.

   Category	Detailed description
   Delete Role	Delete the role
   Detailed Information	View detailed information of the roll
   YAML	The resource files of Roll can be edited in a YAML editor Click the Edit button, modify the resource, then click the Done button to apply the changes When editing content, click the Diff button to view the changes
   event	Check events that occurred within the roll
   Account information	Check basic information about the Account, such as name, location, and creation date and time.
   Metadata Information	Check the roll’s metadata information
   Policy Rule Information	View Role policy rule information Resources: List of resources to which the rule applies Non-Resource URLs: Non-Resource URLs are the set of partial URLs that a user may access * is allowed, but only as the final segment of the path Non-resource URLs are not namespaced, so this field can only be used in a ClusterRole referenced by a ClusterRoleBinding A rule can apply to an API resource (e.g., “pods” or “secrets”) or a non-resource URL path (e.g., “/api”), but not both Resource Names: Resource names are an optional whitelist of names the rule applies to; an empty set means all are allowed Verbs: Verbs are the API actions used in resource requests such as get, list, create, update, patch, watch, delete, deletecollection For more details, see the Kubernetes official documentation > API Verbs

   Table. Role detailed information items

Delete role

To delete the role, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Role under the Permissions menu. 2. Navigate to the Role List page.
3. Role List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. On the Roll List page, select the item you want to delete. 4. Roll Details page will be opened.
5. On the Roll Details page, click Delete Roll.
6. When the notification confirmation window appears, click the Confirm button.

Managing Role Bindings

You can create and manage role bindings by linking a role to a specific subject.

Create RoleBinding

To create a role binding, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Role Binding under the Permissions menu. 2. Navigate to the Roll Binding List page.
3. On the Roll Binding List page, select the cluster and namespace from the gear button at the top left, then click Create Object.
4. Enter the object information in the Object Creation Popup and click the Confirm button.

View detailed role binding information

To view detailed roll binding information, follow these steps.

1. Click the All Services > Container > Kubernetes Engine menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Role Binding under the Permissions menu. 2. Go to the Roll Binding List page.
3. Roll Binding List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Roll Binding List page, select the item you want to view detailed information for. 4. Navigate to the Roll Binding Details page.
   • If you select Show system objects at the top of the list, all items except the Kubernetes object entries are displayed.
5. Click each tab to view the service information.

   Category	Detailed description
   Delete roll binding	Delete roll binding
   Detailed Information	View detailed information of roll binding
   YAML	The resource file of RollBinding can be edited in a YAML editor Click the Edit button, modify the resource, then click the Done button to apply the changes When editing content, you can click the Diff button to view the changes
   event	Check events that occurred within roll binding
   Account Information	Check basic information about the Account, such as name, location, creation time, etc.
   Metadata Information	Check the metadata information of roll binding
   Role/Target Information	Check the role’s responsibilities and target information

   Table. Role binding detailed information items

Delete Role Binding

To delete the roll binding, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. 1. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Role Binding under the Permissions menu. 2. Go to the Roll Binding List page.
3. Roll Binding List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the item you want to delete on the Roll Binding List page. 4. Navigate to the Roll Binding Details page.
5. On the Roll Binding Details page, click Delete Roll Binding.
6. When the notification dialog appears, click the Confirm button.

3 - Kubernetes Engine Usage Guide

Provides a guide for using Kubernetes Engine.

Kubernetes Engine Utilization Guide

In the Kubernetes Engine usage, the following features are described. For more details, refer to the guide.

3.1 - Access Cluster

kubectl Installation and Usage

After creating a Kubernetes Engine service, you can use the Kubernetes command-line tool kubectl to execute commands against your Kubernetes cluster. With kubectl, you can deploy applications, inspect and manage cluster resources, and view logs. You can find how to install and use kubectl in the official Kubernetes documentation.

To access a Kubernetes cluster with kubectl, you need a kubeconfig file that contains the Kubernetes server address and authentication information.

Kubernetes Engine supports authentication via admin certificate kubeconfig and user authentication key kubeconfig.

Admin certificate kubeconfig

This kubeconfig uses the admin certificate as the authentication method when accessing the Kubernetes API.

Download admin kubeconfig

Kubernetes Engine > Cluster List > Cluster Details > Admin kubeconfig download Click the button to download the kubeconfig file.

Use admin kubeconfig

User authentication key kubeconfig

This kubeconfig uses the user’s Open API authentication key as the credential when accessing the Kubernetes API.

User kubeconfig download

Kubernetes Engine > Cluster List > Cluster Details > User kubeconfig Download Click the button to download the kubeconfig file.

Add authentication key token to the user kubeconfig file

Below is an example of a user kubeconfig file. To use the kubeconfig file, you must add the authentication key token (AUTHKEY_TOKEN) information to the token field inside the file.

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0t...
    server: https://my-cluster-a1c3e.ske.xxx.samsungsdscloud.com:6443
  name: my-cluster-a1c3e
contexts:
- context:
    cluster: my-cluster-a1c3e
    user: jane.doe
  name: jane.doe@my-cluster-a1c3e
current-context: jane.doe@my-cluster-a1c3e
kind: Config
preferences: {}
users:
- name: jane.doe
  user:
    token: <AUTHKEY_TOKEN> #### Writing required

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0t...
    server: https://my-cluster-a1c3e.ske.xxx.samsungsdscloud.com:6443
  name: my-cluster-a1c3e
contexts:
- context:
    cluster: my-cluster-a1c3e
    user: jane.doe
  name: jane.doe@my-cluster-a1c3e
current-context: jane.doe@my-cluster-a1c3e
kind: Config
preferences: {}
users:
- name: jane.doe
  user:
    token: <AUTHKEY_TOKEN> #### Writing required

AUTHKEY_TOKEN can be generated by concatenating the ACCESS_KEY and SECRET_KEY of the authentication key with a colon (:) and then Base64 encoding it. The following is an example of creating an AUTHKEY_TOKEN in a Linux environment.

$ ACCESS_KEY=5df418813aed051548a72f4a814cf09e
$ SECRET_KEY=6ba7b810-9dad-11d1-80b4-00c04fd430c8
$ AUTHKEY_TOKEN=$(echo -n "$ACCESS_KEY:$SECRET_KEY" | base64 -w0)
$ echo $AUTHKEY_TOKEN
NWRmNDE4ODEzYWVkMDUxNTQ4YTcyZjRhODE0Y2YwOWU6NmJhN2I4MTAtOWRhZC0xMWQxLTgwYjQtMDBjMDRmZDQzMGM4r

$ ACCESS_KEY=5df418813aed051548a72f4a814cf09e
$ SECRET_KEY=6ba7b810-9dad-11d1-80b4-00c04fd430c8
$ AUTHKEY_TOKEN=$(echo -n "$ACCESS_KEY:$SECRET_KEY" | base64 -w0)
$ echo $AUTHKEY_TOKEN
NWRmNDE4ODEzYWVkMDUxNTQ4YTcyZjRhODE0Y2YwOWU6NmJhN2I4MTAtOWRhZC0xMWQxLTgwYjQtMDBjMDRmZDQzMGM4r

User kubeconfig execution example

You can view an example of executing the user kubeconfig.

When access is blocked by access control or a firewall

$ kubectl --kubeconfig=user-kubeconfig.yaml get namespaces
Unable to connect to the server: dial tcp 123.123.123.123:6443: i/o timeout

$ kubectl --kubeconfig=user-kubeconfig.yaml get namespaces
Unable to connect to the server: dial tcp 123.123.123.123:6443: i/o timeout

When authentication fails because the AUTHKEY_TOKEN does not match

$ kubectl --kubeconfig=user-kubeconfig.yaml get namespaces
error: You must be logged in to the server (Unauthorized)

$ kubectl --kubeconfig=user-kubeconfig.yaml get namespaces
error: You must be logged in to the server (Unauthorized)

AUTHKEY_TOKEN when authentication succeeds

$ kubectl --kubeconfig=user-kubeconfig.yaml get namespaces
...
kube-node-lease    Active 10d
kube-public        Active 10d
kube-system        Active 10d

$ kubectl --kubeconfig=user-kubeconfig.yaml get namespaces
...
kube-node-lease    Active 10d
kube-public        Active 10d
kube-system        Active 10d

AUTHKEY_TOKEN Authentication succeeded but lacks permission

$ kubectl --kubeconfig=user-kubeconfig.yaml get nodes
Error from server (Forbidden): nodes is forbidden: User "jane.doe" cannot list resource "nodes" in API group "" at the cluster scope

$ kubectl --kubeconfig=user-kubeconfig.yaml get nodes
Error from server (Forbidden): nodes is forbidden: User "jane.doe" cannot list resource "nodes" in API group "" at the cluster scope

3.2 - Authentication and Authorization

Kubernetes Engine applies Kubernetes authentication and RBAC authorization features. It explains how Kubernetes authentication and authorization functions integrate with Kubernetes Engine and IAM.

Kubernetes authentication and authorization

Describes Kubernetes authentication and RBAC authorization features.

Authentication

The Kubernetes API server obtains the information required for authenticating a user (User) or a service account (ServiceAccount) from certificates or authentication tokens, and then carries out the authentication process.

Authorization

The Kubernetes API server uses the user information obtained through the authentication process to verify, via RBAC-related objects, whether the user has permission for the requested operation. RBAC-related objects come in four types as follows.

Roll

Kubernetes defines several cluster roles by default. Some of those cluster roles do not include the prefix (system:). These are cluster roles intended for user use. This includes a superuser role (cluster-admin) applied to the entire cluster using a ClusterRoleBinding, and roles (admin, edit, view) applied to a specific namespace using a RoleBinding.

If necessary, you can define additional roles (or cluster roles) beyond the default cluster role, as shown below.

# A role that grants permission to view pods in the "default" namespace.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: default
  name: pod-reader
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "list", "watch"]

# A role that grants permission to view pods in the "default" namespace.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: default
  name: pod-reader
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "list", "watch"]

# Cluster role that grants permission to view nodes
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: node-reader
rules:
- apiGroups: [""]
  resources: ["nodes"]
  verbs: ["get", "list", "watch"]

# Cluster role that grants permission to view nodes
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: node-reader
rules:
- apiGroups: [""]
  resources: ["nodes"]
  verbs: ["get", "list", "watch"]

Role Binding

To manage access to the Kubernetes Engine using Samsung Cloud Platform IAM, you need to understand the relationship between Kubernetes role bindings and IAM. The subjects of a role binding (or cluster role binding) may include individual users (User) or groups (Group).

• User corresponds to the Samsung Cloud Platform username, and Group corresponds to the IAM user group name, respectively.

For RoleBinding/ClusterRoleBinding, subjects.kind can be set to one of the following.

• User: Samsung Cloud Platform is connected to individual users.
• Group: Connected to the Samsung Cloud Platform IAM user group.

The subjects.name of a role binding/cluster role binding can be specified as follows. If the user is a User: individual Samsung Cloud Platform username (e.g., jane.doe) For a group: Samsung Cloud Platform IAM user group name (e.g., ReadPodsGroup)

In this way, the IAM user group is linked to the group defined in the RoleBinding (or ClusterRoleBinding) of the Kubernetes Engine cluster. It is also granted permission to perform the API actions included in the Role (or ClusterRole) associated with the group.

Example) role binding read-pods #1

The example of writing User (individual Samsung Cloud Platform user) in a role binding is as follows.

# This role binding allows the user "jane.doe" to view pods in the "default" namespace.
# The namespace must have a role named "pod-reader".
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: read-pods
  namespace: default
roleRef:
  # The "roleRef" specifies the link to a Role or ClusterRole.
  kind: Role       # Must be Role or ClusterRole.
  name: pod-reader # Must match the name of the Role or ClusterRole you want to bind to.
  apiGroup: rbac.authorization.k8s.io
subjects:
# You can specify one or more "target (subject)".
- kind: User
  name: jane.doe
  apiGroup: rbac.authorization.k8s.io

# This role binding allows the user "jane.doe" to view pods in the "default" namespace.
# The namespace must have a role named "pod-reader".
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: read-pods
  namespace: default
roleRef:
  # The "roleRef" specifies the link to a Role or ClusterRole.
  kind: Role       # Must be Role or ClusterRole.
  name: pod-reader # Must match the name of the Role or ClusterRole you want to bind to.
  apiGroup: rbac.authorization.k8s.io
subjects:
# You can specify one or more "target (subject)".
- kind: User
  name: jane.doe
  apiGroup: rbac.authorization.k8s.io

When a role binding like the above is created in the cluster, a user whose username is jane.doe is granted permission to perform the API actions defined in the pod-reader role.

Example) role binding read-pods #2

The example of creating a group (IAM user group) in role binding is as follows.

# This role binding allows users in the "ReadPodsGroup" group to view pods in the "default" namespace.
# The namespace must have a role called "pod-reader".
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: read-pods
  namespace: default
roleRef:
  kind: Role
  name: pod-reader
  apiGroup: rbac.authorization.k8s.io
subjects:
# You can specify one or more "target (subject)".
- kind: Group
  name: ReadPodsGroup
  apiGroup: rbac.authorization.k8s.io

# This role binding allows users in the "ReadPodsGroup" group to view pods in the "default" namespace.
# The namespace must have a role called "pod-reader".
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: read-pods
  namespace: default
roleRef:
  kind: Role
  name: pod-reader
  apiGroup: rbac.authorization.k8s.io
subjects:
# You can specify one or more "target (subject)".
- kind: Group
  name: ReadPodsGroup
  apiGroup: rbac.authorization.k8s.io

If a role binding like the above is created in the cluster, users in the IAM user group ReadPodsGroup are granted permission to perform the API actions defined in the role pod-reader.

Example) ClusterRoleBinding read-nodes

# This cluster role binding allows users in the "ReadNodesGroup" group to view nodes.
# A cluster role named "node-reader" must exist.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: read-nodes
roleRef:
  kind: ClusterRole
  name: node-reader
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: Group
  name: ReadNodesGroup
  apiGroup: rbac.authorization.k8s.io

# This cluster role binding allows users in the "ReadNodesGroup" group to view nodes.
# A cluster role named "node-reader" must exist.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: read-nodes
roleRef:
  kind: ClusterRole
  name: node-reader
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: Group
  name: ReadNodesGroup
  apiGroup: rbac.authorization.k8s.io

When a cluster role binding like the above is created in the cluster, users belonging to the IAM user group ReadNodesGroup are granted permission to perform the API actions defined in the cluster role node-reader.

Predefined roles and role bindings for Samsung Cloud Platform

In the Kubernetes Engine of Samsung Cloud Platform, the cluster role bindings scp-cluster-admin, scp-view, scp-namespace-view, and the cluster role scp-namespace-view are predefined. The table below shows the predefined roles and role bindings for Samsung Cloud Platform and the relationships of Samsung Cloud Platform users. Here, the cluster roles cluster-admin and view are predefined within the Kubernetes cluster. For more details, see role.

• According to the cluster role binding scp-cluster-admin, the Kubernetes Engine service creator is granted cluster admin privileges.
• Users or groups registered in the cluster role binding scp-view are granted cluster viewer permissions. It is bound to the predefined Kubernetes cluster role view, and does not grant access to cluster‑scoped resources (e.g., namespaces, nodes, ingress classes, etc.) or to secrets within a namespace. For more details, see role.
• According to the cluster role binding scp-namespace-view, all users authenticated to the cluster are granted permission to view namespaces.

The details of the predefined roles and role bindings for Samsung Cloud Platform are as follows.

ClusterRoleBinding scp-cluster-admin

Cluster role binding scp-cluster-admin is linked to the cluster role cluster-admin, and is bound to the Samsung Cloud Platform user (Kubernetes Engine cluster creator) according to the subjects field.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
  name: scp-cluster-admin
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: User               
  name: jane.doe # cluster creator username
  apiGroup: rbac.authorization.k8s.io

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
  name: scp-cluster-admin
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: User               
  name: jane.doe # cluster creator username
  apiGroup: rbac.authorization.k8s.io

ClusterRoleBinding scp-view

ClusterRoleBinding scp-view is bound to the ClusterRole view, and you can add Samsung Cloud Platform users or IAM user groups to the subjects field.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: scp-view
roleRef:
  kind: ClusterRole
  name: view
  apiGroup: rbac.authorization.k8s.io

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: scp-view
roleRef:
  kind: ClusterRole
  name: view
  apiGroup: rbac.authorization.k8s.io

ClusterRole and ClusterRoleBinding scp-namespace-view

The cluster role scp-namespace-view defines view permissions for namespaces. The cluster role binding scp-namespace-view is bound to the cluster role scp-namespace-view, granting namespace read permissions to all authenticated users in the cluster.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: scp-namespace-view
rules:
- apiGroups: [""]
  resources: ["namespaces"]
  verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: scp-namespace-view
roleRef:
  kind: ClusterRole
  name: scp-namespace-view
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: Group
  name: system:authenticated
  apiGroup: rbac.authorization.k8s.io

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: scp-namespace-view
rules:
- apiGroups: [""]
  resources: ["namespaces"]
  verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: scp-namespace-view
roleRef:
  kind: ClusterRole
  name: scp-namespace-view
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: Group
  name: system:authenticated
  apiGroup: rbac.authorization.k8s.io

IAM user group RBAC use case

This chapter explains examples of granting permissions for each major user scenario. The IAM user groups, ClusterRoleBinding/RoleBinding, and ClusterRole names presented here are just examples to aid understanding. Administrators should define and apply appropriate names and permissions as needed.