Kubernetes Engine

• 1: Overview
• 1.1: Monitoring Metrics
• 1.2: ServiceWatch Metrics
• 2: How-to guides
• 2.1: Node Management
• 2.2: Manage Namespaces
• 2.3: Manage Workload
• 2.4: Service and Ingress Management
• 2.5: Storage Management
• 2.6: Configuration(Configuration) Management
• 2.7: Manage Permissions
• 3: Using Kubernetes Engine
• 3.1: Authentication and Authorization
• 3.2: Accessing the Cluster
• 3.3: Using type LoadBalancer Service
• 3.4: Considerations for Use
• 3.5: Version Information
• 4: API Reference
• 5: CLI Reference
• 6: Release Note

1 - Overview

Service Overview

Kubernetes Engine is a service that provides lightweight virtual computing and containers, as well as a Kubernetes cluster to manage them. Users can utilize the Kubernetes environment without complex preparation by installing, operating, and maintaining the Kubernetes Control Plane.

Features

• Standard Kubernetes Environment Configuration: The standard Kubernetes environment can be used without separate configuration through the default Kubernetes Control Plane provided. It is compatible with applications in other standard Kubernetes environments, so you can use standard Kubernetes applications without modifying the code.

• Easy Kubernetes Deployment: Provides secure communication between worker nodes and managed control planes, and quickly provisions worker nodes, allowing users to focus on building applications on the provided container environment.

• Convenient Kubernetes Management: Provides various management features to conveniently use the created Kubernetes cluster, such as cluster information inquiry and cluster management, namespace management, and workload management through the dashboard for enterprise environments.

Service Composition Diagram

Provided Features

Kubernetes Engine provides the following features.

• Cluster Management: You can create and manage clusters to use the Kubernetes Engine service. After creating a cluster, you can add services necessary for operation, such as nodes, namespaces, and workloads.
• Node Management: A node is a set of machines that run containerized applications. Every cluster must have at least one worker node to deploy applications. Nodes can be defined and used by defining a node pool. Nodes belonging to a node pool must have the same server type, size, and OS image, and multiple node pools can be created to establish a flexible deployment strategy.
• Namespace Management: Namespace is a logical separation unit within a Kubernetes cluster, and is used to specify access permissions or resource usage limits by namespace.
• Workload Management: Workload is an application running on Kubernetes Engine. You can create a namespace, then add or delete workloads. Workloads are created and managed item by item, such as deployments, pods, stateful sets, daemon sets, jobs, and cron jobs.
• Service and Ingress Management: Service is an abstraction method that exposes applications running in a set of pods as a network service, and Ingress is used to expose HTTP and HTTPS paths from outside the cluster to the inside. After creating a namespace, you can create or delete services, endpoints, ingresses, and ingress classes.
• Storage Management: When using Kubernetes Engine, you can create and manage the storage to be used. Storage is created and managed by items such as PVC, PV, and storage class.
• Configuration Management: When there is a need to manage values that change inside a container according to multiple environments such as Dev/Prod, managing them with separate images due to environment variables is inconvenient and causes significant cost waste. In Kubernetes, you can manage environment variables or configuration values as variables from the outside so that they can be inserted when a Pod is created, and at this time, ConfigMap and Secret can be used.
• Access Control: In cases where multiple users access a Kubernetes cluster, you can grant permissions for specific APIs or namespaces to restrict access. You can apply Kubernetes’ role-based access control (RBAC) feature to set permissions for clusters or namespaces. You can create and manage cluster roles, cluster role bindings, roles, and role bindings.

Component

Control Plane

The Control Plane is the master node role in the Kubernetes Engine service. The master node is the management node of the cluster, and it plays a role in managing other nodes in the cluster. The cluster is the basic creation unit of the Kubernetes Engine service, and it is used to manage node pools, objects, controllers, and other components within it. Users set up the cluster name, control plane, network, File Storage, and other settings, and then create a node pool within the cluster to use it. The master node assigns tasks to the cluster, monitors the status of the nodes, and plays a role in data communication between nodes.

The cluster name creation rule is as follows.

• It starts with English and can be set within 3-30 characters using English, numbers, and special characters (-).
• The cluster name must not be duplicated with the existing one.

Worker Node

The Worker Node is a work node in the cluster, playing a role in performing the cluster’s tasks. The Worker Node receives tasks from the cluster’s master node, performs them, and reports the task results to the cluster’s master node. All nodes created within the node pool and namespace play the role of a worker node.

The creation rule of the node pool, which is a collection of worker nodes, is as follows.

• A node pool must have at least one node to be created for application deployment to be possible.
• Up to 100 nodes can be created in a node pool.
• Since the maximum number of nodes is 100, if there are 100 node pools, 1 node per node pool, and if there are 50 node pools, 2 nodes per node pool, the total number of nodes can be created freely within 100 nodes.
• It is possible to set up Block Storage connected to the node pool.
• It is possible to set the server type, size, and OS image for nodes belonging to the node pool, and all must be the same.
• Auto-Scaling service allows you to set automatic node pool expansion/reduction according to the requirements of the deployed application.

Preceding Service

This is a list of services that must be pre-configured before creating this service. Please refer to the guide provided for each service and prepare in advance for more details.

1.1 - Monitoring Metrics

Kubernetes Engine Monitoring Metrics

The following table shows the monitoring metrics of Kubernetes Engine that can be checked through Cloud Monitoring. For detailed instructions on using Cloud Monitoring, refer to the Cloud Monitoring guide.

1.2 - ServiceWatch Metrics

Kubernetes Engine sends metrics to ServiceWatch. The metrics provided as basic monitoring are data collected at 1-minute intervals.

Basic Metrics

The following are basic metrics for the Kubernetes Engine namespace.

Metrics with metric names shown in bold below are key metrics selected among the basic metrics provided by Kubernetes Engine. Key metrics are used to configure service dashboards that are automatically built for each service in ServiceWatch.

For each metric, the user guide describes which statistical value is meaningful when querying that metric, and the statistical value shown in bold among the meaningful statistics is the key statistic. You can query key metrics through key statistics in the service dashboard.

2 - How-to guides

Users can enter the required information for the Kubernetes Engine and select detailed options to create a service through the Samsung Cloud Platform Console.

Create Kubernetes Engine

You can create and use the Kubernetes Engine service from the Samsung Cloud Platform Console.

You can create and manage clusters to use the Kubernetes Engine service. After creating a cluster, you can add services needed for operation such as nodes, namespaces, and workloads.

Creating a cluster

You can create and use a Kubernetes Engine cluster service from the Samsung Cloud Platform Console.

To create a Kubernetes Engine cluster, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Click the Create Cluster button on the Service Home page. You will be taken to the Create Cluster page.
3. Cluster Creation page, enter the information required for service creation, and select detailed options.
   • Service Information Input area, please enter or select the required information.

     Category	Required	Detailed description
     Cluster Name	Required	Cluster Name Start with an English letter and use English letters, numbers, and the special character (-) within 3-30 characters
     Control Plane Settings > Kubernetes Version	Required	Select Kubernetes Version
     Control Area Settings > Private Endpoint Access Control	Select	Select whether to use Private Endpoint Access Control After selecting Use, click Add to select resources that are allowed to access the private endpoint Only resources in the same Account and same region can be registered Regardless of the Use setting, the nodes of the cluster can access the private endpoint
     Control Area Settings > Public Endpoint Access/Access Control	Select	Select whether to use Public Endpoint Access/Access Control After selecting Use, enter the Allowed Access IP Range as 192.168.99.0/24 Set the access control IP range so that external users can access the Kubernetes API server endpoint If external access is not needed, you can disable it to reduce security threats
     ServiceWatch log collection	Select	Set whether to enable log collection so that logs for the cluster can be viewed in ServiceWatch Use to select provides 5 GB of log storage for free for all services within the Account, and if it exceeds 5 GB, charges are applied based on storage amount If you need to check cluster logs, it is recommended to enable the ServiceWatch log collection feature
     Cloud Monitoring log collection	Select	Set whether to enable log collection so that logs for the cluster can be viewed in Cloud Monitoring Enable: If selected, 1 GB of log storage is provided for free for all services within the Account, and any amount exceeding 1 GB will be deleted sequentially
     Network Settings	Required	Network connection settings for node pool VPC Name: Select a pre-created VPC Subnet Name: Choose a standard Subnet to use among the subnets of the selected VPC Security Group: Select button after clicking then Select Security Group popup window select Security Group Up to 4 Security Group can be selected
     File Storage Settings	Required	Select the file storage volume to be used in the cluster Default Volume (NFS): Click the Search button and then select the file storage in the File Storage Selection popup. The default Volume file storage can only use the NFS format

     Table. Kubernetes Engine service information input items
   • Enter additional information area, input or select the required information.

     Category	Required or not	Detailed description
     Tag	Select	Add Tag Up to 50 can be added per resource After clicking the Add Tag button, enter or select Key, Value values

     Table. Kubernetes Engine Additional Information Input Items
4. Summary Check the detailed information and estimated billing amount generated in the panel, and click the Create button.
   • When creation is complete, check the created resources on the Cluster List page.

Check cluster details

Kubernetes Engine service allows you to view and edit the full resource list and detailed information. Cluster Details page consists of Details, Node Pools, Tags, Activity History tabs.

To view detailed cluster information, follow the steps below.

1. All Services > Container > Kubernetes Engine 메뉴를 클릭하세요. Kubernetes Engine의 Service Home 페이지로 이동합니다.
2. Click the Cluster menu on the Service Home page. You will be taken to the Cluster List page.
3. Click the resource (cluster) you want to view detailed information for on the Cluster List page. You will be taken to the Cluster Details page.
   • Cluster Details page displays the cluster’s status information and detailed information, and consists of Details, Node Pool, Tags, Job History tabs.

     Category	Detailed description
     Cluster Status	Kubernetes Engine cluster status Creating: Creating Running: Created / Running Updating: Version upgrade in progress Deleting: Deleting Error: Error occurred
     Service Termination	Button to terminate a Kubernetes Engine cluster To terminate the Kubernetes Engine service, you must delete all node pools added to the cluster If the service is terminated, the running service may be stopped immediately, so termination is necessary considering the impact of service interruption

     Table. Cluster status information and additional functions

Detailed Information

You can view detailed information of the selected resource on the Cluster List page, and modify the information if necessary.

Node Pool

You can view cluster node pool information and add, modify, or delete. For detailed information on using node pools, refer to Managing Nodes.

Tag

Cluster List page allows you to view the tag information of the selected resource, and you can add, modify, or delete it.

Work History

You can view the operation history of the selected resource on the Cluster List page.

Managing Cluster Resources

We provide cluster version upgrade, kubeconfig download, and control plane logging modification features for cluster resource management.

Cluster Version Upgrade

If there is a version that can be upgraded from the cluster’s Kubernetes version, you can perform the upgrade on the Cluster Details page.

Cluster version upgrade preparation

There is no need to delete and recreate API objects when upgrading the cluster version. For the transitioned API, all existing API objects can be read and updated using the new API version. However, due to deprecated APIs in older Kubernetes versions, you may be unable to read or modify existing objects or create new ones. Therefore, to ensure system stability, it is recommended to migrate clients and manifests before the upgrade.

Migrate the client and manifest using the following method.

• Download the new version of the client (e.g., kubectl), install it on the cluster, and modify the YAML to refer to the new API.
• Or use a separate plugin (kubectl convert) to automatically convert it. For detailed explanation, refer to Kubernetes official documentation > Install and configure kubectl on Linux.

Upgrade cluster and node pool version

To update the cluster and node pool, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engines.
2. Service Home page, click the Cluster menu. Go to the Cluster List page.
3. Click the resource (cluster) to upgrade the version on the Cluster List page. You will be taken to the Cluster Details page.
4. Click the edit icon of Kubernetes version on the Cluster Details page. The Cluster version upgrade popup opens.
5. Select the Kubernetes version to upgrade, and click the Confirm button.
   • It may take a few minutes until the cluster upgrade is complete
   • During the upgrade, the cluster status is shown as Updating, and when the upgrade is complete, it is shown as Running.
6. When the upgrade is complete, select the Node Pool tab. Go to the Node Pool page.
7. Click the More button of the node pool item and click Node Pool Upgrade. The Node Pool Version Upgrade popup window opens.
8. Node Pool Version Upgrade After checking the message in the popup window, click the Confirm button.
   • It may take a few minutes until the node pool upgrade is completed.
   • During the upgrade, the node pool status is shown as Updating, and when the upgrade is complete, it is shown as Running.

kubeconfig download

You can download the admin/user kubeconfig settings of the cluster’s public and private endpoints as a yaml document.

To download the kubeconfig settings of the cluster, follow the steps below.

1. Click the All Services > Container > Kubernetes Engine menu. Navigate to the Service Home page of Kubernetes Engines.
2. Click the Cluster menu on the Service Home page. You will be taken to the Cluster List page.
3. Click the resource (cluster) to download the kubeconfig on the Cluster List page. You will be taken to the Cluster Details page.
4. Cluster Details on the page, select the desired endpoint’s Admin kubeconfig download/User kubeconfig download button and click it.
   • You can download the kubeconfig file in yaml format for each permission.

Modify private endpoint access control

You can change the private endpoint access control settings of the cluster.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engines.
2. Click the Cluster menu on the Service Home page. Navigate to the Cluster List page.
3. Cluster List page, click the resource (cluster) for which you want to modify the private endpoint access control. You will be taken to the Cluster Details page.
4. Click the Edit icon of Private Endpoint Access Control on the Cluster Details page. The Edit Private Endpoint Access Control popup opens.
5. In the Private Endpoint Access Control Edit popup, set the Use status of Private Endpoint Access Control, add the allowed access resources, and then click the Confirm button.

Modify public endpoint access/access control

You can change the public endpoint access control settings of the cluster.

1. All Services > Container > Kubernetes Engine menu. Navigate to the Service Home page of Kubernetes Engines.
2. Click the Cluster menu on the Service Home page. You will be taken to the Cluster List page.
3. Cluster List page, click the resource (cluster) you want to modify public endpoint access control. Navigate to the Cluster Details page.
4. Click the Edit icon of Public Endpoint Access/Access Control on the Cluster Details page. The Public Endpoint Access/Access Control Edit popup opens.
5. Public endpoint access/access control modification In the popup, set the use of Public endpoint access control, add the allowed IP range, and then click the Confirm button.

Modify control area log collection settings

You can change the log collection settings of the cluster’s control plane. Detailed logs of the cluster can be viewed in the ServiceWatch service or the Cloud Monitoring service.

To change the control plane log collection settings of the cluster, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engines.
2. Click the Cluster menu on the Service Home page. Go to the Cluster List page.
3. Click the resource (cluster) to modify control plane logging on the Cluster List page. You will be taken to the Cluster Details page.
4. On the Cluster Details page, click the Edit icon of ServiceWatch Log Collection. The ServiceWatch Log Collection popup opens.
   • Cloud Monitoring log collection feature can also be set the same way.
5. ServiceWatch log collection in the popup window, after setting the use of ServiceWatch log modification, click the Confirm button.

Security Group Edit

You can modify the cluster’s Security Group.

Follow the steps below to modify the cluster’s Security Group.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engines.
2. Click the Cluster menu on the Service Home page. You will be taken to the Cluster List page.
3. Click the resource (cluster) to modify the Security Group on the Cluster List page. You will be taken to the Cluster Details page.
4. Click the Edit icon of Security Group on the Cluster Details page. The Edit Security Group popup window opens.
5. After selecting or deselecting the Security Group to modify, click the Confirm button.

Cancel Cluster

To cancel the cluster, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engines.
2. Click the Cluster menu on the Service Home page. Move to the Cluster List page.
3. Cluster List page, click the resource (cluster) for which you want to view detailed information. You will be taken to the Cluster Detail page.
4. Click Cancel Service on the Cluster Details page.
5. Service termination After reviewing the content in the popup window, click the Confirm button.

2.1 - Node Management

A node is a collection of machines that run containerized applications. Every cluster must have at least one worker node to be able to deploy applications. Nodes can be used by defining node pools. Nodes belonging to a node pool must have the same server type, size, and OS image, and by creating multiple node pools, a flexible deployment strategy can be established.

After creating a Kubernetes Engine cluster, add a node pool and modify or delete it as needed.

Add node pool

A node refers to a machine that runs containerized applications, and at least one node is required to deploy applications in a Kubernetes cluster. After the creation of a Kubernetes Engine cluster is complete, add a node pool on the details page.

• You can define and use node pools, which are sets of nodes, in Kubernetes Engine. Nodes belonging to a node pool use the same server type, size, and OS image, so users can establish flexible deployment strategies by using multiple node pools.

To add a node pool, follow the steps below.

1. Click the All Services > Container > Kubernetes Engine menu. Go to the Service Home page of Kubernetes Engine.
2. Click the Cluster menu on the Service Home page. You will be taken to the Cluster List page.
3. Cluster List page, select the cluster you want to add a node pool to. Navigate to the Cluster Details page.
4. Cluster Details page, after selecting the Node Pool tab, click the Add Node Pool button. Add Cluster Node Pool page will be displayed.
5. On the Add Cluster Node Pool page, enter the information required to create a node pool and select detailed options.
   • Service Information Input area, enter or select the required information.

     Category	Required or not	Detailed description
     Node Pool Name	Required	Node Pool Name Start with a lowercase English letter and use lowercase English letters, numbers, and the special character (-) within 3 - 20 characters The special character (-) cannot be used at the end of the name
     Node Pool > Server Type	Required	Virtual Server server type of worker node Standard: Standard specifications commonly used High Capacity: Large-capacity server specifications above Standard GPU: GPU specifications available when securing resources for special requirements such as AI/ML For detailed information on server types provided by Virtual Server, refer to Virtual Server Server Type
     Node Pool > Server OS	Required	Worker node’s Virtual Server OS image Standard: RHEL 8.10, Ubuntu 22.04 Custom: Custom image for Kubernetes created from Virtual Server product (RHEL, Ubuntu)
     Node Pool > Block Storage	Required	Block Storage settings used by the worker node’s Virtual Server SSD: High-performance general volume HDD: General volume SSD/HDD_KMS: Additional encrypted volume using Samsung Cloud Platform KMS (Key Management System) encryption key Encryption can only be applied at initial creation and cannot be changed after service creation Performance degradation occurs when using the SSD_KMS disk type Enter capacity in Units, with a value between 13 and 125 Since 1 Unit is 8 GB, 104 ~ 1,000 GB will be created
     Node Pool > Server Group	Select	Apply the pre-created Server Group in Virtual Server service to worker nodes Click Use to set Server Group usage When usage is set, select Server Group Supports Affinity or Anti-Affinity policies Partition policy not supported Cannot modify after node pool creation GPU server type cannot be selected
     Node Pool Auto Scaling	Required	Automatically adjust the number of nodes in the node pool Refer to the configuration method Node Pool Auto Scaling
     Number of Nodes	Required	Number of worker nodes to create within a single node pool Enter a value within the range 1 - 100
     Node Auto Recovery	Required	When an abnormal node is found in the node pool, automatically delete and create a new one Refer to Node Pool Auto Recovery for configuration method
     Keypair	Required	User authentication method used to connect to the worker node’s Virtual Server Create new: Create new if a new Keypair is needed Refer to Create Keypair List of default login accounts by OS Alma Linux: almalinux RHEL: cloud-user Rocky Linux: rocky Ubuntu: ubuntu Windows: sysadmin
     Label	Select	Optionally schedule workloads to nodes Click the Add button to enter label key and value Refer to Setting Node Pool Labels
     Taint	Select	Prevent workloads from being scheduled onto nodes

     • Click the **Add** button to input taint effect, key, and value

     • For configuration method, see [Node Pool Taint Settings](#노드-풀-테인트-설정하기)

     | | Advanced Settings | Select | Settings for detailed areas such as pods, logs, etc. for worker nodes

     • Click **Use** to select whether to apply advanced settings items for the node pool to be created

     • Refer to [Configure Node Pool Advanced Settings](#노드-풀-고급-설정하기) for the configuration method

     |

     Table. Kubernetes Engine node pool service information input items
6. Summary Check the detailed information and estimated billing amount generated in the panel, and click the Create button.
   • When creation is complete, check the created resources on the Cluster Details > Node Pool tab > Node Pool List page.
7. If the notification popup opens, click the Confirm button.

Edit Node Pool

If needed, modify the number of nodes in the node pool on the Kubernetes Engine details page.

To modify the number of nodes, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Service Home page, click the Cluster menu. Navigate to the Cluster List page.
3. Cluster List page, select the cluster you want to modify the node count for. Navigate to the Cluster Details page.
4. Cluster Details page, select the Node Pool tab, then click the Node Pool Name you want to edit. You will be taken to the Node Pool Details page.
5. On the Node Pool Details page, click the Edit icon on the right of Node Pool Information. The Node Pool Edit popup window will open.
6. Node Pool Edit In the popup window, after modifying the node pool information, click the Confirm button.

Upgrade Node Pool

If the Kubernetes version of the control plane and the version of the node pool are different, you can upgrade the node pool to synchronize the versions.

To upgrade the node pool, follow the steps below.

1. All Services > Container > Kubernetes Engine menu, click. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click the Cluster menu. You will be taken to the Cluster List page.
3. Cluster List page, select the cluster you want to perform a node pool version upgrade on. Navigate to the Cluster Details page.
4. On the Cluster Details page, select the Node Pool tab, then click More > Node Pool Upgrade at the far right of the Node Pool row. The Node Pool Version Upgrade popup will open.
   • You can only upgrade the node pool when the node’s status is Running.
5. Node Pool Version Upgrade After checking the information in the popup window, click the Confirm button.

Node pool auto scaling/downsizing

Node pool auto scaling is a feature that automatically adjusts the number of node pools by adding new nodes to a specified node pool or removing existing nodes according to workload demands. This feature operates based on the node pool.

• When node pool auto scaling/downsizing, it is adjusted based on the resource requests of pods running on the node pool’s nodes rather than actual resource usage, and it periodically checks the status of pods and nodes and executes auto scaling/downsizing tasks.

To set up the auto-scaling/auto-shrinking feature of the node pool, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Go to the Service Home page of Kubernetes Engine.
2. Click the Cluster menu on the Service Home page. Go to the Cluster List page.
3. Cluster List page, select the cluster you want to use the node auto‑scaling/scale‑down feature. Then go to the Cluster Details page.
4. On the Cluster Details page, select the Node Pool tab, then click the Node Pool Name you want to edit. You will be taken to the Node Pool Details page.
5. Click the Edit icon on the right of Node Pool Information on the Node Pool Details page. The Edit Node Pool popup window opens.
6. Node Pool Edit in the popup window, select Node Pool Auto Scaling to Enable.
7. After entering the minimum and maximum number of nodes, click the Confirm button.
   Reference

   Node pool auto-scaling settings can also be configured on the cluster node pool creation page.

   • Node pool expansion conditions
     • When pod fails to run on the cluster due to insufficient resources (Pending pod occurs)
   • Node pool reduction condition (when all satisfied)
     • If the sum of resource requests (CPU/Memory) of all pods running on a node is less than 50% of the node’s allocatable resources
     • If all pods running on the node can be run on another node (there must be no pods with PDB restrictions, etc.)
   • While using node pool auto scaling, to prevent deletion due to node reduction, please add the following annotation to the node.
     • cluster-autoscaler.kubernetes.io/scale-down-disabled: “true”

Auto-recover node pool

Node auto-recovery is a feature that, when an abnormal node is detected in the cluster, automatically deletes it and creates a new node to restore all node counts in the node pool to a normal state. This feature operates based on the node pool.

To set up the node auto-recovery feature, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Click the Cluster menu on the Service Home page. You will be taken to the Cluster List page.
3. Cluster List page, select the cluster you want to use the node auto-recovery feature. Move to the Cluster Details page.
4. On the Cluster Details page, select the Node Pool tab, then click the Node Pool Name you want to edit. You will be taken to the Node Pool Details page.
5. Click the Edit icon on the right of Node Pool Information on the Node Pool Details page. The Edit Node Pool popup window opens.
6. Node Pool Edit In the popup, select Node Auto Recovery as Enable, then click the Confirm button.

Setting Node Pool Labels

Node pool labels are a feature for selectively scheduling workloads onto nodes.

To set the node pool label, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Click the Cluster menu on the Service Home page. You will be taken to the Cluster List page.
3. On the Cluster List page, select the cluster for which you want to set the node pool label. It navigates to the Cluster Details page.
4. Cluster Details page, select the Node Pool tab, then click the Node Pool Name you want to edit. You will be taken to the Node Pool Details page.
5. Node Pool Details page, when you click the Edit icon of the label, the Edit Label popup window opens.
6. Label Edit In the popup window, click the Add button to add the required number of labels.
7. Enter the label information and click the Confirm button.

Setting Node Pool Taint

Node pool taint is a feature to prevent workloads from being scheduled onto nodes.

To set the node pool taint, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Click the Cluster menu on the Service Home page. Go to the Cluster List page.
3. Cluster List page, select the cluster you want to set the node pool label for. Move to the Cluster Details page.
4. Cluster Details page, select the Node Pool tab, then click the Node Pool Name you want to edit. You will be taken to the Node Pool Details page.
5. On the Node Pool Details page, clicking the Edit icon of a taint opens the Edit Taint popup.
6. Tint Edit In the popup window, click the Add button to add tints as many as needed.
7. Enter the tint information and click the Confirm button. ​

Advanced Node Pool Settings

Node pool advanced settings is a feature to apply detailed settings such as the number of pods, PID, logs, image GC, etc. within a worker node.

To perform advanced settings for the node pool, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Click the Cluster menu on the Service Home page. You will be taken to the Cluster List page.
3. Cluster List page, select the cluster you want to configure node pool advanced settings. Navigate to the Cluster Details page.
4. On the Cluster Details page, select the Node Pool tab, then click Create Node Pool. You will be taken to the Create Node Pool page.
5. On the Node Pool Creation page, select Advanced Settings to Enable.
6. After selecting Use, enter the required information for the items that appear.
7. Summary tab, after confirming that the required information has been entered correctly, click the Create button.

Delete node pool

If necessary, delete the node pool from the Kubernetes Engine details page.

To delete the node pool, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Click the Cluster menu on the Service Home page. You will be taken to the Cluster List page.
3. On the Cluster List page, select the cluster whose node count you want to modify. You will be taken to the Cluster Details page.
4. On the Cluster Details page, select the Node Pool tab, then click the More button at the far right of the node pool row. In the More menu, click Delete Node Pool.
5. Delete Node Pool In the popup window, select the checkbox and enter the name of the node pool to delete, then click the Confirm button.

• You must select the checkbox of the node deletion confirmation message for the confirm button to be enabled.

Check node details

A node is a working machine used in a Kubernetes cluster, containing essential services required to run Pods. Each node is managed by the master components, and depending on the cluster configuration, virtual machines or physical machines can be used as nodes.

After creating the cluster, you can view information such as metadata and object information of the added nodes, and edit the resource file with a YAML editor.

To view detailed information of the node pool, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Click the Node menu on the Service Home page. Navigate to the Node List page.
3. Node List page, after selecting the cluster you want to view detailed information for from the gear button at the top left, click the Confirm button.
4. Select the node you want to view detailed information for and click. You will be taken to the Node Details page.

   Category	Detailed description
   Status Display	Displays the current status of the node
   Detailed Information	Check the node’s Account information, metadata, and object information
   YAML	Node resources can be edited in the YAML editor Click the Edit button, modify the resource, then click the Save button to apply changes When editing content, click the Diff button to view the changes
   Event	Check events that occurred on the node
   Pod	Check node’s pod information Pod (Pod) is the smallest compute unit that can be created, managed, and deployed in Kubernetes Engine
   Account Information	Check basic information about the Account such as Account name, location, creation date, etc.
   Metadata Information	Check metadata information such as node labels, annotations, taints
   Object Information	Displays the object information of the created node, such as internal IP, machine ID, capacity, resources, etc. If GPU resources are present, check the number of GPUs in the Capacity > Nvidia.com/GPU column

   Table. Node Detailed Information Items

2.2 - Manage Namespaces

A namespace is a logical separation unit within a Kubernetes cluster, and it is used to specify access permissions or resource usage limits per namespace.

Create Namespace

To create a namespace, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Click the Namespace menu on the Service Home page. Navigate to the Namespace List page.
3. On the Namespace List page, select the cluster where you want to create a namespace from the gear button at the top left, then click Create Object.
4. In the Object Creation Popup, enter the object information and click the Confirm button.

Check namespace detailed information

You can check the namespace status and detailed information on the namespace detail page.

To view detailed namespace information, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. Go to the Service Home page of Kubernetes Engine.
2. Click the Namespace menu on the Service Home page. Navigate to the Namespace List page.
3. On the Namespace List page, select the cluster that the namespace requiring detailed information belongs to from the gear button at the top left, then click Confirm.
4. Click on the item you want to view detailed information for on the Namespace List page. You will be taken to the Namespace Details page.

   Category	Detailed description
   Status Display	Displays the current status of the namespace
   Namespace Deletion	Delete namespace A namespace containing workloads cannot be deleted. To delete a namespace, all associated workloads must be deleted.
   Detailed Information	Check the Account information and metadata information of the namespace
   YAML	Namespaces can be edited in the YAML editor Click the Edit button, modify the namespace, then click the Save button to apply changes When editing content, click the Diff button to view the changes
   Event	Check events that occurred within the namespace
   Pod	Check pod information of the namespace
   Account Information	Check basic information about the Account such as Account name, location, creation date, etc.
   Metadata Information	Check the metadata information of the namespace

   Table. Namespace detailed information items

Delete namespace

To delete a namespace, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Click the Namespace menu on the Service Home page. You will be taken to the Namespace List page.
3. Namespace List page, after selecting the cluster that the namespace you want to delete belongs to from the gear button at the top left, click the Confirm button.
4. Namespace List page, select the item you want to view detailed information and click. You will be taken to the Namespace Details page.
5. Click Delete Namespace on the Namespace Details page.
6. When the alert confirmation window appears, click the Confirm button.

2.3 - Manage Workload

A workload is an application that runs on Kubernetes Engine. You can create a namespace and then add or delete workloads. Workloads are created and managed per deployment, pod, stateful set, daemon set, job, and cron job.

Managing Deployments

A Deployment refers to a resource that provides updates for Pods and ReplicaSets. In workloads, you can create a Deployment and view detailed information or delete it.

Create Deployment

To create a deployment, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Click Deployment under the Workload menu on the Service Home page. You will be taken to the Deployment List page.
3. On the Deployment List page, select the cluster and namespace from the top-left gear button, then click Create Object.
4. In the Object Creation Popup, enter the object information and click the Confirm button.
   • The following is an example .yaml file showing the required fields and object Spec for creating a deployment. (application/deployment.yaml)
     Sample Code Download

     Copy Code

     Color mode

      apiVersion: apps/v1
      kind: Deployment
     metadata:
        name: nginx-deployment
      spec:
        selector:
           matchLabels:
              app: nginx
        replicas: 2 # tells deployment to run 2 pods matching the template
        template:
          metadata:
             labels:
                app: nginx
          spec:
             containers:
             - name: nginx
               image: nginx:1.14.2
               ports:
               - containerPort: 80

      apiVersion: apps/v1
      kind: Deployment
     metadata:
        name: nginx-deployment
      spec:
        selector:
           matchLabels:
              app: nginx
        replicas: 2 # tells deployment to run 2 pods matching the template
        template:
          metadata:
             labels:
                app: nginx
          spec:
             containers:
             - name: nginx
               image: nginx:1.14.2
               ports:
               - containerPort: 80

Check deployment detailed information

To view the deployment details, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. From the Service Home page, click Deployment under the Workloads menu. Navigate to the Deployment List page.
3. Deployment List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the item you want to view detailed information for on the Deployment List page. You will be taken to the Deployment Details page.
   • If you select Show System Objects at the top of the list, items other than the Kubernetes object entries will be displayed.
5. Click each tab to view service information.

   Category	Detailed description
   Delete Deployment	Delete deployment
   Detailed Information	Can check detailed information of deployment
   YAML	Deployment resource files can be edited in the YAML editor Click the Edit button, modify the resource, then click the Save button to apply the changes When editing content, click the Diff button to view the changed content
   Event	Check events that occurred within the deployment
   Pod	Check the pod information of the deployment Pod (pod) is the smallest computing unit that can be created, managed, and deployed in Kubernetes Engine
   Account Information	Check basic information about the Account such as Account name, location, creation date, etc.
   Metadata Information	Check the metadata information of the deployment
   Object Information	Check the object information of the deployment

   Table. Deployment detailed information items

Delete Deployment

To delete the deployment, follow these steps.

1. All Services > Container > Kubernetes Engine menu. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Deployment under the Workload menu. Navigate to the Deployment List page.
3. Deployment List page, select the cluster and namespace from the top left gear button, then click Confirm.
4. Select the item you want to delete on the Deployment List page. Go to the Deployment Details page.
5. Click Delete Deployment on the Deployment Details page.
6. Alert confirmation window appears, click the Confirm button.

Managing Pods

A pod (Pod) is the smallest computing unit that can be created, managed, and deployed in Kubernetes, referring to a group of one or more containers. In a workload, you can create a pod and view detailed information or delete it.

Create a pod

To create a pod, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Service Home page, click Pod under the Workload menu. Navigate to the Pod List page.
3. Pod List page, select the cluster and namespace from the Gear button at the top left, then click Create Object.
4. In the Object Creation Popup from, enter the object information and click the Confirm button.

Check pod detailed information

To check the detailed pod information, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Click Pod under the Workload menu on the Service Home page. You will be taken to the Pod List page.
3. On the Pod List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the item you want to view detailed information for on the Pod List page. You will be taken to the Pod Details page.
   • If you select Show System Objects at the top of the list, items other than the Kubernetes object entries will be displayed.
5. Click each tab to view service information.

   Category	Detailed description
   Status Display	Displays the current status of the pod
   Delete Pod	Delete pod
   Detailed Information	Can view detailed information of the pod
   YAML	Pod resource files can be edited in the YAML editor Edit button click and modify the resource, then click the Save button to apply changes When editing content, click the Diff button to view the changed content
   Event	Check events that occurred within the pod
   Log	When you select a container, you can view the container information that the pod has
   Account information	Check basic information about the Account such as Account name, location, creation date and time
   Metadata Information	Check the pod’s metadata information
   Object Information	Check the pod’s object information
   Init Container Information	Check the init container information of the pod
   Container Information	Check the pod’s container information

   Table. Pod detailed information items

Delete Pod

To delete a pod, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Go to the Service Home page of Kubernetes Engine.
2. Click Pod under the Workload menu on the Service Home page. Navigate to the Pod List page.
3. On the Pod List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Pod List page, select the item you want to delete. Pod Detail page, navigate.
5. Click Delete Pod on the Pod Details page.
6. Notification Confirmation Window appears, click the Confirm button.

Managing StatefulSet

StatefulSet refers to a workload API object used to manage the stateful aspects of an application. In a workload, you can create a StatefulSet and view detailed information or delete it.

Creating a StatefulSet

To create a StatefulSet, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Click StatefulSet under the Workload menu on the Service Home page. You will be taken to the StatefulSet List page.
3. On the StatefulSet List page, select the cluster and namespace from the gear button at the top left, then click Create Object.
4. Object Creation Popup에서 enter the object information and click the Confirm button.

Check detailed information of StatefulSet

To view the detailed information of the StatefulSet, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Service Home on the page, click StatefulSet under the Workload menu. Navigate to the StatefulSet List page.
3. On the StatefulSet List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the item you want to view detailed information for on the StatefulSet List page. You will be taken to the StatefulSet Details page.
   • If you select Show System Objects at the top of the list, items other than the Kubernetes object entries will be displayed.
5. Click each tab to view the service information.

   Category	Detailed description
   Delete StatefulSet	Delete the StatefulSet
   Detailed Information	Can check detailed information of StatefulSet
   YAML	StatefulSet resource files can be edited in the YAML editor Click the Edit button, modify the resource, then click the Save button to apply the changes When editing content, click the Diff button to view the changed content
   Event	Check events that occurred within the StatefulSet
   Pod	Check the pod information of the StatefulSet
   Account Information	Check basic information about the Account such as Account name, location, creation date, etc.
   Metadata Information	Check the metadata information of the StatefulSet
   Object Information	Check the object information of the StatefulSet

   Table. StatefulSet detailed information items

Delete StatefulSet

To delete a StatefulSet, follow the steps below.

1. Click the All Services > Container > Kubernetes Engine menu. Navigate to the Service Home page of Kubernetes Engine.
2. Service Home page, click StatefulSet under the Workload menu. Navigate to the StatefulSet List page.
3. On the StatefulSet List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the item you want to delete on the StatefulSet List page. Go to the StatefulSet Details page.
5. Click Delete StatefulSet on the StatefulSet Details page.
6. If the notification confirmation window appears, click the Confirm button.

Managing DaemonSets

DaemonSet refers to a resource that ensures that a copy of a pod runs on all nodes or some nodes. In workloads, you can create a DaemonSet and view detailed information or delete it.

Creating a DaemonSet

To create a DaemonSet, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click DaemonSet under the Workload menu. You will be taken to the DaemonSet List page.
3. On the DaemonSet List page, select the cluster and namespace from the gear button at the top left, then click Create Object.
4. In the Object Creation Popup, enter the object information and click the Confirm button.

Check DaemonSet detailed information

To view the detailed information of the DaemonSet, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Click DaemonSet under the Workload menu on the Service Home page. You will be taken to the DaemonSet List page.
3. DaemonSet List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. DaemonSet List page, select the item you want to view detailed information for. It navigates to the DaemonSet Details page.
   • If you select Show System Objects at the top of the list, items other than the Kubernetes object entries will be displayed.
5. Click each tab to view the service information.

   Category	Detailed description
   DaemonSet Delete	Delete DaemonSet
   Detailed Information	Can view detailed information of DaemonSet
   YAML	DaemonSet resource files can be edited in the YAML editor Click the Edit button, modify the resource, then click the Save button to apply changes When editing content, click the Diff button to view the changed content
   Event	Check events that occurred within the DaemonSet
   Pod	Check the pod information of the DaemonSet
   Account Information	Check basic information about the Account such as Account name, location, creation date, etc.
   Metadata Information	Check the metadata information of the DaemonSet
   Object Information	Check the object information of the DaemonSet

   Table. DaemonSet detailed information items

Delete DaemonSet

To delete a DaemonSet, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Click DaemonSet under the Workload menu on the Service Home page. Navigate to the DaemonSet List page.
3. DaemonSet List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. DaemonSet List page, select the item you want to delete. Move to the DaemonSet Details page.
5. Click Delete DaemonSet on the DaemonSet Details page.
6. If the Alert confirmation window appears, click the Confirm button.

Job Management

A job refers to a resource that creates one or more pods and continues to run pods until the specified number of pods have successfully terminated. In a workload, you can create a job and view detailed information or delete it.

Create Job

To create a job, follow the steps below.

1. All Services > Container > Kubernetes Engine menu. Go to the Service Home page of Kubernetes Engine.
2. Click Job under the Workload menu on the Service Home page. You will be taken to the Job List page.
3. On the Job List page, select the cluster and namespace from the top left gear button, then click Create Object.
4. In the Object Creation Popup, enter the object information and click the Confirm button.

Check job details

To view detailed job information, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Click Job under the Workload menu on the Service Home page. Navigate to the Job List page.
3. On the Job List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. On the Job List page, select the item for which you want to view detailed information. You will be taken to the Job Details page.
   • Selecting Show system objects at the top of the list will display all items except the Kubernetes object entries.
5. Click each tab to view service information.

   Category	Detailed description
   Job Delete	Delete Job
   Detailed Information	Can view detailed information of the job
   YAML	Job resource file can be edited in the YAML editor Click the Edit button, modify the resource, then click the Save button to apply changes When editing content, click the Diff button to view the changes
   Event	Check events that occurred within the job
   Pod	Check the pod information of the job
   Account Information	Check basic information about the Account such as Account name, location, creation date, etc.
   Metadata Information	Check the job’s metadata information
   Object Information	Check the job’s object information

   Table. Job Detailed Information Items

Delete Job

To delete a job, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Go to the Service Home page of Kubernetes Engine.
2. Click Job under the Workload menu on the Service Home page. You will be taken to the Job List page.
3. Job List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Job List page, select the item you want to delete. Go to the Job Details page.
5. Click Delete Job on the Job Details page.
6. Alert confirmation window appears, click the Confirm button.

Managing Cron Jobs

Cron jobs refer to resources that periodically execute a job according to a schedule written in cron format. They can be used to run repetitive tasks at regular intervals such as backups, report generation, etc. In the workload, you can create a cron job and view or delete its detailed information.

Create Cron Job

To create a cron job, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Click CronJob under the Workload menu on the Service Home page. You will be taken to the CronJob List page.
3. CronJob List page, select the cluster and namespace from the gear button at the top left, then click Create Object.
4. In the Object Creation Popup, enter the object information and click the Confirm button.

Check Cron Job Detailed Information

To check the detailed information of the cron job, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Click Cron Job under the Workload menu on the Service Home page. You will be taken to the Cron Job List page.
3. On the CronJob List page, select the cluster and namespace from the top left gear button, then click Confirm.
4. Cron Job List page: select the item you want to view detailed information for. You will be taken to the Cron Job Details page.
   • If you select Show System Objects at the top of the list, items other than the Kubernetes object entries will be displayed.
5. Click each tab to view service information.

   Category	Detailed description
   Cron job delete	Delete cron job
   Detailed Information	Can view detailed information of cron job
   YAML	Cron job resource files can be edited in the YAML editor Click the Edit button, modify the resource, then click the Save button to apply changes When editing content, you can click the Diff button to view the changed content
   Event	Check events that occurred within the cron job
   Job	Check the job information of the Cron job. Selecting a job item moves to the job detail page
   Account Information	Check basic information about the Account such as Account name, location, creation date, etc.
   Metadata Information	Check the metadata information of the cron job
   Object Information	Check the object information of the cron job

   Table. Cronjob detailed information items

Delete Cron Job

To delete a cron job, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Click Cron Job under the Workload menu on the Service Home page. You will be taken to the Cron Job List page.
3. CronJob List page에서 클러스터와 네임스페이스를 왼쪽 상단의 gear 버튼에서 선택 후, Confirm을 클릭하세요.
4. Cron Job List page, select the item you want to delete. Navigate to the Cron Job Details page.
5. Click Delete Cron Job on the Cron Job Details page.
6. If the Notification Confirmation Window appears, click the Confirm button.

2.4 - Service and Ingress Management

A service is an abstraction method that exposes applications running in a set of pods as a network service, and an ingress is used to expose HTTP and HTTPS paths from outside the cluster to inside the cluster. After creating a namespace, you can create or delete services, endpoints, ingresses, and ingress classes.

Service Management

You can create a service and view or delete its detailed information.

Create Service

To create a service, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Click Service under the Service and Ingress menu on the Service Home page. You will be taken to the Service List page.
3. Service List page, select the cluster and namespace from the gear button at the top left, then click Create Object.
4. In the Object Creation Popup, enter the object information and click the Confirm button.

Check service detailed information

To view detailed service information, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Service under the Service and Ingress menu. You will be taken to the Service List page.
3. On the Service List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. On the Service List page, select the item for which you want to view detailed information. You will be taken to the Service Details page.
   • If you select Show System Objects at the top of the list, items other than the Kubernetes object entries will be displayed.
5. Click each tab to view service information.

   Category	Detailed description
   Delete Service	Delete the service
   Detailed Information	Can check detailed service information
   YAML	Service resource files can be edited in the YAML editor Click the Edit button, modify the resource, then click the Save button to apply the changes When editing content, click the Diff button to view the changes
   Event	Check events that occurred within the service
   Account Information	Check basic information about the Account such as Account name, location, creation date, etc.
   Metadata Information	Check the service’s metadata information
   Object Information	Check the service’s object information

   Table. Service Detailed Information Items

Delete Service

To delete the service, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Service under the Service and Ingress menu. You will be taken to the Service List page.
3. Service List page, select the cluster and namespace from the top left gear button, then click Confirm.
4. Service List page, select the item you want to delete. Service Details page will be opened.
5. Click Delete Service on the Service Details page.
6. If the Notification Confirmation Window appears, click the Confirm button.

Manage Endpoints

You can create an endpoint and view or delete its detailed information.

Create Endpoint

To create an endpoint, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Click Endpoint under the Service and Ingress menu on the Service Home page. Navigate to the Endpoint List page.
3. Endpoint List page, select the cluster and namespace from the Gear button at the top left, then click Create Object.
4. In the Object Creation Popup, enter the object information and click the Confirm button.

Check endpoint detailed information

To view detailed endpoint information, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Service Home page, click Endpoint under the Service and Ingress menu. Navigate to the Endpoint List page.
3. On the Endpoint List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Endpoint List page, select the item you want to view detailed information for. Endpoint Details page will be opened.
   • If you select Show System Objects at the top of the list, all items except the Kubernetes object entries will be displayed.
5. Click each tab to view service information.

   Category	Detailed description
   Endpoint Deletion	Delete endpoint
   Detailed Information	Can check detailed information of the endpoint
   YAML	Endpoint resource files can be edited in the YAML editor click the Edit button and modify the resource, then click the Save button to apply the changes When editing content, click the Diff button to view the changes
   Event	Check events that occurred within the endpoint
   Account Information	Check basic information about the Account such as Account name, location, creation date, etc.
   Metadata Information	Check the metadata information of the endpoint
   Object Information	Check the endpoint’s object information

   Table. Endpoint Detailed Information Items

Delete Endpoint

To delete the endpoint, follow the steps below.

1. Click the All Services > Container > Kubernetes Engine menu. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Endpoint under the Service and Ingress menu. You will be taken to the Endpoint List page.
3. Endpoint List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Endpoint List page, select the item you want to delete. Navigate to the Endpoint Detail page.
5. Click Delete Endpoint on the Endpoint Details page.
6. Notification Confirmation Window appears, click the Confirm button.

Manage Ingress

Ingress is an API object that manages external access (HTTP, HTTPS) to services within the Kubernetes Engine, used to expose workloads externally, and provides L7 load balancing functionality.

Create Ingress

To create an ingress, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Service Home page, click Ingress under the Service and Ingress menu. Go to the Ingress List page.
3. Ingress List page에서 클러스터와 네임스페이스를 왼쪽 상단의 gear 버튼에서 선택 후, Create Object을 클릭하세요.
4. In the Object Creation Popup, enter the object information and click the Confirm button.

Check Ingress Detailed Information

To view the ingress detailed information, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Click Ingress under the Service and Ingress menu on the Service Home page. Navigate to the Ingress List page.
3. On the Ingress List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the item you want to view detailed information for on the Ingress List page. You will be taken to the Ingress Details page.
   • If you select Show System Objects at the top of the list, items other than the Kubernetes object entries will be displayed.
5. Click each tab to view service information.

   Category	Detailed description
   Delete Ingress	Delete Ingress
   Detailed Information	Can view detailed information of Ingress
   YAML	Ingress resource files can be edited in the YAML editor Click the Edit button, modify the resource, then click the Save button to apply changes When editing content, click the Diff button to view the changed content
   Event	Check events that occurred within the ingress
   Account Information	Check basic information about the Account such as Account name, location, creation date, etc.
   Metadata Information	Check the metadata information of the ingress
   Object Information	Check the object information of Ingress

   Table. Ingress detailed information items

Delete Ingress

To delete Ingress, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Service Home page, click Ingress under the Service and Ingress menu. Navigate to the Ingress List page.
3. On the Ingress List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Ingress List page, select the item you want to delete. Go to the Ingress Details page.
5. Click Delete Ingress on the Ingress Detail page.
6. Alert confirmation window appears, click the Confirm button.

Manage Ingress Class

IngressClass refers to an API resource that allows multiple ingress controllers to be used in a single cluster. In each ingress, you must specify a reference class to the IngressClass resource that includes the configuration, including the controller that must implement the class.

Create Ingress Class

To create an Ingress class, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. Go to the Service Home page of Kubernetes Engine.
2. Click IngressClass under the Service and Ingress menu on the Service Home page. Go to the IngressClass List page.
3. On the IngressClass List page, select the cluster and namespace from the top-left gear button, then click Create Object.
4. In the Object Creation Popup, enter the object information and click the Confirm button.

Check Ingress Class Detailed Information

To view detailed information of the Ingress class, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click IngressClass under the Service and Ingress menu. Navigate to the IngressClass List page.
3. IngressClass List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. On the IngressClass List page, select the item for which you want to view detailed information. You will be taken to the IngressClass Detail page.
   • If you select Show System Objects at the top of the list, items other than the Kubernetes object entries will be displayed.
5. Click each tab to view service information.

   Category	Detailed description
   Delete Ingress Class	Delete the ingress class
   Detailed Information	Can check detailed information of IngressClass
   YAML	Ingress class resource file can be edited in the YAML editor Click the Edit button, modify the resource, then click the Save button to apply the changes When editing content, click the Diff button to view the changes
   Event	Check events that occurred within the Ingress class
   Account Information	Check basic information about the Account such as Account name, location, creation date, etc.
   Metadata Information	Check the metadata information of the Ingress class
   Object Information	Check the object information of the Ingress class

   Table. Ingress Class Detailed Information Items

Delete Ingress Class

To delete the Ingress class, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click IngressClass under the Service and Ingress menu. Navigate to the IngressClass List page.
3. IngressClass List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the item you want to delete on the IngressClass List page. Move to the IngressClass Details page.
5. Click Delete Ingress Class on the Ingress Class Details page.
6. Notification confirmation window appears, click the Confirm button.

2.5 - Storage Management

You can create and manage storage to use when using Kubernetes Engine. Storage is created and then managed for each of PVC, PV, and StorageClass items.

PVC manage

Persistent Volume Claim(PVC) is an object defined to allocate the required storage capacity. PVC provides high usability through abstraction, and can prevent the problem where data disappears together when the container lifecycle expires (maintaining Data Persistence).

Create PVC

To create a PVC, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Service Home page, click Storage under the PVC menu. Navigate to the PVC List page.
3. On the PVC List page, after selecting the cluster and namespace from the top left gear button, click Create Object.
4. In the Object Creation Popup, enter the object information and click the Confirm button.

Check PVC detailed information

To check the detailed PVC information, follow the steps below.

1. All Services > Container > Kubernetes Engine menu. Go to the Service Home page of Kubernetes Engine.
2. Click PVC under the Storage menu on the Service Home page. You will be taken to the PVC List page.
3. On the PVC List page, select the cluster and namespace from the top left gear button, then click Confirm.
4. Select the item you want to view detailed information for on the PVC List page. You will be taken to the PVC Details page.
   • If you select Show System Objects at the top of the list, items other than the Kubernetes object entries will be displayed.
5. Click each tab to view service information.

   Category	Detailed description
   Status Display	Displays the current status of the PVC. Bound: Normal connection
   Delete PVC	Delete PVC
   Detailed Information	PVC detailed information can be viewed
   YAML	PVC resource file can be edited in the YAML editor Click the Edit button, modify the resource, then click the Save button to apply changes When editing content, click the Diff button to view the changed content
   Event	Check events that occurred within PVC
   Account Information	Check basic information about the Account such as Account name, location, creation date, etc.
   Metadata Information	Check PVC metadata information
   Object Information	Check PVC object information

   Table. PVC detailed information items

Delete PVC

To delete PVC, follow the steps below.

1. All Services > Container > Kubernetes Engine menu를 클릭하세요. Kubernetes Engine의 Service Home 페이지로 이동합니다.
2. Click PVC under the Storage menu on the Service Home page. Navigate to the PVC List page.
3. PVC list page, select the cluster and namespace from the top left gear button, then click Confirm.
4. PVC List Select the item you want to delete on the page. PVC Details Navigate to the page.
5. Click Delete PVC on the PVC Details page.
6. Notification confirmation window appears, click the Confirm button.

PV Management

Persistent Volume (PV) refers to the physical disk created by the system administrator in Kubernetes Engine.

Create PV

To create a PV, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Click PV under the Storage menu on the Service Home page. It navigates to the PV List page.
3. PV list page, select the cluster and namespace from the top left gear button, then click Create Object.
4. In the Object Creation Popup에서 오브젝트 정보를 입력하고 Confirm 버튼을 클릭하세요.

Check PV detailed information

To view the detailed PV information, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Service Home page, click Storage under the PV menu. Navigate to the PV List page.
3. PV List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the item you want to view detailed information for on the PV List page. You will be taken to the PV Details page.
   • If you select Show System Objects at the top of the list, items other than the Kubernetes object entries will be displayed.
5. Click each tab to view service information.

   Category	Detailed description
   Status Display	Displays the current status of the PV. Bound: Normal connection
   PV Delete	Delete PV
   Detailed Information	PV detailed information can be viewed
   YAML	PV’s resource file can be edited in the YAML editor Click the Edit button, modify the resource, then click the Save button to apply changes When editing content, click the Diff button to view the changed content
   Event	Check events that occurred within PV
   Account Information	Check basic information about the Account such as Account name, location, creation date and time
   Metadata Information	Check PV’s metadata information
   Object Information	Check PV’s object information

   Table. PV detailed information items

PV Delete

To delete PV, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Click PV under the Storage menu on the Service Home page. You will be taken to the PV List page.
3. On the PV List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. PV List page, select the item you want to delete. Go to the PV Details page.
5. Click Delete PV on the PV Details page.
6. Notification confirmation window appears, click the Confirm button.

Managing StorageClass

Storage Class is a Kubernetes resource that defines the level of storage type, performance, etc.

Predefined Storage Class

Create StorageClass

To create a storage class, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click StorageClass under the Storage menu. Navigate to the StorageClass list page.
3. StorageClass List page, select the cluster and namespace from the gear button at the top left, then click Create Object.
4. In the Object Creation Popup, enter the object information and click the Confirm button.
   Reference

   For detailed information on the concept of storage classes and object creation, refer to the Kubernetes official documentation > Storage Class.

Check storage class detailed information

To view detailed storage class information, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Storage under the StorageClass menu. You will be taken to the StorageClass List page.
3. On the StorageClass List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. StorageClass List page, select the item you want to view detailed information for. Navigate to the StorageClass Details page.
   • If you select Show System Objects at the top of the list, items other than the Kubernetes object entries will be displayed.
5. Click each tab to view service information.

   Category	Detailed description
   Delete StorageClass	Delete the StorageClass
   Detailed Information	Can view detailed information of storage class
   YAML	Resource files of the storage class can be edited in the YAML editor Click the Edit button and modify the resource, then click the Save button to apply the changes When editing content, click the Diff button to view the changed content
   Event	Check events that occurred within the storage class
   Account Information	Check basic information about the Account such as Account name, location, creation date, etc.
   Metadata Information	Check the metadata information of the storage class
   Object Information	Check the object information of the storage class

   Table. StorageClass detailed information items

Delete StorageClass

To delete the storage class, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. From the Service Home page, click Storage Class under the Storage menu. You will be taken to the Storage Class List page.
3. On the StorageClass List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. StorageClass List page, select the item you want to delete. Navigate to the StorageClass Details page.
5. Click Delete StorageClass on the StorageClass Details page.
6. When the notification confirmation window appears, click the Confirm button.
   Caution

   On the storage class list page, after selecting the item you want to delete, click Delete to delete the selected storage class.

2.6 - Configuration(Configuration) Management

When there is a need to manage values that change inside a container depending on various environments such as development and operation, creating and managing a separate image due to environment variables is inconvenient and incurs significant cost waste. In Kubernetes, you can manage environment variables or configuration values as variables so that they can be changed from outside and injected when a Pod is created, and you can use ConfigMap and Secret for this.

Manage ConfigMap

You can write and manage the Config information used in the namespace as a ConfigMap.

Create ConfigMap

To create a ConfigMap, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. Go to the Service Home page of Kubernetes Engine.
2. Service Home on the page, click Configuration menu below ConfigMap. Go to the ConfigMap List page.
3. ConfigMap List page, select the cluster and namespace from the gear button at the top left, then click Create Object.
4. In the Object Creation Popup, enter the object information and click the Confirm button.

Check ConfigMap detailed information

To view detailed ConfigMap information, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click ConfigMap under the Configuration menu. Navigate to the ConfigMap List page.
3. ConfigMap List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. ConfigMap List page, select the item you want to view detailed information for. You will be taken to the ConfigMap Details page.
   • If you select Show System Objects at the top of the list, items other than the Kubernetes object entries will be displayed.
5. Click each tab to view the service information.

   Category	Detailed description
   Config Map Delete	Delete Config Map
   Detailed Information	Can check detailed information of config map
   YAML	ConfigMap’s resource file can be edited in the YAML editor Click the Edit button, modify the resource, then click the Save button to apply changes When editing content, click the Diff button to view the changed content
   Event	Check the events that occurred within the config map
   Account information	Check basic information about the Account such as Account name, location, creation date and time
   Metadata Information	Check the metadata information of the ConfigMap
   Object Information	Check the object information of the config map In Data, rows are separated by - - -, and value is displayed in textarea format Binary Data’s value outputs the length value

   Table. ConfigMap detailed information items

Delete ConfigMap

To delete a config map, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click ConfigMap under the Configuration menu. You will be taken to the ConfigMap List page.
3. On the ConfigMap List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. ConfigMap List page, select the item you want to delete. Go to the ConfigMap Details page.
5. On the ConfigMap Details page, click Delete ConfigMap.
6. Alert confirmation window appears, click the Confirm button.

Manage Secrets

By using secrets, you can securely store and manage sensitive information such as passwords, OAuth tokens, and SSH keys.

Create Secret

To create a secret, follow the steps below.

1. All Services > Container > Kubernetes Engine menu, click. Go to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Secret under the Configuration menu. You will be taken to the Secret List page.
3. Secret List page, select the cluster and namespace from the top left gear button, then click Create Object.
4. In the Object Creation Popup, enter the object information and click the Confirm button.

Check Secret Detailed Information

To view the secret detailed information, follow the steps below.

1. All Services > Container > Kubernetes Engine menu, click it. Go to the Service Home page of Kubernetes Engine.
2. Click Secret under the Configuration menu on the Service Home page. You will be taken to the Secret List page.
3. Secret List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Secret List page, select the item you want to view detailed information for. Secret Details page will be navigated.
   • If you select Show System Objects at the top of the list, items other than the Kubernetes object entries will be displayed.
5. Click each tab to view service information.

   Category	Detailed description
   Delete Secret	Delete the secret
   Detailed Information	Can check secret’s detailed information
   YAML	Secret’s resource file can be edited in the YAML editor Click the Edit button, modify the resource, then click the Save button to apply changes When editing content, click the Diff button to view the changed content
   Event	Check events that occurred within Secret
   Account Information	Check basic information about the Account such as Account name, location, creation date, etc.
   Metadata Information	Check the secret’s metadata information
   Object Information	Check the secret’s object information

   Table. Secret Detailed Information Items

Delete Secret

To delete the secret, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Go to the Service Home page of Kubernetes Engine.
2. Click Secret under the Configuration menu on the Service Home page. You will be taken to the Secret List page.
3. Secret List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Secret List page, select the item you want to delete. Secret Detail page, navigate.
5. Click Delete Secret on the Secret Details page.
6. If the notification confirmation window appears, click the Confirm button.

2.7 - Manage Permissions

Kubernetes clusters can be accessed by multiple users, and you can assign permissions per specific API or namespace to define access scope. By applying Kubernetes’ role-based access control (RBAC, Role-based access control) feature, you can set permissions per cluster or namespace. You can create and manage cluster roles, cluster role bindings, roles, and role bindings.

Managing Cluster Role

You can set and manage access permissions on a per-cluster basis. You can also set permissions for APIs or resources that are not limited to a namespace.

Create Cluster Role

To create a cluster role, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Click Cluster Role under the Permissions menu on the Service Home page. Go to the Cluster Role List page.
3. Cluster Role List page, select the cluster and namespace from the gear button at the top left, then click Create Object.
4. Object Creation Popup In the Object Creation Popup, enter the object information and click the Confirm button.

Check detailed information of cluster role

To view detailed information about the cluster role, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Click Cluster Role under the Permissions menu on the Service Home page. Go to the Cluster Role List page.
3. On the Cluster Role List page, select the cluster and namespace from the top left gear button, then click Confirm.
4. Cluster Role List page: select the item you want to view detailed information for. You will be taken to the Cluster Role Details page.
   • If you select Show System Objects at the top of the list, items other than the Kubernetes object entries will be displayed.
5. Click each tab to view service information.

   Category	Detailed description
   Delete Cluster Role	Delete the cluster role
   Detailed Information	Can check detailed information of ClusterRole
   YAML	Cluster role’s resource files can be edited in the YAML editor Click the Edit button, modify the resource, then click the Save button to apply changes When editing content, click the Diff button to view the changes
   Event	Check events that occurred within the cluster role
   Account Information	Check basic information about the Account such as Account name, location, creation date, etc.
   Metadata Information	Check the metadata information of the cluster role
   Policy Rule Information	View the policy rule information of the ClusterRole Resources: List of resources to which the rule applies Non-Resource URLs: Non-Resource URLs are the set of partial URLs that the user needs to access * is allowed but only as the final segment of the path Since non-resource URLs are not namespaced, this field only applies to ClusterRoles referenced by a ClusterRoleBinding A rule can apply to API resources (e.g., “pods” or “secrets”) or non-resource URL paths (e.g., “/api”), but not both Resource Names: Resource names are an optional whitelist of names the rule applies to. An empty set means everything is allowed Verbs: Verb refers to the API verbs used in resource requests such as get, list, create, update, path, watch, delete, deletecollection For more details, refer to the Kubernetes official documentation > API Verbs

   Table. Cluster role detailed information items

Delete ClusterRole

To delete the cluster role, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Cluster Role under the Permissions menu. You will be taken to the Cluster Role List page.
3. On the Cluster Role List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Cluster Role List page, select the item you want to delete. Move to the Cluster Role Details page.
5. Click Delete Cluster Role on the Cluster Role Details page.
6. Alert confirmation window appears, click the Confirm button.

Managing ClusterRoleBinding

You can create and manage a cluster role binding by connecting a cluster role with a specific target.

Create Cluster Role Binding

To create a cluster role binding, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click ClusterRoleBinding under the Permissions menu. You will be taken to the ClusterRoleBinding list page.
3. Cluster Role Binding List page, select the cluster and namespace from the Gear button at the top left, then click Create Object.
4. In the Object Creation Popup, enter the object information and click the Confirm button.

Check detailed information of ClusterRoleBinding

To check the detailed information of cluster role binding, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click ClusterRoleBinding under the Permissions menu. You will be taken to the ClusterRoleBinding List page.
3. Cluster Role Binding List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Cluster Role Binding List page, select the item you want to view detailed information. Navigate to the Cluster Role Binding Details page.
   • If you select Show System Objects at the top of the list, items other than the Kubernetes object entries will be displayed.
5. Click each tab to view service information.

   Category	Detailed description
   Delete Cluster Role Binding	Delete cluster role binding
   Detailed Information	Check the detailed information of the cluster role binding
   YAML	The resource file of ClusterRoleBinding can be edited in the YAML editor Edit button click and modify the resource, then click the Save button to apply changes When editing content, click the Diff button to view the changed content
   Event	Check events that occurred within the ClusterRoleBinding
   Account Information	Check basic information about the Account such as Account name, location, creation date, etc.
   Metadata Information	Check the metadata information of the cluster role binding
   Roll/Target Info	Check the role and target information of the cluster roll

   Table. Cluster Role Binding Detailed Information Items

Delete Cluster Role Binding

To delete the cluster role binding, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Click ClusterRoleBinding under the Permissions menu on the Service Home page. It will navigate to the ClusterRoleBinding List page.
3. Cluster Role Binding List 페이지에서 클러스터와 네임스페이스를 왼쪽 상단의 gear 버튼에서 선택 후, Confirm을 클릭하세요.
4. Cluster Role Binding List Select the item you want to delete on the page. Cluster Role Binding Details Navigate to the page.
5. Click Delete Cluster Role Binding on the Cluster Role Binding Details page.
6. Notification Confirmation Window appears, click the Confirm button.

Manage Roll

A role refers to a rule that specifies permissions for a specific API or resource. You can create and manage permissions that can only access the namespace to which the role belongs.

Create Roll

To create a roll, follow the steps below.

1. All Services > Container > Kubernetes Engine menu, click. Navigate to the Service Home page of Kubernetes Engine.
2. Click Role under the Permission menu on the Service Home page. It moves to the Role List page.
3. On the Roll List page, select the cluster and namespace from the Gear button at the top left, then click Create Object.
4. In the Object Creation Popup, enter the object information and click the Confirm button.

Check roll detailed information

To check detailed roll information, follow the steps below.

1. Click the All Services > Container > Kubernetes Engine menu. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Role under the Permissions menu. You will be taken to the Role List page.
3. On the Role List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the item you want to view detailed information for on the Roll List page. You will be taken to the Roll Details page.
   • If you select Show System Objects at the top of the list, items other than the Kubernetes object entries will be displayed.
5. Click each tab to view service information.

   Category	Detailed description
   Delete role	Delete role
   Detailed Information	Check detailed information of the roll
   YAML	Roll’s resource file can be edited in a YAML editor Click the Edit button, modify the resource, then click the Save button to apply changes When editing content, click the Diff button to view the changed content
   Event	Check events that occurred within the roll
   Account Information	Check basic information about the Account such as Account name, location, creation date, etc.
   Metadata Information	Check the metadata information of the roll
   Policy Rule Information	View the policy rule information of the role Resources: List of resources to which the rule applies Non-Resource URLs: Non-Resource (NonResource) URLs are the set of partial URLs the user must access * is allowed but only as the final segment of the path Non-resource URLs are not namespaced, so this field only applies to ClusterRoles referenced by a ClusterRoleBinding Rules can apply to API resources (e.g., “pods” or “secrets”) or non-resource URL paths (e.g., “/api”), but not both Resource Names: Resource names are an optional whitelist of names the rule applies to, an empty set means everything is allowed Verbs: Verb refers to the API verbs used in resource requests such as get, list, create, update, path, watch, delete, deletecollection For more details, refer to the Kubernetes official documentation > API Verbs

   Table. Roll detailed information items

Delete roll

To delete the roll, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Click Role under the Permissions menu on the Service Home page. You will be taken to the Role List page.
3. On the Roll List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the item you want to delete on the Role List page. Navigate to the Role Details page.
5. Click Delete Roll on the Roll Details page.
6. When the alert confirmation window appears, click the Confirm button.

Manage Roll Binding

You can connect a role with a specific target to create and manage role bindings.

Create Roll Binding

To create a role binding, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Roll Binding under the Permission menu. It will navigate to the Roll Binding List page.
3. Roll Binding List page, select the cluster and namespace from the gear button at the top left, then click Create Object.
4. In the Object Creation Popup, enter the object information and click the Confirm button.

Check Roll Binding Detailed Information

To check the detailed roll binding information, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Click Roll Binding under the Permission menu on the Service Home page. Navigate to the Roll Binding List page.
3. Roll Binding List 페이지에서 클러스터와 네임스페이스를 왼쪽 상단의 gear 버튼에서 선택 후, Confirm을 클릭하세요.
4. On the Roll Binding List page, select the item you want to view detailed information for. You will be taken to the Roll Binding Details page.
   • If you select Show system objects at the top of the list, items other than the Kubernetes object entries will be displayed.
5. Click each tab to view service information.

   Category	Detailed description
   Delete Roll Binding	Delete roll binding
   Detailed Information	Check detailed information of roll binding
   YAML	Roll binding’s resource files can be edited in a YAML editor Edit button click and modify the resource, then click the Save button to apply changes When editing content, click the Diff button to view the changed content
   Event	Check events that occurred within roll binding
   Account Information	Check basic information about the Account such as Account name, location, creation date, etc.
   Metadata Information	Check the metadata information of Roll Binding
   Role/Target Information	Check the role’s function and target information

   Table. Roll Binding Detailed Information Items

Delete Roll Binding

To delete the roll binding, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Click Roll Binding under the Permissions menu on the Service Home page. Navigate to the Roll Binding List page.
3. On the Role Binding List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Roll Binding List page, select the item you want to delete. Roll Binding Details page, navigate.
5. Click Delete Roll Binding on the Roll Binding Details page.
6. Alert confirmation window appears, click the Confirm button.

3 - Using Kubernetes Engine

Configure external network communication to expose HTTP and HTTPS services from the cluster to the outside. To configure external network communication, you can create a service of type LoadBalancer.

Using Kubernetes Engine Guide

The Using Kubernetes Engine guide describes the following features. For more information, refer to the corresponding guide.

3.1 - Authentication and Authorization

Kubernetes Engine has Kubernetes’ authentication and RBAC authorization features applied. This explains the authentication and authorization features of Kubernetes and how to link them with Kubernetes Engine and IAM.

Kubernetes Authentication and Authorization

This explains the authentication and RBAC authorization features of Kubernetes.

Authentication

The Kubernetes API server acquires the necessary information for user or account authentication from certificates or authentication tokens and proceeds with the authentication process.

Authorization

The Kubernetes API server checks if the user has permission for the requested action using the user information obtained through the authentication process and the RBAC-related objects. There are four types of RBAC-related objects as follows:

Role

Kubernetes has several predefined ClusterRoles. Some of these ClusterRoles do not have the prefix system:, which means they are intended for user use. These include the cluster-admin role that can be applied to the entire cluster using ClusterRoleBinding, and the admin, edit, and view roles that can be applied to a specific namespace using RoleBinding.

In addition to the predefined ClusterRoles, you can define separate roles (or ClusterRoles) as needed. For example:

# Role that grants permission to view pods in the "default" namespace
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: default
  name: pod-reader
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "list", "watch"]

# Role that grants permission to view pods in the "default" namespace
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: default
  name: pod-reader
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "list", "watch"]

# ClusterRole that grants permission to view nodes
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: node-viewer
rules:
- apiGroups: [""]
  resources: ["nodes"]
  verbs: ["get", "list", "watch"]

# ClusterRole that grants permission to view nodes
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: node-viewer
rules:
- apiGroups: [""]
  resources: ["nodes"]
  verbs: ["get", "list", "watch"]

Role Binding

To manage access to the Kubernetes Engine using Samsung Cloud Platform IAM, you need to understand the relationship between Kubernetes’ role binding and IAM. The target (subjects) of role binding (or cluster role binding) can include individual users (User) or groups (Group).

• User matches the Samsung Cloud Platform username, and Group matches the IAM user group name.

For role binding/cluster role binding, subjects.kind can be one of the following:

• User: Binds to a Samsung Cloud Platform individual user.
• Group: Binds to a Samsung Cloud Platform IAM user group.

The subjects.name of role binding/cluster role binding can be specified as follows:

• User case: Samsung Cloud Platform individual username (e.g. jane.doe)
• Group case: Samsung Cloud Platform IAM user group name (e.g. ReadPodsGroup)

In this way, an IAM user group is bound to a role binding (or cluster role binding) written in the Kubernetes Engine cluster. Additionally, the permission to perform API operations included in the role (or cluster role) bound to the group is granted.

Example) Role Binding read-pods #1

An example of writing a User (Samsung Cloud Platform individual user) to a role binding is as follows:

# This role binding allows the user "jane.doe@example.com" to view pods in the "default" namespace.
# A "pod-reader" role must exist in the namespace.
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: read-pods
  namespace: default
roleRef:
  # "roleRef" specifies the binding to a role or cluster role.
  kind: Role       # Must be Role or ClusterRole.
  name: pod-reader # Must match the name of the role or cluster role to bind.
  apiGroup: rbac.authorization.k8s.io
subjects:
# One or more "targets" can be specified.
- kind: User
  name: jane.doe
  apiGroup: rbac.authorization.k8s.io

# This role binding allows the user "jane.doe@example.com" to view pods in the "default" namespace.
# A "pod-reader" role must exist in the namespace.
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: read-pods
  namespace: default
roleRef:
  # "roleRef" specifies the binding to a role or cluster role.
  kind: Role       # Must be Role or ClusterRole.
  name: pod-reader # Must match the name of the role or cluster role to bind.
  apiGroup: rbac.authorization.k8s.io
subjects:
# One or more "targets" can be specified.
- kind: User
  name: jane.doe
  apiGroup: rbac.authorization.k8s.io

If a role binding like the above is created in a cluster, a user with the username jane.doe is granted the permission to perform the API actions defined in the pod-reader role.

Example) Role Binding read-pods #2

An example of writing a group (IAM user group) to a role binding is as follows:

# This role binding allows users in the "ReadPodsGroup" group to view pods in the "default" namespace.
# A "pod-reader" role must exist in the namespace.
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: read-pods
  namespace: default
roleRef:
  kind: Role
  name: pod-reader
  apiGroup: rbac.authorization.k8s.io
subjects:
# One or more "targets" can be specified.
- kind: Group
  name: ReadPodsGroup
  apiGroup: rbac.authorization.k8s.io

# This role binding allows users in the "ReadPodsGroup" group to view pods in the "default" namespace.
# A "pod-reader" role must exist in the namespace.
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: read-pods
  namespace: default
roleRef:
  kind: Role
  name: pod-reader
  apiGroup: rbac.authorization.k8s.io
subjects:
# One or more "targets" can be specified.
- kind: Group
  name: ReadPodsGroup
  apiGroup: rbac.authorization.k8s.io

If a role binding like the above is created in the cluster, users in the IAM user group ReadPodsGroup are granted the permission to perform API operations written in the pod-reader role.

Example) Cluster Role Binding read-nodes

# This cluster role binding allows users in the "ReadNodesGroup" group to view nodes.
# A cluster role named "node-reader" must exist.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: read-nodes
roleRef:
  kind: ClusterRole
  name: node-reader
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: Group
  name: ReadNodesGroup
  apiGroup: rbac.authorization.k8s.io

# This cluster role binding allows users in the "ReadNodesGroup" group to view nodes.
# A cluster role named "node-reader" must exist.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: read-nodes
roleRef:
  kind: ClusterRole
  name: node-reader
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: Group
  name: ReadNodesGroup
  apiGroup: rbac.authorization.k8s.io

When a cluster role binding like the one above is created in the cluster, users in the IAM user group ReadNodesGroup are granted the permissions to perform the API actions written in the cluster role node-reader.

Predefined Roles and Role Bindings for Samsung Cloud Platform

The Kubernetes Engine of Samsung Cloud Platform has predefined cluster role bindings scp-cluster-admin, scp-view, scp-namespace-view, and cluster roles scp-namespace-view. The following table shows the binding relationship between predefined roles and role bindings, and Samsung Cloud Platform users. Here, cluster roles cluster-admin and view are predefined within the Kubernetes cluster. For more detailed explanations, refer to the Roles section.

• According to the cluster role binding scp-cluster-admin, users in the IAM user groups AdministratorGroup or OperatorGroup, as well as the Kubernetes Engine product applicant, are granted cluster administrator permissions.
• According to the cluster role binding scp-view, users in the ViewerGroup are granted cluster viewer permissions. More precisely, since it is linked to the predefined cluster role view in Kubernetes, access permissions for cluster-scoped resources (e.g., namespaces, nodes, ingress classes, etc.) and secrets within namespaces are not included. For more detailed explanations, refer to the Roles section.
• According to the cluster role binding scp-namespace-view, all authenticated users in the cluster are granted namespace viewer permissions.

The details of predefined roles and role bindings for Samsung Cloud Platform are as follows:

Cluster Role Binding scp-cluster-admin

The cluster role binding scp-cluster-admin is bound to the cluster role cluster-admin and bound to the IAM user groups AdministratorGroup, OperatorGroup, and the SCP user (Kubernetes Engine cluster creator) according to the subjects.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
  name: scp-cluster-admin
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: Group
  name: AdministratorGroup
  apiGroup: rbac.authorization.k8s.io
- kind: Group
  name: OperatorGroup
  apiGroup: rbac.authorization.k8s.io
- kind: User                 # Cluster creator
  name: jane.doe # cluster creater name
  apiGroup: rbac.authorization.k8s.io

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
  name: scp-cluster-admin
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: Group
  name: AdministratorGroup
  apiGroup: rbac.authorization.k8s.io
- kind: Group
  name: OperatorGroup
  apiGroup: rbac.authorization.k8s.io
- kind: User                 # Cluster creator
  name: jane.doe # cluster creater name
  apiGroup: rbac.authorization.k8s.io

Cluster Role Binding scp-view

The cluster role binding scp-view is bound to the cluster role view and bound to the IAM user group ViewerGroup according to the subjects.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: scp-view
roleRef:
  kind: ClusterRole
  name: view
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: Group
  name: ViewerGroup
  apiGroup: rbac.authorization.k8s.io

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: scp-view
roleRef:
  kind: ClusterRole
  name: view
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: Group
  name: ViewerGroup
  apiGroup: rbac.authorization.k8s.io

Cluster Role and Cluster Role Binding scp-namespace-view

Cluster Role scp-namespace-view is a role that defines the authority to view namespaces. Cluster Role Binding scp-namespace-view is associated with Cluster Role scp-namespace-view and grants namespace view authority to all authenticated users in the cluster.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: scp-namespace-view
rules:
- apiGroups: [""]
  resources: ["namespaces"]
  verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: scp-namespace-view
roleRef:
  kind: ClusterRole
  name: scp-namespace-view
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: Group
  name: system:authenticated
  apiGroup: rbac.authorization.k8s.io

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: scp-namespace-view
rules:
- apiGroups: [""]
  resources: ["namespaces"]
  verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: scp-namespace-view
roleRef:
  kind: ClusterRole
  name: scp-namespace-view
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: Group
  name: system:authenticated
  apiGroup: rbac.authorization.k8s.io

IAM User Group RBAC Use Case

This chapter explains examples of granting authority by major user scenarios. The names of IAM user groups, ClusterRoleBindings/RoleBindings, and ClusterRoles presented here are examples for understanding. Administrators should define and apply appropriate names and authorities according to their needs.

Cluster Administrator

To create a cluster administrator, follow these steps:

1. Create an IAM user group named ClusterAdminGroup.
2. Create a ClusterRoleBinding with the following content in the target cluster:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: cluster-admin-group
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: Group
  name: ClusterAdminGroup
  apiGroup: rbac.authorization.k8s.io

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: cluster-admin-group
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: Group
  name: ClusterAdminGroup
  apiGroup: rbac.authorization.k8s.io

• It is associated with the default ClusterRole cluster-admin, granting administrator authority for the cluster.

Cluster Editor

To create a cluster editor, follow these steps:

1. Create an IAM user group named ClusterEditGroup.
2. Create a ClusterRoleBinding with the following content in the target cluster:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: cluster-edit-group
roleRef:
  kind: ClusterRole
  name: edit
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: Group
  name: ClusterEditGroup
  apiGroup: rbac.authorization.k8s.io

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: cluster-edit-group
roleRef:
  kind: ClusterRole
  name: edit
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: Group
  name: ClusterEditGroup
  apiGroup: rbac.authorization.k8s.io

• The default cluster role edit is associated with it, and editor permissions are granted for the cluster.

Cluster Viewer

To create a cluster viewer, follow these steps:

1. Create an IAM user group named ClusterViewGroup.
2. Create a cluster role binding with the following content in the target cluster.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: cluster-view-group
roleRef:
  kind: ClusterRole
  name: view
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: Group
  name: ClusterViewGroup
  apiGroup: rbac.authorization.k8s.io

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: cluster-view-group
roleRef:
  kind: ClusterRole
  name: view
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: Group
  name: ClusterViewGroup
  apiGroup: rbac.authorization.k8s.io