Deployment Target

• 1: K8S Cluster
• 1.1: Verify Cluster Admin Token
• 2: VM Server Group
• 3: Request Permission

1 - K8S Cluster

Users can register a K8S cluster in DevOps Console and deploy various applications through DevOps Console.

Users can add, edit, and delete K8S clusters and namespaces. Added K8S clusters and namespaces can be selected and used in various menus such as project creation (Getting Started with Project Creation), helm install (Getting Started with Helm Install), etc.

Getting Started with a K8S Cluster

To begin managing the K8S cluster, follow these steps.

1. Click the Admin icon at the top right of the Main page. Navigate to the Tenant Dashboard page.
2. From the left menu, click the Deploy Target > K8S Cluster menu. You will be taken to the K8S Cluster page.

Add a K8S cluster

To add a K8S cluster, follow the steps below.

1. Click the Admin icon at the top right of the Main page. You will be taken to the Tenant Dashboard page.
2. From the left menu, click the Deploy Target > K8S Cluster menu. You will be taken to the K8S Cluster page.
3. On the K8S Cluster page, click the Add button. You will be taken to the Add K8S Cluster page.
4. Add K8S Cluster page, after entering the basic information and connection details, click the Connection Test button.
5. After selecting the Helm version, click the Save button.

   Item	Explanation
   K8S cluster name	Please enter the cluster name.
   K8S Cluster ID	Enter the cluster ID. The cluster ID is a unique identifier used to distinguish clusters; please determine and enter it yourself.
   CA Certificate	Enter the server’s certificate information to be used for configuring the kubeconfig file Enter the contents of clusters[0].cluster.certificate-authority-data from the existing kubeconfig file. Contact the cluster provider (administrator) and then enter it. If verification is not possible, enter a temporary value (e.g., temp) and replace it with the correct value once verification is possible.
   Authentication method	Select the admin token method.
   API server URL	Enter the Kubernetes API Server address.
   admin token	Enter the Token with Admin privileges to use for configuring the kubeconfig file. Please refer to Check Cluster Admin Token.
   Helm version	Select Helm version A list of Helm versions available for the K8S cluster version is displayed.

   Table. Add K8S Cluster – Add using admin token authentication

   Item	Explanation
   Authentication method	Select the client certificate method.
   API server URL	Enter the Kubernetes API Server address.
   client certificate	Enter the client certificate information.
   Client Key	Enter the client Key information.

   Table. Add K8S Cluster - Item for adding by authenticating with a client certificate

   Item	Explanation
   Authentication method	Select the kubeconfig file upload method.
   kubeconfig file	Browse button to select the kubeconfig file Only files with the .yml or .yaml extension can be uploaded. If the file is uploaded successfully, the CA Certificate, API server URL, user, admin token, or client certificate will be populated automatically.
   API server URL	Select the Kubernetes API Server address.
   user	Select the user to authenticate Depending on the selected user, the admin token or client certificate information is displayed below

   Table. Adding K8S Cluster - Adding via kubeconfig file upload item

Managing a K8S cluster

Modify K8S cluster

To modify the K8S cluster, follow these steps.

1. Click the Admin icon at the top right of the Main page. You will be taken to the Tenant Dashboard page.
2. From the left menu, click the Deploy Target > K8S Cluster menu. You will be taken to the K8S Cluster page.
3. From the list on the K8S Cluster page, click the K8S cluster. You will be taken to the K8S Cluster Details page of the selected K8S cluster.
4. On the K8S Cluster Details page, click the Edit button.
5. After editing the information, click the Connection Test button.
6. After selecting the Helm version, click the Save button.

Delete K8S cluster

To delete a K8S cluster, follow these steps.

1. Click the Admin icon at the top right of the Main page. You will be taken to the Tenant Dashboard page.
2. From the left menu, click the Deploy Target > K8S Cluster menu. You will be taken to the K8S Cluster page.
3. From the list on the K8S Cluster page, click the K8S cluster. You will be taken to the K8S Cluster Details page of the selected K8S cluster.
4. On the K8S Cluster Details page, click the Delete button.
5. Click the Confirm button in the confirmation popup to complete the deletion.

Add a member to a K8S cluster

To add a K8S cluster member, follow the steps below.

1. Click the Admin icon at the top right of the Main page. Navigate to the Tenant Dashboard page.
2. From the left menu, click the Deploy Target > K8S Cluster menu. You will be taken to the K8S Cluster page.
3. In the list on the K8S Cluster page, click the K8S cluster. You will be taken to the K8S Cluster Details page of the selected K8S cluster.
4. On the K8S Cluster Details page, click the Members tab.
5. When you click the Add button in the Member tab, the Add Member popup window opens.
6. Add Member In the popup, enter the email address and click the Search icon.
7. Click the Add button to add the member to the list below.
8. After selecting the permission, click the Save button to complete adding the member.

Delete K8S cluster member

To delete a K8S cluster member, follow these steps.

1. Click the Admin icon at the top right of the Main page. You will be taken to the Tenant Dashboard page.
2. From the left menu, click the Deploy Target > K8S Cluster menu. You will be taken to the K8S Cluster page.
3. From the list on the K8S cluster page, click the K8S cluster. You will be taken to the K8S cluster details page of the selected K8S cluster.
4. On the K8S Cluster Details page, click the Members tab.
5. In the Member tab, select the checkbox of the user you want to delete.
6. Click the Delete button to remove the selected user from the members.

Managing K8S Cluster Permission Requests

To approve or reject a K8S cluster access request, follow these steps.

1. Click the Admin icon at the top right of the Main page. You will be taken to the Tenant Dashboard page.
2. From the left menu, click the Deploy Target > K8S Cluster menu. You will be taken to the K8S Cluster page.
3. Click the K8S cluster permission request item for the cluster whose permission request you want to approve. The displayed number indicates the number of permissions requested.
4. K8S Cluster Permission Request Approval The popup window opens.
5. Click the application you want to approve or reject.
6. After entering your comment, click the Approve or Reject button.

View K8S cluster permission approval history

To view the K8S cluster permission request approval history, follow these steps.

1. Click the Admin icon at the top right of the Main page. You will be taken to the Tenant Dashboard page.
2. From the left menu, click the Deploy Target > K8S Cluster menu. You will be taken to the K8S Cluster page.
3. From the list on the K8S Cluster page, click the K8S Cluster. You will be taken to the K8S Cluster Details page of the selected K8S Cluster.
4. Click the Approval History tab. The approval history list appears.

Managing namespaces

Import namespace

To import the namespace, follow these steps.

1. Click the Admin icon at the top right of the Main page. You will be taken to the Tenant Dashboard page.
2. From the left menu, click the Deploy Target > K8S Cluster menu. You will be taken to the K8S Cluster page.
3. On the K8S Cluster page, click the K8S cluster from the list. You will be taken to the K8S Cluster Details page of the selected K8S cluster.
4. Click the Namespace tab. The namespace list appears.
5. On the Namespace tab screen, clicking the Import button opens the Import Namespace popup.
6. Namespace Import In the popup window, select the namespace and click the Save button to complete the namespace import.

Delete namespace

To delete a namespace, follow these steps.

1. Click the Admin icon at the top right of the Main page. You will be taken to the Tenant Dashboard page.
2. From the left menu, click the Deploy Target > K8S Cluster menu. You will be taken to the K8S Cluster page.
3. On the K8S cluster page, click the K8S cluster from the list. You will be taken to the K8S cluster details page of the selected K8S cluster.
4. Click the Namespace tab. The namespace list appears.
5. On the Namespace tab screen, clicking a namespace navigates to the Namespace Details page.
6. On the Namespace Details page, click the Delete button to complete the namespace deletion.

Adding a namespace member

To add a namespace member, follow these steps.

1. Main page, click the Admin icon at the top right. It navigates to the Tenant Dashboard page.
2. From the left menu, click the Deploy Target > K8S Cluster menu. You will be taken to the K8S Cluster page.
3. From the list on the K8S Cluster page, click the K8S cluster. You will be taken to the K8S Cluster Details page of the selected K8S cluster.
4. Click the Namespace tab. The namespace list appears.
5. Namespace tab screen, when you click the namespace, you are taken to the Namespace Details page.
6. Namespace Details page, when you click the Members tab, the namespace member list appears.
7. When you click the Add button, the Add Member popup opens.
8. In the Add Member popup, enter the email address and click the Search icon.
9. Click the Add button to add the member to the list below.
10. After selecting the permission, click the Save button to complete adding the member.

Delete namespace member

To delete a namespace member, follow these steps.

1. Click the Admin icon at the top right of the Main page. You will be taken to the Tenant Dashboard page.
2. From the left menu, click the Deploy Target > K8S Cluster menu. You will be taken to the K8S Cluster page.
3. On the K8S Cluster page, click the K8S cluster from the list. You will be taken to the K8S Cluster Details page of the selected K8S cluster.
4. Click the Namespace tab. The namespace list appears.
5. On the Namespace tab screen, clicking the namespace takes you to the Namespace Details page.
6. Namespace Details page, when you click the Members tab, the namespace member list appears.
7. Select the checkbox of the user you want to delete from the list.
8. Click the Delete button to remove the selected user from the members.

Manage namespace permission requests

To approve or reject a namespace permission request, follow these steps.

1. Click the Admin icon at the top right of the Main page. You will be taken to the Tenant Dashboard page.
2. From the left menu, click the Deploy Target > K8S Cluster menu. You will be taken to the K8S Cluster page.
3. From the list on the K8S Cluster page, click the Namespace Permission Request item for the cluster whose permission request you want to approve. The displayed number indicates the number of permission requests.
4. Namespace Permission Request Approval A popup window opens.
5. Select the checkbox for the application you want to approve or reject.
6. After entering your comment, click the Approve or Reject button.

View namespace permission request approval history

To view the namespace permission request approval history, follow these steps.

1. Click the Admin icon at the top right of the Main page. You will be taken to the Tenant Dashboard page.
2. From the left menu, click the Deploy Target > K8S Cluster menu. You will be taken to the K8S Cluster page.
3. In the list on the K8S Cluster page, click the K8S cluster. You will be taken to the K8S Cluster Details page of the selected K8S cluster.
4. Namespace tab, click it. The namespace list appears.
5. On the Namespace tab screen, clicking a namespace takes you to the Namespace Details page.
6. Namespace Details page, when you click the Approval History tab, the approval history list appears.

Managing Ingress Domains

Add Ingress Domain

To add an ingress domain, follow these steps.

1. Click the Admin icon at the top right of the Main page. You will be taken to the Tenant Dashboard page.
2. From the left menu, click the Deploy Target > K8S Cluster menu. You will be taken to the K8S Cluster page.
3. On the K8S cluster page, click the K8S cluster from the list. You will be taken to the K8S cluster details page of the selected K8S cluster.
4. Click the Ingress Domain tab. The Ingress Domain list appears.
5. Ingress Domain tab screen, when you click the Add button, the Add Ingress Domain Information popup opens.
6. Add Ingress Domain Information Enter the information in the popup window and click the Save button to complete adding the ingress domain.

   Item	Explanation
   Node selector	Enter the node selector. It is composed of a key that includes a prefix separated by the first slash (/) of the input value, and its corresponding value. The prefix is optional. e.g., kubernetes.io/nodetype: app
   Proxy IP	Enter the Proxy Server IP or Proxy Server LoadBalancer IP.
   Ingress domain	Enter the domain that the application will use by default.
   Ingress class	Enter the Ingress controller class.

   Table. Ingress Domain Additional Input Items

Modify Ingress Domain

To modify the Ingress domain, follow these steps.

1. Click the Admin icon at the top right of the Main page. You will be taken to the Tenant Dashboard page.
2. From the left menu, click the Deploy Target > K8S Cluster menu. You will be taken to the K8S Cluster page.
3. From the list on the K8S Cluster page, click the K8S cluster. You will be taken to the K8S Cluster Details page of the selected K8S cluster.
4. Click the Ingress Domain tab. The Ingress Domain list appears.
5. On the Ingress Domain tab screen, when you click the Ingress Domain you want to edit, the Edit Ingress Domain Information popup opens.
6. Edit Ingress Domain Information In the popup window, modify the information and click the Save button to complete the Ingress domain edit.

Delete Ingress Domain

To modify the Ingress domain, follow these steps.

1. Click the Admin icon at the top right of the Main page. You will be taken to the Tenant Dashboard page.
2. From the left menu, click the Deploy Target > K8S Cluster menu. You will be taken to the K8S Cluster page.
3. From the list on the K8S Cluster page, click the K8S cluster. You will be taken to the K8S Cluster Details page of the selected K8S cluster.
4. Ingress Domain Click the tab. Ingress Domain list appears.
5. On the Ingress Domain tab, select the checkbox of the Ingress Domain you want to delete.
6. On the Ingress Domain tab screen, click the Delete button to delete the selected ingress domain.

1.1 - Verify Cluster Admin Token

To register a K8S cluster, you must verify the cluster’s Admin Token.

An Admin Token refers to the token value of a ServiceAccount that has the ClusterRole/cluster-admin bound by a ClusterRoleBinding.

Preparation before start

$ kubectl get clusterrole cluster-admin
NAME            CREATED AT
cluster-admin   2022-12-09T08:21:50Z

$ kubectl get clusterrole cluster-admin
NAME            CREATED AT
cluster-admin   2022-12-09T08:21:50Z

Query Admin Token

View existing generated Admin Token

1. Retrieve the ClusterRoleBinding that has ClusterRole/cluster-admin bound.
2. Check the ServiceAccount that is bound by a ClusterRoleBinding.
   Color mode

   # admin token lookup
   $ kubectl get clusterrolebinding | grep ClusterRole/cluster-admin
   [crb_name]     ClusterRole/cluster-admin     77d
   
   $ kubectl describe clusterrolebinding [crb_name]
   Name:         [crb_name]
   Labels:       <none>
   Annotations:  <none>
   Role:
   Kind:  ClusterRole
   Name:  cluster-admin
   Subjects:
   Kind            Name       Namespace
     ----            ----       ---------
   ServiceAccount  [sa_name]  [namespace_name]

   # admin token lookup
   $ kubectl get clusterrolebinding | grep ClusterRole/cluster-admin
   [crb_name]     ClusterRole/cluster-admin     77d
   
   $ kubectl describe clusterrolebinding [crb_name]
   Name:         [crb_name]
   Labels:       <none>
   Annotations:  <none>
   Role:
   Kind:  ClusterRole
   Name:  cluster-admin
   Subjects:
   Kind            Name       Namespace
     ----            ----       ---------
   ServiceAccount  [sa_name]  [namespace_name]

3. Check the Secret associated with the ServiceAccount and retrieve the token (Admin Token).
   Color mode

   # Secret lookup
   $ kubectl get secret -n [namespace_name] | grep [sa_name]
   [sa_name]-token-xxxxx                            kubernetes.io/service-account-token   3      77d
   
   # token lookup
   $ kubectl describe secret [sa_name]-token-xxxxx -n [namespace_name]
   Name:         [sa_name]-token-xxxxx
   ...<중략>...
   Data
   ====
   ca.crt:     1070 bytes
   namespace:  11 bytes
   token:      eyJhbGciOiJSUzI1NiI...

   # Secret lookup
   $ kubectl get secret -n [namespace_name] | grep [sa_name]
   [sa_name]-token-xxxxx                            kubernetes.io/service-account-token   3      77d
   
   # token lookup
   $ kubectl describe secret [sa_name]-token-xxxxx -n [namespace_name]
   Name:         [sa_name]-token-xxxxx
   ...<중략>...
   Data
   ====
   ca.crt:     1070 bytes
   namespace:  11 bytes
   token:      eyJhbGciOiJSUzI1NiI...

Create Admin Token

1. Create the Namespace for the ServiceAccount. If it already exists, proceed to the next step.
   Color mode

   $ kubectl create namespace [namespace_name]
   
   # ex) kubectl create namespace my-app

   $ kubectl create namespace [namespace_name]
   
   # ex) kubectl create namespace my-app

2. Create the [namespace_name]-additional-cluster-admin-sa.yaml file and then run it.
   Color mode

   apiVersion: v1
   kind: ServiceAccount
   metadata:
   name: [namespace_name]-additional-cluster-admin
   namespace: [namespace_name]

   apiVersion: v1
   kind: ServiceAccount
   metadata:
   name: [namespace_name]-additional-cluster-admin
   namespace: [namespace_name]

   Color mode

   # Create ServiceAccount
   $ kubectl apply -f [namespace_name]-additional-cluster-admin-sa.yaml -n [namespace_name]
   
   # ex) kubectl apply -f my-app-additional-cluster-admin-sa.yaml -n my-app

   # Create ServiceAccount
   $ kubectl apply -f [namespace_name]-additional-cluster-admin-sa.yaml -n [namespace_name]
   
   # ex) kubectl apply -f my-app-additional-cluster-admin-sa.yaml -n my-app

3. Create the [namespace_name]-additional-cluster-admin-crb.yaml file and then run it.
   Color mode

   kind: ClusterRoleBinding
   apiVersion: rbac.authorization.k8s.io/v1
   metadata:
      name: [namespace_name]-additional-cluster-admin
   subjects:
   - kind: ServiceAccount
     name: [namespace_name]-additional-cluster-admin
     namespace: [namespace_name]
   roleRef:
     kind: ClusterRole
     name: cluster-admin
     apiGroup: ""

   kind: ClusterRoleBinding
   apiVersion: rbac.authorization.k8s.io/v1
   metadata:
      name: [namespace_name]-additional-cluster-admin
   subjects:
   - kind: ServiceAccount
     name: [namespace_name]-additional-cluster-admin
     namespace: [namespace_name]
   roleRef:
     kind: ClusterRole
     name: cluster-admin
     apiGroup: ""

   Color mode

   # Create ClusterRoleBinding
   $ kubectl apply -f [namespace_name]-additional-cluster-admin-crb.yaml
   
   # ex) kubectl apply -f my-app-additional-cluster-admin-crb.yaml

   # Create ClusterRoleBinding
   $ kubectl apply -f [namespace_name]-additional-cluster-admin-crb.yaml
   
   # ex) kubectl apply -f my-app-additional-cluster-admin-crb.yaml

4. Check the Secret associated with the ServiceAccount and retrieve the token (Admin Token).
   Color mode

   # Secret lookup
   $ kubectl get secret -n [namespace_name] | grep [namespace_name]-additional-cluster-admin
   [namespace_name]-additional-cluster-admin-token-xxxxx   kubernetes.io/service-account-token   3      4m53s
   
   # Token lookup
   $ kubectl describe secret [namespace_name]-additional-cluster-admin-token-xxxxx -n [namespace_name]
   Name:         [namespace_name]-additional-cluster-admin-token-xxxxx
   ...<중략>...
   Data
   ====
   ca.crt:     1111 bytes
   namespace:  6 bytes
   token:      eyJhbGciOiJSUzI1Ni...

   # Secret lookup
   $ kubectl get secret -n [namespace_name] | grep [namespace_name]-additional-cluster-admin
   [namespace_name]-additional-cluster-admin-token-xxxxx   kubernetes.io/service-account-token   3      4m53s
   
   # Token lookup
   $ kubectl describe secret [namespace_name]-additional-cluster-admin-token-xxxxx -n [namespace_name]
   Name:         [namespace_name]-additional-cluster-admin-token-xxxxx
   ...<중략>...
   Data
   ====
   ca.crt:     1111 bytes
   namespace:  6 bytes
   token:      eyJhbGciOiJSUzI1Ni...

   Reference

   If there is no generated Secret (after Kuberentes 1.24), create one manually and then retrieve the token.
   Color mode

   apiVersion: v1
   kind: Secret
   type: kubernetes.io/service-account-token
   metadata:
   name: [namespace_name]-additional-cluster-admin-token
   namespace: [namespace_name]
   annotations:
   kubernetes.io/service-account.name: "[namespace_name]-additional-cluster-admin"

   apiVersion: v1
   kind: Secret
   type: kubernetes.io/service-account-token
   metadata:
   name: [namespace_name]-additional-cluster-admin-token
   namespace: [namespace_name]
   annotations:
   kubernetes.io/service-account.name: "[namespace_name]-additional-cluster-admin"

Verify Admin Token Validity

You can verify the validity of the retrieved Admin Token value by editing the ~/.kube/config file.

1. Modify ~/.kube/config to use a token for user authentication.
   Modify to ex) users[0].user.token and then enter the Admin Token value.
   Color mode

   apiVersion: v1
   clusters:
   - cluster:
       certificate-authority-data: LS0...
       server: https://devopscluster-12345.sk...
     name: devopscluster-12345
   contexts:
   - context:
       cluster: devopscluster-12345
       user: user
     name: user@devopscluster-12345
   current-context: user@devopscluster-12345
   kind: Config
   users:
   - name: user
     user:
       token: [admin_token]

   apiVersion: v1
   clusters:
   - cluster:
       certificate-authority-data: LS0...
       server: https://devopscluster-12345.sk...
     name: devopscluster-12345
   contexts:
   - context:
       cluster: devopscluster-12345
       user: user
     name: user@devopscluster-12345
   current-context: user@devopscluster-12345
   kind: Config
   users:
   - name: user
     user:
       token: [admin_token]

2. Run the kubectl command to verify that you have cluster-admin privileges.
   Color mode

   $ kubectl get nodes
   $ kubectl get namespace
   $ kubectl get all -n kube-system
   $ kubectl create namespace admin-test
   $ kubectl delete namespace admin-test
   
   # Run other commands

   $ kubectl get nodes
   $ kubectl get namespace
   $ kubectl get all -n kube-system
   $ kubectl create namespace admin-test
   $ kubectl delete namespace admin-test
   
   # Run other commands

2 - VM Server Group

A VM server group is a logical unit for grouping and managing VM servers.

Users can add, modify, and delete VM server groups and VM servers. Configured VM server groups and VM servers can be used as deployment target VMs in project creation (배포대상 환경 설정하기) or VM deployment (VM 배포 추가하기).

Getting Started with VM Server Group

To start managing VM server groups, follow these steps.

1. Click the Admin icon at the top right of the Main page. You will be taken to the Tenant Dashboard page.
2. In the left menu, click the Deploy Target > VM Server Group menu. You will be taken to the VM Server Group page.

Add VM server group

To add a VM server group, follow these steps.

1. Click the Management icon at the top right of the Main page. You will be taken to the Tenant Dashboard page.
2. Click the Deployment Target > VM Server Group menu in the left menu. You will be taken to the VM Server Group page.
3. On the VM Server Group page, click the Add button. It navigates to the Add VM Server Group page.
4. Enter the basic information, then click the Save button to complete the VM server group configuration.

   Item	Explanation
   Server group name	Enter the VM server group name.
   Explanation	Please enter a description.
   type	Select the type of VM server group SSH: Perform deployment using SSH commands when deploying a VM. Agent: Perform deployment using an agent when deploying a VM. (Connect Agent)
   VM server	Add: Add the VM server that belongs to the VM server group. Delete: Check the checkbox of the VM server you want to delete from the VM server group, then click Delete to remove it.

   Table. VM Server Group Add Input Items

Add VM server

To add a VM server, you need Manager permission for the corresponding VM server group.

To add a VM server, follow the steps below.

1. Click the Admin icon at the top right of the Main page. Navigate to the Tenant Dashboard page.
2. Click the Deployment Target > VM Server Group menu in the left menu. You will be taken to the VM Server Group page.
3. VM server group page, click the VM server group in the VM server group list where you want to add a VM server. You will be taken to the VM server group detail page.
4. On the VM Server Group Details page, click the Add button. You will be taken to the Add VM Server page.
5. Add VM Server page, after entering the basic information, click the Add button to complete the VM server configuration.

   Item	Explanation
   Server name	Enter the VM server name.
   Explanation	Enter the description.
   IP	Please enter the IP.
   SSH Port	Enter the port of the VM server to use for SSH connections.
   OS	Please enter the OS.
   Location	Please select a location.
   Authentication information	Enter the authentication information for the VM server to be used for SSH connections.
   Secret Key	This is the secret key for authenticating the VM server where the agent is installed.

   Table. VM Server Additional Input Items

Modify VM server group

To modify a VM server group, you need Manager permission for that VM server group.

To modify a VM server group, follow the steps below.

1. Click the Admin icon at the top right of the Main page. You will be taken to the Tenant Dashboard page.
2. Click the Deployment Target > VM Server Group menu in the left menu. You will be taken to the VM Server Group page.
3. On the VM Server Group page, click the VM Server Group you want to edit from the list. You will be taken to the VM Server Group Details page.
4. On the VM Server Group Details page, click the Edit button. You will be taken to the Edit VM Server Group page.
5. After completing the edit, click the Save button to finish modifying the VM server group.

Modify VM server

To modify a VM server, you need Manager permission for the corresponding VM server group.

To modify the VM server, follow the steps below.

1. Click the Admin icon at the top right of the Main page. You will be taken to the Tenant Dashboard page.
2. Click the Deployment Target > VM Server Group menu in the left menu. You will be taken to the VM Server Group page.
3. On the VM Server Group page, click the VM Server Group you want to edit from the list of VM server groups. You will be taken to the VM Server Group Details page.
4. VM Server Group Details page’s VM server list, click the VM server you want to edit. You will be taken to the VM Server Details page.
5. On the VM Server Details page, clicking the Edit button navigates to the VM Server Edit page.
6. On the VM Server Edit page, after completing the edit, click the Save button to finish editing the VM server.

Delete VM server group

To delete a VM server group, follow these steps.

1. Click the Admin icon at the top right of the Main page. Navigate to the Tenant Dashboard page.
2. In the left menu, click the Deploy Target > VM Server Group menu. You will be taken to the VM Server Group page.
3. VM server group page’s VM server group list, click the VM server group you want to delete. You will be taken to the VM server group details page.
4. On the VM server group details page, click the Delete button to complete the VM server group deletion.

Delete VM server

To delete a VM server, follow these steps.

1. Click the Admin icon at the top right of the Main page. You will be taken to the Tenant Dashboard page.
2. From the left menu, click the Deploy Target > VM Server Group menu. You will be taken to the VM Server Group page.
3. On the VM Server Group page, click the VM server group of the VM server you want to delete from the VM server group list. You will be taken to the VM Server Group Details page.
4. On the VM Server Group Details page, click the VM server you want to delete. You will be taken to the VM Server Details page.
5. On the VM server details page, click the Delete button to complete the VM server deletion.

Managing VM Server Group Members

To manage members of a VM server group, you need Manager permission for that VM server group.

Add VM server group member

To add a member to a VM server group, follow these steps.

1. Click the Admin icon at the top right of the Main page. You will be taken to the Tenant Dashboard page.
2. Click the Deployment Target > VM Server Group menu in the left menu. You will be taken to the VM Server Group page.
3. VM Server Group page’s VM Server Group list, click the VM Server Group you want to add a member to. You will be taken to the VM Server Group Details page.
4. On the VM Server Group Details page, click the User tab.
5. When you click the Add button on the User tab, the Add Member popup window opens.
6. After completing the setup, click the Confirm button to finish adding a VM server group member. (Managers can modify or delete the server group, and Members can use the server group when creating projects or adding pipelines.)

Delete VM server group member

To delete a member from a VM server group, follow these steps.

1. Click the Admin icon at the top right of the Main page. You will be taken to the Tenant Dashboard page.
2. Click the Deployment Target > VM Server Group menu in the left menu. You will be taken to the VM Server Group page.
3. On the VM server group page, click the VM server group in the list from which you want to delete a member. You will be taken to the VM server group details page.
4. On the VM Server Group Details page, click the User tab.
5. In the User list, select the checkbox of the user you want to delete.
6. Click the Delete button to remove the selected user from the VM server group members.

Manage VM server group permission requests

To approve or reject a VM server group permission request, follow these steps.

1. Click the Admin icon at the top right of the Main page. You will be taken to the Tenant Dashboard page.
2. Click the Deployment Target > VM Server Group menu in the left menu. You will be taken to the VM Server Group page.
3. On the VM Server Group page, click the permission request item of the VM Server Group whose request you want to approve from the VM Server Group list. The displayed number indicates the number of permission requests. The VM Server Group Permission Request Approval popup window opens.
4. VM Server Group Permission Request Approval In the popup window, click the request you want to approve or reject.
5. After entering your comment, click the Approve or Reject button.

View VM Server Group Permission Approval History

To view the VM server group permission request approval history, follow these steps.

1. Main page, click the Admin icon at the top right. You will be taken to the Tenant Dashboard page.
2. From the left menu, click the Deploy Target > VM Server Group menu. You will be taken to the VM Server Group page.
3. On the VM Server Group page, click the VM server group you want to view from the list. You will be taken to the VM Server Group Details page.
4. On the VM Server Group Details page, click the Approval History tab.

Disable firewall on VM server

SSH method

SSH-based VM deployment uses Secure Shell (Secure SHell, SSH) to deploy directly from Jenkins → Target VM server.

To disable the firewall, follow these steps.

1. Click the Admin icon at the top right of the Main page. You will be taken to the Tenant Dashboard page.
2. Click the Deployment Target > VM Server Group menu in the left menu. You will be taken to the VM Server Group page.
3. On the VM Server Group page, click the Firewall Application Guide link. The Firewall Application Guide popup window opens.
4. Jenkins firewall information is displayed.
   • These details are displayed as the information entered when registering the Jenkins tool, and if no input was provided during tool registration, they may appear as empty values.
   • If needed, contact the tool administrator.

Agent-based approach

Agent-based VM deployment requires the agent to run on the target VM server. The running agent collects information from the DevOps Console and proceeds with the deployment.

1. Click the Admin icon at the top right of the Main page. You will be taken to the Tenant Dashboard page.
2. Click the Deployment Target > VM Server Group menu in the left menu. You will be taken to the VM Server Group page.
3. On the VM Server Group page, click the Agent Installation Guide link. The Agent Installation Guide popup will open.
4. The DevOps Console firewall details, User Guide shortcut, and Agent file download links are displayed.

Integrate Agent

Agent-based VM deployment requires the agent to run on the target VM server. The running agent collects information from the DevOps Console and performs the deployment.

Preparation before agent integration

VM Server Preparation Requirements

Install Java

The agent was written and tested based on Java 8. Install a Java 8 or higher version on the target VM server.

Disable firewall and edit hosts file

The agent collects deployment execution information from the DevOps Console using the REST API, so communication on port 8443 from the Target VM where the agent runs to the DevOps Console is required.

Additionally, when using Rollback, communication with the Rollback Artifact Repository is also required.

If necessary, you may need to disable the firewall or register entries in the hosts file. Refer to the Agent Installation Guide(Agent Method) popup in the DevOps Console for firewall information.

DevOps Console Prerequisites

Prepare authentication key

Target VM server requires agent authentication when the agent runs. Generate a user authentication key and a secret key for authentication. (Manage authentication keys)

Prepare VM server Secret Key

When executing the agent on the target VM server, a Secret Key is required to authorize the VM server that corresponds to the agent.

When adding an agent-type VM server group or VM server, a VM server Secret Key is automatically generated. It can also be viewed later on the VM Server Details page.

Run the agent

Download the agent file

Agent Installation Guide You can download the agent executable from the popup window.

1. Click the Admin icon at the top right of the Main page. You will be taken to the Tenant Dashboard page.
2. In the left menu, click the Deploy Target > VM Server Group menu. You will be taken to the VM Server Group page.
3. On the VM Server Group page, click the Agent Installation Guide link. The Agent Installation Guide popup will open.
4. Agent Installation Guide In the popup window, click the Agent File Download button.
5. The deploy-agent.jar file is downloaded.

Run the agent directly

To run the agent on the target VM server, follow these steps.

1. Create a directory on the target VM server.
2. Move the deploy-agent.jar file to the target directory.
3. Refer to the Usage below and run the agent.
   Color mode

   usage: java -jar deploy-agent.jar -A <arg> -L <arg> [-P <arg>] -S <arg> -V <arg>
    -A,--accessKey <arg>               AccessKey for HMAC
    -L,--serverUrl <arg>               Api server url
    -P,--loggingConfigFilePath <arg>   Path to the property file with 'java.util.logging' settings
    -S,--secretKey <arg>               SecretKey for HMAC
    -V,--vmSecretKey <arg>             VM SecretKey

   usage: java -jar deploy-agent.jar -A <arg> -L <arg> [-P <arg>] -S <arg> -V <arg>
    -A,--accessKey <arg>               AccessKey for HMAC
    -L,--serverUrl <arg>               Api server url
    -P,--loggingConfigFilePath <arg>   Path to the property file with 'java.util.logging' settings
    -S,--secretKey <arg>               SecretKey for HMAC
    -V,--vmSecretKey <arg>             VM SecretKey

Running the Agent Using a Script File

To run the agent on the target VM server using a script, follow these steps.

1. Create a directory on the target VM server.
2. Move the deploy-agent.jar file to the specified directory.
3. Create the file by referring to the sample execution script below.
4. Modify the information of the sample execution script.
   • DC_URL, ACCESS_KEY, SECRET_KEY, VM_SECRET_KEY
5. Run the script.

Linux sample script

#!/bin/sh

JAVA_EXE="java"
DC_URL="https://devops-console-url.com:8443/devops-console-api"
ACCESS_KEY="user-access-key"
SECRET_KEY="user-secret-key"
VM_SECRET_KEY="vm-secret-key"

start()
{
  [ -f deploy-agent.jar ] || { echo "ERROR: deploy-agent.jar file does not exist."; exit 1; }
  echo "Starting Deploy Agent..."
  $JAVA_EXE -jar deploy-agent.jar -A $ACCESS_KEY -S $SECRET_KEY -V $VM_SECRET_KEY -L $DC_URL > deploy-agent.log 2>&1 &
  PID=`ps aux | grep 'java -jar deploy-agent.jar' | grep '\-A' | grep '\-S' | grep '\-V' | grep '\-L' | awk '{print $2}'`
  echo "Process ID : $PID"
  echo $PID > deploy-agent.pid
  echo "Done."
}
stop()
{
  echo "Shutdown Deploy Agent..."
  ps aux | grep 'java -jar deploy-agent.jar' | grep '\-A' | grep '\-S' | grep '\-V' | grep '\-L' | awk '{print $2}' | xargs kill
  echo "Done."
}

case "$1" in
  start)
    start
    ;;
  stop)
    stop
    ;;
  restart)
    stop
    start
    ;;
  *)
    echo $ "Usage: $0 {start|stop|restart}"
    exit 1
    ;;
esac
exit 0

#!/bin/sh

JAVA_EXE="java"
DC_URL="https://devops-console-url.com:8443/devops-console-api"
ACCESS_KEY="user-access-key"
SECRET_KEY="user-secret-key"
VM_SECRET_KEY="vm-secret-key"

start()
{
  [ -f deploy-agent.jar ] || { echo "ERROR: deploy-agent.jar file does not exist."; exit 1; }
  echo "Starting Deploy Agent..."
  $JAVA_EXE -jar deploy-agent.jar -A $ACCESS_KEY -S $SECRET_KEY -V $VM_SECRET_KEY -L $DC_URL > deploy-agent.log 2>&1 &
  PID=`ps aux | grep 'java -jar deploy-agent.jar' | grep '\-A' | grep '\-S' | grep '\-V' | grep '\-L' | awk '{print $2}'`
  echo "Process ID : $PID"
  echo $PID > deploy-agent.pid
  echo "Done."
}
stop()
{
  echo "Shutdown Deploy Agent..."
  ps aux | grep 'java -jar deploy-agent.jar' | grep '\-A' | grep '\-S' | grep '\-V' | grep '\-L' | awk '{print $2}' | xargs kill
  echo "Done."
}

case "$1" in
  start)
    start
    ;;
  stop)
    stop
    ;;
  restart)
    stop
    start
    ;;
  *)
    echo $ "Usage: $0 {start|stop|restart}"
    exit 1
    ;;
esac
exit 0

Windows sample script

@ECHO OFF

SET JAVA_EXE="java"
SET DC_URL="https://devops-console-url.com:8443/devops-console-api"
SET ACCESS_KEY="user-access-key"
SET SECRET_KEY="user-secret-key"
SET VM_SECRET_KEY="vm-secret-key"

IF NOT EXIST deploy-agent.jar (
    ECHO "ERROR: deploy-agent.jar file does not exist."
    EXIT /b 0
)
ECHO "Starting Deploy Agent..."
%JAVA_EXE% -jar deploy-agent.jar -A %ACCESS_KEY% -S %SECRET_KEY% -V %VM_SECRET_KEY% -L %DC_URL%

EXIT /b 0

@ECHO OFF

SET JAVA_EXE="java"
SET DC_URL="https://devops-console-url.com:8443/devops-console-api"
SET ACCESS_KEY="user-access-key"
SET SECRET_KEY="user-secret-key"
SET VM_SECRET_KEY="vm-secret-key"

IF NOT EXIST deploy-agent.jar (
    ECHO "ERROR: deploy-agent.jar file does not exist."
    EXIT /b 0
)
ECHO "Starting Deploy Agent..."
%JAVA_EXE% -jar deploy-agent.jar -A %ACCESS_KEY% -S %SECRET_KEY% -V %VM_SECRET_KEY% -L %DC_URL%

EXIT /b 0

Agent problem solving

Changing the log level

If needed, you can change the agent log level. Refer to the sample log file below and add the -P, --loggingConfigFilePath options.

Sample log file

############################################################
#      Default Logging Configuration File
#
# You can use a different file by specifying a filename
# with the java.util.logging.config.file system property.
# For example java -Djava.util.logging.config.file=myfile
############################################################

############################################################
#      Global properties
############################################################

# "handlers" specifies a comma separated list of log Handler
# classes.  These handlers will be installed during VM startup.
# Note that these classes must be on the system classpath.
# By default we only configure a ConsoleHandler, which will only
# show messages at the INFO and above levels.
handlers= java.util.logging.ConsoleHandler

# To also add the FileHandler, use the following line instead.
#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler

# Default global logging level.
# This specifies which kinds of events are logged across
# all loggers.  For any given facility this global level
# can be overriden by a facility specific level
# Note that the ConsoleHandler also has a separate level
# setting to limit messages printed to the console.
#.level= INFO
.level= FINE

############################################################
# Handler specific properties.
# Describes specific configuration info for Handlers.
############################################################

# default file output is in user's home directory.
java.util.logging.FileHandler.pattern = %h/java%u.log
java.util.logging.FileHandler.limit = 50000
java.util.logging.FileHandler.count = 1
java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter

# Limit the message that are printed on the console to INFO and above.
#java.util.logging.ConsoleHandler.level = INFO
java.util.logging.ConsoleHandler.level = FINE
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter

# Example to customize the SimpleFormatter output format
# to print one-line log message like this:
#     <level>: <log message> [<date/time>]
#
# java.util.logging.SimpleFormatter.format=%4$s: %5$s [%1$tc]%n

############################################################
# Facility specific properties.
# Provides extra control for each logger.
############################################################

# For example, set the com.xyz.foo logger to only log SEVERE
# messages:
com.xyz.foo.level = SEVERE

############################################################
#      Default Logging Configuration File
#
# You can use a different file by specifying a filename
# with the java.util.logging.config.file system property.
# For example java -Djava.util.logging.config.file=myfile
############################################################

############################################################
#      Global properties
############################################################

# "handlers" specifies a comma separated list of log Handler
# classes.  These handlers will be installed during VM startup.
# Note that these classes must be on the system classpath.
# By default we only configure a ConsoleHandler, which will only
# show messages at the INFO and above levels.
handlers= java.util.logging.ConsoleHandler

# To also add the FileHandler, use the following line instead.
#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler

# Default global logging level.
# This specifies which kinds of events are logged across
# all loggers.  For any given facility this global level
# can be overriden by a facility specific level
# Note that the ConsoleHandler also has a separate level
# setting to limit messages printed to the console.
#.level= INFO
.level= FINE

############################################################
# Handler specific properties.
# Describes specific configuration info for Handlers.
############################################################

# default file output is in user's home directory.
java.util.logging.FileHandler.pattern = %h/java%u.log
java.util.logging.FileHandler.limit = 50000
java.util.logging.FileHandler.count = 1
java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter

# Limit the message that are printed on the console to INFO and above.
#java.util.logging.ConsoleHandler.level = INFO
java.util.logging.ConsoleHandler.level = FINE
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter

# Example to customize the SimpleFormatter output format
# to print one-line log message like this:
#     <level>: <log message> [<date/time>]
#
# java.util.logging.SimpleFormatter.format=%4$s: %5$s [%1$tc]%n

############################################################
# Facility specific properties.
# Provides extra control for each logger.
############################################################

# For example, set the com.xyz.foo logger to only log SEVERE
# messages:
com.xyz.foo.level = SEVERE

If the IP is not recognized

When integrating the agent, not only the entered Secret Key but also the VM server’s actual OS name and IP (IPv4) must match the information registered in the DevOps Console for the integration to work.

For VM servers with some multi-network devices installed, the agent may fail to recognize the IP correctly. In such cases, add the IP and hostname settings to the /etc/hosts file as shown below.

3 - Request Permission

You can request permission to use the K8S clusters, namespaces, and VM server groups managed as deployment targets in the DevOps Console.

Getting Started with Permission Request

To begin the permission request, follow the steps below.

1. Click the Admin icon at the top right of the Main page. You will be taken to the Tenant Dashboard page.
2. From the left menu, click the Deployment Target > Permission Request menu. The Permission Request screen appears.

Apply for K8S cluster permissions

To apply for K8S cluster permissions, follow the steps below.

1. Click the Admin icon at the top right of the Main page. You will be taken to the Tenant Dashboard page.
2. From the left menu, click the Deployment Target > Permission Request menu. The Permission Request screen appears.
3. On the Permission Request screen, click the K8S Cluster tab. The K8S Cluster screen appears.
4. On the K8S Cluster screen, click the Apply button. The K8S Cluster Permission Request popup window opens.
5. K8S Cluster Permission Request Search for the K8S cluster to request permission in the popup window.
6. Enter the reason for the application and click the Add button.
7. After selecting the permissions for the added K8S cluster, click the Save button.

Cancel K8S cluster permission request

To cancel a K8S cluster permission request, follow these steps.

1. Click the Admin icon at the top right of the Main page. You will be taken to the Tenant Dashboard page.
2. From the left menu, click the Deployment Target > Permission Request menu. The Permission Request screen appears.
3. On the Permission Request screen, click the K8S Cluster tab. The K8S Cluster screen appears.
4. On the K8S cluster screen, select a cluster and click the Cancel button.

Apply for namespace permission

To request namespace permissions, follow these steps.

1. Click the Admin icon at the top right of the Main page. You will be taken to the Tenant Dashboard page.
2. From the left menu, click the Deployment Target > Permission Request menu. The Permission Request screen appears.
3. On the Permission Request screen, click the Namespace tab. The Namespace screen appears.
4. On the Namespace screen, click the Apply button. The Namespace Permission Request popup opens.
5. Namespace Permission Request In the popup, search for the K8S cluster that contains the namespace for which you are requesting permission.
6. Select a namespace, enter the request reason, and then click the Add button.
7. After selecting the permissions for the added namespace, click the Save button.

Cancel namespace permission request

To cancel a namespace permission request, follow these steps.

1. Click the Admin icon at the top right of the Main page. You will be taken to the Tenant Dashboard page.
2. From the left menu, click the Deployment Target > Permission Request menu. The Permission Request screen appears.
3. On the Permission Request screen, click the Namespace tab. The Namespace screen appears.
4. On the Namespace screen, select a namespace and click the Cancel button.

Apply for VM server group permission

To apply for VM server group permissions, follow the steps below.

1. Main page, click the Admin icon at the top right. You will be taken to the Tenant Dashboard page.
2. From the left menu, click the Deployment Target > Permission Request menu. The Permission Request screen appears.
3. On the Permission Request screen, click the VM Server Group tab. The VM Server Group screen appears.
4. On the VM Server Group screen, click the Apply button. The VM Server Group Permission Request popup opens.
5. VM Server Group Permission Request Search for the VM server group for which you want to request permission in the popup window.
6. Enter the reason for application and click the Add button.
7. After selecting the permissions for the added VM server group, click the Save button.

Cancel VM server group permission request

To cancel the VM server group permission request, follow the steps below.

1. Click the Admin icon at the top right of the Main page. You will be taken to the Tenant Dashboard page.
2. From the left menu, click the Deployment Target > Permission Request menu. The Permission Request screen appears.
3. On the Permission Request screen, click the VM Server Group tab. The VM Server Group screen appears.
4. VM server group on the screen, select the VM server group and click the Cancel button.