Deployment

Pre-pull adapter's container image

Adapter's container must be pre-pulled on cloud proxy instances.

1. SSH as root to cloud-proxies belonging to the collector group where adapter is to be ran.
2. Login to docker registry using docker login harbor.indevops.com.
   • Use Harbor robot account designated for that deployment - ask ASI team to generate a token.
3. Pull container image using docker pull <IMAGE NAME>.
   • Image name can be found on release page for a given version of the management pack.

Install PAK file

1. Download PAK file for version matching the pre-pulled adapter container image.
   • PAK file can be found on release page for a given version of the management pack.
2. Login to VMware Aria Operations and go to Data Sources > Integrations > Repository > Add and upload the PAK file, selecting both:
   • Install the PAK file even if it is already installed,
   • Ignore the PAK file signature checking.
3. Install the management pack.

Configuration

This addon requires access to the Kubernetes API server with read permissions for standard Kubernetes and SaunaFS resources. To enable this, we need to create a service account with the appropriate RBAC permissions and retrieve its certificate and token. You must have kubectl access to the Kubernetes cluster you want to monitor.

1. Create the service account and RBAC rules

   apiVersion: v1
   kind: ServiceAccount
   metadata:
     name: external-access
     namespace: default
   ---
   apiVersion: rbac.authorization.k8s.io/v1
   kind: ClusterRoleBinding
   metadata:
     name: external-access-view
   roleRef:
     apiGroup: rbac.authorization.k8s.io
     kind: ClusterRole
     name: view
   subjects:
   - kind: ServiceAccount
     name: external-access
     namespace: default
   ---
   apiVersion: rbac.authorization.k8s.io/v1
   kind: ClusterRole
   metadata:
     name: storage-viewer
   rules:
   - apiGroups: [""]
     resources: ["persistentvolumes", "persistentvolumeclaims"]
     verbs: ["get", "list", "watch"]
   - apiGroups: ["storage.k8s.io"]
     resources: ["storageclasses"]
     verbs: ["get", "list"]
   ---
   apiVersion: rbac.authorization.k8s.io/v1
   kind: ClusterRoleBinding
   metadata:
     name: storage-viewer-binding
   roleRef:
     apiGroup: rbac.authorization.k8s.io
     kind: ClusterRole
     name: storage-viewer
   subjects:
   - kind: ServiceAccount
     name: external-access
     namespace: default
   ---
   apiVersion: rbac.authorization.k8s.io/v1
   kind: ClusterRole
   metadata:
     name: node-viewer
   rules:
   - apiGroups: [""]
     resources: ["nodes"]
     verbs: ["get", "list", "watch"]
   ---
   apiVersion: rbac.authorization.k8s.io/v1
   kind: ClusterRoleBinding
   metadata:
     name: node-viewer-binding
   roleRef:
     apiGroup: rbac.authorization.k8s.io
     kind: ClusterRole
     name: node-viewer
   subjects:
   - kind: ServiceAccount
     name: external-access
     namespace: default
   ---
   apiVersion: rbac.authorization.k8s.io/v1
   kind: ClusterRole
   metadata:
     name: sarkan-view
   rules:
   - apiGroups: ["saunafs.sarkan.io"]
     resources: ["*"]
     verbs: ["get", "list", "watch"]
   - apiGroups: ["hostdisk.sarkan.io"]
     resources: ["*"]
     verbs: ["get", "list", "watch"]
   ---
   apiVersion: rbac.authorization.k8s.io/v1
   kind: ClusterRoleBinding
   metadata:
     name: external-access-sarkan-view
   roleRef:
     apiGroup: rbac.authorization.k8s.io
     kind: ClusterRole
     name: sarkan-view
   subjects:
   - kind: ServiceAccount
     name: external-access
     namespace: default
   ---
   apiVersion: v1
   kind: Secret
   metadata:
     name: external-access-token
     namespace: default
     annotations:
       kubernetes.io/service-account.name: external-access
   type: kubernetes.io/service-account-token
   

2. Retrieve Access Information

• API Server URL

  •   kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}'
    

• Service Account Token (base64-encoded)

  •   kubectl get secret -n default external-access-token -o jsonpath='{.data.token}'
    

• CA Certificate (base64-encoded)

  •   kubectl get secret -n default external-access-token -o jsonpath='{.data.ca\.crt}'
    

Configure Adapter

1. Go to Administration > Integrations > Repository
   • Use filter on the right to put INDEVOPS
   • Click on brick with Sarkan
2. Use button ADD ACCOUNT
3. Fill the fields

Adapter fields

Field Name	Definition
Name	A unique identifier or label for the adapter.
Description	A brief description of the adapter's purpose or function.
Kubernetes API server address	Hostname or IP address of the Kubernetes Instance.
Credentials	Authentication details service account token and CA certificate.
Collector / Group	The collector or group managing data collection. Must be set to cloud proxy where the adapter's container image is pre-pulled.
Kubernetes API server port	The port used to connect to the Kubernetes API.
Adapter Memory Limit (MB)	Maximum memory (in MB) the adapter can use.
Log Level	Logging detail level: Debug for detailed logging, Normal for standard logs, Trace for extensive tracing.