Before a user is able to install KubeSlice and begin creating slices, it is recommended to perform the installation with the role of Cluster Admin.
Follow along to create and apply the files required to enable the proper roles for the installation of KubeSlice.
Creating the clusterrole.yaml File
Create a file named clusterrrole.yaml in your working directory, and paste the below contents into the file. This file defines the ClusterRole to be deployed to each Kubernetes cluster.
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: avesha-installer-cluster-role
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rules:
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["clusterroles", "roles"]
verbs: ["create", "bind", “delete”]
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["clusterrolebindings", "rolebindings"]
verbs: ["create", “delete”]
- apiGroups: ["networkservicemesh.io"]
resources:
- "networkservices"
- "networkserviceendpoints"
- "networkservicemanagers"
verbs: ["*"]
- apiGroups: ["mesh.avesha.io"]
resources: ["slice", "slice/finalizers", "slice/status"]
verbs: ["*"]
- apiGroups: ["mesh.avesha.io"]
resources: ["slicegateways", "slicegateways/finalizers", "slicegateways/status"]
verbs: ["*"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["*"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["create", "get", "list", "update"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get", "list", "watch"]
- apiGroups: ["apps"]
resources: ["daemonsets"]
verbs: ["get", "list", "watch"]
- apiGroups: ["apps"]
resources: ["deployments"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["services"]
verbs: ["get", "update", "list", "watch", "create", "patch", "delete"]
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "update", "list", "watch", "create", "patch", "delete"]
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
- apiGroups: ["networking.k8s.io"]
resources: ["networkpolicies"]
verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
- apiGroups: ["mesh.avesha.io"]
resources: ["serviceexports", "serviceexports/finalizers", "serviceexports/status"]
verbs: ["get", "update", "list", "watch", "create", "patch", "delete"]
- apiGroups: ["mesh.avesha.io"]
resources: ["serviceimports", "serviceimports/finalizers", "serviceimports/status"]
verbs: ["get", "update", "list", "watch", "create", "patch", "delete"]
- apiGroups: ["mesh.avesha.io"]
resources: ["sliceingresses", "sliceingresses/finalizers", "sliceingresses/status"]
verbs: ["get", "update", "list", "watch", "create", "patch", "delete"]
- apiGroups: ["networking.istio.io"]
resources: ["gateways"]
verbs: ["get", "update", "list", "watch", "create", "delete"]
- apiGroups: ["networking.istio.io"]
resources: ["serviceentries"]
verbs: ["get", "update", "list", "watch", "create", "delete"]
- apiGroups: ["networking.istio.io"]
resources: ["virtualservices"]
verbs: ["get", "update", "list", "watch", "create", "delete"]
Applying the clusterrole.yaml File
Apply the created clusterrole.yaml file using the below command:
kubectl apply -f clusterrole.yaml
Creating the clusterrolebinding.yaml File
Create a file named clusterrolebinding.yaml in your working directory, and paste the below contents into the file. This file defines the ClusterRoleBinding to be deployed to each Kubernetes cluster. All fields below should remain the same except for the subjects: name: segment.
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: avesha-installer-cluster-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: avesha-installer-cluster-role
subjects:
- kind: User
name: <username> | IAM#<username>
Applying the clusterrolebinding.yaml File
Apply the filled-in clusterrole.yaml file using the below command:
kubectl apply -f clusterrolebinding.yaml
Creating the installerrole.yaml File
Create a file named installerrole.yaml in your working directory, and paste the below contents into the file. This file defines the InstallerRole to be deployed to each Kubernetes cluster.
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: avesha-installer-role
namespace: avesha-system
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rules:
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get", "update", "list", "watch", "create", "patch", "delete"]
- apiGroups: [""]
resources: ["services"]
verbs: ["get", "update", "list", "watch", "create", "patch", "delete"]
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "update", "list", "watch", "create", "patch", "delete"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "patch"]
- apiGroups: ["apps"]
resources: ["daemonsets"]
verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
- apiGroups: ["apps"]
resources: ["deployments"]
verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
Applying the installerrole.yaml File
Apply the created installerrole.yaml file using the below command:
kubectl apply -f installerrrole.yaml
Creating the installerrolebinding.yaml File
Create a file named installerrolebinding.yaml in your working directory, and paste the below contents into the file. This file defines the InstallerRoleBinding to be deployed to each Kubernetes cluster. All fields below should remain the same except for the subjects: name: segment.
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: avesha-installer-role-binding
namespace: avesha-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: avesha-installer-role
subjects:
- kind: User
name: <username> | IAM#<username>
Applying the installerrolebinding.yaml File
Apply the filled-in installerrolebinding.yaml file using the below command:
kubectl apply -f installerrolebinding.yaml
Next, you will visit the KubeSlice account signup page to retrieve the API key and Token required to get started. Great Work!