Skip to content

How to create an EMK cluster with the CLI?

Estimated time to read: 3 minutes

In this tutorial you will learn how to create an EMK cluster through an EMK service account in the CLI.

Preconditions:

  • Fuga Cloud Account
  • Kubectl installed on your machine
  • EMK service account kubeconfig

Here's a short explanation on what you are going to learn in this tutorial:

  1. Create an EMK cluster with kubectl
  2. Describe the cluster

Step 1: Create an EMK cluster with kubectl

There are two ways to configure an EMK cluster within Fuga Cloud. The easiest way is through our dashboard with clickable options and a yaml editor to add in some extras.

You can use our 'default' cluster configurations to be sure you are using the latest version, to create a simple default cluster.
Or you maintain your own version of a cluster configuration and use that one to create a cluster through kubectl.

You can find a basic example of the yaml here (click in the upper right corner on "Show Yaml").

Now create the basic settings to create an EMK cluster, create a new file called shoot-config.json: 

apiVersion: core.gardener.cloud/v1beta1
kind: Shoot
metadata:
  namespace: garden-<EMK Project name>
  name: my-cluster
spec:
  provider:
    type: openstack
    infrastructureConfig:
      apiVersion: openstack.provider.extensions.gardener.cloud/v1alpha1
      kind: InfrastructureConfig
      networks:
        workers: 10.250.0.0/16
      floatingPoolName: public
    controlPlaneConfig:
      apiVersion: openstack.provider.extensions.gardener.cloud/v1alpha1
      kind: ControlPlaneConfig
      loadBalancerProvider: amphora
      zone: ams2-c
    workers:
      - name: worker-5ffui-1
        minimum: 2
        maximum: 4
        maxSurge: 1
        zones:
          - ams2-a
          - ams2-b
          - ams2-c
        cri:
          name: containerd
        machine:
          type: emk1.medium
          image:
            name: gardenlinux
            version: 934.10.0
  cloudProfileName: fugacloud
  kubernetes:
    version: 1.26.9
    enableStaticTokenKubeconfig: true
  addons:
    kubernetesDashboard:
      enabled: false
    nginxIngress:
      enabled: false
  hibernation:
    schedules: []
  networking:
    nodes: 10.250.0.0/16
    type: calico
  secretBindingName: <my-secretbinding>
  purpose: production
  region: ams2

This is a default example, get one from the dashboard fitted for your environment. You can get the secret binding with the following: 

% kubectl get secretbindings \
    --kubeconfig ~/Downloads/kubeconfig.yaml | grep emk-project
NAME               SECRET                               PROVIDER              AGE
my-secretbinding   garden-emkproject/my-secretbinding   openstack             95d

This secret binding can be filled in on the spot: <my-secretbinding>.

Next, you want to get the machine type. This can be retrieved from the cloudprofile: 

% kubectl describe cloudprofile fugacloud \
    --kubeconfig ~/Downloads/kubeconfig.yaml

From the same file is it possible to retrieve the supported Kubernetes versions.

When all are filled, you can create the cluster with: 

% kubectl apply -f shoot-config.json \
--kubeconfig ~/Downloads/kubeconfig.yaml
shoot.core.gardener.cloud/yih8z7wkv6 created

Congratulations! You have made your first EMK cluster through the command line.

Be aware that, with the basic settings, we have created a simple EMK cluster with static kubeconfig. For a production-safe cluster it's recommended not to use static, but rotating. More about getting credentials for this can be found in the tutorial "Rotating kubeconfig for my EMK Cluster".

Step 2: Describe the cluster

Verify the state of your EMK cluster. Before requesting a kubeconfig to your cluster it has to be in a finished state. 

% kubectl get shoots
    --kubeconfig ~/Downloads/kubeconfig.yaml
NAME         CLOUDPROFILE   PROVIDER    REGION   K8S VERSION   HIBERNATION   LAST OPERATION            STATUS    AGE
yih8z7wkv6   fugacloud      openstack   ams2     1.25.4        Awake         Create Processing (26%)   healthy   2m
When it is in a finished state you can request a kubeconfig to access the Kubernetes cluster with: 
% cat > kubeconfig-request.json <<EOF
{
    "apiVersion": "authentication.gardener.cloud/v1alpha1",
    "kind": "AdminKubeconfigRequest",
}
EOF

% NAMESPACE=garden-<your_emk_project_name>
% SHOOT=<your_shoot_name>

% kubectl create \
--kubeconfig ~/Downloads/kubeconfig.yaml \
--filename ./kubeconfig-request.json \
--raw /apis/core.gardener.cloud/v1beta1/namespaces/${NAMESPACE}/shoots/${SHOOT}/adminkubeconfig \
| jq -r ".status.kubeconfig | @base64d" \
> config-${SHOOT}.yaml

Then test if you can get info from the cluster about the nodes with: 

% kubectl top nodes \
    --kubeconfig=config-${SHOOT}.yaml
NAME              CPU(cores)   CPU%   MEMORY(bytes)   MEMORY%
shoot--xxx--xxx   208m         10%    1796Mi          66%
shoot--yyy--yyy   180m         9%     1903Mi          70%

Final word

In this walkthrough, you learned how to create an EMK cluster with a service account with kubectl. The next step can be to use a more advanced configuration or a rotating kubeconfig instead of the static one used in this example.