Container Cluster Management

Users can understand the clusters in which their applications are deployed and managed, and manage them using automation processes. Each component is implemented as a micro-service and operates in a Kubernetes cluster. The Container Cluster Management service supports the key capabilities described in Summary of features.

Container Cluster Management personas and operational privileges

Tool providers and open systems have provided supporting tools, such as Kubernetes and OpenShift, for development and operational teams. Kyndryl Container Cluster Management affords specific privileges to users and administrators of these tools based on responsibilities with which they are tasked. These users then employ features of the Container Cluster Management service to manage the support tools of choice. The Service provides the following list of key features:

• Production systems monitoring on Kubernetes and Openshift clusters.
• Visibility of logs in production without critical access

These service features are used by individuals in titled roled referred to as personas. Kyndryl Container Cluster Management targets two personas:

• Alvin: Site Reliability Engineer
• Maureen: Application Developer

Alvin and Maureen require different privileges in their assigned roles, and are thus granted appropriate privileges to enable the performance of their jobs. For details about privileges associated with these personas, go to Personas.

Container Cluster Management Functions

The following list provides details about Container Cluster Management functions:

• Cluster: To view the different cluster data.
• Cluster Configuration:To view the different Cluster configuration.
• Actions: To leverage CCM Actions UI for efficient cluster resource management and action history tracking.
• Network: To view the different Network data.
• Storage: To view the different storage data.
• Workloads: To view the different Workload data.
• Cluster access control: To view the different Access control data.
• Policy: To view the different policies.
• Custom resources: To view the different Custom resources data.
• My Dashboard: To personalize your dashboard experience with the most important data while finding relevant information briefly tailored to your unique needs from a single easy-to-use dashboard.
• Glossary of terms: For definitions.
• Audit Logs: For Audit logs

Container Cluster Management Provider Integration

Container Cluster Management integrates with all major public services (cloud service providers).

• Supported public cloud providers the following providers are supported:
  • Alibaba Cloud
  • AWS Cloud
  • Azure Cloud
  • Google Cloud Platform
  • IBM Cloud
• Prometheus Alerting System Support Prometheus is an open-source monitoring framework. It provides out-of-the-box monitoring capabilities for the Kubernetes container orchestration platform. Read about configuration details at the following links:
  • Alibaba Prometheus Configuration
  • AWS Prometheus Configuration
  • Azure Prometheus Configuration
  • Google Cloud Prometheus Configuration
  • IBM Cloud Prometheus Configuration
• Common Actions Services: Manage your resources usina simple action or orchestration of actions integrated in Kyndryl Container Cluster Management.

Container Cluster Management user integration

Users who become Container Cluster Management members can collaborate within the application with different levels of responsibilities based on specific needs and the specific access policy assigned to each group or member. To invite users to your platform, complete the following procedure:

1. Select the main menu at the application's far upper left corner to view the navigation menu.
2. Select Admin and choose IAM, the Identity Access Management (IAM) page allows you to manage user identities and regulate the user's access type.
3. Select Add New and choose Add Users In the Add Users screen as an Administrator, you can configure the email invitation to send to the user. When selecting the invitation advance preferences next to the settings icon, you will find two drop-down menus to configure the language of the invitation email to send the user and the selection of Identity Provider.
4. Enter the user's or users' email address and choose each user you want to invite. Only up to 100 emails per invitation are available.
5. Select the desired access policy at the platform level for the user; the options are: Administrator and Editor
6. Select the Add button at the bottom right of the screen. A confirmation message will be displayed with the date and time that the invitation was sent.

Container Cluster Management function requirements

For Kubernetes, at least one of the following applications is required:

• Alibaba Cloud Container Service for Kubernetes (ACK)
• Amazon Elastic Kubernetes Service (EKS)
• Azure Kubernetes Service (AKS)
• Google Kubernetes Engine (GKE)
• IBM Cloud Kubernetes Service (IKS)

For additional details on supported public cloud providers, refer to Supported public cloud providers.

Integration with Kyndryl DevOps Intelligence

You can access the cluster for a specific deployment within Kyndryl DevOps Intelligence by selecting its row within the Deployments table.

Additionally, by selecting the overflow menu on a deployment that has a cluster data point associated, the option Go to CCM will allow you to navigate directy to the Pods Namespace of that specific deployment and its details within the Container Cluster Management application;you will be redirected to the DevOps Intelligence application if you select Back to DevOps Intelligence.

Every App must set the session storage and pass the query parameters accordingly to enable integration with Container Cluster Management. Query parameters:

• appId - It is a mandatory query parameter and should be the same as the session storage key.
• appPage is an optional query parameter and should be used in case of multiple navigations to Container Cluster Management UI from different pages within the same application
• namespace - is an optional query parameter and can be used to set the namespace filter.

Session storage should be set by the application integrating with Container Cluster Management.

Session storage in case of a single navigation: The session storage key should be the same as the appId passed in query parameters. The value should be defined as follows:

{      "breadcrumbItems":      [
        {
            "title":"Inventory",
            "link":"inventoryLink"
        },
        {
            "title":"test",
            "link":"/resource-overview?id=123"
        }
      ],
      "backToLink":{
        "title":"Back to Inventory",
        "link":"inventoryLink"
      },
      "includeClusterLink":true
   }

"breadCrumbItems" is an array of objects containing the text and the URL of the link to be part of the breadcrumb. "backToLink" is an object containing the text and URL of the link linked to the Back link to the application. "includeClusterLink" is set to true if the cluster name is to be displayed as a link to the overview page. Session storage value in case of multiple navigations from different pages within the same application.

{

      "deploy": {
        "breadcrumbItems":
        [
          {
            "title":"Devops Intelligence",
            "link":"link",
          },
          {
            "title":"test2",
            "link":"/resource-overview?id=123"
          }
        ],
        "backToLink": {
          "title":"Back",
          "link":"inventoryLink"
        },
        "includeClusterLink":true
      }
    }

We should use the "appPage" query parameter for multiple navigations containing the page's value. In the above example, it will be equal to "deploy."

The Container Cluster Management Application needs to grant IAM access to users so they can elicit data within the platform while ensuring the appropriate management of authorized access to the platform resources. is an array of objects containing the text and the URL of the link to be part of the breadcrumb. "backToLink" is an object containing the text and URL of the link linked to the Back link to the application. "includeClusterLink" is set to true if the cluster name is to be displayed as a link to the overview page.

This page reviews the basic procedures to grant access as needed, allowing visibility of the correct data to appropriate users within the Container Cluster Management Application.

As a Container Cluster Management Administrator, you can manage your Platform by inviting users and assigning specific policies based on their functions; you can add, edit, or delete users and their respective policies.When a user accesses the Container Cluster Management dashboard and sees a No Data Available the message, two actions can be taken to pull data to the console:

• Action 1: Container Cluster Management and the cloud provider(s) are appropriately configured. If the configuration is valid, you should contact another user with the Base Operator or Base Editor role to validate the Cluster connection for that specific tenant. for more details.
• Action 2: The user must check that the proper access group or policies for Container Cluster Management have been assigned; this can be done by selecting the Main menu and navigating to the portal; at the top left corner, the available roles will be presented. Suppose you have the Viewer role assigned. In that case, another user with a Base Operator or Base Editor position should be notified so that the proper role may be assigned.Prerequisites:
  • Container Cluster Management Platform role: Administrator or Editor.

​

• Container Cluster Management Release Notes
• Common Actions for CCM
• Provider account onboarding