Before creating a Kubernetes cluster, you need to configure a policy to specify the settings for your cluster. A cluster policy can be reused for multiple clusters and simplifies configuration of the cluster.
Nirmata provides default policies for all major cloud providers. You can use these as is, or customize them to your needs.
To configure a Cluster Policy:
- Go to the Policies section in the left navigation and select the Cluster Policies tab.
- Click on the Add Cluster Policy and enter the name
- The policy will be created with the default settings. Click on the policy name in the table to view the details.
- On the policy details page, you can change the version and the cloud provider. You can also update the component settings, network plugins, add-ons and storage classes.
- Once the policy is created, you can use it when deploying a Kubernetes cluster
Note: If no network plugin is specified, the default network plugin for the cloud provider will be used:
- AWS: aws-vpc-cni plugin (alpha)
- Azure: flannel
- Other: flannel
Note: When using a self-signed certificate for Nirmata PE, you will need to use insecure connection for Nirmata controller. This can be done by setting the isInsecure option in Controller section to true.
Note: To use http/https proxy for your Kubernetes cluster components, update the settings in the Proxy Settings section in the policy.
These settings are only used by apiserver, controller-manager and kubelet. Proxy settings are required when deploying Kubernetes on a cloud (e.g. AWS, Azure) since Kubernetes components need to access the cloud provider APIs.
When configuring the Proxy Settings in the Cluster Policy, enter the IP addresses of the local host, host node(s), and the overlay.
If using more than one host node, list each host node IP address individually or enter the IP address/CIDR for all host nodes.
Specify the IP addresses/CIDR for all the nodes in the Kubernets cluster in the No Proxy settings.
If the overlay IP/CIDR is not included, the connection attempt will fail and the apiserver, control-manager, and kublet will not communicate.