Use this option when you want to attach a cluster that is in a DMZ, behind a NAT gateway, behind a proxy server or a firewall, or that requires additional access information. This procedure gathers the information required to create a kubeconfig file for the network tunnel between Kommander and the cluster you want to attach.
-
From the top menu bar, select your target workspace.
-
On the Dashboard page, select the Add Cluster option in the Actions dropdown menu at the top right.
-
Select Attach Cluster.
-
Select the Cluster has networking restrictions card to display the configuration page.
-
Enter the Cluster Name of the cluster you’re attaching.
-
Create additional new Labels as needed.
-
Select the hostname that is the Ingress for the cluster from the Load Balancer Hostname dropdown menu. The hostname must match the Kommander Host cluster to which you are attaching your existing cluster with network restrictions.
-
Specify the URL Path Prefix for your Load Balancer Hostname. This URL path will serve as the prefix for the specific tunnel services you want to expose on the Kommander management cluster. If no value is specified, the value defaults to
/dkp/tunnel
. -
(Optional) Enter a value for the Hostname field.
-
If you have not attached this cluster before, you must create a new secret in the Root CA Certificate drop down menu. To do this in your Konvoy management cluster, view your base64 encoded Kubernetes secret values to copy and paste into the Root CA Certificate field:
echo $(kubectl get secret -n cert-manager kommander-ca -o=go-template='{{index .data "tls.crt"}}')
Otherwise, select from the list of available Secrets.
-
Add any Extra Annotations as needed.
-
Select the Save & Generate kubeconfig button to generate the kubeconfig file for the network tunnel.
After the above is complete, finish attaching the cluster to Kommander.
As an alternative procedure, you can follow these instructions to Use CLI to Add Managed Clusters to Kommander.
For information on TunnelGateway, review the API documentation.