Container Cluster Management personas and operational privileges
Tool providers and open systems have provided supporting tools, such as Kubernetes and OpenShift, for development and operational teams. Kyndryl Container Cluster Management affords specific privileges to users and administrators of these tools based on responsibilities with which they are tasked. These users then employ features of the Container Cluster Management service to manage the support tools of choice. The Service provides the following list of key features:
- Production systems monitoring on Kubernetes and Openshift clusters.
- Visibility of logs in production without critical access
In this capacity, Container Cluster Management supports two positions in hybrid IT estates:
- Site Reliability Engineer
- Application Developer
Individuals in these two positions require different privileges and are thus granted appropriate privileges to enable the performance of their jobs. For details about privileges associated with these IT positions, refer to Supported hybrid estate personnel.
Container Cluster Management Roles
Container Cluster Management uses a role-based system to ensure the users have the appropriate access to resources. User actions in Container Cluster Management depend on the role that has been assigned to that user. The following roles are supported:
- Viewer: Permits viewing specific types of resources such as cluster lists, cluster details, and alerts. 14 viewer roles are available.
- Pod Logs Download: Permits log downloads.
- Create: Permits the creation of discovery clusters or custom views (two create roles).
- Update: Permits updates to discovery cluster or custom views (two update roles).
- Delete: Permits the deletion of discovery or custom views (two delete roles).
Container Cluster Management supports Site Reliability Engineers (SRE) and Application Developers, arming them with critical information about the performance and health of their container deployments.
Container Cluster Management Functions
The following list provides details about Container Cluster Management functions:
- Cluster: To view the different cluster data.
- Cluster configuration: To view the different Cluster configuration.
- Actions: To leverage CCM Actions UI for efficient cluster resource management and action history tracking. For more information on Actions, refer to the Container Cluster Management Actions section of the Cluster details page.
- Network: To view the different Network data.
- Storage: To view the different storage data.
- Workload: To view the different Workload data.
- Cluster access control: To view the different Access control data.
- Policy: To view the different policies.
- Custom resources: To view the different Custom resources data.
- My dashboard: To personalize your dashboard experience with the most important data while finding relevant information briefly tailored to your unique needs from a single easy-to-use dashboard.
- Glossary of terms: For definitions.
Container Cluster Management Provider Integration
Tool providers have made fast progress in providing containers that are the workhorses of data processing on any scale using lightweight, stand-alone software applications and services. With this move to containers, container platforms such as Kubernetes and OpenShift have become progressively more popular among business moving to this new computing paradigm.
Container Cluster Management integrates with all major public services (cloud service providers).
- Supported Pulic Cloud Providers: the following providers are supported:
- Prometheus alerting system support: Prometheus is an open-source monitoring framework. It provides out-of-the-box monitoring capabilities for the Kubernetes container orchestration platform. Read about configuration details at the following links:
- Common Actions Services (CAS): Manage your resources using a simple action or orchestration of actions integrated in Kyndryl Container Cluster Management.
Container Cluster Management user integration
Users who become Container Cluster Management members can collaborate within the application with different levels of responsibilities based on specific needs and the specific access policy assigned to each group or member. To invite users to your platform, complete the following procedure:
- Select the main menu at the application's far upper left corner to view the navigation menu.
- Select Admin and choose IAM, the Identity Access Management (IAM) page allows you to manage user identities and regulate the user's access type.
- Select Add New and choose Add Users In the Add Users screen as an Administrator, you can configure the email invitation to send to the user. When selecting the invitation advance preferences next to the settings icon, you will find two drop-down menus to configure the language of the invitation email to send the user and the selection of Identity Provider.
- Enter the user's or users' email address and choose each user you want to invite. Only up to 100 emails per invitation are available.
- Select the desired access policy at the platform level for the user; the options are: Administrator and Editor
- Select the Add button at the bottom right of the screen. A confirmation message will be displayed with the date and time that the invitation was sent.
Container Cluster Management function requirements
For Kubernetes, at least one of the following applications is required:
- Alibaba Cloud Container Service for Kubernetes (ACK)
- Amazon Elastic Kubernetes Service (EKS)
- Azure Kubernetes Service (AKS)
- Google Kubernetes Engine (GKE)
- IBM Cloud Kubernetes Service (IKS)
For additional details on supported public cloud providers, refer to Supported public cloud providers.