### Install and Start k0s Controller Source: https://github.com/k0rdent/docs/blob/main/docs/admin/installation/create-mgmt-clusters/mgmt-create-k0s-single.md Installs k0s, configures it as a controller with worker enablement and no taints, and starts the service. ```bash curl --proto '=https' --tlsv1.2 -sSf https://get.k0s.sh | sudo sh sudo k0s install controller --enable-worker --no-taints sudo k0s start ``` -------------------------------- ### Install and Start k0s Controller Source: https://github.com/k0rdent/docs/blob/main/docs/admin/installation/create-mgmt-clusters/mgmt-create-k0s-multi.md Installs the k0s controller using the specified configuration file and then starts the k0s service. ```bash sudo k0s install controller -c /etc/k0s/k0s.yaml sudo k0s start ``` -------------------------------- ### Install and Start k0s Worker Source: https://github.com/k0rdent/docs/blob/main/docs/admin/installation/create-mgmt-clusters/mgmt-create-k0s-multi.md Install k0s as a worker and start the service, providing the path to the join token file. ```bash sudo k0s install worker --token-file /path/to/token/file/token-file sudo k0s start ``` -------------------------------- ### Join New Controller to Cluster Source: https://github.com/k0rdent/docs/blob/main/docs/admin/installation/create-mgmt-clusters/mgmt-create-k0s-multi.md Install k0s as a controller on the new node, using the previously created token file and the cluster's configuration file. Then, start the k0s service. ```bash sudo k0s install controller --token-file /path/to/token/file -c /etc/k0s/k0s.yaml sudo k0s start ``` -------------------------------- ### Setup Python Virtual Environment Source: https://github.com/k0rdent/docs/blob/main/README.md Creates and activates a Python virtual environment for Mkdocs dependencies. Ensure Python 3 is installed. ```bash python3 -m venv ./mkdocs source ./mkdocs/bin/activate ``` -------------------------------- ### ServiceTemplate Example Source: https://github.com/k0rdent/docs/blob/main/docs/reference/template/index.md An example of a ServiceTemplate for installing Kyverno. This template references the official Kyverno Helm chart and specifies its version. ```yaml apiVersion: k0rdent.mirantis.com/v1beta1 kind: ServiceTemplate metadata: name: kyverno-3-2-6 namespace: kcm-system spec: helm: chartSpec: chart: kyverno interval: 10m0s reconcileStrategy: ChartVersion sourceRef: kind: HelmRepository name: k0rdent-catalog version: 3.2.6 status: chartRef: kind: HelmChart name: kyverno-3-2-6 namespace: kcm-system description: A Helm chart to refer the official kyverno helm chart observedGeneration: 1 valid: true ``` -------------------------------- ### ServiceTemplate HelmOptions Example Source: https://github.com/k0rdent/docs/blob/main/docs/admin/ksm/ksm-service-templates.md Configures global Helm options for installation and updates, including wait, timeout, and labels. ```yaml spec: helmOptions: wait: true waitForJobs: true timeout: 10m atomic: true labels: environment: production team: platform installOptions: createNamespace: true ``` -------------------------------- ### Install eksctl Source: https://github.com/k0rdent/docs/blob/main/docs/admin/installation/create-mgmt-clusters/mgmt-create-eks-multi.md Download and install the eksctl command-line tool. This command installs the latest version to `/usr/local/bin`. ```bash curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_Linux_amd64.tar.gz" | tar xz -C /tmp sudo mv /tmp/eksctl /usr/local/bin eksctl version ``` ```console 0.211.0 ``` -------------------------------- ### Backup Storage Location Status Example Source: https://github.com/k0rdent/docs/blob/main/docs/admin/backup/prepare-backups.md This is an example output showing a 'Available' backup storage location. ```console NAME PHASE LAST VALIDATED AGE DEFAULT aws-s3 Available 27s 2d true ``` -------------------------------- ### Install MkDocs Plugins Source: https://github.com/k0rdent/docs/blob/main/README.md Installs necessary MkDocs plugins for enhanced functionality, including Mermaid diagrams, Material theme, and callouts. Run after installing MkDocs. ```bash pip install mkdocs-mermaid2-plugin pip install mkdocs-material pip install markdown-callouts ``` -------------------------------- ### Install MkDocs Source: https://github.com/k0rdent/docs/blob/main/README.md Installs the MkDocs static site generator using pip. This command should be run after activating the virtual environment. ```bash pip install mkdocs ``` -------------------------------- ### Install Helm Source: https://github.com/k0rdent/docs/blob/main/docs/admin/installation/create-mgmt-clusters/mgmt-create-k0s-single.md Downloads and installs Helm 3 using the official get-helm.sh script. ```bash curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 chmod 700 get_helm.sh ./get_helm.sh ``` -------------------------------- ### Example Cluster Template Output Source: https://github.com/k0rdent/docs/blob/main/docs/quickstarts/quickstart-2-openstack.md This is an example output from the 'kubectl get clustertemplate' command. Identify the OpenStack standalone cluster template name from this list. ```console NAMESPACE NAME VALID kcm-system adopted-cluster-{{{ extra.docsVersionInfo.providerVersions.dashVersions.adoptedCluster }}} true kcm-system aws-eks-{{{ extra.docsVersionInfo.providerVersions.dashVersions.awsEksCluster }}} true kcm-system aws-hosted-cp-{{{ extra.docsVersionInfo.providerVersions.dashVersions.awsHostedCpCluster }}} true kcm-system aws-standalone-cp-{{{ extra.docsVersionInfo.providerVersions.dashVersions.awsStandaloneCpCluster }}} true kcm-system azure-aks-{{{ extra.docsVersionInfo.providerVersions.dashVersions.azureAksCluster }}} true kcm-system azure-hosted-cp-{{{ extra.docsVersionInfo.providerVersions.dashVersions.azureHostedCpCluster }}} true kcm-system azure-standalone-cp-{{{ extra.docsVersionInfo.providerVersions.dashVersions.azureStandaloneCpCluster }}} true kcm-system docker-hosted-cp-{{{ extra.docsVersionInfo.providerVersions.dashVersions.dockerHostedCpCluster }}} true kcm-system gcp-gke-{{{ extra.docsVersionInfo.providerVersions.dashVersions.gcpGkeCluster }}} true kcm-system gcp-hosted-cp-{{{ extra.docsVersionInfo.providerVersions.dashVersions.gcpHostedCpCluster }}} true kcm-system gcp-standalone-cp-{{{ extra.docsVersionInfo.providerVersions.dashVersions.gcpStandaloneCpCluster }}} true kcm-system openstack-standalone-cp-{{{ extra.docsVersionInfo.providerVersions.dashVersions.openstackStandaloneCpCluster }}} true kcm-system remote-cluster-{{{ extra.docsVersionInfo.providerVersions.dashVersions.openstackStandaloneCpCluster }}} true kcm-system vsphere-hosted-cp-{{{ extra.docsVersionInfo.providerVersions.dashVersions.vsphereHostedCpCluster }}} true kcm-system vsphere-standalone-cp-{{{ extra.docsVersionInfo.providerVersions.dashVersions.vsphereStandaloneCpCluster }}} true ``` -------------------------------- ### Install KOF Application Source: https://github.com/k0rdent/docs/blob/main/includes/kof-install-includes.md Installs or upgrades the main KOF application using Helm, referencing a values file for configuration. ```bash helm upgrade -i --reset-values \ --create-namespace -n kof kof \ -f kof-values.yaml \ {{{ docsVersionInfo.kofVersions.kofOciRegistryBase }}}/charts/kof \ --version {{{ extra.docsVersionInfo.kofVersions.kofDotVersion }}} ``` -------------------------------- ### Install Krew (Kubectl Plugin Manager) Source: https://github.com/k0rdent/docs/blob/main/docs/admin/installation/auth/okta.md Installs Krew, a package manager for kubectl plugins, by detecting your OS and architecture, downloading the latest release, and installing it. Ensure Krew is added to your PATH. ```bash ( set -x; cd "$(mktemp -d)" && OS="$(uname | tr '[:upper:]' '[:lower:]')" && ARCH="$(uname -m | sed -e 's/x86_64/amd64/' -e 's/\(arm\)\(64\)?.*/\1\2/' -e 's/aarch64$/arm64/')" && KREW="krew-${OS}_${ARCH}" && curl -fsSLO "https://github.com/kubernetes-sigs/krew/releases/latest/download/${KREW}.tar.gz" && tar zxvf "${KREW}.tar.gz" && ./"${KREW}" install krew ) ``` ```bash export PATH="${KREW_ROOT:-$HOME/.krew}/bin:$PATH" ``` -------------------------------- ### ClusterDeployment to ServiceSet Example Source: https://github.com/k0rdent/docs/blob/main/docs/admin/ksm/ksm-providers.md An example demonstrating a ClusterDeployment object with defined services and the resulting ServiceSet object. ```yaml apiVersion: k0rdent.mirantis.com/v1beta1 kind: ClusterDeployment metadata: name: sample-cluster namespace: kcm-system spec: # spec fields related to cluster configuration are omitted serviceSpec: provider: name: kcm-projectsveltos config: continueOnError: false priority: 100 stopOnConflict: false syncMode: Continuous services: - template: ingress-nginx-4-11-0 name: managed-ingress ``` ```yaml apiVersion: k0rdent.mirantis.com/v1beta1 kind: ServiceSet metadata: name: sample-cluster namespace: kcm-system labels: ksm.k0rdent.mirantis.com/adapter: kcm-controller-manager spec: cluster: kcm-system provider: name: kcm-projectsveltos config: continueOnError: false priority: 100 stopOnConflict: false syncMode: Continuous services: - template: ingress-nginx-4-11-0 name: managed-ingress namespace: default status: conditions: - lastTransitionTime: "2025-08-27T10:30:15Z" message: Profile is ready observedGeneration: 1 reason: ServiceSetProfileReady status: "True" type: ServiceSetProfile deployed: true provider: ready: true suspended: false # will be omitted services: - lastStateTransitionTime: "2025-08-27T10:30:15Z" name: managed-ingress namespace: default state: Deployed template: ingress-nginx-4-11-0 type: Helm version: "4.11.0" ``` -------------------------------- ### Install Azure CLI on Ubuntu Source: https://github.com/k0rdent/docs/blob/main/docs/admin/installation/prepare-mgmt-cluster/azure.md Installs the Azure CLI on Ubuntu systems using a provided script. Ensure you have curl installed. ```bash curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash ``` -------------------------------- ### Example k0s Configuration Snippet Source: https://github.com/k0rdent/docs/blob/main/docs/admin/installation/create-mgmt-clusters/mgmt-create-k0s-multi.md An example of a k0s configuration file, showing how to set the external API address and Subject Alternative Names (SANs) for external cluster access. ```yaml ... spec: api: address: 172.31.7.199 externalAddress: myhost.example.com ca: certificatesExpireAfter: 8760h0m0s expiresAfter: 87600h0m0s k0sApiPort: 9443 port: 6443 sans: - 172.31.7.199 - fe80::c4:e6ff:fecc:9739 - myhost.example.com controllerManager: {} extensions: helm: ... ``` -------------------------------- ### Example ClusterDeployment YAML Source: https://github.com/k0rdent/docs/blob/main/docs/admin/clusters/admin-adopting-clusters.md An example of a complete ClusterDeployment YAML configuration for adopting a cluster. ```yaml apiVersion: k0rdent.mirantis.com/v1beta1 kind: ClusterDeployment metadata: name: my-cluster namespace: kcm-system spec: template: adopted-cluster-{{{ extra.docsVersionInfo.k0rdentVersion }}} credential: my-cluster-credential dryRun: false config: {} ``` -------------------------------- ### Install k0rdent with Helm Chart Source: https://github.com/k0rdent/docs/blob/main/docs/admin/installation/install-k0rdent.md Use this command to install the k0rdent Helm chart. Ensure you specify the correct release version number. ```bash helm install kcm {{{ extra.docsVersionInfo.ociRegistry }}} --version {{{ extra.docsVersionInfo.k0rdentDotVersion }}} -n kcm-system --create-namespace ``` ```console Pulled: ghcr.io/k0rdent/kcm/charts/kcm:{{{ extra.docsVersionInfo.k0rdentDotVersion }}} Digest: {{{ extra.docsVersionInfo.k0rdentDigestValue }}} NAME: kcm LAST DEPLOYED: {{{ extra.docsVersionInfo.k0rdentDigestDate }}} NAMESPACE: kcm-system STATUS: deployed REVISION: 1 TEST SUITE: None ``` -------------------------------- ### Install FluxCD Source: https://github.com/k0rdent/docs/blob/main/docs/admin/ksm/ksm-byo-provider.md Installs the FluxCD CD solution to the management cluster. Verify the installation by checking the status of its deployments. ```bash # Install Flux flux install --namespace=flux-system ``` ```bash kubectl get deployments -n flux-system ``` ```text NAME READY UP-TO-DATE AVAILABLE AGE helm-controller 1/1 1 1 1m kustomize-controller 1/1 1 1 1m notification-controller 1/1 1 1 1m source-controller 1/1 1 1 1m ``` -------------------------------- ### K0sControlPlane Authentication Configuration Example Source: https://github.com/k0rdent/docs/blob/main/docs/admin/clusters/cluster-iam-setup.md Example showing the equivalent configuration for a non-hosted control plane, including mounting the secret and setting the API server flag. ```yaml spec: k0sConfigSpec: {{- if .Values.auth.configSecret.name }} files: - contentFrom: secretRef: name: {{ .Values.auth.configSecret.name }} key: {{ default "config" .Values.auth.configSecret.key }} permissions: "0644" path: /var/lib/k0s/auth/config-{{ .Values.auth.configSecret.hash }}.yaml {{- end }} ... k0s: apiVersion: k0s.k0sproject.io/v1beta1 kind: ClusterConfig metadata: name: k0s spec: api: extraArgs: {{- if .Values.auth.configSecret.name }} authentication-config: /var/lib/k0s/auth/config-{{ .Values.auth.configSecret.hash }}.yaml {{- end }} ... ``` -------------------------------- ### Example Output of Available Cluster Templates Source: https://github.com/k0rdent/docs/blob/main/docs/quickstarts/quickstart-2-remote.md This is an example output showing the different ClusterTemplate objects available. Note the name of the Remote Cluster template for use in subsequent steps. ```console NAMESPACE NAME VALID kcm-system adopted-cluster-{{{ extra.docsVersionInfo.providerVersions.dashVersions.adoptedCluster }}} true kcm-system aws-eks-{{{ extra.docsVersionInfo.providerVersions.dashVersions.awsEksCluster }}} true kcm-system aws-hosted-cp-{{{ extra.docsVersionInfo.providerVersions.dashVersions.awsHostedCpCluster }}} true kcm-system aws-standalone-cp-{{{ extra.docsVersionInfo.providerVersions.dashVersions.awsStandaloneCpCluster }}} true kcm-system azure-aks-{{{ extra.docsVersionInfo.providerVersions.dashVersions.azureAksCluster }}} true kcm-system azure-hosted-cp-{{{ extra.docsVersionInfo.providerVersions.dashVersions.azureHostedCpCluster }}} true kcm-system azure-standalone-cp-{{{ extra.docsVersionInfo.providerVersions.dashVersions.azureStandaloneCpCluster }}} true kcm-system docker-hosted-cp-{{{ extra.docsVersionInfo.providerVersions.dashVersions.dockerHostedCpCluster }}} true kcm-system gcp-gke-{{{ extra.docsVersionInfo.providerVersions.dashVersions.gcpGkeCluster }}} true kcm-system gcp-hosted-cp-{{{ extra.docsVersionInfo.providerVersions.dashVersions.gcpHostedCpCluster }}} true kcm-system gcp-standalone-cp-{{{ extra.docsVersionInfo.providerVersions.dashVersions.gcpStandaloneCpCluster }}} true kcm-system openstack-hosted-cp-{{{ extra.docsVersionInfo.providerVersions.dashVersions.openstackStandaloneCpCluster }}} true kcm-system openstack-standalone-cp-{{{ extra.docsVersionInfo.providerVersions.dashVersions.openstackStandaloneCpCluster }}} true kcm-system remote-cluster-{{{ extra.docsVersionInfo.providerVersions.dashVersions.remoteCluster }}} true kcm-system vsphere-hosted-cp-{{{ extra.docsVersionInfo.providerVersions.dashVersions.vsphereHostedCpCluster }}} true kcm-system vsphere-standalone-cp-{{{ extra.docsVersionInfo.providerVersions.dashVersions.vsphereStandaloneCpCluster }}} true ``` -------------------------------- ### Install MkDocs Dependencies Source: https://github.com/k0rdent/docs/blob/main/docs/contrib/k0rdent-documentation-contributors-guide.md Install all required Python packages for MkDocs from the 'requirements.txt' file within the activated virtual environment. ```bash pip install -r requirements.txt ``` -------------------------------- ### Install Krew (Kubectl Plugin Manager) Source: https://github.com/k0rdent/docs/blob/main/docs/admin/installation/auth/entra-id.md Installs Krew, a package manager for kubectl plugins, which simplifies managing OIDC login plugins. This script detects your OS and architecture, downloads the latest Krew release, and installs it. ```bash (set -x; cd "$(mktemp -d)" && OS=$(uname | tr '[:upper:]' '[:lower:]') && ARCH=$(uname -m | sed -e 's/x86_64/amd64/' -e 's/arm.*$/arm/') && KREW="krew-${OS}_${ARCH}" && curl -fsSLO "https://github.com/kubernetes-sigs/krew/releases/latest/download/${KREW}.tar.gz" && tar zxvf "${KREW}.tar.gz" && ./"${KREW}" install krew) ``` -------------------------------- ### Example Ready Status Source: https://github.com/k0rdent/docs/blob/main/docs/admin/regional-clusters/creating-credential-in-region.md An example of a Credential status indicating it is ready. This signifies that the Credential has been successfully validated and is prepared for use. ```yaml status: conditions: - lastTransitionTime: "2025-09-26T11:15:57Z" message: Credential is ready observedGeneration: 1 reason: Succeeded status: "True" type: CredentialReady ready: true ``` -------------------------------- ### Service Template ValuesFrom Example Source: https://github.com/k0rdent/docs/blob/main/docs/user/services/servicetemplate-parameters.md Demonstrates how to use `valuesFrom` to reference ConfigMaps or Secrets for Helm values, with an example of overriding values. ```yaml valuesFrom: - kind: ConfigMap # or Secret name: my-config ``` ```yaml services: - template: ingress-nginx-4-11-3 name: ingress-nginx namespace: ingress-nginx valuesFrom: - kind: ConfigMap name: base-config - kind: Secret name: sensitive-config values: | # These values override anything from valuesFrom controller: replicaCount: 3 ``` -------------------------------- ### K0smotronControlPlane Authentication Configuration Example Source: https://github.com/k0rdent/docs/blob/main/docs/admin/clusters/cluster-iam-setup.md Example demonstrating how a hosted control plane consumes the injected authentication configuration by mounting the secret and setting the API server flag. ```yaml spec: k0sConfig: apiVersion: k0s.k0sproject.io/v1beta1 kind: ClusterConfig metadata: name: k0s spec: mounts: {{- if .Values.auth.configSecret.name }} - path: /var/lib/k0s/auth secret: defaultMode: 420 items: - key: {{ .Values.auth.configSecret.key }} path: config-{{ .Values.auth.configSecret.hash }}.yaml secretName: {{ .Values.auth.configSecret.name }} {{- end }} ... api: extraArgs: {{- if .Values.auth.configSecret.name }} authentication-config: /var/lib/k0s/auth/config-{{ .Values.auth.configSecret.hash }}.yaml {{- end }} ... ``` -------------------------------- ### Install K0rdent Skipping Default Management Object Source: https://github.com/k0rdent/docs/blob/main/docs/appendix/appendix-extend-mgmt.md Use this command to install K0rdent while skipping the default `Management` object creation, allowing you to provide your own configuration. ```bash --set="controller.createManagement=false" ``` -------------------------------- ### Verify NVIDIA Driver and Runtime Installation Source: https://github.com/k0rdent/docs/blob/main/docs/governance/cncf/ai-conformance/index.md Check the installed NVIDIA driver version and confirm the registration of NVIDIA-related RuntimeClasses. ```bash $ kubectl -n gpu-operator exec ds/nvidia-driver-daemonset -- \ nvidia-smi --query-gpu=driver_version --format=csv,noheader 580.126.20 $ kubectl logs cuda-smoketest NVIDIA-SMI 580.126.20 Driver Version: 580.126.20 $ kubectl get runtimeclass NAME HANDLER nvidia nvidia nvidia-cdi nvidia-cdi nvidia-legacy nvidia-legacy ``` -------------------------------- ### KOF ClusterDeployment Autoconfiguration Example Source: https://github.com/k0rdent/docs/blob/main/docs/admin/kof/kof-architecture.md Example of adding KOF labels to a k0rdent ClusterDeployment to define its role and tenant association. ```yaml apiVersion: k0rdent.mirantis.com/v1beta1 kind: ClusterDeployment metadata: name: $CLUSTER_NAME namespace: kcm-system labels: k0rdent.mirantis.com/kof-cluster-role: child # or regional k0rdent.mirantis.com/kof-tenant-id: $TENANT_ID # for child only spec: config: region: us-east-1 # ... ``` -------------------------------- ### ClusterTemplate Example Source: https://github.com/k0rdent/docs/blob/main/docs/reference/template/index.md An example of a ClusterTemplate configuration for deploying a k0s cluster on AWS. It specifies Helm chart details and cluster configuration parameters. ```yaml apiVersion: k0rdent.mirantis.com/v1beta1 kind: ClusterTemplate metadata: name: aws-standalone-cp-{{{ extra.docsVersionInfo.providerVersions.dashVersions.awsStandaloneCpCluster }}} namespace: kcm-system spec: helm: chartSpec: chart: aws-standalone-cp interval: 10m0s reconcileStrategy: ChartVersion sourceRef: kind: HelmRepository name: k0rdent-catalog version: {{{ extra.docsVersionInfo.k0rdentDotVersion }}} status: chartRef: kind: HelmChart name: aws-standalone-cp-{{{ extra.docsVersionInfo.providerVersions.dashVersions.awsStandaloneCpCluster }}} namespace: kcm-system config: bastion: allowedCIDRBlocks: [] ami: "" disableIngressRules: false enabled: false instanceType: t2.micro clusterIdentity: kind: AWSClusterStaticIdentity name: "" clusterNetwork: pods: cidrBlocks: - 10.244.0.0/16 services: cidrBlocks: - 10.96.0.0/12 controlPlane: amiID: "" iamInstanceProfile: control-plane.cluster-api-provider-aws.sigs.k8s.io imageLookup: baseOS: "" format: amzn2-ami-hvm*-gp2 org: "137112412989" instanceType: "" rootVolumeSize: 8 controlPlaneNumber: 3 extensions: chartRepository: "" imageRepository: "" k0s: version: v1.31.1+k0s.1 publicIP: false region: "" sshKeyName: "" worker: amiID: "" iamInstanceProfile: control-plane.cluster-api-provider-aws.sigs.k8s.io imageLookup: baseOS: "" format: amzn2-ami-hvm*-gp2 org: "137112412989" instanceType: "" rootVolumeSize: 8 workersNumber: 2 description: 'An kcm template to deploy a k0s cluster on AWS with bootstrapped control plane nodes. ' observedGeneration: 1 providerContracts: bootstrap-k0smotron: v1beta1 control-plane-k0smotron: v1beta1 infrastructure-aws: v1beta2 providers: - bootstrap-k0smotron - control-plane-k0smotron - infrastructure-aws valid: true ``` -------------------------------- ### Setup Controller with Manager Source: https://github.com/k0rdent/docs/blob/main/docs/admin/ksm/ksm-byo-provider.md Configures the controller manager to watch for ServiceSet resources and their owned HelmRelease and Kustomization resources. This is the standard setup for a Kubernetes controller. ```go func (r *ServiceSetReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). For(&kcmv1.ServiceSet{}). Owns(&helmv2.HelmRelease{}). Owns(&kustomizev1.Kustomization{}). Complete(r) } ``` -------------------------------- ### Install k0rdent-istio-base Chart Source: https://github.com/k0rdent/docs/blob/main/includes/kof-upgrade-includes.md Installs or upgrades the k0rdent-istio-base Helm chart into the istio-system namespace. It disables the cert-manager service template and configures Istio sidecar injection specifically for the 'kof' namespace. ```bash helm upgrade -i --wait \ --create-namespace -n istio-system k0rdent-istio-base \ --set cert-manager-service-template.enabled=false \ --set injectionNamespaces="{kof}" \ {{{ docsVersionInfo.kofVersions.kofOciRegistryBaseIstio }}}/charts/k0rdent-istio-base --version 0.1.0 ``` -------------------------------- ### Install Charts and Templates Source: https://github.com/k0rdent/docs/blob/main/docs/admin/hosted-control-plane/hcp-aws.md Use these commands to install KCM charts and templates, ensuring the controller image and registry repository are correctly specified. Requires a valid kubeconfig. ```bash KUBECONFIG=kubeconfig IMG="ghcr.io/k0rdent/kcm/controller-ci:v0.0.1-179-ga5bdf29" REGISTRY_REPO="oci://ghcr.io/k0rdent/kcm/charts-ci" make dev-apply ``` ```bash KUBECONFIG=kubeconfig make dev-templates ``` -------------------------------- ### Configure ImagePullSecret for Initial Installation (Helm) Source: https://github.com/k0rdent/docs/blob/main/docs/appendix/appendix-extend-mgmt.md When installing via Helm, specify the `imagePullSecret` for the controller and `imagePullSecrets` for global and other subcharts if registry authentication is needed. ```yaml controller: imagePullSecret: registry-pull-secret ``` -------------------------------- ### Install k0rdent-istio Chart Source: https://github.com/k0rdent/docs/blob/main/includes/kof-upgrade-includes.md Installs or upgrades the k0rdent-istio Helm chart into the istio-system namespace. This configuration disables the cert-manager service template and sets up an OpenTelemetry extension provider for tracing. ```bash helm upgrade -i --wait -n istio-system k0rdent-istio \ --set cert-manager-service-template.enabled=false \ --set "istiod.meshConfig.extensionProviders[0].name=otel-tracing" \ --set "istiod.meshConfig.extensionProviders[0].opentelemetry.port=4317" \ --set "istiod.meshConfig.extensionProviders[0].opentelemetry.service=kof-collectors-daemon-collector.kof.svc.cluster.local" \ {{{ docsVersionInfo.kofVersions.kofOciRegistryBaseIstio }}}/charts/k0rdent-istio --version 0.1.0 ``` -------------------------------- ### Serve k0rdent Documentation Locally Source: https://github.com/k0rdent/docs/blob/main/docs/contrib/k0rdent-documentation-contributors-guide.md Build and serve the k0rdent documentation locally using MkDocs. Access it at http://127.0.0.1:8000. ```bash python3 mkdocs serve ``` -------------------------------- ### Navigate to Docs Directory Source: https://github.com/k0rdent/docs/blob/main/docs/contrib/k0rdent-documentation-contributors-guide.md Change into the 'docs' directory of your cloned k0rdent repository. ```bash cd docs ``` -------------------------------- ### Run MkDocs Development Server Source: https://github.com/k0rdent/docs/blob/main/README.md Starts the MkDocs live-reloading documentation server for local development. Access the documentation via the provided URL in your browser. ```bash mkdocs serve ``` -------------------------------- ### ClusterDeployment Status Example Source: https://github.com/k0rdent/docs/blob/main/docs/user/services/checking-status.md This YAML snippet shows the status field of a ClusterDeployment, detailing the state of installed services like ingress-nginx and kyverno. ```yaml apiVersion: k0rdent.mirantis.com/v1beta1 kind: ClusterDeployment metadata: . . . generation: 1 name: wali-aws-dev namespace: kcm-system . . . spec: . . . serviceSpec: services: - name: ingress-nginx namespace: ingress-nginx template: ingress-nginx-4-11-3 - name: kyverno namespace: kyverno template: kyverno-3-2-6 . . . status: . . . observedGeneration: 1 services: - lastTransitionTime: "2024-12-11T23:03:05Z" name: ingress-nginx namespace: ingress-nginx state: Deployed template: ingress-nginx-4-11-3 type: Helm version: ingress-nginx-4-11-3 - lastTransitionTime: "2024-12-11T23:03:05Z" name: kyverno namespace: kyverno state: Deployed template: kyverno-3-2-6 type: Helm version: kyverno-3-2-6 ``` -------------------------------- ### KSM Main Entry Point (Go) Source: https://github.com/k0rdent/docs/blob/main/docs/admin/ksm/ksm-byo-provider.md The main Go program for the KSM adapter, setting up the controller manager and registering reconcilers. Ensure all necessary API schemes are added. ```go // cmd/manager/main.go package main import ( "flag" "os" helmeV2 "github.com/fluxcd/helm-controller/api/v2" kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1" sourcev1 "github.com/fluxcd/source-controller/api/v1" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/log/zap" kcmv1 "github.com/k0rdent/kcm/api/v1beta1" "your-org/flux-adapter/internal/controller" ) var ( scheme = runtime.NewScheme() ) func init() { _ = kcmv1.AddToScheme(scheme) _ = helmv2.AddToScheme(scheme) _ = kustomizev1.AddToScheme(scheme) _ = sourcev1.AddToScheme(scheme) } func main() { var metricsAddr string var enableLeaderElection bool var systemNamespace string flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.") flag.BoolVar(&enableLeaderElection, "leader-elect", false, "Enable leader election for controller manager.") flag.StringVar(&systemNamespace, "system-namespace", "kcm-system", "The namespace where KCM is installed.") flag.Parse() ctrl.SetLogger(zap.New(zap.UseDevMode(true))) mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ Scheme: scheme, MetricsBindAddress: metricsAddr, LeaderElection: enableLeaderElection, LeaderElectionID: "flux-adapter.k0rdent.mirantis.com", }) if err != nil { ctrl.Log.Error(err, "unable to start manager") os.Exit(1) } if err = (&controller.ServiceSetReconciler{ Client: mgr.GetClient(), SystemNamespace: systemNamespace, }).SetupWithManager(mgr); err != nil { ctrl.Log.Error(err, "unable to create controller", "controller", "ServiceSet") os.Exit(1) } ctrl.Log.Info("starting manager") if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil { ctrl.Log.Error(err, "problem running manager") os.Exit(1) } } ``` -------------------------------- ### Comprehensive Audit Policy Example Source: https://github.com/k0rdent/docs/blob/main/docs/admin/clusters/cluster-audit-policy.md This example provides a starting point for creating a custom audit policy. It includes rules to exclude high-volume, low-risk events and specific resource types to reduce log noise. Configure user groups, verbs, and resources as needed for your environment. ```yaml apiVersion: k0rdent.mirantis.com/v1beta1 kind: ClusterAuditPolicy metadata: name: default namespace: my-namespace spec: policy: rules: # The following requests were manually identified as high-volume and low-risk, # so drop them. - level: None users: ["system:kube-proxy"] verbs: ["watch"] resources: - group: "" # core resources: ["endpoints", "services", "services/status"] - level: None userGroups: ["system:nodes"] verbs: ["get"] resources: - group: "" # core resources: ["nodes", "nodes/status"] - level: None users: - system:kube-controller-manager - system:cloud-controller-manager - system:kube-scheduler - system:serviceaccount:kube-system:endpoint-controller verbs: ["get", "update"] namespaces: ["kube-system"] resources: - group: "" # core resources: ["endpoints"] - level: None users: ["system:apiserver"] verbs: ["get"] resources: - group: "" # core resources: ["namespaces", "namespaces/status", "namespaces/finalize"] - level: None users: ["cluster-autoscaler"] verbs: ["get", "update"] namespaces: ["kube-system"] resources: - group: "" # core resources: ["configmaps", "endpoints"] # Don't log leader election lease updates (high-volume from all controllers). - level: None verbs: ["get", "update"] resources: - group: "coordination.k8s.io" resources: ["leases"] # Don't log HPA fetching metrics. - level: None users: - system:kube-controller-manager - system:cloud-controller-manager verbs: ["get", "list"] resources: - group: "metrics.k8s.io" # Don't log these read-only URLs. - level: None nonResourceURLs: - /healthz* - /version - /swagger* # Don't log events requests because of performance impact. - level: None resources: - group: "" # core resources: ["events"] # node and pod status calls from nodes are high-volume and can be large, don't log responses for expected updates from nodes - level: Request users: ["kubelet", "system:node-problem-detector", "system:serviceaccount:kube-system:node-problem-detector"] verbs: ["update","patch"] resources: - group: "" # core resources: ["nodes/status", "pods/status"] omitStages: - "RequestReceived" - level: Request userGroups: ["system:nodes"] verbs: ["update","patch"] resources: - group: "" # core resources: ["nodes/status", "pods/status"] omitStages: - "RequestReceived" # deletecollection calls can be large, don't log responses for expected namespace deletions - level: Request ``` -------------------------------- ### Create k0s Configuration File Source: https://github.com/k0rdent/docs/blob/main/docs/admin/installation/create-mgmt-clusters/enabling-audit.md Create a k0s configuration file on control plane machines. ```bash mkdir -p /etc/k0s k0s config create > /etc/k0s/k0s.yaml ``` -------------------------------- ### Istio Configuration for Regionless Mode Source: https://github.com/k0rdent/docs/blob/main/docs/admin/kof/kof-storing.md When Istio is already applied, use these values during Istio installation or upgrade to enable communication between child and management clusters in a regionless setup. Ensure the management cluster API server URL is correctly set. ```bash --set managementCluster.includeInMesh=true \ --set managementCluster.apiServer="https://EXAMPLE-control-plane:6443" \ --set-json 'gateway.resource.spec.servers[0]="{\"port\":{\"number\":15443,\"name\":\"tls\",\"protocol\":\"TLS\"},\"tls\":{\"mode\":\"AUTO_PASSTHROUGH\"},\"hosts\":[\"mothership-vmauth.kof.svc.cluster.local\"]}"' ``` -------------------------------- ### Install K0rdent with Helm and Custom Velero Settings Source: https://github.com/k0rdent/docs/blob/main/docs/admin/backup/customization.md Use this command to install K0rdent via Helm, configuring Velero plugins, backup storage locations, and credentials. Ensure the plugin supports Object Store for restoration. ```bash helm install kcm {{{ extra.docsVersionInfo.ociRegistry }}} \ --version \ --create-namespace \ --namespace kcm-system \ --set-file regional.velero.credentials.secretContents.cloud= \ --set regional.velero.credentials.useSecret=true \ --set regional.velero.backupsEnabled=true \ --set regional.velero.configuration.backupStorageLocation[0].name= \ --set regional.velero.configuration.backupStorageLocation[0].provider= \ --set regional.velero.configuration.backupStorageLocation[0].bucket= \ --set regional.velero.configuration.backupStorageLocation[0].config.region= \ --set regional.velero.initContainers[0].name=velero-plugin-for- \ --set regional.velero.initContainers[0].image=velero/velero-plugin-for-: \ --set regional.velero.initContainers[0].volumeMounts[0].mountPath=/target \ --set regional.velero.initContainers[0].volumeMounts[0].name=plugins ``` -------------------------------- ### Install AWS CLI v2 Source: https://github.com/k0rdent/docs/blob/main/docs/admin/installation/prepare-mgmt-cluster/aws.md Installs the AWS CLI v2 on a Linux system. This process involves downloading, unzipping, and installing the package. ```bash sudo apt install unzip curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" unzip awscliv2.zip sudo ./aws/install ``` -------------------------------- ### Install AWS CLI Source: https://github.com/k0rdent/docs/blob/main/docs/admin/installation/create-mgmt-clusters/mgmt-create-eks-multi.md Download and install the AWS CLI version 2. ```bash curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" unzip awscliv2.zip sudo ./aws/install ``` -------------------------------- ### Deploy new k0rdent-istio chart Source: https://github.com/k0rdent/docs/blob/main/includes/kof-upgrade-includes.md Install the unified `k0rdent-istio` chart, specifying version 0.2.0 and configuring cert-manager and tracing settings. ```bash helm upgrade -i --reset-values --wait --create-namespace -n istio-system k0rdent-istio \ {{{ docsVersionInfo.kofVersions.kofOciRegistryBaseIstio }}}/charts/k0rdent-istio --version 0.2.0 \ --set cert-manager-service-template.enabled=false \ --set "istiod.meshConfig.extensionProviders[0].name=otel-tracing" \ --set "istiod.meshConfig.extensionProviders[0].opentelemetry.port=4317" \ --set "istiod.meshConfig.extensionProviders[0].opentelemetry.service=kof-collectors-daemon-collector.kof.svc.cluster.local" ``` -------------------------------- ### Install kubectl on Debian/Ubuntu Source: https://github.com/k0rdent/docs/blob/main/docs/admin/installation/create-mgmt-clusters/mgmt-create-k0s-single.md Installs kubectl on Debian-based systems by adding the Kubernetes APT repository. ```bash sudo apt-get update sudo apt-get install -y apt-transport-https ca-certificates curl gnupg curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.31/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg sudo chmod 644 /etc/apt/keyrings/kubernetes-apt-keyring.gpg # allow unprivileged APT programs to read this keyring echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.31/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list sudo chmod 644 /etc/apt/sources.list.d/kubernetes.list # helps tools such as command-not-found to work correctly sudo apt-get update sudo apt-get install -y kubectl ``` -------------------------------- ### Prepare and Restart k0s Controller Source: https://github.com/k0rdent/docs/blob/main/docs/admin/installation/auth/okta.md Ensures the authentication configuration file is in the correct location and restarts the k0s controller to apply the new settings. ```bash # ensure your auth file is in place sudo mkdir -p /etc/k0s sudo cp authentication-config.yaml /etc/k0s/authentication-config.yaml sudo chmod 600 /etc/k0s/authentication-config.yaml # restart k0s so the API server picks up the new flags sudo systemctl restart k0scontroller ``` -------------------------------- ### Wait for Grafana Installation to Complete Source: https://github.com/k0rdent/docs/blob/main/docs/admin/kof/kof-grafana.md Monitor the Grafana custom resource status to ensure the installation has successfully completed. ```bash kubectl wait grafana -n kof grafana-vm \ --for='jsonpath={.status.stage}=complete' \ --for='jsonpath={.status.stageStatus}=success' \ --timeout=5m ``` -------------------------------- ### Prepare Migration Environment Source: https://github.com/k0rdent/docs/blob/main/docs/admin/kof/kof-upgrade.md Runs an interactive alpine container on the new regional cluster to prepare the migration environment. Installs curl and pv for data transfer and monitoring. ```bash KUBECONFIG=regional-kubeconfig kubectl run -it --rm \ --image=alpine:latest -n kof migration -- sh apk update apk add curl pv ``` -------------------------------- ### Install clusterawsadm CLI Source: https://github.com/k0rdent/docs/blob/main/docs/admin/installation/prepare-mgmt-cluster/aws.md Download and install the clusterawsadm CLI tool for managing AWS-specific Cluster API resources. ```bash curl -LO https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases/download/v2.7.1/clusterawsadm-linux-amd64 sudo install -o root -g root -m 0755 clusterawsadm-linux-amd64 /usr/local/bin/clusterawsadm ``` -------------------------------- ### Example CloudWatch Log Event Output Source: https://github.com/k0rdent/docs/blob/main/docs/admin/kof/kof-storing.md An example of the JSON output when retrieving log events from AWS CloudWatch. ```json {"events": [{ "timestamp": 1744305535107, "message": "{\"body\":\"10.244.0.1 - - [10/Apr/2025 17:18:55] \\\"GET /-/ready HTTP/1.1 200 ..." }]} ``` -------------------------------- ### Create k0s Configuration Directory and File Source: https://github.com/k0rdent/docs/blob/main/docs/admin/installation/create-mgmt-clusters/mgmt-create-k0s-multi.md This snippet creates the necessary directory for k0s configuration and generates a default configuration file. ```bash mkdir -p /etc/k0s k0s config create > /etc/k0s/k0s.yaml ``` -------------------------------- ### Install k0rdent using Helm Source: https://github.com/k0rdent/docs/blob/main/docs/quickstarts/quickstart-1-mgmt-node-and-cluster.md Deploys k0rdent into the k0s management cluster. This command requires the OCI registry and version information for k0rdent. ```bash helm install kcm {{{ extra.docsVersionInfo.ociRegistry }}} --version {{{ extra.docsVersionInfo.k0rdentDotVersion }}} -n kcm-system --create-namespace ``` -------------------------------- ### Get All StateManagementProviders Source: https://github.com/k0rdent/docs/blob/main/docs/admin/ksm/ksm-providers.md Command to list all StateManagementProvider resources across all namespaces. ```bash kubectl get statemanagementprovider -A ``` -------------------------------- ### Build and Push Docker Image Source: https://github.com/k0rdent/docs/blob/main/docs/admin/ksm/ksm-byo-provider.md Commands to build the Docker image for the KSM adapter and push it to a container registry. Replace 'your-registry' with your actual registry path. ```bash docker build -t your-registry/flux-adapter:v0.1.0 . docker push your-registry/flux-adapter:v0.1.0 ``` -------------------------------- ### ProviderTemplate Example Source: https://github.com/k0rdent/docs/blob/main/docs/reference/template/index.md An example of a ProviderTemplate configuration, including its status. This template defines provider-specific configurations like those for k0smotron or AWS. ```yaml apiVersion: k0rdent.mirantis.com/v1beta1 kind: ProviderTemplate metadata: name: cluster-api-{{{ extra.docsVersionInfo.k0rdentVersion }}} spec: helm: chartSpec: chart: cluster-api interval: 10m0s reconcileStrategy: ChartVersion sourceRef: kind: HelmRepository name: k0rdent-catalog version: {{{ extra.docsVersionInfo.k0rdentDotVersion }}} status: capiContracts: v1alpha3: "" v1alpha4: "" v1beta1: "" chartRef: kind: HelmChart name: cluster-api-0-0-4 namespace: kcm-system config: config: {} configSecret: create: false name: "" namespace: "" description: A Helm chart for Cluster API core components observedGeneration: 1 valid: true ``` -------------------------------- ### Configure ImagePullSecret for Initial Installation Source: https://github.com/k0rdent/docs/blob/main/docs/appendix/appendix-extend-mgmt.md When performing an initial installation and registry authentication is required, specify the `imagePullSecrets` for global and various subcharts. ```yaml global: imagePullSecrets: - name: registry-pull-secret controller: imagePullSecret: registry-pull-secret flux2: imagePullSecrets: - name: registry-pull-secret regional: cluster-api-operator: imagePullSecrets: - name: registry-pull-secret velero: image: imagePullSecrets: - registry-pull-secret rbac-manager: image: imagePullSecrets: - name: registry-pull-secret ``` -------------------------------- ### Describe Cluster Provisioning with clusterctl Source: https://github.com/k0rdent/docs/blob/main/docs/admin/clusters/deploy-cluster.md Provides a detailed view of the cluster provisioning process, including conditions, using the clusterctl CLI. ```bash clusterctl describe cluster -n --show-conditions all ``` -------------------------------- ### Full ProviderInterface Example Source: https://github.com/k0rdent/docs/blob/main/docs/reference/provider-interface.md A complete example of a ProviderInterface CRD object, including description, cluster GVKs, and cluster identities with references. ```yaml apiVersion: k0rdent.mirantis.com/v1beta1 kind: ProviderInterface metadata: name: cluster-api-provider-azure annotations: helm.sh/resource-policy: keep spec: description: "Azure infrastructure provider for Cluster API" clusterGVKs: - group: infrastructure.cluster.x-k8s.io version: v1beta1 kind: AzureCluster - group: infrastructure.cluster.x-k8s.io version: v1alpha1 kind: AzureASOManagedCluster clusterIdentities: - group: infrastructure.cluster.x-k8s.io version: v1beta1 kind: AzureClusterIdentity references: - group: "" version: v1 kind: Secret nameFieldPath: spec.clientSecret.name namespaceFieldPath: spec.clientSecret.namespace - group: "" version: v1 kind: Secret ```