KOF Verification

Finally, verify that KOF installed properly.

kubectl get clustersummaries -A -o wide

Wait until the value of HELMCHARTS changes from Provisioning to Provisioned.

kubectl get secret -n kcm-system $REGIONAL_CLUSTER_NAME-kubeconfig \
  -o=jsonpath={.data.value} | base64 -d > regional-kubeconfig

kubectl get secret -n kcm-system $CHILD_CLUSTER_NAME-kubeconfig \
  -o=jsonpath={.data.value} | base64 -d > child-kubeconfig

KUBECONFIG=regional-kubeconfig kubectl get pod -A
  # Namespaces: cert-manager, ingress-nginx, kof, kube-system, projectsveltos

KUBECONFIG=child-kubeconfig kubectl get pod -A
  # Namespaces: kof, kube-system, projectsveltos

Wait for all pods to show as Running.

If the auto-configuration failed, find the reason in the logs of the kof-operator:

kubectl logs -n kof deploy/kof-mothership-kof-operator

Manual DNS config

If you've opted out of DNS auto-config, you will need to do the following:

1. Get the EXTERNAL-IP of ingress-nginx:

   KUBECONFIG=regional-kubeconfig kubectl get svc \
     -n kof ingress-nginx-controller
   

   It should look like REDACTED.us-east-2.elb.amazonaws.com

2. Create these DNS records of type A, all pointing to that EXTERNAL-IP:

   echo grafana.$REGIONAL_DOMAIN
   echo jaeger.$REGIONAL_DOMAIN
   echo vmauth.$REGIONAL_DOMAIN
   

Sveltos

Use the Sveltos dashboard to verify secrets have been auto-distributed to the required clusters:

1. Start by preparing the system:

   kubectl create sa platform-admin
   kubectl create clusterrolebinding platform-admin-access \
     --clusterrole cluster-admin --serviceaccount default:platform-admin
   
   kubectl create token platform-admin --duration=24h
   kubectl port-forward -n kof svc/dashboard 8081:80
   

2. Now open http://127.0.0.1:8081/login and paste the token output in step 1 above.

3. Open the ClusterAPI tab: http://127.0.0.1:8081/sveltos/clusters/ClusterAPI/1
4. Check both regional and child clusters:
   • Cluster profiles should be Provisioned.
   • Secrets should be distributed.