Providers Configuration#

Providers such as AWS require authentication to manage external resources. For each provider integrated into the SkyCluster Manager, a separate configuration must be created.

AWS Configuration#

In the AWS Console, navigate to Identity and Access Management (IAM) and create a new user. Ensure the user has the following permission policy: AmazonEC2FullAceess. Next, in the Security Credentials section, generate an access key. After obtaining the Access Key ID and Secret Access Key, export them as environmental variables and run the configuration script:

export AWS_ACCESS_KEY_ID=abcd....xwyz # replace with your ID
export AWS_SECRET_ACCESS_KEY=abcd....xwyz # replace with your Key

Then execute the command below to configure the AWS provider:

curl -s https://skycluster.io/configs/aws-cfg.sh | bash

Alternatively you can just copy the script below and run it:

aws-setup.sh

 1#!/bin/bash
 2
 3# If env variables are not set, exit
 4if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]; then
 5  echo "AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY must be set."
 6  exit 1
 7fi
 8
 9# Create the content of the credentials in a variable
10creds_content="[default]
11aws_access_key_id = $AWS_ACCESS_KEY_ID
12aws_secret_access_key = $AWS_SECRET_ACCESS_KEY"
13
14# Echo the content and pipe it to base64 for encoding
15creds_enc=$(echo "$creds_content" | base64 -w0)
16
17cat <<EOF | kubectl apply -f -
18apiVersion: aws.upbound.io/v1beta1
19kind: ProviderConfig
20metadata:
21  name: provider-cfg-aws
22  labels:
23    skycluster.io/managed-by: skycluster
24spec:
25  credentials:
26    source: Secret
27    secretRef:
28      name: secret-aws
29      namespace: crossplane-system
30      key: creds
31---
32apiVersion: v1
33kind: Secret
34metadata:
35  name: secret-aws
36  namespace: crossplane-system
37type: Opaque
38data:
39  creds: $creds_enc
40EOF

GCP Configuration#

Create a new project in Google Cloud, then add a service account. Generate a service account key file in JSON format and download the file. Then:

# Use absolute path to the service account key file
export GCP_SVC_ACC_PATH=/home/ubuntu/my-gcp-svc-acc.json
export PROJECT_ID=my-gcp-project-id

Then execute the command below to configure the GCP provider:

curl -s https://skycluster.io/configs/gcp-cfg.sh | bash

Alternatively, you can run the following script:

gcp-setup.sh

 1#!/bin/bash
 2
 3if [[ -z "$GCP_SVC_ACC_PATH" ]] || [[ -z "$PROJECT_ID" ]] ; then
 4  echo "GCP_SVC_ACC_PATH and PROJECT_ID must be set."
 5  exit 1
 6fi
 7
 8# if file does not exist, exit
 9if [[ ! -f "$GCP_SVC_ACC_PATH" ]]; then
10  echo "GCP_SVC_ACC_PATH File does not exist. Ensure the file exists and use the absolute path."
11  exit 1
12fi
13
14kubectl create secret generic secret-gcp -n skycluster --from-file=configs=${GCP_SVC_ACC_PATH}
15
16# Apply the provider configuration
17cat <<EOF | kubectl apply -f -
18apiVersion: gcp.upbound.io/v1beta1
19kind: ProviderConfig
20metadata:
21  name: provider-cfg-gcp
22  labels:
23    skycluster.io/managed-by: skycluster
24spec:
25  projectID: ${PROJECT_ID}
26  credentials:
27    source: Secret
28    secretRef:
29      namespace: skycluster
30      name: secret-gcp
31      key: configs
32EOF

Azure Configuration#

Create a subscription and note your Subscription ID. Next you will need to create a service principal and authentication file. The easiest way to do this is through the CloudShell in the Azure portal. Open the Azure portal and then run the following command in the CloudShell to create the service principal:

export SUBS_ID=<subsc-id>
az ad sp create-for-rbac --name skycluster-setup  \
  --role Owner --sdk-auth \
  --scopes /subscriptions/${SUBS_ID} > azure_config.json

Download the azure_config.json file and export the path as an environmental variable:

export AZURE_CONFIG_PATH=/home/ubuntu/azure_config.json

Then execute the command below to configure the Azure provider:

curl -s https://skycluster.io/configs/azure-cfg.sh | bash

Alternatively, you can run the following script:

azure-setup.sh

 1#!/bin/bash
 2
 3if [[ ! -f $AZURE_CONFIG_PATH ]]; then
 4  echo "Azure config file not found at $AZURE_CONFIG_PATH"
 5  exit 1
 6fi
 7
 8cont_enc=$(cat $AZURE_CONFIG_PATH | base64 -w0)
 9
10cat <<EOF | kubectl apply -f -
11apiVersion: azure.upbound.io/v1beta1
12metadata:
13  name: provider-cfg-azure
14  labels:
15    skycluster.io/managed-by: skycluster
16kind: ProviderConfig
17spec:
18  credentials:
19    source: Secret
20    secretRef:
21      namespace: crossplane-system
22      name: secret-azure
23      key: configs
24---
25apiVersion: v1
26kind: Secret
27metadata:
28  name: secret-azure
29  namespace: skycluster
30type: Opaque
31data:
32  configs: $cont_enc
33EOF

Openstack Configuration#

If you have on-premises infrastructure managed by Openstack you can follow the steps below:

export AUTH_URL="url"
export USERNAME="username"
export PASSWORD="pass"
export TENANT_NAME="project-name"
export REGION="region"
export USER_DOMAIN_NAME="Default"
export PROJECT_DOMAIN_NAME="Default"

Then execute the command below to configure your Openstack provider:

curl -s https://skycluster.io/configs/openstack-cfg.sh | bash

Alternatively, you can run the following script:

openstack-setup.sh

 1#!/bin/bash
 2
 3# Check if any of these variables are not set, if so exist
 4if [[ -z $AUTH_URL || -z $USERNAME || -z $PASSWORD || -z $TENANT_NAME || \
 5  -z $REGION || -z $USER_DOMAIN_NAME || -z $PROJECT_DOMAIN_NAME ]]; then
 6  echo "One or more required variables are not set."
 7  exit 1
 8fi
 9
10cat <<EOF | kubectl apply -f -
11apiVersion: openstack.crossplane.io/v1beta1
12kind: ProviderConfig
13metadata:
14  name: provider-cfg-os-${REGION}
15  labels:
16    skycluster.io/managed-by: skycluster
17spec:
18  credentials:
19    source: Secret
20    secretRef:
21      name: secret-os-${REGION}
22      namespace: crossplane-system
23      key: configs
24---
25apiVersion: v1
26kind: Secret
27metadata:
28  name: secret-os-${REGION}
29  namespace: crossplane-system
30type: Opaque
31stringData:
32  configs: |
33    {
34      "auth_url": $AUTH_URL,
35      "user_name": $USERNAME,
36      "password": $PASSWORD,
37      "tenant_name": $TENANT_NAME,
38      "region": $REGION,
39      "user_domain_name": $USER_DOMAIN_NAME,
40      "project_domain_name": $PROJECT_DOMAIN_NAME
41    }
42EOF

Repeat the steps for each additional openstack provider you want to configure.

SAVI Testbed Configuration#

We offer computing resources for academic research through the SAVI Testbed, a distributed computing infrastructure built on the OpenStack framework. To request access, please contact us. Once granted access, use your USERNAME and PASSWORD and follow the steps below to configure the SAVI Testbed provider. You can choose from the following available regions: SCINET, VAUGHAN, BAHEN.

export AUTH_URL="http://iamv3.savitestbed.ca:5000/v3"
export USERNAME="USERNAME"
export PASSWORD="PASSWORD"
export TENANT_NAME="skycluster"
export REGION="SCINET|VAUGHAN|BAHEN"
export USER_DOMAIN_NAME="Default"
export PROJECT_DOMAIN_NAME="Default"

Then execute the command below to configure the provider:

curl -s https://skycluster.io/configs/openstack-cfg.sh | bash

Repeat the steps for each additional regions you want to configure.