Connect your OpenShift clusters to DESK

To connect your OpenShift clusters to DESK, follow the instructions provided below.

Set up OpenShift integration

1. Install an ActiveGate

Connecting your OpenShift clusters to DESK to take advantage of the dedicated Kubernetes/OpenShift overview page requires that you run an ActiveGate in your environment (version 1.163+).

2. Create a Bearer token for authenticating against the Kubernetes API

Create a namespace if one doesn't already exist.

$ oc adm new-project --node-selector="" desk

Create a service account and cluster role for accessing the Kubernetes API with the following snippet.

kubernetes-monitoring-service-account.yaml

Download

apiVersion: v1
kind: ServiceAccount
metadata:
  name: desk-monitoring
  namespace: desk
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: desk-monitoring-cluster
rules:
- apiGroups:
  - ""
  resources:
  - nodes
  - pods
  verbs:
  - list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: desk-monitoring-cluster
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: desk-monitoring-cluster
subjects:
- kind: ServiceAccount
  name: desk-monitoring
  namespace: desk

$ oc apply -f kubernetes-monitoring-service-account.yaml

Get the Kubernetes API URL for later use.

$ oc config view --minify -o jsonpath='{.clusters[0].cluster.server}'

Get the Bearer token for later use.

OpenShift 3.x OpenShift 4.x

$ oc get secret $(oc get sa desk-monitoring -o jsonpath='{.secrets[0].name}' -n desk) -o jsonpath='{.data.token}' -n desk | base64 --decode

$ oc get secret $(oc get sa desk-monitoring -o jsonpath='{.secrets[1].name}' -n desk) -o jsonpath='{.data.token}' -n desk | base64 --decode

3. Connect your OpenShift cluster through the DESK settings

You'll need the Bearer token and the Kubernetes API URL mentioned above to set up the connection to the Kubernetes API.

Go to Settings > Cloud and virtualization > Kubernetes.
Click Connect new cluster.
Provide a Name, Kubernetes API URL, and the Bearer token for the OpenShift cluster.

Configure ActiveGate

If your environment uses proxies or self-signed certificates, you need to adapt your ActiveGate configuration as explained on the ActiveGate configuration page.

Monitor large OpenShift environments

Please contact us if you want to monitor environments larger than:

50 OpenShift clusters per DESK environment
500 nodes per OpenShift cluster
50,000 pods per OpenShift cluster

Troubleshooting

The connection between DESK and your OpenShift cluster may fail due to various connectivity issues. Please review the following guidelines for errors that may occur.

There was an error with the TLS handshake

The certificate for the communication is invalid or expired. If you're using a self-signed certificate, check the mitigation procedures for the ActiveGate.

There was a communication error when trying to connect to {url}

Check if you entered the correct endpoint URL, double-check the port used and make sure the ActiveGate can reach and connect to the endpoint.

Invalid bearer token

The bearer token is invalid and the request has been rejected by the Kubernetes API. Verify the bearer token. Make sure it doesn't contain any whitespaces. If you're connecting to a Kubernetes cluster API via a centralized external role-based access control (RBAC) consult the documentation of the Kubernetes cluster manager. For Rancher follow these guidelines.

Could not check credentials. Process is started by other user

There is already a request pending for this integration with an ActiveGate. Wait for a couple minutes and check back.