Turbonomic Server Credentials - turbonomic/kubeturbo GitHub Wiki

Turbonomic Server Credentials

Username & Password Requirements (for all deployments not using the Turbonomic SaaS/Secure Client (TSC))

  • NOTE: If using the Turbonomic SaaS/Secure Client (TSC) you do NOT need to use or create any Turbonomic server side credentials. This is one of the advantages of using the TSC as it uses a secure token instead of credentials to communicate with the Turbonomic server.

If you are using the TSC you can skip this entire page as none of it applies and you do not need to specify any credentials in the Kubeturbo deployment

  • Kubeturbo Requires a local Turbonomic Server user account created (SSO users not supported) with a role of Site Administrator or Administrator. The reason for this is that it will automatically add itself as a Cloud Native target in the Turbonomic UI.
  • If your Turbonomic Server is configured to manage users via AD (LDAP), the <Turbo_username> value can be either a local or AD user. For AD user, the format will be “//” – both “/” are required.
  • Running SaaS or SSO or using Multi-Factor Authentication (MFA)? The Turbonomic Server user must be local user type (not an SSO user).
  • In the configMap resource the password value is in a plain text string, and special characters should be escaped. Consider using a Kubernetes Secret to avoid having your password in plain text.
  • Improved support for password special characters is in v8.3.2+
  • Recommended to use a Kubernetes secret to store these credentials in each cluster your going to deploy kubeturbo into, details here for reference.

YAML Based Deployment

Before starting this section make sure you have followed all of the steps above to create the credentials in the Turbonomic Server first.

Kubeturbo requires credentials in the Turbonomic Server and configured in the configMap before you can successfully deploy kubeturbo in your environment.

YAML example using a kubernetes secret (preferred):

  • You only need to update the secretName parameter with the secret you created that contains the Turbonomic Server credentials for kubeturbo if you do NOT use the default secret named turbonomic-credentials, example below.
      - name: turbonomic-credentials-volume
        secret:
          defaultMode: 420
          optional: true
          # Update secret name if needed
          secretName: my-custom-turbonomic-secret

YAML example using plaintext username and password in the configMap (not preferred):

  • Step 1: You need to update the version parameter with the first 2 values of the Turbonomic Server version (for example: 8.9.5 would be just 8.9).
  • Step 2: You need to update the turboServer parameter with the Turbonomic Server URL or IP address (the Container Cluster you are deploying kubeturbo into must be able to resolve the URL or IP address you are specifying).
  • Step 3: You need to update the opsManagerUserName and opsManagerPassword parameters with your Turbonomic Server credentials you created for kubeturbo to use.
  • Step 4: You need to update the targetName parameter with the Container Cluster name that you want to be shown in the Turbonomic Server UI and Target page (If you don't change this value your cluster name will show as what ever value is listed).
  turbo.config: |-
    {
        "communicationConfig": {
            "serverMeta": {
                "version": "8.10",
                "turboServer": "https://YOUR_TURBO_URL"
            },
            "restAPIConfig": {
                "opsManagerUserName": "YOUR_TURBOSERVER_USERNAME_plaintext",
                "opsManagerPassword": "YOUR_TURBOSERVER_PW_plaintext"
            },
        },
        "targetConfig": {
            "targetName": "YOUR_CLUSTER_NAME"
        },

Operator and OperatorHub Based Deployment

Before starting this section make sure you have followed all of the steps above to create the credentials in the Turbonomic Server.

Option 1: Use Kubernetes Secret

The Turbonomic Server credentials can be stored in a Kubernetes Secret.

  • Use the YAML steps here to create a secret via yaml.

  • Use the OpenShift Console steps here to create a secret via OpenShift Console

Optional Configuration:

This step is only needed if you used a custom secret name, and did NOT create a secret named: turbonomic-credentials. You will need to define the custom secret name to use in the kubeturbo Custom Resource. In the spec: section of the kubeturbo CR yaml under the restAPIConfig section add the key turbonomicCredentialsSecretName: and value will be the customized name you gave to the secret.

spec:
  restAPIConfig:
    turbonomicCredentialsSecretName: MY_CUSTOM_SECRET_NAME
  1. Complete the rest of your kubeturbo yaml required for your deployment.

Option 2: Use Plain text username and password

For this method you will supply the username and password credentials in plain text in the Kubeturbo Custom Resource.

  1. In the spec: section of the kubeturbo CR yaml under the restAPIConfig section add the key opsManagerPassword: and opsManagerUsername: and values will be the Turbonomic Server username and password you created to complete the key/value pair required.
spec:
  restAPIConfig:
    opsManagerPassword: MY_TURBOSERVER_USER
    opsManagerUserName: MY_TURBOSERVER_PW
  1. Complete the rest of your kubeturbo yaml required for your deployment.

HELM Based Deployment

Before starting this section make sure you have followed all of the steps above to create the credentials in the Turbonomic Server.

Option 1: Use Kubernetes Secret in helm:

  • Define the username and password credentials in an opaque type k8s secret. Steps are documented here

Option 2: Use Plain text username and password in helm:

  • Define the username and password credentials in a ConfigMap using parameters passed in the helm install command. Steps are documented here