Custom Blueprint

Customers can create and manage "Custom Cluster Blueprints" by adding "addons" to the default cluster blueprints. It is important to emphasize that this "builds on" and "extends" the "Default Cluster Blueprints" and does not replace it.

Scoping¶

Other than the default cluster blueprint which is common across all projects, all custom blueprints are scoped to a Project. This isolation boundary guarantees that there is no accidental spillover or leakage.

RBAC¶

The lifecycle of cluster blueprints is managed by users with an "infrastructure administrator" role in the Org.

Step 1: Create Custom Blueprint¶

As an Admin in the Web Console,

• Navigate to the Project
• Click on Blueprints under Infrastructure
• Click on New blueprint
• Provide a name and description

All custom cluster blueprints are version controlled so that the lifecycle can be properly managed. In this example, the admin has not yet configured anything yet. So, no versions are available yet.

Step 2: New Version¶

• Click on New Version and use the wizard to provide details
• Provide a version number/name
• Select PSPs and scoping (cluster or namespace)
• Select custom addons and identity version of the addon
• Optionally disable addons from the default blueprint (i.e. Ingress Controller)
• Save

In the example below, we have created a custom blueprint called "production" with Kubeless as the custom addon.

View Versions¶

The entire history of blueprint versions are maintained on the Controller. Admins can view details about the versions of cluster blueprints.

Filter Clusters by Blueprint¶

Infrastructure admins can "filter" clusters by blueprint name using the Web Console to efficiently manage a fleet of clusters. An illustrative example is shown below.

View All Cluster Blueprints¶

Admins can view all custom cluster blueprints

• Navigate to the Project
• Click on Blueprints under Infrastructure.

This will display both the "default cluster blueprint" as well as any cluster blueprints that have been created. An illustrative example is shown below.

Apply Custom Blueprint¶

Once a custom cluster blueprint has been created and published, it can be used for both during initial provisioning of clusters or can be applied to existing clusters.

New Clusters¶

While creating a new cluster, select the "custom blueprint" from the dropdown. An illustrative example is shown below

Existing Clusters¶

• Click on options (gear icon on far right) for an existing cluster.
• Select "Update Blueprint" from the options
• Select the "blueprint" and "version" from the dropdown.
• Click on Save and Publish

This will start the update of the cluster blueprint on the target cluster. Once all the required resources are operational on the cluster, the blueprint update/sync will be complete.

Status and Debug¶

In addition to using the Zero Trust KubeCTL channel for debug and diagnostics, admins can also use the built in status details if issues are encountered during a blueprint sync process with a cluster.

In the Blueprint Sync Status field on the cluster, click on the Status link. This will provide detailed status by component in the blueprint.

An illustrative example is shown below

Addon Dependency¶

In some scenarios, there are requirements that certain components (addons) needs to be installed first before installing the rest of the components (addons).

To achieve this, when creating the blueprint version, we will define this dependency. In the below example, we will cert-manager will be installed first before installing vault as vault uses cert-manager to create the certificate for Ingress.

• Navigate to the Project
• Click on Blueprints under Infrastructure
• Click on New blueprint
• Provide a name and description
• Click Create
• Click on New Version and use the wizard to provide details
• Provide a version number/name
• Select PSPs and scoping (cluster or namespace)
• Under Addons Select cert-manager and it's version.
• Select "ADD MORE" and then select Vault addon from the dropdown and it's version.
• Select "ADD DEPENDENCY" under Vault addon and select "cert-manager"
• Click "Save Changes"