Turbonomic

 View Only

IBM Turbonomic - Kubeturbo agent and how it works in a Kubernetes and Red Hat® OpenShift® cluster

By Jason Shaw posted Mon March 25, 2024 09:37 PM

  

How does the IBM Turbonomic Kubeturbo Agent work and what data does it create and discover in a Kubernetes and Red Hat OpenShift cluster?

 

If you didn't know that IBM Turbonomic can help to optimize your Kubernetes and Red Hat OpenShift cluster resources and workloads, see my previous blog here: https://community.ibm.com/community/user/aiops/blogs/jason-shaw/2024/02/05/ibm-turbonomic-containers

 

The first step in optimizing your Kubernetes and Red Hat OpenShift clusters and workloads is by having an IBM Turbonomic instance available that the Kubeturbo agent can communicate with over port https 443. 

 

Once that communication is confirmed the next step is to deploy the Kubeturbo agent into each cluster.

 

What type of communication does Kubeturbo use to communicate with the Turbonomic server?

 

Kubeturbo uses https port 443 to communicate and establish a connection with the Turbonomic server.  Further to that it uses the WebSocket Secure or WSS protocol over https using TLS 1.2+

WebSockets are a protocol that establishes a full-duplex communication channel over a single TCP connection. This allows real-time data exchange between a client and a server without repeatedly closing and reopening connections.  The protocol begins with a handshake phase that utilizes the HTTP upgrade system to switch from an initial HTTP connection to a WebSocket connection. Once established, this persistent connection enables data to flow freely in both directions, significantly reducing latency and overhead compared to traditional HTTP requests.

 

What access does Kubeturbo have to my cluster resources?

 

We follow the principle of least privilege but give you 3 options from read-only to full cluster admin based on the actions you want to execute in your environment to increase the value and ROI you want to receive from Turbonomic.

 

We have the least privilege custom "turbo-cluster-reader" role. 

 

We have the least privilege custom "turbo-cluster-admin" role. 

 

We also have the option of using the built-in "cluster-admin" role.

  • This is using the built-in role with full elevated permissions in the cluster for discovery and making changes to the resources in your cluster without the need of using a custom role.
  • This will create the required service account and cluster role binging only as the built-in role already exists in the cluster.

 

What resources are created in your cluster by the Kubeturbo agent?

 

When you deploy Kubeturbo for the first time the following resources are created in your cluster depending on the deployment method and configuration used:

  • namespace/turbo
  • serviceaccount/turbo-user
  • serviceaccount/kubeturbo-operator (if deploying via operator)
  • serviceaccount/kubeturbo-scc (for each SCC required)
  • clusterrole/turbo-cluster-reader (if using turbo-cluster-reader role above)
  • clusterrole/turbo-cluster-admin (if using turbo-cluster-admin role above)
  • clusterrole/kubeturbo-scc (for each SCC required)
  • clusterrole/kubeturbo-operator (if deploying via operator)
  • clusterrolebinding/turbo-all-binding-kubeturbo-turbo
  • clusterrolebinding/kubeturbo-scc (for each SCC required)
  • clusterrolebinding/kubeturbo-operator (if deploying via operator)
  • configmap/turbo-config (starts with turbo-config, will be specific to your deployment type)
  • customresourcedefinition/Kubeturbo (if deploying via operator)
  • customresource/kubeturbo-release (if deploying via operator)
  • deployment/kubeturbo-operator (if deploying via operator method)
  • deployment/kubeturbo-release (if deploying via operator method)
  • deployment/kubeturbo (if deploying via YAML or HELM methods)
  • secret/turbonomic-credentials (if using a secret to store credentials)

 

Where can I find more information on Kubeturbo?

 

See our official IBM Turbonomic documentation here: https://www.ibm.com/docs/en/tarm/latest?topic=configuration-container-platform-targets that has details on how to deploy Kubeturbo in your Kubernetes and Red Hat OpenShift cluster.

As always, see our IBM Turbonomic product page for more information and to get started on your Kubernetes and Red Hat OpenShift optimization journey: https://www.ibm.com/products/turbonomic

 

________________

Jason Shaw

Product Manager

IBM Turbonomic

https://www.linkedin.com/in/shawsers

1 comment
73 views

Permalink

Comments

Tue March 26, 2024 10:27 AM

Please feel free to add you questions/comments to this blog!