Skip to content

Gathering Hosting Provider Credentials

In order for kubegrid to set up a cluster with your hosting provider, you need to provide credentials. This page will show you how to generate these credentials, as of May 10 2019.

Amazon Web Services

For AWS, kubegrid requires an API Key and API Key Secret. Here are the steps to generate these. For up-to-date information, see the Amazon Documentation on IAM Users.

  1. Sign in to AWS through the AWS Console.
  2. From the Services menu, select IAM (Identity and Access Management).
    alt text
  3. From the left menu, select Users.
    alt text
  4. Select Add user.
    alt text
  5. Give the user a name, select the checkbox for Programmatic access (no need for console access), and click Next: Permissions.
    alt text
  6. kubegrid will need access to EC2 and VPC. You'll need to create a group that has these permissions. alt text
  7. From the list of policies, select AmazonEC2FullAccess and AmazonVPCFullAccess, then click Create group.
  8. Select the group you just created, and click Next: Tags.
    alt text
  9. No tags are required. Add any if you'd like, then click Next: Review.
  10. Review the information, then click Create user.
    alt text
  11. Make note of the Access Key ID. Click Show for the Secret Access Key, and make note of this as well. These are the two values that you will need to provide to kubegrid in order to create your cluster. You may optionally download the .csv file containing these credentials. If you leave this page without noting the Secret Access Key or downloading the .csv file, you will not be able to see the Secret Access Key later and will have to generate a new user.
    alt text

Azure

For Azure, the credentials that kubegrid needs are: Client ID, Client secret, Tenant ID, and Subscription ID. For up-to-date information, see the Azure Documentation for creating an Active Directory application and service principal.

  1. Sign in to Azure via the Azure Portal.
  2. Select Azure Active Directory from the left menu.
    alt text
  3. Select App Registrations.
    alt text
  4. Select New registration.
    alt text
  5. Assign a name. You can leave the default of Accounts in this organizational directory only for accounts, and leave the Redirect URI blank. Then click Register.
    alt text
  6. The Client ID and Tenant ID will be shown. Make note of these values. alt text
  7. Click Certificates & secrets in the middle menu, then New client secret.
    alt text
  8. Give the secret a description and expiration date. When your secret expires, you'll need to create new credentials and then update the credentials on kubegrid.
    alt text
  9. Note the value shown.
    alt text
  10. From the left menu, click All services. Then search for Subscriptions and select it.
    alt text
  11. You may add a subscription if you'd like. Then, click on the subscription row.
    alt text
  12. Make note of the Subscription ID.
    alt text
  13. Click Access control (IAM).
    alt text
  14. Click Add, then Add role assignment.
    alt text
  15. On the right-hand side of the screen, a pane will open titled Add role assignment. Select the Contributor role. In the Select box, type the name that you assigned in step 5 during the app registration process. Then click Save at the bottom.
    alt text

Digital Ocean

To work with Digital Ocean, kubegrid requires a Personal access token. See Digital Ocean's Documentation on How to Create a Personal Access Token.

  1. Sign in to Digital Ocean.
  2. Select API from the left menu.
    alt text
  3. Under Tokens/Keys, select Generate New Token.
    alt text
  4. Give the token a name. Ensure write scope is enabled, then click Generate Token. alt text
  5. You will be shown the token, a long string of letters and numbers. Make note of this, as you will not be able to retrieve it later. alt text

Google Cloud Platform

To work with Google Cloud Platform, kubegrid requires a Project ID and Google credential json. For up-to-date information, see the GCP Documentation for obtaining and providing service account crednetials manually. In addition to providing credentials, you also need to enable the Compute Engine API.

Generate Credentials

  1. Sign in to the GCP Console.
  2. From the left menu, select IAM & admin, then Service accounts.
    alt text
  3. Select Create Service Account.
    alt text
  4. Give the account a name and a description (the service account ID will be auto-generated). Then click Create.
    alt text
  5. In the Select a role drop-down, select Project then Editor.
    alt text
  6. Click Continue.
  7. You can leave the fields under Grant users access to this service account (optional) blank.
  8. Click Create Key.
    alt text
  9. Leave the default selection of JSON, then click Create.
    alt text
  10. A file should be created and downloaded. If you open up this file, you'll see a field project_id. Use this as the Project ID in kubegrid. The Google credential json in kubegrid is the whole contents of this file.
    alt text

Set up GCP to Enable Remote Management

  1. Select APIs & Services then Library from the top-left menu.
    alt text
  2. Search for Compute Engine API.
  3. Select it from the results.
    alt text
  4. Click Enable.
    alt text
  5. If prompted, select Enable billing.
    alt text
  6. The API will be enabled, and you're ready to use kubegrid with GCP!

Linode

To work with Linode, kubegrid requires an API Token. For additional information, see Linode's documentation.

  1. Sign in to the Linode dashboard.
  2. Select My Profile.
    alt text
  3. Select the API Tokens tab.
    alt text
  4. Select Add a Personal Access Token, and create a token with at least Read access to Account, Read access to IP, Read access to Events, and Read/Write access to Linodes.
    alt text
  5. You will be shown the token, a long string of letters and numbers. Make note of this, as you will not be able to retrieve it later.