Runtime Provisioner

Overview

The Runtime Provisioner is a Kyma Control Plane component responsible for provisioning, installing, and deprovisioning clusters with Kyma (Kyma Runtimes). The relationship between clusters and Runtimes is 1:1. The Runtime Provisioner is registered in Compass in the Director as an Integration System.

It allows you to provision the clusters in the following ways:

During the operation of provisioning, you can pass a list of Kyma components you want installed on the provisioned Runtime with their custom configuration, as well as a custom Runtime configuration. To install a customized version of a given component, you can also provide an external URL as the installation source for the component. See the provisioning tutorial for more details.

Note that the operations of provisioning and deprovisioning are asynchronous. The operation of provisioning returns the Runtime Operation Status containing the Runtime ID and the operation ID. The operation of deprovisioning returns the operation ID. You can use the operation ID to check the Runtime Operation Status and the Runtime ID to check the Runtime Status.

The Runtime Provisioner exposes an API to manage cluster provisioning, installation, and deprovisioning.

Find the specification of the API here.

To access the Runtime Provisioner, forward the port that the GraphQL Server is listening on:

Click to copy
kubectl -n kcp-system port-forward svc/kcp-provisioner 3000:3000

When making a call to the Runtime Provisioner, make sure to attach a tenant header to the request.

Configuration

Provisioner chart

To configure the Runtime Provisioner chart, override the default values of its values.yaml file. This document describes the parameters that you can configure.

TIP: To learn more about how to use overrides in Kyma, see Helm overrides for Kyma installation.

Configurable parameters

This table lists the configurable parameters, their descriptions, and default values:

ParameterDescriptionDefault value
gardener.projectName of the Gardener project connected to the service account-
gardener.kubeconfigBase64-encoded Gardener service account key-
gardener.auditLogsPolicyConfigMapName of the Config Map containing the audit logs policy-
installation.timeoutKyma installation timeout30m

Tutorials

Provision clusters through Gardener

This tutorial shows how to provision clusters with Kyma Runtimes on Google Cloud Platform (GCP), Microsoft Azure, and Amazon Web Services (AWS) using Gardener.

Prerequisites

  • GCP
  • Azure
  • AWS

NOTE: To access the Runtime Provisioner, forward the port on which the GraphQL server is listening.

Steps

  • GCP
  • Azure
  • AWS

The operation of provisioning is asynchronous. The operation of provisioning returns the Runtime Operation Status containing the Runtime ID (provisionRuntime.runtimeID) and the operation ID (provisionRuntime.id). Use the Runtime ID to check the Runtime Status. Use the provisioning operation ID to check the Runtime Operation Status and verify that the provisioning was successful.

NOTE: To see how to provide the labels, see this document. To see an example of label usage, go here.

Check Runtime Operation Status

This tutorial shows how to check the Runtime operation status for the operations of Runtime provisioning and deprovisioning.

Steps

NOTE: To access the Runtime Provisioner, forward the port on which the GraphQL server is listening.

Make a call to the Runtime Provisioner with a tenant header to verify that provisioning/deprovisioning succeeded. Pass the ID of the operation as id.

Click to copy
query {
runtimeOperationStatus(id: "e9c9ed2d-2a3c-4802-a9b9-16d599dafd25") {
operation
state
message
runtimeID
}
}

A successful call returns a response which includes the status of the (de)provisioning operation (state) and the id of the (de)provisioned Runtime (runtimeID):

Click to copy
{
"data": {
"runtimeOperationStatus": {
"operation": "{"Provision"|"Deprovision"}",
"state": "Succeeded",
"message": "Operation succeeded.",
"runtimeID": "309051b6-0bac-44c8-8bae-3fc59c12bb5c"
}
}
}

The Succeeded status means that the provisioning/deprovisioning was successful and the cluster was created/deleted.

If you get the InProgress status, it means that the (de)provisioning has not yet finished. In that case, wait a few moments and check the status again.

Check Runtime Status

This tutorial shows how to check the Runtime status.

Steps

NOTE: To access the Runtime Provisioner, forward the port on which the GraphQL server is listening.

Make a call to the Runtime Provisioner with a tenant header to check the Runtime status. Pass the Runtime ID as id.

Click to copy
query { runtimeStatus(id: "{RUNTIME_ID}") {
lastOperationStatus {
id operation state message runtimeID
}
runtimeConnectionStatus {
status errors {
message
}
}
runtimeConfiguration {
clusterConfig {
name
workerCidr
region
diskType
maxSurge
volumeSizeGB
machineType
targetSecret
autoScalerMin
autoScalerMax
provider
maxUnavailable
kubernetesVersion
}
kymaConfig {
version
components {
component
namespace
configuration {
key
value
secret
}
sourceURL
}
configuration {
key
value
secret
}
}
kubeconfig
}
}
}

An example response for a successful request looks like this:

Click to copy
{
"data": {
"runtimeStatus": {
"lastOperationStatus": {
"id": "20ed1cfb-7407-4ec5-89af-c550eb0fce49",
"operation": "Provision",
"state": "Succeeded",
"message": "Operation succeeded.",
"runtimeID": "b70accda-4008-466c-96ec-9b42c2cfd264"
},
"runtimeConnectionStatus": {
"status": "Pending",
"errors": null
},
"runtimeConfiguration": {
"clusterConfig": {CLUSTER_CONFIG},
"kymaConfig": {
"version": "1.12.0",
"components": [{COMPONENTS_LIST}]
},
"kubeconfig": {KUBECONFIG}
}
}
}
}

Deprovision clusters

This tutorial shows how to deprovision clusters with Kyma Runtimes.

Steps

NOTE: To access the Runtime Provisioner, forward the port on which the GraphQL server is listening.

To deprovision a Runtime, make a call to the Runtime Provisioner with a tenant header using a mutation like this:

Click to copy
mutation { deprovisionRuntime(id: "61d1841b-ccb5-44ed-a9ec-45f70cd1b0d3") }

A successful call returns the ID of the deprovisioning operation:

Click to copy
{
"data": {
"deprovisionRuntime": "c7e6727f-16b5-4748-ac95-197d8f79d094"
}
}

The operation of deprovisioning is asynchronous. Use the deprovisioning operation ID (deprovisionRuntime) to check the Runtime Operation Status and verify that the deprovisioning was successful. Use the Runtime ID (id) to check the Runtime Status.

Upgrade shoots

This tutorial shows how to upgrade Gardener Shoot clusters for Kyma Runtimes.

Steps

NOTE: To access the Runtime Provisioner, forward the port on which the GraphQL server is listening.

To upgrade a Gardener Shoot cluster used to host the Runtime of a given ID, make a call to the Runtime Provisioner with a tenant header using a mutation like this:

Click to copy
mutation {
upgradeShoot(
id: "61d1841b-ccb5-44ed-a9ec-45f70cd1b0d3"
config: {
gardenerConfig: {
kubernetesVersion: "1.15.11"
volumeSizeGB: 35
machineType: "Standard_D2_v3"
diskType: "pd-standard"
purpose: "testing"
autoScalerMin: 2
autoScalerMax: 4
maxSurge: 4
maxUnavailable: 1
enableKubernetesVersionAutoUpdate: false
enableMachineImageVersionAutoUpdate: false
providerSpecificConfig: {
azureConfig: {
zones: ["1", "2"]
}
}
}
}
) {
id
operation
state
message
}
}

All the gardenerConfig fields are optional here. If you don't include them, their values remain the same as before the upgrade.

A successful call returns the ID of the upgrade operation:

Click to copy
{
"data": {
"upgradeShoot": "c7e6727f-16b5-4748-ac95-197d8f79d094"
}
}

The upgrade operation is asynchronous. Use the upgrade operation ID (upgradeShoot) to check the Runtime operation status and verify that the upgrade was successful. Use the Runtime ID (id) to check the Runtime status.