Accessing the Cluster#
Constructing the kubeconfig file#
Once a cluster has been installed with Cluster Forge, the kubeconfig file required to access the cluster can be accessed from the Cluster Details page by clicking the “View Config” button on the application. If the “View Config” button is disabled, it is likely because the Kube-api URL has not been configured for the cluster. This can be done by clicking the “Edit cluster” action for the cluster, in the Clusters page.
Save the file at a secure location on your local machine, for example as ~/.kube/config.
Logging in via kubectl#
Once you have created the kubeconfig file, install the oidc plugin (int128/kubelogin) to ensure that kubectl can use the OIDC authentication method. Once you’ve done this, you can use kubectl, k9s, or any other command line client to access the cluster.
If you are restricted to one or more namespaces, please make sure to include the namespace you have access to in your commands, for example:
kubectl get pods -n <namespace>
Adding Additional Permissions#
When you install the AMD Resource Manager, it is pre-configured with some permissions for both Team Members and Platform Administrators. Team Member’s permissions are restricted to the namespaces corresponding to the projects they are members of, and Platform Administrator’s permissions are cluster-wide.
If you would like to customize the permissions for either the Team Member or Platform Administrator, you can do so by customizing the helm parameters airm.additionalClusterRoles.platformAdmin and airm.additionalClusterRoles.projectMember in the agent chart.
If the AMD Resource Manager was installed as part of the Enterprise AI suite installation, the helm parameters are likely configured and managed via Gitea, which is pre-installed with the Enterprise AI suite and usually accessible at https://gitea.<domain provided during installation>/cluster-org/cluster-values/src/branch/main/values.yaml.
The credentials for Gitea should be provided to you by AMD’s customer success team during installation.
Navigate to the section apps.airm.helmParameters in the file and add the relevant permissions as an array, for example:
Platform Administrator (here we configure multiple permissions)
- name: agent.airm.additionalClusterRoles.platformAdmin[0].apiGroups[0]
value: "gateway.networking.k8s.io"
- name: agent.airm.additionalClusterRoles.platformAdmin[0].resources[0]
value: "gateways"
- name: agent.airm.additionalClusterRoles.platformAdmin[0].verbs
value: "{get,list,watch}"
Team Member (here we configure all permissions as though it was a single permission)
- name: agent.airm.additionalClusterRoles.projectMember[0].apiGroups[0]
value: "gateway.networking.k8s.io"
- name: agent.airm.additionalClusterRoles.projectMember[0].resources[0]
value: "gateways"
- name: agent.airm.additionalClusterRoles.projectMember[0].verbs[0]
value: "*"