Taikun Documentation
Cloud Credentials

Manager | Partner

Before you can create your own project, you have to add a cloud. Now you can choose from OpenStack, AWS, Microfost Azure, Google Cloud Platform, VMWare Tanzu, or Proxmox.

Use the   button to Add Cloud Credentials. Choose which Cloud you want to add and fill in the required data. After you add new Cloud Credentials, you can use the Cloud as storage for your new projects.

OpenStack

Requirements for Openstack

🔥
Warning

A Taikun image must already exist in the OpenStack Cloud. Requirement is an Ubuntu 20 image, we recommend using the most recent kernel (e.g. a base Ubuntu image with hwe kernel available here: https://repo.itera.io/repository/images/taikun-image.qcow2)

To use an image in Taikun you have to use the tags “taikun” and “ubuntu{number}”. By default Taikun takes an image with the latest {number}.

Command to add an image to OpenStack:
openstack image create –disk-format qcow2 –container-format bare –public –tag taikun –tag ubuntu20.04 –property hw_disk_bus=scsi –property hw_scsi_model=virtio-scsi taikun-focal-image –file taikun-image.qcow2

Recommendation

The load-balancer member role is required to deploy and manage Kubernetes and load balancer in OpenStack because it grants users the necessary access, permissions, and capabilities to manage and configure the load balancer service. It allows users to register and manage backend servers, configure health monitoring, scale the application infrastructure, and handle configuration settings and monitoring. Overall, the load-balancer member role ensures that users have the appropriate privileges to effectively deploy and manage load balancers within the OpenStack cloud environment.

Adding your OpenStack Cloud credentials:

  1. Switch to Cloud credentials in Taikun 

  2. Hit Add Cloud Credentials in the top-right corner

  3. Specify the following parameters in the OpenStack section:

    • Cloud Name – choose a name for your Cloud Credentials (3-30 characters, e.g. cloud-test)
    • User – your user name to OpenStack (e.g. user)
    • Password – your password to OpenStack (e.g. 123abc)
    • URL – Endpoint-Identity (e.g. https://cloud.mycloud.com:32132)
    • Domain – insert domain name (e.g. default)
    • Project – select Project if there are multiple options (e.g. my-cloud-project)
    • Region – select Region if there are multiple options (e.g. RegionOne)
    • Public Network – choose a network, if available (e.g. public2)
    • Optional:
      • Specify Availability Zone
      • Volume Types 
      • Enable Import Network

🔥
Warning

If you choose to import your network, DNS created in Access Profiles will be ignored.

Enable Import Network
🔥
Warning

If entered Credentials are invalid, you will be notified that Cloud cannot be connected.

Where to find the OpenStack credentials

As you should know your username and password, the other data from OpenStack will be added to Taikun automatically after filling in the URL.

To find the URL:  

  1. Log into your OpenStack account 
  2. Locate the Project – API Access section in the left-hand navigation panel
  3. Find the Identity row and copy its Service Endpoint 

Admin credentials

In OpenStack, “admin credentials” refer to the authentication credentials of a user account with administrative privileges. These credentials are typically used to access and manage the cloud infrastructure at the highest level, granting the user extensive control and authority over the resources and services within the cloud environment. Regular users within the cloud typically have limited permissions and access compared to administrators.
Admin credentials are essential for performing administrative tasks and managing various aspects of the OpenStack deployment.

Amazon Web Services (AWS)

Adding your Amazon Web Services (AWS) Cloud credentials

  1. Switch to Cloud credentials in Taikun 

  2. Hit Add Cloud Credentials in the top-right corner

  3. Specify the necessary parameters in the Amazon Web Services section:

    • Cloud Name – choose a name for your Cloud Credentials (3-30 characters, e.g. cloud-test)
    • Access Key ID, Secret Access Key – input your AWS credentials
    • Region – choose a suitable region
    • Availability Zone – choose availability for a region 

Where to find the Amazon Web Services (AWS) security credentials

  1. Log into your AWS account
  2. Click on your profile name in the top-right corner and access the Security credentials section
  1. Here you can create a new Access key along with a Secret key in the Access key ID and secret access section
    • Alternatively, you can use your previous combination (as long as you have your Secret key)

Additional AWS documentation

Microsoft Azure

Before adding the Azure account, you need to create an application registration with commands. (source)

ℹ️
Info

The provided instructions are specific to Linux. It might look different with another Operating System.

1) If you haven’t installed Azure CLI, you can do it with the following command:

sudo apt install azure-cli -y

2) Login

sudo apt-get install azure-cli

You will be redirected to an Azure page where you can choose your account:

Web login

CLI output will be similar to this: 

[
  {
    "cloudName": "AzureCloud",
    "id": "c0xxxxa5-xxx-4ecb-xxxx-f37bxxxx28d6",
    "isDefault": true,
    "name": "Bezplatná zkušební verze",
    "state": "Enabled",
    "tenantId": "32xxxxb3-xxx-46b3-xxxx-0exxxxc46d1",
    "user": {
      "name": "[email protected]",
      "type": "user"
    }
  }
]

You’ll need to fetch Azure Subscription ID (“id”) and Azure Tenant ID (“tenantID”) fields from the output. Here’s what we would use in our test instance:

"id": "c0xxxxa5-xxx-4ecb-xxxx-f37bxxxx28d6”

"tenantId": "32xxxxb3-xxx-46b3-xxxx-0exxxxc46d1"

3) Create a new Azure App with the following command: 

az ad app create --display-name kubernetes --identifier-uris http://kubernetes --homepage http://example.com --password CLIENT_SECRET

You’ll need to use your Client Secret in this command which can be deleted later (e.g. “Ue9)Qj^V\~UYES3(C”)

CLI output will look like this: 

{
  "acceptMappedClaims": null,
  "addIns": [],
  "allowGuestsSignIn": null,
  "allowPassthroughUsers": null,
! "appId": "7bxxxxc3-xxxx-4d74-xxxx-8c40xxxb558", !
  "appLogoUrl": null,
  "appPermissions": null,
  "appRoles": [],
  "applicationTemplateId": null,
  "availableToOtherTenants": false,
  "deletionTimestamp": null,
  "displayName": "kubernetes",
  "errorUrl": null,
  "groupMembershipClaims": null,
  "homepage": "http://example.com",
  "identifierUris": [
    "http://kubernetes"
  ],
  }
  ...
  {
    "adminConsentDescription": "Allow the application to access kubernetes on behalf of the signed-in user.",
    "adminConsentDisplayName": "Access kubernetes",
    "id": "59xxx87-xxxx-47b8-xxxx-1708xxxxefcd",
    "isEnabled": true,
    "type": "User",
    "userConsentDescription": "Allow the application to access kubernetes on your behalf.",
    "userConsentDisplayName": "Access kubernetes",
    "value": "user*impersonation"
  }
...
}

You’ll need to use the “appID” parameter from this output. In our example, it would be:


"appId": "7bxxxxc3-xxxx-4d74-xxxx-8c40xxxb558"

4) Create a service principal for the app:

az ad sp create --id appId

Use “appId” from the previous step here: 

az ad sp create -id 7bxxxxc3-xxxx-4d74-xxxx-8c40xxxb558

CLI output example:

{
  "accountEnabled": true,
  ...
}
...
"objectId": "85xxxxcb-xxxx-4761-xxxx-63fxxxx515e",
  "objectType": "ServicePrincipal",
  "odata.metadata": "https://graph.windows.net/32xxxxb3-xxxx-46b3-xxxx-0e33xxxx46d1/$metadata#directoryObjects/@Element",
  "odata.type": "Microsoft.DirectoryServices.ServicePrincipal",
}
...

5) Create a role assignment:

az role assignment create --role "Owner" --assignee http://kubernetes --subscription SUBSCRIPTION_ID

In this case, you will use the subscription ID from step №2:

az role assignment create --role "Owner" --assignee http://kubernetes --subscription c0xxxxa5-xxx-4ecb-xxxx-f37bxxxx28d6

You’ll find the following CLI output:

{
  "canDelegate": null,
  "id": "/subscriptions/c0xxxxa5-xxx-4ecb-xxxx-f37bxxxx28d6/providers/Microsoft.Authorization/roleAssignments/4fxxxx7f-xxxx-4ccf-xxxx-7287xxxxfa14",
  "name": "4fxxxx7f-xxxx-4ccf-xxxx-7287xxxxfa14",
  "principalId": "85xxxxcb-xxxx-4761-xxxx-63ffxxxx515e",
  "principalType": "ServicePrincipal",
  "roleDefinitionId": "/subscriptions/c0xxxxa5-xxx-4ecb-xxxx-f37bxxxx28d6/providers/Microsoft.Authorization/roleDefinitions/8exxxx57-xxxx-443c-xxxx-2fe8xxxxb635",
  "scope": "/subscriptions/c0xxxxa5-xxx-4ecb-xxxx-f37bxxxx28d6",
  "type": "Microsoft.Authorization/roleAssignments"
}

Please be careful when inserting the credentials. If you add incorrect credentials, you will not be able to add flavor and create a cluster.

You can switch to Taikun and add your Azure credentials now:

  1. Switch to Cloud credentials in Taikun 

  2. Hit Add Cloud Credentials in the top-right corner

  3. Specify the necessary parameters in the Azure section:
  • Cloud Name – choose a name for your Cloud Credentials (3-30 characters, e.g. cloud-test)
  • Azure Client ID
  • Azure Client Secret
  • Azure Tenant ID

Where to find the Azure credentials

If you haven’t created your application via CLI, you can find the guidelines here.

Credentials for Azure are located in different tabs. Instructions on where to find them are posted below.

Please be careful when inserting the credentials. If you add incorrect credentials, you will not be able to add flavor and create a cluster.

Azure Client and Tenant Id
  • Azure Active Directory – App registrations – All Applications – application -> Application (client) ID (=Azure Client Id) and Directory (tenant) ID (Azure Tenant Id)
  • Azure Active Directory – App registrations – All Applications – application – Certificates & secrets – Client secrets -> Value (=Azure Secret Id)
🔥
Warning

Client Secret is shown only for the first time, we recommend to save it somewhere else.

Azure Subscription Id
ℹ️
Info

Subscription is chosen from drop-down selection, but you can find below where to find your Subscription ID.

  • Subscriptions -> Subscription ID (=Azure Subscription Id)

More information is provided in the Azure guideline

Google Cloud Platform (GCP)

Adding your Google Cloud Platform (GCP) Cloud credentials

  1. Switch to Cloud credentials in Taikun 

  2. Hit Add Cloud Credentials in the top-right corner

  3. Specify the necessary parameters in the Google section:

    • Cloud Name – choose a name for your Cloud Credentials (3-30 characters, e.g. cloud-test)
    • Import Project – Configure your GCE account without folder ID and billing account details
    • Folder ID and Config file find credentials in your GCE account (under My Security Credentials)
    • Region choose a suitable region
    • Zone Cont – choose availability for the region
    • Billing AccountHere you will see the billings account which is configured with your project and user

Where to find the Google Cloud Platform (GCP) security credentials

  1. Go to console.cloud.google.com
  2. Select your project from the folder
  1. From the hamburger menu select IAM & Admin

  1. From the hamburger menu select IAM & Admin
  1. Specify the necessary parameters in the Google section:

    • As you add the service account name it will automatically generate a service account id which you can copy for further steps
    • In the Service account description, you need to describe what this service account will do (Which is optional)
    • Click on create and continue
    • Region choose a suitable region
    • Grant this service account access to the project: Grant this service account access to the project so that it has permission to complete specific actions on the resources in your project. (optional)
    • Grant users access to this service account: Grant access to users or groups that need to perform actions as this service account. (optional)
    • Add id in selected project IAM – add – principal id what we created in service account with owner or editor role.
  1. Click on KEYS and ADD KEY:
    • For a new service account, you need to create a new key which will be a .json file if you have any existing key you can add that but the principal Id should be the same in the .json file as the service id
  1. Select the project’s folder and click on IAM from the hamburger menu
  1. Click on add to roles for service account: in the new principal, you have to add the id which you created in the service account
📄
Note

You can find ID in downloaded .json file

Billing Account

  1. Select your project again and select billing from the hamburger menu
  1. Click on billing account manage
  1. Click on add principal
  1. Add your service account id with the billing account user role

Taikun added support for importing existing google project when creating a google cloud credential, the procedure is the following:

import project:
1 – enable billing on the project (edited)
2 – enable the following apis on the project

cloudresourcemanager.googleapis.com iam.googleapis.com logging.googleapis.com cloudbilling.googleapis.com compute.googleapis.com serviceusage.googleapis.com

To add normal google cc in taikun:

--- billing user permission
--- iam for folder 

Folder Admin
Project Creator
--- sa's project must have API enabled

cloudresourcemanager.googleapis.com iam.googleapis.com logging.googleapis.com cloudbilling.googleapis.com compute.googleapis.com serviceusage.googleapis.com
--- sa's project must have billing enabled

VMware Tanzu

Recommendation

Please note that only users with a Partner role in Taikun can add VMware Tanzu credentials for security purposes.

Tanzu is a suite of products and services developed by VMware to facilitate the deployment, management, and modernization of applications across multi-cloud and hybrid-cloud environments. It aims to simplify and accelerate the process of building, running, and managing applications using modern cloud-native technologies. 

To add your VMware Tanzu credentials:

  1. Switch to the Cloud credentials tab in Taikun while logged in as a Partner user
  2. Click on the Add Cloud Credentials button in the top-right corner 
  3. Specify the following parameters in the Tanzu section:
    • Cloud Name – choose a name for your Cloud Credentials (3-30 characters, e.g. tanzu-cloud-test) 
    • URL – Endpoint-Identity (e.g. https://stra-caas56.businesscube.cz) ○ User – your user name to Tanzu (e.g. user) 
    • Password – your password to Tanzu (e.g. user234)
    • Namespace – Write your appropriate namespace here
    • Volume Type – Select your appropriate volume type. ○ Continent – Select your working continent.
  4. Confirm your action

Proxmox

Recommendation

Please note that only users with a Partner role in Taikun can add Proxmox credentials for security purposes.

Proxmox VE (Virtual Environment) is an open-source server virtualization management platform. It allows you to create and manage virtual machines (VMs) and containers on a cluster of physical servers. Proxmox VE is based on Debian Linux and uses KVM (Kernel-based Virtual Machine) as the hypervisor and LXC (Linux Containers) for lightweight virtualization. 

To add your Proxmox credentials:

  1. Switch to the Cloud credentials tab in Taikun while logged in as a Partner user
  2. Click on the Add Cloud Credentials button in the top-right corner 
  3. Specify the following parameters in the Proxmox section:
    • Cloud Name – choose a name for your Cloud Credentials (3-30 characters, e.g. proxmox-cloud-credentials) 
    • Proxmox API Host – Proxmox API Host is a software component that provides a programming interface for managing and interacting with Proxmox Virtual Environment (PVE) infrastructure. (e.g https://itera-proxmox-XXX.XXX.XX/api2/json ) 
    • Proxmox Client ID – Proxmox Client ID refers to a unique identifier assigned to a client or user in the Proxmox Virtual Environment (PVE) system. (e.g. itera@XX!XXX)
    • Proxmox Client Secret – a secure string or key generated along with the Client ID and used for authentication and authorization.
    • Storage – refers to the available space and resources for storing virtual machine data. 
    • VM Template Name – VM Template Name in Proxmox refers to a predefined, reusable configuration and setup for a virtual machine (VM).
    • Hypervisors – Hypervisors is responsible for abstracting and virtualizing the underlying hardware resources, allowing multiple VMs to run concurrently on a single physical server. 
    • Public Network and Private Network:
      • Network Address and Mask (e.g. 78.XX.XX.12/17) 
      • Gateway (e.g. 78.XX.XX.11) 
      • Allocation Range (e.g. 78.XX.XX.22 – 78.XX.XX.100) 
      • Bridge – select the appropriate bridge for your credentials.
  4. Confirm your action

Available Actions

You can expand all tables to see the last modification made (Created ByLast ModifiedLast Modified By).

 Make default – choose credentials which will be then filled during project creation, lighter color indicates selected credentials

 Update Cloud Credentials – change the credentials which are not locked

 Navigate to OpenStack/Azure Quota Charts – Preview the quotas from your cloud

  • you can also filter Azure usage quotas by CPUstoragegallery, or general

/ Lock/Unlock credentials – if you lock the credentials, you can’t use them for new Projects, edit or delete them

 Delete – delete empty and unlocked credentials

Was it helpful?