Manager | 
Partner
Before you can create your own project, you have to add a cloud. Now you can choose from OpenStack, AWS, Azure, or Google.
You just have to fill in the correct credentials from your account and Taikun will connect with them.
Use 
button to Add Cloud Credentials. Choose which Cloud you want to add and fill in the required data. After you add new Cloud Credentials, you can use the Cloud as storage for your new projects.
OpenStack #
Requirements for Openstack
Warning
A Taikun image must already exist in the OpenStack Cloud. Requirement is an Ubuntu 20 image, we recommend using the most recent kernel (e.g. a base Ubuntu image with hwe kernel available here: https://repo.itera.io/repository/images/taikun-image.qcow2)
To use an image in Taikun you have to use the tags “taikun” and “ubuntu{number}”. By default Taikun takes an image with the latest {number}.
Command to add an image to OpenStack:
openstack image create –disk-format qcow2 –container-format bare –public –tag taikun –tag ubuntu20.04 –property hw_disk_bus=scsi –property hw_scsi_model=virtio-scsi taikun-focal-image –file taikun-image.qcow2
Adding your OpenStack Cloud credentials:
- Switch to Cloud credentials in Taikun
- Hit Add Cloud Credentials in the top-right corner
- Specify the following parameters in the OpenStack section:
- Cloud Name – choose a name for your Cloud Credentials (3-30 characters, e.g. cloud-test)
- User – your user name to OpenStack (e.g. user)
- Password – your password to OpenStack (e.g. 123abc)
- URL – Endpoint-Identity (e.g. https://cloud.mycloud.com:32132)
- Domain – insert domain name (e.g. default)
- Project – select Project if there are multiple options (e.g. my-cloud-project)
- Region – select Region if there are multiple options (e.g. RegionOne)
- Public Network – choose a network, if available (e.g. public2)
- Optional:
- Specify Availability Zone
- Volume Types
- Enable Import Network
Warning
If you choose to import your network, DNS created in Access Profiles will be ignored.
Warning
If entered Credentials are invalid, you will be notified that Cloud cannot be connected.
Where to find the OpenStack credentials #
As you should know your username and password, the other data from OpenStack will be added to Taikun automatically after filling in the URL.
To find the URL:
- Log into your OpenStack account
- Locate the Project – API Access section in the left-hand navigation panel
- Find the Identity row and copy its Service Endpoint
Amazon Web Services (AWS) #
Adding your Amazon Web Services (AWS) Cloud credentials
- Switch to Cloud credentials in Taikun
- Hit Add Cloud Credentials in the top-right corner
- Specify the necessary parameters in the Amazon Web Services section:
- Cloud Name – choose a name for your Cloud Credentials (3-30 characters, e.g. cloud-test)
- Access Key ID, Secret Access Key – input your AWS credentials
- Region – choose a suitable region
- Availability Zone – choose availability for a region
Where to find the Amazon Web Services (AWS) security credentials #
- Log into your AWS account
- Click on your profile name in the top-right corner and access the Security credentials section
- Here you can create a new Access key along with a Secret key in the Access key ID and secret access section
- Alternatively, you can use your previous combination (as long as you have your Secret key)
Additional AWS documentation
Azure #
Before adding the Azure account, you need to create an application registration with commands. (source)
Info
The provided instructions are specific to Linux. It might look different with another Operating System.
1) If you haven’t installed Azure CLI, you can do it with the following command:
sudo apt install azure-cli -y
2) Login
sudo apt-get install azure-cli
You will be redirected to an Azure page where you can choose your account:
CLI output will be similar to this:
[
{
"cloudName": "AzureCloud",
"id": "c0xxxxa5-xxx-4ecb-xxxx-f37bxxxx28d6",
"isDefault": true,
"name": "Bezplatná zkušební verze",
"state": "Enabled",
"tenantId": "32xxxxb3-xxx-46b3-xxxx-0exxxxc46d1",
"user": {
"name": "usermail@gmail.com",
"type": "user"
}
}
]You’ll need to fetch Azure Subscription ID (“id”) and Azure Tenant ID (“tenantID”) fields from the output. Here’s what we would use in our test instance:
"id": "c0xxxxa5-xxx-4ecb-xxxx-f37bxxxx28d6”
"tenantId": "32xxxxb3-xxx-46b3-xxxx-0exxxxc46d1"
3) Create a new Azure App with the following command:
az ad app create --display-name kubernetes --identifier-uris http://kubernetes --homepage http://example.com --password CLIENT_SECRETYou’ll need to use your Client Secret in this command which can be deleted later (e.g. “Ue9)Qj^V\~UYES3(C”)
CLI output will look like this:
{
"acceptMappedClaims": null,
"addIns": [],
"allowGuestsSignIn": null,
"allowPassthroughUsers": null,
! "appId": "7bxxxxc3-xxxx-4d74-xxxx-8c40xxxb558", !
"appLogoUrl": null,
"appPermissions": null,
"appRoles": [],
"applicationTemplateId": null,
"availableToOtherTenants": false,
"deletionTimestamp": null,
"displayName": "kubernetes",
"errorUrl": null,
"groupMembershipClaims": null,
"homepage": "http://example.com",
"identifierUris": [
"http://kubernetes"
],
}
...
{
"adminConsentDescription": "Allow the application to access kubernetes on behalf of the signed-in user.",
"adminConsentDisplayName": "Access kubernetes",
"id": "59xxx87-xxxx-47b8-xxxx-1708xxxxefcd",
"isEnabled": true,
"type": "User",
"userConsentDescription": "Allow the application to access kubernetes on your behalf.",
"userConsentDisplayName": "Access kubernetes",
"value": "user*impersonation"
}
...
}
You’ll need to use the “appID” parameter from this output. In our example, it would be:
"appId": "7bxxxxc3-xxxx-4d74-xxxx-8c40xxxb558"
4) Create a service principal for the app:
az ad sp create --id appId
Use “appId” from the previous step here:
az ad sp create -id 7bxxxxc3-xxxx-4d74-xxxx-8c40xxxb558
CLI output example:
{
"accountEnabled": true,
...
}
...
"objectId": "85xxxxcb-xxxx-4761-xxxx-63fxxxx515e",
"objectType": "ServicePrincipal",
"odata.metadata": "https://graph.windows.net/32xxxxb3-xxxx-46b3-xxxx-0e33xxxx46d1/$metadata#directoryObjects/@Element",
"odata.type": "Microsoft.DirectoryServices.ServicePrincipal",
}
...
5) Create a role assignment:
az role assignment create --role "Owner" --assignee http://kubernetes --subscription SUBSCRIPTION_ID
In this case, you will use the subscription ID from step №2:
az role assignment create --role "Owner" --assignee http://kubernetes --subscription c0xxxxa5-xxx-4ecb-xxxx-f37bxxxx28d6
You’ll find the following CLI output:
{
"canDelegate": null,
"id": "/subscriptions/c0xxxxa5-xxx-4ecb-xxxx-f37bxxxx28d6/providers/Microsoft.Authorization/roleAssignments/4fxxxx7f-xxxx-4ccf-xxxx-7287xxxxfa14",
"name": "4fxxxx7f-xxxx-4ccf-xxxx-7287xxxxfa14",
"principalId": "85xxxxcb-xxxx-4761-xxxx-63ffxxxx515e",
"principalType": "ServicePrincipal",
"roleDefinitionId": "/subscriptions/c0xxxxa5-xxx-4ecb-xxxx-f37bxxxx28d6/providers/Microsoft.Authorization/roleDefinitions/8exxxx57-xxxx-443c-xxxx-2fe8xxxxb635",
"scope": "/subscriptions/c0xxxxa5-xxx-4ecb-xxxx-f37bxxxx28d6",
"type": "Microsoft.Authorization/roleAssignments"
}
Please be careful when inserting the credentials. If you add incorrect credentials, you will not be able to add flavor and create a cluster.
You can switch to Taikun and add your Azure credentials now:
- Switch to Cloud credentials in Taikun
- Hit Add Cloud Credentials in the top-right corner
- Specify the necessary parameters in the Azure section:
- Cloud Name – choose a name for your Cloud Credentials (3-30 characters, e.g. cloud-test)
- Azure Client ID
- Azure Client Secret
- Azure Tenant ID
Where to find the Azure credentials #
If you haven’t created your application via CLI, you can find the guidelines here.
Credentials for Azure are located in different tabs. Instructions on where to find them are posted below.
Please be careful when inserting the credentials. If you add incorrect credentials, you will not be able to add flavor and create a cluster.
Azure Client and Tenant Id
- Azure Active Directory – App registrations – All Applications – application -> Application (client) ID (=Azure Client Id) and Directory (tenant) ID (Azure Tenant Id)
- Azure Active Directory – App registrations – All Applications – application – Certificates & secrets – Client secrets -> Value (=Azure Secret Id)
Warning
Client Secret is shown only for the first time, we recommend to save it somewhere else.
Azure Subscription Id
Info
Subscription is chosen from drop-down selection, but you can find below where to find your Subscription ID.
- Subscriptions -> Subscription ID (=Azure Subscription Id)
More information is provided in the Azure guideline
Google Cloud Platform (GCP) #
Adding your Google Cloud Platform (GCP) Cloud credentials
- Switch to Cloud credentials in Taikun
- Hit Add Cloud Credentials in the top-right corner
- Specify the necessary parameters in the Google section:
- Cloud Name – choose a name for your Cloud Credentials (3-30 characters, e.g. cloud-test)
- Import Project – Configure your GCE account without folder ID and billing account details
- Folder ID and Config file – find credentials in your GCE account (under My Security Credentials)
- Region – choose a suitable region
- Zone Cont – choose availability for the region
- Billing Account – Here you will see the billings account which is configured with your project and user
Where to find the Google Cloud Platform (GCP) security credentials #
- Go to console.cloud.google.com
- Select your project from the folder
- From the hamburger menu select IAM & Admin
- From the hamburger menu select IAM & Admin
- Specify the necessary parameters in the Google section:
- As you add the service account name it will automatically generate a service account id which you can copy for further steps
- In the Service account description, you need to describe what this service account will do (Which is optional)
- Click on create and continue
- Region – choose a suitable region
- Grant this service account access to the project: Grant this service account access to the project so that it has permission to complete specific actions on the resources in your project. (optional)
- Grant users access to this service account: Grant access to users or groups that need to perform actions as this service account. (optional)
- Add id in selected project IAM – add – principal id what we created in service account with owner or editor role.
- Click on KEYS and ADD KEY:
- For a new service account, you need to create a new key which will be a .json file if you have any existing key you can add that but the principal Id should be the same in the .json file as the service id
- Select the project’s folder and click on IAM from the hamburger menu
- Click on add to roles for service account: in the new principal, you have to add the id which you created in the service account
Note
You can find ID in downloaded .json file
Billing Account
- Select your project again and select billing from the hamburger menu
- Click on billing account manage
- Click on add principal
- Add your service account id with the billing account user role
Actions #
You can expand all tables to see the last modification made (Created By, Last Modified, Last Modified By).
Make default – choose credentials which will be then filled during project creation, lighter color indicates selected credentials
Update Cloud Credentials – change the credentials which are not locked
Navigate to OpenStack/Azure Quota Charts – Preview the quotas from your cloud
- you can also filter Azure usage quotas by CPU, storage, gallery, or general
/
Lock/Unlock credentials – if you lock the credentials, you can’t use them for new Projects, edit or delete them
Delete – delete empty and unlocked credentials
