Add a Kubernetes Cloud Account


Be aware that these screen captures may change based on the Kubernetes container changes. They are provided in this section as a point of reference.

Before adding a cloud account to a Kubernetes cloud in CloudCenter Suite, verify the following Kubernetes requirements:

  • A valid Kubernetes service account.

  • cluster-admin cluster role binding exists on the API server (see the Kubernetes Documentation).

  • A valid Service Account Token. You can retrieve the Service Account Token from Kubernetes using one of two methods:

    • Kubernetes Dashboard Method:

      1. Access the Kubernetes web UI and scroll the left menu bar down to Config and Storage and click Secrets. The list of secrets for the cluster is shown on the right panel:

      2. Click the link corresponding to the Service Account Token to view the token details screen:

      3. Click the eyeball icon to the left of the token at the end of the Data section to reveal the token. Copy and paste to the Service Account Token field in the CloudCenter Suite's Add Cloud Account dialog box (see Configuration Process below).

        The service account token must be in base64 format before pasting into the Add Cloud Accounts page. Retrieving the token form the Kubernetes Web UI assures this to be true.

    • The kubectl Command Method:

      1. Issue the following commands in sequence – the last command returns the token.

        export NAMESPACE="default"
        export SERVICE_ACCOUNT_NAME="bob-the-bot3"
        kubectl create serviceaccount $SERVICE_ACCOUNT_NAME -n $NAMESPACE
        serviceaccount "bob-the-bot3" created
        kubectl create clusterrolebinding <name> --clusterrole=cluster-admin -serviceaccount=$NAMESPACE:$SERVICE_ACCOUNT_NAME
        export SECRET_NAME=$(kubectl get serviceaccount $SERVICE_ACCOUNT_NAME -n $NAMESPACE -o 'jsonpath={.secrets[0].name}' 2>/dev/null)
        kubectl get secret $SECRET_NAME -n $NAMESPACE -o "jsonpath={.data.token}" | openssl enc -d -base64 -
      2. Copy and paste this token to the Service Account Token field in the CloudCenter Suite's Add Cloud Account dialog box (see Configuration Process below).

Configuration Process

To add a cloud account a Kubernetes cloud, follow this procedure.

  1. Locate the Kubernetes cloud in the Clouds page click the Add Cloud Account link. This displays the Add Cloud Account dialog box as shown in the figure below.

  2. Assign a new cloud account name.


    The name should not contain any space, dash, or special characters.

  3. Add the following Cloud Credentials: 



    Service Account Name

    The email address or username that you used to login to the Kubernetes cluster.

    Service Account Token

    The token used to access the Kubernetes service account as specified in the Prerequisites section above.

    When done, click ConnectCloudCenter Suite will now attempt to validate your account credentials.

  4. After the credentials are verified, the Connect button changes to an Edit button and two new fields appear Enable Account For and Enable Reporting By Org Structure, as shown in the figure below.

    1. Set the Enable Account For dropdown per the table below.

      ProvisioningWorkload Manager can deploy jobs using this account.
      ReportingCost Optimizer and Workload Manager will track cloud costs for this account. Typical usage: master cloud accounts which are used for billing aggregation.
      Provisioning, ReportingDefault. Account is used for both provisioning and reporting.
    2. For AWS and Google clouds only: Set the Enable Reporting By Org Structure toggle to On to cause Cost Optimizer to import the cost hierarchy created in the cloud provider portal. This saves the time of manually creating a comparable cost hierarchy within Cost Optimizer. See Cost Groups Configuration for more information on cost hierarchies in Cost Optimizer.

  5. Click the Save button when done.

After you add cloud accounts, they will appear in the Cloud Accounts list in the Accounts tab for the cloud as shown in the figure below.

The cloud account list contains columns for data you entered into the Add Cloud Account dialog box: Account Name, Description, Enabled For; and two additional columns: Billing Units and Actions. The third column, Billing Units, is dual function. If the cloud account contains only one billing unit, the ID for that billing unit is displayed. If the cloud account contains multiple billing units, such as an AWS master account, the number of billing units in that account is displayed followed by the text "Billing Units". 

A billing unit is the most granular level of cloud cost recording in CloudCenter Suite. The definition of billing unit varies by cloud provider as shown in the table below.

Cloud ProviderBilling Unit
AWSAccount ID
AzureRMSubscription ID
GoogleProject ID
vCenterCloud Group Prefix - Datacenter Name
OpenStackProject ID
KubernetesNamespace UID

The last column, Actions, contains links to let you edit or deleted the cloud account, or manage instance types for the cloud account.

  • No labels
Terms & Conditions Privacy Statement Cookies Trademarks