Paralus is the newest Opensource project that helps you with zero trust access management for Kubernetes.
It gives you a single dashboard that allows you to manage all your clusters from one portal. In this article, I'll show we can Install Paralus on a local Kind cluster.
You can refer to the Paralus website to learn more about Paralus.
Kind
The following section talks about installing Paralus in a Kind cluster. Kind is a tool used to run local Kubernetes clusters using Docker container nodes. Learn more about Kind.
Installing and Configuring Kind
If you don't already have Kind installed on your local system, you can do so by following the Kind Quickstart Documentation. The default settings are good enough to get you started.
The next step is to create a Kind cluster. To do that you can create a copy of this configuration file and use that to create a cluster.
kind create cluster --config cluster.yaml
Note down the IP address of the control plane by running the following command
docker container inspect kind-control-plane --format '{{ .NetworkSettings.Networks.kind.IPAddress }}'
172.20.0.2
Installing Paralus
Add the paralus helm repository
helm repo add paralus https://paralus.github.io/helm-charts
helm repo update
helm install myrelease paralus/ztka \
-f https://raw.githubusercontent.com/paralus/helm-charts/main/examples/values.dev-generic.yaml \
--set fqdn.domain="paralus.local" \
-n paralus \
--create-namespace
Note: In case you get an error, run
helm dependency buildto build the dependencies.
You'll see the following output if the installation succeeds:
NAME: ztkarelease
LAST DEPLOYED: Wed Jun 15 09:05:49 2022
NAMESPACE: paralus
STATUS: deployed
REVISION: 1
NOTES:
1. Access the application URL by running these commands:
Open http://console.paralus.local in browser.
You can view the recovery link for admin user by running the following command once all the pods are running:
kubectl logs -f --namespace paralus $(kubectl get pods --namespace paralus -l app.kubernetes.io/name='paralus' -o jsonpath='{ .items[0].metadata.name }') initialize | grep 'Org Admin signup URL:'
Note: It can take upto a few minutes before all the pods are running and you can access the dashboard. You can check the status using
watch kubectl get pods
Configuring /etc/hosts
Since we are deploying Paralus on local cluster, we need to update the /etc/hosts file with the IP Address/Ingress Host name to access the dashboard.
In order to do that, edit the /etc/hosts file using your favourite editor and add the following line at the end of it along with the IP address obtained and save it.
172.20.0.2 console.paralus.local
Refer to the value of fqdn.domain in your values.yaml file to find the default host.
Open your favorite web browser and navigate to http://console.paralus.local, you will be see the dashboard with the login screen
Resetting Default Password
Paralus comes configured with default credentials that allow you to access the dashboard.
In order to get the Password Reset URL, copy the command displayed after helm install and execute it
kubectl logs -f --namespace paralus $(kubectl get pods --namespace paralus -l app.kubernetes.io/name='paralus' -o jsonpath='{ .items[0].metadata.name }') initialize | grep 'Org Admin signup URL:'
Org Admin signup URL: http://console.paralus.local/self-service/recovery?flow=9ec13c6f-414e-4cb5-bf4c-def35973118f&token=ge6bi6zmyzUlQrHlYTOCDeItV82hT08Y
Note: The password recovery link generated while deploying Paralus is valid only for
10 minutes. For any reason if the link is expired, refer to the troubleshooting guide to re-generate the password reset link.
Access the URL in a browser, and provide a new password.
Accessing Paralus Dashboard
In a new browser window/tab navigate to http://console.paralus.local and log in with the following credentials:
- username:
admin@paralus.local- or the one you specified invalues.yaml - password:
<The one you entered in the earlier section>
You'll be taken to the projects page where you'll see a default project.
Importing Existing Cluster
Everything in Paralus is grouped into Projects. Each project will have clusters, users and groups associated with it. Hence the first step it to create a new project.
Click on New Project to create a new project and then import a cluster in that project.
Click Continue and download the bootstrap yaml file by clicking Import Bootstrap YAML. This will download the YAML file that is required to connect your cluster with Paralus.
Configuring Network
Getting Cluster ID and Hostname
Open the downloaded yaml file in a text editor and look for clusterID
data:
clusterID: 5dceca49-c6cd-4a2b-b65a-f193c4fa001f
relays: '[{"token":"cakmpdvjd030q1q53p9g","addr":"console.paralus.local:80","endpoint":"*.core-connector.paralus.local:443","name":"paralus-core-relay-agent","templateToken":"cakl93fjd030q1q53p5g"}]'
With the clusterID identified, we need to update the hosts file. This becuase we are using hostname to route traffic.
5dceca49-c6cd-4a2b-b65a-f193c4fa001f.user.paralus.local
5dceca49-c6cd-4a2b-b65a-f193c4fa001f.core-connector.paralus.local
Updating /etc/hosts
Add two new lines in /etc/hosts file along with the IP address obtained
172.20.0.2 5dceca49-c6cd-4a2b-b65a-f193c4fa001f.user.paralus.local
172.20.0.2 5dceca49-c6cd-4a2b-b65a-f193c4fa001f.core-connector.paralus.local
Your final /etc/hosts file should be something like the following
172.20.0.2 console.paralus.local
172.20.0.2 5dceca49-c6cd-4a2b-b65a-f193c4fa001f.user.paralus.local
172.20.0.2 5dceca49-c6cd-4a2b-b65a-f193c4fa001f.core-connector.paralus.local
Accessing Existing Cluster
With all the changes in place, it's time to apply the bootstrap yaml file that we download while importing an existing cluster
kubectl apply -f mylocalcluster.yaml
Wait for the changes to take place. On the dashboard you will see that the cluster is imported successfully. It usually takes 3-5 minutes for the status to update.
You can also execute
kubectl get podsto check the status.
Select your newly imported cluster and click on kubectl to access the prompt and interact with your cluster from the dashboard.
A kubectl console will open in the bottom half of the screen, enter your kubectl commands to interact with your cluster.
And that's how you can setup Paralus on a local Kind cluster for trying it out before taking it to production environment.
Follow me at @TheTechmaharaj for more :)
Top comments (0)