How to use kubectl to manage applications in CCE clusters from Telefónica Open Cloud

by Fernando de la Iglesia, Technology expert at Telefónica I+D

(EDIT 20/07/2018: With the new version of CCE the procedures described in this article are not longer required, please refer to )

Recently Telefónica Open Cloud (OC) has added container features to his portfolio through the service called Cloud Container Engine (CCE) leveraging Kubernetes. Of course, you can manage, create, design your services and applications using the web console, but I am sure many people would like to automate tasks and manage several clusters with a unified tool, and this is typically the kubernetes tool kubectl. Therefore, the question is how to use kubectl to manage our applications in a CCE cluster taking into account that this is a public cloud service and therefore the access to the master node of the cluster is restricted and protected?

The answer is to use a modified version of kubectl able to connect to the public CCE API and to authenticate using our cloud credentials, in addition to the usual options to connect to a regular kubernetes cluster.

This task requires GO version 1.6. I installed kubectl in a CentOS 7.1 VM that acts as a client system, and for this OS the golang-bin package is already version ≥1.6, but it is easy to install it in some other operating system, a simple search in the internet would give you the answer.

Download the code form github, change to version release-1.5 and compile the kubectl tool

$ git clone
$ cd kubernetes
$ git checkout release-1.5
$ make kubectl

This last command takes some time to execute. After that, copy the generated executable to the local bin path and the kubectlconfig to your user home

$ sudo cp _output/bin/kubectl /usr/local/bin/
$ cp kubectlconfig/kubectlconfig.tgz ~/
$ cd ~
$ tar -xzf kubectlconfig.tgz

Of course, you have to have a cluster previously created. This is very easy using the OC web console or the CCE API

An important data form the cluster we need for the kubectl configuration is the cluster-uuid. You can find this information from the web console or usig the CCE API (see figure below)

For the authentication process, we need a pair of Access Key/Secret Key, that you can generate in the web console as well, in the corresponding section in My Credentials.

With this information, we can now configure kubectl to manage applications in our brand new CCE cluster:

$ kubectl config set-cluster newcluster/brazil —-server= —-cluster-uuid=4d78d1d7-ab8b-4e3f-8cbd-3da2996be381$ kubectl config set-credentials fernando/brazil --access-key=*************** --secret-key=************************ --region-id=sa-brazil-1$ kubectl config set-context fernando/brazil --cluster=newcluster/brazil --user=fernando/brazil

Where in the set-cluster command we have to use the CCE API endpoint corresponding to the OC Region where we have created our cluster (Brazil-1 in this example). You can find the complete list of API endpoints for the different regions in the OC Help Center.

And now we configure kubectl to use this new context. We can see as well the different configurations we have stored and the current context used.

$ kubectl config set current-context fernando/brazil$ kubectl config view

… Just using the standard way in kubectl for this. As a very simple example, we can create a service running a simple node.js web server. Below you can find the Replica Controller yaml file and after it, the Service yaml file

$ cat node-rc.yaml
apiVersion: v1
kind: ReplicationController
name: simplenode
replicas: 1
app: simplenode
name: simplenode
app: simplenode
- name: simplenode
image: fernandodelaiglesia/simplenodeweb
- containerPort: 8080
name: node-port
$ cat node-service.yaml
apiVersion: v1
kind: Service
name: simplenode
apps: simplenode
type: NodePort
- port: 8080
targetPort: 8080
protocol: TCP
app: simplenode

and now we are ready to create the service

$ kubectl create -f node-rc.yaml
replicationcontroller "simplenode" created
$ kubectl create -f node-service.yaml
service "simplenode" created
$ kubectl get services
kubernetes <none> 443/TCP 39d
simplenode <nodes> 8080:31314/TCP 15s

and access the service already available. In this case (a NodePort service type), we can access the service in any of the public IP of the cluster nodes and the assigned port (31314). The nodes’ public IPs can be found in the web console or learned using an API call to the CCE API endpoint (for info on how to access this API endpoint please refer to the corresponding section of the Help Center)

$ curl -i  http://200.XXX.XXX.XXX:31314
HTTP/1.1 200 OK
X-Powered-By: Express
Content-Type: text/html; charset=utf-8
Content-Length: 45
ETag: W/"2d-xUePkkhYSerb0p3OaM1vlVwkBwg"
Date: Mon, 04 Sep 2017 11:55:32 GMT
Connection: keep-alive
Hello world<br>This is a very simple example


You can now make your business grow with the help for Open Cloud CCE Cloud Container Service.

I love to learn, specially how nature works, and this is why I studied physics and love quantum “things”.