Connect Kubernetes Cluster

An org admin connects an existing Kubernetes cluster to the Crafting system to enable Kubernetes Development Experience for all members of the org.

How It Works

Connecting a Kubernetes cluster installs the Crafting agent in the cluster. The agent runs as a privileged DaemonSet on all nodes and intercepts traffic at the network level. While active, the Crafting agent does not modify any resources in the cluster — all Kubernetes resources remain immutable.

Compatibility

Standard Kubernetes clusters can be connected to Crafting.

Special Kubernetes configurations that do not allow privileged containers are not supported. Examples include:

• Autopilot GKE clusters
• EKS clusters with Fargate

The location of the cluster does not matter. As long as the workloads in the cluster can reach the Crafting server URL, the cluster can be connected.

Service Mesh

Crafting does not require a service mesh in the cluster. If a service mesh is already installed (for example, Istio or Linkerd), the Crafting agent works with it seamlessly.

Network Policy

The Crafting agent needs to communicate with pods in other namespaces. If Network Policy resources are in place, make sure inbound traffic is allowed from the namespace where the Crafting agent is running (the default namespace is crafting-sandbox).

For example:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-crafting
spec:
  podSelector: {}
  policyTypes:
    - Ingress
  ingress:
    - from:
        - namespaceSelector:
            matchLabels:
              kubernetes.io/metadata.name: crafting-sandbox

Cilium

If Cilium is installed in the cluster and the Kubernetes service load balancer (kube-proxy) has been removed, Service NAT must be enabled when connecting the cluster. Add --service-nat to the cs infra connect k8s command, or add --set gateway.serviceNAT=true to the helm command.

Connect

Using the Crafting CLI

The simplest way to connect a Kubernetes cluster is to run the following command from a machine with kubectl and helm installed and configured with access to the cluster:

cs infra connect k8s NAME

NAME is the name of the connected cluster within the Crafting system and does not need to match the actual cluster name.

For EKS clusters where pod IPs are allocated directly from VPC subnets (using the vpc-cni addon), the command cannot automatically detect the pod subnet CIDR. It will prompt you to enter the CIDR, or you can supply it upfront:

cs infra connect k8s NAME --subnets POD-CIDR,SVC-CIDR

Using Helm Directly

When you prefer Infrastructure-as-Code or Configuration-as-Code, the Crafting agent Helm chart can be installed directly and the cluster can then be registered manually on the Crafting side.

The exact steps are available in the Crafting Web Console by clicking the Connect button on the Kubernetes Clusters page:

1. Install the Crafting agent Helm chart. The exact helm command can be generated from the wizard after clicking Connect in the Web Console.

1. Print the public key of the installed Crafting agent:

   kubectl -n crafting-sandbox exec deploy/cdbd -- cdbd-cli connect print-key

1. In the Crafting Web Console, click Connect from the Kubernetes Clusters page, switch to the USE HELM CHART tab, follow the steps, and on the final step:

- Enter the name of the cluster (this is the name on the Crafting side, not necessarily the actual cluster name). - Paste the public key obtained in the previous step.

Inspect the Cluster

All connected clusters are displayed as cards on the Kubernetes Clusters page. Clicking on a card shows a simple list view of the workloads in that cluster.