1 of 100

Manual - EN

What is Cocktail Cloud?

https://cocktailcloud.io/

Cocktail Cloud is an all-in-one container management platform. With the widespread adoption of cloud technology, there's a growing demand not just for infrastructure management but also for application and service management. Traditional development and operation methods are limited in fully leveraging the advantages of the cloud. Particularly in the realm of applications, there's an increasing demand for automation, efficiency, and integrated management, including continuous integration/deployment (CI/CD), migration, and the establishment of multi/hybrid cloud infrastructures.

The proliferation of container technology is natural in this context. Many companies have already adopted container technology, and this trend continues to grow. Containers package applications or services into independent and executable units, providing the same development and operation experience regardless of the infrastructure environment. Therefore, standardizing cloud management from infrastructure to services can reduce development and operation efforts. Containers offer the advantage of managing multi/hybrid clouds under a consistent environment.

Cocktail Cloud applies the benefits of containers to cloud management, streamlining development and operation tasks and providing a platform for implementing single or multi/hybrid cloud strategies.

Key features of Cocktail Cloud include:

Automation of pipelines from code to build, deployment, and updates.
Workload (service)-centric container management: packaging, lifecycle, resources, etc.
Full-stack monitoring: monitoring the status and resources from infrastructure to containers. Alert management.
Multi/hybrid cluster provisioning and management: Baremetal, private/public clouds.

Apply for Service

Using Cocktail Cloud

overview

Kubernetes and Cocktail Cloud

What is Cocktail Cloud, and describe its features and advantages.

Cocktail Cloud is a platform built on Kubernetes, offering the functionalities and APIs necessary for building, deploying, monitoring, and operating cloud-native applications from their build phase. The reason why many companies consider adopting Kubernetes is due to the increasing importance of cloud-native applications such as containers, microservices, and serverless architectures.

Cloud-native applications enhance continuity and efficiency in development/operation, ensuring high availability through automation for fault response, load-based scaling, and more. However, the adoption and operation of Kubernetes pose challenges due to the difficulty of adapting to new technologies and the complexity of management, becoming another major challenge for enterprises.

Cocktail Cloud provides an integrated platform with all the functionalities and components required for building and operating Kubernetes and cloud-native applications. Enterprises can save time and effort during initial adoption and seamlessly manage and scale thereafter.

Reducing Efforts in Kubernetes Adoption and Operation

While the number of companies adopting Kubernetes is increasing, there's a significant burden on operating and managing open-source installations, updates, and adapting organizations to new technologies. Additionally, setting up components like monitoring, networking, and security that Kubernetes doesn't inherently provide requires additional effort. Cocktail Cloud offers automated tools for configuring and scaling Kubernetes clusters, simplifying cluster management, including upgrades and node expansion. This leads to reduced efforts in initial setup and ongoing management. Cocktail Cloud extends Kubernetes configurations through addons, providing components like monitoring, networking, GPU support, and security. These addons also come with automated installation/update functionalities.

Multi-Cluster Deployment

Enterprises have various reasons for using multi-cluster setups, such as network isolation for security, separate operations for production and development systems, and leveraging public clouds. There's also a growing trend of using multiple clusters and different Kubernetes distributions simultaneously. Cocktail Cloud provides an environment for operating and managing multiple clusters from a single control plane. It supports the construction and management of multi-clusters across diverse infrastructure bases, including private and public clouds, as well as data centers.

Physical Equipment (Baremetal) Based Clusters
Virtualization-Based Private Clouds: OpenStack, VMWare, CTRIX Hypervisor, etc.
Public Clouds: GKE (GCP), EKS (AWS), AKS (Azure), etc.

Multi-Tenancy

Enterprises require work environments where clusters and necessary resources are allocated or shared based on the roles of organizations or teams. Particularly in application service development and operation, it's common for dedicated teams to be responsible, and unique computing resources may be required based on the characteristics of applications. Cocktail Cloud provides independent workspaces for organizations or teams, allowing allocation and management of necessary computing resources (clusters). Beyond basic computing resources like CPU, GPU, Memory, Volume, cloud-native applications also require resources for development/operation such as container image registries and automation pipelines. Resource allocation and management, as well as permission management for workspace members, in a multi-tenancy environment can be easily configured and managed within independent workspaces.

Unified Management/Monitoring

Managing multiple clusters and a multi-tenancy environment can be complex and challenging. Cocktail Cloud addresses these issues through various integrated management features. It allows monitoring and managing the status of enterprise-wide applications and infrastructure resources (clusters, repositories). Teams or organizations can track the development/operation status of applications and services and handle resource requests and issues accordingly. Cocktail Cloud centrally monitors multi-cluster infrastructure resources, application statuses, networks, etc., providing real-time alerts/events and logs to effectively respond to faults or issues. Additionally, it offers a customizable integrated monitoring environment tailored to the needs of the enterprise through metric and rule extensions.

Automation, DevOps

Ensuring continuity from application building to deployment and updates has become increasingly crucial. Swiftly responding to customer demands collected through various channels is a key factor in achieving business success. To address this, enterprises establish automated Continuous Integration/Continuous Deployment (CI/CD) pipelines. Cloud-native applications offer advanced technologies for building automated pipelines compared to before. Leveraging these advancements, Cocktail Cloud provides various functionalities for establishing and managing automated CI/CD pipelines. Enterprises can tailor pipelines according to the characteristics of their applications and development/operation environments. Additionally, they can provide DevOps platforms for teams or organizations, encompassing operations and monitoring.

Security

Security is a critical management factor for enterprises. Especially, managing authorized user access and permissions to the infrastructure (e.g., clusters in the case of Kubernetes) where applications are deployed and executed is a fundamental approach to address threats from unauthorized users. Cocktail Cloud issues access accounts and permissions to authorized users and manages risks through access periods and revocations. Additionally, it tracks the usage history of access accounts through audit logs, enabling swift responses such as cause analysis and blocking in case of security issues. Furthermore, it provides functionalities such as 'Security Policy Management' for policy formulation and application during container execution, and 'Image Scanning' to inspect vulnerabilities in container images.

Understanding Concepts

Platform

The platform is the fundamental unit for using Cocktail Cloud. All functionalities are accessible through the platform. Users perform application development, operation, and management tasks after logging into the platform, depending on their permissions.

The platform consists of one or more workspaces. Workspaces are independent workspaces provided for teams or organizations. Companies can configure workspaces for teams within the platform and allocate necessary resources to provide application development and operation environments. The platform integrates and manages workspaces, applications, and infrastructure resources.

Integrated Platform Management Features

The platform registers and manages clusters (infrastructure resources) used by applications. It allocates and manages cluster resources on a per-workspace basis, either for the entire cluster or by namespace. Applications managed by teams are serviced through the allocated resources.

The platform comprehensively monitors and manages the overall status of applications developed and operated in all workspaces. It manages applications based on their configuration, status, resource usage, and performs tasks such as resource scaling and fault response as needed.

Clusters operate based on Kubernetes. The platform provides necessary functionalities for cluster operation, such as managing Kubernetes state and versioning.

In addition to resource and status management, the platform also provides integrated management functionalities for user management, security, etc.

Integrated Monitoring

The platform centrally monitors the status and resources of multiple clusters and applications. It collects metric data for each cluster infrastructure and application, providing real-time monitoring and analysis capabilities.

In addition to collecting resource and status data, it also collects events and provides notifications based on predefined rules. It detects anomalies in advance, takes appropriate actions, and performs fault analysis and resolution when issues arise.

The platform provides integrated dashboards with various charts for monitoring and analysis purposes.

Platform Configuration

The platform has a unique identifier (ID). Users log in to the platform using this ID. Additionally, users can set the platform name and logo image to represent a unique identity.

The platform holds Cocktail Cloud product license information. This license, along with purchaser information, is managed within the platform, with a designated platform administrator acting as the representative.

Cloud accounts required for operating clusters in public clouds are also managed as platform information. These accounts are utilized for managing cloud infrastructure and authentication information.

Workspace

"Workspace" is an independent workspace provided for teams or organizations. Teams perform development, operation, and monitoring of one or more designated applications within a workspace. One or more members are registered in the workspace to collaborate.

Resources necessary for deploying and operating applications are allocated to workspaces. Resource allocation is performed by the platform administrator and targets clusters and image registries registered in the platform.

Cluster Resource Allocation

In Cocktail Cloud, there is a method for allocating cluster resources to workspaces called service mapping. The service map in Cocktail Cloud is an administrative unit that extends namespaces, or more precisely, it can be said that namespaces are allocated to workspaces.

Teams can be allocated service maps, or namespaces, which are isolated, independent spaces within a cluster, typically referred to as virtual clusters. Teams allocated with namespaces are responsible only for deploying and operating applications, while the cluster (infrastructure) is managed by a separate team. This method is suitable when teams are focused on application development and operation.

Each workspace is independently allocated a registry for storing and managing application container images. Teams or applications manage their images and configure automated pipelines accordingly.

In some cases, teams or applications may share common images. In such cases, a shared image registry can be allocated to the workspace. In this scenario, one or more workspaces will use the same shared image registry.

When the accessing account's permissions are set to user-level, it is necessary, and in the case where it is registered with admin privileges, the workspace can be additionally utilized.

Cluster

Cluster is the infrastructure where containers run. Containers are the deployment units and execution processes of applications. Clusters provide computing resources (CPU, Memory, Storage, Network) necessary for container execution.

A cluster consists of nodes (physical or virtual machines) connected via a network. It is an architecture designed for distributed processing. When containers are deployed to a cluster, they are executed on appropriate nodes. This process, called scheduling, is managed by Kubernetes. Kubernetes is responsible for container scheduling and management within the cluster.

Clusters scale resources by adding nodes. If more resources are needed, nodes are added accordingly, and Kubernetes deploys and manages containers on the expanded nodes.

Container networking and storage for data storage are also components of a cluster.

Kubernetes

Kubernetes is a container orchestration engine that runs containers in clusters and manages their lifecycle. Originally developed by Google, it is now maintained as a CNCF (Cloud Native Computing Foundation) project.

Kubernetes is installed on the cluster and is responsible for managing and providing resources required by containers based on the cluster infrastructure (nodes, network, storage).

Node

A node is one or more compute machines that make up a cluster. They can be physical or virtual machines, each equipped with CPU, Memory, and Disk, connected via a network. Nodes are managed by Kubernetes for scheduling.

Nodes are divided into master nodes and worker nodes. Master nodes host the control plane components of Kubernetes and manage the cluster by communicating with worker nodes.

Worker nodes are where application containers are deployed. The number of worker nodes increases based on the number and capacity of applications. The Kubernetes scheduler on the master node is responsible for deploying containers to worker nodes.

Container Network

Containers running on one or more nodes need to communicate with each other, which is managed by the container network.

Container networking is installed as a Kubernetes component. Kubernetes itself does not provide container networking but offers a standardized interface for external providers to supply plugins, known as the Container Network Interface (CNI). Examples of open-source CNI plugins include Flannel, WeaveNet, Calico.

Cocktail Cloud offers options to configure the cluster's CNI plugin.

Ingress Controller

External access to containers is handled by the ingress controller. It routes external traffic to containers based on hostnames and paths. Routing rules are configured for each application and applied to the ingress controller.

The ingress controller is a Kubernetes component. NGINX controller is commonly used and provided as a default in Kubernetes. Other third-party ingress controllers are also available.

Cocktail Cloud offers options to configure the ingress controller.

Storage

Cluster storage provides persistent volumes for container data storage.

Since containers can be rescheduled to different nodes in case of node failure or resource shortage, storing container data on nodes can be problematic. Therefore, a separate volume called a persistent volume is needed to store and manage data safely.

Kubernetes creates and provides persistent volumes through storage classes. When configuring the cluster, an appropriate storage class for storage must be installed.

Cocktail Cloud provides storage classes as addons, allowing users to select and automatically manage suitable storage classes.

Addon

Besides networking and storage, Kubernetes has components to extend its functionality, referred to as addons.

These addons provide additional capabilities to Kubernetes clusters beyond container management. Examples include monitoring and service meshes.

Cocktail Cloud offers various Kubernetes extension components as addons. They are automatically managed from installation to upgrade, and users can choose and use the required addons.

Service Map

The Service Map is a unit that configures applications and manages various resources. Kubernetes manages applications at the Namespace level. Namespaces are a way of logically dividing clusters to deploy and manage containers, serving as a kind of virtual cluster. The Service Map, provided by Cocktail, is a management space for applications based on namespaces, offering additional management features.

One of the main resources in the Service Map is Workloads, which deploy and manage containers. Other resources include persistent volumes, configuration information, and service exposure.

Pod(Containers)

Pods are resources that deploy and execute containers, composed of one or more containers. They consist of a main container responsible for application logic processing and optional sidecar containers for auxiliary tasks. While most cases require only the main container, additional sidecar containers can be added for functions like log collection, backup, or proxy.

Containers within a pod share the same network (localhost) and volumes, making it easy to scale by adding containers.

Pods can be created independently, but typically, they are managed through workloads responsible for deployment, updates, and lifecycle management.

Workloads

Workloads are Service Map resources responsible for the deployment and lifecycle of pods. They manage the entire lifecycle of pods, including how they are deployed and executed, status monitoring, and restarting in case of issues.

In Cocktail, users interact with workload settings through a web UI console, minimizing errors caused by incorrect configurations.

Even when inputting through the web UI console, users can specify almost all detailed configuration items related to workloads defined in Kubernetes.

Workloads are categorized into several types, each with differences in how pods are deployed, executed, and managed.

Workload Groups

Within a namespace, various types of workloads can be executed, and in some cases, there can be so many workloads that it becomes difficult to understand them all at a glance.

Organizing workloads into workload groups allows for a clear overview of the state of workloads by displaying them according to workload groups.

Deployment Workloads

Deployment workloads replicate the same pod multiple times to provide stable service even if some pods have issues. They are mainly used for stateless application configurations like web servers, where data management is not required. This is because replicated pods have the same container, making them unsuitable for data management.

Deployment workloads also support rolling updates, replacing pods sequentially to perform updates without affecting services.

They also support autoscaling, automatically increasing the number of pod replicas when requested CPU or memory resources are exceeded.

StatefulSet Workloads

StatefulSet workloads deploy pods performing different roles in replication to configure workloads. They are suitable for data storage and management applications such as databases, key-value stores, and big data clusters. Each pod is assigned a unique name, allowing tasks to be processed through pod communication. Each pod uses a unique persistent volume to store/manage data.

DaemonSet Workloads

DaemonSet workloads are Service Map resources that deploy and manage daemon process pods running continuously in the background. Examples of background tasks include log collection and monitoring data collection on each node.

Job Workloads

Job workloads deploy pods to process tasks in a one-time execution. They are mainly used for batch job processing such as data transformation and machine learning.

CronJob Workloads

Similar to job workloads, but they allow for scheduled or periodic execution of jobs. They use configurations similar to Linux's cron tab for scheduling.

Service Exposure

To serve applications externally, pods need to be exposed to external traffic. The Service Map exposes pods to the external traffic through service exposure resources.

Service exposure resources specify pods to expose based on labels. Therefore, even replicated pods with the same label can be specified in one service exposure. In this case, the service exposure performs load balancing to send traffic to one of the specified pods.

Service exposure resources are assigned a fixed IP address, which is a private IP address used within the cluster. This is because pod IP addresses change on restart, which can cause issues if pods are accessed directly. Therefore, the fixed address of the service exposure is used to connect to the specified pods.

Service exposure is categorized based on the exposure method.

Exposing Service with Cluster IP

Exposing services with a cluster IP allows access only within the cluster. It is used for communication between pods via fixed IP addresses within the service map.

Exposing Service with Node Port

Node port exposes services using the node's IP address. External access to pods is possible using the exposed node port (Node IP: Node Port). Node ports are assigned to all nodes in the cluster, allowing access to pods from any node. Typically, all nodes in the cluster are connected to an L4 switch to consolidate access addresses.

Node ports are assigned a range of 30000 to 32767 during cluster installation. Services are exposed automatically or by specifying a port range. This range can be user-configured.

Exposing Service with Load Balancer

When the cluster is configured in a cloud environment, a load balancer can be automatically created to expose services. Pods are exposed via node ports, and the created load balancer connects pod execution nodes with ports. External access is possible using the load balancer's address and port. Load balancer service exposure is only possible on supported cloud platforms like AWS, Azure, and GCP, configured during cluster installation by cloud providers.

Ingress

Apart from service exposure, the Service Map also has Ingress resources for external pod access. Ingress exposes pods to the outside world via hostnames/paths (e.g., abc.com/login, cdf.org/). It functions similarly to an L7 switch.

To use Ingress, an Ingress controller must be installed in the cluster. The Ingress controller receives external traffic and forwards it to pods based on routing information defined in the Ingress (hostname/path -> cluster IP service exposure). Therefore, Ingress exposes the controller to external services, and pods expose services via cluster IP for routing by Ingress rules.

In Kubernetes, the Ingress controller is deployed to pods. Therefore, when installing in the cluster, service exposure should be done via node ports or load balancers.

Note that Ingress routes traffic based on hostnames/paths, so these need to be registered in internal or external DNS servers and accessible by the Ingress controller. Cocktail Cloud provides default configurations for Ingress usage, eliminating the need for additional installation and setup.

In cases of high external traffic to pods, dedicated Ingress nodes are sometimes configured in the cluster. These nodes only have Ingress controllers deployed and are replicated for high availability. They provide scalability by adding Ingress nodes as traffic increases.

Persistence Volumes

When pods need to store and manage data, persistent volumes are necessary. Pods can restart at any time or be reassigned to healthy nodes in case of node failures, making it impossible to use node disk for data storage.

Persistent volumes ensure data integrity even when pods are restarted, reassigned, or deleted because they are managed independently of pod lifecycles. They use separate storage configured with the cluster.

Service Map's persistent volume resources select cluster storage for creation. Created persistent volumes are mounted to pods and used by containers. Persistent volumes are categorized into shared volumes, which can be mounted by multiple pods, and single volumes, which can be mounted by only one pod.

Persistent volumes require storage configured in the cluster. NFS storage is commonly used, supporting any storage that supports the NFS protocol.

Configuration Information (ConfigMap/Secret)

When deploying a web server as a container, you typically use configuration files for server execution. In cases where pods are executed with separate configurations, these settings are managed as configuration resource. While it's possible to include configuration files in the pod's container image, this would necessitate recreating the image whenever configurations change.

Configuration information is created and managed within the service map, and can be mounted to pods' containers as volumes or files. Depending on container implementation, it can also be passed as environment variables. An advantage is that configuration changes can be made and reflected even while pods are running.

Configuration resource is categorized into ConfigMaps and Secrets based on management method. Both manage configuration information, but Secrets encrypt data, making them suitable for sensitive information like database connection details.

Image Update

The pipeline resource in the service map updates container images for workloads. Upon workload deployment completion, a pipeline is automatically created to update container images in pods.

Workload-deployed container images in the service map fall into two types: those generated from Cocktail Cloud builds and those registered in external registries.

Images generated from Cocktail Cloud builds undergo the entire process from image creation to workload deployment automatically whenever application code changes (refer to 'Builds/Images' section for Cocktail Cloud builds).

External registry images are updated via replacement, where the pipeline performs automated deployment only.

Catalog

The catalog in the service map bundles one or more workloads associated with the service map for deployment and updates. It's primarily used for distributing and updating open-source software.

Cocktail Cloud provides many commonly used open-source packages in its catalog. Users can search for desired packages in the catalog and automatically deploy them to the service map. (Refer to the 'Catalog' section for Cocktail Cloud's catalog).

Packages deployed to the service map can perform state monitoring and automatic updates.

Image Build

Containers are deployed and executed as images. Container images are specified by name in the pod's container spec in the format of image_name:tag (e.g., nginx:latest). When using Docker Hub, the registry address where the image is located is often omitted.

Cocktail Cloud provides independent image registries for each workspace. It also offers automated image building through the 'Build' feature.

Image Registry

An image registry stores container images and provides them when the image is required for pod execution. The storage/provisioning interface of image registries is standardized. Typically, the 'Push' API is used to store images in the registry after creation, while the 'Pull' API is used to retrieve images during container execution.

In Cocktail Cloud, image registries can be allocated for each workspace, serving as independent registries for teams. Additionally, image registries can be shared among teams.

When deploying pods from the service map using an allocated image registry, the image configuration is performed by selecting a 'build' rather than specifying the image name. A build automates the process of creating images, and the latest image can be deployed to pods based on the selected build's 'tag.'

Build

A build is a resource in Cocktail Cloud that automates the process of generating container images. Builds can have one or more tags, with each tag defining a different creation process. Tags can be seen as image versions. The process of generating images is called the build flow.

Builds store generated images in the image registry allocated to the workspace. Therefore, images and builds are synonymous, but each image tag (version) has a unique build flow. The structure is Image Registry -> Image (Build) -> Tag (Build Flow).

Users deploy builds (images) and tags (versions) in pods for workloads. The image generated by the build flow of the selected tag is then deployed and executed. The pipeline in the service map automates the entire process of updating images by executing the build flow of the image tag after code changes.

Build Flow

The build flow automates the process of generating images for a specific tag (version). Each step executed by the build flow for image creation is called a 'task.'

Cocktail Cloud offers various types of default tasks, and users can create custom tasks to configure the build flow. Default tasks include downloading code from code repositories (Git), executing user-defined scripts, and building images using Dockerfiles. Additionally, tasks for integrating with external systems' APIs and FTP-based file transfers are provided.

Users can develop and add/extend tasks to the build flow. User-defined tasks need to be containerized before adding them to the build flow.

Tasks in the build flow are executed on the 'build server.' Cocktail Cloud provides options to adjust the capacity of the build server. For build tasks requiring substantial resources, the capacity of the build server can be adjusted.

Security

Security is a crucial aspect of enterprise cloud environments, with three main components in cloud-native setups:

Cluster Authentication and Authorization

Cluster access authentication and authorization refer to the permissions granted to authorized users to access the cluster and manage resources as needed. Users accessing the cluster have user accounts, and resources include applications and data. Administrators authorize user access and grant appropriate permissions for resource management, thereby managing cluster security.

In Cocktail Cloud, users can manage allocated clusters via GUI within workspaces, eliminating the need for direct cluster access for management. However, if using command-line tools or external CI/CD systems, a cluster user account is necessary. Administrators issue cluster accounts to users in such cases.

Cocktail Cloud provides integrated cluster account management, allowing users to access multiple clusters with a single user account and manage resources based on permissions. Users receive cluster accounts from administrators and can manage clusters within the validity period.

Audit Logs

Audit logs record the commands (API) executed by users logged in as Cocktail users or cluster accounts, detailing which resources were affected. In case of incidents or security issues, audit logs can be traced to analyze the root cause.

Cocktail Cloud offers the capability to collect and trace both platform (Cocktail Cloud features) and cluster (Kubernetes) audit logs.

Pod (Container) Security Policies

Pod security policies control permissions, node access, OS security settings, etc., during container execution. Typically, security settings are defined when defining pods. However, enterprises require control over security. Different security settings for each team or organization may lead to unforeseen security vulnerabilities.

Pod security policies can enforce security settings at the cluster or application level. Enterprises can enforce security policies based on their existing security policies.

Cocktail Cloud provides features to configure and apply security policies.

Image Inspection

Container execution images may contain multiple open-source components. For example, a base image is publicly available on the internet and serves as the basis for container image creation by adding user-specific components. If a base image contains malicious code, it poses a security risk.

Cocktail Cloud's image registry offers features to inspect images for malicious code. Additionally, it provides additional checks for outdated component versions or vulnerable code.

Monitoring

Cloud-native applications leverage cluster and container technologies, where clusters manage infrastructure, and containers handle application deployment and execution. Consequently, the monitoring targets differ from traditional applications.

Cluster Monitoring

Clusters consist of nodes, which are computing machines with CPU, GPU, Memory, and Disk, along with an operating system (OS) and container runtime for executing containers. Hence, monitoring of physical resource usage and performance necessary for container execution is done by collecting data (referred to as 'metrics' in monitoring) at the node level.

Container management is handled by Kubernetes, composed of multiple components installed on the cluster's master node. Monitoring the master node and installed components becomes necessary in case of Kubernetes failures, as container management becomes impossible. Monitoring involves tracking resource usage on the master node and the status of installed components.

Nodes and containers within a cluster communicate with each other. Monitoring network usage targets both the physical network and the logical network controlled by Kubernetes.

Application (Container) Monitoring

While cluster monitoring focuses on infrastructure resources required for container execution, container monitoring encompasses resource usage, execution status, and lifecycle monitoring. It also includes monitoring aspects such as communication volume between containers and request processing times.

Container monitoring provides metrics through the Kubernetes API and the Service Mesh API (for configuring container-to-container communication).

Notifications and Events

Notifications occur when monitoring metric data meets certain conditions defined by notification rules. These rules can be both predefined and user-defined.

Events occur when Kubernetes resources change. For instance, events are triggered by pod creation, execution, update, or deletion. Cocktail Cloud collects and provides events as notifications.

Both notifications and events provide real-time information during operation, facilitating proactive measures against application and cluster state changes and failures.

Logs

Kubernetes logs comprise three main types. Firstly, logs recorded by the Kubernetes master provide information necessary for master operation. Secondly, container logs are logs displayed on standard output (STDOUT/STDERR) during container execution. Lastly, application logs are logs recorded in separate files by containers in addition to standard output.

Cocktail Cloud collects all three types of logs, providing an environment for log retrieval and analysis.

Catalog

Typically, applications consist of one or more workloads (containers), especially when deployed on Kubernetes, involving various related resources such as service exposure and volumes. This complexity makes application deployment and upgrades challenging.

Catalogs address these issues by bundling multiple application resources into a single unit called a package and deploying this package with user settings when necessary. Upgrades are also automated based on versioning. There are several open-source tools that support package creation, deployment, and management, with Helm being widely used, especially as an official Kubernetes project.

Cocktail Cloud's catalog offers the ability to search for such packages and automatically deploy them to service maps. These packages are in the form of Helm charts, which are supported by a wide range of open-source projects. Open-source packages are registered and managed in package repositories. There are numerous public package repositories where various open-source packages are available, and the catalog can search all these repositories for packages.

Packages deployed through the catalog are managed in the package menu of the service map. It provides monitoring and status of deployed packages and enables upgrades to newer versions.

Getting Started

Cluster Creation

AWS (EKS)

Before creating the provider, please note that any clusters provisioned via provisioning need to be deleted from Cocktail, not from the EKS console.

Cocktail continuously monitors the status of provisioned clusters. If there are any changes in the EKS console, deleting the cluster from the console will trigger Cocktail to recreate the cluster.

1. Create a Cloud Provider

1) To create a cloud provider for cluster creation, click on the "+ Create" button in the [Provisioning] - [Cloud Providers] tab, and select AWS.

2) Register AWS authentication information in the basic information and click the "Save" button.

Item (* is required)

Content

Account Name*

Enter the name for the registered AWS account

Description

Enter the description for the AWS account

AWS Access Key ID*

Input AWS Account ID

AWS Secret Access Key*

Input AWS Secret Access Key

AssumeRole ARN

Input AWS AssumeRole ARN value

3) Confirm successful registration.

2. Create an EKS Cluster

1) [Provisioning] - Navigate to the [Templates] tab, then click the "Start" button under the EKS (Elastic Kubernetes Service) item in the templates section

2) Select the previously created cloud provider information, choose the required version, and click "Save."

Item (* is required)

Content

Account Name*

Select the registered cloud provider

Region*

Select the region for the cluster to be created

Cluster Name*

Version*

Select the version of the cluster to be created

3) Once saved, the cluster status changes to "CREATING" as it is being provisioned.

4) Click on the "CREATING" status to monitor the cluster creation progress.

5) Click on the [Activity] tab to check the ongoing installation details.

6) Confirm the status changes to "RUNNING" when the cluster is successfully created.

To serve the provisioned cluster, addon-manager deployment and storage class deployment are required.

3. Add AWS Node Group

Amazon Node Group creation is possible only after cluster provisioning installation is completed.

1) Once the cluster configuration is complete, select the cluster, go to the [Resources] tab, and click "+ Add Node Group."

2) Enter the required information for the node group to be created and click "Save."

Item (* is required)

Content

Node Group Name*

Enter the name of the Node to be created

Instance Type*

Select the instance (resource) to be created

Disk Size (GiB)*

Enter the disk capacity of the Node Group to be created

Desired Node*

Enter the number of Node Groups to be created

Min Node Count*

Enter the minimum number of Node Groups to be created when scaling in

Max Node Count*

Enter the maximum number of Node Groups to be created when scaling out

3) When the node group addition starts, the status is displayed in the "Node Group" section.

4) As the node group addition progresses, the status changes to "ACTIVE."

5) Check in the [Infrastructure] - [Clusters] tab if the cluster status and the number of nodes are displayed correctly.

4. Add Amazon EBS CSI Driver

Amazon EBS CSI Driver creation is possible only when there is more than one node group.

1) Once the node group configuration is complete, select the cluster, go to the [Resources] tab, and click "+ Install Amazon EBS CSI Driver."

2) During the installation process, it takes some time to create resources, and later, confirm the installation completion.

3) Once the Amazon EBS CSI Driver installation is complete, the status is displayed in the "Amazon EBS CSI Driver" section.

4) Confirm the installation of the Amazon EBS CSI Driver in [Workloads] - [Deployments].

5. Add Cluster Autoscaler

The Cluster Autoscaler can be created only when there is more than one node group.

1) Once the node group configuration is complete, select the cluster, go to the [Resources] tab, and click "+ Install Cluster Autoscaler."

2) During the installation process, it takes some time to create resources, and later, confirm the installation completion.

3) Once the installation is complete, the status is displayed in the "Cluster Autoscaler" section.

4) Confirm the installation of the Cluster Autoscaler in [Workloads] - [Deployments].

NCP (NKS)

Coming Soon

Azure (AKS)

Coming Soon

GCP (GKE)

Coming Soon

ETC (Datacenter)

Coming Soon

Cluster Registration

AWS (EKS)

When you have previously registered an existing EKS cluster in Cocktail and need to delete it, simply delete the cluster from the AWS console. Please keep this in mind.

1. EKS Cluster Registration

1) Register the created EKS cluster with the Cocktail Cloud using the following procedure.

1.1 Move to the Cluster Registration screen

1) Click on the "+ Register cluster in use" button in the upper right corner of the [Infrastructure] - [Clusters] tab.

1.2 Choose Cluster Provider and Type

1) Select 'Amazon Web Service' as the provider in the cluster configuration form.

2) Choose the type attribute as 'EKS'.

3) Once these two attributes are selected, the Cluster ID setting will be displayed in the cluster configuration form.

4) Choose the region as the one where EKS was created (Example: Seoul (ap-northeast-2)).

The Provider and Type fields are mandatory.

1.3 Cluster Registration

Item (* is required)

Content

Cluster ID*

Cluster name managed by AWS EKS - Retrieve from the Kubernetes config file for the cluster to be registered (~/.kube/config) - Alternatively, check in the AWS console under EKS > Clusters and input the information.

ID*

The content written for the cluster ID remains the same - Must not overlap with the IDs of other already registered clusters

Kubernetes Version*

Enter the Kubernetes Version for the Cluster to be registered

Cluster Name*

The Cluster Name to be used in Cocktail Cloud

Description

Description of the Cluster to be registered

Master address*

Kubernetes Master API Address -Alternatively, check AWS Console > EKS > API Server Endpoint section and enter

Node Port Host Address*

Enter the Public IP of Kubernetes

Node Port Range*

Input the port range 30000-32767, which is available in Kubernetes

Cluster CA Certification*

Cluster CA Certificate

- check AWS Console > EKS > Certificate authority section and enter.

Access Key ID*

ACCESS_KEY of the AWS IAM user with access to the cluster to be registered - Confirm and retrieve from AWS Console > IAM > Users.

Secret Access Key*

SECRET_ACCESS_KEY of the AWS IAM user with access to the cluster to be registered

- Confirm and retrieve from AWS Console > IAM > Users.

1) Click the "Save" button in the menu bar to save the cluster registration.

2) After registration is complete, the cluster list will be displayed.

2. Create Storage Class

1) To use PV/PVC, you need to create a new storage class.

2.1 Move to the storage class creation screen

1) Click on the "+ Create" button at the top right corner of the [Storage] - [Storage Classes] tab, then select AWS EBS CSI.

2.2 Configure Storage Class

1) Fill out the settings form accordingly, then click the "Save" button.

Item (* is required)

Content

Name*

Storage Controller Name

Description

Description of the Storage Controller

Base Storage

Default Storage Settings for Use in this Cluster

Volume Binding Mode*

Volume Binding Mode Selection

- Immediate: Operates at the time PVC is created.

- WaitForFirstConsumer: Operates at the time Pod is created

Reclaim Policy*

- RETAIN: The storage remains when deleted and is automatically reattached upon recreation.

- DELETE: The storage is deleted along with the resource.

Parameters

Name and Value are separated. In each server, enter the IP of the server-side (target) for server, and for share, enter the mount path of the server-side (target).

Mount Options

Only values can be registered. For each, enter "hard" for the value and specify the NFS version (nfsvers). For default OS, set nfsversion to 4.1, and for NAS or other storage, set it to 3.

2.3 Storage Class Creation Completed

1) You can now verify the created storage class

NCP (NKS)

1. NCPKS Cluster Registration

1) To register the created NCPKS cluster with Cocktail Cloud, follow these steps

1-1. Navigate to the Cluster Registration Screen

1) Click the "+ Cluster Registration" button located in the upper right corner of the [Infrastructure] - [Clusters] tab.

1.2 Choose Cluster Provider and Type

1) Set the provider attribute in the Cluster Configuration form to 'Naver Cloud Platform.'

2) Choose the type attribute as 'NCPKS.'

3) Upon selecting these two attributes, the Cluster UUID setting will appear in the cluster configuration form.

4) Choose the region as the one where NCPKS was created (Example: Korea(KR)).

Provider and type fields are mandatory.

1.3 Cluster Registration

Item (* is required)

Content

Cluster UUID*

After creating the cluster, check and retrieve the information from the Kubernetes config file (~/.kube/config)

Cluster Name*

Enter the Cluster Name to be managed by Cocktail Cloud

Kubernetes Version*

Enter the Kubernetes Version for the Cluster to be registered

ID*

ID to be managed by Cocktail Cloud - The ID should consist of only lowercase letters, numbers, and three specified special characters (- . _) (example: eks-acornsoft-demo-cluster) - Must not overlap with the IDs of other already registered clusters

Description

Description of the Cluster to be registered

Master Address*

Confirm and input as you would with UUID, checking the Kubernetes config file (~/.kube/config)

Node Port Host Address*

Enter the Public IP of Kubernetes

Node Port Range*

Input the port range 30000-32767, which is available in Kubernetes

Cluster CA Certification*

Confirm and input as you would with UUID, checking the Kubernetes config file (~/.kube/config)

Access Key ID*

Enter the NCLOUD_ACCESS_KEY in Naver Cloud Portal > My Page > Account Management > API Key Management

Secret Access Key*

Enter the NCLOUD_SECRET_KEY in Naver Cloud Portal > My Page > Account Management > API Key Management

1) Click the "Save" button in the menu bar to initiate the cluster registration.

2) After registration is complete, the cluster list will be displayed, allowing you to verify the recently registered cluster.

Azure (AKS)

Coming Soon

GCP (GKE)

1. GKE Cluster Registration

1) To register the created GKE cluster with Cocktail Cloud, follow these steps

1-1. Navigate to the Cluster Registration Screen

1) Click the "+ Cluster Registration" button located in the upper right corner of the [Infrastructure] - [Clusters] tab.

1.2 Choose Cluster Type and Authenticate

1) Set the provider attribute in the Cluster Configuration form to 'Google Cloud Platform.'

2) Choose the type attribute as 'GKE.'

3) Upon selecting these two attributes, the authentication attribute will appear in the cluster configuration form.

4) Click the authentication button, and a Google authentication window will appear. Enter your Google account credentials.

Provider and type fields are mandatory.
The Google account used must be the one used when creating the GKE cluster to be registered.

1.3 Cluster Registration

1) Once authentication is complete, the authentication attribute will display 'Authentication Completed.'

2) Click the "Save" button in the menu bar to initiate the cluster registration.

The remaining attributes not entered will be automatically filled in based on the information from the GKE cluster after registration.

3) After registration is complete, the cluster list will be displayed, allowing you to verify the recently registered cluster.

Item (* is required)

Content

Project ID*

Select the Google Cloud Project ID - The Project ID is associated with the project where the GKE cluster to be registered is created.

Cluster*

Select the GKE Cluster to Register

Cluster Name*

Enter the Cluster Name to be managed by Cocktail Cloud - The ID can only consist of lowercase letters, numbers, and three specified special characters (- . _) (example: GKE Acornsoft Demo Cluster - 1.00.00) - The name must not overlap with the names of other already registered clusters

ID*

Enter the Cluster ID

ETC (Datacenter)

1. ETC Cluster Registration

1) To register a non-public cloud cluster with Cocktail Cloud, follow these steps

1-1. Navigate to the Cluster Registration Screen

1) Click the "+ Register In-Use Cluster" button located in the upper right corner of the [Infrastructure] - [Clusters] tab.

1.2 Choose Cluster Provider and Type

1) Set the provider attribute in the Cluster Configuration form to 'Datacenter.'

2) Choose the type attribute as 'MANAGED.'

3) Choose the region as the one where the cluster was created (Example: Korea).

Provider and type fields are mandatory.

1.3 Cluster Registration

Item (* is required)

Content

Cluster Name*

The name of the cluster to be managed in Cocktail Cloud

Kubernetes Version*

Enter the Kubernetes version of the created cluster

ID*

ID for management in Cocktail Cloud - IDs can only contain lowercase letters, numbers, and three special characters (- . _). (e.g., eks-acornsoft-demo-cluster) - IDs cannot be duplicates of IDs already registered for other clusters.

Description

Description of the cluster to be registered

Master address*

Enter the IP address displayed after running the command $ sudo cat /etc/kubernetes/acloud-client.conf | grep server

Node Port Host Address*

Enter the Public IP of Kubernetes

Node Port Range*

Input the port range 30000-32767, which is available in Kubernetes

Cluster CA Certification*

Enter the portion after "certificate-authority-data:" displayed when running the command $ sudo cat /etc/kubernetes/acloud-client.conf | grep certificate-authority-data

Client Certificate Data*

Enter the portion after "client-certificate-data:" displayed when running the command $ sudo cat /etc/kubernetes/acloud-client.conf | grep client-certificate-data

Client Key Data*

Enter the value displayed after running the command $ sudo cat /etc/kubernetes/acloud-client.conf | grep client-key-data

1) Click the "Save" button in the menu bar to initiate the cluster registration.

2) After registration is complete, the cluster list will be displayed, allowing you to verify the recently registered cluster.

Managing Cloud Provider

This section introduces the process of configuring users and permissions to provision resources from the cloud provider. Currently, only AWS is supported, and it is noted that additional cloud providers may be added in the future.

AWS

To set up AWS IAM users and permissions for provisioning AWS resources, along with creating roles using custom trust policies that IAM users can assume to access resources, follow these steps

User Creation

2) Click the "Create user" button in the top right corner of the IAM menu.

3) Enter the username.

5) Verify that the user has been created successfully.

6) Copy the ARN (Amazon Resource Name) of the created user.

2) Policy Creation

1) In the IAM menu, navigate to [Access management] - [Policies] and click the "Create policy" button.

2) Click on JSON in the policy editor and edit the policy as needed.

3) Set a name for the policy and click "Create policy."

3) Role Creation

1) In the IAM menu, go to [Access management] - [Roles] and click the "Create role" button.

2) Choose "Trusted entity type" as "Custom trust policy," click "Add" in the "Add trusted entities" section.

3) Add [Principal Entity Types] - [IAM users] & [AWS services].

IAM users : ARN (Amazon Resource Name) of the created user

AWS services: Name of the service you intend to use (e.g., eks)

4) Add the necessary permissions

AmazonEBSCSIDriverPolicy

AmazonEC2FullAccess

AmazonVPCFullAccess

IAMFullAccess

EKSFullPolicy

5) Set a name for the role and click "Create role."

6) Verify the created role.

4) Get Access Key and Secret Access Key

2) Click "Next" under the "Select" section, choose "Other," and click "Next."

3) Enter a description tag for the access key and click "Create access key."

4) Confirm the generated access key and secret access key.

5) Save the generated access key for later use.

Creating a User

As mentioned earlier, we explained the process of "Cluster Registration." You have successfully created a cluster and registered cluster information on the Cocktail Cloud platform, completing the infrastructure preparation. Now, let's create a user who can access the Cocktail Cloud platform.

1. Navigate to the user creation screen

1) Click the "+ Create" button in the upper right corner on the [Settings] - [User] tab.

2. Enter User Information

1) Enter the user creation information below, and click the "Save" button to create the user.

Items (* indicates required)

Content

Name*

Enter the user's name

ID*

Enter the User ID

Role*

Select the permissions to assign to the user

Selectable between "Admin" and "User," refer to the "Security" tab

Department

Enter the user's department

Description

Enter a brief description for the account

Password*

Enter the user's password

Confirm Password*

Enter the user's password

3. Confirming User Creation

1) Verify the newly created user in the user list screen.

4. Next Steps

Create Service Map

We have previously created a user who can log in to the platform. Now, let's create a service map to register in the workspace.

1. Move to the Service Map Creation Screen

1) Click the "+ Create" button in the upper right corner on the [Application] - [Service Map] tab.

2. Enter Service Map Creation Information

Item (* is required)

Content

Cluster*

Select the cluster to register the service map

Namespace* (Choose one)

Choose whether to create the service map in a new namespace or utilize an existing namespace

Service Map Name*

Enter the name for the service map you want to create, typically using the same name as the namespace

Namespace*

If selecting a new namespace, you can enter the "Namespace" field

If choosing an existing namespace, select from the list of namespaces currently created in the cluster

Network Policy*

Choose whether to allow or block Ingress/Egress traffic. The recommended setting is to select "Allow All Ingress/Egress Traffic"

Resource Allocation Usage

If checked, it limits the resource usage of the respective service map

Use Container Limit Range Configuration

If checked, it restricts the resource usage of containers deployed in the service map

Use Pod Limit Range Configuration

If checked, it limits the resource usage of pods deployed in the service map

Use Storage Limit Range Configuration

If checked, it limits the resource usage of volumes requested by the service map

After filling out all the details, select the "Save" button to create the service map.

3. Confirming Service Map Creation

1) Verify the newly created service map in the service map list screen.

4. Next Steps

Create Registry

We have previously created a service map. Now, let's create a registry to register in the workspace.

1. Move to the Registry Creation Screen

1) Click the "+ Create" button in the upper right corner on the [Build Configuration] - [Container Registry] tab.

2. Enter Registry Creation Information

1) Enter the name of the registry to be created in the "Registry Name" field.

2) Input a description for the registry in the "Description" field.

3) Click the "Save" button in the upper right corner.

3. Registry Creation Confirmation

1) Verify the newly created registry in the registry list screen.

4. Next Steps

External Registry Registration

By default, Cocktail Cloud provides Harbor (Registry) when configuring the platform. Additionally, it supports integration with external registries. You can register externally created registries in Cocktail, enabling image builds and deployments.

Setting Up AWS ECR

Amazon Elastic Container Registry (Amazon ECR) is a fully managed container registry that provides highly available and secure hosting for container images and artifacts. It allows you to deploy your applications reliably anywhere.

1. Navigate to the External Registry Creation Screen

1) Move to [Build Configuration] - [External Container Registry].

2) Click the "+ Register" button in the upper right corner and select the provider you want to create.

2. Enter Registry Registration Information

1) Click the "+ Register" button, and then select "AWS ECR"

2) After entering the AWS authentication information in the basic details, click the "Test Connection" button.

Item (* is required)

Content

Name*

Enter the name for the external container registry you want to register

Description

Enter the description for the external container registry you want to register

Endpoint URL*

Endpoint Address of the External Container Registry

Region*

Region of the Registered Registry

Registry*

Name of the Registered Registry

Access ID*

Access Key

Access Secret*

Secret Access Key

Enter the name of the registry to be created in the registry.
Enter a description for the registry in the description.
Enter the EndPoint URL in the correct format.
Select the region of the registered registry.
Enter the name of the registered registry.
Enter Access ID and Access Secret.
Click "Test Connection" in the upper right corner to verify if the registry is available.
Click the "Save" button in the upper right corner.

Access ID & Access Secret Verification Method

1) Access the AWS Console to retrieve the necessary information.

3) Click "Other" among the next buttons and click "Next."

4) Enter a description tag for the access key to be created and click the "Create access key" button.

5) Confirm the generated access key and secret access key values.

Creating a Registry

You can create both private and public repositories.

(Note: This guide is written based on the private repository in the 'us-east-1' region, and the process is the same for public repositories.)

1) Click the "Create Repository" button in the upper right corner.

2) Enter the repository name to create the repository.

(In Cocktails, builds are done with "Registry Address/Image Name" so please make sure to create the registry as "Registry Name/Image Name")

EndPoint URL & registry Verification Method

1) Retrieve the necessary information from the list of created repositories in Cocktails.

EndPoint URL : The table below provides the necessary information

Private Registry Permission Example

1) Click on "Settings" in [Amazon Elastic Container Registry] for the [Private registry].

2) Click the "Generate Policy" button in the upper right corner of [Settings] - [Permissions].

3) lick "JSON" in the upper right corner, add the following items, and click "Save Policy" to save.

Sid: Permission Name

Principal: Specify one or more AWS account IDs to grant permission. Specify more than one account using a comma-separated list.

Action : “ecr:*”

Setting Up Azure ACR

Azure Container Registry(ACR) is a container image storage and management service provided by Azure. ACR offers various features necessary for storing and deploying Docker images.

1. Move to the external registry creation screen

1) Navigate to [Build Configuration] - [External Container Registries].

2) Click the "+ Register" button in the upper right corner to select the provider to create.

2. Enter Registry Registration Information

1) Click the "+ Register" button and select "Azure ACR."

2) After registering Azure ACR authentication information in the basic information, click the "Test Connection" button.

Item (* is required)

Content

Name*

Enter the name of the external container registry to be registered

Describe

Enter a description for the external container registry

Endpoint URL*

Enter the login server information

Registry*

Enter the name of the already registered registry

Client ID

username

Client Secret*

password

Enter the name of the registry to be created in the registry.
Enter a description for the registry in the description.
Enter the EndPoint URL in the correct format.
Select the region of the registered registry.
Enter the Client ID and Client Secret.
Click "Test Connection" in the upper right corner to verify if the registry is available.
Click the "Save" button in the upper right corner.

How to Create Azure Container and Verify Authentication Information

1) Access the Azure Portal to retrieve the necessary information.

2) Click on "Management Groups" to efficiently manage access, policies, and compliance for subscriptions.(All services - Management and governance - Management groups)

2-1) Click the "Create" button to go to the creation screen.

2-2) Create a management group to be used internally.

3) Click on "Subscriptions" to create a set that encompasses all resources.

3-1) Click the "Add" button to go to the creation screen.

4) Click on "Resource Groups," a logical container for managing resources grouped together. (All services - Management and governance - Resource Group)

4-1) Click the "Create" button to go to the creation screen.

4-2) [Create Resource Group] - Choose a resource group name and region, then create.

5) Click on "Resources" to create resources that can be used for Azure services.

5-1) In the marketplace, search for "registry" and click on "Container Registry."

5-2) Click the "Create" button.

5-3) Register with subscription, resource group, registry name, and location (region).

6) Click on the created resource and click on "Access Keys."

Registry: Registry Name

EndPoint URL: Login Server

Client ID: User Name

Client Secret : Password

Setting Up Docker Hub

Docker Hub is a container registry built to enable developers and open-source contributors to discover, use, and share container images.

1. Move to the external registry creation screen

1) Navigate to [Build Configuration] - [External Container Registries].

2) Click the "+ Register" button in the upper right corner to select the provider for creation.

2. Enter Registry Registration Information

1) Click the "+ Register" button and select "Docker Hub"

2) After registering Docker Hub authentication information in the basic information, click the "Test Connection" button.

Item (* is required)

Content

Name*

Enter the name of the external container registry to be registered

Describe

Enter a description for the external container registry.

Endpoint URL*

Namespace*

Enter the registered registry namespace

Access ID*

Access Key

Access Secret*

Access Secret

Enter the name of the registry to be created in the registry.
Enter a description for the registry in the description.
Enter the EndPoint URL in the correct format.
Enter the name of the registered registry.
Enter Access ID and Access Secret.
Click "Test Connection" in the upper right corner to verify if the registry is available.
Click the "Save" button in the upper right corner.

To confirm the namespace

1) Log in to Docker Hub and click on "Repositories" at the top.

2) Click on "Create repository" in the upper right corner.

3) Create a namespace and the image to be generated.

Since Docker Hub creates both the repository and image name simultaneously, the image name in the Build/Pipeline > Build section should match the Docker Hub Repository Name for image build generation.

To verify Access ID & Access Secret

1) Click on the profile in the upper right corner and select "My Account."

2) Confirm the Access ID

Access ID : User's nickname or email address

3) Click on the "Security" tab on the right, then click on "New Access Token" in the upper right.

4) Enter a description for the token and copy the Access Token upon issuance.

Access Token : Copy Access Token

Setting Up Docker Registry

Docker Registry based on Docker Hub for Private use.

1. Move to the external registry creation screen

1) Navigate to [Build Configuration] - [External Container Registries].

2) Click the "+ Register" button in the upper right corner to select the provider for creation.

2. Enter Registry Registration Information

1) Click the "+ Register" button and select "Docker Registry"

2) After registering Docker Registry authentication information in the basic information, click the "Test Connection" button.

Item (* is required)

Content

Name*

Enter the name of the external container registry to be registered

Describe

Enter a description for the external container registry

Endpoint URL*

External Container Registry Endpoint Address

Registry*

Enter the name of the already registered registry

Access ID*

Docker Login ID

Access Secret*

Docker Login Token

Enter the name of the registry to be created in the registry.
Enter a description for the registry in the description.
Enter the EndPoint URL in the correct format.
Enter the name of the registered registry.
Enter Access ID and Access Secret.
Click "Test Connection" in the upper right corner to verify if the registry is available.
Click the "Save" button in the upper right corner.

Access ID & Access Secret Verification Method

1) Click on the profile in the upper right corner and select "My Account."

2) Confirm the Access ID

Access ID : User's nickname or email address

3) Click on the "Security" tab on the right, then click on "New Access Token" in the upper right.

4) Enter a description for the token and copy the Access Token upon issuance.

Access Token : Copy Access Token

Setting Up Harbor

Harbor is a container registry used in addition to the one registered through "Registry Creation" used in the internal cluster.

1. Move to the external registry creation screen

1) Navigate to [Build Configuration] - [External Container Registries].

2) Click the "+ Register" button in the upper right corner to select the provider to create.

2. Enter Registry Registration Information

1) Click the "+ Register" button and select "Harbor"

2) After registering Harbor authentication information in the basic information, click the "Test Connection" button.

Item (* is required)

Content

Name*

Enter the name of the external container registry to be registered

Describe

Enter a description for the external container registry

Endpoint URL*

Enter the Endpoint Address of the external container registry

Registry*

Enter the name of the already registered registry

Access ID*

Harbor Login ID

Access Secret*

Harbor Login Password

Ca Certificate

Enter the private certificate information

Insecure

Specify whether it's insecure

Enter the name for the registry to be created in the registry.
Enter a description for the registry.
Enter the EndPoint URL.
Enter the registry name.
Enter Access ID and Access Secret.
If CA Certificate exists, enter it (optional).
Check the option for using Insecure (optional).
Click "Test Connection" in the upper right corner to verify if the registry is available.
Click the "Save" button in the upper right corner.

Cluster Backup and Restore

Log Service

CI/CD

application

Platform Management

API Management

Certificate Management

Application Deployment

1. Workload Group Creation

Create a workload group on the Workload tab of the Service Map.

1) Click on [Application] - [Service Map] tab, select the service map where you want to create the workload, and navigate to the Workload.

2) Click the expand menu (three dots) next to the workload group name.

3) Choose the desired direction for adding a group from the additional items (e.g., Add Group to the Right).

4) A text input form for the name of the workload group will appear. Enter the name of the workload group and press Enter.

The workload group name is a mandatory field.

5) Confirm that the workload group has been added.

2. Workload Creation

Create workloads such as Deployment, Stateful Set, Daemon Set, Job, Cron Job, etc. Although the types of workloads may differ, the process of entering container information is fundamentally the same.

1) Click on [Application] - [Service Map] tab, select the service map where you want to create the workload, go to Workloads, and click the "+ Create" button.

2) Choose the type of workload you want to create.

2.1 Enter Basic Workload Information

1) Enter basic information for the workload (type, name, group, description, labels, annotations), deployment and management policies (tolerations, deployment policies, autoscaling, update policies), container information (init containers, containers), and storage information (volumes, volume mounts). Click the "Save" button.

Not all information needs to be entered. You must set the name, group, description, and at least one container information. Other information can be entered as needed.

Item (* is required)

Content

Type

It is displayed according to the type selected when creating the workload

Name*

Enter the name for the workload to be created

Group*

Choose one from the existing workload group names

Description*

Write a description for the workload

Label

Specify key/value pairs for identification using this information

Annotation

There are no specific features, but this is used as additional explanation

Node Affinity

Check the labels of nodes and configure deployment only on nodes with the specified label

Toleration

Set rules to allow pod placement on nodes with taints

Deployment policy

Configure overall policies for pod deployment regarding replicas, hosts, startup/shutdown times, permissions, etc

Auto Scaling

Set the system to automatically adjust (scale) based on resource considerations

RollingUpdate Strategy

Define policies needed for pod updates

Image Pull Secret

Automatically register Harbor login information to access and retrieve container images from Harbor

2.1.1 Register Image Pull Secret with Workload

1) Select the workload where you want to register the secret, then click on the icon next to "image pull secret"

2) Choose the secret to register, click "+ Add", and then click "Save"

2.2 Enter Container Information

1) Container Basic Information

Enter container name, image information, and resource requests and limits for CPU/Memory/GPU. Container name and image information are mandatory. If CPU/Memory resource requests and limits are not entered separately, the default values displayed in gray on the input screen will be set.

Item (* is required)

Content

Name*

Enter the container name to be created, using only lowercase letters, numbers, and the hyphen (-) for special characters

Image*

Provide image information for creating the pod

CPU *

Set the amount requested and the limit amount to configure the necessary CPU (amount requested) during pod startup and the maximum CPU that can be allocated (limit amount) The default is 100

Memory*

Set the Amount Requested for memory and the Limit Amount for the maximum memory allocation during pod startup

GPU resources

If the pod uses GPU, specify the Limit Amount and Amount Requested for GPU

2) Container Commands

Container commands are not mandatory but can be used if necessary.

Enter the commands and arguments to be executed in the container.

Command and arguments can be optionally added with the [+ Add] button.
If unnecessary, use the [ - ] button to the right of the text field to delete.

Item

Content

Command

Enter the command values to be executed when the pod starts

Arguments

Provide arguments for the command to be executed when the pod starts

3) Container Environment Variables

Container environment variables are not mandatory but can be used if necessary.

Set various configuration information to be used in the container. Configuration information includes environment variables, config maps, secrets, and field references for workload metadata. Config maps and secrets to be used in the container must be pre-created on a separate configuration information screen.

Item (* is required)

Content

Direct input (KEY)*

Enter the "key" directly for the environment variable to be registered when setting up pod environment variables

Direct input (VALUE)*

Input the "value" directly for the environment variable to be registered when setting up pod environment variables

Config map Value (KEY)*

Enter the name of the ConfigMap value to be registered in the environment variables

Config map Value(VALUE)*

Select the name of the previously configured ConfigMap

Secret Value (KEY)*

Enter the name of the Secret value to be registered in the environment variables

Secret Value(VALUE)*

Select the name of the previously configured Secret

Field Ref(KEY)

Enter the key that references the field value of the pod

Field Ref(VALUE)*

Input the value that references the field value of the pod

Resource Field Ref(KEY)

Enter the key that references the resource field value of the pod

Resource Field Ref(VALUE)*

Input the value that references the resource field value of the pod

4) Security Settings

Security settings are not mandatory but can be used if necessary.

Set user and permissions for the container or Linux capabilities.

Item (* is required)

Content

Run as Non ROOT

If the container is not going to run as the root user but as a regular user, it is necessary

Run as User

Input the user to be used when the container is running

Run as Group

Input the group to which the container will belong

Run Privilleged Mode

It is necessary if the container needs to interact directly with the host system's kernel

Allow Privillege Escalation

Decide whether to allow privilege escalation

Read Only Root filesystem

Set whether the container's root file system should be read-only

seLinuxOptions(level)

Set the level used in SELinux security policy

seLinuxOptions(role)

Set the role used in SELinux security policy

seLinuxOptions(type)

Set the type used in SELinux security policy

seLinuxOptions(user)

Set the user used in SELinux security policy

Linux Capabilities(add)

Add additional Linux kernel features

Linux Capabilities(drop)

Remove specific Linux kernel features

5) Health Check

Health check settings are not mandatory but can be used if necessary.

Set Liveness Probe and Readiness Probe for the container.

You can choose the probe type on the Liveness Probe tab and Readiness Probe tab.
- EXEC: Execute a specified command inside the container and check the exit code.
- TCP SOCKET: Attempt to establish a TCP socket connection to a specific host and port and check success.
- HTTP GET: Send a GET request to the specified HTTP endpoint and check success.

6) LifeCycle Hook

LifeCycle Hook settings are not mandatory but can be used if necessary.

Enter PostStart and PreStop lifecycle hooks.

You can choose the hook type on the PostStart tab and PreStop tab.
- EXEC: Register a command to be executed internally in the container before it starts (PostStart) or before it terminates (PreStop).
- HTTP GET: Register an HTTP GET request to a specified HTTP endpoint after the container has started to ensure it is ready to serve or check before termination.

7) Container Ports

Enter container port information.

The Container Port field is a mandatory input.
The Protocol field allows you to choose TCP, UDP, or SCTP.

Item (* is required)

Content

Container Port*

Enter the port number for the container port to be created

Protocol (Choose one)

Specify a specific communication protocol used for network communication

name

Enter the name of the container port to be created

Host IP

Input the IP address of the host machine

Host Port

Specify the port number on the host machine that connects to the corresponding container port

2.3 Enter Init Container Information

1) The input items for init container information are the same as for regular containers. (Only the execution order is different.)

2) An init container is a one-time-use container that runs before the main application container starts within a pod. Init containers are used to perform specific tasks before the application container starts and to pass the results to the application container through a shared volume.

2.4 Enter Deployment, Autoscaling, and Update Policies

The deployment, autoscaling, and update policy input sections are located below the basic workload creation information input section. The order of input does not matter, and you only need to set the information as needed.

1) Toleration Settings

Item (* is required)

Content

Effect (Choose one)

You can set rules for placing Pods on nodes, with three options: NoSchedule, PreferNoSchedule, and NoExecute

Key*

Write the Key value for Toleration

Operator (Choose one)

Choose between Exists and Equal. Equal checks if both the key and value effect match, while Exists ignores any taint

Value*

Write the Value for Toleration. If you choose the Equal option for Operator, it becomes active

Toleration Seconds

When a Pod is scheduled on a specific node, this represents the maximum time the Pod is temporarily allowed on that node, even if the node has a specific Taint. This is activated when you choose the NoExecute option for Effect

2) Deployment Policy Settings

The Replicas field is a mandatory input. Enter the number of instances to replicate as a positive integer.

Item (* is required)

Content

Number of copies

Write the number of instances to replicate

Host Name

Write the hostname

Grace period (seconds) on exit

Used to set the time to wait before a container or pod is terminated

Waiting time after preparation(seconds)

Time to wait after the task is completed before executing additional actions

Node Label KEY

The Key value of the label that the node has when deploying instances to a specified node

Node label value

The value of the label that the node has when deploying instances to a specified node

Access authority (RBAC services Account)

Service account used to manage access permissions for resources

3) Autoscaling Settings

If using CPU and Memory types, the HPA name field is activated and is a mandatory input.

Item (* is required)

Content

CPU Type

If you check the box on the right, choose between Utilization and AverageValu - Utilization : The percentage of CPU used to process tasks - AverageValue : Average CPU usage

CPU Utilization(%)

If you select CPU type as Utilization, it becomes active

CPU Average Usage Value(mCore)

If you select CPU type as AverageValue, it becomes active (minimum value must be greater than or equal to 1)

Memory Type

If you check the box on the right, choose between Utilization and AverageValue. - Utilization : The percentage of memory used to process tasks - AverageValue : Average memory usage

Memory Utilization(%)

If you select Memory type as Utilization, it becomes active

memory average usage value(MB)

If you select Memory type as AverageValue, it becomes active (minimum value must be greater than or equal to 1)

HPA name

Set the HPA configuration name

Max Replicas, Min Replicas

Write the maximum and minimum number of instances to be maintained

Scale Use

Either CPU type or Memory type must be used for activation - Scale Down : Choose between Disabled, Max, and Min - Scale Up: Choose between Disabled, Max, and Min

4) Update Policies

Item (* is required)

Content

RollingUpdate Strategy

Choose one between Rolling Update and Recreate

Percentage of Interruption to Replication

It becomes active when Rolling Update is selected

Choose one between Percentage and InstanceCount

Expansion ratio vs. number of copies

It becomes active when Rolling Update is selected Choose one between Percentage and InstanceCount

3. Modify Workload

3.1 Detailed Inquiry of Workload Settings

To update the settings for a configured workload, access the configuration screen for that workload. Here, we'll use the example of modifying the container image. The process remains the same for other configuration changes; save the modified settings and restart the workload.

3.2 Change Workload Settings (in the case of modifying the container image)

1) Click on the "Settings" tab after selecting the workload to be changed.

2) Single-click on the container name, modify the image name, and apply the changes.

3) After completing the modifications, click "Save and Start."

3.3 Check the Application of the Modified Settings

Monitor the situation where the container restarts with the updated image settings on the detailed workload monitoring screen.

4. Stop/Restart/Delete Workload

To stop, restart, or delete a specific workload, access the detailed deployment information screen for that workload.

4.1 Stop/Restart Workload

Click the "Actions" button at the top right of the detailed deployment information screen for the running workload. A selection box will appear, allowing you to choose to stop or restart the workload. Select either "Stop" or "Restart" based on your needs.

4.2 Delete Workload

Before deleting a running workload, you must first stop the workload. Click the "Actions" button at the top right of the detailed deployment information screen for the stopped workload. A selection box will appear, allowing you to start or delete the workload. Choose "Delete," and the workload will be deleted.

1) Click "Actions," choose "Stop" to halt the running workload.

2) After stopping the workload, click "Actions" for the stopped workload, choose "Delete" to remove the workload.

5. Workload Group Management

5.1 Change Workload Group Display

When accessing the workload query menu in the service map, workloads are sorted and displayed based on workload groups. The display method of workload group names or arrangements can be changed as follows.

Change Group Name
Change Column Count
Move Left
Move Right
Add Group on the Left
Add Group on the Right

To perform these actions, click on the "expand menu (three dots)" displayed to the right of the workload group name.

5.2 Delete Workload Group

To delete a workload group, there should be no workloads within that group. If there were existing workloads in the group, they must be deleted first.

To delete a workload group, click the "expand menu (three dots)" displayed to the right of the workload group name. You will see "Delete Group" is activated and displayed in the popup. Select this option.

Manual - EN

What is Cocktail Cloud?

Apply for Service

Using Cocktail Cloud

overview

Kubernetes and Cocktail Cloud

Reducing Efforts in Kubernetes Adoption and Operation

Multi-Cluster Deployment

Multi-Tenancy

Unified Management/Monitoring

Automation, DevOps

Security

Understanding Concepts

Platform

Integrated Platform Management Features

Integrated Monitoring

Platform Configuration

Workspace

Cluster Resource Allocation

Image Registry Allocation and Sharing

Cluster

Kubernetes

Node

Container Network

Ingress Controller

Storage

Addon

Service Map

Pod(Containers)

Workloads

Workload Groups

Deployment Workloads

StatefulSet Workloads

DaemonSet Workloads

Job Workloads

CronJob Workloads

Service Exposure

Exposing Service with Cluster IP

Exposing Service with Node Port

Exposing Service with Load Balancer

Ingress

Persistence Volumes

Configuration Information (ConfigMap/Secret)

Image Update

Catalog

Image Build

Image Registry

Build

Build Flow

Security

Cluster Authentication and Authorization

Audit Logs

Pod (Container) Security Policies

Image Inspection

Monitoring

Cluster Monitoring

Application (Container) Monitoring

Notifications and Events

Logs

Catalog

Getting Started

Cluster Creation

AWS (EKS)

1. Create a Cloud Provider

2. Create an EKS Cluster

3. Add AWS Node Group

4. Add Amazon EBS CSI Driver

5. Add Cluster Autoscaler

NCP (NKS)

Coming Soon

Azure (AKS)

Coming Soon

GCP (GKE)

Coming Soon

ETC (Datacenter)

Coming Soon

Cluster Registration

AWS (EKS)

1. EKS Cluster Registration

1.1 Move to the Cluster Registration screen