The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Cisco Container Platform is a turnkey, production grade, extensible platform to deploy and manage multiple Kubernetes clusters. It runs on 100% upstream
Kubernetes. Cisco Container Platform offers seamless container networking, enterprise-grade persistent storage, built-in production-grade security, integrated
logging, monitoring and load balancing.
Cisco Container Platform provides authentication and authorization, security, high availability, networking, load balancing, and operational capabilities
to effectively operate and manage Kubernetes clusters. Cisco Container Platform also provides a validated configuration of Kubernetes and can integrate with underlying infrastructure components such as
Cisco HyperFlex and Cisco ACI. The infrastructure provider for Cisco Container Platform is Hyperflex.
Using the Cisco Container Platform web interface, you can create Kubernetes clusters on which you can deploy containerized applications. The clusters are created
on the infrastructure provider platform.
The two user personas in Cisco Container Platform are as follows:
The Administrator persona, which is associated with the Administrator role.
The User persona, which is associated with the User role.
This chapter contains the following topics:
Administrator Workflow
The following table lists the workflow for Cisco Container Platform administrators.
Task
Related Section
Access the Cisco Container Platform web interface with Administrator credentials.
Ensure that you have powered on the installer VM on vCenter. The URL of the installer appears on the vCenter Web console.
Procedure
Step 1
Obtain the URL to access the Cisco Container Platform web interface from the vCenter Web console.
Step 2
Access the URL using your web browser.
https://<Cisco Container Platform IP Address>
Note
We recommend that you use the Chrome, Safari, or Firefox browser to access the URL.
Step 3
Log in to the web interface as an admin user using the passphrase given during the Cisco Container Platform installation.
Setting Up Cisco Container Platform
Note
This topic is applicable only for an ACI environment. In a non-ACI environment, the IP address range of the default VIP pool
must be expanded to include the additional VIPs for tenant clusters. For more information, see Managing Networks.
When you log in to Cisco Container Platform for the first time, you need to configure the Cisco Container Platform initial setup using the Cisco Container Platform Setup wizard.
Procedure
Step 1
On the Welcome page, click START THE SETUP.
Step 2
In the ACI Credentials screen, specify information such as IP address, username, and passphrase of the APIC instance, click CONNECT, and then click NEXT.
Step 3
In the ACI Configuration screen, perform these steps:
In the NAMESERVERS field, enter the IP address of all the DNS servers that the ACI fabric can access.
From the VMM DOMAIN drop-down list, choose the Virtual Machine Manager Domain (VMMD) that you want to use.
In the INFRASTRUCTURE VLAN ID field, enter the VLAN number for layer 2 networking.
From the VRF drop-down list, choose the Virtual Routing and Forwarding (VRF) IP address.
From the L3OUT POLICY NAME drop-down list, choose the ACI object for allowing external internet connectivity.
From the L3OUT NETWORK NAME drop-down list, choose the external network that is reachable through the L3OUT object.
From the AAEP NAME drop-down list, choose an Attachable Access Entity Profile (AAEP) name to associate the VMM domain with an AAEP.
In the STARTING SUBNET FOR PODS field, enter the starting IP address for the IP pool that is used to allocate IP addresses to the pods.
In the STARTING SUBNET FOR SERVICE field, enter the starting IP address for the IP pool that is used to allocate IP addresses to the service VLAN.
In the CONTROL PLANE CONTRACT NAME field, enter the name of the contract that is provided by the Control Plane endpoint group to allow traffic from the Control
Plane cluster to the tenant cluster.
In the NODE VLAN START ID field, enter the starting VLAN ID that is used to allocate VLAN to the node.
In the NODE VLAN END ID field, enter the ending VLAN ID that is used to allocate VLAN to the node.
In the OPFLEX MULTICAST RANGE field, enter a range for the Opflex multicast.
Click CONNECT.
Step 4
In the Summary screen, verify the configuration, and then click FINISH.
For more information on adding, modifying, or deleting an ACI profile, see Managing ACI Profile.
Configuring Cisco Smart Software Licensing
You need to configure Cisco Smart Software Licensing to easily procure, deploy, and manage licenses for your Cisco Container Platform instance. The number of licenses required depends on the number of VMs necessary for your deployment scenario.
A Cisco Container Platform instance is available for a 90-day evaluation period after which, you need to register with Cisco Smart Software Manager
(Cisco SSM). Cisco SSM enables you to manage your Cisco Smart Software Licenses from one centralized website. With Cisco SSM,
you can organize and view your licenses in groups called virtual accounts. You can also use Cisco SSM to transfer the licenses
between virtual accounts as needed.
You can access Cisco SSM from the Cisco Software Central homepage at software.cisco.com, under the Smart Licensing area.
If you do not want to manage licenses using Cisco SSM, either for policy reasons or network availability reasons, you can
choose to install Cisco SSM satellite at your premises. Cisco Container Platform registers and reports license consumption to the Cisco SSM satellite as it does to Cisco SSM.
Note
Ensure that you use Cisco SSM Satellite version 5.0 or later. For more information on installing and configuring Cisco SSM
satellite, refer to http://www.cisco.com/go/smartsatellite.
License Usage and Compliance
Once you register Cisco Container Platform with Cisco SSM, you will receive the Cisco Container Platform License with Support license.
Cisco SSM or Cisco SSM satellite totals the license requirements for all your Cisco Container Platform instances and compares the total license usage to the number of licenses purchased, on a daily basis. After the data synchronization,
your Cisco Container Platform instance displays one of the following status indicators:
Authorized, when the number of licenses purchased is sufficient
Out of Compliance, when the number of licenses is insufficient
Authorization Expired, when the product has not communicated with Cisco SSM or Cisco SSM satellite for a period of 90 days.
Workflow of Cisco Smart Software Licensing
The following table describes the workflow of Cisco Smart Software Licensing.
Task
Related Section
Generate a product instance registration token in your virtual account
You need to generate a registration token from Cisco SSM or Cisco SSM satellite to register the Cisco Container Platform instance.
Before you begin
Ensure that you have set up a Smart Account and a Virtual account on Cisco SSM or Cisco SSM satellite.
Procedure
Step 1
Log in to your Smart Account on Cisco SSM or Cisco SSM satellite.
Step 2
Navigate to the Virtual account using which you want to register the Cisco Container Platform instance.
Step 3
If you want to enable higher levels of encryption for the products registered using the registration token, check the Allow export-controlled functionality on the products registered with this token check box.
Note
This option is available only if you are compliant with the Export-Controlled functionality.
Step 4
Click New Token to generate a registration token.
Step 5
Copy and save the token for using it when you register your Cisco Container Platform instance.
By default, Cisco Container Platform directly communicates with the Cisco SSM. You can modify the mode of communication by configuring the transport settings.
Before you begin
Ensure that you have obtained the registration token for the Cisco Container Platform instance.
Procedure
Step 1
Log in to the Cisco Container Platform web interface.
Step 2
From the left pane, click Licensing.
If you are running Cisco Container Platform in the Evaluation mode, a license notification is displayed on the Smart Software Licensing pane.
Step 3
If a license notification is displayed, click the edit the Smart Call Home Transport Settings link.
Alternatively, click the Licensing Status tab, and then click the View/Edit link that appears under Transport Settings.
Step 4
In the Transport Settings dialog box, perform one of these steps:
To configure Cisco Container Platform to send the license usage information to Cisco SSM using the Internet:
Click the DIRECT radio button.
Configure a DNS on Cisco Container Platform to resolve tools.cisco.com.
This is the default setting.
To configure Cisco Container Platform to send the license usage information to Cisco SSM using the Cisco SSM satellite:
Click the TRANSPORT GATEWAY radio button.
Enter the URL of the Cisco SSM satellite.
To configure Cisco Container Platform to send the license usage information to Cisco SSM using a proxy server. For example, an off-the-shelf proxy, such as Cisco
Transport Gateway or Apache:
Click the HTTP/HTTPS PROXY radio button.
Enter the IP address and port number of the proxy server.
Step 5
Click SAVE.
Registering Cisco Container Platform License
You need to register your Cisco Container Platform instance with Cisco SSM or Cisco SSM satellite before the 90-day evaluation period expires.
Before you begin
Ensure that you have configured the transport settings.
Procedure
Step 1
Log in to the Cisco Container Platform web interface.
Step 2
From the left pane, click Licensing.
Step 3
In the license notification, click Register.
The Smart Software Licensing Product Registration dialog box appears.
Step 4
In the Product Instance Registration Token field, copy and paste the registration token that you generated using the Cisco SSM or Cisco SSM satellite.
Click REGISTER to complete the registration process.
Cisco Container Platform sends a request to Cisco SSM or Cisco SSM satellite to check the registration status and Cisco SSM or Cisco SSM satellite
reports back the status to Cisco Container Platform, on a daily basis.
If registering the token fails, you can reregister the Cisco Container Platform instance using a new token.
By default, the authorization is automatically renewed every 30 days. However, Cisco Container Platform allows a user to manually initiate the authorization renew in case the automatic renewal process fails. The authorization
expires if Cisco Container Platform is not connected to Cisco SSM or Cisco SSM satellite for 90 days and the licenses consumed by Cisco Container Platform are reclaimed and put back to the license pool.
Before you begin
Ensure that the Cisco Container Platform instance is registered with Cisco SSM or Cisco SSM satellite.
Procedure
Step 1
Log in to the Cisco Container Platform web interface.
Step 2
From the left pane, click Licensing.
Step 3
From the Actions drop-down list, choose Renew Authorization Now.
Step 4
Click OK in the Renew Authorization dialog box.
Cisco Container Platform synchronizes with Cisco SSM or Cisco SSM satellite to check the license authorization status and Cisco SSM or Cisco SSM satellite
reports back the status to Cisco Container Platform, on a daily basis.
Reregistering Cisco Container Platform License
You can reregister Cisco Container Platform with Cisco SSM or Cisco SSM satellite by deregistering it and registering it again, or by using a register force option.
Before you begin
Ensure that you have obtained a new registration token from Cisco SSM or Cisco SSM satellite.
Procedure
Step 1
Log in to the Cisco Container Platform web interface.
Step 2
From the left pane, click Licensing.
Step 3
From the Actions drop-down list, choose Reregister.
Step 4
In the Product Instance Registration Token field of the Smart Software Licensing Product Reregistration dialog box, enter the registration token that you generated using Cisco SSM or Cisco SSM satellite.
Click REGISTER to complete the registration process.
Cisco Container Platform sends a request to Cisco SSM or Cisco SSM satellite to check the registration status and Cisco SSM or Cisco SSM satellite
reports back the status to Cisco Container Platform, on a daily basis.
Deregistering Registration
You can deregister the Cisco Container Platform instance from Cisco SSM or Cisco SSM satellite to release all the licenses from the current Virtual account and the licenses
are available for use by other products in the virtual account. Deregistering disconnects Cisco Container Platform from Cisco SSM or Cisco SSM satellite.
Before you begin
Ensure that the Cisco Container Platform instance is registered with Cisco SSM or Cisco SSM satellite.
Procedure
Step 1
Log in to the Cisco Container Platform web interface.
Step 2
From the left pane, click Licensing.
Step 3
From the Actions drop-down list, choose Deregister.
Step 4
Click DEREGISTER in the confirmation dialog box.
Cisco Container Platform sends a request to Cisco SSM or Cisco SSM satellite to check the deregistration status and Cisco SSM or Cisco SSM satellite
reports back the status to Cisco Container Platform, on a daily basis.