Kubernetes Orchestrators
Orchestrators allow you to connect the administration console to your Kubernetes clusters to deploy and manage PeSIT Wizard servers.
Add an Orchestrator
Via the Interface
- Go to Orchestrators
- Click Add Orchestrator
- Fill in the connection information
- Click Create
Supported Orchestrator Types
| Type | Description |
|---|---|
K3S | K3s (Rancher) - Lightweight Kubernetes |
K8S | Standard Kubernetes |
EKS | Amazon Elastic Kubernetes Service |
GKE | Google Kubernetes Engine |
AKS | Azure Kubernetes Service |
Authentication
In-Cluster
For deployments where the admin runs in the same cluster:
yaml
k8sAuthType: IN_CLUSTERNo additional configuration required.
Bearer Token
yaml
k8sAuthType: TOKEN
k8sToken: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..."Client Certificate
yaml
k8sAuthType: CERTIFICATE
k8sClientCert: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
k8sClientKey: |
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
k8sCaCert: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----Advanced Configuration
Skip TLS Verify
For development environments with self-signed certificates:
yaml
k8sSkipTlsVerify: trueWarning
Never use in production!
MetalLB IP Range
For K3s clusters with MetalLB:
yaml
metalLbIpRange: "192.168.1.200-192.168.1.250"Test the Connection
After creating an orchestrator, test the connection:
- Select the orchestrator
- Click Test Connection
- Verify that the status changes to "Connected"
Best Practices
- One orchestrator per environment: Separate dev, staging, prod
- Use dedicated ServiceAccounts: Create a SA with minimal permissions
- Token rotation: Renew tokens regularly
- Access audit: Enable Kubernetes auditing