Orka Cluster: Access the Cluster
How to access your Orka cluster.
Quick navigation
Jump to:
To be able to work with your Orka cluster, you need to log in.
Complete the invitation process
This section is applicable only to users who have been recently invited to join an Orka customer account.
After the account administrator invites you to the account, you need to complete the invitation process.
- In your email inbox, look for an email from MacStadium Support titled MacStadium Portal Invitation.
You might need to check your Spam folder. - Click the link to the customer portal and sign in with the temporary credentials provided in the invitation.
- When prompted, change your password.
- When prompted, fill in the Complete Registration form and click Complete Registration.
Connect to the cluster via VPN
See here.
Get your Orka API URL
What's your Orka API URL?
You can get your Orka API URL from your IP Plan:
- For clusters deployed before Orka 2.1, it's the
.100
address for yourPrivate-1
network (usually,10.221.188.100
), prefixed withhttp
. For example:http://10.221.188.100
.- For clusters deployed with Orka 2.1 or later, it's the
.20
address for yourPrivate-1
network (usually10.221.188.20
). prefixed withhttp
. For example:http://10.221.188.20
.- You can also use
https://<orka-domain>
andhttps://<custom-domain>
(if configured). To get the Orka domain for your Orka cluster, contact MacStadium. To use an external custom domain, see here.Note that you can use
http://<orka-IP>
,https://<orka-domain>
, andhttps://<custom-domain>
interchangeably in your workflows.
Log in to the Orka cluster
Orka customers log in to their cluster with their MacStadium Customer Portal credentials. Based on the role bindings configured for the respective user, they can access one or more namespaces.
Using the Orka3 CLI
If this is the first time you are logging in after installing the Orka CLI, you need to add the <ORKA_ENDPOINT>
to your CLI configuration:
orka3 config set --api-url <ORKA_ENDPOINT>
If you have already configured the endpoint, run the following command:
orka3 login
The Orka3 CLI launches a new browser window. Enter your credentials for the MacStadium Customer Portal and click Sign In. Return to the Orka3 CLI.
Using the Orka Web UI
If you are using Orka Web UI, complete the following steps:
-
In the Orka CLI, run the following command:
orka3 user get-token OR, if you have a service account, orka3 serviceaccount token <SERVICE_ACCOUNT>
-
In the browser, navigate to your
<ORKA_ENDPOINT>
and, when prompted, provide the token obtained in Step 1.
TIP
User tokens have a lifetime of 1h.
Service account tokens have a lifetime of 1 year.
If you rely mostly on the Orka Web UI, you might want to use a service account token instead of a user token.
Using the Orka3 API
If you are using the Orka API, complete the following steps:
-
In the Orka3 CLI, run the following command:
orka3 user get-token OR, if you have a service account, orka3 serviceaccount token <SERVICE_ACCOUNT>
-
In the browser, navigate to your
<ORKA_ENDPOINT>/api/v1/swagger
and click Authorize. -
In the Value text box, type
Bearer <TOKEN>
and click Authorize.
Replace<TOKEN>
with the token obtained in Step 1. -
Click Close.
TIP
User tokens have a lifetime of one hour.
Service account tokens have a lifetime of one year.
If you rely mostly on the Orka3 API, you might want to use a service account token instead of a user token.
CI/CD Integrations: Log in to the Orka cluster
Service accounts are intended for use with CI/CD integrations. They don't require username/password credentials to log in and let CI/CD integrations bypass the browser login. The tokens for service accounts also have an extended duration of one year.
-
Create a service account.
orka3 sa create <SERVICE_ACCOUNT_NAME> [--namespace <TARGET_NAMESPACE>] E.g. To create the 'sa-jenkins' service account in the 'orka-test' namespace, run: orka3 sa create sa-jenkins --namespace orka-test
curl -X 'POST' \ 'http://<ORKA_API_IP>/api/v1/namespaces/<NAMESPACE_NAME>/serviceaccounts/<SERVICE_ACCOUNT_NAME>' \ -H 'accept: application/json' \ -H 'Authorization: Bearer <TOKEN>' \ -d ''
-
Generate a token.
orka3 serviceaccount token <SERVICE_ACCOUNT>
curl -X 'POST' \ 'http://<ORKA_API_IP>/api/v1/namespaces/<TARGET_NAMESPACE>/serviceaccounts/<SERVICE_ACCOUNT_NAME>/token' \ -H 'accept: application/json' \ -H 'Authorization: Bearer <TOKEN>' \ -H 'Content-Type: application/json' \ -d '{ }'
-
Use the obtained credentials in your CI/CD integrations.
See also
Updated 10 months ago