To facilitate secure DevOps on private clusters, Ozone provides a secure tunnel for communications between the private cluster and Ozone agents, without being exposed externally and with no hassles over working with firewalls.

It leverages Open Ziti as a provider for a private tunnel which helps establish a secure channel to enable managing deployments to private clusters.

In order to attach a private cluster, head over to the cluster view screen from the resources menu.

Enter the name of the cluster, the environment to which the cluster maps to, and the features that need to be enabled for this cluster:

In the next screen, select the cluster type. Currently, Ozone supports the following cluster types: AKS, GKE, Openshift, TKG, EKS, PKS, and a generic K8s cluster for local instances. Select “Yes” to ensure the setup is for a private cluster.

Once you confirm that it is a private cluster, you will see another pop-up window where you are required to enter the name of the provider and an IP address, as part of configuring a new edge router provider. Ozone uses Netfoundry’s Open Ziti to create the private tunnel.

Once you hit “Submit”, a shell file is downloaded onto your system. Copy the command and run it in your VM to install Ziti.

Download the tunnel config json file once Ziti has finished installing, come back to Ozone, and close the pop-up shown above. You will need to setup the private cluster by adding a public and task registry prefix, selecting the edge router, and finally uploading the tunnel config file:

Clicking on “Download File” will give you the YAML that you will need to run on your cluster along with a kubectl command to install Ozone agents. After successful installation, you can find your new private cluster attached in the cluster view screen.