Skip to main content

Getting Started Guide

Welcome to the Managed Kubernetes Cloud Temple Getting Started Guide.

The goal of this section is to guide you toward the resources needed to get started with your cluster.

Before You Begin

To interact with your cluster, the following elements are essential:

  1. The kubeconfig file: This file, provided to you by the Cloud Temple teams upon service delivery, contains all the necessary information to securely connect to your cluster.
  2. The kubectl tool: This is the standard command-line interface used to manage a Kubernetes cluster.
  3. The kubelogin tool (if OIDC is used): If your cluster is configured to authenticate via an OIDC identity provider (such as Entra ID/Azure AD), you must install the kubelogin tool to handle the authentication flow. Refer to the kubelogin installation guide.
Recommended graphical tools:

For a more visual experience and simplified resource management, we recommend using Lens. It is a powerful Kubernetes tool that allows you to explore your cluster, manage your applications, and visualize their status graphically. Some of our tutorials will use Lens to demonstrate operations. You can download it here: https://k8slens.dev/.

Access Your Managed Kubernetes Cluster

Your production cluster is identified by a 5-letter code (6 letters in Dev/Test). This code is used to construct the URLs for various interfaces. In the tutorials, we will use "ctodev".

The URLs are:

  • Kubernetes API (used in kubeconfig):

  • Public URLs:

    • k10.external-secured.identifier.mk.ms-cloud-temple.com
    • grafana.external-secured.identifier.mk.ms-cloud-temple.com
    • harbor.external-secured.identifier.mk.ms-cloud-temple.com
    • opencost.external-secured.identifier.mk.ms-cloud-temple.com
    • opencost-mcp.external-secured.identifier.mk.ms-cloud-temple.com
Secure URLs

The URLs above are accessible only from known public IPs configured in the solution's firewall. If you wish to add a public IP, you must submit a support request.

  • Internal URLs:
    • ceph.internal.identifier.mk.ms-cloud-temple.com
    • argocd.internal.identifier.mk.ms-cloud-temple.com
    • hubble.internal.identifier.mk.ms-cloud-temple.com
Internal URLs

The URLs above are not exposed to the internet. They are accessible only from within the Managed Kubernetes network.

Your Permissions

Dev/Test

For "Dev/Test" Managed Kubernetes clusters, the service account provided to you has full permissions across the entire cluster (ClusterAdmin).

On "Production" clusters, your permissions are restricted. You have an "Extended Viewer" role on cluster resources. This role grants read-only access to key resources, both at the cluster level and for troubleshooting:

  • Namespaces: Allow tenants to list namespaces for tools and dashboards.
  • Pods, Deployments, ReplicaSets, etc.: Allow tenants to list deployed resources on the cluster.
  • Nodes: Provide visibility into node capacity, taints, and labels to understand scheduler behavior.
  • StorageClasses, PVs, PVCs, VolumeAttachments, and CSIDrivers: Enable tenants to identify available storage classes and troubleshoot issues with PVC-PV binding or CSI driver errors.
  • IngressClasses: Inform users about available ingress controllers for application routing.
  • NetworkPolicies, ResourceQuotas, LimitRanges, and Events: Essential for diagnosing network restrictions, scheduling failures, or resource quota violations.

The service account assigned to you is also set as the owner of a first Capsule tenant.
You can create Namespaces, which will be attached to your Capsule tenant.
External accounts (OIDC) are members of the same Capsule tenant, allowing them to freely interact within the Namespaces associated with that tenant. (See the tutorial "Managing Permissions with Capsule")

Certain actions are not allowed:

  • Listing or creating Capsule tenants
  • Creating CRDs: If you need to deploy an application requiring CRDs (e.g., a Helm chart for an operator), you must contact support so these CRDs can be imported (via YAML extraction from the Helm chart). You can then deploy your Helm chart using the --skip-crds option. See: Helm 3 Documentation

Tutorial: Deploy Your First Application

Follow a detailed guide to connect, deploy a "Hello World" application, and expose it to the internet.

Start the tutorial →

Tutorial: Understand the Network

Explore the addressing scheme, Ingress Controllers, and how to securely expose your services.

View the networking tutorial →

Tutorial: Managing Permissions with Capsule

Learn how to use Capsule to create tenants and delegate permissions to your teams.

Discover Capsule →