After your cluster is bootstrapped, this guide covers verification, accessing services, and initial configuration. These steps are the same for all providers.
export KUBECONFIG=./outputs/kubeconfigs/main.yaml
# Verify cluster info
kubectl cluster-info
# Check all nodes are ready
kubectl get nodes
# Check all system pods are running
kubectl get pods -AAll nodes should show Ready status and all pods should be Running or Completed.
KubeAid deploys several web interfaces for managing and monitoring your cluster.
ArgoCD provides GitOps-based application management.
# Get ArgoCD URL
kubectl get ingress -n argocd
# Get admin password (if not set in secrets.yaml)
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -dDefault credentials:
- Username:
admin - Password: Set in your
secrets.yamlor retrieve from the secret above
Grafana provides monitoring dashboards powered by Prometheus.
# Get Grafana URL
kubectl get ingress -n monitoring
# Get admin password
kubectl -n monitoring get secret kube-prometheus-stack-grafana -o jsonpath="{.data.admin-password}" | base64 -dAccess Prometheus directly for metrics and alerting configuration:
kubectl get ingress -n monitoringkubectl get applications -n argocdAll applications should show Healthy and Synced status.
kubectl -n kube-system get pods -l k8s-app=cilium
kubectl -n kube-system exec -it ds/cilium -- cilium statuskubectl get pods -n kube-system -l name=sealed-secrets-controllerIf you're using custom domains for your cluster services, configure DNS records to point to your ingress load balancer:
# Get the external IP/hostname of your ingress
kubectl get svc -n ingress-nginxCreate DNS records (A or CNAME) for:
argocd.your-domain.comgrafana.your-domain.comprometheus.your-domain.com
KubeAid uses Sealed Secrets for secure secret management. Secrets are encrypted client-side and stored in Git.
# Create a regular secret
kubectl create secret generic my-secret \
--from-literal=username=myuser \
--from-literal=password=mypassword \
--dry-run=client -o yaml > my-secret.yaml
# Seal the secret
kubeseal --format yaml < my-secret.yaml > my-sealed-secret.yaml
# Apply the sealed secret
kubectl apply -f my-sealed-secret.yamlSealed secrets should be committed to your kubeaid-config repository:
k8s/<cluster-name>/sealed-secrets/<namespace>/<secret-name>.json
To receive feature and security updates for KubeAid:
Grant write access to your repositories to the GitHub user obmondo-pushupdate-user.
Pull updates manually from the upstream KubeAid repository:
cd /path/to/your/kubeaid-fork
git remote add upstream https://github.com/Obmondo/KubeAid.git
git fetch upstream
git merge upstream/main
git push origin mainStorage Limitation: HCloud storage only allows a maximum of 16 buckets (PersistentVolumes) per physical node. Monitor PV usage to avoid exhausting storage before node resources.
If using Azure Workload Identity, verify the webhook is functioning:
kubectl get pods -n azure-workload-identity-systemVerify Kube2IAM is properly configured for pod IAM credentials:
kubectl get pods -n kube-system -l app=kube2iam| Issue | Solution |
|---|---|
| Nodes not ready | Check kubelet logs: kubectl describe node <node-name> |
| Pods stuck in Pending | Check for resource constraints: kubectl describe pod <pod-name> |
| ArgoCD apps not syncing | Check ArgoCD logs: kubectl logs -n argocd deployment/argocd-application-controller |
| Network issues | Check Cilium status: kubectl -n kube-system exec -it ds/cilium -- cilium status |
- Bootstrap logs:
outputs/.log - Kubeconfig:
outputs/kubeconfigs/clusters/main.yaml - Configuration files:
outputs/configs/