Hi everyone!  In a previous post I’ve described how to enable the Kasten K10 Multi-Cluster Manager using the Helm.  In this post, with the release of Kasten v7, I’ll describe the process of enabling the Multi-Cluster Manager using the Kasten UI, which as you will see, it’s quite easy!!!


According to Kasten documentation: In a multi-cluster setup, one cluster is designated as primary, while all others are designated as secondaries.

  • Primary: The cluster from which the K10 Multi-Cluster Manager will be accessed is designated as primary.  The primary cluster defines policies and other configuration centrally. Centrally defined policies and configuration can then be distributed to designated clusters to be enacted.  This provides a single pane of glass through which all clusters in the system are managed.
  • Secondary: The secondary clusters receive policies and other configuration from the primary cluster. Once policies are distributed to a secondary, the local K10 installation enacts the policy. This ensures that the policy will continue to be enforced, even if disconnected from the primary.


In this blog I’ll be joining 2 Google GKE clusters to the Multi-Cluster Manager.

NOTE: In v7 of Kasten K10, the k10multicluster tool has been deprecated.



So, what do we need to enable Multi-Cluster Manager?  Very simple:

  • We need 1 Kubernetes cluster with Kasten already installed, which we will set as the Primery cluster in the Multi-Cluster Manager.
  • 1 or more Kubernetes clusters with Kasten already installed, which we will set as Secondary clusters in the Multi-Cluster Manager.
  • The Kasten’s ingress (it could be via Ingress, Load Balancer or an OpenShit Route) in the Primary Cluster must be accessible by all Secondary clusters.
  • Secondary Dashboard Access via Multi-Cluster Dashboard (Optional)
    • Secondary Cluster’s API Server must be accessible by the primary cluster.
    • Secondary Cluster’s K10’s ingress must be accessible by the primary cluster.



Enabling the Multi-Cluster Manager in the Primary Cluster

Remember, the Primary cluster  is the cluster used to connect the the K10 Multi-Cluster Manager  dashboard.  To enable the Multi-Cluster Manager in the Primary Cluster, we need to connect to the Kasten UI for this Primary Cluster, and click in the Multi-Cluster section of the main menu.

In the Multi-Cluster page, click in Promote to Primary

In the Promote to Primary Page, provide the following information:

  • Primary Name: This is basically an alias for the Primary Cluster in the Multi-Cluster Manager
  • Primary Ingress: This one provides the Ingress URL for the Kasten instance installed in the Primary Cluster, and it’s auto-filled by default.
    • The required format for the URL is   <URL of cluster>/<helm release name> (e.g., https://kastengkemc1.vlatam.net/k10/)

Confirm the Multi-Cluster primary promotiuon when asked:


Once this process is completed, which usually takes just a couple of seconds, you will see that the Multi-Cluster Manager is already enabled, with just one cluster for now, the Primary Cluster:


Adding a Secondary Cluster to the Multi-Cluster Manager

Once the Primary Cluster is already configured to use the Multi-Cluster Manager, we can add Secondary Clusters.  In order to do this, we need to complete the following steps:

Create a Join Token in the Primary Cluster

In order to add a Secondary Cluster to the Multi-Cluster Manager, first you need to create a join token in the Primary Cluster.  This join token will be used by the Secondary Cluster to connect with the Primary Cluster.  The join token secret can be created in the Kasten UI using the Multi-Cluster Manager Dashboard and cliking in Join Tokens:

Click in Create New Join Token and then provide a name for the token:

Click in Confirm and you will get the Join Token.  Click in Copy to copy the Token, which will be used later to join the Secondary Clusters.

This will create a secret with a the name specified previously for the token, as we can see in the following image:



Joining the Secondary Cluster to the Multi-Cluster Primary Cluster

The next step will be joining the Secondary to the Primary Cluster by using the Token created previously.  Connect to the Kasten UI in the Secondary Cluster and go to the Multi-Cluster page, then click in Join to join this cluster to the Multi-Cluster System.

In the Join a Multi-Cluster System page, provide the following information:

  • Token: Paste the token created and copied before.
  • Primary Ingress: Leave the default, or click in Override Primary Ingress if you need to provide a different URL to connect with the Primary Cluster’s Kasten instance.
  • Local Cluster Name: Provide an alias for the Secondary Cluster, which will be used to identify this cluster in the Multi-Manager Cluster dashboard.  If you don’t provide any, a random name will be generated.
  • Local Cluster Ingress:  Optional if you want to enable access to this cluster from Multi-Cluster Manager Dashboard.  You can provide the Secondary Cluster’s Kasten URL manually, or just click in “Use Current” to provide it automatically.

Then click in Join Multi-Cluster to complete the joining process.

In the pop-up message, click Yes, Join to confirm tje Joining to the Multi-Cluster.

After a few seconds you will see the following summary page for Multi-Cluster in the Secondary Cluster, which confirms the joining process has been completed successfully.

And of course, you can now see the  secondary cluster added to the Multi-Cluster Manager.   Here you will see the Secondary Cluster with a message highlighting than you don’t have permissions to manage the Secondary Cluster from the dashboard.   Click in Grant Permissions to grant the proper privileges.

The Multi-Cluster Manager dashboard will pre-fill the Form to provide access to Secondary Cluster with the current user.  Make the changes you need, or just click save to grant the proper privileges.

The Cluster Role Binding will be created as you can see in the following image:

Now you access both clusters (Primary and Secondary) from Multi-Cluster Manager dashboard.

As you can see, this process is way more easy than before, as you don’t need to use the CLI to create any component or for any action during the Multi-Cluster configuration.