Container Orchestration Connection Profiles
The following topics describe connection profiles for container orchestration platforms and services:
ConnectionProfile:AWS ECS
AWS Elastic Container Service (ECS) is a container management service that enables you to execute, stop, manage, and monitor containerized applications in a cluster.
The following examples show how to define a connection profile for an AWS ECS job.
-
This JSON defines a connection profile based on an authentication using an AWS access key and secret:
Copy{
"AWS ECS":
{
"Type": "ConnectionProfile:AWS ECS",
"AWS ECS URL": "https://ecs.us-east-1.amazonaws.com",
"Cloud Watch URL": "https://logs.us-east-1.amazonaws.com",
"AWS Region": "us-east-1",
"Authentication Method": "Secret",
"AWS Access Key": "<Access Key>",
"AWS Secret": "*****",
"Connection Timeout": "30",
"Description": "",
"Centralized": true
}
} -
This JSON defines a connection profile based on an authentication using an AWS IAM role from inside an EC2 instance:
Copy{
"AWS ECS":
{
"Type": "ConnectionProfile:AWS ECS",
"AWS ECS URL": "https://ecs.us-east-1.amazonaws.com",
"Cloud Watch URL": "https://logs.us-east-1.amazonaws.com",
"AWS Region": "us-east-1",
"Authentication Method": "IAM",
"AWS IAM Role": "IAM ROLE",
"Connection Timeout": "30",
"Description": "",
"Centralized": true
}
}
The following table describes the AWS ECS job connection profile parameters.
Parameter |
Description |
---|---|
AWS ECS URL |
Defines the AWS ECS authentication endpoint, based on the following format: https://ecs.<region>.amazonaws.com For more information about regional endpoints available for the AWS ECS service, refer to the AWS documentation. |
Cloud Watch URL |
Defines the Cloud Watch authentication endpoint. |
AWS Region |
Determines the region where the AWS ECS jobs are located. |
Authentication Method |
Determines one of the following authentication methods for the connection with AWS ECS:
|
AWS Access Key |
(Secret Authentication) Defines the AWS ECS account access key. |
AWS Secret |
(Secret Authentication) Defines the AWS ECS account secret access key. You can use Secrets in Code to not expose this value in the code. |
AWS IAM Role |
(IAM Authentication) Defines the Identity and Access Management (IAM) role for the AWS ECS connection. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request to AWS ECS before a timeout occurs. Default:: 30 |
Centralized |
Determines whether to create a centralized connection profile, which is stored in the Control-M database and is available to all Agents. You must set this parameter to true. |
ConnectionProfile:GCP Cloud Run
GCP Cloud Run is a container management service that enables you to execute, stop, manage, and monitor containerized applications in a cluster.
The following example shows how to define a GCP Cloud Run connection profile that authenticates as a service account:
{
"GCR":
{
"Type": "ConnectionProfile:GCP Cloud Run",
"Identity Type": "service_account",
"Cloud Run URL": "https://run.googleapis.com",
"Service Account Key": "*****",
"Description": "",
"Connection Timeout": 20,
"Centralized": true
}
}
The following table describes the GCP Cloud Run job connection profile parameters.
Parameter |
Description |
---|---|
Identity Type |
Determines one of the following authentication types using GCP Access Control:
|
GCP Cloud Run URL |
Defines the Google Cloud Platform (GCP) authentication endpoint for Cloud Run. |
Service Account Key |
(Service Account) Defines a service account that is associated with an RSA key pair. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request to GCP Cloud Run before a timeout occurs. Default: 20 seconds |
Centralized |
Determines whether to create a centralized connection profile, which is stored in the Control-M database and is available to all Agents. You must set this parameter to true. |
ConnectionProfile:Kubernetes
The Kubernetes job enables you to run a pod to completion in a Kubernetes-based cluster.
For more information about this plug-in, see
The following
{
"KBN_CCP":
{
"Type": "ConnectionProfile:Kubernetes",
"Description": "Profile for agent running in the Kubernetes cluster",
"Namespace": "jobspace",
"Kubernetes Cluster URL": "https://kubernetes.default.svc",
"Service Token File": "/var/run/secrets/kubernetes.io/serviceaccount/token",
"Connection Timeout": "50",
"Centralized": true
}
}
The following table describes the Kubernetes job connection profile parameters.
Parameter |
Description |
---|---|
Namespace |
Defines the name of the Kubernetes namespace. |
Kubernetes Cluster URL |
Defines the URL for the connection to the Kubernetes cluster. Default: https://kubernetes.default.svc |
Service Token File |
Defines the path to the token file for the connection to Kubernetes. Default: /var/run/secrets/kubernetes.io/serviceaccount/token |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request to Kubernetes before a timeout occurs. Default: 50 |
Centralized |
Determines whether to create a centralized connection profile, which is stored in the Control-M database and is available to all Agents. You must set this parameter to true. |