Container Orchestration Connection Profiles

The following topics describe the connection profile parameters for container orchestration:

AWS ECS Connection Profile Parameters

Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.

For more information about this plug-in, see Control-M for AWS ECS.

The following table describes the AWS ECS connection profile parameters.

Parameter

Description

AWS ECS URL

Defines the AWS ECS authentication endpoint.

https://ecs.us-east-1.amazonaws.com

Cloud Watch URL

Defines the Cloud Watch authentication endpoint.

https://logs.us-east-1.amazonaws.com

AWS Region

Determines the region where the AWS ECS jobs are located.

us-east-1

Authentication Method

Determines one of the following authentication methods:

  • AWS Key & Secret: Used for services outside the AWS infrastructure.

  • AWS IAM Role: Used for services within the AWS infrastructure.

AWS Access Key

Defines the AWS ECS account access key.

AWS Secret

Defines the AWS ECS account secret access key.

AWS IAM Role

Defines the Identity and Access Management (IAM) role for the AWS ECS connection.

Connection Timeout

Determines the number of seconds to wait after Control-M initiates a connection request to AWS ECS before a timeout occurs.

Default: 30

GCP Cloud Run Connection Profile Parameters

Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.

For more information about this plug-in, see Control-M for GCP Cloud Run.

The following table describes the GCP Cloud Run connection profile parameters.

Parameter

Description

Identity Type

Determines one of the following authentication types using GCP Access Control:

  • Service Account: Authenticates using an application ID (service account) and client secret.

  • IAM: Authenticates based on a detected IAM role, which removes the need to provide additional credentials.

Cloud Run URL

Defines the Google Cloud Platform (GCP) authentication endpoint for Cloud Run.

https://run.googleapis.com

Service Account Key

(Service Account) Defines a service account that is associated with an RSA key pair.

Use External Vault

Determines whether to locate and retrieve a secret from an external vault, as described in External Vault Parameters.

Connection Timeout

Determines the number of seconds to wait after Control-M initiates a connection request to GCP Cloud Run before a timeout occurs.

Default: 20 seconds

Kubernetes Connection Profile Parameters

Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.

For more information about this plug-in, see Helix Control-M for Kubernetes.

The following table describes the Kubernetes connection profile parameters.

Parameter

Description

Namespace

Defines the name of the Kubernetes namespace.

Kubernetes Cluster URL

Defines the URL for the connection to the Kubernetes cluster.

Default: https://kubernetes.default.svc

Service Token File

Defines the path to the token file for the connection to Kubernetes.

Default: /var/run/secrets/kubernetes.io/serviceaccount/token

Connection Timeout

Determines the number of seconds to wait after Control-M initiates a connection request to Kubernetes before a timeout occurs.

Default: 20 seconds