cluster-registration-operator

README

cluster-registration-operator

The Cluster Registration operator enables users to register clusters to their AppStudio workspace. We leverage the multicluster engine to import each cluster and add it to a ManagedClusterSet per workspace.

Please fork this repo and clone from the fork. All your work should be against the forked repo.

Installing

Prereqs

You must meet the following requirements:

• kustomize (ver. 4.2.0+)
• The managed hub must be MCE 2.0.0+
• On the managed hub, the multiclusterengine CR must have the managedserviceaccount-preview enabled. Ensure you are logged into the correct managed hub cluster:

oc cluster-info

and then use one of the two methods shown below to make the change:

• Manually edit using oc edit multiclusterengine then ensure the following:

    - enabled: true
      name: managedserviceaccount-preview

• Run a command to make the change:

oc patch multiclusterengine multiclusterengine --type=merge -p '{"spec":{"overrides":{"components":[{"name":"managedserviceaccount-preview","enabled":true}]}}}'

Ensure you are logged in to the AppStudio cluster

oc cluster-info

Install the operator from this repo

NOTE: This step is only required if you have not used the infra-deployments repo to deploy Cluster Registration and the other AppStudio pieces to your cluster

1. Fork and clone this repo

git clone https://github.com/<git username>/cluster-registration-operator.git
cd cluster-registration-operator

1. Verify you are logged into the AppStudio cluster

oc cluster-info

1. From the cloned cluster-registration-operator directory:

export QUAY_USER=<your_user>
export IMG_TAG=<tag_you_want_to_use>
export IMG=quay.io/${QUAY_USER}/cluster-registration-operator:${IMG_TAG}
make docker-build docker-push deploy

1. Verify the installer is running

There is one pod that should be running:

• cluster-registration-installer-controller-manager

Check using the following command:

oc get pods -n cluster-reg-config

Onboard a managed hub cluster

Ensure the managed hub cluster meets the prereq listed in the Prereqs section above

1. Get the kubeconfig of the managed hub cluster:

rm -rf /tmp/managed-hub-cluster
mkdir -p /tmp/managed-hub-cluster
touch /tmp/managed-hub-cluster/kubeconfig
export KUBECONFIG=/tmp/managed-hub-cluster/kubeconfig

• oc login to the managed hub cluster
• unset KUBECONFIG or set it as before.

1. Create config secret on the AppStudio cluster to access the managed hub cluster.

• Login to the AppStudio cluster

oc login

• Verify you are logged into the AppStudio cluster

oc cluster-info

• Create the secret using the managed hub cluster kubeconfig

oc create secret generic <secret_name> --from-file=kubeconfig=/tmp/managed-hub-cluster/kubeconfig -n <your_namespace>

Start the Cluster Registration controller

1. Verify you are logged into the AppStudio cluster

oc cluster-info

1. Create the hub config on the AppStudio cluster:

echo '
apiVersion: singapore.open-cluster-management.io/v1alpha1
kind: HubConfig
metadata:
  name: <name_of_your_hub>
  namespace: <your_namespace>
spec:
  kubeConfigSecretRef:
    name: <above_secret_name>
' | oc create -f -

1. Create the clusterregistrar on the AppStudio cluster:

echo '
apiVersion: singapore.open-cluster-management.io/v1alpha1
kind: ClusterRegistrar
metadata:
  name: cluster-reg
spec:' | oc create -f -

1. Verify pods are running

There is now three pods that should be running

• cluster-registration-installer-controller-manager
• cluster-registration-operator-manager
• cluster-registration-webhook-service

Check using the following command:

oc get pods -n cluster-reg-config

NOTE: Restart the cluster-registration-operator-manager pod if you make any changes to the HubConfig. This will allow the operator to onboard the new hub config.

Import a user cluster into AppStudio cluster

1. Verify you are logged into the AppStudio cluster

oc cluster-info

1. Create a registeredcluster CR on the AppStudio cluster

echo '
apiVersion: singapore.open-cluster-management.io/v1alpha1
kind: RegisteredCluster
metadata:
  name: <name_of_cluster_to_import>
  namespace: <your_namespace>
spec: {}
' | oc create -f -

1. Import the user cluster

• On the AppStudio cluster, run oc get configmap -n <your_namespace> <name_of_cluster_to_import>-import -o jsonpath='{.data.importCommand}'
• Copy the results. This is the command that needs to be run on the user cluster to trigger the import process. NOTE: This is a very large command, ensure you copy it completely!
• Login to the user cluster you want to import
• Verify you are logged into the user cluster you want to import

oc cluster-info

• Paste the result and run the commands
• Login to the AppStudio cluster
• Verify you are logged into the AppStudio cluster

oc cluster-info

• Watch the status.conditions of the RegisteredCluster CR. After several minutes the cluster should be successfully imported.

oc get registeredcluster -n <your_namespace> -oyaml

• The staus.clusterSecretRef will point to the Secret, <name_of_cluster_to_import>-cluster-secret ,containing the kubeconfig of the user cluster in data.kubeconfig.

oc get secrets <name_of_cluster_to_import>-cluster-secret -n <your_namespace> -ojsonpath='{.data.kubeconfig}' | base64 -d

Listing user clusters that are imported into AppStudio cluster

1. Verify you are logged into the AppStudio cluster

oc cluster-info

1. List all registered clusters on the AppStudio cluster

oc get registeredcluster -A

Local development

To run the operator locally, you can:

make generate
oc apply -f config/crd/singapore.open-cluster-management.io_registeredclusters.yaml
oc apply -f config/crd/singapore.open-cluster-management.io_hubconfigs.yaml
oc apply -f hack/hubconfig.yaml
oc create secret generic mce-kubeconfig-secret --from-file=kubeconfig=kubeconfig # Expects a kubeconfig file named kubeconfig
export POD_NAMESPACE=default
go run main.go manager