Red Hat SummitDieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
Chapter 8. ManagedClusterSets
A ManagedClusterSet is a group of managed clusters. With a ManagedClusterSet, you can manage access to all of the managed clusters in the group together. You can also create a ManagedClusterSetBinding resource to bind a ManagedClusterSet resource to a namespace.
8.1. Creating a ManagedClusterSet
You can group managed clusters together in a ManagedClusterSet to limit the user access on managed clusters.
Required access: Cluster administrator
A ManagedClusterSet is a cluster-scoped resource, so you must have cluster administration permissions for the cluster where you are creating the ManagedClusterSet. A managed cluster cannot be included in more than one ManagedClusterSet. Complete the following steps to create a ManagedClusterSet:
Add the following definition of the
ManagedClusterSetto youryamlfile:apiVersion: cluster.open-cluster-management.io/v1alpha1 kind: ManagedClusterSet metadata: name: <clusterset1>
apiVersion: cluster.open-cluster-management.io/v1alpha1 kind: ManagedClusterSet metadata: name: <clusterset1>Copy to Clipboard Copied! Toggle word wrap Toggle overflow Replace clusterset1 with the name of your
ManagedClusterSet.
8.2. Adding clusters to a ManagedClusterSet
After your ManagedClusterSet is created, you must add one or more managed clusters. Complete the following steps to add managed clusters:
Ensure that there is an RBAC
ClusterRoleentry that allows you toCreateon a virtual subresource ofmanagedclustersets/join. Without this permission, you cannot assign a managed cluster to aManagedClusterSet.If this entry does not exist, add it to your
yamlfile. A sample entry resembles the following content:Copy to Clipboard Copied! Toggle word wrap Toggle overflow Replace clusterset1 with the name of your
ManagedClusterSet.Note: If you are moving a managed cluster from one
ManagedClusterSetto another, you must have that permission available on bothManagedClusterSets.Find the definition of the managed cluster in the
yamlfile. The section of the managed cluster definition where you add a label resembles the following content:Copy to Clipboard Copied! Toggle word wrap Toggle overflow In this example, cluster1 is the name of the managed cluster.
Add a label that specifies the name of the
ManagedClusterSetin the format:cluster.open-cluster-management.io/clusterset: clusterset1.Your code resembles the following example:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow In this example, cluster1 is the cluster that is added to the clusterset1
ManagedClusterSet.Note: If the managed cluster was previously assigned to a
ManagedClusterSetthat was deleted, the managed cluster might have aManagedClusterSetalready specified to a cluster set that does not exist. If so, replace the name with the new one.
8.3. Removing a managed cluster from a ManagedClusterSet
You might want to remove a managed cluster from a ManagedClusterSet to move it to a different ManagedClusterSet, or remove it from the management settings of the set.
To remove a managed cluster from a ManagedClusterSet, complete the following steps:
Run the following command to display a list of managed clusters in the
ManagedClusterSet:kubectl get managedclusters -l cluster.open-cluster-management.io/clusterset=<clusterset1>
kubectl get managedclusters -l cluster.open-cluster-management.io/clusterset=<clusterset1>Copy to Clipboard Copied! Toggle word wrap Toggle overflow Replace clusterset1 with the name of the
ManagedClusterSet.- Locate the entry for the cluster that you want to remove.
Remove the label from the the
yamlentry for the cluster that you want to remove. See the following code for an example of the label:labels: cluster.open-cluster-management.io/clusterset: clusterset1
labels: cluster.open-cluster-management.io/clusterset: clusterset1Copy to Clipboard Copied! Toggle word wrap Toggle overflow Note: If you are moving a managed cluster from one
ManagedClusterSetto another, you must have the RBAC permission available on bothManagedClusterSets.
8.4. ManagedClusterSetBinding resource
Create a ManagedClusterSetBinding resource to bind a ManagedClusterSet resource to a namespace. Application and policies that are created in the same namespace can only access managed clusters that are included in the bound ManagedClusterSet resource.
When you create a ManagedClusterSetBinding, the name of the ManagedClusterSetBinding must match the name of the ManagedClusterSet to bind.
Your ManagedClusterSetBinding resource might resemble the following information:
You must have the bind permission on the target ManagedClusterSet. View the following example of a ClusterRole resource, which contain rules that allow the user to bind to clusterset1:
For more information about role actions, see Role-based access control.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}