Managing clusters


OpenShift Cluster Manager 1-latest

Using Red Hat OpenShift Cluster Manager to work with your OpenShift clusters

Red Hat Customer Content Services

Abstract

This guide provides instructions for using Red Hat OpenShift Cluster Manager to work with your Red Hat OpenShift cloud services and Red Hat OpenShift Container Platform clusters. OpenShift Cluster Manager allows you to create, subscribe, and manage different types of OpenShift clusters from a single user interface.

Chapter 1. What is Red Hat OpenShift Cluster Manager?

Red Hat OpenShift Cluster Manager is a managed service on the Red Hat Hybrid Cloud Console where you can create, operate and upgrade your Red Hat OpenShift 4 clusters.

OpenShift Cluster Manager provides links and steps to install Red Hat OpenShift Container Platform clusters and tools to create Red Hat OpenShift Dedicated and Red Hat OpenShift Service on AWS (ROSA) clusters.

From OpenShift Cluster Manager, you can work with all of your organization’s OpenShift Container Platform and OpenShift cloud services clusters from a single dashboard, and gain insights and recommendations for managing your clusters.

From OpenShift Cluster Manager, you can:

  • View high level cluster information
  • Create new clusters
  • Configure Red Hat subscription services on your clusters
  • Manage your clusters using other services on the Red Hat Hybrid Cloud Console
  • Monitor clusters for problems
  • Access the OpenShift cluster admin console
  • Find information about the latest OpenShift versions
  • Download tools to use with your clusters
  • Get support for your clusters and manage your Red Hat support cases

1.1. Getting started with OpenShift Cluster Manager

Additional resources

You can find documentation for these related products and services here:

1.2. What is the difference between OpenShift Container Platform and OpenShift Dedicated?

Red Hat OpenShift Container Platform clusters are self-managed and run on-premises or on a cloud provider. OpenShift Dedicated clusters are managed by Red Hat and run on a cloud provider.

OpenShift Container Platform is a self-managed hybrid cloud platform. With OpenShift Container Platform, you can create your clusters on any private or public cloud or bare metal, using your own infrastructure.

Red Hat OpenShift Dedicated is a fully managed service for Red Hat OpenShift, which uses Amazon Web Services (AWS) or Google Cloud Platform. With OpenShift Dedicated, you can run your clusters on Red Hat’s managed cloud account, or on your own AWS or Google Cloud Platform (GCP) cloud provider account.

OpenShift Cluster Manager allows you to create and manage your OpenShift Container Platform and OpenShift Dedicated clusters from one dashboard.

Additional resources

1.3. Using OpenShift Cluster Manager with OpenShift Container Platform

OpenShift Cluster Manager provides a user interface to create OpenShift Container Platform clusters and subscribe the clusters to Red Hat for support.

OpenShift Cluster Manager provides the installer and instructions to create self-managed clusters on each supported environment for OpenShift Container Platform.

You can then view and manage your OpenShift Container Platform clusters in OpenShift Cluster Manager, or log into the OpenShift Container Platform web console to access and configure your clusters.

You can find information about the latest OpenShift Container Platform release versions available, as well as update channels for your clusters from the Releases menu in OpenShift Cluster Manager.

You can also gain insights about your clusters using integrated services within the Red Hat Hybrid Cloud Console such as Red Hat Insights Advisor, Subscriptions, and Cost Management.

Additional resources

1.4. Using OpenShift Cluster Manager with OpenShift Dedicated

OpenShift Cluster Manager provides a user interface to create, view and manage your OpenShift Dedicated clusters.

OpenShift Dedicated clusters are managed by Red Hat and are known as managed clusters. You can create OpenShift Dedicated clusters on AWS or Google Cloud Platform, using either Red Hat’s managed cloud account or your own cloud provider account. When using your own cloud provider account, this billing model is referred to as Customer Cloud Subscription (CCS) in OpenShift Cluster Manager.

Additional resources

1.5. Using OpenShift Cluster Manager with Red Hat OpenShift Service on AWS

OpenShift Cluster Manager provides a user interface to create, view and manage your Red Hat OpenShift Service on AWS (ROSA) clusters.

ROSA is a fully-managed OpenShift service, jointly managed and supported by Red Hat and Amazon Web Services (AWS). This service is procured directly from your AWS account. ROSA pricing is consumption based and is billed directly to your AWS account.

You can quickly deploy ROSA from OpenShift Cluster Manager or the rosa CLI. In OpenShift Cluster Manager, you can manage your ROSA cluster and any add-on services for the cluster.

Additional resources

1.6. Using OpenShift Cluster Manager with the Red Hat Hybrid Cloud Console

OpenShift Cluster Manager is integrated with other services hosted on the Red Hat Hybrid Cloud Console, which you can use to gain deeper understanding and manage your OpenShift clusters:

  • Insights Advisor for OpenShift Container Platform monitors the health of your OpenShift Container Platform clusters and helps you identify, prioritize, and resolve risks to service availability, fault tolerance, performance, and security.
  • Subscriptions allows you to monitor your usage and subscription information for your OpenShift clusters.
  • Cost management aggregates and displays the costs of your OpenShift deployment and infrastructure across bare-metal servers, virtual machines, private clouds and public cloud infrastructure, including AWS and Microsoft Azure.

You need a Red Hat account to access OpenShift Cluster Manager and the Red Hat Hybrid Cloud Console. You can then deploy an OpenShift cluster in OpenShift Cluster Manager.

For greater security, you can use two-factor authentication (2FA) to access OpenShift Cluster Manager and the Red Hat Hybrid Cloud Console. Two-factor authentication needs to be enabled in your Red Hat account to use 2FA to access OpenShift Cluster Manager. Organization Administrators can enable 2FA for all users in their organization, or individual users can configure 2FA for their own Red Hat account.

To enable two-factor authentication in your Red Hat account or learn more, see the Using Two-Factor Authentication guide.

Additional resources

1.7. Using add-on services on your OpenShift cloud services clusters

Add-ons are additional services that you can install to your existing Red Hat OpenShift Dedicated and Red Hat OpenShift Service on AWS (ROSA) clusters to enhance cluster capabilities.

You can install and manage add-on services from a cluster’s Add-ons tab in OpenShift Cluster Manager.

Depending on the add-on service, you may need additional Red Hat subscriptions or quota to use it. See the documentation for the add-on to learn more about the requirements and for instructions for using the add-on.

Additional resources

Chapter 2. Managing the cluster lifecycle

You can use Red Hat OpenShift Cluster Manager to create and delete OpenShift clusters, and manage the cluster lifecycle.

2.1. Creating clusters

You can create different types of OpenShift clusters from OpenShift Cluster Manager.

2.1.1. Creating an OpenShift Container Platform cluster

OpenShift Container Platform clusters run on your own infrastructure. Using OpenShift Container Platform, you can create your clusters on a private or public cloud, or on bare metal, using the command-line installer.

Create your cluster using OpenShift Cluster Manager and the installation program for your environment or cloud account.

After provisioning your cluster, configure your Red Hat subscription to get support for your cluster. See Subscribing an OpenShift Container Platform cluster for instructions and to learn more about subscription types available for clusters.

Prerequisites

  • A Red Hat login
  • Your own on-premises infrastructure. For example, a platform such as Red Hat Virtualization or Red Hat OpenStack; a cloud provider such as AWS; or a bare-metal Linux machine.

Procedure

  1. Go to OpenShift Cluster Manager and click Create cluster.
  2. Select the location where you want to install your cluster: in the public cloud (Cloud), in your data center (Datacenter), or on your local laptop (Local).
  3. Download the provided openshift-install program.
  4. Download the pull secret.

    Important

    Do not share your pull secret. Treat the pull secret like a password.

  5. Follow the instructions provided in the OpenShift Cluster Manager user interface to create your OpenShift cluster.

By default, your cluster automatically registers to the OpenShift Cluster Manager service the first time your cluster boots after installation and is connected to the Telemetry service. The cluster registers with a 60-day evaluation subscription that does not include Red Hat support.

Note

You can also create an on-premises cluster using the Assisted Installer. For more information about this method, see Installing on-premise with Assisted Installer.

Verification steps

  • After provisioning your cluster, you can view it in the Clusters list in OpenShift Cluster Manager.

Next steps

After creating your OpenShift Container Platform cluster, you can use the Red Hat Hybrid Cloud Console to:

  • Configure your Red Hat subscription to get support for your cluster from the Edit subscription settings menu in OpenShift Cluster Manager. You can subscribe your OpenShift Container Platform clusters to an Annual Red Hat subscription or an On-Demand subscription from the Red Hat Marketplace.

See Configuring OpenShift Container Platform cluster subscriptions for instructions and more information about subscription types for clusters.

Additional resources

2.1.2. Creating an OpenShift Dedicated cluster

OpenShift Dedicated clusters are managed by Red Hat and provisioned on Amazon Web Services (AWS) or Google Cloud Platform (GCP). They are referred to as managed clusters.

Using OpenShift Cluster Manager, you can create an OpenShift Dedicated cluster on AWS or GCP using as cloud account owned by Red Hat or with your own cloud account using the Customer Cloud Subscription (CCS) model.

When creating your OpenShift Dedicated cluster, you must also configure the Red Hat subscription type for the cluster to use. Your cluster is then automatically subscribed to your Red Hat subscriptions and includes Premium-level support.

You can use the following types of Red Hat subscriptions to support your OpenShift Dedicated clusters:

You can view your quota and resource limits alongside cluster usage, based on your active OpenShift Dedicated clusters, from the Subscriptions area in OpenShift Cluster Manager.

Important

You cannot change the subscription type on an existing OpenShift Dedicated cluster, with the exception of upgrading a trial subscription. For detailed instructions about creating a new cluster, see Creating a cluster in the OpenShift Dedicated documentation.

Additional resources

2.1.2.1. Creating an OpenShift Dedicated cluster with an annual subscription

You can create an OpenShift Dedicated cluster using an annual (fixed capacity) Red Hat subscription on your own AWS or Google Cloud Platform cloud provider (Customer Cloud Subscription), or use Red Hat’s fully-managed cloud to run your OpenShift Dedicated clusters.

This is the traditional Red Hat subscription type and support is pre-purchased from Red Hat and billed annually. Cluster provisioning is based on available quota. Quota is allocated from Red Hat subscriptions and is required to scale up a cluster.

To use an On-Demand (flexible usage) subscription for your cluster instead, see Section 2.1.2.2, “Creating an OpenShift Dedicated cluster with an On-Demand subscription”.

Important

You cannot change the subscription type after the cluster is created.

Prerequisites

  • A Red Hat login
  • Your organization must have an active Red Hat OpenShift Dedicated subscription with sufficient quota to create a cluster. Check your available quota from Subscriptions > Dedicated (Annual).
  • If you are creating a cluster on your own AWS or Google Cloud (Customer Cloud Subscription), you must configure your cloud account before creating your cluster. See the OpenShift Dedicated Planning your environment guide to understand the requirements for Customer Cloud Subscriptions.

Procedure

  1. From OpenShift Cluster Manager, click Create cluster.
  2. From the Cloud tab next to OpenShift Dedicated, click Create cluster. You can also view your available quota from this screen before creating your cluster.
  3. In the Billing Model screen, select Annual as your Subscription type.

    Important

    You cannot change the subscription type after the cluster is created.

  4. Select your Infrastructure type:

    • Customer Cloud Subscription uses your own cloud account, where you control billing and Red Hat manages the cluster for you. You must configure your cloud account before creating your cluster. See the OpenShift Dedicated Planning guide for instructions.
    • Red Hat cloud account deploys your cluster in cloud provider accounts owned by Red Hat. For this option, Red Hat handles all billing and management for your cluster.
  5. Configure basic cluster settings, including your cloud provider, machine pools, networking, and update policies.

    Note

    See the OpenShift Dedicated documentation for detailed information about configuring your cluster settings.

  6. Click Create cluster to provision your cluster.

Verification

  • While your cluster is being provisioned, you can view it in the Clusters list in OpenShift Cluster Manager. The cluster shows its Status as Ready when provisioning is complete.

Next steps

After creating your OpenShift Dedicated cluster and its status is Ready, you can:

Additional resources

2.1.2.2. Creating an OpenShift Dedicated cluster with an On-Demand subscription

You can use the On-Demand subscription type to create an OpenShift Dedicated cluster that is billed by usage. Billing is post-paid and handled by the Red Hat Marketplace.

When you enable an On-Demand subscription in Red Hat Marketplace, you set resource limits for your services to control maximum usage automatically.

This option allows the flexibility to scale your cluster up and down as needed, and to be billed accordingly. You can track usage by cluster in Subscriptions > Dedicated (On-Demand).

To use an annual (fixed capacity) subscription for your cluster instead, see Section 2.1.2.1, “Creating an OpenShift Dedicated cluster with an annual subscription”.

Important

You cannot change the subscription type after the cluster is created.

Prerequisites

  • A Red Hat login
  • Your organization must have an active OpenShift Dedicated On-Demand subscription enabled from the Red Hat Marketplace with resource limits configured.

  • Your own AWS or Google Cloud account, configured as described in the OpenShift Dedicated Planning your environment documentation.

Procedure

  1. From OpenShift Cluster Manager, click Create cluster.
  2. From the Cloud tab next to OpenShift Dedicated, click Create cluster. You can also view your available quota from this screen before creating your cluster.
  3. In the Billing Model screen, select On-Demand as your Subscription type.

    Note

    If On-Demand is not available as an option, follow the prompts in the OpenShift Cluster Manager user interface to enable an account and link your billing information in the Red Hat Marketplace. You can also verify whether On-Demand billing (Red Hat Marketplace subscriptions) is configured from the Subscriptions > Dedicated (On-Demand Limits) in OpenShift Cluster Manager.

    You cannot change the subscription type after the cluster is created.

  4. Select Customer Cloud Subscription as your Infrastructure type. This is required for the On-Demand subscription option.

    Note

    The Customer Cloud Subscription option uses your own cloud account, where you control billing and Red Hat manages the cluster for you. You must configure your cloud account before creating your cluster. See the OpenShift Dedicated Planning guide for instructions.

  5. Configure basic cluster settings, including your cloud provider, cluster details, machine pools, networking, update policies.

    Note

    See the OpenShift Dedicated documentation for detailed information about configuring your cluster settings.

  6. Click Create cluster to provision your cluster.

Verification

  • While your cluster is being provisioned, you can view it in the Clusters list in OpenShift Cluster Manager. The cluster shows its Status as Ready when provisioning is complete.

Next steps

After creating your OpenShift Dedicated cluster and its status is Ready, you can:

Additional resources

2.1.2.3. Creating an OpenShift Dedicated cluster with a free trial Red Hat subscription

You can try OpenShift Dedicated free of charge for 60 days by using a trial Red Hat subscription.

OpenShift Dedicated trial clusters are provided without an uptime service level agreement (SLA) and are self-supported.

To use a free trial subscription for your cluster, you need to use your own AWS or Google Cloud account (Customer Cloud Subscription) to provide the infrastructure.

At any time before the 60-day trial is finished, you can upgrade your cluster with your own Red Hat subscription details to continue using OpenShift Dedicated. At the end of the 60-day trial period, if you have not upgraded the trial cluster, your OpenShift Dedicated trial cluster and all installed add-on services are marked for permanent deletion.

To find out more and sign up for an OpenShift Dedicated trial subscription, go to About the OpenShift Dedicated Trial or Try OpenShift.

Prerequisites

Procedure

  1. From OpenShift Cluster Manager, click Create cluster.
  2. From the Cloud tab next to Red Hat OpenShift Dedicated Trial, click Create trial cluster. You can also view your available quota from this screen before creating your cluster.

    • In the next screen (Billing model), Free trial (upgradeable) will be automatically selected as your Subscription type, and Customer Cloud Subscription will be automatically selected as your Infrastructure type.

      Note
      • If Free trial (upgradeable) is not available as an option, follow the prompts in the user interface to enable your Red Hat account.
      • Customer Cloud Subscription uses your own cloud account, where you control billing and Red Hat manages the cluster for you. You must configure your cloud account before creating your cluster. See the OpenShift Dedicated Planning guide for instructions.
  3. Configure basic cluster settings, including your cloud provider, machine pools, networking, and update policies.

    Note

    See the OpenShift Dedicated documentation for detailed information about configuring your cluster settings.

  4. Click Create cluster to provision your cluster.

Verification

  • While your cluster is being provisioned, you can view it in the Clusters list in OpenShift Cluster Manager. The cluster will show its Status as Ready when provisioning is complete.

See the cluster overview page to view the expiry date of the trial subscription and other details. This information also shows on the Clusters list in the Created column.

Next steps

After creating your OpenShift Dedicated cluster and its status is Ready, you can:

Important

Before your 60-day trial expires, upgrade your cluster to a paid fully-supported Red Hat subscription to continue using your cluster. See Upgrading an OpenShift Dedicated trial cluster to a fully supported cluster.

Additional resources

2.1.3. Creating a Red Hat OpenShift Service on AWS (ROSA) cluster

Red Hat OpenShift Service on AWS (ROSA) is a fully-managed OpenShift service, jointly managed and supported by both Red Hat and Amazon Web Services (AWS). Having your clusters maintained by this service gives you the freedom to focus on deploying applications.

This service is licensed directly from your AWS account. ROSA pricing is consumption-based and is billed directly to your AWS account.

You can create a ROSA cluster from OpenShift Cluster Manager or by using the rosa CLI.

To create a ROSA cluster in OpenShift Cluster Manager, go to the cluster creation page, find Red Hat OpenShift Service on AWS and click Create cluster.

For full details about creating a ROSA cluster from OpenShift Cluster Manager or the rosa CLI, see Getting started in the ROSA documentation.

2.2. Updating clusters

2.2.1. Updating OpenShift cloud services clusters

OpenShift Cluster Manager allows you to update, or upgrade, your cloud services clusters. Updating your cluster to the latest version ensures your cluster is secure and supported. Cluster updates are rolling per node and do not require you to take your cluster or workloads offline.

The Overview and Settings tabs for your cluster in OpenShift Cluster Manager inform you if an OpenShift version update is available for your Red Hat OpenShift Dedicated (OSD) or Red Hat OpenShift Service on AWS (ROSA) cluster. From the Settings tab, you can apply updates to your cluster, or configure your update strategy for future cluster updates.

You can choose to schedule recurring or individual updates for your cluster by selecting one of these update strategy options in the Settings tab:

  • Individual updates allows you to schedule one update at a time manually.
  • Recurring updates allows you to configure a schedule for updates to occur at a preferred time every week if an update is available. Recurring updates only occur when a new patch (z-stream) update becomes available at least two days prior to your selected start time. Recurring updates only schedule minor (y-stream) updates if the update has been manually acknowledged in the Settings tab of OpenShift Cluster Manager.

You can configure either update strategy for both minor version and patch (z-stream) updates.

Note

In case of Critical security concerns (CVEs) that significantly impact the security or stability of the cluster, updates might be automatically scheduled by Red Hat Site Reliability Engineering (SRE) to the latest z-stream version not impacted by the CVE within two business days after customer notifications if the customer has not already scheduled an update.

Additional resources

For details about updating your cluster, see the documentation for your cluster type:

  • The OpenShift Dedicated Upgrading guide contains details about updating OpenShift Dedicated clusters.
  • The ROSA Upgrading guide contains details about updating ROSA clusters.
  • The Updating clusters guide contains details about updating OpenShift Container Platform clusters. Note that OpenShift Container Platform clusters cannot be updated from OpenShift Cluster Manager.

2.3. Deleting clusters

2.3.1. Removing an OpenShift Container Platform cluster from OpenShift Cluster Manager

You can archive an OpenShift Container Platform cluster to delete it from OpenShift Cluster Manager. Archiving a cluster removes it from subscription management and from the cluster list in OpenShift Cluster Manager.

You cannot delete an OpenShift Container Platform cluster from your infrastructure using OpenShift Cluster Manager.

Note

To fully delete an OpenShift Container Platform cluster, see the instructions for destroying a cluster on your infrastructure type in the OpenShift Container Platform Installing documentation.

Prerequisites

  • A Red Hat login
  • An OpenShift Container Platform cluster
  • You must have the Cluster Owner or Cluster Editor role on the cluster, or Organization Administrator privileges in your Red Hat account

Procedure

  1. In OpenShift Cluster Manager, select the cluster you want to archive.
  2. Click more options (more options) > Archive cluster to open the archiving dialog.
  3. Click Archive cluster to confirm.

Verification

When archiving is complete, your cluster no longer appears in the Clusters list in OpenShift Cluster Manager.

You can view all archived clusters in the Cluster Archives list in OpenShift Cluster Manager.

Note

You can restore an OpenShift Cluster Manager cluster from the archive by locating it in https://console.redhat.com/openshift/archived and clicking Unarchive next to the cluster. It appears in the Clusters list after it is unarchived.

Additional resources

  • See Installing in the :ocp: documentation for the commands to delete a cluster.

2.3.2. Deleting an OpenShift Dedicated cluster from OpenShift Cluster Manager

You can delete OpenShift Dedicated clusters using OpenShift Cluster Manager.

Prerequisites

  • A Red Hat login
  • An OpenShift Dedicated cluster
  • You must have the Cluster Owner or Cluster Editor role on the cluster, or Organization Administrator privileges in your Red Hat account

Procedure

  1. In OpenShift Cluster Manager, select the cluster you want to delete.
  2. Click more options (more options) > Delete cluster to open the Delete cluster dialog.

    Warning

    This action cannot be undone. It uninstalls the cluster, and all data is deleted.

  3. Confirm you want to delete the cluster by typing the cluster name in the dialog field and click Delete.

Verification

  • Your cluster shows Uninstalling in the Status column on the Clusters page.
  • While the cluster deletion is in progress, you can view Uninstallation logs by opening the cluster details Overview page.

When the deletion is complete, your cluster no longer appears in the Clusters list in OpenShift Cluster Manager.

You can view your deleted clusters from the Clusters list by clicking more options (more options) > View cluster archives.

2.3.3. Deleting a Red Hat OpenShift Service on AWS cluster from OpenShift Cluster Manager

You can delete Red Hat OpenShift Service on AWS (ROSA) clusters using OpenShift Cluster Manager.

Prerequisites

  • A Red Hat login
  • A Red Hat OpenShift Service on AWS (ROSA) cluster
  • You must have the Cluster Owner or Cluster Editor role on the cluster, or Organization Administrator privileges in your Red Hat account

Procedure

  1. In OpenShift Cluster Manager, select the cluster you want to delete.
  2. Click more options (more options) > Delete cluster to open the Delete cluster dialog.

    Warning

    This action cannot be undone. It uninstalls the cluster, and all data is deleted.

  3. Confirm you want to delete the cluster by typing the cluster name in the dialog field and click Delete.

Verification

  • Your cluster shows Uninstalling in the Status column on the Clusters page.
  • While the cluster deletion is in progress, you can view Uninstallation logs by opening the cluster details Overview page.

When the deletion is complete, your cluster no longer appears in the Clusters list in OpenShift Cluster Manager.

You can view your deleted clusters from the Clusters list by clicking more options (more options) > View cluster archives.

2.3.4. Viewing archived and deleted clusters

You can view all deleted and archived OpenShift clusters in your organization from the Cluster Archives list in OpenShift Cluster Manager.

OpenShift Dedicated clusters can be fully deleted in OpenShift Cluster Manager, while OpenShift Container Platform clusters can only be archived. Archiving an OpenShift Container Platform cluster removes it from the OpenShift Cluster Manager cluster list and from subscription management.

Prerequisites

  • A Red Hat login

Procedure

  • Click Cluster Archives to view a list of deleted and archived clusters in OpenShift Cluster Manager.
Note

You can restore an OpenShift Container Platform cluster from the archive by finding the cluster in https://console.redhat.com/openshift/archived and clicking Unarchive next to the cluster. It appears in the Clusters list after it is unarchived.

Additional resources

  • See Installing in the OpenShift Container Platform documentation for the commands to fully delete a cluster.

Chapter 3. Cluster subscriptions and registration

To use all Red Hat OpenShift functionality, your clusters must be registered to Red Hat OpenShift Cluster Manager and subscribed to Red Hat subscription management.

After you create a cluster, it is automatically registered to OpenShift Cluster Manager and subscribed to a Red Hat subscription where you can access Red Hat support and updates.

  • OpenShift Container Platform clusters are automatically subscribed to a limited 60-day Red Hat evaluation subscription when created. To upgrade your OpenShift Container Platform cluster to your own Red Hat subscription, see Section 3.1, “Configuring OpenShift Container Platform cluster subscriptions”.
  • To create an OpenShift Dedicated cluster, you must enter your Red Hat subscription details at creation. You can use your own Red Hat subscription when creating an OpenShift Dedicated cluster, or try OpenShift Dedicated using a 60-day trial subscription to be upgraded later. To configure the subscription settings on your OpenShift Dedicated clusters, see Section 3.2, “Managing OpenShift Dedicated cluster subscriptions”.
  • For Red Hat OpenShift Service on AWS (ROSA) clusters, no subscription configuration is necessary in OpenShift Cluster Manager, as this service is licensed directly from your AWS account. ROSA pricing is consumption-based and is billed directly to your AWS account.

Additional resources

3.1. Configuring OpenShift Container Platform cluster subscriptions

By default, your OpenShift Container Platform cluster automatically registers to the OpenShift Cluster Manager service (https://console.redhat.com/openshift/) after it is created, and is subscribed to a limited 60-day Red Hat evaluation subscription for access to Red Hat support and updates.

To avoid downtime on your cluster, you must edit the cluster subscription settings in OpenShift Cluster Manager to use your own Red Hat subscription before your evaluation subscription expires.

You can use one of the following Red Hat subscription types to support your OpenShift Container Platform clusters:

  • Annual: A subscription that provides a fixed capacity of resources, pre-purchased from Red Hat.
  • On-Demand: This subscription that allows flexible usage and is billed through the Red Hat Marketplace. Your clusters must be connected to Telemetry in OpenShift Cluster Manager to use this subscription type.

    When you enable an On-Demand subscription in Red Hat Marketplace, you set resource limits for your services to control usage automatically.

You can view your active OpenShift Container Platform subscriptions from the Subscriptions area in OpenShift Cluster Manager.

Note

If you disabled Telemetry or your cluster cannot connect to api.openshift.com, you can alternatively complete the Red Hat registration process online at https://console.redhat.com/openshift/register. See Registering disconnected clusters for more information.

Prerequisites

  • A Red Hat login
  • An OpenShift Container Platform cluster
  • A Red Hat Annual subscription or an OpenShift Container Platform On-Demand subscription enabled from the Red Hat Marketplace with resource limits configured.

    • Check your resource limits from the Subscriptions area in OpenShift Cluster Manager. If no resource limits display, enable On-Demand subscriptions in Red Hat Marketplace.
  • You must have the Cluster Owner or Cluster Editor role on the cluster, or Organization Administrator privileges in your Red Hat account to edit a cluster’s subscription settings.

Procedure

  1. View an OpenShift Container Platform cluster in OpenShift Cluster Manager.
  2. Click Actions > Edit subscription settings. You can also access this from the Subscription settings section of the cluster Overview page.
  3. Select your Subscription type:

    • Annual to use your Red Hat fixed capacity subscription
    • On-Demand to use your Red Hat Marketplace flexible usage subscription

      Important

      If On-Demand is not available as an option, contact Red Hat Sales to enable an account and link your billing information in the Red Hat Marketplace. You can also verify whether On-Demand billing is enabled if Marketplace shows as Enabled in the Subscriptions area under OpenShift Container Platform.

      After setting your subscription type, you cannot change a cluster’s subscription type from On-Demand to an Annual subscription.

  4. If you selected Annual, select the options that apply to your Red Hat subscription in the dialog. See OpenShift Container Platform cluster subscription settings for more details about the available settings. If your cluster is disconnected, the subscription type is automatically set to Annual. For On-Demand, all other settings are pre-configured.
  5. Click Save settings.

It might take up to two hours for these settings to update for your cluster in the Subscriptions summary and Red Hat Subscription Management after making changes to your Red Hat subscription in the Red Hat Customer Portal.

Verification steps

View your cluster’s subscription status and usage in Subscriptions > Container Platform.

Additional resources

3.1.1. OpenShift Container Platform cluster subscription settings

To ensure that you get the correct level of support for your OpenShift Container Platform clusters, configure your cluster subscription settings in OpenShift Cluster Manager to align with the values for your Red Hat subscription.

For OpenShift Dedicated clusters, no further subscription configuration is needed after choosing your subscription type. OpenShift Dedicated clusters are automatically subscribed to Red Hat subscriptions and come with Premium-level support.

Note

To find more details about your subscriptions, view your Subscriptions Inventory in the Red Hat Customer Portal.

To change the support type of an OpenShift Container Platform cluster after it has been initialized on Red Hat OpenShift Cluster Manager, click more options (more options) > Edit subscription settings for a cluster.

The following options are available for OpenShift Container Platform clusters:

Table 3.1. Subscription settings
Subscription settingOptionsSummaryMore information

Subscription type

  • Annual: Fixed capacity subscription from Red Hat
  • On-Demand: Flexible usage billed through the Red Hat Marketplace

What type of subscription are you using for this cluster?

Contact Red Hat Sales to enable On-Demand subscriptions from the Red Hat Marketplace for OpenShift Container Platform clusters.

Service level agreement (SLA)

  • Premium
  • Standard
  • Self-Support 60-day evaluation

How is this cluster supported?

The hours of coverage, support ticket response times, and other terms that are defined by the Service Level Agreement (SLA). See Production Support Terms of Service.

Support type

  • Red Hat support (L1-L3)
  • Partner support (L3)

Which team do you contact for primary support?

If you purchased the subscription through Red Hat, select L1-L3.

Cluster usage

  • Production
  • Development/Test
  • Disaster Recovery

How do you intend to use this cluster?

Describe the purpose of the cluster - for example, running production workloads or testing internal development projects.

Subscription units

  • Cores/vCPUs
  • Sockets

How is usage measured for your subscription?

Define how the cluster will consume the purchased Red Hat subscriptions.

Number of compute cores

A value between 1-999

How many compute cores does your cluster use?

NOTE: Configuration is only necessary on disconnected clusters.

This defines the number of physical cores used by your cluster. This excludes control plane nodes and nodes that do not use RHCOS. See Section 3.1.3, “Calculating the number of compute cores for your cluster” for more details.

3.1.2. Understanding subscription usage for OpenShift Container Platform clusters

The subscriptions service in the Red Hat Hybrid Cloud Console tracks Red Hat OpenShift usage as cluster size on physical and virtual systems. The cluster size is the sum of all subscribed nodes. A subscribed node is a compute or worker node that runs workloads, as opposed to a control plane or infrastructure node that manages the cluster.

The subscriptions service tracks Red Hat OpenShift Container Platform usage in physical CPU cores or sockets for clusters and aggregates this data into an account view.

Subscriptions are used based on a 1 physical core or 2 vCPU core rate.

As an example, the subscription Red Hat OpenShift Container Platform, Standard/Premium (64 Cores or 128 vCPUs) supports an environment using either of these measurements:

  • 64 physical cores, or
  • 32 physical cores and 64 vCPUs

Both configurations would be counted the same. This information can be viewed in the Cores field of the subscriptions service’s usage record on the Red Hat Hybrid Cloud Console.

Additional resources

3.1.3. Calculating the number of compute cores for your cluster

OpenShift Container Platform subscriptions are measured by physical cores and vCPUs or sockets, depending on your subscription terms.

Note

Configuring the Number of compute cores in OpenShift Cluster Manager is only necessary for disconnected clusters.

In most cases, when configuring the Number of compute cores on your OpenShift Container Platform clusters, enter the number of compute cores and vCPUs or sockets included in your Red Hat subscription, excluding any control plane nodes. This applies to all clusters using Red Hat Enterprise Linux CoreOS (RHCOS) as an operating system.

However, if your clusters do not have any worker nodes, or the nodes are using Red Hat Enterprise Linux only (rather than RHCOS), usage for those nodes is not calculated against your OpenShift Container Platform subscription. In this case, enter a value of 1 for Number of compute cores for these nodes.

To confirm the unit of measurement used by your subscription and other details, log in to the Red Hat Subscription Management area in the Red Hat Customer Portal.

3.1.3.1. Obtaining CPU information for your cluster

To find the CPU information used to calculate required subscriptions for the worker nodes, run the following commands from the OpenShift command line (oc) in your OpenShift Container Platform cluster.

Prerequisites

  • An OpenShift Container Platform cluster
  • Cluster administrator permissions
  • OpenShift Container Platform oc CLI tool installed

Procedure

  1. Log into your OpenShift Container Platform cluster and run this command, replacing the values for username, password, and openshift-server:

    $ oc login -u=<username> -p=<password> --server=<your-openshift-server> --insecure-skip-tls-verify
  2. Obtain the roles of the nodes within the cluster (master, infrastructure or worker):

    $ oc get nodes -o wide
  3. Obtain the CPU information which is used to calculate the necessary subscriptions to cover worker nodes:

    $ oc describe nodes | egrep 'Name:|InternalIP:|cpu:'
  4. In OpenShift Cluster Manager, enter this value in the Number of compute cores field for your cluster:

    1. In OpenShift Cluster Manager, locate your cluster in the Clusters list.
    2. Click more options (more options) > Edit subscription settings for the cluster.
    3. Enter the value in the Number of compute cores field and save the changes.

You can then use your OpenShift usage data in the Red Hat Hybrid Cloud Console subscriptions service to inform your subscription renewal or purchase. Viewing your OpenShift hosts and nodes in OpenShift Cluster Manager, Red Hat Subscription Management, and the inventory in the Red Hat Hybrid Cloud Console shows the number of cores or vCPUs as known by the host.

Note

If you are running OpenShift on a hypervisor and your compute core count appears to be incorrect, ensure that you configure your hypervisor so that it groups vCPUs as your subscription is arranged. See this Knowledgebase article for more information.

Additional resources

3.2. Managing OpenShift Dedicated cluster subscriptions

OpenShift Cluster Manager allows you to create OpenShift Dedicated clusters using your Red Hat subscriptions. These clusters are managed by Red Hat and come with Premium-level support. You must enter your subscription details when creating an OpenShift Dedicated cluster.

You can use one of the following types of Red Hat subscriptions to create OpenShift Dedicated clusters:

  • Annual: A subscription providing a fixed capacity of resources, pre-purchased from Red Hat. Cluster provisioning is based on available quota. Quota is allocated from your Red Hat subscriptions and is required to scale up a cluster.
  • On-Demand: A subscription allowing flexible usage, billed through the Red Hat Marketplace. When you enable an On-Demand subscription in Red Hat Marketplace, you set resource limits for your services to control usage automatically.
  • OpenShift Dedicated trial: You can try OpenShift Dedicated for 60 days free of charge with a trial Red Hat subscription. You can upgrade your cluster to a paid Red Hat subscription at any time. See About the OpenShift Dedicated Trial for more details.

You can view your quota and resource limits, based on your active OpenShift Dedicated clusters, from the Subscriptions menu in OpenShift Cluster Manager.

Important

You must select the subscription type when creating the cluster. You cannot change the subscription type on an existing OpenShift Dedicated cluster, with the exception of upgrading a trial subscription. To create a new cluster, see Creating an OpenShift Dedicated cluster.

Prerequisites

  • A Red Hat login
  • An active Red Hat OpenShift Dedicated subscription with sufficient quota to create a cluster. See https://www.openshift.com/products/dedicated/ for more information.
  • You must have the Cluster Owner or Cluster Editor role on the cluster, or Organization Administrator privileges in your Red Hat account to edit a cluster’s subscription settings.

Procedure

  • To view a summary of all subscriptions for OpenShift Dedicated purchased by your organization or granted by Red Hat, go to OpenShift Cluster Manager and click Subscriptions. The summary also shows how much of your quota and resource limits have been used by your OpenShift Dedicated clusters, broken down by subscription type.

3.2.1. Upgrading an OpenShift Dedicated trial cluster to a fully supported cluster

You can upgrade your OpenShift Dedicated (OSD) trial cluster at any time after starting the free trial.

You can choose to upgrade your trial cluster before the trial conclusion if you want to run production services or use features that are not included in the free trial, such as autoscaling, specific add-on services, and quota increases.

Important

The OpenShift Dedicated free trial ends when you delete your cluster or after 60 days, whichever happens first. At that time, your OpenShift Dedicated trial cluster and all installed add-on services are marked for permanent deletion.

If you upgrade the cluster before the trial is over, you can continue using the resources you created during the trial without interruption.

Prerequisites

  • A Red Hat login
  • An OpenShift Dedicated cluster using a trial subscription
  • A Red Hat subscription for OpenShift Dedicated
  • You must have the Cluster Owner or Cluster Editor role on the cluster, or Organization Administrator privileges in your Red Hat account to edit a cluster’s subscription settings.

Procedure

  1. Go to the Clusters list in OpenShift Cluster Manager.
  2. Find your OpenShift Dedicated trial cluster, labeled OSD Trial in the Cluster Type column.
  3. Click Upgrade from trial and follow the instructions to upgrade your cluster.
Note

If the Upgrade from trial option does not appear, the reasons could include the following:

  • You do not have the permissions needed to upgrade this cluster to a fully supported cluster. You must be an Organization Administrator on the Red Hat account or the Cluster Owner to upgrade the account.
  • This cluster account is already upgraded to a fully supported OpenShift Dedicated cluster.

Verification steps

  • Find your OpenShift Dedicated cluster in the Clusters list in OpenShift Cluster Manager. The Cluster type is no longer be listed as OSD Trial.

Additional resources

3.3. Registering OpenShift Container Platform clusters to OpenShift Cluster Manager

To monitor the health of your OpenShift Container Platform clusters with Insights Advisor and receive alerts, updates, and recommendations from Red Hat Insights, your clusters must be registered to OpenShift Cluster Manager and subscribed to a Red Hat subscription.

By default, every OpenShift Container Platform cluster automatically registers to OpenShift Cluster Manager the first time the cluster boots after installation.

OpenShift Container Platform clusters report health and usage data to Red Hat through Telemetry and the Insights Operator when registered in OpenShift Cluster Manager. These are referred to as connected clusters.

Occasionally an OpenShift Container Platform cluster does not automatically register to the OpenShift Cluster Manager service (referred to as a disconnected cluster), for example if:

  • the cluster was created in an air-gapped environment and cannot reach OpenShift Cluster Manager to inform OpenShift Cluster Manager it has been created
  • you disabled the Telemeter client
  • your cluster cannot connect to api.openshift.com

In this situation, you can register a disconnected cluster to OpenShift Cluster Manager manually from https://console.redhat.com/openshift/register. You can also enter your Red Hat subscription details from here to subscribe your cluster to Red Hat support.

After an OpenShift Container Platform cluster is registered and subscribed, you can then monitor your subscription capacity and usage in Subscriptions > Container Platform.

3.3.1. Verifying your OpenShift Container Platform cluster is registered and subscribed

You can verify that your OpenShift Container Platform cluster is registered to OpenShift Cluster Manager and subscribed to a Red Hat subscription from OpenShift Cluster Manager.

A OpenShift Container Platform cluster that is registered on OpenShift Cluster Manager is referred to as a connected cluster. In rare cases, for example, if Telemetry is disabled or blocked on the user’s network, the cluster cannot be registered automatically and you must manually register the cluster to OpenShift Cluster Manager.

Prerequisites

  • A Red Hat login
  • An OpenShift Container Platform cluster
  • To edit a cluster’s subscription settings, you must have the Cluster Owner or Cluster Editor role on the cluster, or Organization Administrator privileges in your Red Hat account.

Procedure

  1. Go to the Clusters list in OpenShift Cluster Manager and locate your OpenShift Container Platform cluster.

    Note

    If your cluster does not appear in the Clusters list, you need to register your cluster. See Registering disconnected clusters for instructions.

  2. Review the Status column for the cluster:

    • If the Status is Ready, it is connected to OpenShift Cluster Manager and reporting Telemetry data. No manual registration is required.
    • If the Status is Disconnected, it is not sending Telemetry data to OpenShift Cluster Manager. This is due to the cluster being installed on a private network, or having Telemetry disabled.
    • If the Status is Stale, your cluster is connected but has not sent Telemetry data to OpenShift Cluster Manager recently.
  3. Review the Created column for the cluster to see the cluster subscription status:

    • A date: Your cluster is subscribed to a Red Hat subscription and is receiving support and updates.
    • 60-day evaluation: Your cluster is subscribed to Red Hat support with a temporary evaluation subscription. Configure the cluster to access Red Hat support with your own Red Hat subscription by clicking more options (more options) > Edit subscription settings.
    • Evaluation expired: Your cluster is not subscribed to Red Hat support. Configure your subscription details for the cluster by clicking more options (more options) > Edit subscription settings.

      Note
      • You can also check the cluster’s subscription settings from the cluster Overview page.
      • You must have the Cluster Owner or Cluster Editor role on the cluster, or Organization Administrator privileges in your Red Hat account to edit a cluster’s subscription settings.

Next steps

3.3.2. Registering disconnected clusters

To monitor the health of your OpenShift Container Platform clusters and receive alerts, updates, and recommendations from Insights Advisor, your clusters must be registered to OpenShift Cluster Manager. If your cluster does not appear on the Clusters list in OpenShift Cluster Manager, you need to register it.

Note

If your cluster is already registered to OpenShift Cluster Manager and you only want to edit subscription settings for your cluster, click more options (more options) > Edit subscription settings, or configure your subscription settings from the cluster details page. See Configuring OpenShift Container Platform cluster subscriptions for details.

Prerequisites

  • A Red Hat login
  • An OpenShift Container Platform cluster
  • A Red Hat subscription
  • You must have the Cluster Owner or Cluster Editor role on the cluster, or Organization Administrator privileges in your Red Hat account to edit a cluster’s subscription settings.

Procedure

To register a disconnected cluster, create a profile for your cluster manually in OpenShift Cluster Manager:

  1. Go to the Clusters list in OpenShift Cluster Manager.
  2. At the top of the Clusters list, click more options (more options) > Register cluster to open the Register disconnected cluster page.
  3. Enter the Cluster ID for the cluster you want to register. For example, 00000c9e-f75e-44e4-86e1-ebf60ec0b000.

    Note

    You can find your cluster ID in the cluster web console in OpenShift Container Platform.

  4. Enter the Display name for the cluster. This can be any name that you want to identify the cluster by in OpenShift Cluster Manager. You can find your cluster by this name in the cluster list for your organization.
  5. Enter the Web console URL for the cluster. This is the URL to log into your OpenShift Container Platform cluster web console.
  6. To subscribe your cluster to Red Hat support, enter your Red Hat subscription details in Subscription settings:

    1. Select the Service level agreement (SLA) for the cluster.
    2. Select your Support type.
    3. Specify how you intend to use the cluster in Cluster usage.
    4. Specify the unit your subscription is measured in (cores/vCPUs or sockets) in Subscription units.
    5. Enter the number of compute cores your cluster will consume.
  7. Click Register cluster to confirm registration and subscription.
Note

See OpenShift Container Platform cluster subscription settings for details about the subscription settings in OpenShift Cluster Manager.

Your cluster is now registered to OpenShift Cluster Manager and subscribed to Red Hat support.

Verification steps

  1. Find your cluster displayed in the Clusters list in OpenShift Cluster Manager.
  2. The subscription configuration displays in the Subscription settings section. This can now be edited.
  3. Go to Subscriptions > Container Platform to verify you can view subscription information about your clusters, including capacity and subscription usage.

Chapter 4. Managing your clusters

In Red Hat OpenShift Cluster Manager, you can view your Red Hat OpenShift clusters and perform various cluster management tasks.

4.1. Viewing cluster information

Tip

If you’re a Red Hat Hybrid Cloud Console Organization Administrator, Cloud Administrator, or a user with Notifications Administrator permissions, you can get your cluster event notifications in more ways than email. To open your Hybrid Cloud Console settings, click the gear icon, then select Integrations > Communications > Add integration. From the Integrations page, click the Communications tab to integrate with Slack, Google Chat, and Microsoft Teams.

For more information about HCC notifications integrations, see Integrating the Red Hat Hybrid Cloud Console with third-party applications.

The OpenShift Cluster Manager Clusters list shows details for all clusters in your organization from:

  • OpenShift Container Platform
  • OpenShift Dedicated
  • Azure Red Hat OpenShift (ARO)
  • Red Hat OpenShift Service on AWS (ROSA)
Note

To show only the clusters you previously created, set View only my clusters to on. To show all clusters in your organization again, set the switch to off.

From here, you can select a cluster to review its settings, check usage, solve issues, and perform other management tasks.

Procedure

  • Click a cluster from the list to view more details about it, including:

    • The Overview page shows resource usage and basic facts about the cluster
    • The cluster history shows what has happened on this cluster: for example, when it was registered and subscribed to a Red Hat subscription
    • The Monitoring tab shows the health of your OpenShift Container Platform cluster and uses the Telemetry service to report the cluster’s status in OpenShift Cluster Manager. The Monitoring area shows critical alerts, for example if a cluster operator is failing. This area also shows resource usage.

Additional resources

4.1.1. Determining your cluster ID

Every OpenShift cluster is assigned an ID (in the form of a UUID) when created, but each cluster also has an internal cluster identifier used by OpenShift Cluster Manager. The internal cluster identifier can be changed to a human-readable name displayed in OpenShift Cluster Manager if desired.

You can find this information in OpenShift Cluster Manager, using the command line, or in the OpenShift web console.

Additionally, when OpenShift Container Platform clusters register to OpenShift Cluster Manager, the only identifying information may be the cluster UUID. If multiple OpenShift Container Platform clusters have been registered at the same time, it might be necessary to use the cluster UUID to tell them apart.

Prerequisites

  • A Red Hat login
  • A Red Hat OpenShift cluster

Procedure

There are several ways to view your cluster ID:

  • Your clusters are listed by ID in OpenShift Cluster Manager in the Clusters area.

    From here, you can also search for a cluster by name or ID. You can also filter your search by cluster type: OpenShift Container Platform (OCP), OpenShift Dedicated (OSD), or Red Hat OpenShift Service on AWS (ROSA).

Note

To rename your cluster to a human-readable name, see Section 4.3, “Renaming your cluster”.

  • You can also get your OpenShift cluster ID by running the following command locally or on the cluster itself (after logging into the cluster using oc login):
$ oc get clusterversion <version> -o jsonpath='{.spec.clusterID}{"\n"}'
  • You can also find your OpenShift cluster ID in the OpenShift Container Platform web console if you are logged in as an administrator:

    • In the details pane on the Home/Dashboards page
    • On the Administration/Cluster Settings page

4.2. Updating billing accounts for OpenShift Service on AWS Hosted Control Planes clusters

If you’re a Red Hat OpenShift Cluster Manager cluster administrator and you have at least two billing accounts linked to your Red Hat organization, when you provision a Red Hat OpenShift Service on AWS Hosted Control Planes cluster, you can use the ROSA CLI or the OpenShift Cluster Manager UI to check your billing accounts and make account updates.

Procedure

To update your billing account, follow these steps:

  1. Log in to the Red Hat Hybrid Cloud Console.
  2. From the OpenShift navigation menu, select Cluster List. OpenShift Cluster Manager opens.
  3. From your list of clusters, click the name of the one with the billing account you want to manage. The Overview tab opens.
  4. Scroll until you see the AWS billing account field. Click the account number under that field. The Edit AWS billing account modal opens.
  5. Click Update.

4.3. Renaming your cluster

You can give your connected cluster a human-readable name rather than a cluster UUID to make it easier to reference when contacting Red Hat Support or opening a support case, or when reviewing the list of clusters in OpenShift Cluster Manager.

When created, every OpenShift cluster is assigned a 36-character UUID string as a name to differentiate it from other clusters. However, as the UUID can be difficult to search or reference, Red Hat recommends providing a custom name for the cluster to simplify locating resources and managing your OpenShift environment.

Prerequisites

  • A Red Hat login
  • A Red Hat OpenShift cluster
  • You must have the Cluster Owner or Cluster Editor role on the cluster, or Organization Administrator privileges in your Red Hat account to change a cluster’s display name in OpenShift Cluster Manager.
Note

Organization Administrators can edit the display name of any cluster within their organization.

Procedure

  1. Go to the Clusters list in OpenShift Cluster Manager.
  2. Click more options (more options) next to the cluster you want to rename.
  3. Click Edit display name and enter a name for the cluster.
  4. Click Edit to save the new name.
Note

You can also rename a cluster from its details page from the Actions menu > Edit display name.

The new cluster name shows in the clusters list on OpenShift Cluster Manager.

Additional resources

4.4. Downloading and updating pull secrets

4.4.1. Downloading the pull secret from OpenShift Cluster Manager

An image pull secret provides authentication for the cluster to access services and registries which serve the container images for OpenShift components. Every individual user gets a single pull secret generated.

The pull secret is used when installing an OpenShift Container Platform cluster. It is also used by OpenShift Cluster Manager to identify a specific Red Hat user when transferring cluster ownership. To transfer a cluster to another owner, you need to download the pull secret for the user that will take ownership of the cluster.

Prerequisites

  • A Red Hat login

Procedure

  1. Log in to OpenShift Cluster Manager as the Red Hat user you want to download the pull secret for.

    Important

    Each pull secret is unique to a specific user. If you are downloading the pull secret to transfer a cluster to another owner, you must log in to OpenShift Cluster Manager as the user that will take ownership of the cluster, and obtain that user’s pull secret.

  2. Go to Downloads in OpenShift Cluster Manager and find your pull secret in the Tokens category.

    • Click Copy to copy your pull secret to the clipboard.
    • Click Download to download your pull secret.
Important

Do not share your pull secret. The pull secret should be treated like a password.

You can now use this pull secret to create an OpenShift Container Platform cluster or for transferring cluster ownership.

Additional resources

4.4.2. Updating the global pull secret

An image pull secret provides authentication for the cluster to access services and registries which serve the container images for OpenShift components. Every individual user gets a single pull secret generated.

The pull secret is used when installing an OpenShift Container Platform cluster and when transferring cluster ownership.

To transfer a connected cluster to a new owner, you must update the pull secret on a cluster to the new owner’s pull secret after initiating a cluster transfer in OpenShift Cluster Manager. The pull secret must be updated within five days of initiating the transfer process, or the process will need to be initiated again from OpenShift Cluster Manager. See Section 4.5, “Transferring cluster ownership”.

Important

On clusters using OpenShift Container Platform versions earlier than 4.7.4, cluster resources must adjust to the new pull secret. This can temporarily limit the usability of the cluster. This occurs because updating the pull secret causes the Machine Config Operator to drain the nodes, apply the change, and uncordon the nodes.

This does not affect clusters using OpenShift Container Platform versions 4.7.4 and later, where a pull secret change does not cause a node drain or reboot.

Prerequisites

  • An OpenShift Container Platform cluster
  • A Red Hat login with Cluster Owner or Organization Administrator privileges on the cluster in OpenShift Cluster Manager
  • A new or modified pull secret file to upload. You can download your pull secret from Downloads from the Tokens area.
  • You have access to the cluster as a user with the cluster-admin role. See Authentication and authorization in the OpenShift Container Platform documentation for more information about cluster roles.
  • If you are transferring the cluster to a new owner, you must initiate the transfer in OpenShift Cluster Manager before changing the global pull secret to be able to receive Telemetry metrics to monitor the cluster.

Procedure

  • Run the following command using the pull secret you downloaded from OpenShift Cluster Manager to change the cluster’s pull secret:

    # oc set data secret/pull-secret -n openshift-config --from-file=.dockerconfigjson=pull-secret.txt

    If a secret is not already created, run the following command to create the secret:

    # oc create secret generic pull-secret -n openshift-config --type=kubernetes.io/dockerconfigjson --from-file=.dockerconfigjson=/path/to/downloaded/pull-secret

This begins updates to all nodes in the cluster, which can take some time depending on the size of your cluster.

Verification steps

Go to Downloads in OpenShift Cluster Manager and find your pull secret in the Tokens category to verify the change:

  • Click Copy to copy your pull secret to the clipboard.
  • Click Download to download your pull secret.

Additional resources

4.4.3. Creating a new pull secret

You can create a new pull secret in certain cases. For example, if your current pull secret is not working, or if you need a new pull secret for security reasons.

To create a new pull secret, follow the instructions in the KCS article How to request pull-secret rotation.

Note

Using this method requires use of the ocm CLI tool. For more information about the ocm CLI tool, see Using the ocm-cli to manage clusters in OpenShift Cluster Manager.

4.5. Transferring cluster ownership

You can transfer ownership of an OpenShift Container Platform cluster to another user in your organization or a different organization using OpenShift Cluster Manager.

For example, if you created an OpenShift Container Platform cluster using one Red Hat account but want to move the cluster to a different Red Hat account to register it to the associated subscription, you need to transfer cluster ownership to that user. You can transfer ownership of connected or disconnected clusters.

Note

To transfer ownership of an OpenShift Dedicated or Red Hat OpenShift Service on AWS (ROSA) cluster to another user, open a customer support case with Red Hat Support.

Connected clusters

Transferring ownership of a connected cluster requires two steps: initiate the transfer in OpenShift Cluster Manager, then change the cluster’s pull secret from the command line. You must change the cluster pull secret within five days of initiating the transfer, or you need to restart the transfer procedure.

The transfer is complete when OpenShift Cluster Manager begins receiving Telemetry data from the cluster with the new pull secret. See Transferring ownership of a connected cluster for instructions.

Important

The cluster transfer does not complete successfully if only the pull secret is updated to the new cluster owner. As a result, the cluster might stop reporting Telemetry metrics for monitoring. You must initiate the ownership transfer in OpenShift Cluster Manager in addition to changing the cluster pull secret to complete the transfer.

Disconnected clusters

To transfer ownership of a disconnected cluster, you only need to initiate the transfer in OpenShift Cluster Manager; no pull secret update is required. The transfer is complete when the new cluster owner registers the cluster to OpenShift Cluster Manager. See Transferring ownership of a disconnected cluster for instructions.

4.5.1. Transferring ownership of a connected cluster

You can transfer ownership of a connected OpenShift Container Platform cluster to another user in your organization or a different organization using OpenShift Cluster Manager.

Note

This procedure outlines transferring connected clusters. To transfer a disconnected cluster, see Section 4.5.2, “Transferring ownership of a disconnected cluster”.

To transfer a connected cluster to another owner, you must:

  1. Initiate the transfer in OpenShift Cluster Manager.
  2. Change the cluster pull secret to the new owner’s pull secret from the command line within five days of initiating the transfer.

Prerequisites

  • A Red Hat login
  • An OpenShift Container Platform cluster
  • You must be the Cluster Owner on the cluster, or an Organization Administrator in the associated Red Hat account. See User access concepts in OpenShift Cluster Manager for more information.
Note

To create a new user to take over cluster ownership, see How to Create and Manage Users on the Red Hat Customer Portal.

Procedure

  1. Log into OpenShift Cluster Manager as the current cluster owner.
  2. Initiate the transfer:

    1. Select the cluster that you want to transfer from the Clusters list.
    2. Click Actions > Transfer cluster ownership at the top of the cluster’s details page.
    3. Click Initiate transfer to confirm this action.
Important

You must change the cluster’s pull secret within five days of initiating the transfer and register the cluster with the new Red Hat account or the transfer is cancelled.

You can cancel the ownership transfer anytime before the pull secret has been changed by clicking Actions > Cancel ownership transfer.

You have now initiated the ownership transfer. The next step is to change the cluster’s pull secret to the pull secret of the new cluster owner.

4.5.1.1. Updating the global pull secret when transferring cluster ownership

To transfer a connected cluster to a new owner, you must update the pull secret on a cluster to the new owner’s pull secret after initiating a cluster transfer in OpenShift Cluster Manager. The pull secret must be updated within five days of initiating the transfer process, or the process will need to be initiated again from OpenShift Cluster Manager.

Important

On clusters using OpenShift Container Platform versions earlier than 4.7.4, cluster resources must adjust to the new pull secret. This can temporarily limit the usability of the cluster. This occurs because updating the pull secret causes the Machine Config Operator to drain the nodes, apply the change, and uncordon the nodes.

This does not affect clusters using OpenShift Container Platform versions 4.7.4 and later, where a pull secret change does not cause a node drain or reboot.

Prerequisites

  • An OpenShift Container Platform cluster
  • A Red Hat login with Cluster Owner or Organization Administrator privileges on the cluster in OpenShift Cluster Manager
  • You have access to the cluster as a user with the cluster-admin role. See Authentication and authorization in the OpenShift Container Platform documentation for more information about cluster roles.
  • The cluster ownership transfer was initiated in OpenShift Cluster Manager within the last five days.

Procedure

  1. As the user who is taking ownership of the cluster (the target account):

    1. Log into OpenShift Cluster Manager.
    2. Download or copy your pull secret from the Downloads page under Tokens.

      Important

      Do not share your pull secret. The pull secret should be treated like a password.

  2. Run the following command using the pull secret you downloaded from OpenShift Cluster Manager to change the cluster’s pull secret:

    # oc set data secret/pull-secret -n openshift-config --from-file=.dockerconfigjson=pull-secret.txt

    If a secret is not already created, run the following command to create the secret:

    # oc create secret generic pull-secret -n openshift-config --type=kubernetes.io/dockerconfigjson --from-file=.dockerconfigjson=/path/to/downloaded/pull-secret

This begins updates to all nodes in the cluster, which can take some time depending on the size of your cluster.

Verification steps

Log into OpenShift Cluster Manager as the new owner of the cluster. You can verify the transfer was successful by checking these details in the cluster Overview:

  • In Details, the Owner has been updated.
  • In Cluster history, details of the transfer appear.

If the cluster was transferred to a different organization, you can log into that organization to verify the update. The cluster now appears in the target Red Hat account’s clusters list, and has been removed from the previous Red Hat account’s clusters list.

The transfer is complete when OpenShift Cluster Manager receives Telemetry data from the cluster with the new pull secret.

4.5.2. Transferring ownership of a disconnected cluster

You can transfer ownership of a disconnected OpenShift Container Platform cluster to another user in your organization or a different organization using OpenShift Cluster Manager.

To transfer ownership of a disconnected cluster, you only need to initiate the transfer in OpenShift Cluster Manager.

Prerequisites

  • A Red Hat login
  • An OpenShift Container Platform cluster
  • You must be the Cluster Owner on the cluster, or an Organization Administrator in the associated Red Hat account. See User access concepts in OpenShift Cluster Manager for more information.

Procedure

  1. Log into OpenShift Cluster Manager as the current cluster owner.
  2. Initiate the transfer:

    1. Select the cluster that you want to transfer from the Clusters list.
    2. Click Actions > Transfer cluster ownership at the top of the cluster’s details page.
    3. Click Initiate transfer to confirm this action.
  3. Provide the cluster UUID to the user that you are transferring the cluster to.

    Note

    You can find the cluster UUID on the cluster details page in OpenShift Cluster Manager (Cluster ID), or on the About page of the cluster web console in OpenShift Container Platform.

  4. As the new cluster owner, log into OpenShift Cluster Manager.
  5. Register the disconnected cluster with the cluster UUID using the steps in Registering disconnected clusters.

When the cluster registers to OpenShift Cluster Manager successfully, the cluster ownership transfer is complete.

Verification steps

Log into OpenShift Cluster Manager as the new owner of the cluster. You can verify the transfer was successful by checking these details in the cluster Overview:

  • In Details, the Owner has been updated.
  • In Cluster history, details of the transfer appear.

If the cluster was transferred to a different organization, you can log into that organization to verify the update. The cluster now appears in the target Red Hat account’s clusters list, and has been removed from the previous Red Hat account’s clusters list.

It is recommended to update the pull secret to match the new owner once the transfer is complete. For more information about updating the pull secret, see Updating the global pull secret when transferring cluster ownership.

4.6. Monitoring clusters

Tip

If you’re a Red Hat Hybrid Cloud Console Organization Administrator, Cloud Administrator, or a user with Notifications Administrator permissions, you can get your cluster event notifications in more ways than email. To open your Hybrid Cloud Console settings, click the gear icon, then select Integrations > Communications > Add integration. From the Integrations page, click the Communications tab to integrate with Slack, Google Chat, and Microsoft Teams.

For more information about HCC notifications integrations, see Integrating the Red Hat Hybrid Cloud Console with third-party applications.

4.6.1. Monitoring cluster status

With the Red Hat OpenShift Cluster Manager, you can manage your clusters and monitor them for potential issues. The Status column in the Clusters list reports each cluster’s state so you can monitor your clusters at a glance.

The cluster status is shown in the Clusters list in OpenShift Cluster Manager. Normally, a cluster shows a status of Ready, however, there are other possible cluster statuses.

Table 4.1. Cluster status
Cluster statusDescription

Waiting

STS clusters only. Waiting for users to complete the necessary tasks before the cluster can be installed.

Validating

CCS clusters only. Waiting for users to complete the necessary tasks before the cluster can be installed.

Pending

Interim state after users complete the required tasks but before the cluster installation starts.

Installing

The cluster is currently being installed.

Ready

Cluster is installed and is ready for use.

Cluster is connected to Red Hat OpenShift Cluster Manager and is reporting Telemetry data. No manual registration is required.

Error

Failure in creating or destroying a cluster.

Disconnected

Cluster does not send Telemetry data to OpenShift Cluster Manager. The disconnection could be because the cluster is installed on a private network, or because the Telemetry is disabled.

Stale

The cluster is connected but has not send Telemetry data to OpenShift Cluster Manager recently.

You can no longer view internal information about the cluster in the OpenShift Cluster Manager Monitoring tab, including any alerts firing, cluster operators, and resource usage. To know the workaround steps, see Troubleshooting a stale cluster.

Limited support

When a cluster transitions to a Limited Support status, it means that the SLA is no longer applicable and credits requested against the SLA are denied. It does not mean that you no longer have product support. The cluster can return to a fully-supported status if the violating factors are remediated. For more information, see Limited support status.

Powering down

Cluster goes into hibernation mode.

Hibernating

Cluster is inactive. Users can choose to move clusters into hibernation to reduce maintenance costs.

Resuming

Interim state after users choose to take clusters from hibernation mode. Cluster is powering on but not fully functional yet.

Uninstalling

Cluster is being uninstalled.

Archived

Clusters are moved from the cluster list view to the Archive list. In the archived list, you can see two tabs only: Overview and Support.

4.6.2. Using Insights Advisor recommendations to manage cluster health

Red Hat Insights Advisor for OpenShift Container Platform allows you to assess and monitor the health of your OpenShift Container Platform clusters from the Red Hat Hybrid Cloud Console.

Insights Advisor highlights service availability, fault tolerance, performance, and security risks for your OpenShift Container Platform clusters based on Red Hat recommendations, so that you can avoid potential problems or solve problems quickly without unplanned downtime.

Recommendations include information about detected issues, including risk level, affected clusters, and steps for resolution where applicable.

To use Insights Advisor, your cluster must be registered to OpenShift Cluster Manager. To register a disconnected cluster, see Registering OpenShift Container Platform clusters to OpenShift Cluster Manager.

Additional resources

4.6.3. Troubleshooting a stale cluster

OpenShift Cluster Manager allows you to manage your clusters and monitor them for potential issues. The Status column in the Clusters list reports each cluster’s state so you can monitor your clusters at a glance.

An OpenShift Container Platform cluster can be shown as Stale in OpenShift Cluster Manager even if it is running and functioning normally. However, when a cluster status becomes Stale, you can no longer view internal information about the cluster in the OpenShift Cluster Manager Monitoring tab, including any alerts firing, cluster operators and resource usage.

In most cases, a cluster reports a Stale status because the telemeter-client cannot contact the Red Hat Telemetry endpoints. Telemetry enables the cluster to communicate with OpenShift Cluster Manager. If a cluster is reporting a Stale status, you can restore it to Ready and resume monitoring cluster health with the steps in this section.

Prerequisites

  • A Red Hat login
  • An OpenShift Container Platform cluster
  • You have access to the cluster as a user with the cluster-admin role.
  • You have installed the OpenShift CLI (oc).

Procedure

To diagnose a stale cluster and restore it to Ready status:

  1. Check that the OpenShift Container Platform cluster can connect to the Telemetry endpoints. If applicable, ensure that the cluster proxy configuration allows access to the Telemetry endpoints. The required Telemetry endpoints can be found in the Configuring your firewall for OpenShift Container Platform in the OpenShift Container Platform Installing documentation.
  2. Review the logs of the telemeter-client pod running in the openshift-monitoring namespace for any errors:

    $ oc get pods -n openshift-monitoring -l app.kubernetes.io/name=telemeter-client
  3. Restart the telemeter-client pod in the openshift-monitoring namespace and the insights-operator pod in the openshift-insights namespace:

    $ oc delete pod -n openshift-monitoring -l app.kubernetes.io/name=telemeter-client
    $ oc delete pod -n openshift-insights -l app=insights-operator
  4. Wait a few minutes after restarting the pods, then locate your cluster in the Clusters list in OpenShift Cluster Manager and check that the Status column shows Ready.

After completing these steps, if you can view the cluster in OpenShift Cluster Manager but the status is still Stale, occasionally this may be because the cluster is owned by an inactive user in your Red Hat organization. If this is the case, you can restore the cluster to Ready by transferring cluster ownership to an active user in your organization.

  1. To determine the cluster owner, check the cluster pull secret using the following command:

    $ oc get secret pull-secret -n openshift-config -o jsonpath='{.data.\.dockerconfigjson}' | base64 -d | jq
    Note

    The jq JSON processor is needed to execute the above command and make the output more readable. You can also run the above command without using jq by removing | jq from the command, but the output is more difficult to read.

  2. Check that the user account in the secret is still active in the Red Hat Customer Portal.
  3. If the user is no longer active, transfer your cluster to another owner using the steps in Transferring cluster ownership. When the ownership transfer is complete, the cluster will show in OpenShift Cluster Manager as Ready.

Verification steps

  • Locate your cluster in the Clusters list in OpenShift Cluster Manager and check that the Status column shows Ready. In a few minutes, you will also see information appear about the cluster in the OpenShift Cluster Manager Monitoring tab.

4.7. Downloading command line (CLI) tools

The Downloads page in OpenShift Cluster Manager provides a single place to download CLI tools and find your authentication tokens to manage OpenShift.

The Downloads page includes command line tools such as:

  • Command-line interface (CLI) tools to manage and work with OpenShift from your terminal
  • Developer tools to simplify the use of Kubernetes
  • OpenShift installers to create OpenShift Container Platformand CodeReady Containers clusters.
  • Red Hat Enterprise Linux CoreOS (RHCOS) management tools for customizing your RHCOS nodes.
  • Tokens for authentication, including your pull secret and OpenShift Cluster Manager API token.

Procedure

  1. Go to Downloads and find the resource you want to download.
  2. (Optional) Expand the tool or token description to learn more about the download and see links to related documentation.
  3. Specify the operating system and architecture you are using in the OS type and Architecture type dropdowns, and click Download.

Additional resources

4.8. Downloading the OpenShift Cluster Manager API token

Use your OpenShift Cluster Manager API token to authenticate against your OpenShift Cluster Manager account.

The API token is required to connect to OpenShift Cluster Manager to use the rosa CLI and ocm-cli command line tools. You can use the same token with both services.

For security, tokens are hidden from display in OpenShift Cluster Manager by default. You can access your API token on the OpenShift Cluster Manager Downloads page, then view or copy it to use in the command line.

Note

The ocm-cli tool is currently Development Preview.

A release that is provided as Development Preview is provided to a limited set of customers for their evaluation of an early version of the product and collection of feedback back to the product development teams. Development Preview releases are not supported in production environments.

Prerequisites

  • A Red Hat login

Procedure

  1. Go to Downloads and find the OpenShift Cluster Manager API Token row under Tokens.
  2. Click View API token to go to the OpenShift Cluster Manager API Token page.
  3. Click Load token to display your token. By default, the token is hidden from display.
  4. Click copy clipboard (Copy to clipboard) to copy your token to use in a terminal.

4.8.1. Revoking OpenShift Cluster Manager API tokens

You can revoke offline tokens in case you no longer need them or if you have reached the token limit.

Procedure

To manage and revoke previous tokens:

  1. Navigate to the SSO application management page.
  2. Locate the cloud-services client ID; expand the row if necessary.
  3. Select Remove access.

All refresh tokens will stop working immediately after you remove access, but existing access tokens (which are cached by ocm and rosa commands) might take up to 15 minutes to expire.

Refresh the page afterwards to generate a new token.

4.9. Managing your add-on services

From OpenShift Cluster Manager, you can manage the add-ons installed on your OpenShift cloud services clusters. Add-ons are services that you can install to enhance the capabilities of your Red Hat OpenShift Dedicated and Red Hat OpenShift Service on AWS (ROSA) clusters.

To access your add-ons and find information about them, navigate to your cluster’s Add-ons tab in OpenShift Cluster Manager, and select the add-on.

Additional resources

  • To add a service to your OpenShift Dedicated cluster or manage your existing add-ons, see Add-on Services in the OpenShift Dedicated documentation.
  • To add a service to your Red Hat OpenShift Service on AWS (ROSA) cluster or manage your existing add-ons, see Add-on Services in the ROSA documentation.

Chapter 5. Configuring access to clusters in OpenShift Cluster Manager

OpenShift Cluster Manager allows you to view and manage the OpenShift clusters in your organization from one dashboard.

Viewing and editing access to clusters in OpenShift Cluster Manager is controlled by your Red Hat account configuration (generally by organization) and by role bindings configured in OpenShift Cluster Manager.

Your role in your organization, as well as the roles you have been assigned on a cluster, determine how you can manage a cluster, for example:

  • Viewing the list of clusters in your organization, including your cluster and clusters created by other users
  • Viewing a cluster’s details, such as the cluster overview, subscription settings, history, and Cluster Owner
  • Editing a cluster’s details, such as subscription settings, cluster display name, machine pools, and add-on services

Any user with a Red Hat login has permission to create a cluster from OpenShift Cluster Manager. However, your organization must have sufficient subscriptions or quota, depending on the type of OpenShift cluster you are creating, to allow you to create a cluster. See Cluster subscriptions and registration for more information about subscriptions and quota for clusters.

When you create a cluster, you are assigned the Cluster Owner role on that cluster.

Note

For greater security, you can use two-factor authentication (2FA) to access OpenShift Cluster Manager and the Red Hat Hybrid Cloud Console. To learn more about configuring two-factor authentication, see Using OpenShift Cluster Manager with the Red Hat Hybrid Cloud Console and the Using Two-Factor Authentication guide.

5.1. User access concepts in OpenShift Cluster Manager

Organization

An organization is defined in your Red Hat account. An organization can have many users, who each have a login to access Red Hat resources such as the Red Hat Hybrid Cloud Console and the Red Hat Customer Portal.

In OpenShift Cluster Manager, users can view all clusters created within their organization by default.

Organization Administrator

Each organization has one or more Organization Administrator users.

This is the highest permission level in an organization, and the only role that can manage user access and permissions within a Red Hat account. Organization Administrators can access and edit any cluster in the organization, as well as configure user roles on clusters in OpenShift Cluster Manager.

For more information about Red Hat account roles, see Roles and Permissions for Red Hat Customer Portal and How To Create and Manage Users.

Cluster Owner

The user that creates an OpenShift cluster is the Cluster Owner. This user can perform any action on the cluster and view all details about the cluster in OpenShift Cluster Manager.

Cluster Owners can allow other users in the same organization to manage and perform actions on their cluster by granting them the Cluster Editor role.

Organization Administrators have the same access to clusters as Cluster Owners.

You can also become the Cluster Owner on an existing cluster when another user transfers a cluster’s ownership to you. See Transferring cluster ownership for more information.

Cluster Editor

The Cluster Editor role allows you to edit, manage, and delete that cluster, similar to Cluster Owner. The one exception is that a Cluster Editor cannot grant roles on a cluster to other users. Only a Cluster Owner or an Organization Administrator in the Red Hat account can configure role bindings on clusters.

5.2. Configuring user access to clusters in OpenShift Cluster Manager

5.2.1. Viewing user roles and access on a cluster

You can view a list of users with assigned roles on a cluster from the OCM Roles and Access screen.

If you are an Organization Administrator in the Red Hat account or the Cluster Owner, you can also edit the users and their access to the cluster from this screen. Other users can only view information about users and roles on a cluster.

Prerequisites

  • A Red Hat login
  • An existing OpenShift cluster in your organization

Procedure

  1. Select your cluster from the Clusters list.
  2. Click Access Control > OCM Roles and Access to see a list of users with assigned roles to access the cluster.

5.2.2. Granting user roles for cluster access

After you create an OpenShift cluster, you can grant access to other users on your cluster. This enables members of your team to manage or view the cluster without being an Organization Administrator in the Red Hat account.

Prerequisites

  • A Red Hat login
  • An existing OpenShift cluster
  • You must be the Cluster Owner on the cluster, or Organization Administrator in your Red Hat account
  • The user you want to grant access to must be in your organization

Procedure

To grant a role to a user in your organization:

  1. Select your cluster from the Clusters list.
  2. Click Access Control > OCM Roles and Access.
  3. Click Grant role.
  4. Enter the Red Hat login for the user.
  5. Select the role you want (for example, Cluster Viewer) from the list.
  6. Click Grant role to confirm the role assignment.

Verification

The user is listed on the OCM Roles and Access screen with the role assigned.

5.2.3. Revoking user roles for clusters

You can revoke a user’s cluster permissions if you are the Cluster Owner or Organization Administrator.

Prerequisites

  • A Red Hat login
  • An existing OpenShift cluster
  • You must be the Cluster Owner on the cluster, or Organization Administrator in your Red Hat account
  • A user in your organization with access to the cluster

Procedure

To revoke access from a user:

  1. Select your cluster from the Clusters list.
  2. Click Access Control > OCM Roles and Access.
  3. Click more options (more options) next to the user on the list, then Delete.
  4. Click Confirm.

Verification

The user is not displayed in the users list in OCM Roles and Access.

5.2.4. Using role-based access control to assign users and groups

You can use role-based access control (RBAC) to create and manage groups of users. Assigning roles to groups allows you to manage access for users as a group. Roles assigned using RBAC apply to all clusters within your organization rather than a specific cluster. RBAC is available in the Identity & Access Management menu in the Settings gear of the Red Hat Hybrid Cloud Console.

Note

Only organization administrators can manage and assign roles to groups using role-based access control (RBAC).

Organization administrators can change the default access permissions for the users within their organization. Role-based access control defaults to two groups. The default member group has all users within the organization as members. The default admin group has all users with the organization administrator role as members.

OCM access policies are explicitly assigned through role assignments to these default groups. In this way, the existing RBAC policies are no longer explicit and customers can modify them. Organization administrators are able to remove the role assignments from the default groups to remove default permissions from all users. They can then assign these roles selectively to specific users or groups to manage the permissions for users within their organization.

Important

Removing all OCM roles from the default groups results in users losing the ability to view and provision clusters. It is recommended to set up groups of users and assign specific roles to these groups before revoking access from the default groups.

A scope governs the level that the role is applied or granted to a user or a group. There are two scopes used within OCM, cluster scope and organization scope. Roles can be granted to a user or a group at either a cluster scope or at the organization scope.

A role granted at the cluster scope enables the user the ability to take the allowed action (as specified by the permissions included within the role) for the specific cluster that the role is being granted for. Essentially, cluster scoped role assignments are for a specific cluster.

A role granted at the organization scope enables the user the ability to take the allowed action (as specified by the permissions included within the role) for all clusters within the organization. Essentially, organization scoped role assignments are cross-cluster and apply to all clusters within the organization.

Users can create and manage groups and group membership for users within the organization through the RBAC service within the Red Hat Hybrid Cloud Console.

Users can assign a role to a group by using RBAC. Any role assigned with RBAC is at the organization level and applies to all clusters within the organization.

Users can assign a role to a user in OCM for a particular cluster. They do this from within the context of a particular cluster and this role assignment is at the cluster scope.

For more information about using RBAC within Red Hat Hybrid Cloud Console, read User Access Configuration Guide for Role-based Access Control (RBAC).

5.2.4.1. Using RBAC to assign roles and users to groups

When adding roles to created groups, you can add OCM-specific roles. Use these OCM-specific roles to give users or groups in your organization more precise access to clusters. When adding roles inside your group, use the search box and type "OCM" to find all the OCM-specific roles you can add.

The roles you can add are:

  • Cluster viewer: This role allows a user to view a cluster.
  • Cluster provisioner: This role allows a user to provision a cluster.
  • Cluster editor: This role allows a user to manage and delete a cluster.
  • Organization administrator: This role allows a user to perform all tasks within OCM for all clusters. Users are granted organization administrator permissions only within the OCM service and this does not apply to any other Red Hat service.
  • IdP editor: This role allows a user to manage identity providers for a cluster.
  • Machine pool editor: This role allows a user to create, scale, and delete machine pools within a cluster.

For more detailed information about the process of adding roles to created groups, read Managing group access with roles and members.

Chapter 6. Getting support for your clusters

6.1. OpenShift Container Platform support

For help with your Red Hat OpenShift Container Platform clusters, contact Red Hat Support.

From here, you can:

Additional resources

  • See Getting support in the OpenShift Container Platform documentation for more information.

6.2. OpenShift Dedicated support

For questions about your existing Red Hat OpenShift Dedicated clusters, contact Red Hat Support.

From here, you can:

See Support in the OpenShift Dedicated documentation for more information.

6.3. Red Hat OpenShift Service on AWS (ROSA) support

For questions about your existing Red Hat OpenShift Service on AWS (ROSA) clusters, contact Red Hat Support.

From here, you can:

See Getting support for Red Hat OpenShift Service on AWS in the ROSA documentation for more information.

Legal Notice

Copyright © 2024 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.