Red Hat SummitChapter 1. Red Hat OpenShift Cluster Manager
Red Hat OpenShift Cluster Manager is a managed service where you can install, modify, operate, and upgrade your Red Hat OpenShift clusters. This service allows you to work with all of your organization’s clusters from a single dashboard.
OpenShift Cluster Manager guides you to install OpenShift Container Platform, Red Hat OpenShift Service on AWS (classic architecture), Red Hat OpenShift Service on AWS, and OpenShift Dedicated clusters. It is also responsible for both OpenShift Container Platform clusters after self-installation as well as your Red Hat OpenShift Service on AWS (classic architecture), Red Hat OpenShift Service on AWS, and OpenShift Dedicated clusters.
You can use OpenShift Cluster Manager to do the following actions:
- Create clusters
- View cluster details and metrics
- Manage your clusters with tasks such as scaling, changing node labels, networking, authentication
- Manage access control
- Monitor clusters
- Schedule upgrades
For more information about OpenShift Cluster Manager, see the entire OpenShift Cluster Manager documentation.
1.1. Accessing Red Hat OpenShift Cluster Manager
You can access OpenShift Cluster Manager with your configured OpenShift account.
Prerequisites
- You have an account that is part of an OpenShift organization.
- If you are creating a cluster, your organization has a specified quota.
Procedure
- Log in to OpenShift Cluster Manager using your login credentials.
1.2. General actions
On the top right of the cluster page, there are some actions that a user can perform on the entire cluster:
- Open console launches a web console so that the cluster owner can issue commands to the cluster.
- Actions drop-down menu allows the cluster owner to rename the display name of the cluster, edit the machine pools, and delete the cluster.
- Refresh icon forces a refresh of the cluster.
1.3. Cluster tabs
Selecting an active, installed cluster shows tabs associated with that cluster. The following tabs display after the cluster’s installation completes:
- Overview
- Access control
- Add-ons
- Cluster history
- Networking
- Machine pools
- Support
- Settings
1.3.1. Overview tab
The Overview tab provides information about how the cluster was configured:
- Cluster ID is the unique identification for the created cluster. This ID can be used when issuing commands to the cluster from the command line.
- Domain prefix is the prefix that is used throughout the cluster. The default value is the cluster’s name.
- Type shows the type of cluster, for example ROSA (classic), ROSA with HCP, or Dedicated.
- Control plane type is the architecture type of the cluster. The field only displays if the cluster uses a hosted control plane architecture.
- Region is the server region.
- Version is the OpenShift version that is installed on the cluster. If there is an update available, you can update from this field.
- Created at shows the date and time that the cluster was created.
- Owner identifies who created the cluster and has owner rights.
- Delete Protection: <status> shows whether or not the cluster’s delete protection is enabled.
- Total vCPU shows the total available virtual CPU for this cluster.
- Total memory shows the total available memory for this cluster.
- Infrastructure AWS account displays the AWS account that is responsible for cluster creation and maintenance.
- Nodes shows the actual and desired nodes on the cluster. These numbers might not match due to cluster scaling.
- Network field shows the address and prefixes for network connectivity.
- OIDC configuration field shows the Open ID Connect configuration for the cluster.
- Resource usage section of the tab displays the resources in use with a graph.
- Advisor recommendations section gives insight in relation to security, performance, availability, and stability. This section requires the use of remote health functionality. See Using Insights to identify issues with the cluster in the Additional resources section.
1.3.2. Access control tab
The Access control tab allows the cluster owner to set up an identity provider, grant elevated permissions, and grant roles to other users.
1.3.2.1. Identity providers
You can create your cluster’s identity provider in this section. See the Additional resources for more information.
1.3.2.2. Cluster roles and acess
You can create a dedicated-admins role for {product-short-name} clusters or cluster-admins role for OpenShift Dedicated clusters.
Procedure
- Click the Add user button.
- Enter the ID of the user you want to grant cluster admin access.
-
Select the appropriate group for your user. Either
dedicated-adminsfor {product-short-name} clusters, orcluster-adminsfor clusters.
1.3.2.3. OCM roles and access
Prerequisites
- You must be the cluster owner or have the correct permissions to grant roles on the cluster.
Procedure
- Click the Grant role button.
- Enter the Red Hat account login for the user that you wish to grant a role on the cluster.
Select the role from following options:
- Cluster editor allows users or groups to manage or configure the cluster.
- Cluster viewer allows users or groups to view cluster details only.
- Identity provider editor allows users or groups to manage and configure the identity providers.
- Machine pool editor allows users or groups to manage and configure the machine pools.
- Click the Grant role button on the dialog box.
1.3.3. Add-ons tab
1.3.4. Cluster history tab
The Cluster history tab shows every change to the cluster from creation onward for each version. You can specify date ranges for your cluster history and use filters to search based on the description of the notification, the severity of the notification, the type of notification, and which role logged it. You may download your cluster history as a JSON or CSV file.
1.3.5. Networking tab
The Networking tab provides a control plane API endpoint as well as the default application router. Both the control plane API endpoint and the default application router can be made private by selecting the respective box below label. If applicable, you can also find your virtual private cloud (VPC) details on this tab.
Red Hat OpenShift Cluster Manager does not support the networking tab for a Google Cloud Platform (GCP), non-CCS cluster running in a Red Hat GCP project.
1.3.5.1. Adding a network Ingress to your OpenShift Dedicated cluster
You can add a network Ingress to your cluster from the OpenShift Cluster Manager web UI.
Prerequisites
- You have a Red Hat account.
- You have the required permissions to make changes to your cluster in OpenShift Cluster Manager.
Procedure
From the Networking tab in OpenShift Cluster Manager, click the Additional application router toggle to enable the Ingress. There are two options you can add to the additional router:
- Make router private: This checkbox allows you to control cluster privacy. By default, your Ingress router is publicly exposed and allows anyone access. You can limit access to applications or websites you run on your cluster by selecting this checkbox. For example, if you only want internal employees to access this cluster, then using this option requires a private connection, such as a virtual private network (VPN) or virtual private cloud (VPC) peering connection.
Label match for additional router: This field provides a way to target the specific route you want exposed in this additional Ingress router. By default, the router exposes all routes. If you leave this field blank, these routes stay exposed.
A commonly used setup has a private default router, which means any applications deployed require a VPN or VPC peering to access. You can create an additional public router with a label match of
route=external. Then, if you add theroute=externallabel to additional routes, the additional router matches this label and exposes it for public use.
- Click Change settings to confirm that you want to add the network Ingress.
1.3.6. Machine pools tab
The Machine pools tab allows the cluster owner to create new machine pools if there is enough available quota, or edit an existing machine pool.
Selecting the
> Edit option opens the "Edit machine pool" dialog. In this dialog, you can change the node count per availability zone, edit node labels and taints, and view any associated AWS security groups.
1.3.7. Support tab
In the Support tab, you can add notification contacts for individuals that should receive cluster notifications. The username or email address that you provide must relate to a user account in the Red Hat organization where the cluster is deployed. For the steps to add a notification contact, see Adding cluster notification contacts.
Also from this tab, you can open a support case to request technical support for your cluster.
1.3.8. Settings tab
The Settings tab provides a few options for the cluster owner:
- Update strategy allows you to determine if the cluster automatically updates on a certain day of the week at a specified time or if all updates are scheduled manually.
- Update status shows the current version and if there are any updates available.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}