Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Add-ons

Red Hat Advanced Cluster Management for Kubernetes 2.13

Add-ons

Abstract

Read more to learn how to use add-ons for your cluster.

Chapter 1. Managed cluster advanced configuration

With Red Hat Advanced Cluster Management for Kubernetes klusterlet add-ons, you can further configure your managed clusters to improve performance and add functionality to your applications. See the following enablement options:

1.1. Enabling klusterlet add-ons on clusters for cluster management

After you install Red Hat Advanced Cluster Management for Kubernetes and then create or import clusters with multicluster engine operator you can enable the klusterlet add-ons for those managed clusters. The klusterlet add-ons are not enabled by default if you created or imported clusters unless you create or import with the Red Hat Advanced Cluster Management console. See the following available klusterlet add-ons:

  • application-manager
  • cert-policy-controller
  • config-policy-controller
  • governance-policy-framework
  • search-collector

Complete the following steps to enable the klusterlet add-ons for the managed clusters after Red Hat Advanced Cluster Management is installed:

  1. Create a YAML file that is similar to the following KlusterletAddonConfig, with the spec value that represents the add-ons: 

    apiVersion: agent.open-cluster-management.io/v1
kind: KlusterletAddonConfig
metadata:
  name: <cluster_name>
  namespace: <cluster_name>
spec:
  applicationManager:
    enabled: true
  certPolicyController:
    enabled: true
  policyController: 1
    enabled: true
  searchCollector:
    enabled: true
    1
    The policy-controller add-on is divided into two add-ons: The governance-policy-framework and the config-policy-controller. As a result, the policyController controls the governance-policy-framework and the config-policy-controller managedClusterAddons.
  2. Save the file as klusterlet-addon-config.yaml.

  3. Apply the YAML by running the following command on the hub cluster: 

    oc apply -f klusterlet-addon-config.yaml

  4. To verify whether the enabled managedClusterAddons are created after the KlusterletAddonConfig is created, run the following command: 

    oc get managedclusteraddons -n <cluster namespace>

1.2. Configuring klusterlet add-ons

In Red Hat Advanced Cluster Management, you can configure the following klusterlet add-ons to improve the performance and functionality of your managed clusters:

  • application-manager
  • cert-policy-controller
  • cluster-proxy
  • config-policy-controller
  • governance-policy-framework
  • hypershift-addon
  • managed-serviceaccount
  • observability-controller
  • search-collector
  • submariner
  • volsync
  • work-manager

Important: For Red Hat Advanced Cluster Management version 2.13, you can only configure resourceRequirements for the following add-ons:

  • cert-policy-controller
  • config-policy-controller
  • governance-policy-framework

1.2.1. Setting up the AddOnDeploymentConfig to configure klusterlet add-ons

When you configure the klusterlet add-ons, you can apply specifications to any of the add-ons on each of your managed clusters, such as the nodeSelector and tolerations. To configure the klusterlet add-on, complete the following steps:

  1. Use the AddonDeploymentConfig API to create an add-on configuration in any namespace on the hub cluster.

  2. Create a file named addondeploymentconfig.yaml with the following template: 

    apiVersion: addon.open-cluster-management.io/v1alpha1
kind: AddOnDeploymentConfig
metadata:
  name: config-name 1
  namespace: config-namespace 2
spec:
  nodePlacement:
    nodeSelector: {<node-selector>} 3
    tolerations: {<tolerations>} 4
  resourceRequirements: 5
  - containerID: "<workload-kind>:<workload-name>:<container-name>" 6
    resources:
      requests:
        memory: 75Mi
      limits:
        memory: 150Mi
    1
    Replace config-name with the name of the AddonDeploymentConfig that you created.
    2
    Replace config-namespace with the namespace of the AddonDeploymentConfig that you created.
    3
    Replace <node-selector> with your node selector.
    4
    Replace <tolerations> with your tolerations.
    5
    Note: For Red Hat Advanced Cluster Management version 2.13, you can only configure resourceRequirements for policy add-ons. List resource requirements here to override the resources of the add-on workload containers. If an add-on container matches more than one of the items in the list, the last matching configuration is applied.
    6
    Replace <workload-kind> with the kind of workload, for example: deployment. Replace <workload-name> with the name of the workload. Replace <container-name> with the name of the container.

    1. For any of these values, you can use * attribute to apply the configuration to all objects managed by the add-on. For example, if you used the *:*:* attribute , it would apply the configuration to every container of every workload kind in any add-on the configuration is attached to.

      A completed AddOnDeploymentConfig resembles the following example: 

    apiVersion: addon.open-cluster-management.io/v1alpha1
kind: AddOnDeploymentConfig
metadata:
  name: deploy-config
  namespace: open-cluster-management-hub
spec:
  nodePlacement:
    nodeSelector:
      "node-dedicated": "acm-addon"
    tolerations:
      - effect: NoSchedule
        key: node-dedicated
        value: acm-addon
        operator: Equal

1.2.2. Configuring a klusterlet add-on for all managed clusters

After you set up the AddOnDeploymentConfig, you can configure it with the ClusterManagementAddOn which then applies this add-on configuration to all your managed clusters that are attached to the hub cluster. To configure a klusterlet add-on for all managed clusters, complete the following steps:

  1. Apply the AddOnDeploymentConfig file to your klusterlet add-on by running the following command: 

    oc apply -f addondeploymentconfig.yaml

  2. Connect the new configuration that you created to an add-on for all of your managed clusters by patching the ClusterManagementAddOn resource. Run the following command to patch the spec.supportedConfigs parameter in the ClusterManagementAddOn to point to the new configuration: 

    oc patch clustermanagementaddons <addon-name> --type='json' -p='[{
  "op":"add",
  "path":"/spec/supportedConfigs",
  "value":[{
    "group":"addon.open-cluster-management.io",
    "resource":"addondeploymentconfigs",
    "defaultConfig":{"name":"<config-name>","namespace":"<config-namespace>"}
  }]
}]'
    • Replace <addon-name> with your add-on name.
    • Replace <config-name> with the name of the AddonDeploymentConfig that you created.
    • Replace <config-namespace> with the namespace of the AddonDeploymentConfig that you created.

1.2.3. Configuring a klusterlet add-on for a single managed cluster

You can also override the global default AddonDeploymentConfig configuration for your add-on on a certain managed cluster. By overriding, you can configure a klusterlet add-on for a single managed cluster because the add-on configuration only applies to a the particular managed cluster attached to that namespace of the hub cluster. To override configurations, complete the following steps:

  1. Use the AddonDeploymentConfig API to create another configuration to specify the nodeSelector and tolerations on the hub cluster.

  2. Connect the new configuration that you created to your ManagedClusterAddOn add-on on the hub cluster in the managed cluster namespace. Run the following command to patch the spec.configs parameter in the ManagedClusterAddOn to point to the new configuration: 

    oc -n <managed-cluster> patch managedclusteraddons <addon-name> --type='json' -p='[{
  "op":"add",
  "path":"/spec/configs",
  "value":[{
    "group":"addon.open-cluster-management.io",
    "resource":"addondeploymentconfigs",
    "namespace":"<config-namespace>",
    "name":"<config-name>"
  }]
}]'
    • Replace managed-cluster with your managed cluster name
    • Replace addon-name with your add-on name
    • Replace config-namespace with the namespace of the AddonDeploymentConfig that you created
    • Replace config-name with the name of the AddonDeploymentConfig that you created

The new configuration that you referenced in the ManagedClusterAddOn add-on overrides the global default configuration that you defined earlier in the ClusterManagementAddOn add-on.

To make sure that you can deploy your content to the correct nodes, see Optional: Configuring the klusterlet to run on specific nodes.

1.3. Enabling cluster-wide proxy on existing cluster add-ons

You can configure the KlusterletAddonConfig in the cluster namespace to add the proxy environment variables to all the klusterlet add-on pods of the managed Red Hat OpenShift Container Platform clusters. Complete the following steps to configure the KlusterletAddonConfig to add the three environment variables to the pods of the klusterlet add-ons:

  1. Edit the KlusterletAddonConfig file that is in the namespace of the cluster that needs the proxy. You can use the console to find the resource, or you can edit from the terminal with the following command: 

    oc -n <my-cluster-name> edit klusterletaddonconfig <my-cluster-name>

    Note: If you are working with only one cluster, you do not need <my-cluster-name> at the end of your command. See the following command: 

    oc -n <my-cluster-name> edit klusterletaddonconfig

  2. Edit the .spec.proxyConfig section of the file so it resembles the following example. The spec.proxyConfig is an optional section: 

    spec
  proxyConfig:
    httpProxy: "<proxy_not_secure>" 1
    httpsProxy: "<proxy_secure>" 2
    noProxy: "<no_proxy>" 3
    1
    Replace proxy_not_secure with the address of the proxy server for http requests. For example, use http://192.168.123.145:3128.
    2
    Replace proxy_secure with the address of the proxy server for https requests. For example, use https://192.168.123.145:3128.
    3
    Replace no_proxy with a comma delimited list of IP addresses, hostnames, and domain names where traffic is not routed through the proxy. For example, use .cluster.local,.svc,10.128.0.0/14,example.com.

    If the OpenShift Container Platform cluster is created with cluster wide proxy configured on the hub cluster, the cluster wide proxy configuration values are added to the pods of the klusterlet add-ons as environment variables when the following conditions are met:

    • The .spec.policyController.proxyPolicy in the addon section is enabled and set to OCPGlobalProxy.

    • The .spec.applicationManager.proxyPolicy is enabled and set to CustomProxy.

      Note: The default value of proxyPolicy in the addon section is Disabled.

      See the following examples of proxyPolicy entries: 

      apiVersion: agent.open-cluster-management.io/v1
    kind: KlusterletAddonConfig
    metadata:
      name: clusterName
      namespace: clusterName
    spec:
      proxyConfig:
        httpProxy: http://pxuser:12345@10.0.81.15:3128
        httpsProxy: http://pxuser:12345@10.0.81.15:3128
        noProxy: .cluster.local,.svc,10.128.0.0/14, example.com
      applicationManager:
        enabled: true
        proxyPolicy: CustomProxy
      policyController:
        enabled: true
        proxyPolicy: OCPGlobalProxy
      searchCollector:
        enabled: true
        proxyPolicy: Disabled
      certPolicyController:
        enabled: true
        proxyPolicy: Disabled

Important: Global proxy settings do not impact alert forwarding. To set up alert forwarding for Red Hat Advanced Cluster Management hub clusters with a cluster-wide proxy, see Forwarding alerts for more details.

Legal Notice

Copyright © 2025 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.