Chapter 8. Importing a target managed cluster to the hub cluster
You can import clusters from different Kubernetes cloud providers. After you import, the targeted cluster becomes a managed cluster for the Red Hat Advanced Cluster Management for Kubernetes hub cluster. Unless otherwise specified, complete the import tasks anywhere where you can access the hub cluster and the targeted managed cluster.
A hub cluster cannot manage any other hub cluster, but can manage itself. The hub cluster is configured to automatically be imported and self-managed. You do not need to manually import the hub cluster.
However, if you remove a hub cluster and try to import it again, you need to add the local-cluster:true
label.
Choose from the following instructions to set up your managed cluster, either from the console or from the CLI:
Required user type or access level: Cluster administrator
8.1. Importing an existing cluster with the console
After you install Red Hat Advanced Cluster Management for Kubernetes, you are ready to import a cluster to manage. You can import from both the console and the CLI. Follow this procedure to import from the console. You need your terminal for authentication during this procedure.
8.1.1. Prerequisites
- You need a Red Hat Advanced Cluster Management for Kubernetes hub cluster that is deployed. If you are importing bare metal clusters, you must have the hub cluster installed on Red Hat OpenShift Container Platform version 4.5, or later.
- You need a cluster that you want to manage and Internet connectivity.
-
Install
kubectl
. To installkubectl
, see Install and Set Up kubectl in the Kubernetes documentation.
-
You need the
base64
command line tool. For importing in a Red Hat OpenShift Dedicated enviroment:
- You must have the hub cluster deployed in a Red Hat OpenShift Dedicated environment.
-
The default permission in Red Hat OpenShift Dedicated is dedicated-admin, but that does not contain all of the permissions to create a namespace. You must have
cluster-admin
permissions to import and manage a cluster with Red Hat Advanced Cluster Management for Kubernetes.
Required user type or access level: Cluster administrator
8.1.2. Importing a cluster
You can import existing clusters from the Red Hat Advanced Cluster Management for Kubernetes console for each of the available cloud providers.
Note: A hub cluster cannot manage a different hub cluster. A hub cluster is set up to automatically import and manage itself, so you do not have to manually import a hub cluster to manage itself.
- From the navigation menu, hover over Automate infrastructure and click Clusters.
- Click Add a cluster.
- Click Import an existing cluster.
- Provide a name for the cluster. By default, the namespace is used for the cluster name and namespace.
Optional: Add any Additional labels.
Note: If you import a Red Hat OpenShift Dedicated cluster and do not specify a vendor by adding a label for
vendor=OpenShiftDedicated
, or if you add a label forvendor=auto-detect
, amanaged-by=platform
label is automatically added to the cluster. You can use this added label to identify the cluster as a Red Hat OpenShift Dedicated cluster and retrieve the Red Hat OpenShift Dedicated clusters as a group.-
Click Save import and generate code to generate the command that you use to deploy the
open-cluster-management-agent-addon
. A confirmation message is displayed. Optional: Configure the Cluster API address that is on the cluster details page by configuring the URL that is displayed in the table when you run the
oc get managedcluster
command.-
Log in to your hub cluster with an ID that has
cluster-admin
permissions. Configure your
kubectl
for your targeted managed cluster.See Supported clouds to learn how to configure your
kubectl
.Edit the managed cluster entry for the cluster that you are importing by entering the following command:
oc edit managedcluster <cluster-name>
Replace
cluster-name
with the name of the managed cluster.Add the
ManagedClusterClientConfigs
section to theManagedCluster
spec in the YAML file, as shown in the following example:spec: hubAcceptsClient: true managedClusterClientConfigs: - url: https://multicloud-console.apps.new-managed.dev.redhat.com
Replace the value of the URL with the URL that provides external access to the managed cluster that you are importing.
-
Log in to your hub cluster with an ID that has
In the Import an existing cluster window, select Copy command to copy the generated command and token to the clipboard.
Important: The command contains pull secret information that is copied to each of the imported clusters. Anyone who can access the imported clusters can also view the pull secret information. Consider creating a secondary pull secret at https://cloud.redhat.com/ or create a service account to protect your personal credentials. See Using image pull secrets or Understanding and creating service accounts for more information about pull secrets.
- Log in to the managed cluster that you want to import.
For the Red Hat OpenShift Dedicated environment only Complete the following steps:
-
Create the
open-cluster-management-agent
andopen-cluster-management
namespaces or projects on the managed cluster. - Find the klusterlet operator in the OpenShift Container Platform catalog.
Install it in the
open-cluster-management
namespace or project that you created.Important: Do not install the operator in the
open-cluster-management-agent
namespace.Extract the bootstrap secret from the import command by completing the following steps:
Generate the import command:
- Select Automate infrastructure > Clusters from the Red Hat Advanced Cluster Management console main navigation.
- Select Add a cluster > Import an existing cluster.
- Add the cluster information, and select Save import and generate code.
- Copy the import command.
-
Paste the import command into a file that you create named
import-command
. Run one of the following commands to decode the import command, depending on your version of Red Hat Advanced Cluster Management version 2.2.x:
If you are running an upgraded z-stream version of Red Hat Advanced Cluster Management version 2.2.x (for example, 2.2.2), run the following command:
cat import-command | awk '{split($0,a,"&&"); print a[3]}' | awk '{split($0,a,"|"); print a[1]}' | sed -e "s/^ echo //" | sed 's/\"//g' | base64 -d
If your version of Red Hat Advanced Cluster Management version 2.2 was not upgraded to a later z-stream (for example, you are running version 2.2.0), run the following command:
cat import-command | awk '{split($0,a,"&&"); print a[3]}' | awk '{split($0,a,"|"); print a[1]}' | sed -e "s/^ echo //" | base64 -d
-
Find and copy the secret with the name
bootstrap-hub-kubeconfig
in the output. -
Apply the secret to the
open-cluster-management-agent
namespace on the managed cluster. Create the klusterlet resource using the example in the installed operator, the clusterName should be changed the same name as cluster name that was set during the import.
Note: When the
managedcluster
resource is successfully registered to the hub, there are two klusterlet operators installed. One klusterlet operator is in theopen-cluster-management
namespace, and the other is in theopen-cluster-management-agent
namespace. Multiple operators does not affect the function of the klusterlet.
-
Create the
For cluster imports that are not in the Red OpenShift Dedicated environment Complete the following steps:
If necessary, configure your
kubectl
commands for your managed cluster.See Supported clouds to learn how to configure your
kubectl
command line interface.-
To deploy the
open-cluster-management-agent-addon
to the managed cluster, run the command and token that you copied.
- Select View cluster to view a summary of your cluster in the Overview page.
Your cluster is imported. You can import another by selecting Import another.
8.1.3. Removing an imported cluster
Complete the following procedure to remove an imported cluster and the open-cluster-management-agent-addon
that was created on the managed cluster.
- From the Clusters page, find your imported cluster in the table.
- Click Actions > Detach cluster to remove your cluster from management.
Note: If you attempt to detach the hub cluster, which is named local-cluster
, be aware that the default setting of disableHubSelfManagement
is false
. This setting causes the hub cluster to reimport itself and manage itself when it is detached and it reconciles the MultiClusterHub
controller. It might take hours for the hub cluster to complete the detachment process and reimport. If you want to reimport the hub cluster without waiting for the processes to finish, you can enter the following command to restart the multiclusterhub-operator
pod and reimport faster:
oc delete po -n open-cluster-management `oc get pod -n open-cluster-management | grep multiclusterhub-operator| cut -d' ' -f1`
You can change the value of the hub cluster to not import automatically by changing the disableHubSelfManagement
value to true
, as described in Installing while connected online.
8.2. Importing a managed cluster with the CLI
After you install Red Hat Advanced Cluster Management for Kubernetes, you are ready to import a cluster to manage. You can import from both the console and the CLI. Follow this procedure to import from the CLI.
Important: A hub cluster cannot manage a different hub cluster. A hub cluster is set up to automatically import and manage itself. You do not have to manually import a hub cluster to manage itself.
However, if you remove a hub cluster and try to import it again, you need to add the local-cluster:true
label.
8.2.1. Prerequisites
- You need a Red Hat Advanced Cluster Management for Kubernetes hub cluster that is deployed. If you are importing bare metal clusters, you must have the hub cluster installed on Red Hat OpenShift Container Platform version 4.5, or later.
- You need a separate cluster that you want to manage and Internet connectivity.
-
You need the Red Hat OpenShift Container Platform CLI version 4.5, or later, to run
oc
commands. See Getting started with the OpenShift CLI for information about installing and configuring the Red Hat OpenShift CLI,oc
. You need to install the Kubernetes CLI,
kubectl
. To installkubectl
, see Install and Set Up kubectl in the Kubernetes documentation.Note: Download the installation file for CLI tools from the console.
8.2.2. Supported architectures
- Linux (x86_64, s390x)
- macOS
8.2.3. Prepare for import
Log in to your hub cluster. Run the following command:
oc login
Run the following command on the hub cluster to create the namespace. Note: The cluster name that is defined in
<cluster_name>
is also used as the cluster namespace in the.yaml
file file and commands:oc new-project ${CLUSTER_NAME} oc label namespace ${CLUSTER_NAME} cluster.open-cluster-management.io/managedCluster=${CLUSTER_NAME}
Edit the example ManagedCluster with the following sample of YAML:
apiVersion: cluster.open-cluster-management.io/v1 kind: ManagedCluster metadata: name: <cluster_name> spec: hubAcceptsClient: true
-
Save the file as
managed-cluster.yaml
. Apply the YAML file with the following command:
oc apply -f managed-cluster.yaml
Create the klusterlet addon configuration file. Enter the following example YAML:
apiVersion: agent.open-cluster-management.io/v1 kind: KlusterletAddonConfig metadata: name: <cluster_name> namespace: <cluster_name> spec: clusterName: <cluster_name> clusterNamespace: <cluster_name> applicationManager: enabled: true certPolicyController: enabled: true clusterLabels: cloud: auto-detect vendor: auto-detect iamPolicyController: enabled: true policyController: enabled: true searchCollector: enabled: true version: 2.2.0
-
Save the file as
klusterlet-addon-config.yaml
. Apply the YAML. Run the following command:
oc apply -f klusterlet-addon-config.yaml
Note: If you import a Red Hat OpenShift Dedicated cluster and do not specify a vendor by adding a label for
vendor=OpenShiftDedicated
, or if you add a label forvendor=auto-detect
, amanaged-by=platform
label is automatically added to the cluster. You can use this added label to identify the cluster as a Red Hat OpenShift Dedicated cluster and retrieve the Red Hat OpenShift Dedicated clusters as a group.
The ManagedCluster-Import-Controller will generate a secret named ${CLUSTER_NAME}-import
. The ${CLUSTER_NAME}-import
secret contains the import.yaml
that the user applies to a managed cluster to install klusterlet.
8.2.4. Importing the klusterlet
Important: The import command contains pull secret information that is copied to each of the imported clusters. Anyone who can access the imported clusters can also view the pull secret information.
Obtain the
klusterlet-crd.yaml
that was generated by the managed cluster import controller.Run the following command:
oc get secret ${CLUSTER_NAME}-import -n ${CLUSTER_NAME} -o jsonpath={.data.crds\\.yaml} | base64 --decode > klusterlet-crd.yaml
Obtain the
import.yaml
that was generated by the managed cluster import controller. Run the following command:oc get secret ${CLUSTER_NAME}-import -n ${CLUSTER_NAME} -o jsonpath={.data.import\\.yaml} | base64 --decode > import.yaml
- Log in to your target managed cluster.
Apply the
klusterlet-crd.yaml
that was generated in step 1. Run the following command:kubectl apply -f klusterlet-crd.yaml
Apply the
import.yaml
file that was generated in step 2. Run the following command:kubectl apply -f import.yaml
Validate the pod status on the target managed cluster. Run the following command:
kubectl get pod -n open-cluster-management-agent
Validate
JOINED
andAVAILABLE
status for your imported cluster. Run the following command from the hub cluster:kubectl get managedcluster ${CLUSTER_NAME}
Addons will be installed after the managed cluster is
AVAILABLE
. Validate the pod status of addons on the target managed cluster. Run the following command:kubectl get pod -n open-cluster-management-agent-addon
8.3. Modifying the klusterlet addons settings of your cluster
You can modify the settings of klusterlet addon
to change your configuration using the hub cluster.
The klusterlet addon
controller manages the functions that are enabled and disabled according to the settings in the klusterletaddonconfigs.agent.open-cluster-management.io
Kubernetes resource.
The following settings can be updated in the klusterletaddonconfigs.agent.open-cluster-management.io
Kubernetes resource:
Setting name | Value |
---|---|
applicationmanager |
|
policyController |
|
searchCollector |
|
certPolicyController |
|
iamPolicyController |
|
8.3.1. Modify using the console on the hub cluster
You can modify the settings of the klusterletaddonconfigs.agent.open-cluster-management.io
resource by using the hub cluster. Complete the following steps to change the settings:
- Authenticate into the Red Hat Advanced Cluster Management for Kubernetes console of the hub cluster.
- From the main menu of the hub cluster console, select Search.
-
In the search parameters, enter the following value:
kind:klusterletaddonconfigs
- Select the endpoint resource that you want to update.
-
Find the
spec
section and select Edit to edit the content. - Modify your settings.
- Select Save to apply your changes.
8.3.2. Modify using the command line on the hub cluster
You must have access to the <cluster-name> namespace to modify your settings by using the hub cluster. Complete the following steps:
- Authenticate into the hub cluster.
Enter the following command to edit the resource:
kubectl edit klusterletaddonconfigs.agent.open-cluster-management.io <cluster-name> -n <cluster-name>
-
Find the
spec
section. - Modify your settings, as necessary.