Red Hat SummitChapter 1. Red Hat OpenShift Cluster Manager
Red Hat OpenShift Cluster Manager is a managed service where you can install, modify, operate, and upgrade your Red Hat OpenShift clusters. This service allows you to work with all of your organization’s clusters from a single dashboard.
OpenShift Cluster Manager guides you to install OpenShift Container Platform, Red Hat OpenShift Service on AWS (classic architecture), Red Hat OpenShift Service on AWS, and OpenShift Dedicated clusters. It is also responsible for both OpenShift Container Platform clusters after self-installation as well as your Red Hat OpenShift Service on AWS (classic architecture), Red Hat OpenShift Service on AWS, and OpenShift Dedicated clusters.
You can use OpenShift Cluster Manager to do the following actions:
- Create clusters
- View cluster details and metrics
- Manage your clusters with tasks such as scaling, changing node labels, networking, authentication
- Manage access control
- Monitor clusters
- Schedule upgrades
- Transferring cluster ownership
For more information about OpenShift Cluster Manager, see the entire OpenShift Cluster Manager documentation.
1.1. Accessing Red Hat OpenShift Cluster Manager
You can access OpenShift Cluster Manager with your configured OpenShift account.
Prerequisites
- You have an account that is part of an OpenShift organization.
- If you are creating a cluster, your organization has a specified quota.
Procedure
- Log in to OpenShift Cluster Manager using your login credentials.
1.2. General actions
On the top right of the cluster page, there are some actions that a user can perform on the entire cluster:
- Open console launches a web console so that the cluster owner can issue commands to the cluster.
- Actions drop-down menu allows the cluster owner to rename the display name of the cluster, edit the machine pools, and delete the cluster. You may also transfer the cluster’s ownership to another user.
- Refresh icon forces a refresh of the cluster.
1.3. Cluster tabs
Selecting an active, installed cluster shows tabs associated with that cluster. The following tabs display after the cluster’s installation completes:
- Overview
- Access control
- Add-ons
- Cluster history
- Networking
- Machine pools
- Support
- Settings
1.3.1. Overview tab
The Overview tab provides information about how the cluster was configured:
- Cluster ID is the unique identification for the created cluster. This ID can be used when issuing commands to the cluster from the command line.
- Domain prefix is the prefix that is used throughout the cluster. The default value is the cluster’s name.
- Type shows the type of cluster, for example ROSA (classic), ROSA with HCP, or Dedicated.
- Region is the server region.
- Availability shows which type of availability zone that the cluster uses, either single or multizone.
- Version is the OpenShift version that is installed on the cluster. If there is an update available, you can update from this field.
- Created at shows the date and time that the cluster was created.
- Owner identifies who created the cluster and has owner rights.
- Delete Protection: <status> shows whether or not the cluster’s delete protection is enabled.
- Status displays the current status of the cluster.
- Total vCPU shows the total available virtual CPU for this cluster.
- Total memory shows the total available memory for this cluster.
- Infrastructure AWS account displays the AWS account that is responsible for cluster creation and maintenance.
- Additional encryption field shows any applicable additional encryption options.
- Nodes shows the actual and desired nodes on the cluster. These numbers might not match due to cluster scaling.
- Cluster autoscaling field shows whether or not you have enabled autoscaling on the cluster.
- Instance Metadata Service (IMDS) field shows your selected instance metadata service for the cluster.
- Network field shows the address and prefixes for network connectivity.
- OIDC configuration field shows the Open ID Connect configuration for the cluster.
- Resource usage section of the tab displays the resources in use with a graph.
- Advisor recommendations section gives insight in relation to security, performance, availability, and stability. This section requires the use of remote health functionality. See Using Insights to identify issues with the cluster in the Additional resources section.
1.3.2. Access control tab
The Access control tab allows the cluster owner to set up an identity provider, grant elevated permissions, and grant roles to other users.
1.3.2.1. Identity providers
You can create your cluster’s identity provider in this section. See the Additional resources for more information.
1.3.2.2. Cluster roles and acess
You can create a dedicated-admins role for {product-short-name} clusters or cluster-admins role for Red Hat OpenShift Service on AWS classic architecture clusters.
Procedure
- Click the Add user button.
- Enter the ID of the user you want to grant cluster admin access.
-
Select the appropriate group for your user. Either
dedicated-adminsfor {product-short-name} clusters, orcluster-adminsfor ROSA (classic) clusters.
1.3.2.3. OCM roles and access
Prerequisites
- You must be the cluster owner or have the correct permissions to grant roles on the cluster.
Procedure
- Click the Grant role button.
- Enter the Red Hat account login for the user that you wish to grant a role on the cluster.
Select the role from following options:
- Cluster editor allows users or groups to manage or configure the cluster.
- Cluster viewer allows users or groups to view cluster details only.
- Cluster autoscaler editor allows users or groups to manage and configure the cluster autoscaler settings.
- Identity provider editor allows users or groups to manage and configure the identity providers.
- Machine pool editor allows users or groups to manage and configure the machine pools.
- Click the Grant role button on the dialog box.
1.3.2.4. Transfer ownership
You can transfer your cluster to another user.
Once you transfer cluster ownership, you lose access to the cluster.
Procedure
- Select Initiate transfer.
- Enter the user name, account ID, and organization ID of the user that you are transferring the cluster to.
- Select Initiate transfer.
1.3.3. Add-ons tab
The Add-ons tab displays all of the optional add-ons that can be added to the cluster. Select the desired add-on, and then select Install below the description for the add-on that displays.
1.3.4. Cluster history tab
The Cluster history tab shows every change to the cluster from creation onward for each version. You can specify date ranges for your cluster history and use filters to search based on the description of the notification, the severity of the notification, the type of notification, and which role logged it. You may download your cluster history as a JSON or CSV file.
1.3.5. Networking tab
The Networking tab provides a control plane API endpoint as well as the default application router. Both the control plane API endpoint and the default application router can be made private by selecting the respective box below label. If applicable, you can also find your virtual private cloud (VPC) details on this tab.
Select the Edit application ingress button to edit the existing application ingress. You can change your application ingress to private or public by checking or unchecking the "Make router private" checkbox.
For Security Token Service (STS) installations, these options cannot be changed. STS installations also do not allow you to change privacy nor allow you to add an additional router.
1.3.6. Machine pools tab
The Machine pools tab allows the cluster owner to create new machine pools if there is enough available quota, or edit an existing machine pool.
Selecting the
> Edit option opens the "Edit machine pool" dialog. In this dialog, you can change the node count per availability zone, edit node labels and taints, and view any associated AWS security groups.
Select the Edit cluster autoscaling button to specify your autoscaling strategy.
1.3.7. Support tab
In the Support tab, you can add notification contacts for individuals that should receive cluster notifications. The username or email address that you provide must relate to a user account in the Red Hat organization where the cluster is deployed. For the steps to add a notification contact, see Adding cluster notification contacts.
Also from this tab, you can open a support case to request technical support for your cluster.
1.3.8. Settings tab
The Settings tab provides a few options for the cluster owner:
- Monitoring, which is enabled by default, allows for reporting done on user-defined actions.
- Update strategy allows you to determine if the cluster automatically updates on a certain day of the week at a specified time or if all updates are scheduled manually.
- Node draining sets the duration that protected workloads are respected during updates. When this duration has passed, the node is forcibly removed.
- Update status shows the current version and if there are any updates available.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}