1.3. RHACM을 사용하여 OpenShift Data Foundation Logical Volume Manager Operator 설치 제거
RHACM을 사용하여 Operator를 설치한 경우 OpenShift Data Foundation Logical Volume Manager Operator를 설치 제거하려면 Operator 배포 및 구성을 위해 생성한 ACM 정책을 삭제해야 합니다. 그러나 ACM 정책을 삭제하면 정책이 생성된 리소스는 제거되지 않습니다. 리소스를 제거하려면 추가 정책을 생성해야 합니다.
정책을 삭제할 때 생성된 리소스가 제거되지 않으므로 다음 단계를 수행해야 합니다.
- Logical Volume Manager Operator가 프로비저닝한 모든 PVC 및 볼륨 스냅샷을 제거합니다.
-
LVMCluster
리소스를 제거하여 디스크에 생성된 논리 볼륨 관리자 리소스를 정리합니다. - Operator를 제거하는 추가 정책을 만듭니다.
사전 요구 사항
정책을 삭제하기 전에 다음 사항이 삭제되었는지 확인합니다.
- OpenShift Data Foundation Logical Volume Manager Operator에서 프로비저닝한 스토리지를 사용하는 관리형 클러스터의 모든 애플리케이션입니다.
- OpenShift Data Foundation Logical Volume Manager Operator를 사용하여 PVC(영구 볼륨 클레임) 및 PV(영구 볼륨)를 프로비저닝합니다.
- OpenShift Data Foundation Logical Volume Manager Operator에서 프로비저닝한 모든 볼륨 스냅샷.
-
oc get logicalvolume
명령을 사용하여 논리 볼륨 리소스가 없는지 확인합니다. -
cluster-admin
역할의 계정을 사용하여 RHACM 클러스터에 액세스할 수 있습니다.
절차
OpenShift 명령줄 인터페이스에서 다음 명령을 사용하여 허브 클러스터에 OpenShift Data Foundation Logical Volume Manager Operator를 배포 및 구성하기 위해 생성한 ACM 정책을 삭제합니다.
# oc delete -f policy-lvm-operator.yaml -n lvm-policy-ns
odf-lvmcluster-deletion.yaml
과 같은 이름의 파일에 다음 YAML을 저장하여LVMCluster
를 제거하는 정책을 생성합니다. 이를 통해 Operator는 클러스터에서 생성한 모든 논리 볼륨 관리자 리소스를 정리할 수 있습니다.apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: name: policy-lvmcluster-delete annotations: policy.open-cluster-management.io/standards: NIST SP 800-53 policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration spec: remediationAction: enforce disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: policy-lvmcluster-removal spec: remediationAction: enforce # the policy-template spec.remediationAction is overridden by the preceding parameter value for spec.remediationAction. severity: low object-templates: - complianceType: mustnothave objectDefinition: kind: LVMCluster apiVersion: lvm.topolvm.io/v1alpha1 metadata: name: odf-lvmcluster namespace: openshift-storage # must have namespace 'openshift-storage' --- apiVersion: policy.open-cluster-management.io/v1 kind: PlacementBinding metadata: name: binding-policy-lvmcluster-delete placementRef: apiGroup: apps.open-cluster-management.io kind: PlacementRule name: placement-policy-lvmcluster-delete subjects: - apiGroup: policy.open-cluster-management.io kind: Policy name: policy-lvmcluster-delete --- apiVersion: apps.open-cluster-management.io/v1 kind: PlacementRule metadata: name: placement-policy-lvmcluster-delete spec: clusterConditions: - status: 'True' type: ManagedClusterConditionAvailable clusterSelector: matchExpressions: - key: vendor operator: In values: - OpenShift
다음 명령을 실행하여 정책을 생성합니다.
# oc create -f odf-lvmcluster-deletion.yaml -n lvm-policy-ns
다음 YAML을
check-odf-lvmcluster-deletion.yaml
과 같은 이름으로 파일에 저장하여LVMCluster
CR이 제거되었는지 확인하는 정책을 생성합니다.apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: name: policy-lvmcluster-inform annotations: policy.open-cluster-management.io/standards: NIST SP 800-53 policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration spec: remediationAction: inform disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: policy-lvmcluster-removal-inform spec: remediationAction: inform # the policy-template spec.remediationAction is overridden by the preceding parameter value for spec.remediationAction. severity: low object-templates: - complianceType: mustnothave objectDefinition: kind: LVMCluster apiVersion: lvm.topolvm.io/v1alpha1 metadata: name: odf-lvmcluster namespace: openshift-storage # must have namespace 'openshift-storage' --- apiVersion: policy.open-cluster-management.io/v1 kind: PlacementBinding metadata: name: binding-policy-lvmcluster-check placementRef: apiGroup: apps.open-cluster-management.io kind: PlacementRule name: placement-policy-lvmcluster-check subjects: - apiGroup: policy.open-cluster-management.io kind: Policy name: policy-lvmcluster-inform --- apiVersion: apps.open-cluster-management.io/v1 kind: PlacementRule metadata: name: placement-policy-lvmcluster-check spec: clusterConditions: - status: 'True' type: ManagedClusterConditionAvailable clusterSelector: matchExpressions: - key: vendor operator: In values: - OpenShift
다음 명령을 실행하여 정책을 생성합니다.
# oc create -f check-odf-lvmcluster-deletion.yaml -n lvm-policy-ns
정책 상태를 확인합니다.
# oc get policy -n lvm-policy-ns NAME REMEDIATION ACTION COMPLIANCE STATE AGE policy-lvmcluster-delete enforce Compliant 15m policy-lvmcluster-inform inform Compliant 15m
두 정책을 모두 준수한 후
odf-lvm-operator-remove-policy.yaml
과 같은 이름의 파일에 다음 YAML을 저장하여 OpenShift Data Foundation Logical Volume Manager Operator를 제거할 정책을 생성합니다.apiVersion: apps.open-cluster-management.io/v1 kind: PlacementRule metadata: name: placement-uninstall-odf-lvm-operator spec: clusterConditions: - status: "True" type: ManagedClusterConditionAvailable clusterSelector: matchExpressions: - key: vendor operator: In values: - OpenShift --- apiVersion: policy.open-cluster-management.io/v1 kind: PlacementBinding metadata: name: binding-uininstall-odf-lvm-operator placementRef: apiGroup: apps.open-cluster-management.io kind: PlacementRule name: placement-uninstall-odf-lvm-operator subjects: - apiGroup: policy.open-cluster-management.io kind: Policy name: uninstall-odf-lvm-operator --- apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 name: uninstall-odf-lvm-operator spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: uninstall-odf-lvm-operator spec: object-templates: - complianceType: mustnothave objectDefinition: apiVersion: v1 kind: Namespace metadata: name: openshift-storage - complianceType: mustnothave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: openshift-storage-operatorgroup namespace: openshift-storage spec: targetNamespaces: - openshift-storage - complianceType: mustnothave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: odf-lvm-operator namespace: openshift-storage spec: installPlanApproval: Automatic name: odf-lvm-operator source: redhat-operators sourceNamespace: openshift-marketplace remediationAction: enforce severity: low - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: policy-remove-lvm-operator-crds spec: object-templates: - complianceType: mustnothave objectDefinition: apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: logicalvolumes.topolvm.cybozu.com - complianceType: mustnothave objectDefinition: apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: lvmclusters.lvm.topolvm.io - complianceType: mustnothave objectDefinition: apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: lvmvolumegroupnodestatuses.lvm.topolvm.io - complianceType: mustnothave objectDefinition: apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: lvmvolumegroups.lvm.topolvm.io remediationAction: enforce severity: high
다음 명령을 실행하여 정책을 생성합니다.
# oc create -f odf-lvm-operator-remove-policy.yaml -ns lvm-policy-ns