红帽全球峰会1.2. 为发现的托管集群自动导入
使用 DiscoveredCluster 资源自动导入托管集群以加快集群管理,而无需手动导入单个集群。
当您自动将发现的托管集群导入到 Red Hat Advanced Cluster Management 中时,会启用所有 Red Hat Advanced Cluster Management 附加组件,以便您可以使用可用的管理工具开始管理托管集群。
托管的集群还 自动导入到 多集群引擎 operator 中。通过 multicluster engine operator 控制台,您可以管理托管集群生命周期。但是,您无法从 Red Hat Advanced Cluster Management 控制台管理托管集群生命周期。
需要的访问权限:集群管理员
1.2.1. 先决条件
1.2.2. 为自动导入配置设置
从受管多集群引擎 operator 集群发现的集群以 DiscoveredCluster 自定义资源表示,这些资源位于 Red Hat Advanced Cluster Management 中的受管 multicluster engine operator 集群命名空间中。请参阅以下 DiscoveredCluster 资源和命名空间示例:
apiVersion: discovery.open-cluster-management.io/v1
kind: DiscoveredCluster
metadata:
creationTimestamp: "2024-05-30T23:05:39Z"
generation: 1
labels:
hypershift.open-cluster-management.io/hc-name: hosted-cluster-1
hypershift.open-cluster-management.io/hc-namespace: clusters
name: hosted-cluster-1
namespace: mce-1
resourceVersion: "1740725"
uid: b4c36dca-a0c4-49f9-9673-f561e601d837
spec:
apiUrl: https://a43e6fe6dcef244f8b72c30426fb6ae3-ea3fec7b113c88da.elb.us-west-1.amazonaws.com:6443
cloudProvider: aws
creationTimestamp: "2024-05-30T23:02:45Z"
credential: {}
displayName: mce-1-hosted-cluster-1
importAsManagedCluster: false
isManagedCluster: false
name: hosted-cluster-1
openshiftVersion: 0.0.0
status: Active
type: MultiClusterEngineHCP
在 spec.importAsManagedCluster 字段从 false 改为 true 之前,发现的托管集群不会自动导入到 Red Hat Advanced Cluster Management。了解如何使用 Red Hat Advanced Cluster Management 策略为 DiscoveredCluster 资源中的所有类型自动 将此字段设置为 true,以便发现的托管集群会立即并自动导入到 Red Hat Advanced Cluster Management。
配置您的 Policy 以导入所有发现的托管集群。
- 通过 CLI 登录到您的 hub 集群,以完成以下流程:
为您的
DiscoveredCluster自定义资源创建 YAML 文件,并编辑以下示例中引用的配置:apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: name: policy-mce-hcp-autoimport namespace: open-cluster-management-global-set annotations: policy.open-cluster-management.io/standards: NIST SP 800-53 policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/description: Discovered clusters that are of type MultiClusterEngineHCP can be automatically imported into ACM as managed clusters. This policy configure those discovered clusters so they are automatically imported. Fine tuning MultiClusterEngineHCP clusters to be automatically imported can be done by configure filters at the configMap or add annotation to the discoverd cluster. spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: mce-hcp-autoimport-config spec: object-templates: - complianceType: musthave objectDefinition: apiVersion: v1 kind: ConfigMap metadata: name: discovery-config namespace: open-cluster-management-global-set data: rosa-filter: "" remediationAction: enforce 1 severity: low - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: policy-mce-hcp-autoimport spec: remediationAction: enforce severity: low object-templates-raw: | {{- /* find the MultiClusterEngineHCP DiscoveredClusters */ -}} {{- range $dc := (lookup "discovery.open-cluster-management.io/v1" "DiscoveredCluster" "" "").items }} {{- /* Check for the flag that indicates the import should be skipped */ -}} {{- $skip := "false" -}} {{- range $key, $value := $dc.metadata.annotations }} {{- if and (eq $key "discovery.open-cluster-management.io/previously-auto-imported") (eq $value "true") }} {{- $skip = "true" }} {{- end }} {{- end }} {{- /* if the type is MultiClusterEngineHCP and the status is Active */ -}} {{- if and (eq $dc.spec.status "Active") (contains (fromConfigMap "open-cluster-management-global-set" "discovery-config" "mce-hcp-filter") $dc.spec.displayName) (eq $dc.spec.type "MultiClusterEngineHCP") (eq $skip "false") }} - complianceType: musthave objectDefinition: apiVersion: discovery.open-cluster-management.io/v1 kind: DiscoveredCluster metadata: name: {{ $dc.metadata.name }} namespace: {{ $dc.metadata.namespace }} spec: importAsManagedCluster: true 2 {{- end }} {{- end }}-
运行
oc apply -f <filename>.yaml -n <namespace> 以应用该文件。
1.2.3. 创建放置定义
您需要创建一个放置定义,为策略部署指定受管集群。完成以下步骤:
创建仅选择
local-cluster的放置定义,该定义是管理的 hub 集群。使用以下 YAML 示例:apiVersion: cluster.open-cluster-management.io/v1beta1 kind: Placement metadata: name: policy-mce-hcp-autoimport-placement namespace: open-cluster-management-global-set spec: tolerations: - key: cluster.open-cluster-management.io/unreachable operator: Exists - key: cluster.open-cluster-management.io/unavailable operator: Exists clusterSets: - global predicates: - requiredClusterSelector: labelSelector: matchExpressions: - key: local-cluster operator: In values: - "true"-
运行
oc apply -f placement.yaml -n <namespace>,其中 namespace 与您之前创建的策略的命名空间匹配。
1.2.4. 将导入策略绑定到放置定义
创建策略和放置后,您需要连接这两个资源。完成以下步骤:
使用
PlacementBinding资源连接资源。请参阅以下示例,placementRef引用您创建的放置,主题引用您创建的策略:apiVersion: policy.open-cluster-management.io/v1 kind: PlacementBinding metadata: name: policy-mce-hcp-autoimport-placement-binding namespace: open-cluster-management-global-set placementRef: name: policy-mce-hcp-autoimport-placement apiGroup: cluster.open-cluster-management.io kind: Placement subjects: - name: policy-mce-hcp-autoimport apiGroup: policy.open-cluster-management.io kind: Policy要验证,请运行以下命令:
oc get policies.policy.open-cluster-management.io policy-mce-hcp-autoimport -n <namespace>
重要: 您可以使用 Red Hat Advanced Cluster Management 控制台中的 Detach 选项,或者从命令行中删除对应的 ManagedCluster 自定义资源,从 Red Hat Advanced Cluster Management 控制台中 分离 托管集群。
为获得最佳结果,在 销毁 托管集群前分离受管集群。
当发现的集群分离时,以下注解会添加到 DiscoveredCluster 资源中,以防止策略再次导入发现的集群。
annotations:
discovery.open-cluster-management.io/previously-auto-imported: "true"如果要重新导入分离发现的集群,请删除此注解。
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}