Red Hat Summit 红帽全球峰会支持控制台(Console)开发人员开始试用联系人

此内容没有您所选择的语言版本。

Installing Red Hat Edge Manager on Red Hat OpenShift Container Platform

Red Hat Edge Manager 1.0

Installing Red Hat Edge Manager on OpenShift Container Platform

Red Hat Edge Manager Documentation Team

Abstract

This document provides information about installing Red Hat Edge Manager on OpenShift Container Platform.

Red Hat OpenShift Container Platform users can install Red Hat Edge Manager from the Software Catalog in the Hybrid Cloud Console. This procedure guides you through project creation, certificate configuration, and application deployment.

Prerequisites

  • An active Red Hat Edge Manager subscription.
  • An Red Hat OpenShift Container Platform cluster version 4.19 or later.
  • Cluster administrator permissions.
  • The OpenShift CLI (oc) installed and authenticated.

Procedure

  1. Log into the Red Hat OpenShift Container Platform web console.

  2. In your terminal, run the following command to create a project for the Red Hat Edge Manager application services: 

    $ oc new-project <project_name>
    Copy to Clipboard Toggle word wrap
  3. In the Red Hat OpenShift Container Platform web console, navigate to EcosystemSoftware Catalog.

  4. Select your project from the Project dropdown menu.

    Note

    If the project does not appear in the dropdown, refresh your browser.

  5. Search for "Red Hat Edge Manager" and select the Red Hat Edge Manager tile.
  6. In the Red Hat Edge Manager side panel, click Create.
  7. In the Release name field, enter the name of your project.
  8. Select the desired version from the Chart version dropdown menu.

  9. Before finishing the installation, you must configure the ingress certificates. In your terminal, run the following commands to extract the cluster’s Certificate Authority (CA) bundle: 

    $ oc get configmap default-ingress-cert \
    -n openshift-config-managed \
    -o jsonpath='{.data.ca-bundle\.crt}' > /tmp/ingress-ca.crt

$ cat /tmp/ingress-ca.crt
    Copy to Clipboard Toggle word wrap

  10. Under the Configure via section, select the YAML view radio button, locate the global.auth.caCert field and paste the contents of /tmp/ingress-ca.crt as shown below:

    Example YAML configuration

    global:
  auth:
    caCert: |
      -----BEGIN CERTIFICATE-----
      MIIDWzCCAkOgAwIBAgIIUUg1fwtYuLYwDQYJKoZIhvcNAQELBQAwJjEkMCIGA1UE
      ...
      [Full certificate content]
      ...
      -----END CERTIFICATE-----
    insecureSkipTlsVerify: false
    Copy to Clipboard Toggle word wrap

    Warning

    Ensure global.auth.caCert is correctly indented. If this field is missing or malformed, managed edge devices will be unable to verify the API identity and will fail to connect.

    Note

    If Advanced Cluster Management (ACM) is present in your environment but you are using Red Hat Edge Manager as a standalone feature, set the global.enableMulticlusterExtensions parameter to false.

  11. Click Create to deploy Red Hat Edge Manager.

Verification: Retrieving the User Interface URL

Once the pods are running, obtain the external URL to access the Red Hat Edge Manager dashboard.

  1. In your terminal, run the following command to retrieve the host address: 

    $ oc get route flightctl-ui -n <project_name> -o jsonpath='{.spec.host}'
    Copy to Clipboard Toggle word wrap
  2. Copy the returned URL and paste it into a web browser.
  3. Log in using your administrator credentials.

Users can enable secure access to Red Hat Edge Manager by integrating their existing OpenShift identity provider. This guide walks you through labeling your environment and assigning the specific roles required for your team to manage devices, fleets, and organizations.

  • Namespace-to-Organization Mapping: Red Hat Edge Manager uses a 1:1 mapping between OpenShift namespaces and Organizations.
  • Automatic Discovery: The act of labeling a namespace with io.flightctl/instance=<helm_release-name> triggers the automatic discovery and initialization of that namespace as a Red Hat Edge Manager Organization.
  • Multi-Tenancy: You are not limited to a single organization. You can create and manage multiple isolated organizations within a single cluster by applying the same management label to different namespaces.
  • Identity: Each labeled namespace is treated as a distinct organization, allowing you to segregate users, devices, and configurations across your environment.

Prerequisites

  • Red Hat Edge Manager is deployed on Red Hat OpenShift Container Platform via the Software Catalog.
  • Red Hat OpenShift Container Platform users are created via an identity provider (e.g.htpasswd or LDAP).
  • You have cluster-admin access to configure RoleBindings.

Procedure

  1. In the Red Hat OpenShift Container Platform web console, navigate to HelmReleases and record the Helm release name. This value is required for labeling the namespace and configuring user access.

  2. In your terminal, run the following command to label the namespace: 

    $ oc label namespace <namespace> io.flightctl/instance=<helm_release_name>
    Copy to Clipboard Toggle word wrap
    Important

    The label value must match the Helm release name, not the namespace name.

  3. To verify which namespaces are associated with the Helm release name, run the following command: 

    $ oc get namespaces -l io.flightctl/instance=<helm_release_name>
    Copy to Clipboard Toggle word wrap

2.1. Grant user access
复制链接

Accessing Red Hat Edge Manager resources requires a minimum of two roles: the mandatory view role for organization discovery, plus at least one functional role (e.g., flightctl-admin).

Expand
Table 2.1. Red Hat Edge Manager Roles
RolePurpose

view

Required for organization discovery.

flightctl-admin-<helm_release_name>

Full access to Red Hat Edge Manager resources.

flightctl-operator-<helm_release_name>

CRUD permissions for devices, fleets, resourcesyncs, and repositories.

flightctl-viewer-<helm_release_name>

Read-only access.

Procedure

  • To grant the view role for organization discovery: 

    $ oc adm policy add-role-to-user view <user_name> -n <namespace>
    Copy to Clipboard Toggle word wrap

  • To grant Red Hat Edge Manager administrative permissions: 

    $ oc adm policy add-role-to-user flightctl-admin-<helm_release_name> <user_name> -n <namespace>
    Copy to Clipboard Toggle word wrap

  • To grant permissions for CRUD operations on Red Hat Edge Manager resources: 

    $ oc adm policy add-role-to-user flightctl-operator-<helm_release_name> <user_name> -n <namespace>
    Copy to Clipboard Toggle word wrap

  • To grant Red Hat Edge Manager read-only access: 

    $ oc adm policy add-role-to-user flightctl-viewer-<helm_release_name> <user_name> -n <namespace>
    Copy to Clipboard Toggle word wrap
Note

A User not found warning is expected if the user has not yet logged in. The role binding will activate automatically upon their first authentication.

2.2. User login
复制链接

You can authenticate with Red Hat Edge Manager using either the flightctl CLI or the UI.

2.2.1. Log in with the CLI
复制链接

Procedure

  1. Log in to OpenShift: 

    $ oc login
    Copy to Clipboard Toggle word wrap

  2. Log in to Red Hat Edge Manager using the OpenShift token: 

    $ flightctl login https://api.flightctl.apps.example.com -k --token=$(oc whoami -t)
    Copy to Clipboard Toggle word wrap

    Example output

    Auto-selected organization: <uuid> flightctl
Login successful.
    Copy to Clipboard Toggle word wrap

2.2.2. Log in with the UI
复制链接

Procedure

  1. Navigate to the Red Hat Edge Manager UI.
  2. Click Login with OpenShift.
  3. Authenticate using your OpenShift credentials.

Upon successful authentication, the browser redirects to the Red Hat Edge Manager dashboard.

2.3. Verification
复制链接

Verify your access and configuration by running the following commands:

Procedure

  1. Check the current organization: 

    $ flightctl config current-organization
    Copy to Clipboard Toggle word wrap

  2. List available organizations: 

    $ flightctl get organizations
    Copy to Clipboard Toggle word wrap

  3. Test access to resources: 

    $ flightctl get devices
$ flightctl get fleets
    Copy to Clipboard Toggle word wrap

Chapter 3. Upgrading a Helm release chart
复制链接

Users on Red Hat OpenShift Container Platform can upgrade a Helm release by either selecting a new chart version (if available) or manually updating the YAML configuration values.

Prerequisites

  • Ensure you are logged into the OpenShift console with a user account that has permission to modify resources in your specific project.
  • Confirm you have the correct Project (namespace) selected in the console, as Helm releases are grouped by project.
  • Ensure the application is in a stable state and that you have documented any critical configuration values currently in use.

Procedure

  1. In the OpenShift console, locate the navigation menu on the left side of the screen.
  2. Go to the Helm section and select Releases.
  3. Find your release in the list.
  4. Click the Kebab menu (three vertical dots) on the far right of the row and select Upgrade.

  5. Configure your upgrade in the Upgrade Helm Release page:

    1. To change the version: Select a new version from the Chart Version dropdown menu if an update is available.
    2. To change settings: Manually edit the configuration in the YAML editor (Values) to update specific parameters.
  6. Click Upgrade to finalize and deploy your changes.

Once you click Upgrade, OpenShift will trigger a new revision. You can watch the Status column in the Helm Releases list change to "Pending" and then back to "Deployed" once the update is successful.

Legal Notice
复制链接

Copyright © Red Hat.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
Red Hat logoGithubredditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。 了解我们当前的更新.

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

Theme

© 2026 Red Hat返回顶部