Having a development cluster (devel) join the hub
Introduction
Development clusters are responsible for building applications and delivering the applications to a secured registry. The development cluster defines a secure pipeline that includes code and image scans and image signing before delivering them to the registry. OpenShift Pipelines is used for the continuous integration (CI). The Quay registry is deployed on the hub and therefore integration is required for the development pipeline to push images to the registry.
Development clusters also need to be secured and so one part of the deployment is Advanced Cluster Security with a secured configuration. This allows ACS to monitor and report on security issues on the cluster. ACS secured sites report to an ACS Central application that is deployed on the hub.
Allow ACM to deploy the devel applications to a subset of clusters
By default the devel
applications are deployed on any development clusters that ACM knows about.
managedClusterGroups:
- name: devel
helmOverrides:
- name: clusterGroup.isHubCluster
value: "false"
clusterSelector:
matchLabels:
clusterGroup: devel
matchExpressions:
- key: vendor
operator: In
values:
- OpenShift
Remember to commit the changes and push to GitHub so that GitOps can see your changes and apply them.
Deploy a devel cluster
Rather than provide instructions on creating a devel cluster it is assumed
that an OpenShift cluster has already been created. Use the openshift-install
program provided at cloud.redhat.com
There are a three ways to join the devel cluster to the hub.
- Using the ACM user interface
- Using the
cm
tool - Using the
clusteradm
tool
Devel setup using the ACM UI
After ACM is installed a message regarding a “Web console update is available” may be displayed. Click on the “Refresh web console” link.
On the upper-left side you’ll see a pull down labeled “local-cluster”. Select “All Clusters” from this pull down. This will navigate to the ACM console and to its “Clusters” section
Select the “Import cluster” option beside the highlighted Create Cluster button.
On the “Import an existing cluster” page, enter the cluster name and choose Kubeconfig as the “import mode”. Add the tag clusterGroup=devel
Press import. Done.
Using this method, you are done. Skip to the section Devel is joined but ignore the part about adding the site tag.
Devel setup using cm
tool
Install the
cm
(cluster management) command-line tool. See details hereObtain the KUBECONFIG file from the devel cluster.
On the command-line login into the hub/datacenter cluster (use
oc login
or export the KUBECONFIG).Run the following command:
cm attach cluster --cluster <cluster-name> --cluster-kubeconfig <path-to-KUBECONFIG>
Skip to the section Devel is joined
Devel setup using clusteradm
tool
You can also use clusteradm
to join a cluster. The following instructions explain what needs to be done. clusteradm
is still in testing.
To deploy a edge cluster you will need to get the datacenter (or hub) cluster’s token. You will need to install
clusteradm
. On the existing datacenter cluster:clusteradm get token
When you run the
clusteradm
command above it replies with the token and also shows you the command to use on the devel. So first you must login to the devel clusteroc login
orexport KUBECONFIG=~/my-ocp-env/devel
Then request to that the devel join the datacenter hub
clusteradm join --hub-token <token from clusteradm get token command > <devel cluster name>
Back on the hub cluster accept the join request
clusteradm accept --clusters <devel-cluster-name>
Skip to the next section, Devel is joined
Devel is joined
Designate the new cluster as a devel site
Now that ACM is no longer deploying the devel applications everywhere, we need
to explicitly indicate that the new cluster has the devel role. If you haven’t tagged the cluster as clusterGroup=devel
then we can do that here.
We do this by adding the label referenced in the managedSite’s clusterSelector
.
Find the new cluster
oc get managedclusters.cluster.open-cluster-management.io
Apply the label
oc label managedclusters.cluster.open-cluster-management.io/YOURCLUSTER clusterGroup=devel
You’re done
That’s it! Go to your devel (edge) OpenShift console and check for the open-cluster-management-agent pod being launched. Be patient, it will take a while for the ACM agent and agent-addons to launch. After that, the operator OpenShift GitOps will run. When it’s finished check that all applications have synced in OpenShift GitOps. Select “Devel Argo CD” from the OpenShift Applications menu.
Then look at the GitOps applications and make sure they have synced completely.
Confirming successful deployment
There are a number of steps you can do to check that the components have deployed:
Pipelines should be available in the console on the left hand side.
Run a pipeline and check the build and if the image gets updated in the Quay registry on the Hub.
You should be able to select the route to the demo application in the test environment.
The development cluster name should show up in the ACS Central console.
Next up
Deploy the the Multicluster DevSecOps secured production cluster