-
Notifications
You must be signed in to change notification settings - Fork 1.8k
/
Copy pathhcp-hc-objects.adoc
292 lines (281 loc) · 10.6 KB
/
hcp-hc-objects.adoc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
// Module included in the following assemblies:
//
// * hosted_control_planes/hcp-disconnected/hcp-deploy-dc-bm.adoc
:_mod-docs-content-type: PROCEDURE
[id="hcp-hc-objects_{context}"]
= Deploying hosted cluster objects
Typically, the HyperShift Operator creates the `HostedControlPlane` namespace. However, in this case, you want to include all the objects before the HyperShift Operator begins to reconcile the `HostedCluster` object. Then, when the Operator starts the reconciliation process, it can find all of the objects in place.
.Procedure
. Create a YAML file with the following information about the namespaces:
+
[source,yaml]
----
---
apiVersion: v1
kind: Namespace
metadata:
creationTimestamp: null
name: <hosted_cluster_namespace>-<hosted_cluster_name> <1>
spec: {}
status: {}
---
apiVersion: v1
kind: Namespace
metadata:
creationTimestamp: null
name: <hosted_cluster_namespace> <2>
spec: {}
status: {}
----
+
<1> Replace `<hosted_cluster_name>` with your hosted cluster.
<2> Replace `<hosted_cluster_namespace>` with the name of your hosted cluster namespace.
. Create a YAML file with the following information about the config maps and secrets to include in the `HostedCluster` deployment:
+
[source,yaml]
----
---
apiVersion: v1
data:
ca-bundle.crt: |
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
kind: ConfigMap
metadata:
name: user-ca-bundle
namespace: <hosted_cluster_namespace> <1>
---
apiVersion: v1
data:
.dockerconfigjson: xxxxxxxxx
kind: Secret
metadata:
creationTimestamp: null
name: <hosted_cluster_name>-pull-secret <2>
namespace: <hosted_cluster_namespace> <1>
---
apiVersion: v1
kind: Secret
metadata:
name: sshkey-cluster-<hosted_cluster_name> <2>
namespace: <hosted_cluster_namespace> <1>
stringData:
id_rsa.pub: ssh-rsa xxxxxxxxx
---
apiVersion: v1
data:
key: nTPtVBEt03owkrKhIdmSW8jrWRxU57KO/fnZa8oaG0Y=
kind: Secret
metadata:
creationTimestamp: null
name: <hosted_cluster_name>-etcd-encryption-key <2>
namespace: <hosted_cluster_namespace> <1>
type: Opaque
----
+
<1> Replace `<hosted_cluster_namespace>` with the name of your hosted cluster namespace.
<2> Replace `<hosted_cluster_name>` with your hosted cluster.
. Create a YAML file that contains the RBAC roles so that Assisted Service agents can be in the same `HostedControlPlane` namespace as the hosted control plane and still be managed by the cluster API:
+
[source,yaml]
----
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
creationTimestamp: null
name: capi-provider-role
namespace: <hosted_cluster_namespace>-<hosted_cluster_name> <1> <2>
rules:
- apiGroups:
- agent-install.openshift.io
resources:
- agents
verbs:
- '*'
----
+
<1> Replace `<hosted_cluster_namespace>` with the name of your hosted cluster namespace.
<2> Replace `<hosted_cluster_name>` with your hosted cluster.
. Create a YAML file with information about the `HostedCluster` object, replacing values as necessary:
+
[source,yaml]
----
apiVersion: hypershift.openshift.io/v1beta1
kind: HostedCluster
metadata:
name: <hosted_cluster_name> <1>
namespace: <hosted_cluster_namespace> <2>
spec:
additionalTrustBundle:
name: "user-ca-bundle"
olmCatalogPlacement: guest
imageContentSources: <3>
- source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
mirrors:
- registry.<dns.base.domain.name>:5000/openshift/release <4>
- source: quay.io/openshift-release-dev/ocp-release
mirrors:
- registry.<dns.base.domain.name>:5000/openshift/release-images <4>
- mirrors:
...
...
autoscaling: {}
controllerAvailabilityPolicy: SingleReplica
dns:
baseDomain: <dns.base.domain.name> <4>
etcd:
managed:
storage:
persistentVolume:
size: 8Gi
restoreSnapshotURL: null
type: PersistentVolume
managementType: Managed
fips: false
networking:
clusterNetwork:
- cidr: 10.132.0.0/14
- cidr: fd01::/48
networkType: OVNKubernetes
serviceNetwork:
- cidr: 172.31.0.0/16
- cidr: fd02::/112
platform:
agent:
agentNamespace: <hosted_cluster_namespace>-<hosted_cluster_name> <1> <2>
type: Agent
pullSecret:
name: <hosted_cluster_name>-pull-secret <1>
release:
image: registry.<dns.base.domain.name>:5000/openshift/release-images:<4.x.y>-x86_64 <4> <5>
secretEncryption:
aescbc:
activeKey:
name: <hosted_cluster_name>-etcd-encryption-key <1>
type: aescbc
services:
- service: APIServer
servicePublishingStrategy:
type: LoadBalancer
- service: OAuthServer
servicePublishingStrategy:
type: Route
- service: OIDC
servicePublishingStrategy:
type: Route
- service: Konnectivity
servicePublishingStrategy:
type: Route
- service: Ignition
servicePublishingStrategy:
type: Route
sshKey:
name: sshkey-cluster-<hosted_cluster_name> <1>
status:
controlPlaneEndpoint:
host: ""
port: 0
----
+
<1> Replace `<hosted_cluster_name>` with your hosted cluster.
<2> Replace `<hosted_cluster_namespace>` with the name of your hosted cluster namespace.
<3> The `imageContentSources` section contains mirror references for user workloads within the hosted cluster.
<4> Replace `<dns.base.domain.name>` with the DNS base domain name.
<5> Replace `<4.x.y>` with the supported {product-title} version you want to use.
. Add an annotation in the `HostedCluster` object that points to the HyperShift Operator release in the {product-title} release:
.. Obtain the image payload by entering the following command:
+
[source,terminal]
----
$ oc adm release info \
registry.<dns.base.domain.name>:5000/openshift-release-dev/ocp-release:<4.x.y>-x86_64 \
| grep hypershift
----
+
where `<dns.base.domain.name>` is the DNS base domain name and `<4.x.y>` is the supported {product-title} version you want to use.
+
.Example output
[source,terminal]
----
hypershift sha256:31149e3e5f8c5e5b5b100ff2d89975cf5f7a73801b2c06c639bf6648766117f8
----
.. By using the {product-title} Images namespace, check the digest by entering the following command:
+
[source,terminal]
----
podman pull registry.<dns.base.domain.name>:5000/openshift-release-dev/ocp-v4.0-art-dev@sha256:31149e3e5f8c5e5b5b100ff2d89975cf5f7a73801b2c06c639bf6648766117f8
----
+
where `<dns.base.domain.name>` is the DNS base domain name.
+
.Example output
[source,terminal]
----
podman pull registry.dns.base.domain.name:5000/openshift/release@sha256:31149e3e5f8c5e5b5b100ff2d89975cf5f7a73801b2c06c639bf6648766117f8
Trying to pull registry.dns.base.domain.name:5000/openshift/release@sha256:31149e3e5f8c5e5b5b100ff2d89975cf5f7a73801b2c06c639bf6648766117f8...
Getting image source signatures
Copying blob d8190195889e skipped: already exists
Copying blob c71d2589fba7 skipped: already exists
Copying blob d4dc6e74b6ce skipped: already exists
Copying blob 97da74cc6d8f skipped: already exists
Copying blob b70007a560c9 done
Copying config 3a62961e6e done
Writing manifest to image destination
Storing signatures
3a62961e6ed6edab46d5ec8429ff1f41d6bb68de51271f037c6cb8941a007fde
----
+
The release image that is set in the `HostedCluster` object must use the digest rather than the tag; for example, `quay.io/openshift-release-dev/ocp-release@sha256:e3ba11bd1e5e8ea5a0b36a75791c90f29afb0fdbe4125be4e48f69c76a5c47a0`.
. Create all of the objects that you defined in the YAML files by concatenating them into a file and applying them against the management cluster. To do so, enter the following command:
+
[source,terminal]
----
$ oc apply -f 01-4.14-hosted_cluster-nodeport.yaml
----
+
.Example output
[source,terminal]
----
NAME READY STATUS RESTARTS AGE
capi-provider-5b57dbd6d5-pxlqc 1/1 Running 0 3m57s
catalog-operator-9694884dd-m7zzv 2/2 Running 0 93s
cluster-api-f98b9467c-9hfrq 1/1 Running 0 3m57s
cluster-autoscaler-d7f95dd5-d8m5d 1/1 Running 0 93s
cluster-image-registry-operator-5ff5944b4b-648ht 1/2 Running 0 93s
cluster-network-operator-77b896ddc-wpkq8 1/1 Running 0 94s
cluster-node-tuning-operator-84956cd484-4hfgf 1/1 Running 0 94s
cluster-policy-controller-5fd8595d97-rhbwf 1/1 Running 0 95s
cluster-storage-operator-54dcf584b5-xrnts 1/1 Running 0 93s
cluster-version-operator-9c554b999-l22s7 1/1 Running 0 95s
control-plane-operator-6fdc9c569-t7hr4 1/1 Running 0 3m57s
csi-snapshot-controller-785c6dc77c-8ljmr 1/1 Running 0 77s
csi-snapshot-controller-operator-7c6674bc5b-d9dtp 1/1 Running 0 93s
csi-snapshot-webhook-5b8584875f-2492j 1/1 Running 0 77s
dns-operator-6874b577f-9tc6b 1/1 Running 0 94s
etcd-0 3/3 Running 0 3m39s
hosted-cluster-config-operator-f5cf5c464-4nmbh 1/1 Running 0 93s
ignition-server-6b689748fc-zdqzk 1/1 Running 0 95s
ignition-server-proxy-54d4bb9b9b-6zkg7 1/1 Running 0 95s
ingress-operator-6548dc758b-f9gtg 1/2 Running 0 94s
konnectivity-agent-7767cdc6f5-tw782 1/1 Running 0 95s
kube-apiserver-7b5799b6c8-9f5bp 4/4 Running 0 3m7s
kube-controller-manager-5465bc4dd6-zpdlk 1/1 Running 0 44s
kube-scheduler-5dd5f78b94-bbbck 1/1 Running 0 2m36s
machine-approver-846c69f56-jxvfr 1/1 Running 0 92s
oauth-openshift-79c7bf44bf-j975g 2/2 Running 0 62s
olm-operator-767f9584c-4lcl2 2/2 Running 0 93s
openshift-apiserver-5d469778c6-pl8tj 3/3 Running 0 2m36s
openshift-controller-manager-6475fdff58-hl4f7 1/1 Running 0 95s
openshift-oauth-apiserver-dbbc5cc5f-98574 2/2 Running 0 95s
openshift-route-controller-manager-5f6997b48f-s9vdc 1/1 Running 0 95s
packageserver-67c87d4d4f-kl7qh 2/2 Running 0 93s
----
+
When the hosted cluster is available, the output looks like the following example.
+
.Example output
[source,terminal]
----
NAMESPACE NAME VERSION KUBECONFIG PROGRESS AVAILABLE PROGRESSING MESSAGE
clusters hosted-dual hosted-admin-kubeconfig Partial True False The hosted control plane is available
----