The Registration Operator has 2 operators, Cluster Manager and Klusterlet. Cluster Manager installs the foundational components of OCM for the Hub cluster. And we can use the Klusterlet to install the agent components on the manged clusters when we import the manged clusters to the Hub.
The 2 operators are available on OperatorHub Cluster Manager and Klusterlet.
The operator ClusterManager configures the controllers on the hub that govern registration, placement and work distribution for attached Klusterlets.
The controllers are all deployed in open-cluster-management-hub namespace on the Hub cluster.
The operator Klusterlet represents the agent controllers registration and work on the managed cluster. The Klusterlet requires a secret named of bootstrap-hub-kubeconfig in the same namespace to allow API requests to the hub for the registration protocol.
The controllers are all deployed in open-cluster-management-agent namespace by default. The namespace can be specified in Klusterlet CR.
Get started with Kind
-
Create a cluster with kind
kind create cluster
-
Deploy
export KUBECONFIG=$HOME/.kube/config make deploy
PLEASE NOTE: if the server address in kubeconfig is a domain name, the hub api server may not be accessible for klusterlet
operator、 registration
and work
agent. In this case, you need to set hostAlias for klusterlet
deployment and klusterlet
CR explicitly.
We mainly provide deployment in two scenarios:
- All-in-one: using one cluster as hub and spoke at the same time.
- Hub-spoke: using one cluster as hub and another cluster as spoke.
-
Set the env variable
KUBECONFIG
to kubeconfig file path.export KUBECONFIG=$HOME/.kube/config
-
Deploy all components on the cluster.
make deploy
-
To clean the environment, run
make clean-deploy
-
Set env variables.
export KUBECONFIG=$HOME/.kube/config
-
Switch to hub context and deploy hub components.
kubectl config use-context {hub-context} make deploy-hub
PLEASE NOTE: If you're running kubernetes in docker, the
server
address in kubeconfig may not be accessible for other clusters. In this case, you need to setHUB_KUBECONFIG
explicitly.For example, if your clusters are created by kind, you need to use kind's command to export a kubeconfig of hub with an accessible
server
address. (The related issue)kind get kubeconfig --name {your kind cluster name} --internal > ./.hub-kubeconfig # ./.hub-kubeconfig is default value of HUB_KUBECONFIG
-
Switch to spoke context and deploy agent components.
kubectl config use-context {spoke context} make deploy-spoke
-
To clean the hub environment.
kubectl config use-context {hub-context} make clean-hub
-
To clean the spoke environment.
kubectl config use-context {spoke-context} make clean-spoke
-
Create 3 Kind clusters: management cluster, hub cluster and a managed cluster.
kind create cluster --name hub cat <<EOF | kind create cluster --name management --config=- kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 nodes: - role: control-plane extraPortMappings: - containerPort: 30443 hostPort: 30443 protocol: TCP - containerPort: 31443 hostPort: 31443 protocol: TCP EOF kind create cluster --name managed
-
Set the env variable
KUBECONFIG
to kubeconfig file path.export KUBECONFIG=$HOME/.kube/config
-
Get the
EXTERNAL_HUB_KUBECONFIG
kubeconfig.kind get kubeconfig --name hub --internal > ./.external-hub-kubeconfig
-
Switch to management cluster and deploy hub components.
kubectl config use-context {management-context} make deploy-hub-hosted
After deploy hub successfully, the user needs to expose webhook-servers in the management cluster manually.
cat <<EOF | kubectl apply -f - apiVersion: v1 kind: Service metadata: name: cluster-manager-registration-webhook-external namespace: cluster-manager spec: type: NodePort selector: app: cluster-manager-registration-webhook ports: - port: 9443 nodePort: 30443 --- apiVersion: v1 kind: Service metadata: name: cluster-manager-work-webhook-external namespace: cluster-manager spec: type: NodePort selector: app: cluster-manager-work-webhook ports: - port: 9443 nodePort: 31443 EOF
We support deploy the Klusterlet(registration-agent, work-agent) outside of managed cluster, called Hosted
mode, and we define the cluster where the Klusterlet runs as management-cluster.
-
Set env variables.
export KUBECONFIG=$HOME/.kube/config
-
Switch to hub context and deploy hub components.
kubectl config use-context {hub-context} make deploy-hub
PLEASE NOTE: If you're running kubernetes in docker, the
server
address in kubeconfig may not be accessible for other clusters. In this case, you need to setHUB_KUBECONFIG
explicitly.For example, if your clusters are created by kind, you need to use kind's command to export a kubeconfig of hub with an accessible
server
address. (The related issue)kind get kubeconfig --name {kind-hub-cluster-name} --internal > ./.hub-kubeconfig # ./.hub-kubeconfig is default value of HUB_KUBECONFIG
-
Switch to management context and deploy agent components on management cluster.
kubectl config use-context {management-context} make deploy-spoke-hosted
PLEASE NOTE: If you're running kubernetes in docker, the
server
address in kubeconfig may not be accessible for other clusters. In this case, you need to setEXTERNAL_MANAGED_KUBECONFIG
explicitly.For example, if your clusters are created by kind, you need to use kind's command to export a kubeconfig of managed/spoke cluster with an accessible
server
address. (The related issue)kind get kubeconfig --name {kind-managed-cluster-name} --internal > ./.external-managed-kubeconfig # ./.external-managed-kubeconfig is default value of EXTERNAL_MANAGED_KUBECONFIG, it is only useful in Hosted mode.
-
To clean the hub environment.
kubectl config use-context {hub-context} make clean-hub
-
To clean the spoke environment.
kubectl config use-context {management-context} make clean-spoke-hosted
After a successful deployment, a certificatesigningrequest
and a managedcluster
will
be created on the hub.
Switch to hub context and deploy hub components.
kubectl config use-context {hub-context}
kubectl get csr
Next approve the csr and set managedCluster to be accepted by hub with the following command
kubectl certificate approve {csr name}
kubectl patch managedcluster {cluster name} -p='{"spec":{"hubAcceptsClient":true}}' --type=merge
kubectl get managedcluster
Check the CONTRIBUTING Doc for how to contribute to the repo.
Slack channel: #open-cluster-mgmt
This code is released under the Apache 2.0 license. See the file LICENSE for more information.