Skip to content

Latest commit

 

History

History
238 lines (189 loc) · 5.28 KB

env_acm.md

File metadata and controls

238 lines (189 loc) · 5.28 KB

ACM configuration

From web console:

  • Operators > OperatorHub > Install Advanced Cluster Management for Kubernetes (if not already installed)
  • Create a MultiClusterHub instance (when prompted)
  • Operators > Installed Operators > ACM > MultiClusterHub > Wait for Status Running

Create the search-api route

oc create route passthrough search-api --service=search-search-api -n open-cluster-management

Enable the search collector

For every managed cluster, create a namespace and a KlusterletAddonConfig with enabled searchCollector:

for i in {1..2}; do
oc new-project mgmt-spoke$i
oc apply -f - <<-EOF
apiVersion: agent.open-cluster-management.io/v1
kind: KlusterletAddonConfig
metadata:
  name: mgmt-spoke$i
  namespace: mgmt-spoke$i
spec:
  searchCollector:
    enabled: true
  applicationManager:
    enabled: true
  certPolicyController:
    enabled: true
  iamPolicyController:
    enabled: true
  policyController:
    enabled: true
EOF
done
oc project default

Create a token for accessing the API

oc create token oauth-apiserver-sa -n openshift-oauth-apiserver --duration=8760h

Query the API

POST https://search-api-open-cluster-management.apps.oran-hub01.rdu-infra-edge.corp/searchapi/graphql

query mySearch($input: [SearchInput]) {
    searchResult: search(input: $input) {
        items,      
        }
}

# GraphQL vars
{"input":[
    {
        "filters":[
            {"property":"kind","values":["Cluster"]}]
    }
]}

Install

  • OperatorHub > Multicluster Global Hub Operator
  • Create a MulticlusterGlobalHub CR (e.g. using the web console)

Config

Edit the CSV:

oc -n multicluster-global-hub edit csv multicluster-global-hub-operator.v1.1.0-dev

Add the following under 'containers.args':

- --global-resource-enabled

Note: in order to test the functionality of the global hub, ACM should be installed on the spoke clusters.

Prerequisites

Prepare storage

Clone assisted-service:

git clone https://github.com/openshift/assisted-service

Install and configure LSO:

cd assisted-service/deploy/operator/
export DISKS=$(echo sd{b..f})
./libvirt_disks.sh create
./setup_lso.sh install_lso
./setup_lso.sh create_local_volume
oc patch storageclass assisted-service -p '{"metadata": {"annotations": {"storageclass.kubernetes.io/is-default-class": "true"}}}'

Run minio (for S3 compatible object storage):

podman run -d -p 9000:9000 -p 9001:9001 -v ~/minio/data:/data
-e "MINIO_ROOT_USER=accessKey1" -e "MINIO_ROOT_PASSWORD=verySecretKey1"
quay.io/minio/minio server /data --console-address ":9001"

Create namespace

oc create namespace open-cluster-management-observability

Create operator pull secret

DOCKER_CONFIG_JSON=`oc extract secret/pull-secret -n openshift-config --to=-`
oc create secret generic multiclusterhub-operator-pull-secret \
    -n open-cluster-management-observability \
    --from-literal=.dockerconfigjson="$DOCKER_CONFIG_JSON" \
    --type=kubernetes.io/dockerconfigjson

Apply Thanos Secret

oc apply -f thanos-secret.yaml

apiVersion: v1
kind: Secret
metadata:
  name: thanos-object-storage
  namespace: open-cluster-management-observability
type: Opaque
stringData:
  thanos.yaml: |
    type: s3
    config:
      bucket: test
      endpoint: <host_ip>:9000
      insecure: true
      access_key: accessKey1
      secret_key: verySecretKey1

Note: change <host_ip>

Apply MultiClusterObservability

oc apply -f mco.yaml

apiVersion: observability.open-cluster-management.io/v1beta2
kind: MultiClusterObservability
metadata:
  name: "observability"
spec:
  observabilityAddonSpec: {}
  storageConfig:
    metricObjectStorage:
      name: thanos-object-storage
      key: thanos.yaml
    compactStorageSize: 50Gi
    receiveStorageSize: 50Gi
  advanced:
    query:
      resources:
        limits:
          cpu: 1
          memory: 1Gi
      replicas: 1
    receive:
      resources:
        limits:
          cpu: 1
          memory: 1Gi
      replicas: 1
    rule:
      resources:
        limits:
          cpu: 1
          memory: 1Gi
      replicas: 1
    store:
      resources:
        limits:
          cpu: 1
          memory: 1Gi
      replicas: 1
    storeMemcached:
      resources:
        limits:
          cpu: 1
          memory: 1Gi
      replicas: 1
    queryFrontendMemcached:
      resources:
        limits:
          cpu: 1
          memory: 1Gi
      replicas: 1
    alertmanager:
      replicas: 1

Export the created token for accessing the API

export TOKEN=$(oc create token oauth-apiserver-sa -n openshift-oauth-apiserver --duration=8760h)

Access AlertManager API

https://alertmanager-open-cluster-management-observability.apps.ostest.test.metalkube.org/api/v2/alerts

curl -k -H "Authorization: Bearer $TOKEN" https://alertmanager-open-cluster-management-observability.apps.ostest.test.metalkube.org/api/v2/alerts | jq