mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
OSDOCS-14980-416: manual CP
This commit is contained in:
“Shauna Diaz”
@@ -55,6 +55,10 @@ Distros: microshift
|
||||
Topics:
|
||||
- Name: Installing with an RPM package
|
||||
File: microshift-install-rpm
|
||||
- Name: Stopping and starting MicroShift
|
||||
File: microshift-stop-start
|
||||
- Name: Accessing the MicroShift node with oc
|
||||
File: microshift-access-node
|
||||
- Name: Uninstalling MicroShift
|
||||
File: microshift-uninstall-rpm
|
||||
---
|
||||
@@ -97,16 +101,17 @@ Topics:
|
||||
File: microshift-default-config-yaml
|
||||
- Name: Customizing MicroShift by using the configuration file
|
||||
File: microshift-using-config-yaml
|
||||
- Name: Using configuration snippets
|
||||
File: microshift-config-snippets
|
||||
- Name: Cluster access with kubeconfig files
|
||||
File: microshift-cluster-access-kubeconfig
|
||||
- Name: Using custom certificate authorities
|
||||
File: microshift-custom-ca
|
||||
- Name: Node access with kubeconfig files
|
||||
File: microshift-node-access-kubeconfig
|
||||
- Name: Checking the status of greenboot health checks
|
||||
File: microshift-greenboot-checking-status
|
||||
- Name: Configuring audit logging policies
|
||||
File: microshift-audit-logs-config
|
||||
- Name: Configuring MicroShift authentication and security
|
||||
Dir: microshift_auth_security
|
||||
Topics:
|
||||
- Name: Using custom certificate authorities
|
||||
File: microshift-custom-ca
|
||||
- Name: Configuring audit logging policies
|
||||
File: microshift-audit-logs-config
|
||||
---
|
||||
Name: Networking
|
||||
Dir: microshift_networking
|
||||
|
||||
@@ -6,7 +6,7 @@ include::_attributes/attributes-microshift.adoc[]
|
||||
|
||||
toc::[]
|
||||
|
||||
You can use different command-line interface (CLI) tools to build, deploy, and manage a {microshift-short} cluster and workloads. With CLI tools, you can complete various administration and development operations from the terminal to manage deployments and interact with each component of the system.
|
||||
You can use different command-line interface (CLI) tools to build, deploy, and manage a {microshift-short} node and workloads. With CLI tools, you can complete various administration and development operations from the terminal to manage deployments and interact with each component of the system.
|
||||
|
||||
CLI tools available for use with {microshift-short} are the following:
|
||||
|
||||
@@ -16,14 +16,14 @@ CLI tools available for use with {microshift-short} are the following:
|
||||
|
||||
[NOTE]
|
||||
====
|
||||
Commands for multi-node deployments, projects, and developer tooling are not supported by {product-title}.
|
||||
Commands for multi-node deployments, projects, and developer tools are not supported by {microshift-short}.
|
||||
====
|
||||
|
||||
[role="_additional-resources"]
|
||||
[id="additional-resources_microshift-cli-tools"]
|
||||
[role="_additional-resources"]
|
||||
== Additional resources
|
||||
|
||||
* xref:..//microshift_cli_ref/microshift-oc-cli-install.adoc#microshift-oc-cli-install[Getting started with the OpenShift CLI]
|
||||
* link:https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/cli_tools/openshift-cli-oc#cli-about-cli_cli-developer-commands[About the OpenShift CLI] (OpenShift Container Platform documentation)
|
||||
* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9[Red Hat Enterprise Linux (RHEL) documentation for specific use cases]
|
||||
* xref:../microshift_configuring/microshift-cluster-access-kubeconfig.adoc#microshift-kubeconfig[Cluster access with kubeconfig]
|
||||
* link:https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9[Red Hat Enterprise Linux (RHEL) documentation for specific use cases]
|
||||
* xref:../microshift_configuring/microshift-node-access-kubeconfig.adoc#microshift-kubeconfig[Node access with kubeconfig]
|
||||
|
||||
@@ -1,15 +0,0 @@
|
||||
:_mod-docs-content-type: ASSEMBLY
|
||||
[id="microshift-config-snippets"]
|
||||
include::_attributes/attributes-microshift.adoc[]
|
||||
= Using {microshift-short} configuration snippets
|
||||
:context: microshift-config-snippets
|
||||
|
||||
If you want to configure one or two settings, use the `/etc/microshift/config.d/` configuration directory to drop in configuration snippet YAML files.
|
||||
|
||||
include::modules/microshift-how-config-snippets-work.adoc[leveloffset=+1]
|
||||
|
||||
include::modules/microshift-example-config-snippets-list.adoc[leveloffset=+1]
|
||||
|
||||
include::modules/microshift-example-config-snippets-objects.adoc[leveloffset=+1]
|
||||
|
||||
include::modules/microshift-example-mixed-config-snippets.adoc[leveloffset=+1]
|
||||
@@ -16,8 +16,8 @@ include::modules/microshift-config-yaml.adoc[leveloffset=+1]
|
||||
|
||||
include::modules/microshift-default-settings.adoc[leveloffset=+2]
|
||||
|
||||
//[id="additional-resources_microshift-using-config-yaml_{context}"]
|
||||
//[role="_additional-resources"]
|
||||
//== Additional resources
|
||||
[id="additional-resources_microshift-using-config-yaml_{context}"]
|
||||
[role="_additional-resources"]
|
||||
== Additional resources
|
||||
|
||||
//* xref:../microshift-using-config-yaml.adoc#microshift-using-config-yaml[Customizing {microshift-short} by using the configuration file]
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
:_mod-docs-content-type: ASSEMBLY
|
||||
[id="microshift-kubeconfig"]
|
||||
= Cluster access with kubeconfig files
|
||||
[id="microshift-node-access-kubeconfig"]
|
||||
= Node access with kubeconfig files
|
||||
include::_attributes/attributes-microshift.adoc[]
|
||||
:context: microshift-kubeconfig
|
||||
:context: microshift-node-access-kubeconfig
|
||||
|
||||
toc::[]
|
||||
|
||||
@@ -12,12 +12,12 @@ include::modules/microshift-kubeconfig-overview.adoc[leveloffset=+1]
|
||||
|
||||
include::modules/microshift-kubeconfig-local-access.adoc[leveloffset=+1]
|
||||
|
||||
include::modules/microshift-accessing-cluster-locally.adoc[leveloffset=+2]
|
||||
include::modules/microshift-accessing-node-locally.adoc[leveloffset=+2]
|
||||
|
||||
include::modules/microshift-kubeconfig-remote-con.adoc[leveloffset=+1]
|
||||
|
||||
include::modules/microshift-kubeconfig-generating-remote-kcfiles.adoc[leveloffset=+1]
|
||||
include::modules/microshift-kubeconfig-generating-additional-files.adoc[leveloffset=+1]
|
||||
|
||||
include::modules/microshift-accessing-cluster-open-firewall.adoc[leveloffset=+2]
|
||||
include::modules/microshift-accessing-node-open-firewall.adoc[leveloffset=+2]
|
||||
|
||||
include::modules/microshift-accessing-cluster-remotely.adoc[leveloffset=+2]
|
||||
include::modules/microshift-accessing-node-remotely.adoc[leveloffset=+2]
|
||||
1
microshift_configuring/microshift_auth_security/_attributes
Symbolic link
1
microshift_configuring/microshift_auth_security/_attributes
Symbolic link
@@ -0,0 +1 @@
|
||||
../../_attributes/
|
||||
1
microshift_configuring/microshift_auth_security/images
Symbolic link
1
microshift_configuring/microshift_auth_security/images
Symbolic link
@@ -0,0 +1 @@
|
||||
../../images/
|
||||
@@ -19,11 +19,12 @@ include::modules/microshift-custom-ca-troubleshooting.adoc[leveloffset=+1]
|
||||
include::modules/microshift-custom-ca-cert-cleaning.adoc[leveloffset=+1]
|
||||
|
||||
[id="Additional-resources_microshift-custom-ca_{context}"]
|
||||
[role="_additional-resources"]
|
||||
== Additional resources
|
||||
* link:https://docs.openshift.com/container-platform/{ocp-version}/security/certificates/api-server.html#customize-certificates-api-add-named_api-server-certificates[OpenShift: Add an API server named certificate]
|
||||
* link:https://docs.openshift.com/container-platform/{ocp-version}/security/certificates/api-server.html#customize-certificates-api-add-named_api-server-certificates[OpenShift: Add an API server named certificate] ({OCP} documentation)
|
||||
|
||||
* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/securing_networks/creating-and-managing-tls-keys-and-certificates_securing-networks#doc-wrapper[RHEL: Creating and managing TLS keys and certificates]
|
||||
* link:https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/securing_networks/creating-and-managing-tls-keys-and-certificates_securing-networks#doc-wrapper[RHEL: Creating and managing TLS keys and certificates] (RHEL documentation)
|
||||
|
||||
* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/securing_networks/using-shared-system-certificates_securing-networks#the-system-wide-trust-store_using-shared-system-certificates[The system-wide truststore]
|
||||
* link:https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/securing_networks/using-shared-system-certificates_securing-networks#the-system-wide-trust-store_using-shared-system-certificates[The system-wide truststore] (RHEL documentation)
|
||||
|
||||
* link:https://docs.openshift.com/container-platform/{ocp-version}/cli_reference/openshift_cli/managing-cli-profiles.html[OpenShift CLI Reference: oc login]
|
||||
* link:https://docs.openshift.com/container-platform/{ocp-version}/cli_reference/openshift_cli/managing-cli-profiles.html[OpenShift CLI Reference: oc login]
|
||||
1
microshift_configuring/microshift_auth_security/modules
Symbolic link
1
microshift_configuring/microshift_auth_security/modules
Symbolic link
@@ -0,0 +1 @@
|
||||
../../modules/
|
||||
1
microshift_configuring/microshift_auth_security/snippets
Symbolic link
1
microshift_configuring/microshift_auth_security/snippets
Symbolic link
@@ -0,0 +1 @@
|
||||
../../snippets/
|
||||
24
microshift_install_rpm/microshift-access-node.adoc
Normal file
24
microshift_install_rpm/microshift-access-node.adoc
Normal file
@@ -0,0 +1,24 @@
|
||||
:_mod-docs-content-type: ASSEMBLY
|
||||
[id="microshift-access-node"]
|
||||
include::_attributes/attributes-microshift.adoc[]
|
||||
= Accessing the {microshift-short} node with oc
|
||||
:context: microshift-access-node
|
||||
|
||||
toc::[]
|
||||
|
||||
Access a {microshift-short} node by using the {oc-first}.
|
||||
|
||||
include::modules/microshift-accessing.adoc[leveloffset=+1]
|
||||
|
||||
include::modules/microshift-accessing-node-locally.adoc[leveloffset=+2]
|
||||
|
||||
include::modules/microshift-accessing-node-open-firewall.adoc[leveloffset=+2]
|
||||
|
||||
include::modules/microshift-accessing-node-remotely.adoc[leveloffset=+2]
|
||||
|
||||
[id="additional-resources_microshift-access-node"]
|
||||
[role="_additional-resources"]
|
||||
== Additional resources
|
||||
|
||||
* xref:../microshift_cli_ref/microshift-oc-cli-install.adoc#microshift-oc-cli-install[Installing the OpenShift CLI tool]
|
||||
* xref:../microshift_configuring/microshift-node-access-kubeconfig.adoc#microshift-node-access-kubeconfig[Node access with kubeconfig files]
|
||||
@@ -19,43 +19,16 @@ include::snippets/microshift-rhde-compatibility-table-snip.adoc[leveloffset=+1]
|
||||
|
||||
include::modules/microshift-install-rpm-before.adoc[leveloffset=+1]
|
||||
|
||||
//additional resources for install rpm before module
|
||||
[role="_additional-resources"]
|
||||
.Additional resources
|
||||
* xref:../microshift_install_get_ready/microshift-fips.adoc#microshift-fips[Using FIPS mode with {microshift-short}]
|
||||
|
||||
include::modules/microshift-install-rpm-preparing.adoc[leveloffset=+1]
|
||||
|
||||
//additional resources for install rpm prep module
|
||||
[role="_additional-resources"]
|
||||
.Additional resources
|
||||
* Download the link:https://console.redhat.com/openshift/install/pull-secret[pull secret] from the Red Hat Hybrid Cloud Console
|
||||
//* xref:../microshift_configuring/microshift-using-config-yaml.adoc#microshift-using-config-yaml[Customizing {microshift-short} by using the configuration file]
|
||||
* For more options on partition configuration, read link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html-single/performing_a_standard_rhel_9_installation/index#manual-partitioning_graphical-installation[Configuring Manual Partitioning]
|
||||
* For more information about resizing your existing LVs to free up capacity in your VGs, read link:https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html-single/configuring_and_managing_logical_volumes/index#managing-lvm-volume-groups_configuring-and-managing-logical-volumes[Managing LVM Volume Groups].
|
||||
* For more information about creating VGs and PVs, read link:https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/configuring_and_managing_logical_volumes/overview-of-logical-volume-management_configuring-and-managing-logical-volumes[Overview of logical volume management]
|
||||
|
||||
include::modules/microshift-install-rpms.adoc[leveloffset=+1]
|
||||
|
||||
[id="microshift-starting-and-stopping"]
|
||||
== Starting and stopping {microshift-short}
|
||||
|
||||
After installing all of the RPM packages you need, learn to start and stop the {microshift-short} service.
|
||||
|
||||
include::modules/microshift-service-starting.adoc[leveloffset=+2]
|
||||
|
||||
include::modules/microshift-service-stopping.adoc[leveloffset=+2]
|
||||
|
||||
include::modules/microshift-accessing.adoc[leveloffset=+2]
|
||||
|
||||
//additional resources for accessing module
|
||||
[id="additional-resources_microshift-install-rpm"]
|
||||
[role="_additional-resources"]
|
||||
.Additional resources
|
||||
|
||||
* xref:../microshift_cli_ref/microshift-oc-cli-install.adoc#microshift-oc-cli-install[Installing the OpenShift CLI tool]
|
||||
|
||||
include::modules/microshift-accessing-cluster-locally.adoc[leveloffset=+2]
|
||||
|
||||
include::modules/microshift-accessing-cluster-open-firewall.adoc[leveloffset=+2]
|
||||
|
||||
include::modules/microshift-accessing-cluster-remotely.adoc[leveloffset=+2]
|
||||
== Additional resources
|
||||
* xref:../microshift_install_get_ready/microshift-fips.adoc#microshift-fips[Using FIPS mode with {microshift-short}]
|
||||
* Download the link:https://console.redhat.com/openshift/install/pull-secret[pull secret] from the Red Hat Hybrid Cloud Console
|
||||
* xref:../microshift_configuring/microshift-using-config-yaml.adoc#microshift-using-config-yaml[Customizing {microshift-short} by using the configuration file]
|
||||
* link:https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/interactively_installing_rhel_over_the_network/customizing-the-system-in-the-installer_rhel-installer#manual-partitioning_customizing-the-system-in-the-installer[Configuring manual partitioning]
|
||||
* link:https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/configuring_and_managing_logical_volumes/overview-of-logical-volume-management_configuring-and-managing-logical-volumes[Overview of logical volume management]
|
||||
* link:https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html-single/configuring_and_managing_logical_volumes/index#managing-lvm-volume-groups_configuring-and-managing-logical-volumes[Managing LVM Volume Groups]
|
||||
|
||||
13
microshift_install_rpm/microshift-stop-start.adoc
Normal file
13
microshift_install_rpm/microshift-stop-start.adoc
Normal file
@@ -0,0 +1,13 @@
|
||||
:_mod-docs-content-type: ASSEMBLY
|
||||
[id="microshift-stop-start"]
|
||||
include::_attributes/attributes-microshift.adoc[]
|
||||
= Stopping and starting {microshift-short}
|
||||
:context: microshift-stop-start
|
||||
|
||||
toc::[]
|
||||
|
||||
You can stop or start {microshift-short} for a variety of reasons, including a fresh installation, adding optional RPM packages, and troubleshooting.
|
||||
|
||||
include::modules/microshift-service-starting.adoc[leveloffset=+1]
|
||||
|
||||
include::modules/microshift-service-stopping.adoc[leveloffset=+1]
|
||||
@@ -8,4 +8,4 @@ toc::[]
|
||||
|
||||
Before you uninstall {microshift-short}, clean up all the {microshift-short} data and configuration by running the `microshift-cleanup-data` script.
|
||||
|
||||
include::modules/microshift-uninstall-microshift-rpms.adoc[leveloffset=+1]
|
||||
include::modules/microshift-uninstall-microshift-rpms.adoc[leveloffset=+1]
|
||||
|
||||
@@ -18,7 +18,7 @@ include::modules/microshift-adding-service-to-blueprint.adoc[leveloffset=+2]
|
||||
|
||||
include::modules/microshift-creating-ostree-iso.adoc[leveloffset=+2]
|
||||
|
||||
[id="additional-resources_microshift-embed-microshift-offline-deployments_{context}"]
|
||||
[id="additional-resources_microshift-embed-microshift-offline-deployments"]
|
||||
[role="_additional-resources"]
|
||||
== Additional resources
|
||||
|
||||
|
||||
@@ -64,12 +64,8 @@ include::modules/microshift-provisioning-ostree.adoc[leveloffset=+1]
|
||||
|
||||
include::modules/microshift-accessing.adoc[leveloffset=+1]
|
||||
|
||||
include::modules/microshift-accessing-cluster-locally.adoc[leveloffset=+2]
|
||||
include::modules/microshift-accessing-node-locally.adoc[leveloffset=+2]
|
||||
|
||||
include::modules/microshift-accessing-cluster-open-firewall.adoc[leveloffset=+2]
|
||||
include::modules/microshift-accessing-node-open-firewall.adoc[leveloffset=+2]
|
||||
|
||||
include::modules/microshift-accessing-cluster-remotely.adoc[leveloffset=+2]
|
||||
|
||||
[role="_additional-resources"]
|
||||
.Additional resources
|
||||
* xref:../microshift_configuring/microshift-cluster-access-kubeconfig.adoc#microshift-kubeconfig-generating-remote-kcfiles_microshift-cluster-access-kubeconfig[Generating additional kubeconfig files for remote access]
|
||||
include::modules/microshift-accessing-node-remotely.adoc[leveloffset=+2]
|
||||
|
||||
@@ -49,15 +49,15 @@ See the following list for details:
|
||||
|
||||
[id="microshift-4-16-custom-cert-auths_{context}"]
|
||||
==== Customizable certificate authorities for the API server are supported
|
||||
With this release, you can configure a custom server certificate that has been issued by an external certificate authority (CA). The default API server certificate is issued by an internal {microshift-short} cluster CA. You can now replace this certificate with one that is issued by a CA that clients trust. See xref:../microshift_configuring/microshift-custom-ca.adoc#microshift-custom-ca[Configuring custom certificate authorities].
|
||||
With this release, you can configure a custom server certificate that has been issued by an external certificate authority (CA). The default API server certificate is issued by an internal {microshift-short} cluster CA. You can now replace this certificate with one that is issued by a CA that clients trust. See xref:../microshift_configuring/microshift_auth_security/microshift-custom-ca.adoc#microshift-custom-ca[Configuring custom certificate authorities].
|
||||
|
||||
[id="microshift-4-16-audit-logging-config_{context}"]
|
||||
==== Configurable policies for log file rotation and retention
|
||||
You can now configure audit logging policies to manage the retention policies for log files, ensuring that edge devices with limited storage capacities are not hampered by accumulated logging data. To configure audit log policies, use settings such as a maximum file size limit and maximum retained files to set a limit on log storage size. You can also choose an audit policy profile to specify the data collected. See xref:../microshift_configuring/microshift-audit-logs-config.adoc#microshift-audit-logs-config[Configuring audit logs].
|
||||
You can now configure audit logging policies to manage the retention policies for log files, ensuring that edge devices with limited storage capacities are not hampered by accumulated logging data. To configure audit log policies, use settings such as a maximum file size limit and maximum retained files to set a limit on log storage size. You can also choose an audit policy profile to specify the data collected. See xref:../microshift_configuring/microshift_auth_security/microshift-audit-logs-config.adoc#microshift-audit-logs-config[Configuring audit logs].
|
||||
|
||||
[id="microshift-4-16-certificates-cleaning_{context}"]
|
||||
==== Support for cleaning up certificates
|
||||
With this release, you can clean up custom certificates. For more information, see xref:../microshift_configuring/microshift-custom-ca.adoc#microshift-custom-ca-certificates-cleaning_microshift-custom-ca[Cleaning up and recreating the custom certificates].
|
||||
With this release, you can clean up custom certificates. For more information, see xref:../microshift_configuring/microshift_auth_security/microshift-custom-ca.adoc#microshift-custom-ca-certificates-cleaning_microshift-custom-ca[Cleaning up and recreating the custom certificates].
|
||||
|
||||
[id="microshift-4-16-networking_{context}"]
|
||||
=== Networking
|
||||
|
||||
@@ -1,12 +1,12 @@
|
||||
:_mod-docs-content-type: ASSEMBLY
|
||||
[id="authentication-with-microshift"]
|
||||
= Pod security authentication and authorization
|
||||
= Pod security authentication and authorization with SCC
|
||||
include::_attributes/attributes-microshift.adoc[]
|
||||
:context: authentication-microshift
|
||||
|
||||
== Understanding and managing pod security admission
|
||||
|
||||
Pod security admission is an implementation of the link:https://kubernetes.io/docs/concepts/security/pod-security-standards/[Kubernetes pod security standards]. Use pod security admission to restrict the behavior of pods.
|
||||
Pod security admission is an implementation of the link:https://kubernetes.io/docs/concepts/security/pod-security-standards/[Kubernetes pod security standards]. Use security content constraints (SCC) for pod security admission to restrict pod behavior.
|
||||
|
||||
include::modules/microshift-security-context-constraints.adoc[leveloffset=+1]
|
||||
|
||||
|
||||
@@ -21,4 +21,4 @@ include::modules/microshift-certificate-lifetime.adoc[leveloffset=+1]
|
||||
[role="_additional-resources"]
|
||||
.Additional resources
|
||||
|
||||
* xref:../microshift_configuring/microshift-custom-ca.adoc#microshift-custom-ca[Configuring custom certificate authorities].
|
||||
* xref:../microshift_configuring/microshift_auth_security/microshift-custom-ca.adoc#microshift-custom-ca[Configuring custom certificate authorities].
|
||||
|
||||
@@ -2,13 +2,13 @@
|
||||
//
|
||||
// microshift_install_rpm/microshift-install-rpm.adoc
|
||||
// microshift_install_rpm_ostree/microshift-embed-in-rpm-ostree.adoc
|
||||
// microshift_configuring/microshift-cluster-access-kubeconfig.adoc
|
||||
// microshift_configuring/microshift-node-access-kubeconfig.adoc
|
||||
|
||||
:_mod-docs-content-type: PROCEDURE
|
||||
[id="accessing-microshift-cluster-locally_{context}"]
|
||||
= Accessing the {microshift-short} cluster locally
|
||||
[id="accessing-microshift-node-locally_{context}"]
|
||||
= Accessing the {microshift-short} node locally
|
||||
|
||||
Use the following procedure to access the {microshift-short} cluster locally by using a `kubeconfig` file.
|
||||
Use the following procedure to access the {microshift-short} node locally by using a `kubeconfig` file.
|
||||
|
||||
.Prerequisites
|
||||
|
||||
@@ -2,20 +2,19 @@
|
||||
//
|
||||
// microshift_install_rpm/microshift-install-rpm.adoc
|
||||
// microshift_install_rpm_ostree/microshift-embed-in-rpm-ostree.adoc
|
||||
// microshift_configuring/microshift-cluster-access-kubeconfig.adoc
|
||||
// microshift_configuring/microshift-node-access-kubeconfig.adoc
|
||||
|
||||
:_mod-docs-content-type: PROCEDURE
|
||||
[id="microshift-accessing-cluster-open-firewall_{context}"]
|
||||
= Opening the firewall for remote access to the {microshift-short} cluster
|
||||
[id="microshift-accessing-node-open-firewall_{context}"]
|
||||
= Opening the firewall for remote access to the {microshift-short} node
|
||||
|
||||
Use the following procedure to open the firewall so that a remote user can access the {microshift-short} cluster. This procedure must be completed before a workstation user can access the cluster remotely.
|
||||
Use the following procedure to open the firewall so that a remote user can access the {microshift-short} service. You must complete this procedure before a workstation user can access the node remotely.
|
||||
|
||||
For this procedure, `user@microshift` is the user on the {microshift-short} host machine and is responsible for setting up that machine so that it can be accessed by a remote user on a separate workstation.
|
||||
|
||||
.Prerequisites
|
||||
|
||||
* You have installed the `oc` binary.
|
||||
|
||||
* You installed {oc-first}.
|
||||
* Your account has cluster administration privileges.
|
||||
|
||||
.Procedure
|
||||
@@ -2,20 +2,21 @@
|
||||
//
|
||||
// microshift_install_rpm/microshift-install-rpm.adoc
|
||||
// microshift_install_rpm_ostree/microshift-embed-in-rpm-ostree.adoc
|
||||
// microshift_configuring/microshift-cluster-access-kubeconfig.adoc
|
||||
// microshift_configuring/microshift-access-node-kubeconfig.adoc
|
||||
|
||||
:_mod-docs-content-type: PROCEDURE
|
||||
[id="accessing-microshift-cluster-remotely_{context}"]
|
||||
= Accessing the {microshift-short} cluster remotely
|
||||
[id="accessing-microshift-node-remotely_{context}"]
|
||||
= Accessing the {microshift-short} node remotely
|
||||
|
||||
Use the following procedure to access the {microshift-short} cluster from a remote location by using a `kubeconfig` file.
|
||||
Use the following procedure to access the {microshift-short} service from a remote location by using a `kubeconfig` file.
|
||||
|
||||
The `user@workstation` login is used to access the host machine remotely. The `<user>` value in the procedure is the name of the user that `user@workstation` logs in with to the {microshift-short} host.
|
||||
|
||||
.Prerequisites
|
||||
|
||||
* You installed the {oc-first}.
|
||||
* You installed {oc-first}.
|
||||
* The `user@microshift` has opened the firewall from the local host.
|
||||
* You generated additional `kubeconfig` files.
|
||||
|
||||
.Procedure
|
||||
|
||||
@@ -33,17 +34,13 @@ The `user@workstation` login is used to access the host machine remotely. The `<
|
||||
[user@workstation]$ MICROSHIFT_MACHINE=<name or IP address of {microshift-short} machine>
|
||||
----
|
||||
|
||||
. As `user@workstation`, copy the generated `kubeconfig` file that contains the host name or IP address you want to connect to from the {op-system-base} machine running {microshift-short} to your local machine by running the following command:
|
||||
. As `user@workstation`, copy the generated `kubeconfig` file that contains the hostname or IP address you want to connect to from the {op-system-base} machine running {microshift-short} to your local machine by running the following command:
|
||||
+
|
||||
[source,terminal]
|
||||
----
|
||||
[user@workstation]$ ssh <user>@$MICROSHIFT_MACHINE "sudo cat /var/lib/microshift/resources/kubeadmin/$MICROSHIFT_MACHINE/kubeconfig" > ~/.kube/config
|
||||
[user@workstation]$ ssh <user>@$MICROSHIFT_MACHINE "sudo cat /var/lib/microshift/resources/kubeadmin/$MICROSHIFT_MACHINE/kubeconfig" > ~/.kube/config <1>
|
||||
----
|
||||
+
|
||||
[NOTE]
|
||||
====
|
||||
To generate the `kubeconfig` files for this step, see link:https://docs.redhat.com/en/documentation/red_hat_build_of_microshift/4.16/html/configuring/microshift-kubeconfig#generating-additional-kubeconfig-files_microshift-kubeconfig[Generating additional kubeconfig files for remote access].
|
||||
====
|
||||
<1> Replace _<user>_ with your SSH login credentials.
|
||||
|
||||
. As `user@workstation`, update the permissions on your `~/.kube/config` file by running the following command:
|
||||
+
|
||||
@@ -4,11 +4,11 @@
|
||||
// microshift_install_rpm_ostree/microshift-embed-in-rpm-ostree.adoc
|
||||
|
||||
:_mod-docs-content-type: CONCEPT
|
||||
[id="accessing-microshift-cluster_{context}"]
|
||||
= How to access the {microshift-short} cluster
|
||||
[id="accessing-microshift-node_{context}"]
|
||||
= How to access the {microshift-short} node
|
||||
|
||||
Use the procedures in this section to access the {microshift-short} cluster by using the {oc-first}.
|
||||
Access the {microshift-short} service by using the {oc-first}.
|
||||
|
||||
* You can access the cluster from either the same machine running the {microshift-short} service or from a remote location.
|
||||
* You can use this access to observe and administrate workloads.
|
||||
* When using the following steps, choose the `kubeconfig` file that contains the host name or IP address you want to connect to and place it in the relevant directory.
|
||||
* You can access the node from either the same machine running the {microshift-short} service or from a remote location.
|
||||
* You can use this access to observe and administer workloads.
|
||||
* When using the following steps, choose the `kubeconfig` file that contains the hostname or IP address you want to connect to and place it in the relevant directory.
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
// Module included in the following assemblies:
|
||||
//
|
||||
// * microshift/microshift_configuring/microshift-cluster-access-kubeconfig.adoc
|
||||
// * microshift/microshift_configuring/microshift-node-access-kubeconfig.adoc
|
||||
|
||||
:_mod-docs-content-type: PROCEDURE
|
||||
[id="generating-additional-kubeconfig-files_{context}"]
|
||||
[id="microshift-kubeconfig-generating-additional-files_{context}"]
|
||||
= Generating additional kubeconfig files for remote access
|
||||
|
||||
You can generate additional `kubeconfig` files to use if you need more host names or IP addresses than the default remote access file provides.
|
||||
@@ -1,12 +1,12 @@
|
||||
// Module included in the following assemblies:
|
||||
//
|
||||
// * microshift/microshift_configuring/microshift-cluster-access-kubeconfig.adoc
|
||||
// * microshift/microshift_configuring/microshift-node-access-kubeconfig.adoc
|
||||
|
||||
:_mod-docs-content-type: CONCEPT
|
||||
[id="microshift-kubeconfig-local-access_{context}"]
|
||||
= Local access kubeconfig file
|
||||
|
||||
The local access `kubeconfig` file is written to `/var/lib/microshift/resources/kubeadmin/kubeconfig`. This `kubeconfig` file provides access to the API server using `localhost`. Choose this file when you are connecting the cluster locally.
|
||||
The local access `kubeconfig` file is written to `/var/lib/microshift/resources/kubeadmin/kubeconfig`. This `kubeconfig` file provides access to the API server by using `localhost`. Choose this file when you are connecting the cluster locally.
|
||||
|
||||
.Example contents of `kubeconfig` for local access
|
||||
[source,yaml]
|
||||
|
||||
@@ -1,12 +1,12 @@
|
||||
// Module included in the following assemblies:
|
||||
//
|
||||
// * microshift/microshift_configuring/microshift-cluster-access-kubeconfig.adoc
|
||||
// * microshift/microshift_configuring/microshift-node-access-kubeconfig.adoc
|
||||
|
||||
:_mod-docs-content-type: CONCEPT
|
||||
[id="kubeconfig-files-overview_{context}"]
|
||||
= Kubeconfig files for configuring cluster access
|
||||
|
||||
The two categories of `kubeconfig` files used in {microshift-short} are local access and remote access. Every time {microshift-short} starts, a set of `kubeconfig` files for local and remote access to the API server are generated. These files are generated in the `/var/lib/microshift/resources/kubeadmin/` directory using preexisting configuration information.
|
||||
The two categories of `kubeconfig` files used in {microshift-short} are local access and remote access. Every time {microshift-short} starts, a set of `kubeconfig` files for local and remote access to the API server are generated. These files are generated in the `/var/lib/microshift/resources/kubeadmin/` directory by using preexisting configuration information.
|
||||
|
||||
Each access type requires a different authentication certificate signed by different Certificate Authorities (CAs). The generation of multiple `kubeconfig` files accommodates this need.
|
||||
|
||||
@@ -14,7 +14,7 @@ You can use the appropriate `kubeconfig` file for the access type needed in each
|
||||
|
||||
[NOTE]
|
||||
====
|
||||
A `kubeconfig` file must exist for the cluster to be accessible. The values are applied from built-in default values or a `config.yaml`, if one was created.
|
||||
A `kubeconfig` file must exist for the cluster to be accessible. The values are applied from built-in default values or a customized `config.yaml` file.
|
||||
====
|
||||
|
||||
.Example contents of the kubeconfig files
|
||||
@@ -29,7 +29,7 @@ A `kubeconfig` file must exist for the cluster to be accessible. The values are
|
||||
└── microshift-rhel9 <4>
|
||||
└── kubeconfig
|
||||
----
|
||||
<1> Local host name. The main IP address of the host is always the default.
|
||||
<1> Local hostname. The main IP address of the host is always the default.
|
||||
<2> Subject Alternative Names for API server certificates.
|
||||
<3> DNS name.
|
||||
<4> {microshift-short} host name.
|
||||
<4> {microshift-short} hostname.
|
||||
|
||||
@@ -1,12 +1,12 @@
|
||||
// Module included in the following assemblies:
|
||||
//
|
||||
// * microshift/microshift_configuring/microshift-cluster-access-kubeconfig.adoc
|
||||
// * microshift/microshift_configuring/microshift-node-access-kubeconfig.adoc
|
||||
|
||||
:_mod-docs-content-type: CONCEPT
|
||||
[id="remote-access-con_{context}"]
|
||||
= Remote access kubeconfig files
|
||||
|
||||
When a {microshift-short} cluster connects to the API server from an external source, a certificate with all of the alternative names in the SAN field is used for validation. {microshift-short} generates a default `kubeconfig` for external access using the `hostname` value. The defaults are set in the `<node.hostnameOverride>`, `<node.nodeIP>` and `api.<dns.baseDomain>` parameter values of the default `kubeconfig` file.
|
||||
When a {microshift-short} node connects to the API server from an external source, a certificate with all of the alternative names in the SAN field is used for validation. {microshift-short} generates a default `kubeconfig` for external access by using the `hostname` value. The defaults are set in the `<node.hostnameOverride>`, `<node.nodeIP>` and `api.<dns.baseDomain>` parameter values of the default `kubeconfig` file.
|
||||
|
||||
The `/var/lib/microshift/resources/kubeadmin/<hostname>/kubeconfig` file uses the `hostname` of the machine, or `node.hostnameOverride` if that option is set, to reach the API server. The CA of the `kubeconfig` file is able to validate certificates when accessed externally.
|
||||
|
||||
@@ -22,4 +22,4 @@ clusters:
|
||||
//line space was not showing on PV1 preview, so added extra blank line
|
||||
[id="remote-access-customization_{context}"]
|
||||
== Remote access customization
|
||||
Multiple remote access `kubeconfig` file values can be generated for accessing the cluster with different IP addresses or host names. An additional `kubeconfig` file generates for each entry in the `apiServer.subjectAltNames` parameter. You can copy remote access `kubeconfig` files from the host during times of IP connectivity and then use them to access the API server from other workstations.
|
||||
Multiple remote access `kubeconfig` file values can be generated for accessing the node with different IP addresses or host names. An additional `kubeconfig` file generates for each entry in the `apiServer.subjectAltNames` parameter. You can copy remote access `kubeconfig` files from the host during times of IP connectivity and then use them to access the API server from other workstations.
|
||||
|
||||
Reference in New Issue
Block a user