openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
bccb026e9beac58ee57722f69a0841cce4e9ce28
openshift-docs/modules/hcp-hc-objects.adoc
Laura Hinson 9aed7256ef Add MCE content source to HCP example
2025-12-17 17:27:41 +00:00

253 lines
9.2 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
//
// * hosted_control_planes/hcp-disconnected/hcp-deploy-dc-bm.adoc
:_mod-docs-content-type: PROCEDURE
[id="hcp-hc-objects_{context}"]
= Deploying hosted cluster objects
Typically, the HyperShift Operator creates the `HostedControlPlane` namespace. However, in this case, you want to include all the objects before the HyperShift Operator begins to reconcile the `HostedCluster` object. Then, when the Operator starts the reconciliation process, it can find all of the objects in place.
.Procedure
. Create a YAML file with the following information about the namespaces:
+
[source,yaml]
----
---
apiVersion: v1
kind: Namespace
metadata:
creationTimestamp: null
name: <hosted_cluster_namespace>-<hosted_cluster_name> <1>
spec: {}
status: {}
---
apiVersion: v1
kind: Namespace
metadata:
creationTimestamp: null
name: <hosted_cluster_namespace> <2>
spec: {}
status: {}
----
+
<1> Replace `<hosted_cluster_name>` with your hosted cluster.
<2> Replace `<hosted_cluster_namespace>` with the name of your hosted cluster namespace.
. Create a YAML file with the following information about the config maps and secrets to include in the `HostedCluster` deployment:
+
[source,yaml]
----
---
apiVersion: v1
data:
ca-bundle.crt: |
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
kind: ConfigMap
metadata:
name: user-ca-bundle
namespace: <hosted_cluster_namespace> <1>
---
apiVersion: v1
data:
.dockerconfigjson: xxxxxxxxx
kind: Secret
metadata:
creationTimestamp: null
name: <hosted_cluster_name>-pull-secret <2>
namespace: <hosted_cluster_namespace> <1>
---
apiVersion: v1
kind: Secret
metadata:
name: sshkey-cluster-<hosted_cluster_name> <2>
namespace: <hosted_cluster_namespace> <1>
stringData:
id_rsa.pub: ssh-rsa xxxxxxxxx
---
apiVersion: v1
data:
key: nTPtVBEt03owkrKhIdmSW8jrWRxU57KO/fnZa8oaG0Y=
kind: Secret
metadata:
creationTimestamp: null
name: <hosted_cluster_name>-etcd-encryption-key <2>
namespace: <hosted_cluster_namespace> <1>
type: Opaque
----
+
<1> Replace `<hosted_cluster_namespace>` with the name of your hosted cluster namespace.
<2> Replace `<hosted_cluster_name>` with your hosted cluster.
. Create a YAML file that contains the RBAC roles so that Assisted Service agents can be in the same `HostedControlPlane` namespace as the hosted control plane and still be managed by the cluster API:
+
[source,yaml]
----
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
creationTimestamp: null
name: capi-provider-role
namespace: <hosted_cluster_namespace>-<hosted_cluster_name> <1> <2>
rules:
- apiGroups:
- agent-install.openshift.io
resources:
- agents
verbs:
- '*'
----
+
<1> Replace `<hosted_cluster_namespace>` with the name of your hosted cluster namespace.
<2> Replace `<hosted_cluster_name>` with your hosted cluster.
. Create a YAML file with information about the `HostedCluster` object, replacing values as necessary:
+
[source,yaml]
----
apiVersion: hypershift.openshift.io/v1beta1
kind: HostedCluster
metadata:
name: <hosted_cluster_name> <1>
namespace: <hosted_cluster_namespace> <2>
spec:
additionalTrustBundle:
name: "user-ca-bundle"
olmCatalogPlacement: guest
configuration:
operatorhub:
disableAllDefaultSources: true <3>
imageContentSources: <4>
- source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
mirrors:
- registry.<dns.base.domain.name>:5000/openshift/release <5>
- source: quay.io/openshift-release-dev/ocp-release
mirrors:
- registry.<dns.base.domain.name>:5000/openshift/release-images <5>
- mirrors:
- registry.<dns.base.domain.name>:5000/openshift/release-images <5>
- source: registry.redhat.io/multicluster-engine
mirrors:
- registry.<dns.base.domain.name>:5000/openshift/multicluster-engine <5>
# ...
autoscaling: {}
controllerAvailabilityPolicy: SingleReplica
dns:
baseDomain: <dns.base.domain.name> <5>
etcd:
managed:
storage:
persistentVolume:
size: 8Gi
restoreSnapshotURL: null
type: PersistentVolume
managementType: Managed
fips: false
networking:
clusterNetwork:
- cidr: 10.132.0.0/14
- cidr: fd01::/48
networkType: OVNKubernetes
serviceNetwork:
- cidr: 172.31.0.0/16
- cidr: fd02::/112
platform:
agent:
agentNamespace: <hosted_cluster_namespace>-<hosted_cluster_name> <1> <2>
type: Agent
pullSecret:
name: <hosted_cluster_name>-pull-secret <1>
release:
image: registry.<dns.base.domain.name>:5000/openshift/release-images:<4.x.y>-x86_64 <5> <6>
secretEncryption:
aescbc:
activeKey:
name: <hosted_cluster_name>-etcd-encryption-key <1>
type: aescbc
services:
- service: APIServer
servicePublishingStrategy:
type: LoadBalancer
- service: OAuthServer
servicePublishingStrategy:
type: Route
- service: OIDC
servicePublishingStrategy:
type: Route
- service: Konnectivity
servicePublishingStrategy:
type: Route
- service: Ignition
servicePublishingStrategy:
type: Route
sshKey:
name: sshkey-cluster-<hosted_cluster_name> <1>
status:
controlPlaneEndpoint:
host: ""
port: 0
----
+
<1> Replace `<hosted_cluster_name>` with your hosted cluster.
<2> Replace `<hosted_cluster_namespace>` with the name of your hosted cluster namespace.
<3> For the `disableAllDefaultSources` parameter, specify `true` if you want to disable all default OLM catalog resources. The default value is `false`, which enables all default OLM catalog resources.
<4> The `imageContentSources` section contains mirror references for user workloads within the hosted cluster.
<5> Replace `<dns.base.domain.name>` with the DNS base domain name.
<6> Replace `<4.x.y>` with the supported {product-title} version you want to use.
. Create all of the objects that you defined in the YAML files by concatenating them into a file and applying them against the management cluster. To do so, enter the following command:
+
[source,terminal]
----
$ oc apply -f 01-4.14-hosted_cluster-nodeport.yaml
----
+
.Example output
[source,terminal]
----
NAME READY STATUS RESTARTS AGE
capi-provider-5b57dbd6d5-pxlqc 1/1 Running 0 3m57s
catalog-operator-9694884dd-m7zzv 2/2 Running 0 93s
cluster-api-f98b9467c-9hfrq 1/1 Running 0 3m57s
cluster-autoscaler-d7f95dd5-d8m5d 1/1 Running 0 93s
cluster-image-registry-operator-5ff5944b4b-648ht 1/2 Running 0 93s
cluster-network-operator-77b896ddc-wpkq8 1/1 Running 0 94s
cluster-node-tuning-operator-84956cd484-4hfgf 1/1 Running 0 94s
cluster-policy-controller-5fd8595d97-rhbwf 1/1 Running 0 95s
cluster-storage-operator-54dcf584b5-xrnts 1/1 Running 0 93s
cluster-version-operator-9c554b999-l22s7 1/1 Running 0 95s
control-plane-operator-6fdc9c569-t7hr4 1/1 Running 0 3m57s
csi-snapshot-controller-785c6dc77c-8ljmr 1/1 Running 0 77s
csi-snapshot-controller-operator-7c6674bc5b-d9dtp 1/1 Running 0 93s
csi-snapshot-webhook-5b8584875f-2492j 1/1 Running 0 77s
dns-operator-6874b577f-9tc6b 1/1 Running 0 94s
etcd-0 3/3 Running 0 3m39s
hosted-cluster-config-operator-f5cf5c464-4nmbh 1/1 Running 0 93s
ignition-server-6b689748fc-zdqzk 1/1 Running 0 95s
ignition-server-proxy-54d4bb9b9b-6zkg7 1/1 Running 0 95s
ingress-operator-6548dc758b-f9gtg 1/2 Running 0 94s
konnectivity-agent-7767cdc6f5-tw782 1/1 Running 0 95s
kube-apiserver-7b5799b6c8-9f5bp 4/4 Running 0 3m7s
kube-controller-manager-5465bc4dd6-zpdlk 1/1 Running 0 44s
kube-scheduler-5dd5f78b94-bbbck 1/1 Running 0 2m36s
machine-approver-846c69f56-jxvfr 1/1 Running 0 92s
oauth-openshift-79c7bf44bf-j975g 2/2 Running 0 62s
olm-operator-767f9584c-4lcl2 2/2 Running 0 93s
openshift-apiserver-5d469778c6-pl8tj 3/3 Running 0 2m36s
openshift-controller-manager-6475fdff58-hl4f7 1/1 Running 0 95s
openshift-oauth-apiserver-dbbc5cc5f-98574 2/2 Running 0 95s
openshift-route-controller-manager-5f6997b48f-s9vdc 1/1 Running 0 95s
packageserver-67c87d4d4f-kl7qh 2/2 Running 0 93s
----
+
When the hosted cluster is available, the output looks like the following example.
+
.Example output
[source,terminal]
----
NAMESPACE NAME VERSION KUBECONFIG PROGRESS AVAILABLE PROGRESSING MESSAGE
clusters hosted-dual hosted-admin-kubeconfig Partial True False The hosted control plane is available
----
View Git Blame Copy Permalink