TAM Demo Lab - Lab0 (Install ACM)

# TAM Demo Lab - Lab0 (Install ACM) ## Prerequisite (手動) ![](https://i.imgur.com/Elpvdhu.png) **OpenShift 4.10 (Hub cluster)** ``` HUB_CLUSTER_API=https://api.cluster-lgwtm.lgwtm.sandbox2400.opentlc.com:6443 HUB_CLUSTER_ADMIN=opentlc-mgr HUB_CLUSTER_PW=r3dh4t1! ``` **OpenShift 4.9 (Managed cluster)** Ansible playbook host需有oc client https://docs.openshift.com/container-platform/4.10/cli_reference/openshift_cli/getting-started-cli.html ## Install ACM Operator on Hub cluster (bash) ``` # Log into Hub Cluster $ HUB_CLUSTER_API=https://api.cluster-lgwtm.lgwtm.sandbox2400.opentlc.com:6443 $ HUB_CLUSTER_ADMIN=opentlc-mgr $ HUB_CLUSTER_PW=r3dh4t1! $ oc logout $ oc login -u $HUB_CLUSTER_ADMIN -p $HUB_CLUSTER_PW $HUB_CLUSTER_API --insecure-skip-tls-verify=true # Create project for ACM Hub $ oc new-project open-cluster-management $ oc project open-cluster-management # Set up environment variables $ ACM_OPERATOR_NAME=advanced-cluster-management $ ACM_OPERATOR_NS=open-cluster-management $ ACM_OPERATOR_CSV=advanced-cluster-management.v2.6.2 $ ACM_OPERATOR_CHANNEL=release-2.6 $ ACM_OPERATOR_CATALOG_SOURCE=redhat-operators $ ACM_OPERATOR_CATALOG_SOURCE_NS=openshift-marketplace # Create ACM Operator Group $ cat << EOF | oc apply -f - apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: $ACM_OPERATOR_NAME spec: targetNamespaces: - $ACM_OPERATOR_NS EOF # Create ACM operator Subscription $ cat << EOF | oc apply -f - apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: $ACM_OPERATOR_NAME namespace: $ACM_OPERATOR_NS spec: channel: $ACM_OPERATOR_CHANNEL installPlanApproval: Automatic name: $ACM_OPERATOR_NAME source: $ACM_OPERATOR_CATALOG_SOURCE sourceNamespace: $ACM_OPERATOR_CATALOG_SOURCE_NS startingCSV: $ACM_OPERATOR_CSV EOF # Wait until see `Succeeded` $ oc get csv advanced-cluster-management.v2.6.2 -o=jsonpath='{.status.phase}' Succeeded # Create MultiClusterHub $ cat << EOF | oc apply -f - apiVersion: operator.open-cluster-management.io/v1 kind: MultiClusterHub metadata: name: multiclusterhub namespace: $ACM_OPERATOR_NS spec: {} EOF # Wait until see "Running" $ oc get mch -o=jsonpath='{.items[0].status.phase}' Running $ oc logout ``` # Import managed cluster ## Generate import command from hub cluster ``` # On ACM Hub cluster # Log into Hub Cluster $ HUB_CLUSTER_API=https://api.cluster-lgwtm.lgwtm.sandbox2400.opentlc.com:6443 $ HUB_CLUSTER_ADMIN=opentlc-mgr $ HUB_CLUSTER_PW=r3dh4t1! $ oc logout $ oc login -u $HUB_CLUSTER_ADMIN -p $HUB_CLUSTER_PW $HUB_CLUSTER_API --insecure-skip-tls-verify=true $ CLUSTER_NAME=managed-cluster-1 $ oc new-project ${CLUSTER_NAME} $ cat << EOF | oc apply -f - apiVersion: cluster.open-cluster-management.io/v1 kind: ManagedCluster metadata: name: ${CLUSTER_NAME} labels: cloud: auto-detect vendor: auto-detect spec: hubAcceptsClient: true EOF # Save klusterlet-crd.yaml to import managed cluster $ oc get secret ${CLUSTER_NAME}-import -n ${CLUSTER_NAME} -o jsonpath={.data.crds\\.yaml} | base64 --decode > klusterlet-crd.yaml # Save import.yaml to import managed cluster $ oc get secret ${CLUSTER_NAME}-import -n ${CLUSTER_NAME} -o jsonpath={.data.import\\.yaml} | base64 --decode > import.yaml $ oc logout ``` ## Import managed cluster ``` ## On managed-cluster # Log into managed Cluster $ MANAGED_CLUSTER_API=https://api.cluster-7cmb2.7cmb2.sandbox2733.opentlc.com:6443 $ MANAGED_CLUSTER_ADMIN=opentlc-mgr $ MANAGED_CLUSTER_PW=r3dh4t1! $ oc logout $ oc login -u $MANAGED_CLUSTER_ADMIN -p $MANAGED_CLUSTER_PW $MANAGED_CLUSTER_API --insecure-skip-tls-verify=true $ oc apply -f klusterlet-crd.yaml customresourcedefinition.apiextensions.k8s.io/klusterlets.operator.open-cluster-management.io created $ oc apply -f import.yaml namespace/open-cluster-management-agent created serviceaccount/klusterlet created clusterrole.rbac.authorization.k8s.io/klusterlet created clusterrole.rbac.authorization.k8s.io/open-cluster-management:klusterlet-admin-aggregate-clusterrole created clusterrolebinding.rbac.authorization.k8s.io/klusterlet created deployment.apps/klusterlet created secret/bootstrap-hub-kubeconfig created klusterlet.operator.open-cluster-management.io/klusterlet created $ oc logout ``` ## Check import status on hub cluster ``` # On hub-cluster # Log into Hub Cluster HUB_CLUSTER_API=https://api.cluster-lgwtm.lgwtm.sandbox2400.opentlc.com:6443 HUB_CLUSTER_ADMIN=opentlc-mgr HUB_CLUSTER_PW=r3dh4t1! oc logout oc login -u $HUB_CLUSTER_ADMIN -p $HUB_CLUSTER_PW $HUB_CLUSTER_API --insecure-skip-tls-verify=true CLUSTER_NAME=managed-cluster-1 ## Should see Joined:true / Available: true $ oc get managedcluster managed-cluster-1 NAME HUB ACCEPTED MANAGED CLUSTER URLS JOINED AVAILABLE AGE managed-cluster-1 true https://api.cluster-7cmb2.7cmb2.sandbox2733.opentlc.com:6443 True True 121m $ oc logout ```