“OpenShift/RHEL/DevSecOps Summary Catalog”
Note: This article has been verified in the environment of OpenShift 4.12 + OpenShift Virtualization 4.12 + ACM 2.8 or MCE 2.3
Article directory
- Technology Architecture
- Installation and configuration environment
- Environmental requirements
-
- Install and configure OpenShift Virtualization
- Install and configure Red Hat ACM or MCE
- Install and configure MetalLB
- Create an OpenShift Hosted Cluster in OpenShift Virtualization
- Delete a managed cluster
- Demo video
- refer to
Technical architecture
Using OpenShift Virtualization to run OpenShift Hosted Cluster, that is, the architecture of the hosted cluster is as shown below. This mode is to run the Worker node of the hosted cluster in the VM provided by OpenShift Virtualization in the OpenShift management cluster.
Installation and configuration environment
Environmental requirements
- If it is a production environment, it is recommended to run OpenShift management cluster in a Baremeta environment.
- OpenShift management clusters require the use of Kubernetes-OVN type CNI. If you are using OpenShiftSDN, you can refer to “Migrating to the OVN-Kubernetes network plugin” to convert it to Kubernetes-OVN.
Install and configure OpenShift Virtualization
- Install the OpenShift Virtualization Operator using the default configuration.
- Then create an OpenShift Virtualization Deployment with default configuration inside it.
Install and configure Red Hat ACM or MCE
- Install the Red Hat ACM Operator or MCE Operator using default configuration.
- Create a MultiClusterHub or MultiClusterEngine (named multiclusterengine) object with default configuration.
- Executing the command allows multiclusterengine to use hypershift-preview. Note: This is because this feature is still in the Preview stage, and this step is expected to be omitted after it is officially GA.
$ oc patch mce multiclusterengine --type=merge -p '{"spec":{"overrides":{"components":[{"name":"hypershift-preview","enabled":true}] }}}'
- The previous step creates a ManagedClusterAddOn object based on the following YAML.
apiVersion: addon.open-cluster-management.io/v1alpha1 kind: ManagedClusterAddOn metadata: name: hypershift-addon namespace: local-cluster spec: installNamespace: open-cluster-management-agent-addon
- Confirmation will automatically create the hypershift project and Deployment.
$ oc get deployment -n hypershift NAME READY UP-TO-DATE AVAILABLE AGE operator 2/2 2 2 6m6s $ oc get pod -n hypershift NAME READY STATUS RESTARTS AGE operator-7fdc8d998b-8s7pl 1/1 Running 0 9h operator-7fdc8d998b-l9xpd 1/1 Running 0 9h
Install and configure MetalLB
- Install MetalLB Operator with default configuration.
- Create a MetalLB object based on the following default configuration.
apiVersion: metallb.io/v1beta1 Kind: MetalLB metadata: name: metallb namespace: metallb-system
- Create an IPAddressPool object based on the following YAML.
apiVersion: metallb.io/v1beta1 kind:IPAddressPool metadata: name: ip-addresspool namespace: metallb-system spec: addresses: - 10.39.127.20-10.39.127.26 autoAssign: true avoidBuggyIPs: false
- Create an L2Advertisement object based on the following YAML.
apiVersion: metallb.io/v1beta1
Kind: L2Advertisement
metadata:
name: l2-adv
namespace: metallb-system
spec:
ipAddressPools:
-ip-addresspool
- Execute the command to allow OpenShift’s ingresscontroller to use wildcard DNS routes.
$ oc patch ingresscontroller -n openshift-ingress-operator default --type=json -p '[{ "op": "add", "path": "/spec/routeAdmission", "value": {wildcardPolicy : "WildcardsAllowed"}}]'
Create an OpenShift Hosted Cluster in OpenShift Virtualization
- Create a project named clusters.
$ oc new-project clusters
- Download the hypershift client.
$ curl -LOk https://hypershift-cli-download-multicluster-engine.$( oc get ingresscontroller default -n openshift-ingress-operator -o json | jq -r '.status.domain' )/linux/amd64/hypershift.tar.gz $ tar -xvf hypershift.tar.gz
-
Click “Create Cluster” on the cluster page of the RHACM console, then enter Red Hat OpenShift Virtualization, and then click “Host” to see the following prompt interface for creating a cluster.
-
Execute the following commands according to the prompts in the above figure to create a managed cluster, whose Worker nodes will run in the VM environment provided by kubevirt. In addition, the pull-secret file is officially downloaded from Red Hat.
$ export PULL_SECRET="$HOME/pull-secret" $ export MEM="6Gi" $ export CPU="2" $ export WORKER_COUNT="2" $ export CLUSTER_NAME=my-cluster-1 $ export OCP_VERSION=4.13.2 $ hypershift create cluster kubevirt \ --name $CLUSTER_NAME \ --release-image quay.io/openshift-release-dev/ocp-release:$OCP_VERSION-x86_64 \ --node-pool-replicas $WORKER_COUNT \ --pull-secret $PULL_SECRET \ --memory $MEM \ --cores $CPU
- After the managed cluster is successfully created, you can see the cluster in RHACM.
Delete a managed cluster
- You can execute the following command to delete a managed cluster.
$ hypershift destroy cluster kubevirt --name my-cluster-1
2023-09-06T11:59:18Z INFO Found hosted cluster {<!-- -->"namespace": "clusters", "name": "my-cluster-1"}
2023-09-06T11:59:19Z INFO Updated finalizer for hosted cluster {<!-- -->"namespace": "clusters", "name": "my-cluster-1"}
2023-09-06T11:59:19Z INFO Deleting hosted cluster {<!-- -->"namespace": "clusters", "name": "my-cluster-1"}
2023-09-06T12:01:41Z INFO Deleting Secrets {<!-- -->"namespace": "clusters"}
2023-09-06T12:01:41Z INFO Deleted CLI generated secrets
2023-09-06T12:01:41Z INFO Finalized hosted cluster {<!-- -->"namespace": "clusters", "name": "my-cluster-1"}
2023-09-06T12:01:41Z INFO Successfully destroyed cluster and infrastructure {<!-- -->"namespace": "clusters", "name": "my-cluster-1d", "infraID": "my- cluster-1-zkrvf"}
Demo video
video
Reference
https://medium.com/@ben.swinney_ce/hypershift-with-kubevirt-564bd1f850ce
https://cloud.redhat.com/blog/effortlessly-and-efficiently-provision-openshift-clusters-with-openshift-virtualization