The Compute operator enables users to register clusters to kcp. Once registered, the Compute operator is responsible for maintaining a SyncTarget (WorkloadCluster) in the desired kcp Location workspace and installing and configuring the kcp syncer.
Please fork this repo and clone from the fork. All of your work should be against the forked repo.
git clone https://github.com/<git username>/compute-operator.git
cd compute-operator
You must meet the following requirements:
kustomize
(ver. 4.2.0+)- access to a current ACM/MCE/OCM hub (TODO: provide more specific requirements)
- access to a kcp instance
To use this operator, you will need kubeconfigs for a managed hub cluster and a KCP workspace.
Use one of the following techniques to generate a kubeconfig:
A. Set a temporary KUBECONFIG and oc login
- Run the following:
rm -f /tmp/managed-hub-cluster.kubeconfig
touch /tmp/managed-hub-cluster.kubeconfig
export KUBECONFIG=/tmp/managed-hub-cluster.kubeconfig
oc login
to the managed hub clusterunset KUBECONFIG
or set it as before.
-OR-
B. Copy an existing context into a temp file
kubectl config view --context=<context_of_the_managed_hub_cluster> --minify --flatten > /tmp/managed-hub-cluster.kubeconfig
- Login to kcp
- Create a new workspace or enter an existing workspace where you will install the APIResourceSchema and create a ServiceAccount for this operator
- Create a service account in your workspace for example:
# kubectl create serviceaccount sa_name -n sa_namespace
kubectl create serviceaccount compute-operator -n default
- Generate the kubeconfig from this SA
# build/generate_kubeconfig_from_sa.sh sa_name sa_namespace kubeconfig_filename
build/generate_kubeconfig_from_sa.sh compute-operator default /tmp/kubeconfig-compute-operator.yaml
The location of the new kubeconfig will be displayed
New kubeconfig at /tmp/kubeconfig-compute-operator.yaml
- Create a ClusterRole and ClusterRoleBinding for this service account
kubectl apply -f hack/compute/role.yaml
kubectl apply -f hack/compute/role_binding.yaml
You can deploy the code from this repo onto a cluster, or you can run it locally.
To run the operator locally, you can:
export POD_NAMESPACE=compute-config
export HUB_KUBECONFIG=/tmp/managed-hub-cluster.kubeconfig
export KCP_KUBECONFIG=/tmp/kubeconfig-compute-operator.yaml
oc new-project $POD_NAMESPACE
make run-local
TODO: Debug directions
- Verify you are logged into the cluster where you'd like to deploy the operator. This does not need to be the hub cluster.
oc cluster-info
- From the cloned compute-operator directory:
export QUAY_USER=<your_user>
export IMG_TAG=<tag_you_want_to_use>
export IMG=quay.io/${QUAY_USER}/compute-operator:${IMG_TAG}
make docker-build docker-push deploy
- Verify the installer is running
There is one pod that should be running:
- compute-installer-controller-manager
Check using the following command:
oc get pods -n compute-config
Ensure the managed hub cluster meets the prereq listed in the Prereqs section above
-
Follow the steps above in Generating a kubeconfig for your managed hub cluster
-
Create config secret on the controller cluster to access the managed hub cluster.
- Login to the controller cluster
oc login
- Verify you are logged into the controller cluster
oc cluster-info
- Create the secret using the managed hub cluster kubeconfig
oc create secret generic <secret_name> --from-file=kubeconfig=/tmp/managed-hub-cluster.kubeconfig -n <controller_namespace>
- Create the hub config on the controller cluster:
echo '
apiVersion: singapore.open-cluster-management.io/v1alpha1
kind: HubConfig
metadata:
name: <name_of_your_hub>
namespace: <controller_namespace>
spec:
kubeconfigSecretRef:
name: <above_secret_name>
' | oc apply -f -
- Restart the controller if the ClusterRegistrar CR was already created in order to take into account this new hub.
-
Follow the steps above in Generating a kubeconfig for your kcp cluster
-
Create the clusterregistrar on the controller cluster with the kcp kubeconfig secret as reference:
- switch to the controller cluster and Verify you are logged into the cluster
oc cluster-info
- Create the kubeconfig secret
The secret must have the kcp kubeconfig in key
kubeconfig
.
kubectl create secret generic kcp-kubeconfig -n compute-config --from-file=kubeconfig=/tmp/kubeconfig-compute-operator.yaml
- Create the ClusterRegistrar
echo '
apiVersion: singapore.open-cluster-management.io/v1alpha1
kind: ClusterRegistrar
metadata:
name: cluster-reg
spec:
computeService:
computeKubeconfigSecretRef:
name: kcp-kubeconfig
' | oc create -f -
- Verify pods are running
There is now three pods that should be running
- compute-operator-installer-controller-manager
- compute-operator-manager
- compute-operator-webhook-service
Check using the following command:
oc get pods -n compute-config
NOTE: Restart the compute-operator-manager
pod
if you make any changes to the ClusterRegistrar or HubConfig. This will allow the operator to onboard the new hub config.
-
Create and enter a new workspace in kcp
-
Create an APIBinding to the compute-apis APIExport
Edit the file hack/compute/apibinding.yaml spec.reference.workspace.path to point at the workspace you created above in Generating a kubeconfig for your kcp cluster
kubectl apply -f hack/compute/apibinding.yaml
- Confirm the RegisteredCluster API is now available
% k api-resources | grep registered
registeredclusters singapore.open-cluster-management.io/v1alpha1 true RegisteredCluster
- Create a registeredcluster CR in the kcp workspace
kubectl create ns <a_namespace>
echo '
apiVersion: singapore.open-cluster-management.io/v1alpha1
kind: RegisteredCluster
metadata:
name: <your_cluster_name>
namespace: <a_namespace>
spec: {}
' | oc create -f -
- Import the user cluster
- In your kcp workspace, run
oc get configmap -n <your_namespace> <name_of_cluster_to_import>-import -o jsonpath='{.data.importCommand}'
- Copy the results. This is the command that needs to be run on the user cluster to trigger the import process. NOTE: This is a very large command, ensure you copy it completely!
- Login to the user cluster you want to import
- Verify you are logged into the user cluster you want to import
oc cluster-info
- Paste the result and run the commands
- Login to the controller cluster
- Verify you are logged into the controller cluster
oc cluster-info
- Watch the status.conditions of the RegisteredCluster CR. After several minutes the cluster should be successfully imported.
oc get registeredcluster -n <your_namespace> -oyaml
- The staus.clusterSecretRef will point to the Secret, <name_of_cluster_to_import>-cluster-secret ,containing the kubeconfig of the user cluster in data.kubeconfig.
oc get secrets <name_of_cluster_to_import>-cluster-secret -n <your_namespace> -ojsonpath='{.data.kubeconfig}' | base64 -d
- Verify you are logged into the controller cluster
oc cluster-info
- List all registered clusters on the controller cluster
oc get registeredcluster -A