By default, the multicluster controlplane would try to find ocmconfig.yaml in the current directory. You can use the customized one by setting the flag --config-file=<config-file.yaml>.
Here is a simple file of config-file.yaml:
dataDirectory: "/.ocm"
apiserver:
externalHostname: "http://abcdefg.com"
port: 9443
caFile: "ca.crt"
caKeyFile: "ca.key"
etcd:
mode: external
prefix: "/registry"
servers:
- http://etcd-1:2379
- http://etcd-2:2379
caFile: "etcd-trusted-ca.crt"
certFile: "etcd-client.crt"
keyFile: "etcd-client.key"The yaml content shown above is a config file with all fields filled in. Following this to better understand the config file.
Field dataDirectory is a string variable indicating the directory to store generated certs ,embed etcd data and kubeconfig, etc. While this field is missed in the config file, the default value /.ocm makes sense.
Field apiserver contains config for the controlplane apiserver:
externalHostnameis a string variable indicating the hostname for external access.portis a integer variable indicating the binding port of multicluster controlplane apiserver. The default value is9443.caFileis a string variable indicating the CA file provided by user to sign all the serving/client certificates.caKeyFileis a string variable indicating the CA Key file forcaFile.
Field etcd contains config for the controlplane etcd:
modeshould beembedorexternalindicating the multicluster controlplane etcd deploy mode. The value would beembedif fieldmodeis missed.prefixis a string variable indicating controlplane data prefix in etcd. The default value is"/registry".serversis a string array indicating etcd endpoints. The default value is[]string{"http://127.0.0.1:2379"}.caFileis a string variable indicating an etcd trusted ca file.certFileis a string variable indicating a client cert file signed bycaFile.keyFileis a string variable indicating client key file forcertFile.
NOTE: For
apiserverfield: If you want to use your own CA pair to sign the certificates, thecaFileandcaKeyFileshould be set together. Which means that if one of the two fields is missed/empty, the controlplane would self-generate CA pair to sign the necessary certificates.
Set environment variables and deploy etcd.
ETCD_NS(optional) is the namespace where the etcd is deployed in. The default ismulticluster-controlplane-etcd.
For example:
$ export ETCD_NS=<etcd namespace>
$ make deploy-etcdBefore start the controlplane, we should make sure config file is in path.
$ export IMAGE_NAME=<customized image. default is quay.io/open-cluster-management/multicluster-controlplane:latest>
$ make imageSet environment variables firstly and then deploy controlplane.
HUB_NAME(optional) is the namespace where the controlplane is deployed in. The default ismulticluster-controlplane.IMAGE_NAME(optional) is the customized image which can override the default imagequay.io/open-cluster-management/multicluster-controlplane:latest.
Edit the config file:
- externalHostname can be missed/set to empty.
- port should be set to 443
For example:
$ export HUB_NAME=<hub name>
$ export IMAGE_NAME=<your image>
$ make deployEdit the config file:
- externalHostname can be missed/set to empty.
- The range of valid port is 30000-32767
Most steps are similar with Option 1, the only difference is deploy command:
$ make deploy$ make vendor
$ make build
$ make run The kubeconfig file of the controlplane is in the dir hack/deploy/cert-${HUB_NAME}/kubeconfig.
You can use clusteradm to access and join a cluster.
$ clusteradm --kubeconfig=<kubeconfig file> get token --use-bootstrap-token
$ clusteradm join --hub-token <hub token> --hub-apiserver <hub apiserver> --cluster-name <cluster_name>
$ clusteradm --kubeconfig=<kubeconfig file> accept --clusters <cluster_name>Warning clusteradm version should be v0.4.1 or later
Currently we support to install work-manager and managed-serviceaccount add-on on the controlplane.
$ make deploy-work-manager-addon
$ make deploy-managed-serviceaccount-addon$ make destory$ export HUB_NAME=<hub name>
$ export IMAGE_NAME=<your image>
$ make deploy-all