About this demo
In place of kustomize build foo | oc apply -f - you may use oc apply -k foo .
Build a largish cluster
Log in to it
Deploy ACM operator and MulticlusterHub resource.
$ oc apply -k hub
# first time will produce error like below, re-run until clean
# unable to recognize "STDIN": no matches for kind "MultiClusterHub" in version "operator.open-cluster-management.io/v1"
$ oc apply -k hub
Update the values found in example secrets with your credentials.
$ find . -name secrets -o -name certs
Update vCenter password (
) in vsphere example until https://bugzilla.redhat.com/show_bug.cgi?id=1996188 resolves
$ vi clusters/vsphere-demo/install-config.yaml
Create credential secrets in open-cluster-management namespace.
$ oc apply -k credentials/hub
$ kustomize build credentials/hub | kfilt -k secret | grep ' name:'
name: aws-creds
name: azure-creds
name: gcp-creds
name: ocm-creds
name: pull-secret
name: ssh-private-key
name: ssh-public-key
name: vsphere-certs
name: vsphere-creds
Deploy clusters to the desired clouds.
$ kustomize build clusters/aws-demo | oc apply -f -
$ kustomize build clusters/az-demo | oc apply -f -
$ kustomize build clusters/vsphere-demo | oc apply -f -
$ oc apply -k clusters/gcp-demo
namespace/demo-gcp-tofu-org created
secret/gcp-creds created
secret/install-config created
secret/pull-secret created
secret/ssh-private-key created
secret/ssh-public-key created
klusterletaddonconfig.agent.open-cluster-management.io/demo-gcp-tofu-org created
managedcluster.cluster.open-cluster-management.io/demo-gcp-tofu-org created
clusterdeployment.hive.openshift.io/demo-gcp-tofu-org created
machinepool.hive.openshift.io/gcp-demo-worker created
Use script bin/mkeks to deploy an EKS cluster.
Deploy clusterpools to the desired clouds.
$ kustomize build clusterpools/aws-pool | oc apply -f -
$ kustomize build clusterpools/azure-pool | oc apply -f -
Deploy example Open Cluster Management policies.
$ kustomize build apps/demo-acm-policies | oc apply -f -
$ oc get clusterpools aws-pool -n aws-pool
$ oc get clusterpools azure-pool -n azure-pool
$ oc get namespaces | grep pool
$ oc get namespaces -l hive.openshift.io/cluster-pool-name=aws-pool
$ oc get namespaces -l hive.openshift.io/cluster-pool-name=azure-pool
$ oc get clusterdeployments -A
az-edge-cjl7n az-edge-cjl7n azure westus2 true az-edge-cjl7n-hp5mw 4.8.4 Hibernating 45h
az-edge-t67sc az-edge-t67sc azure westus2 true az-edge-t67sc-vdxcg 4.8.4 Hibernating 45h
demo-az-tofu-org demo-az-tofu-org azure westus2 true demo-r4rhh 4.8.4 Hibernating 46h
$ ./bin/ext-kubeconfig demo-az-tofu-org
$ export KUBECONFIG=demo-az-tofu-org/auth/kubeconfig
$ oc describe console
Generate random passwords and feed to an htpasswd file containing the values found in kustomize/oauth/secrets/
$ cd kustomize/oauth
$ touch secrets/passwords/$USER
# for each username in secrets/passwords inject a random password
# and build an htpasswd file
$ make
$ cat secrets/passwords/$USER
$ cat secrets/htpasswd
$ cd ../..
Configure htpasswd auth. This will create the htpasswd secret. You must modify the
resource by hand. See kustomize/oauth/patch-oauth.yaml
# log in to demo cluster
$ export KUBECONFIG=demo-az-tofu-org/auth/kubeconfig
# create htpasswd secret
$ kustomize build kustomize/oauth | oc apply -f -
# enable htpasswd authN
$ oc patch oauth/cluster --patch-file kustomize/oauth/patch-oauth.yaml --type=merge
Install compliance operator, and setup auto scanning
# do this twice:
$ oc apply -k 'https://github.com/redhat-cop/gitops-catalog/compliance-operator/aggregate/demo?ref=main'
Set policy-cis to enforcing
kustomize build apps/eks-sample | kubectl apply -f -
$ kustomize build clusters/aws-demo | oc delete -f -
$ kustomize build clusters/az-demo | oc delete -f -
$ kustomize build clusters/vsphere-demo | oc delete -f -
Less setup and more demo
"vSphere clusterdeployment requires credentials duplication in install-config.yaml" https://issues.redhat.com/browse/OCPBUGS-8955 (was https://bugzilla.redhat.com/show_bug.cgi?id=1996188)
Unlike a ClusterDeployment, a ClusterPool does not directly enable the creation of a machinepool.