Add documentation for gRPC-based cluster registration #526
Conversation
❌ Deploy Preview for open-cluster-management failed.
|
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: qiujian16 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
| ``` | ||
|
|
||
| ## Migration from API-based to gRPC-based registration | ||
|
|
|
|
||
| ### TLS certificate issues | ||
|
|
||
| If you encounter TLS certificate validation errors: |
There was a problem hiding this comment.
the custom ca is not supported, currently we generate the cert automatically
kubectl -n open-cluster-management-hub get cm ca-bundle-configmap -ojsonpath='{.data.ca-bundle\.crt}'
kubectl -n open-cluster-management-hub get secrets signer-secret -ojsonpath="{.data.tls\.crt}"
kubectl -n open-cluster-management-hub get secrets signer-secret -ojsonpath="{.data.tls\.key}"
| {{< tabpane text=true >}} | ||
| {{% tab header="kind" %}} | ||
| ```shell | ||
| clusteradm join \ |
|
|
||
| ## Register a managed cluster using gRPC | ||
|
|
||
| ### Step 1: Generate the join token |
There was a problem hiding this comment.
the clusteradm is not supported yet, we may use the helm chart to register for now
see https://github.com/stolostron/cloudevents-conductor/tree/main?tab=readme-ov-file#import-your-managed-cluster
There was a problem hiding this comment.
is it ok we use clusteradm join at first, then update klusterlet? I think the missing part is setting grpc config in bootstrap secret?
There was a problem hiding this comment.
yes, the missing part is setting grpc config in bootstrap secret, but need some test
| name: cluster-manager-grpc-server | ||
| weight: 100 | ||
| port: | ||
| targetPort: grpc |
There was a problem hiding this comment.
| targetPort: grpc | |
| targetPort: 8090 |
| name: cluster-manager-grpc-server | ||
| namespace: open-cluster-management-hub | ||
| spec: | ||
| host: hub-grpc.apps.example.com |
There was a problem hiding this comment.
for ocp route, we don't need to set the host
|
|
||
| **Important**: The hostname in your Ingress/Route **must match** the `host` value specified in the ClusterManager's `serverConfiguration.endpointsExposure[].grpc.hostname.host` field. | ||
|
|
||
| **Option 1: Using Ingress (for Kubernetes)** |
There was a problem hiding this comment.
current we may only put the route here
There was a problem hiding this comment.
we would need ingress test, otherwise, it cannot be used without openshift.
| # The hostname where managed clusters will connect | ||
| # This should match your Ingress/Route hostname | ||
| host: hub-grpc.example.com | ||
| # Optional: CA bundle for TLS (base64 encoded) |
There was a problem hiding this comment.
the custom ca bundle does not support yet
| type: hostname | ||
| hostname: | ||
| # The hostname where managed clusters will connect | ||
| # This should match your Ingress/Route hostname |
There was a problem hiding this comment.
only route is tested, we may focus on route firstly
| - **OCM v1.1.0 or later** (when gRPC support was introduced) | ||
| - Hub cluster with cluster manager installed | ||
| - Network connectivity from managed clusters to the hub's gRPC server endpoint | ||
| - The managed clusters should be `v1.11+` |
| - Network connectivity from managed clusters to the hub's gRPC server endpoint | ||
| - The managed clusters should be `v1.11+` | ||
| - Ensure [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl) and [kustomize](https://kubectl.docs.kubernetes.io/installation/kustomize/) are installed | ||
| - A method to expose the gRPC server (using Ingress, Route, or LoadBalancer) |
There was a problem hiding this comment.
current we only tested the route, the ingress and loadbalancer are not tested
There was a problem hiding this comment.
we need at least one way that works in non ocp.
There was a problem hiding this comment.
for non ocp, we may start with the LoadBalancer service as an example.
For ingress, the configuration depends on the platform and is more complex.
- create a LoadBalancer service firstly
apiVersion: v1
kind: Service
metadata:
name: cluster-manager-grpc-server-lb
namespace: open-cluster-management-hub
spec:
type: LoadBalancer
ports:
- name: grpc
port: 443
targetPort: 8090
protocol: TCP
selector:
app: cluster-manager-grpc-servernote: for eks, the annotation service.beta.kubernetes.io/aws-load-balancer-type: nlb is required
- find external ip as the grpc host
kubectl get svc cluster-manager-grpc-lb -n open-cluster-management-hub -o jsonpath='{.status.loadBalancer.ingress[0].ip}'
then using clusteradm init hub and join the cluster
This commit adds comprehensive documentation for the gRPC-based registration feature introduced in OCM v0.15.0, addressing issue open-cluster-management-io#521. Key additions: - New guide: register-cluster-via-grpc.md covering: - Architecture and benefits of gRPC registration - Complete ClusterManager configuration with registrationDrivers - Instructions for exposing gRPC server via Ingress/Route - Klusterlet configuration with gRPC authType - Troubleshooting guide and migration instructions - Important note about add-on limitations with gRPC - Updated start-the-control-plane.md to reference the new gRPC registration option as an alternative to standard registration The documentation provides accurate API configurations based on the open-cluster-management-io/api repository and includes practical examples for both Kubernetes and OpenShift environments. Fixes open-cluster-management-io#521 Signed-off-by: Jian Qiu <[email protected]>
| autoApprovedIdentities: [] | ||
|
|
||
| # Server configuration for the gRPC server | ||
| serverConfiguration: |
There was a problem hiding this comment.
This option is not there in helm charts. Can I raise a PR for same ?
4 participants
This commit adds comprehensive documentation for the gRPC-based registration feature introduced in OCM v0.15.0, addressing issue #521.
Key additions:
New guide: register-cluster-via-grpc.md covering:
Updated start-the-control-plane.md to reference the new gRPC registration option as an alternative to standard registration
The documentation provides accurate API configurations based on the open-cluster-management-io/api repository and includes practical examples for both Kubernetes and OpenShift environments.
Fixes #521