|
| 1 | +// Module included in the following assemblies: |
| 2 | +// |
| 3 | +// * scalability_and_performance/telco-hub-rds.adoc |
| 4 | + |
| 5 | +:_mod-docs-content-type: PROCEDURE |
| 6 | + |
| 7 | +[id="using-cluster-compare-telco_hub_{context}"] |
| 8 | += Comparing a cluster with the {rds} reference configuration |
| 9 | + |
| 10 | +After you deploy a {rds} cluster, you can use the `cluster-compare` plugin to assess the cluster's compliance with the {rds} reference design specifications (RDS). The `cluster-compare` plugin is an OpenShift CLI (`oc`) plugin. The plugin uses a {rds} reference configuration to validate the cluster with the {rds} custom resources (CRs). |
| 11 | + |
| 12 | +The plugin-specific reference configuration for {rds} is packaged in a container image with the {rds} CRs. |
| 13 | + |
| 14 | +For further information about the `cluster-compare` plugin, see "Understanding the cluster-compare plugin". |
| 15 | + |
| 16 | +The following example shows how to compare the configuration of a cluster to the {rds} reference configuration by using `must-gather` data. |
| 17 | + |
| 18 | +[NOTE] |
| 19 | +==== |
| 20 | +When comparing a cluster to the {rds} reference configuration by using `must-gather` data, you must use the `--all-images` flag when generating the `must-gather` data. You must also collect cluster-scoped resource information, as well as Operator and registry configurations. Without this data, the plugin might report false positives. |
| 21 | +==== |
| 22 | + |
| 23 | +.Prerequisites |
| 24 | + |
| 25 | +* You have access to the cluster as a user with the `cluster-admin` role. |
| 26 | + |
| 27 | +* You have credentials to access the `registry.redhat.io` container image registry. |
| 28 | + |
| 29 | +* You installed the `cluster-compare` plugin. |
| 30 | + |
| 31 | +* You extracted the {rds} reference configuration from the `openshift-telco-hub-rds-rhel9` container image. |
| 32 | + |
| 33 | +.Procedure |
| 34 | + |
| 35 | +. Collect data about your cluster by running the `must-gather` command with the `--all-images` flag: |
| 36 | ++ |
| 37 | +[source,terminal] |
| 38 | +---- |
| 39 | +$ oc adm must-gather --all-images |
| 40 | +---- |
| 41 | ++ |
| 42 | +* The `--all-images` flag ensures that the `must-gather` command collects all the data required by the {rds} reference configuration. |
| 43 | + |
| 44 | +. Collect cluster-scoped resource information by running the following command: |
| 45 | ++ |
| 46 | +[source,terminal] |
| 47 | +---- |
| 48 | +$ oc adm inspect clusterroles,clusterrolebindings,namespaces,nodes --dest-dir=./cluster-scoped |
| 49 | +---- |
| 50 | + |
| 51 | +. Collect Operator and registry configurations by running the following command: |
| 52 | ++ |
| 53 | +[source,terminal] |
| 54 | +---- |
| 55 | +$ oc adm inspect imagedigestmirrorset,imagetagmirrorset,catalogsource,clusterserviceversion,customresourcedefinition,operatorhub --dest-dir=./cluster-config |
| 56 | +---- |
| 57 | + |
| 58 | +. Compare the collected data to a reference configuration by running the following command: |
| 59 | ++ |
| 60 | +[source,terminal] |
| 61 | +---- |
| 62 | +$ oc cluster-compare -r <path_to_reference_config>/metadata.yaml -f "must-gather*/*/cluster-scoped-resources","must-gather*/*/namespaces","cluster-scoped","cluster-config" -R |
| 63 | +---- |
| 64 | ++ |
| 65 | +** `-r` specifies a path to the `metadata.yaml` file of the reference configuration. You can specify a local directory or a URI. |
| 66 | +** `-f` specifies the path to the `must-gather` data directory. You can specify a local directory or a URI. This example restricts the comparison to the relevant cluster configuration directories in the `must-gather` data, and also the `cluster-config` and `cluster-scoped` directories you created. |
| 67 | +** `-R` searches the target directories recursively. |
| 68 | ++ |
| 69 | +.Example output |
| 70 | +[source,terminal] |
| 71 | +---- |
| 72 | +W0309 13:08:01.564387 29400 compare.go:476] Reference Contains Templates With Types (kind) Not Supported By Cluster: AgentServiceConfig, AppProject, Application, Certificate, ClusterIssuer, ClusterLogForwarder, LocalVolume, ManagedClusterSetBinding, MultiClusterEngine, MultiClusterHub, MultiClusterObservability, ObjectBucketClaim, Placement, PlacementBinding, Policy, StorageCluster |
| 73 | +... |
| 74 | +
|
| 75 | +********************************** |
| 76 | +
|
| 77 | +Cluster CR: operator.openshift.io/v1_IngressController_openshift-ingress-operator_default |
| 78 | +Reference File: optional/cert-manager/ingressControllerConfig.yaml |
| 79 | +Diff Output: diff -u -N /tmp/MERGED-3542158379/operator-openshift-io-v1_ingresscontroller_openshift-ingress-operator_default /tmp/LIVE-285048405/operator-openshift-io-v1_ingresscontroller_openshift-ingress-operator_default |
| 80 | +--- /tmp/MERGED-3542158379/operator-openshift-io-v1_ingresscontroller_openshift-ingress-operator_default 2026-03-09 13:09:32.985703558 +0000 |
| 81 | ++++ /tmp/LIVE-285048405/operator-openshift-io-v1_ingresscontroller_openshift-ingress-operator_default 2026-03-09 13:09:32.985703558 +0000 |
| 82 | +@@ -4,5 +4,17 @@ |
| 83 | + name: default |
| 84 | + namespace: openshift-ingress-operator |
| 85 | + spec: |
| 86 | +- defaultCertificate: |
| 87 | +- name: ingress-wildcard-cert |
| 88 | ++ clientTLS: |
| 89 | ++ clientCA: |
| 90 | ++ name: "" |
| 91 | ++ clientCertificatePolicy: "" |
| 92 | ++ closedClientConnectionPolicy: Continue |
| 93 | ++ httpCompression: {} |
| 94 | ++ httpEmptyRequestsPolicy: Respond |
| 95 | ++ httpErrorCodePages: |
| 96 | ++ name: "" |
| 97 | ++ idleConnectionTerminationPolicy: Immediate |
| 98 | ++ replicas: 2 |
| 99 | ++ tuningOptions: |
| 100 | ++ reloadInterval: 0s |
| 101 | ++ unsupportedConfigOverrides: null |
| 102 | +
|
| 103 | +********************************** |
| 104 | +
|
| 105 | +Summary |
| 106 | +CRs with diffs: 5/5 |
| 107 | +CRs in reference missing from the cluster: 43 |
| 108 | +optional-cert-manager: |
| 109 | + cert-manager-apiserver: |
| 110 | + Missing CRs: |
| 111 | + - optional/cert-manager/apiServerCertificate.yaml |
| 112 | + cert-manager-ingress: |
| 113 | + Missing CRs: |
| 114 | + - optional/cert-manager/ingressCertificate.yaml |
| 115 | +
|
| 116 | +... |
| 117 | +
|
| 118 | +No CRs are unmatched to reference CRs |
| 119 | +Metadata Hash: 6297bc738df2373467cc6f5acc3a6aa23f3c3d0b0ce2ac23887d7914a6241d92 |
| 120 | +No patched CRs |
| 121 | +
|
| 122 | +---- |
| 123 | ++ |
| 124 | +* `Cluster CR` shows the CR with a difference from the corresponding template. |
| 125 | +* `Reference File` shows the template file that the tool uses in its comparison with the cluster CR. The output in Linux diff format shows the difference between the template and the cluster CR. |
| 126 | +* `CRs with diffs` shows the number of CRs in the comparison with differences from the corresponding templates. |
| 127 | +* `CRs in reference missing from the cluster` shows the number of CRs represented in the reference configuration, but missing from the live cluster. |
| 128 | +* `Missing CRs` shows the list of CRs represented in the reference configuration, but missing from the live cluster. |
| 129 | +* `No CRs are unmatched to reference CRs` indicates that all CRs in the cluster matched to a corresponding template in the reference configuration. |
| 130 | +* `Metadata Hash` shows the metadata hash that identifies the reference configuration. |
| 131 | +* `No patched CRs` indicates that there are no patched CRs in the cluster. |
0 commit comments