Merge pull request #34533 from StephenJamesSmith/telcodocs-82-custom-resources

TELCODOCS-82: custom-resources

Author: vikram-redhat

modules/ztp-acm-installing-disconnected-rhacm.adoc

@@ -12,6 +12,12 @@ You use {rh-rhacm-first} on a hub cluster in the disconnected environment to man
 * Install the {product-title} CLI (`oc`).
 * Log in as a user with `cluster-admin` privileges.
 * Configure a disconnected mirror registry for use in the cluster.
++
+[NOTE]
+====
+If you want to deploy Operators to the spoke clusters, you must also add them to this registry.
+====
+
 * Enable the disconnected Operator Lifecycle Manager (OLM). {rh-rhacm} is included in the OLM Red Hat Operator catalog. Follow the steps in xref:../operators/admin/olm-restricted-networks.adoc[Using Operator Lifecycle Manager on restricted networks].
 
 .Procedure

modules/ztp-checking-the-managed-cluster-status.adoc

@@ -0,0 +1,66 @@
+// Module included in the following assemblies:
+//
+// *scalability_and_performance/ztp-zero-touch-provisioning.adoc
+
+[id="ztp-checking-the-managed-cluster-status_{context}"]
+= Checking the managed cluster status
+
+Ensure that cluster provisioning was successful by checking the cluster status.
+
+.Prerequisites
+
+* All of the custom resources have been configured and provisioned, and the `Agent`
+custom resource is created on the hub for the managed cluster.
+
+.Procedure
+
+. Check the status of the managed cluster:
++
+[source,terminal]
+----
+$ oc get managedcluster
+----
++
+`True` indicates the managed cluster is ready.
+
+. Check the agent status:
++
+[source,terminal]
+----
+$ oc get agent -n <cluster-name>
+----
+
+. Use the `describe` command to provide an in-depth description of the agent’s condition. Statuses to be aware of include `BackendError`, `InputError`, `ValidationsFailing`, `InstallationFailed`, and `AgentIsConnected`. These statuses are relevant to the `Agent` and `AgentClusterInstall` custom resources.
++
+[source,terminal]
+----
+$ oc describe agent -n <cluster-name>
+----
+
+. Check the cluster provisioning status:
++
+[source,terminal]
+----
+$ oc get agentclusterinstall -n <cluster-name>
+----
+
+. Use the `describe` command to provide an in-depth description of the cluster provisioning status:
++
+[source,terminal]
+----
+$ oc describe agentclusterinstall -n <cluster-name>
+----
+
+. Check the status of the managed cluster’s add-on services:
++
+[source,terminal]
+----
+$ oc get managedclusteraddon -n <cluster-name>
+----
+
+. Retrieve the authentication information of the `kubeconfig` file for the managed cluster:
++
+[source,terminal]
+----
+$ oc get secret -n <cluster-name> <cluster-name>-admin-kubeconfig -o jsonpath={.data.kubeconfig} | base64 -d > <directory>/<cluster-name>-kubeconfig
+----

modules/ztp-configuring-a-static-ip.adoc

@@ -0,0 +1,89 @@
+// Module included in the following assemblies:
+//
+// *scalability_and_performance/ztp-zero-touch-provisioning.adoc
+
+[id="ztp-configuring-a-static-ip_{context}"]
+= Configuring static IP addresses for managed clusters
+
+Optionally, after creating the `AgentClusterInstall` custom resource, you can configure static IP addresses for the managed clusters.
+
+[NOTE]
+====
+You must create this custom resource before creating the `ClusterDeployment` custom resource.
+====
+
+.Prerequisites
+
+* Deploy and configure the `AgentClusterInstall` custom resource.
+
+.Procedure
+
+. Create a `NMStateConfig` custom resource:
++
+[source,yaml]
+----
+apiVersion: agent-install.openshift.io/v1beta1
+kind: NMStateConfig
+metadata:
+ name: <cluster-name>
+ namespace: <cluster-name>
+ labels:
+   sno-cluster-<cluster-name>: <cluster-name>
+spec:
+ config:
+   interfaces:
+     - name: eth0
+       type: ethernet
+       state: up
+       mac-address: <mac-address> <1>
+       ipv4:
+         enabled: true
+         address:
+           - ip: <ip-address> <2>
+             prefix-length: <public-network-prefix> <3>
+         dhcp: false
+   dns-resolver:
+     config:
+       server:
+         - <dns-resolver> <4>
+   routes:
+     config:
+       - destination: 0.0.0.0/0
+         next-hop-address: <gateway> <5>
+         next-hop-interface: eth0
+         table-id: 254
+ interfaces:
+   - name: "eth0" <6>
+     macAddress: <mac-address> <7>
+----
+<1> `mac-address` is the MAC address of the target bare metal machine, that is, the same MAC address used in the `BareMetalHost` resource.
+<2> `ip-address` is the static IP address of the target bare metal machine.
+<3> `public-network-prefix` is the static IP address’s subnet for the target bare metal machine.
+<4> `dns-resolver` is the DNS server for the target bare metal machine.
+<5> `gateway` is the gateway for the target bare metal machine.
+<6> `name` must match the name specified in the `interfaces` section.
+<7> `mac-address` must match the MAC address specified in the `interfaces` section.
+
+. When creating the `InfraEnv` custom resource, reference the label from the `NMStateConfig` custom resource in the `InfraEnv` custom resource:
++
+[source,yaml]
+----
+apiVersion: agent-install.openshift.io/v1beta1
+kind: InfraEnv
+metadata:
+  name: <cluster-name>
+  namespace: <cluster-name>
+spec:
+  clusterRef:
+    name: <cluster-name>
+    namespace: <cluster-name>
+  sshAuthorizedKey: <public-key>
+  agentLabelSelector:
+    matchLabels:
+      cluster-name: <cluster-name>
+  pullSecretRef:
+    name: assisted-deployment-pull-secret
+  nmStateConfigLabelSelector:
+    matchLabels:
+      sno-cluster-<cluster-name>: <cluster-name> # Match this label
+----

modules/ztp-configuring-ipv6.adoc

@@ -0,0 +1,43 @@
+// Module included in the following assemblies:
+//
+// *scalability_and_performance/ztp-zero-touch-provisioning.adoc
+
+[id="ztp-configuring-ipv6_{context}"]
+= Configuring IPv6 addresses for a disconnected environment
+
+Optionally, when you are creating the `AgentClusterInstall` custom resource, you can configure IPV6 addresses for the managed clusters.
+
+.Procedure
+
+. In the `AgentClusterInstall` custom resource, modify the IP addresses in `clusterNetwork` and `serviceNetwork` for IPv6 addresses:
++
+[source,yaml]
+----
+apiVersion: extensions.hive.openshift.io/v1beta1
+kind: AgentClusterInstall
+metadata:
+  # Only include the annotation if using OVN, otherwise omit the annotation
+  annotations:
+    agent-install.openshift.io/install-config-overrides: '{"networking":{"networkType":"OVNKubernetes"}}'
+  name: <cluster-name>
+  namespace: <cluster-name>
+spec:
+  clusterDeploymentRef:
+    name: <cluster-name>
+  imageSetRef:
+    name: <cluster-image-set>
+  networking:
+    clusterNetwork:
+    - cidr: "fd01::/48"
+      hostPrefix: 64
+    machineNetwork:
+    - cidr: <machine-network-cidr>
+    serviceNetwork:
+    - "fd02::/112"
+  provisionRequirements:
+    controlPlaneAgents: 1
+    workerAgents: 0
+  sshPublicKey: <public-key>
+----
+
+. Update the `NMStateConfig` custom resource with the IPv6 addresses you defined.

modules/ztp-configuring-the-cluster-for-a-disconnected-environment.adoc

@@ -0,0 +1,89 @@
+// Module included in the following assemblies:
+//
+// *scalability_and_performance/ztp-zero-touch-provisioning.adoc
+
+[id="ztp-configuring-the-cluster-for-a-disconnected-environment_{context}"]
+= Configuring a managed cluster for a disconnected environment
+
+After you have completed the preceding procedure, follow these steps to configure the managed cluster for a disconnected environment.
+
+.Prerequisites
+
+* A disconnected installation of {rh-rhacm-first} 2.3.
+
+* Host the `rootfs` and `iso` images on an HTTPD server.
+
+.Procedure
+
+. Create a `ConfigMap` containing the mirror registry config:
++
+[source,yaml]
+----
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: assisted-installer-mirror-config
+  namespace: assisted-installer
+  labels:
+    app: assisted-service
+data:
+  ca-bundle.crt: <certificate> <1>
+  registries.conf: |  <2>
+    unqualified-search-registries = ["registry.access.redhat.com", "docker.io"]
+
+    [[registry]]
+      location = <mirror-registry-url>  <3>
+      insecure = false
+      mirror-by-digest-only = true
+----
+<1> `certificate` is the mirror registry’s certificate used when creating the mirror registry.
+<2> `registry-config` is the configuration for the mirror registry.
+<3> `mirror-registry-url` is the URL of the mirror registry.
++
+This updates `mirrorRegistryRef` in the `AgentServiceConfig` custom resource, as shown below:
++
+.Example output
++
+[source,yaml]
+----
+apiVersion: agent-install.openshift.io/v1beta1
+kind: AgentServiceConfig
+metadata:
+  name: agent
+  namespace: assisted-installer
+spec:
+  databaseStorage:
+    volumeName: <db-pv-name>
+    accessModes:
+    - ReadWriteOnce
+    resources:
+      requests:
+        storage: <db-storage-size>
+  filesystemStorage:
+    volumeName: <fs-pv-name>
+    accessModes:
+    - ReadWriteOnce
+    resources:
+      requests:
+        storage: <fs-storage-size>
+  mirrorRegistryRef:
+    name: 'assisted-installer-mirror-config'
+  osImages:
+    - openshiftVersion: <ocp-version>
+      rootfs: <rootfs-url> <1>
+      url: <iso-url> <1>
+EOF
+----
+<1> `rootfs-url` and the `iso-url` must match the URLs of the HTTPD server.
+
+. For disconnected installations, you must deploy an NTP clock that is reachable through the disconnected network.
+You can do this by configuring chrony to act as server, editing the `/etc/chrony.conf` file, and adding the following allowed IPv6 range:
++
+[source,yaml]
+----
+# Allow NTP client access from local network.
+#allow 192.168.0.0/16
+local stratum 10
+bindcmdaddress ::
+allow 2620:52:0:1310::/64
+----