OpenShift Hive — API driven OpenShift cluster provisioning and management operator

Bernd Malmqvist
Feb 2 · 2 min read

RedHat invited me and my colleague Matt to speak at RedHat OpenShift Commons in London about the API driven OpenShift cluster provisioning and management operator called OpenShift Hive. We have been using OpenShift Hive for the past few months to provision and manage the OpenShift 4 estate across multiple environments. Below the video recording of our talk at OpenShift Commons London:

The Hive operator requires to run on a separate Kubernetes cluster to centrally provision and manage the OpenShift 4 clusters. With Hive you can manage hundreds of cluster deployments and configuration with a single operator. There is nothing required on the OpenShift 4 clusters itself, Hive only requires access to the cluster API:

The ClusterDeployment custom resource is the definition for the cluster specs, similar to the openshift-installer install-config where you define cluster specifications, cloud credential and image pull secrets. Below is an example of the ClusterDeployment manifest:

---
apiVersion: hive.openshift.io/v1
kind: ClusterDeployment
metadata:
name: mycluster
namespace: mynamespace
spec:
baseDomain: hive.example.com
clusterName: mycluster
platform:
aws:
credentialsSecretRef:
name: mycluster-aws-creds
region: eu-west-1
provisioning:
imageSetRef:
name: openshift-v4.3.0
installConfigSecretRef:
name: mycluster-install-config
sshPrivateKeySecretRef:
name: mycluster-ssh-key
pullSecretRef:
name: mycluster-pull-secret

The SyncSet custom resource is defining the configuration and is able to regularly reconcile the manifests to keep all clusters synchronised. With SyncSets you can apply resources and patches as you see in the example below:

---
apiVersion: hive.openshift.io/v1
kind: SyncSet
metadata:
name: mygroup
spec:
clusterDeploymentRefs:
- name: ClusterName
resourceApplyMode: Upsert
resources:
- apiVersion: user.openshift.io/v1
kind: Group
metadata:
name: mygroup
users:
- myuser
patches:
- kind: ConfigMap
apiVersion: v1
name: foo
namespace: default
patch: |-
{ "data": { "foo": "new-bar" } }
patchType: merge
secretReferences:
- source:
name: ad-bind-password
namespace: default
target:
name: ad-bind-password
namespace: openshift-config

Depending of the amount of resource and patches you want to apply, a SyncSet can get pretty large and is not very easy to manage. My colleague Matt wrote a SyncSet Generator, please check this Github repository.

In one of my next articles I will go into more detail on how to deploy OpenShift Hive and I’ll provide more examples of how to use ClusterDeployment and SyncSets. In the meantime please check out the OpenShift Hive repository for more details, additionally here are links to the Hive documentation on using Hive and Syncsets.


Originally published at techbloc.net.

Bernd Malmqvist

Written by

Highly versatile Senior technical Lead Engineer, I am a consummate and competent qualified IT Professional specialising in distributed systems

More From Medium

Also tagged Gitops

Also tagged Gitops

Under the Hood of GitOps

Apr 5 · 7 min read

2

Top on Medium

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade