Open tumido opened 3 years ago
All in UI, declarative management is possible. The provider connection translates to a secret in selected namespace, we can map it to ArgoCD.
Creating a cluster creates a new namespace on the management (hub) cluster. This new namespace is named the same as the cluster (beware of reusing a name of an existing namespace for the cluster, I have no idea how that would behave).
This new namespace contains some secrets which contains (among others):
kubeadmin:password
kubeconfig
It takes about 30 mins to install and prepare a cluster.
ACM has quite granular, though complicated RBAC https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.1/html/security/security#overview-of-roles
We currently have few cluster-admin
s, though we might need to expand this and allow people to manage/view certain clusters. The complication in this is due to the namespace ~ cluster mapping on the hub cluster. For user to view a certain cluster it requires him to be given a cluster role + namespace access.
We'll need to define policies if we want to go multi-cluster. I imagine we can have common policies for clusters running ODH, for Kubeflow clusters etc..
Samples available at the policy catalog (including community policies), might be a good inspiration for us. https://github.com/open-cluster-management/policy-collection
Tracking issue for learning the ropes of ACM.