Installing Klusterlet on IBM Cloud Private with OpenShift

After you set up your IBM Multicloud Manager hub-cluster, you can install Klusterlet on IBM Cloud Private with OpenShift to manage your OpenShift clusters.

• Prerequisites
• Loading the IBM Multicloud Manager PPA archive
• Prepare for installation
• Installing the IBM Multicloud Manager Klusterlet

Prerequisites

• You must have access to an IBM Cloud Private environment on Red Hat OpenShift. For more information about IBM Cloud Private with OpenShift and setting up your environment, see the IBM Cloud Private with OpenShift overview.

• You must install Docker. To install Docker, see Install Docker .

• You need to install the Kubernetes command line tool, kubectl. To install kubectl, see Install and Set Up kubectl .

• You must install Helm. For more information, see Installing the Helm CLI (helm) for IBM Cloud Private to install Helm.

• You must install the IBM Cloud Private CLI, cloudctl. For more information, see Installing the IBM Cloud Private CLI to install the CLI.

• You must install the OpenShift CLI, oc. For more information see Get Started with the CLI.

  You can download the installation file for CLI tools from the IBM Cloud Private management console.

  Note: You need the IBM Cloud Private monitoring service enabled when you install IBM Multicloud Manager and IBM Multicloud Manager Klusterlet on IBM Cloud Private.

Loading the IBM Multicloud Manager PPA archive

1. From the master node, run the following command to log into the OpenShift cluster with an administrator account.

   oc login
   

2. Run the following command to log in to the OpenShift Docker image registry, where $(oc whoami -t) is used to obtain your user token:

   docker login -u <username> -p $(oc whoami -t) docker-registry.default.svc:5000
   

3. Log in to the IBM Cloud Private CLI with cloudctl to configure helm and kubectl.

   cloudctl login -a https://<cluster_ca_domain>:<router_https_port> --skip-ssl-validation
   

   Note: Find your <router_https_port> in the cluster config.yaml file that you used for IBM Cloud Private installation.

4. Load the Passport Advantage (PPA) archive.

   Run the following command to unpack the archive:

   tar zxvf mcm-3.1.2-klusterlet-rhel.tgz
   

   Then, run the following command to load the PPA archive:

   cloudctl catalog load-ppa-archive -a mcm-3.1.2-klusterlet-rhel/mcm-ppa-3.1.2-klusterlet-rhel.tgz --registry docker-registry.default.svc:5000/kube-system
   

5. From the IBM Cloud Private management console, search to validate that the following Helm charts were loaded to Catalog:

   • ibm-mcmk-prod

     Now you are ready to prepare for installation.

Prepare for installation

1. Obtain information from the hub-cluster to prepare for Klusterlet installation.

   • Log in to the IBM Cloud Private management console of your hub-cluster.

2. Select the user icon, then click Configure client. Verify that the cluster configuration details display and resemble the following output, which includes the URL and the token that you need to finish installation:

   kubectl config set-cluster {cluster_name} --server=https://<Cluster Master Host>:8001 --insecure-skip-tls-verify=true
   kubectl config set-context {cluster_name}-context --cluster={cluster_name}
   kubectl config set-credentials {cluster_name}-user --token={token}
   kubectl config set-context {cluster_name}-context --user={cluster_name}-user --namespace=default
   kubectl config use-context {cluster_name}-context
   

   Where, <Cluster Master Host> is defined in Master endpoint.

3. Obtain the Kubernetes API Server URL <hub_cluster_url> from the output of step 2, which you need for Klusterlet installation:

   kubectl config set-cluster {cluster_name} --server=https://<Cluster Master Host>:8001 --insecure-skip-tls-verify=true
   

   The value https://<Cluster Master Host>:8001 after --server= is the Kubernetes API Server URL <hub_cluster_url>.

4. Obtain the Kubernetes API Server token <hub_cluster_token> from the output of step 2:

   kubectl config set-credentials {cluster_name}-user --token={token}
   

   The value {token} after --token= is the Kubernetes API Server token <hub_cluster_token>.

5. Ensure that all nodes in the cluster have access to the tiller-deploy service on the master node.

   If other nodes do not have access, add a firewall rule to allow access to the tiller-deploy service port. Run the following command:

    sudo iptables -A OS_FIREWALL_ALLOW  -m state --state NEW -p tcp --dport 44134 -j ACCEPT
   

6. Weave Scope Probe is used by the Klusterlet to gather topology information. Run the following command to add the privileged security context to the default service account in namespace.

    oc project kube-system
    oc adm policy add-scc-to-user privileged -z default
   

7. Define a hostname in DNS to be used for Klusterlet Ingress. The hostname might resolve to the IBM Cloud Private . You might need to contact your network administrator to define a hostname in DNS.

Installing the IBM Multicloud Manager Klusterlet

The IBM Multicloud Manager Klusterlet is installed the IBM Cloud Private cluster that you want to manage with IBM Multicloud Manager.

1. Log in to the IBM Cloud Private management console of your target cluster.

2. Click Catalog.

3. Search for and select the ibm-mcmk-prod Helm Chart.

4. Click Configure.

5. Configure the following required parameters:

   • Helm release name:<helm_release_name> is the name of the Helm release.
   • Target namespace:kube-system is the required name for target namespace.
   • Cluster Name:<cluster_name> is the name for the clusters that are managed, identified with kubectl get clusters --all-namespaces as your managed-clusters .
   • Cluster Namespace:<cluster_namespace> is used to assign resources to the cluster within the namespace. This namespace is created automatically on both the hub-cluster and managed-cluster. This namespace is different from the Multicloud Manager Namespace in the ibm-mcm-prod chart.
   • Hub Cluster Kubernetes API Server:<hub_cluster_url> is the Kubernetes API Server Endpoint for the hub-cluster, see the previous Prepare for installation section.
   • Hub Cluster Kubernetes API server token: <hub_cluster_token> is the Kubernetes API Server Token for the hub-cluster, used for the Klusterlet to communicate with the hub-cluster. See the Prepare for installation section.
   • Tiller Username: Username that the Klusterlet uses to communicate with tiller-deploy service to deploy Helm charts.

6. Configure the {site.data.keyword.klust}} ingress information:

   • Klusterlet ingress host: Defined hostname in DNS that is used for Klusterlet Ingress.
   • {site.data.keyword.klust}} ingress port: Ingress HTTPS port of the IBM Cloud Private cluster.

7. Configure the following optional parameters, which are used to describe the cluster and can be selectors when you assign a resource to the cluster:

   • Cluster Cloud Provider
   • Kubernetes Vendor
   • Cluster Environment Type
   • Cluster Region
   • Cluster Datacenter
   • Cluster Owner

8. Read and agree to the License agreement.

9. Click Install to deploy ibm-mcmk-prod Helm chart.

Navigate to the IBM Multicloud Manager management console on your hub-cluster. Click Clusters from the menu and verify that your cluster is displayed.