Skip to content

feat: multicluster support #56

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

feat: multicluster support #56

wants to merge 6 commits into from

Conversation

butler54
Copy link
Collaborator

  • feat: allow the use of self-signed certificates with trustee
  • chore: ansible linting
  • chore: ansible docs
  • fix: linting
  • feat: add multicluster support
  • fix: update global pattern
  • fix: add cert manager operator back in
  • fix: correct hub-to-spoke

@butler54 butler54 changed the title generalize secrets feat: multicluster support Sep 17, 2025
@butler54
Copy link
Collaborator Author

#55 needs to be merged first then this needs to be rebased

@butler54 butler54 requested a review from sabre1041 September 22, 2025 14:16
@butler54
feat: enable multi-cluster support as an option in the pattern
ac803d1 
Signed-off-by: Chris Butler <chris.butler@redhat.com>
@butler54
Merge branch 'main' into generalize-secrets
a0d25ab
@butler54
chore: markdown linting fixes
f46a708 
Signed-off-by: Chris Butler <chris.butler@redhat.com>
@butler54
chore: black linting errors
952c432 
Signed-off-by: Chris Butler <chris.butler@redhat.com>
@butler54
chore: remediate linting errors
ab6cb41 
Signed-off-by: Chris Butler <chris.butler@redhat.com>
@butler54
fix: add support for no secret store backend
1d199ed 
Signed-off-by: Chris Butler <chris.butler@redhat.com>
@sabre1041
Copy link
Collaborator

@butler54 Deployed the pattern. Some comments based on my deployment

  • Two clusters (hub and spoke) deployed successfully
  • Spoke is very vanilla without any content deployed
  • ACM deployed to the hub. But, the spoke was not added as a managed cluster
  • Hub has two argo instances deployed. Spoke has no argo instances

@butler54
Copy link
Collaborator Author

butler54 commented Oct 7, 2025

@butler54 Deployed the pattern. Some comments based on my deployment

  • Two clusters (hub and spoke) deployed successfully
  • Spoke is very vanilla without any content deployed
  • ACM deployed to the hub. But, the spoke was not added as a managed cluster
  • Hub has two argo instances deployed. Spoke has no argo instances

Okay so this is my fault - looks like we have two paths:

  1. Update README (required anyway)
  2. Update the wrapper-multicluster.sh script to onboard the cluster to the hub cluster.

I'll take that on as it's a requirement.

beraldoleal
beraldoleal reviewed Oct 9, 2025
View reviewed changes
Copy link
Collaborator

@beraldoleal beraldoleal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @butler54, I'm finally here.

Heads up, I tend to review commit-by-commit (old upstream habits die hard), so the large initial commit followed by chore commits was a bit annoying to navigate. Please, take it as a nit, feel free to ignore for this PR. Just thinking ahead to the helm repo split where smaller commits will help with more contributors.

values-trusted-hub.yaml
playbook: ansible/init-data-gzipper.yaml
verbosity: -vvv
timeout: 3600
managedClusterGroups:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not an ACM user... but I was expecting an application list here as well.

rhdp/wrapper-multicluster.sh

if [ $SPOKE_EXIT_CODE -eq 0 ]; then
echo "Spoke cluster (coco-spoke) kubeconfig: $(pwd)/openshift-install-spoke/auth/kubeconfig"
echo "Both clusters deployed successfully!"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we should import spoke into ACM here? I was expecting something like:

oc apply -f - <<EOF
      apiVersion: cluster.open-cluster-management.io/v1
      kind: ManagedCluster
      metadata:
        name: coco-spoke
        labels:
          clusterGroup: untrusted-spoke
      spec:
        hubAcceptsClient: true
EOF

charts/hub/sandbox-policies/README.md
@@ -1,5 +1,3 @@
# Sandboxed policies
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This commit could be squashed with ac803d1be8f411d1fe9e066598bec79d68239ed9

rhdp/rhdp-cluster-define.py
#
# SPDX-License-Identifier: Apache-2.0
import json
import os
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same with this one: ac803d1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@beraldoleal beraldoleal beraldoleal left review comments

@sabre1041 sabre1041 Awaiting requested review from sabre1041

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@butler54 @sabre1041 @beraldoleal