Working with OCM

Open Cluster Management (OCM) is a powerful multi-cluster tool which allows you to connect your managed clusters to the control plane, even if the managed cluster is not directly accessible from the control plane. It is especially useful when your managed clusters and your control plane locate in different VPCs.

This section will introduce how to use OCM with KubeVela.

The installation of OCM is directly available through vela addon. There are two addons you need to install if you want to use KubeVela with OCM.

  1. vela addon enable ocm-hub-control-plane

This addon allows you to use the basic capabilities provided by OCM. For example, you can create OCM ManifestWorks to dispatch resources directly. But KubeVela will not use OCM for its application management for now.

  1. vela addon enable ocm-gateway-manager-addon

Enabling the second addon will allow you to let KubeVela use the underlying OCM managed clusters through cluster gateway.

You can use vela cluster join -t ocm command to join cluster through OCM ManagedCluster. Notice that, compared to normal vela cluster join, joining OCM ManagedCluster does not need your managed cluster APIServer to be accessible from the hub control plane. But you need to make sure your managed cluster could access the KAS (kube-apiserver) of the hub control plane.

  1. # This command needs to use the kubeconfig of the control plane where KubeVela lives.
  2. $ vela cluster join managed-cluster.kubeconfig -t ocm --name ocm-cluster
  3. Successfully prepared registration config.
  4. Registration operator successfully deployed.
  5. Registration agent successfully deployed.
  6. Successfully found corresponding CSR from the agent.
  7. Approving the CSR for cluster "ocm-cluster".
  8. Successfully add cluster ocm-cluster, endpoint: https://127.0.0.1:6443.

After that, you need to wait for some time (usually several minutes) for all the related OCM agents to be ready.

  1. # Change ocm-cluster to your cluster name.
  2. $ kubectl get managedclusteraddons -n ocm-cluster
  3. NAME AVAILABLE DEGRADED PROGRESSING
  4. cluster-proxy True
  5. managed-serviceaccount True
  6. cluster-gateway True

If any ManagedClusterAddons failed to be available, you might need to check if all the OCM related pods are running healthy. Feel free to raise issues or discussions on KubeVela Github Repo.

Now you can validate everything is ready through vela cluster probe.

  1. $ vela cluster probe ocm-cluster
  2. Connect to cluster ocm-cluster successfully.
  3. ok

Perfect! You can now use the joined OCM managed cluster in KubeVela just as a normal cluster.

  1. $ cat <<EOF | vela up -f -
  2. apiVersion: core.oam.dev/v1beta1
  3. kind: Application
  4. metadata:
  5. name: example-app
  6. namespace: default
  7. spec:
  8. components:
  9. - name: hello-world
  10. properties:
  11. image: crccheck/hello-world
  12. type: webservice
  13. policies:
  14. - name: ocm-cluster
  15. properties:
  16. clusters: ["ocm-cluster"]
  17. type: topology
  18. EOF
  1. $ vela status example-app
  2. About:
  3. Name: example-app
  4. Namespace: default
  5. Created at: 2022-06-14 21:10:46 +0800 CST
  6. Status: running
  7. Workflow:
  8. mode: DAG
  9. finished: true
  10. Suspend: false
  11. Terminated: false
  12. Steps
  13. - id:vl17hfpjtv
  14. name:deploy-ocm-cluster
  15. type:deploy
  16. phase:succeeded
  17. message:
  18. Services:
  19. - Name: hello-world
  20. Cluster: ocm-cluster Namespace: default
  21. Type: webservice
  22. Healthy Ready:1/1
  23. No trait applied

For more information about using KubeVela with OCM, you could refer to the following materials.

Last updated on Aug 4, 2023 by Daniel Higuero