Validated Patterns

Having a production cluster join the hub

Introduction

Production clusters need to be secured and so one part of the deployment is to install the Advanced Cluster Security operator with a secured configuration. This allows ACS central to monitor and report on security issues on the cluster. ACS secured sites report to an ACS Central application that is deployed on the hub.

Allow ACM to deploy the production application to a subset of secured clusters

By default the production applications are deployed on all prod clusters that ACM knows about.

  - name: secured
    helmOverrides:
    - name: clusterGroup.isHubCluster
      value: "false"
    clusterSelector:
      matchLabels:
        clusterGroup: prod
      matchExpressions:
      - key: vendor
        operator: In
        values:
          - OpenShift

Remember to commit the changes and push to GitHub so that GitOps can see your changes and apply them.

Deploy a Production (prod) cluster

For instructions on how to prepare and import a production (prod) cluster please read the section importing a cluster. Use clusterGroup=prod.

You are done importing the production cluster

That’s it! Go to your production OpenShift console and check for the open-cluster-management-agent pod being launched. Be patient, it will take a while for the ACM agent and agent-addons to launch. After that, the operator OpenShift GitOps will run. When it’s finished coming up launch the OpenShift GitOps (ArgoCD) console from the top right of the OpenShift console.

GitOps Dashboard prod

Next up

Work your way through the Multicluster DevSecOps GitOps/DevOps demos (TBD)

QUICKLINKS

CONTRIBUTE

STAY IN TOUCH

Validated Patterns

Validated Patterns are an evolution of how you deploy applications in a hybrid cloud. With a pattern, you can automatically deploy a full application stack through a GitOps-based framework. With this framework, you can create business-centric solutions while maintaining a level of Continuous Integration (CI) over your application.