ARO-RP/docs/shared-cluster.md

Shared Cluster

The shared cluster now lives in the AME tenant. We have access to credentials to use the cluster, but any "operational" action must go through JIT and the Azure Portal.

Overview

The following diagram is the overview of where our shared cluster lives, and how we access it.

• Here is a link to the living lucid chart diagram: here

Diagram

Authentication

You can use either to authenticate to the cluster:

• Make secrets, get and set KUBECONFIG, assuming env sources secrets/env:

SECRET_SA_ACCOUNT_NAME=rharosecretsdev make secrets;
. ./env;

az aro get-admin-kubeconfig \
    --name $SHARED_CLUSTER_NAME \
    --resource-group $SHARED_CLUSTER_RESOURCE_GROUP_NAME \
    --file shared-cluster.admin.kubeconfig;

export KUBECONFIG=shared-cluster.admin.kubeconfig

• Get details from AZ and use oc login, assuming you are logged in to the RH tenant:

make shared-cluster-login

Creating / Deleting the Shared Cluster

The shared cluster is for general use and experimentation. All the related details for it can be found in the secrets (look for the prefix SHARED_CLUSTER_). Note that there is no guarantee that it is in a "good state".

Create / Delete

To create/ delete/ administer the cluster from az cli you must have proper permissions (JIT in the case of AME).

The following commands assume the same secrets as above.

• Create:

make shared-cluster-create

• Delete:

make shared-cluster-delete