Chapter 6. Creating a provider connection

A provider connection is required to create a Red Hat OpenShift Container Platform cluster on a cloud service provider with Red Hat Advanced Cluster Management for Kubernetes.

The provider connection stores the access credentials and configuration information for a provider. Each provider account requires its own provider connection, as does each domain on a single provider.

The following files detail the information that is required for creating a connection document for each supported provider:

6.1. Creating a provider connection for Amazon Web Services

You need a provider connection to use Red Hat Advanced Cluster Management for Kubernetes console to deploy and manage an OpenShift cluster on Amazon Web Services (AWS).

Note: This procedure must be done before you can create a cluster with Red Hat Advanced Cluster Management for Kubernetes.

6.1.1. Prerequisites

You must have the following prerequisites before creating a provider connection:

  • A deployed Red Hat Advanced Cluster Management for Kubernetes hub cluster
  • Internet access for your Red Hat Advanced Cluster Management for Kubernetes hub cluster so it can create the Kubernetes cluster on Amazon Web Services
  • Amazon Web Services (AWS) login credentials, which include access key ID and secret access key. See Understanding and getting your security credentials.
  • Account permissions that allow installing clusters on AWS. See Configuring an AWS account for instructions on how to configure.

6.1.2. Creating a provider connection by using the console

To create a provider connection from the Red Hat Advanced Cluster Management for Kubernetes console, complete the following steps:

  1. From the navigation menu, navigate to Automate infrastructure > Clusters.

  2. On the Clusters page, select the Provider connections tab.

    Existing provider connections are displayed.

  3. Select Add a connection.
  4. Select Amazon Web Services as your provider.
  5. Add a name for your provider connection.

  6. Select a namespace for your provider connection from the list.

    Tip:: Create a namespace specifically to host your provider connections, both for convenience and added security.

  7. You can optionally add a Base DNS domain for your provider connection. If you add the base DNS domain to the provider connection, it is automatically populated in the correct field when you create a cluster with this provider connection.
  8. Add your AWS Access Key ID for your Amazon Web Services account. Log in to AWS to find the ID.
  9. Add your AWS Secret Access Key.
  10. Enter your Red Hat OpenShift Pull Secret. You can download your pull secret from Pull secret.
  11. Add your SSH Private Key and SSH Public Key, which allows you to connect to the cluster. You can use an existing key pair, or create a new one with key generation program. See Generating an SSH private key and adding it to the agent for more information about how to generate a key.
  12. Click Create. When you create the provider connection, it is added to the list of provider connections.

You can create a cluster that uses this provider connection by completing the steps in Creating a cluster on Amazon Web Services.

6.1.3. Deleting your provider connection

When you are no longer managing a cluster that is using a provider connection, delete the provider connection to protect the information in the provider connection.

  1. From the navigation menu, navigate to Automate infrastructure > Clusters.
  2. Select Provider connections.
  3. Select the options menu beside the provider connection that you want to delete.
  4. Select Delete connection.

6.2. Creating a provider connection for Microsoft Azure

You need a provider connection to use Red Hat Advanced Cluster Management for Kubernetes console to create and manage a Red Hat OpenShift Container Platform cluster on Microsoft Azure.

Note: This procedure is a prerequisite for creating a cluster with Red Hat Advanced Cluster Management for Kubernetes.

6.2.1. Prerequisites

You must have the following prerequisites before creating a provider connection:

  • A deployed Red Hat Advanced Cluster Management for Kubernetes hub cluster
  • Internet access for your Red Hat Advanced Cluster Management for Kubernetes hub cluster so that it can create the Kubernetes cluster on Azure
  • Azure login credentials, which include your Base Domain Resource Group and Azure Service Principal JSON. See azure.microsoft.com.
  • Account permissions that allow installing clusters on Azure. See How to configure Cloud Services and Configuring an Azure account for more information.

6.2.2. Creating a provider connection by using the console

To create a provider connection from the Red Hat Advanced Cluster Management for Kubernetes console, complete the following steps:

  1. From the navigation menu, navigate to Automate infrastructure > Clusters.

  2. On the Clusters page, select the Provider connections tab.

    Existing provider connections are displayed.

  3. Select Add a connection.
  4. Select Microsoft Azure as your provider.
  5. Add a name for your provider connection.

  6. Select a namespace for your provider connection from the list.

    Tip:: You can create a namespace specifically to host your provider connections, both for convenience and added security.

  7. You can optionally add a Base DNS domain for your provider connection. If you add the base DNS domain to the provider connection, it is automatically populated in the correct field when you create a cluster with this provider connection.
  8. Add your Base Domain Resource Group Name for your Azure account. This entry is the resource name that you created with your Azure account. You can find your Base Domain Resource Group Name by selecting Home > DNS Zones in the Azure interface. Your Base Domain Resource Group name is in the Resource Group column of the entry that contains the Base DNS domain that applies to your account.

  9. Add your Client ID. This value is generated as the appId property when you create a service principal with the following command: 

    az ad sp create-for-rbac --role Contributor --name <service_principal>

    Replace service_principal with the name of your service principal.

  10. Add your Client Secret. This value is generated as the password property when you create a service principal with the following command: 

    az ad sp create-for-rbac --role Contributor --name <service_principal>

    Replace service_principal with the name of your service principal.

  11. Add your Subscription ID. This value is the id property in the output of the following command: 

    az account show

  12. Add your Tenant ID. This value is the tenantId property in the output of the following command: 

    az account show
  13. Enter your Red Hat OpenShift Pull Secret. You can download your pull secret from Pull secret.
  14. Add your SSH Private Key and SSH Public Key to use to connect to the cluster. You can use an existing key pair, or create a new pair using a key generation program. See Generating an SSH private key and adding it to the agent for more information about how to generate a key.
  15. Click Create. When you create the provider connection, it is added to the list of provider connections.

You can create a cluster that uses this provider connection by completing the steps in Creating a cluster on Microsoft Azure.

6.2.3. Deleting your provider connection

When you are no longer managing a cluster that is using a provider connection, delete the provider connection to protect the information in the provider connection.

  1. From the navigation menu, navigate to Automate infrastructure > Clusters.
  2. Select Provider connections.
  3. Select the options menu for the provider connection that you want to delete.
  4. Select Delete connection.

6.3. Creating a provider connection for Google Cloud Platform

You need a provider connection to use Red Hat Advanced Cluster Management for Kubernetes console to create and manage a Red Hat OpenShift Container Platform cluster on Google Cloud Platform (GCP).

Note: This procedure is a prerequisite for creating a cluster with Red Hat Advanced Cluster Management for Kubernetes.

6.3.1. Prerequisites

You must have the following prerequisites before creating a provider connection:

  • A deployed Red Hat Advanced Cluster Management for Kubernetes hub cluster
  • Internet access for your Red Hat Advanced Cluster Management for Kubernetes hub cluster so it can create the Kubernetes cluster on GCP
  • GCP login credentials, which include user Google Cloud Platform Project ID and Google Cloud Platform service account JSON key. See Creating and managing projects.
  • Account permissions that allow installing clusters on GCP. See Configuring a GCP project for instructions on how to configure an account.

6.3.2. Creating a provider connection by using the console

To create a provider connection from the Red Hat Advanced Cluster Management for Kubernetes console, complete the following steps:

  1. From the navigation menu, navigate to Automate infrastructure > Clusters.

  2. On the Clusters page, select the Provider connections tab.

    Existing provider connections are displayed.

  3. Select Add a connection.
  4. Select Google Cloud Platform as your provider.
  5. Add a name for your provider connection.

  6. Select a namespace for your provider connection from the list.

    Tip:: Create a namespace specifically to host your provider connections, for both convenience and security.

  7. You can optionally add a Base DNS domain for your provider connection. If you add the base DNS domain to the provider connection, it is automatically populated in the correct field when you create a cluster with this provider connection.
  8. Add your Google Cloud Platform Project ID for your GCP account. Log in to GCP to retrieve your settings.

  9. Add your Google Cloud Platform service account JSON key. Complete the following steps to create one with the correct permissions:

    1. In the GCP main menu, select IAM & Admin and start the Service Accounts applet
    2. Select Create Service Account.
    3. Provide the Name, Service account ID, and Description of your service account.
    4. Select Create to create the service account.
    5. Select a role of Owner, and click Continue.
    6. Click Create Key
    7. Select JSON, and click Create.
    8. Save the resulting file to your computer.
    9. Provide the contents for the Google Cloud Platform service account JSON key.
  10. Enter your Red Hat OpenShift Pull Secret. You can download your pull secret from Pull secret.
  11. Add your SSH Private Key and SSH Public Key so you can access the cluster. You can use an existing key pair, or create a new pair using a key generation program. See Generating an SSH private key and adding it to the agent for more information about how to generate a key.
  12. Click Create. When you create the provider connection, it is added to the list of provider connections.

You can use this connection when you create a cluster by completing the steps in Creating a cluster on Google Cloud Platform.

6.3.3. Deleting your provider connection

When you are no longer managing a cluster that is using a provider connection, delete the provider connection to protect the information in the provider connection.

  1. From the navigation menu, navigate to Automate infrastructure > Clusters.
  2. Select Provider connections.
  3. Select the options menu beside the provider connection that you want to delete.
  4. Select Delete connection.

6.4. Creating a provider connection for VMware vSphere

You need a provider connection to use Red Hat Advanced Cluster Management for Kubernetes console to deploy and manage a Red Hat OpenShift Container Platform cluster on VMware vSphere. Note: Only OpenShift Container Platform versions 4.5.x, and later, are supported.

Note: This procedure must be done before you can create a cluster with Red Hat Advanced Cluster Management.

6.4.1. Prerequisites

You must have the following prerequisites before you create a provider connection:

  • A deployed Red Hat Advanced Cluster Management hub cluster on OpenShift Container Platform version 4.5, or later.
  • Internet access for your Red Hat Advanced Cluster Management hub cluster so it can create the Kubernetes cluster on VMware vSphere.

  • VMware vSphere login credentials and vCenter requirements configured for OpenShift Container Platform when using installer-provisioned infrastructure. See Installing a cluster on vSphere. These credentials include the following information:

    • vCenter account privileges.
    • Cluster resources.
    • DHCP available.
    • ESXi hosts have time synchronized (for example, NTP).

6.4.2. Creating a provider connection by using the console

To create a provider connection from the Red Hat Advanced Cluster Management console, complete the following steps:

  1. From the navigation menu, navigate to Automate infrastructure > Clusters.

  2. On the Clusters page, select the Provider connections tab.

    Existing provider connections are displayed.

  3. Select Add a connection.
  4. Select VMware vSphere as your provider.
  5. Add a name for your provider connection.

  6. Select a namespace for your provider connection from the list.

    Tip: Create a namespace specifically to host your provider connections, for both convenience and added security.

  7. You can optionally add a Base DNS domain for your provider connection. If you add the base DNS domain to the provider connection, it is automatically populated in the correct field when you create a cluster with this provider connection.
  8. Add your VMware vCenter server fully-qualified host name or IP address. The value must be defined in the vCenter server root CA certificate. If possible, use the fully-qualified host name.
  9. Add your VMware vCenter username.
  10. Add your VMware vCenter password.

  11. Add your VMware vCenter root CA certificate.

    1. You can download your certificate in the download.zip package with the certificate from your VMware vCenter server at: https://<vCenter_address>/certs/download.zip. Replace vCenter_address with the address to your vCenter server.
    2. Unpackage the download.zip.

    3. Use the certificate from the certs/<platform> directory that has a .0 extension. Tip: You can use the ls certs/<platform> command to list all of the available certificates for your platform.

      Replace <platform> with the abbreviation for your platform: lin, mac, or win.

      For example: certs/lin/3a343545.0

  12. Add your VMware vSphere cluster name.
  13. Add your VMware vSphere datacenter.
  14. Add your VMware vSphere default datastore.
  15. Enter your Red Hat OpenShift Pull Secret. You can download your pull secret from Pull secret.
  16. Add your SSH Private Key and SSH Public Key, which allows you to connect to the cluster. You can use an existing key pair, or create a new one with key generation program. See Generating an SSH private key and adding it to the agent for more information.
  17. Click Create. When you create the provider connection, it is added to the list of provider connections.

You can create a cluster that uses this provider connection by completing the steps in Creating a cluster on VMware vSphere.

6.4.3. Deleting your provider connection

When you are no longer managing a cluster that is using a provider connection, delete the provider connection to protect the information in the provider connection.

  1. From the navigation menu, navigate to Automate infrastructure > Clusters.
  2. Select Provider connections.
  3. Select the options menu beside the provider connection that you want to delete.
  4. Select Delete connection.

6.5. Creating a provider connection for bare metal

You need a provider connection to use Red Hat Advanced Cluster Management for Kubernetes console to deploy and manage a Red Hat OpenShift Container Platform cluster in a bare metal environment.

6.5.1. Prerequisites

You need the following prerequisites before creating a provider connection:

  • A Red Hat Advanced Cluster Management for Kubernetes hub cluster that is deployed. When managing bare metal clusters, you must have the hub cluster installed on Red Hat OpenShift Container Platform version 4.5, or later.
  • Internet access for your Red Hat Advanced Cluster Management for Kubernetes hub cluster so it can create the Kubernetes cluster on your bare metal server.
  • Your bare metal server login credentials, which include the libvirt URI, SSH Private Key, and a list of SSH known hosts; see Generating an SSH private key and adding it to the agent
  • Account permissions that allow installing clusters on the bare metal infrastructure.

6.5.2. Creating a provider connection by using the console

To create a provider connection from the Red Hat Advanced Cluster Management for Kubernetes console, complete the following steps:

  1. From the navigation menu, navigate to Automate infrastructure > Clusters.

  2. On the Clusters page, select the Provider connections tab.

    Existing provider connections are displayed.

  3. Select Add connection.
  4. Select Bare metal as your provider.
  5. Add a name for your provider connection.

  6. Select a namespace for your provider connection from the list.

    Tip: Create a namespace specifically to host your provider connections, both for convenience and added security.

  7. You can optionally add a Base DNS domain for your provider connection. If you add the base DNS domain to the provider connection, it is automatically populated in the correct field when you create a cluster with this provider connection.
  8. Add your libvirt URI. See Connection URIs for more information.
  9. Enter your Red Hat OpenShift Pull Secret. You can download your pull secret from Pull secret.
  10. Add your SSH Private Key and your SSH Public Key so you can access the cluster. You can use an existing key, or use a key generation program to create a new one. See Generating an SSH private key and adding it to the agent for more information about how to generate a key.
  11. Add a list of your SSH known hosts.

  12. For disconnected installations only: Complete the fields in the Configuration for disconnected installation subsection with the required information:

    • Image Registry Mirror: This value contains the disconnected registry path. The path contains the hostname, port, and repository path to all of the installation images for disconnected installations. Example: repository.com:5000/openshift/ocp-release.

      The path creates an image content source policy mapping in the install-config.yaml to the Red Hat OpenShift Container Platform release images. As an example, repository.com:5000 produces this imageContentSource content: 

      imageContentSources:
- mirrors:
  - registry.example.com:5000/ocp4
  source: quay.io/openshift-release-dev/ocp-release-nightly
- mirrors:
  - registry.example.com:5000/ocp4
  source: quay.io/openshift-release-dev/ocp-release
- mirrors:
  - registry.example.com:5000/ocp4
  source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
    • Bootstrap OS Image: This value contains the URL to the image to use for the bootstrap machine.
    • Cluster OS Image: This value contains the URL to the image to use for Red Hat OpenShift Container Platform cluster machines.

    • Additional Trust Bundle: This value provides the contents of the certificate file that is required to access the mirror registry.

      Note: If you are deploying managed clusters from a hub that is in a disconnected environment, and want them to be automatically imported post install, add an Image Content Source Policy to the install-config.yaml file by using the YAML editor. A sample entry is shown in the following example: 

      imageContentSources:
- mirrors:
  - registry.example.com:5000/rhacm2
  source: registry.redhat.io/rhacm2
  13. Click Create. When you create the provider connection, it is added to the list of provider connections.

You can create a cluster that uses this provider connection by completing the steps in Creating a cluster on bare metal.

6.5.3. Deleting your provider connection

When you are no longer managing a cluster that is using a provider connection, delete the provider connection to protect the information in the provider connection.

  1. From the navigation menu, navigate to Automate infrastructure > Clusters.
  2. Select Provider connections.
  3. Select the options menu beside the provider connection that you want to delete.
  4. Select Delete connection.