1.18.2.9. 部署策略以更改受管集群参数

ClusterVersion 策略推送到受管集群,以更改其检索升级的默认位置。

  1. 在受管集群中,输入以下命令确认 ClusterVersion upstream 参数目前是默认公共 OpenShift Update Service 操作对象:

    oc get clusterversion -o yaml

    返回的内容可能类似以下内容:

    apiVersion: v1
    items:
    - apiVersion: config.openshift.io/v1
      kind: ClusterVersion
    [..]
      spec:
        channel: stable-4.4
        upstream: https://api.openshift.com/api/upgrades_info/v1/graph
  2. 在 hub 集群中,输入以下命令来识别到 OpenShift Update Service 操作对象:oc get routes

    提示: 记录这个值以便在以后的步骤中使用。

  3. 在 hub 集群 Red Hat Advanced Cluster Management 控制台菜单中,选择 Governance > Create a policy
  4. YAML 切换设置为 On 以查看策略的 YAML 版本。
  5. 删除 YAML 代码中的所有内容。
  6. 将以下 YAML 内容粘贴到窗口以创建自定义策略:

    apiVersion: policy.open-cluster-management.io/v1
    kind: Policy
    metadata:
      name: policy-pod
      namespace: default
      annotations:
        policy.open-cluster-management.io/standards:
        policy.open-cluster-management.io/categories:
        policy.open-cluster-management.io/controls:
    spec:
      disabled: false
      policy-templates:
        - objectDefinition:
            apiVersion: policy.open-cluster-management.io/v1
            kind: ConfigurationPolicy
            metadata:
              name: policy-pod-sample-nginx-pod
            spec:
              object-templates:
                - complianceType: musthave
                  objectDefinition:
                    apiVersion: v1
                    kind: Pod
                    metadata:
                      name: sample-nginx-pod
                      namespace: default
                    status:
                      phase: Running
              remediationAction: inform
              severity: low
      remediationAction: enforce
    ---
    apiVersion: policy.open-cluster-management.io/v1
    kind: PlacementBinding
    metadata:
      name: binding-policy-pod
      namespace: default
    placementRef:
      name: placement-policy-pod
      kind: PlacementRule
      apiGroup: apps.open-cluster-management.io
    subjects:
    - name: policy-pod
      kind: Policy
      apiGroup: policy.open-cluster-management.io
    ---
    apiVersion: apps.open-cluster-management.io/v1
    kind: PlacementRule
    metadata:
      name: placement-policy-pod
      namespace: default
    spec:
      clusterConditions:
      - status: "True"
        type: ManagedClusterConditionAvailable
      clusterSelector:
        matchExpressions:
          []  # selects all clusters if not specified
  7. 将以下内容添加到 policy 项中的 policy.spec 部分:

    apiVersion: config.openshift.io/v1
      kind: ClusterVersion
      metadata:
        name: version
      spec:
        channel: stable-4.4
        upstream: https://example-cincinnati-policy-engine-uri/api/upgrades_info/v1/graph

    spec.upstream 值替换为 hub 集群 OpenShift Update Service 操作对象的路径。

    提示: 您可以完成以下步骤以确定操作对象的路径:

    1. 在 hub 集群上运行 oc get get routes -A 命令。
    2. 找到到 cincinnati 的路由。+ 到操作对象的路径是 HOST/PORT 字段的值。
  8. 在受管集群 CLI 中,使用以下命令确认 ClusterVersion 中的上游参数已使用本地 hub 集群 OpenShift Update Service URL 更新:

    oc get clusterversion -o yaml

    结果应该类似以下内容:

    apiVersion: v1
    items:
    - apiVersion: config.openshift.io/v1
      kind: ClusterVersion
    [..]
      spec:
        channel: stable-4.4
        upstream: https://<hub-cincinnati-uri>/api/upgrades_info/v1/graph