VirtualMachine actions Tech Preview - stolostron/search-v2-operator GitHub Wiki
Red Hat Advanced Cluster Management provides visibility to Virtual Machine resources across all the clusters it manages. The Search feature allows you to list and filter the Virtual Machine resources created with the Openshift Virtualization operator.
Starting with ACM 2.12, we are added a Virtual Machine view to the infrastructure menu on the main navigation. We also added the ability to trigger actions on the Virtual Machine resources shown on the ACM console.
The actions available from ACM are:
- Start
- Stop
- Restart
- Pause
- Unpause
This Technical Preview feature needs to be enabled with the following steps.
- Enable ACM console to show the actions. Update this config map.
oc patch configmap console-mce-config -n multicluster-engine -p '{"data": {"VIRTUAL_MACHINE_ACTIONS": "enabled"}}' - For each managed cluster, create and configure a ManagedServiceAccount to execute the action. Note that you'll need to repeat this step after adding new managed clusters. Save the yaml file below and use
oc apply -n {MANAGED_CLUSTER} -f /path/to/fileapiVersion: authentication.open-cluster-management.io/v1beta1 kind: ManagedServiceAccount metadata: name: vm-actor labels: app: search spec: rotation: {} --- apiVersion: rbac.open-cluster-management.io/v1alpha1 kind: ClusterPermission metadata: name: vm-actions labels: app: search spec: clusterRole: rules: - apiGroups: - subresources.kubevirt.io resources: - virtualmachines/start - virtualmachines/stop - virtualmachines/restart - virtualmachineinstances/pause - virtualmachineinstances/unpause verbs: - update clusterRoleBinding: subject: kind: ServiceAccount name: vm-actor namespace: open-cluster-management-agent-addon
Automating the configuration
The following script automates the configuration steps above.
# Enable Virtual Machine actions tech preview in the console.
oc patch configmap console-mce-config -n multicluster-engine -p '{"data": {"VIRTUAL_MACHINE_ACTIONS": "enabled"}}'
# Create configuration resources for each Managed Cluster.
echo -e "\nCreating a ManagedServiceAccount and associated ClusterPermission resource for each Managed Cluster...\n"
MANAGED_CLUSTERS=($(oc get managedcluster -o custom-columns=NAME:.metadata.name --no-headers))
if [ ${#MANAGED_CLUSTERS[@]} -eq 0 ]; then
echo "❌ No managed clusters found. Exiting."
exit 1
fi
for MANAGED_CLUSTER in "${MANAGED_CLUSTERS[@]}"; do
oc apply -n "${MANAGED_CLUSTER}" -f - << EOF
apiVersion: authentication.open-cluster-management.io/v1beta1
kind: ManagedServiceAccount
metadata:
name: vm-actor
labels:
app: search
spec:
rotation: {}
---
apiVersion: rbac.open-cluster-management.io/v1alpha1
kind: ClusterPermission
metadata:
name: vm-actions
labels:
app: search
spec:
clusterRole:
rules:
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachines/start
- virtualmachines/stop
- virtualmachines/restart
- virtualmachineinstances/pause
- virtualmachineinstances/unpause
verbs:
- update
clusterRoleBinding:
subject:
kind: ServiceAccount
name: vm-actor
namespace: open-cluster-management-agent-addon
EOF
done
echo "🚀 Virtual Machine tech preview setup complete."
Disable and delete resources
# Disable Virtual Machine actions tech preview in the console.
oc patch configmap console-mce-config -n multicluster-engine -p '{"data": {"VIRTUAL_MACHINE_ACTIONS": "disabled"}}'
# Delete ManagedServiceAccounts and ClusterPermissions used by VM actions
oc delete managedserviceaccount,clusterpermission -A -l app=search
echo "🚀 Virtual Machine tech preview cleanup complete."