Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-7523

[doc] Bump ManagedServiceAccount API version to v1beta1

XMLWordPrintable

    • False
    • None
    • False
    • No

      Create an informative issue (See each section, incomplete templates/issues won't be triaged)

      Using the current documentation as a model, please complete the issue template. 

      Note: Doc team updates the current version and the two previous versions (n-2). For earlier versions, we will address only high-priority, customer-reported issues for releases in support.

      Prerequisite: Start with what we have

      Always look at the current documentation to describe the change that is needed. Use the source or portal link for Step 4:

       - Use the Customer Portal: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes

       - Use the GitHub link to find the staged docs in the repository: https://github.com/stolostron/rhacm-docs 

      Describe the changes in the doc and link to your dev story

      Provide info for the following steps:

      1. - [x] Mandatory Add the required version to the Fix version/s field.  ACM 2.9.0/MCE 2.4.0

      2. - [x] Mandatory Choose the type of documentation change.

            - [x] New topic in an existing section or new section: addon new know issues
            - [x] Update to an existing topic: update managedServiceAccount API version from v1alpha1 to v1beta1 for the existing topics

      3. - [x] Mandatory for GA content:
                  
             - [x] Add steps and/or other important conceptual information here: 

      Update managedServiceAccount API version from v1alpha1 to v1beta1 for the existing topics

      there is a new v1beta1 version API, v1alpha1 can still be used in ACM 2.9, but will be deprecated in ACM 2.10 and removed in ACM 2.11, need to update version in the following topics:

      1. https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/multicluster_engine/managed-serviceaccount-addon
      2. https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/multicluster_engine/apis#serviceaccount-api 

      Known issues

      1. issue1: when enabling the managed-serviceaccount addon, ManagedClusterAddOn.spec.installNamespace must be "open-cluster-management-agent-addon", other values will be ignored and the managed serviceaccount addon agent will be deployed in the "open-cluster-management-agent-addon" namespace on the managed cluster.
      2. issue2: "tolerations" and "nodeSelector" configured on the multiclusterengines/multiclusterhubs will not take effect on the managed-serviceaccount agent deployed on the local-cluster/hub. (In most cases, the managed-serviceaccount addon is not needed on the local-cluster), the workaround is to create an addonDeploymentgConfig to set the "tolerations" and "nodeSelector" for the local-cluster managed-serviceaccount agent, then update the managed-serviceaccount ManagedClusterAddon in the local-cluster namespace to use the addontDeploymenConfig we just created. we already have a link for how to use the addonDeploymentConfig CR to configure the "tolerations" and "nodeSelector" for addons: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.8/html-single/add-ons/index?lb_target=stage#configure-nodeselector-tolerations-addons 

             - [x] Add Required access level for the user to complete the task here:
             

      • The user will need access to the MultiClusterEngine CR to enable or disable ManagedServiceAccount within the cluster environment.
      • The user will need access to ManagedClusterAddon CR to enable or disable ManagedServiceAccount for a specific managed cluster
      • The user will need access to ManagedServiceAccount CR to use the addon

       

             - [x] Add verification at the end of the task, how does the user verify success (a command to run or a result to see?)

      • The user can verify that the managedserviceaccount addon is working by creating a ManagedServiceAccount in the target managed cluster namespace on the hub cluster, and then getting the ManagedServiceAccount to verify if there is "tokenSecretRef" in the status of the ManagedServiceAccount CR.

       

             - [x] Add link to dev story here: https://issues.redhat.com/browse/ACM-7072

       

      4. - [ ] Mandatory for bugs: What is the diff? Clearly define what the problem is, what the change is, and link to the current documentation:

       

              rh-ee-ofischer Oliver Fischer
              jiazhu@redhat.com Jian Zhu
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: