Welcome! The open-cluster-management.io project is focused on enabling end-to-end visibility and control across your Kubernetes clusters.
The Open Cluster Management (OCM) architecture uses a hub - agent model. The hub centralizes control of all the managed clusters. An agent, which we call the klusterlet, resides on each managed cluster to manage registration to the hub and run instructions from the hub.
OCM is a Cloud Native Computing Foundation (CNCF) sandbox project.
You can use the clusteradm CLI to bootstrap a control plane for multicluster management. The following diagram illustrates the deployment architecture for OCM:
To setup a multicluster environment with OCM enabled on your local machine, follow the instructions in setup dev environment.
There are a number of key use cases that are enabled by this project, and are categorized to 3 sub projects.
OCM has a group of APIs to provide the foundational functions in multiple cluster management.
The journey of cluster management starts with Cluster Registration which follows a double opt-in protocol to establish a MTLS connection from the agent on the managed cluster (Klusterlet) to the hub (Cluster Manager). After this, users or operands on the hub can declare ManifestWorks which contains a slice of Kubernetes resource manifests to be distributed and applied to a certain managed cluster. To schedule workloads to a certain set of clusters, users can also declare a Placement on the hub to dynamically select a set of clusters with certain criteria.
In addition, developers can leverage Addon framework to build their own management tools or integrate with other open source projects to extend the multicluster management capability. OCM maintaines two built-in addons for application lifecycle and security governance.
Leverage the Argo CD add-on for OCM to enable decentralized, pull based application deployment to managed clusters.
The OCM Argo CD add-on uses a hub-spoke architecture to deliver Argo CD Applications from the OCM hub cluster to registered managed clusters. Unlike traditional push-based deployment models, this pull mechanism provides several advantages:
- Scalability: hub-spoke pattern may offers better scalability.
- Security: cluster credentials doesn't have to be stored in a centralized environment may enhance security.
- It may reduce the impact of a single point of centralized failure.
Using OCM APIs and components, Argo CD Applications can be managed centrally while being pulled and applied locally at the managed cluster level. See Argo CD OCM add-on for details on installing the add-on and deploying applications across multiple clusters.
- Use prebuilt security and configuration controllers to enforce policies on Kubernetes configuration across your clusters.
Policy controllers allow the declarative expression of a desired condition that can be audited or enforced against a set of managed clusters. Policies allow you to drive cross-cluster configuration or validate that a certain configuration explicitly does not exist.
The following repositories describe the underlying API and controllers for the GRC model:
We are constantly working with other open source projects to make multicluster management easier.
- Submariner is a project that provides multicluster networking connectivity. Users can benefit from a Submariner addon, which automates the deployment and management of multicluster networking.
- Clusternet is another project that provides multicluster orchestration, which can be easily plug into OCM with clusternet addon
- KubeVela is a modern application delivery platform that makes deploying and operating applications across today's hybrid, multi-cloud environments easier, faster and more reliable. Note that OCM is also available as an vela addon in KubeVela.
See the following options to connect with the community: