Installing while connected online

The multicluster engine for Kubernetes operator is installed with Operator Lifecycle Manager, which manages the installation, upgrade, and removal of the components that encompass the multicluster engine for Kubernetes engine.

Required access: Cluster administrator

Important:

You must install multicluster engine for Kubernetes on a cluster that does not have Red Hat Advanced Cluster Management for Kubernetes installed. The multicluster engine for Kubernetes cannot co-exist with Red Hat Advanced Cluster Management for Kubernetes because they provide some of the same management components. It is recommended that you install multicluster engine for Kubernetes on a cluster that has never previously installed Red Hat Advanced Cluster Management.
For OpenShift Container Platform Dedicated environment, you must have cluster-admin permissions. By default dedicated-admin role does not have the required permissions to create namespaces in the OpenShift Container Platform Dedicated environment.
By default, the engine components are installed on worker nodes of your OpenShift Container Platform cluster without any additional configuration. You can install the engine onto worker nodes by using the OpenShift Container Platform OperatorHub web console interface, or by using the OpenShift Container Platform CLI.
If you have configured your OpenShift Container Platform cluster with infrastructure nodes, you can install the engine onto those infrastructure nodes by using the OpenShift Container Platform CLI with additional resource parameters. Not all engine components have infrastructure node support, so some worker nodes are still required when installing multicluster engine for Kubernetes on infrastructure nodes. See the Installing the multicluster engine for Kubernetes engine on infrastructure node section for those details.
If you plan to import Kubernetes clusters that were not created by OpenShift Container Platform or multicluster engine for Kubernetes, you will need to configure an image pull secret. For information on how to configure an image pull secret and other advanced configurations, see options in the Advanced configuration section of this documentation.

Prerequisites

Before you install multicluster engine for Kubernetes, see the following requirements:

Your RedHat OpenShift Container Platform cluster must have access to the multicluster engine for Kubernetes operator in the OperatorHub catalog from the OpenShift Container Platform console.
You need access to the catalog.redhat.com.
OpenShift Container Platform version 4.6, or later, must be deployed in your environment, and you must be logged into with the OpenShift Container Platform CLI. OpenShift Container Platform version 4.6, or later, must be deployed in your environment, and you must be logged into with the OpenShift Container Platform CLI. See the following install documentation for OpenShift Container Platform:
Your OpenShift Container Platform command line interface (CLI) must be configured to run oc commands. See Getting started with the CLI for information about installing and configuring the OpenShift Container Platform CLI.
Your OpenShift Container Platform permissions must allow you to create a namespace.
You must have an Internet connection to access the dependencies for the operator.
To install in a OpenShift Container Platform Dedicated environment, see the following:
- You must have the OpenShift Container Platform Dedicated environment configured and running.
- You must have cluster-admin authority to the OpenShift Container Platform Dedicated environment where you are installing the engine.

Confirm your OpenShift Container Platform installation

You must have a supported OpenShift Container Platform version, including the registry and storage services, installed and working. For more information about installing OpenShift Container Platform, see the OpenShift Container Platform documentation.

Verify that a multicluster engine for Kubernetes engine operator is not already installed on your OpenShift Container Platform cluster. The multicluster engine for Kubernetes operator allows only one single installation on each OpenShift Container Platform cluster. Continue with the following steps if there is no installation.
To ensure that the OpenShift Container Platform cluster is set up correctly, access the OpenShift Container Platform web console with the following command:
```
kubectl -n openshift-console get route
```
See the following example output:
```
openshift-console console console-openshift-console.apps.new-coral.purple-chesterfield.com
console   https   reencrypt/Redirect     None
```
Open the URL in your browser and check the result. If the console URL displays console-openshift-console.router.default.svc.cluster.local, set the value for openshift_master_default_subdomain when you install OpenShift Container Platform. See the following example of a URL: https://console-openshift-console.apps.new-coral.purple-chesterfield.com.

You can proceed to install multicluster engine for Kubernetes.

Installing from the OperatorHub web console interface

Best practice: From the Administrator view in your OpenShift Container Platform navigation, install the OperatorHub web console interface that is provided with OpenShift Container Platform.

Select Operators > OperatorHub to access the list of available operators, and select multicluster engine for Kubernetes operator.
Click Install.
On the Operator Installation page, select the options for your installation:
- Namespace:
  - The multicluster engine for Kubernetes engine must be installed in its own namespace, or project.
  - By default, the OperatorHub console installation process creates a namespace titled multicluster-engine. Best practice: Continue to use the multicluster-engine namespace if it is available.
  - If there is already a namespace named multicluster-engine, choose a different namespace.
- Channel: The channel that you select corresponds to the release that you are installing. When you select the channel, it installs the identified release, and establishes that the future errata updates within that release are obtained.
- Approval strategy: The approval strategy identifies the human interaction that is required for applying updates to the channel or release to which you subscribed.
  - Select Automatic, which is selected by default, to ensure any updates within that release are automatically applied.
  - Select Manual to receive a notification when an update is available. If you have concerns about when the updates are applied, this might be best practice for you.
Note: To upgrade to the next minor release, you must return to the OperatorHub page and select a new channel for the more current release.
Select Install to apply your changes and create the operator.
See the following process to create the MultiClusterEngine custom resource.
1. In the OpenShift Container Platform console navigation, select Installed Operators > multicluster engine for Kubernetes.
2. Select the MultiCluster Engine tab.
3. Select Create MultiClusterEngine.
4. Update the default values in the YAML file. See options in the MultiClusterEngine advanced configuration section of the documentation.
  - The following example shows the default template that you can copy into the editor:
  apiVersion: multicluster.openshift.io/v1alpha1 kind: MultiClusterEngine metadata: name: multiclusterengine spec: {}
Select Create to initialize the custom resource. It can take up to 10 minutes for the multicluster engine for Kubernetes engine to build and start.

After the MultiClusterEngine resource is created, the status for the resource is Available on the MultiCluster Engine tab.

Installing from the OpenShift Container Platform CLI

Create a multicluster engine for Kubernetes engine namespace where the operator requirements are contained. Run the following command, where namespace is the name for your multicluster engine for Kubernetes engine namespace. The value for namespace might be referred to as Project in the OpenShift Container Platform environment:
```
oc create namespace <namespace>
```
Switch your project namespace to the one that you created. Replace namespace with the name of the multicluster engine for Kubernetes engine namespace that you created in step 1.
```
oc project <namespace>
```
Create a YAML file to configure an OperatorGroup resource. Each namespace can have only one operator group. Replace default with the name of your operator group. Replace namespace with the name of your project namespace. See the following example:
```
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: <default>
spec:
  targetNamespaces:
  - <namespace>
```
Run the following command to create the OperatorGroup resource. Replace operator-group with the name of the operator group YAML file that you created:
```
oc apply -f <path-to-file>/<operator-group>.yaml
```
Create a YAML file to configure an OpenShift Container Platform Subscription. Your file should look similar to the following example:
```
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: multicluster-engine
spec:
  sourceNamespace: openshift-marketplace
  source: redhat-operators
  channel: stable-1.0
  installPlanApproval: Automatic
  name: multicluster-engine
```
Note: For installing the multicluster engine for Kubernetes engine on infrastructure nodes, the see Operator Lifecycle Manager Subscription additional configuration section.
Run the following command to create the OpenShift Container Platform Subscription. Replace subscription with the name of the subscription file that you created:
```
oc apply -f <path-to-file>/<subscription>.yaml
```
Create a YAML file to configure the MultiClusterEngine custom resource. Your default template should look similar to the following example:
```
apiVersion: multicluster.openshift.io/v1alpha1
kind: MultiClusterEngine
metadata:
  name: multiclusterengine
spec: {}
```
Note: For installing the multicluster engine for Kubernetes engine on infrastructure nodes, see the MultiClusterEngine custom resource additional configuration section:
Run the following command to create the MultiClusterEngine custom resource. Replace custom-resource with the name of your custom resource file:
```
oc apply -f <path-to-file>/<custom-resource>.yaml
```
If this step fails with the following error, the resources are still being created and applied. Run the command again in a few minutes when the resources are created:
```
error: unable to recognize "./mce.yaml": no matches for kind "MultiClusterEngine" in version "operator.multicluster-engine.io/v1"
```
Run the following command to get the custom resource. It can take up to 10 minutes for the MultiClusterEngine custom resource status to display as Available in the status.phase field after you run the following command:
```
oc get mce -o=jsonpath='{.items[0].status.phase}'
```

If you are reinstalling the multicluster engine for Kubernetes operator and the pods do not start, see Troubleshooting reinstallation failure for steps to work around this problem.

Notes:

A ServiceAccount with a ClusterRoleBinding automatically gives cluster administrator privileges to multicluster engine for Kubernetes and to any user credentials with access to the namespace where you install multicluster engine for Kubernetes.

Installing on infrastructure nodes

An OpenShift Container Platform cluster can be configured to contain infrastructure nodes for running approved management components. Running components on infrastructure nodes avoids allocating OpenShift Container Platform subscription quota for the nodes that are running those management components.

After adding infrastructure nodes to your OpenShift Container Platform cluster, follow the Installing from the OpenShift Container Platform CLI instructions and add the following configurations to the Operator Lifecycle Manager Subscription and MultiClusterEngine custom resource.

Add infrastructure nodes to the OpenShift Container Platform cluster

Follow the procedures that are described in Creating infrastructure machine sets in the OpenShift Container Platform documentation. Infrastructure nodes are configured with a Kubernetes taint and label to keep non-management workloads from running on them.

To be compatible with the infrastructure node enablement provided by multicluster engine for Kubernetes, ensure your infrastructure nodes have the following taint and label applied:

metadata:
  labels:
    node-role.kubernetes.io/infra: ""
spec:
  taints:
  - effect: NoSchedule
    key: node-role.kubernetes.io/infra

Operator Lifecycle Manager Subscription additional configuration

Add the following additional configuration before applying the Operator Lifecycle Manager Subscription:

spec:
  config:
    nodeSelector:
      node-role.kubernetes.io/infra: ""
    tolerations:
    - key: node-role.kubernetes.io/infra
      effect: NoSchedule
      operator: Exists

MultiClusterEngine custom resource additional configuration

Add the following additional configuration before applying the MultiClusterEngine custom resource:

spec:
  nodeSelector:
    node-role.kubernetes.io/infra: ""