diff --git a/README.md b/README.md index 975ade4d3..9aaaf8b84 100644 --- a/README.md +++ b/README.md @@ -85,21 +85,25 @@ Initialize the hub by deploying the hub side resources to manage clusters. `clusteradm init [--use-bootstrap-token]` it returns the command line to launch on the spoke to join the hub. +> NOTE: Do not run init command against a [multicluster-controlplane](https://github.com/open-cluster-management-io/multicluster-controlplane) instance. It is already an initialized hub on start. Instead, use `clusteradm get token --use-bootstrap-token` to get the join command. ### get token Get the latest token to import a new managed cluster. `clusteradm get token --context ${CTX_HUB_CLUSTER}` - ### join Install the agent on the spoke. -`clusteradm join --hub-token --hub-apiserver --cluster-name c1` +`clusteradm join --hub-token --hub-apiserver --cluster-name c1 [--ca-file ] [--force-internal-endpoint-lookup]` it returns the command line to launch on the hub the accept the spoke onboarding. +> NOTE: The `--ca-file` flag is used to provide a valid CA for hub. The ca data is fetched from cluster-info configmap in kube-public namespace of the hub cluster, then from kube-root-ca.crt configmap in kube-public namespace if the cluster-info configmap does not exist. + +> NOTE: If you're trying to join a hub cluster which is initialized from a kind cluster, please set the `--force-internal-endpoint-lookup` flag. + ### accept Accept the CSRs on the hub to approve the spoke clusters to join the hub. @@ -111,6 +115,7 @@ Accept the CSRs on the hub to approve the spoke clusters to join the hub. Uninstall the agent on the spoke `clusteradm unjoin --cluster-name c1` +> Note: the applied resources on managed cluster would be checked and prompt a warning if still exist any. ### clean diff --git a/pkg/cmd/join/cmd.go b/pkg/cmd/join/cmd.go index 685f5b1b6..8449b6919 100644 --- a/pkg/cmd/join/cmd.go +++ b/pkg/cmd/join/cmd.go @@ -11,10 +11,12 @@ import ( ) var example = ` -# Join a cluster to the hub +# Join a cluster to the hub %[1]s join --hub-token --hub-apiserver --cluster-name -# Join a cluster to the hub with hosted mode -%[1]s join --hub-token --hub-apiserver --cluster-name --mode hosted --managed-cluster-kubeconfig +# join a cluster to the hub with hosted mode +%[1]s join --hub-token --hub-apiserver --cluster-name --mode hosted --managed-cluster-kubeconfig +# join a cluster to the hub while the hub provided no valid CA data in kube-public namespace +%[1]s join --hub-token --hub-apiserver --cluster-name --ca-file ` // NewCmd ... diff --git a/pkg/cmd/join/exec.go b/pkg/cmd/join/exec.go index 88e45ab96..dd8e338a5 100644 --- a/pkg/cmd/join/exec.go +++ b/pkg/cmd/join/exec.go @@ -128,7 +128,7 @@ func (o *Options) complete(cmd *cobra.Command, args []string) (err error) { // code logic of building hub client in join process: // 1. use the token and insecure to fetch the ca data from cm in kube-public ns - // 2. if not found, assume using a authorized ca. + // 2. if not found, assume using an authorized ca. // 3. use the ca and token to build a secured client and call hub //Create an unsecure bootstrap