Citrix Virtual Apps and Desktops

Red Hat OpenShift virtualization environments (Preview)

May 2, 2025

Contributed by:

Citrix manages your Red Hat OpenShift workloads through a Citrix-managed OpenShift plug-in. With this plug-in, you can create hosting connections and hosting units to your OpenShift cluster, create catalogs, and power manage machines in the catalog.

Note:

The OpenShift plug-in is tested with Red Hat OpenShift cluster versions 4.17 and 4.18.

Key steps

Set up your Red Hat OpenShift environment.
Create a connection and a resource to the OpenShift cluster.
Create a machine catalog.
Create a delivery group.

Set up your Red Hat OpenShift environment

Create an OpenShift cluster and obtain the cluster API address: In the OpenShift console, after setting up a cluster, navigate to Home > Overview > Details, and get the cluster API address.
Create a service account and obtain the service account token using the OpenShift command-line interface (CLI) (oc command): The service account token is the authentication credential associated with the service account. The service account is used to authenticate the OpenShift plug-in with OpenShift. Each service account is associated with one namespace.
Configure permissions for the service account: A service account can have multiple roles, and each role consists of permissions that define what actions the OpenShift Plugin can perform on which resources. The roles are bound through Role Bindings, and there are two types of Role Bindings:
1. Cluster-wide Role Binding: used for receiving events from OpenShift. Namespace-bound Role Binding: used for managing VMs in a specific namespace.
2. Namespace-bound Role Binding: used for managing VMs in a specific namespace.
Create a namespace (Project): Namespace in OpenShift is an isolated environment that groups resources like VMs or networks, allowing better organization and access control. Namespace is the Kubernetes term, while Project is the OpenShift term. From the OpenShift Plugin perspective, they are the same. A namespace is required to deploy the VMs. Use the OpenShift console or OpenShift Container Platform CLI to create the name space.
Create one network attachment definition under the target namespace: Network attachment definitions specify the networking configuration for VMs running in OpenShift. Under Networking > NetworkAttachmentDefinitions, you can see the Network Attachment Definitions for each Namespace.
Configure the storage classes: Storage classes define how VM storage is allocated. Under Storage > StorageClass, you can configure and see the list of storage providers.

Create a service account

Download and unzip oc Command Line Tool.
Access the OpenShift Console using your login ID.
Click your user profile and click Copy login command.
Click Display Token and copy the token.

Run the login command using oc Command Line. Example:

.\oc.exe login --token=<token> --server=<server address>
<!--NeedCopy-->

Create a service account.
- If you want to create the service account under the default namespace, run:
```
 .\oc.exe create sa <service account name>
 
```
- If you want to create the service account under your own namespace, run:
```
 .\oc.exe create sa <service account name> -n mynamespace
 
```

Create a YAML file for secret. Example:

If you create the service account under the default namespace:

 apiVersion: v1
 kind: Secret
 metadata:
 name: service account name
 annotations:
 kubernetes.io/service-account.name: service account name
 type: kubernetes.io/service-account-token
 <!--NeedCopy-->

If you create the service account under your own namespace:

apiVersion: v1
kind: Secret
metadata:
name: service account name
namespace: mynamespace
annotations:
kubernetes.io/service-account.name: service account name
 type: kubernetes.io/service-account-token
 <!--NeedCopy-->

Apply the YAML.
```
.\oc.exe apply -f <yamlFile.yaml>

```
Note:

The oc describes the secret to get the token. The token is used as a password.

Create roles and role bindings for the service account

With the cluster-wide role binding, the service account has permissions to read all VM events across the cluster, allowing the OpenShift plug-in to maintain a single event watcher for all VM-related events.

With the namespace role binding the service account has permissions to manage VMs in the target namespace.

You can use a script to create roles and bind them to a service account, or you can create roles and role bindings using the OpenShift console or CLI.

Where to go next

Install core components
Install VDAs
Create a site
For creating and managing a connection, see Connection to Red Hat OpenShift

More information

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

Red Hat OpenShift virtualization environments (Preview)

May 2, 2025

Contributed by:

May 2, 2025

Contributed by:

Red Hat OpenShift virtualization environments (Preview)

Key steps

Set up your Red Hat OpenShift environment

Create a service account

Create roles and role bindings for the service account

Where to go next

More information

In this article