Skip to content

Instantly share code, notes, and snippets.

@praveen4g0

praveen4g0/clusterclaim.yaml

Last active November 26, 2022 21:18
Show Gist options
  • Save praveen4g0/811140c29267f7e56a557aa3490d8966 to your computer and use it in GitHub Desktop.
Save praveen4g0/811140c29267f7e56a557aa3490d8966 to your computer and use it in GitHub Desktop.
Download ZIP
How to setup psi single node clusters using openshift hive?
Raw
clusterclaim.yaml
apiVersion: hive.openshift.io/v1
kind: ClusterClaim
metadata:
name: gitops-01
namespace: devtools-qe
spec:
clusterPoolName: gitops-49
Raw
createfloatingips.sh
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd)"
CLUSTER_NAME=$1
export AWS_PROFILE=${AWS_PROFILE:-"aws-gitops"}
export DOMAIN=${DOMAIN:-"ocp-gitops-qe.com"}
export NETWORK=${NETWORK:-"provider_net_cci_8"}
export OS_CLOUD=${OS_CLOUD:-"psi-gitops"}
if [ -z $CLUSTER_NAME ]; then
echo -e "Specify desired cluster name as a parameter of this script \n"
echo "Usage:"
echo " $0 [name]"
exit 1
fi
echo "Cluster name: $CLUSTER_NAME"
if [ ! -f "$HOME/.config/openstack/secure.yaml" ] && [ ! -f "/etc/openstack/secure.yaml" ]; then
echo -n "File secure.yaml not found. See "
echo "https://docs.openstack.org/openstacksdk/latest/user/config/configuration.html#config-files for more info."
exit 2
fi
echo "Allocating a floating IP for cluster's API"
FIP1=$(openstack floating ip create --description "$CLUSTER_NAME-api" -f value -c floating_ip_address $NETWORK)
if [ $? != 0 ]; then
echo "Failed to allocate a floating IP for API"
exit 10
fi
echo "Allocating a floating IP for cluster's ingress"
FIP2=$(openstack floating ip create --description "$CLUSTER_NAME-ingress" -f value -c floating_ip_address $NETWORK)
if [ $? != 0 ]; then
echo "Failed to allocate a floating IP for ingress"
exit 10
fi
echo ""
echo ""
echo "FLOATING IP'S"
echo "========================================================================"
echo "cluster's apiFloatingIP api.$CLUSTER_NAME.$DOMAIN -> $FIP1"
echo ""
echo ""
echo "cluster's ingressFloatingIP *.apps.$CLUSTER_NAME.$DOMAIN -> $FIP2"
echo ""
echo ""
echo "========================================================================"
echo "Getting zone ID in Route53"
ZONES=$(aws route53 list-hosted-zones --output json)
ZONE_ID=$(echo $ZONES | jq -r ".HostedZones[] | select(.Name==\"$DOMAIN.\") | .Id")
if [ -z $ZONE_ID ]; then
echo "Domain $DOMAIN not found in Route53"
exit 20
fi
echo "Updating DNS records (cluster api's) in Route53"
RESPONSE=$(aws route53 change-resource-record-sets --hosted-zone-id $ZONE_ID --change-batch '{ "Comment": "Update A record for cluster API", "Changes": [ { "Action": "CREATE", "ResourceRecordSet": { "Name": "api.'$CLUSTER_NAME'.'$DOMAIN'", "Type": "A", "TTL": 172800, "ResourceRecords": [ { "Value": "'$FIP1'" } ] } } ] }' --output json)
if [ $? != 0 ]; then
echo "Failed to update A record for cluster"
echo "Releasing previously allocated floating IP"
openstack floating ip delete $FIP1
exit 25
fi
echo "Waiting for DNS change to propagate"
aws route53 wait resource-record-sets-changed --id $(echo $RESPONSE | jq -r '.ChangeInfo.Id')
echo "Updating DNS records (cluster ingress) in Route53"
RESPONSE=$(aws route53 change-resource-record-sets --hosted-zone-id $ZONE_ID --change-batch '{ "Comment": "Update A record for cluster API", "Changes": [ { "Action": "CREATE", "ResourceRecordSet": { "Name": "*.apps.'$CLUSTER_NAME'.'$DOMAIN'", "Type": "A", "TTL": 172800, "ResourceRecords": [ { "Value": "'$FIP2'" } ] } } ] }' --output json)
if [ $? != 0 ]; then
echo "Failed to update A record for cluster"
echo "Releasing previously allocated floating IP"
openstack floating ip delete $FIP2
exit 25
fi
echo "Waiting for DNS change to propagate"
aws route53 wait resource-record-sets-changed --id $(echo $RESPONSE | jq -r '.ChangeInfo.Id')
Raw
deletefloatingips.sh
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd)"
CLUSTER_NAME=$1
export AWS_PROFILE=${AWS_PROFILE:-"aws-gitops"}
export DOMAIN=${DOMAIN:-"ocp-gitops-qe.com"}
export NETWORK=${NETWORK:-"provider_net_cci_8"}
export OS_CLOUD=${OS_CLOUD:-"psi-gitops"}
if [ -z $CLUSTER_NAME ]; then
echo -e "Specify desired cluster name as a parameter of this script \n"
echo "Usage:"
echo " $0 [name]"
exit 1
fi
echo "Cluster name: $CLUSTER_NAME"
if [ ! -f "$HOME/.config/openstack/secure.yaml" ] && [ ! -f "/etc/openstack/secure.yaml" ]; then
echo -n "File secure.yaml not found. See "
echo "https://docs.openstack.org/openstacksdk/latest/user/config/configuration.html#config-files for more info."
exit 2
fi
echo "Getting zone ID in Route53"
ZONES=$(aws route53 list-hosted-zones --output json)
ZONE_ID=$(echo $ZONES | jq -r ".HostedZones[] | select(.Name==\"$DOMAIN.\") | .Id")
if [ -z $ZONE_ID ]; then
echo "Domain $DOMAIN not found in Route53"
exit 20
fi
echo "Deleting DNS records in Route53"
FIP1=$(dig +short api.$CLUSTER_NAME.$DOMAIN)
FIP2=$(dig +short x.apps.$CLUSTER_NAME.$DOMAIN)
echo "deleting route53 record for api"
RESPONSE=$(aws route53 change-resource-record-sets --hosted-zone-id $ZONE_ID --change-batch '{ "Comment": "Delete A record for cluster API", "Changes": [ { "Action": "DELETE", "ResourceRecordSet": { "Name": "api.'$CLUSTER_NAME'.'$DOMAIN'", "Type": "A", "TTL": 172800, "ResourceRecords": [ { "Value": "'$FIP1'" } ] } } ] }' --output json)
if [ $? != 0 ]; then
echo "Failed to delete A records for the cluster"
exit 6
fi
echo "Waiting for DNS change to propagate"
aws route53 wait resource-record-sets-changed --id $(echo $RESPONSE | jq -r '.ChangeInfo.Id')
echo "deleting route53 record for ingress"
RESPONSE=$(aws route53 change-resource-record-sets --hosted-zone-id $ZONE_ID --change-batch '{ "Comment": "Delete A record for cluster ingress", "Changes": [ { "Action": "DELETE", "ResourceRecordSet": { "Name": "*.apps.'$CLUSTER_NAME'.'$DOMAIN'", "Type": "A", "TTL": 172800, "ResourceRecords": [ { "Value": "'$FIP2'" } ] } } ] }' --output json)
if [ $? != 0 ]; then
echo "Failed to delete A records for the cluster, it's OK if previous installation failed."
else
echo "Waiting for DNS change to propagate"
aws route53 wait resource-record-sets-changed --id $(echo $RESPONSE | jq -r '.ChangeInfo.Id')
fi
echo "Releasing the floating IPs"
openstack floating ip delete $FIP1 $FIP2
Raw
getcreds.sh
#!/usr/bin/env bash
claim=${claim:-"$1"}
clusterpoolName=${clusterpoolName:-"$2"}
namespace=${namespace:-"devtools-qe"}
cat <<EOF | oc apply -f -
apiVersion: hive.openshift.io/v1
kind: ClusterClaim
metadata:
name: ${claim}
namespace: ${namespace}
spec:
clusterPoolName: ${clusterpoolName}
EOF
echo "Wait for 1h cluster to be claimed"
oc wait --for=condition=ClusterRunning=True clusterclaim ${claim} -n ${namespace} --timeout=1h
ns="$(oc get clusterclaim $claim -o jsonpath='{.spec.namespace}')"
echo "Web Console:"
echo "========================================================================"
oc -n $ns get cd $ns -o jsonpath='{ .status.webConsoleURL }'
echo ""
echo ""
echo "Credentials:"
echo "========================================================================"
oc extract -n $ns secret/$(oc -n $ns get cd $ns -o jsonpath='{.spec.clusterMetadata.adminPasswordSecretRef.name}') --to=-
echo ""
echo ""
echo "Kubeconfig:"
echo "========================================================================"
oc extract -n $ns secret/$(oc -n $ns get cd $ns -o jsonpath='{.spec.clusterMetadata.adminKubeconfigSecretRef.name}') --to=-
Raw
gettingstarted.osp.complete.yaml
apiVersion: v1
kind: List
items:
- apiVersion: hive.openshift.io/v1
kind: ClusterPool
metadata:
name: gitops-49
namespace: devtools-qe
spec:
baseDomain: ocp-gitops-qe.com
imageSetRef:
name: gitops-imageset-497 # see line 114
inventory:
- name: gitops-01
- name: gitops-02
platform:
openstack:
cloud: openstack
credentialsSecretRef:
name: gitops-rhos01-creds # see line 114
installConfigSecretTemplateRef:
name: gitops-install-config # see line 34
size: 2
maxSize: 2
skipMachinePools: true
- apiVersion: hive.openshift.io/v1
kind: ClusterDeploymentCustomization
metadata:
name: gitops-01
namespace: devtools-qe
spec:
installConfigPatches:
- op: replace
path: /platform/openstack/apiFloatingIP
value: 10.0.100.43
- op: replace
path: /platform/openstack/ingressFloatingIP
value: 10.0.102.75
- op: replace
path: /platform/openstack/externalNetwork
value: provider_net_cci_8
- op: replace
path: /metadata/name
value: gitops-01
- apiVersion: hive.openshift.io/v1
kind: ClusterDeploymentCustomization
metadata:
name: gitops-02
namespace: devtools-qe
spec:
installConfigPatches:
- op: replace
path: /platform/openstack/apiFloatingIP
value: 10.0.101.148
- op: replace
path: /platform/openstack/ingressFloatingIP
value: 10.0.100.206
- op: replace
path: /platform/openstack/externalNetwork
value: provider_net_cci_8
- op: replace
path: /metadata/name
value: gitops-02
- apiVersion: hive.openshift.io/v1
kind: ClusterImageSet
metadata:
name: gitops-imageset-497
namespace: devtools-qe
spec:
releaseImage: quay.io/openshift-release-dev/ocp-release:4.9.7-x86_64
Raw
secrets.env
AWS_ACCESS_KEY_ID=xxxxxxxx
AWS_SECRET_ACCESS_KEY=xxxxxxxx
DYNDNS_USERNAME=xxxxxxxx
DYNDNS_PASSWORD=xxxxxxx
PSI_CLOUD_USERNAME=xxxxxxxxx
PSI_CLOUD_PASSWORD=xxxxxxxx
Raw
secrets.sh
#!/bin/bash
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd)"
echo "Configure secrets"
if [ ! -f "$DIR/secrets.env" ]; then
echo "You have to provide file $DIR/secrets.env!"
exit 1
fi
if [ ! -f "$DIR/pull-secret" ]; then
echo "You have to provide file $DIR/pull-secret! You can download it from https://www.openshift.com/try."
exit 2
fi
if [ ! -f "$DIR/psi-gitops-shared.pem" ]; then
echo "You have to provide file $DIR/psi-gitops-shared.pem! Ask any QE team member to share it with you."
exit 2
fi
if [ ! -f "$DIR/psi-gitops-shared.pub" ]; then
echo "You have to provide file $DIR/psi-gitops-shared.pub! Ask any QE team member to share it with you."
exit 2
fi
if [ ! -f "$DIR/RH-IT-Root-CA.crt" ]; then
echo "You have to provide file $DIR/RH-IT-Root-CA.crt! Ask any QE team member to share it with you."
exit 2
fi
source "$DIR/secrets.env"
if [[ "$OSTYPE" == "darwin"* ]]; then
ENCODE_BASE64="base64"
else
ENCODE_BASE64="base64 -w 0"
fi
ENCODED_PULL_SECRET=$(cat $DIR/pull-secret | $ENCODE_BASE64)
ENCODED_SSH_PRIVATE_KEY=$(cat $DIR/psi-gitops-shared.pem | $ENCODE_BASE64)
SSH_PUBLIC_KEY=$(cat $DIR/psi-gitops-shared.pub)
RH_IT_ROOT_CA=$(cat $DIR/RH-IT-Root-CA.crt)
QUAY_IO_USERNAME=$(cat $DIR/pull-secret | jq -r '.auths["quay.io"].auth' | base64 -d | cut -d":" -f1)
QUAY_IO_PASSWORD=$(cat $DIR/pull-secret | jq -r '.auths["quay.io"].auth' | base64 -d | cut -d":" -f2)
REGISTRY_RH_IO_USERNAME=$(cat $DIR/pull-secret | jq -r '.auths["registry.redhat.io"].auth' | base64 -d | cut -d":" -f1)
REGISTRY_RH_IO_PASSWORD=$(cat $DIR/pull-secret | jq -r '.auths["registry.redhat.io"].auth' | base64 -d | cut -d":" -f2)
echo -e "\nConfiguring secerts"
sed -e "s,\$SSH_PUBLIC_KEY,$SSH_PUBLIC_KEY,g" \
-e "s,\$ENCODED_PULL_SECRET,$ENCODED_PULL_SECRET,g" \
-e "s,\$PSI_CLOUD_USERNAME,$PSI_CLOUD_USERNAME,g" \
-e "s,\$PSI_CLOUD_PASSWORD,$PSI_CLOUD_PASSWORD,g" \
"$DIR/secrets.yaml" | oc apply -f -
Raw
secrets.yaml
apiVersion: v1
kind: List
items:
- apiVersion: v1
kind: Secret
metadata:
name: gitops-install-config
namespace: devtools-qe
type: Opaque
stringData:
install-config.yaml: |
apiVersion: v1
baseDomain: ocp-gitops-qe.com
compute:
- name: worker
platform:
openstack:
type: ci.memory.medium
replicas: 0
controlPlane:
name: master
platform:
openstack:
type: ci.standard.xxxl
replicas: 1
metadata:
name: demo1
networking:
clusterNetwork:
- cidr: 10.128.0.0/14
hostPrefix: 23
machineNetwork:
- cidr: 192.169.0.0/16
networkType: OpenShiftSDN
serviceNetwork:
- 172.30.0.0/16
platform:
openstack:
cloud: "openstack"
computeFlavor: m1.large
externalDNS: null
externalNetwork: shared_net_5
pullSecret: '$ENCODED_PULL_SECRET'
sshKey: |
$SSH_PUBLIC_KEY
- apiVersion: v1
kind: Secret
metadata:
name: gitops-rhos01-creds
namespace: devtools-qe
type: Opaque
stringData:
clouds.yaml: |
clouds:
openstack:
auth:
auth_url: "https://rhos-d.infra.prod.upshift.rdu2.redhat.com:13000"
project_id: ""
project_name: "openshift-gitops"
user_domain_name: "redhat.com"
username: "$PSI_CLOUD_USERNAME"
password: "$PSI_CLOUD_PASSWORD"
region_name: "regionOne"
interface: "public"
identity_api_version: 3
@praveen4g0
Copy link
Author

  • chmod +x secrets.sh
  • [get-access to kubernetes cluster] from here
  • login to cluster to specific namespace
  • As of now workloads hard coded to namespace will update it soon to pass ns as a parameter

update secrets.env and provide teams ssh public keys, pull secrets
./secrets.sh

oc apply -f gettingstarted.osp.complete.yaml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment