Are you looking for older content that used to exist here? If so, please check out the v1.0.0 release.
This repository contains sets of example resources to be used with a declarative management strategy. Please familiarize yourself with the terminology in that document before reading on.
Starting with the 2.x version of this repositry, the focus is on using Cluster API paired with a varity of tools to support the full declarative approach for OpenShift Cluster provisioning / bootstrapping, upgrades and multi-cluster & multi-account management.
For managing clusters hosted on AWS, including Red Hat OpenShift on AWS (ROSA), we utilize CAPA as it nicely integrates and works together with CAPI.
Red Hat OpenShift GitOps may now play a role in the entire lifecycle of a cluster, and the entire deployment. Not only can be it be used to manage the content of an operational OpenShift cluster, but it can also be used as part of a management cluster setup to manage the targeted clusters mananged with CAPI.
As part of bootstrapping a new environment, there is a need to inject new content to allow for connectivity and initial setups for connecting tooling to talk to the cluster. This can be achieved in multiple ways - including running OpenShift GitOps in the cluster for a full content management, or using ClusterResourceSet to manage a minimal set of content in the even that an external content management system is used (e.g.: running OpenShift GitOps at a centralized management cluster).
Before applying any of the manifests to create a new cluster(s), the following prerequisites need to be met:
- A valid AWS account with full admin access
- A valid account for Red Hat Hybrid Cloud Console
- Steps 1-3 here to create the necessary VPC configuration and account and operator roles.
NOTE: Steps 1-3 from above will soon be replaced with declarative content within this repo. More to come on this soon...
In order to deploy a new OpenShift Cluster using CAPI, you will need a management cluster with the necessary CAPI and CAPA deployments in an operational state.
To get started, install the following tools on your local machine:
- AWS CLI
- clusterawsadm CLI tool
- clusterctl CLI tool
- kubectl and/or oc CLI tool
- helm
Run the following commands to prepare the environment and management cluster:
export KUBECONFIG=...
export AWS_REGION=...
export AWS_ACCESS_KEY_ID=...
export AWS_SECRET_ACCESS_KEY=...
export AWS_SESSION_TOKEN=... # (optional)
export AWS_B64ENCODED_CREDENTIALS=$(clusterawsadm bootstrap credentials encode-as-profile)
export EXP_ROSA="true"
export EXP_MACHINE_POOL="true"
clusterctl init --infrastructure aws
Apply customizations provided by this repo:
Optional: This step is needed if your mangement cluster is an OpenShift Cluster
helm template --release-name rosa-hcp charts/openshift-management | oc apply -f -
Make sure the CAPI pods are operational before running the next apply.
This can be done by checking the output of the following commands:
oc get pods -n capi-system
oc get pods -n capa-system
oc get pods -n capi-kubeadm-bootstrap-system
oc get pods -n capi-kubeadm-control-plane-system
Apply CAPI specific configurations needed to support the upcoming workloads:
helm template charts/capi-management | oc apply -f -
Run the following command to validate that everything is set up correctly, and ready for your first ROSA HCP cluster deployment with CAPI (all commands should return output containing the values in the grep part of the command):
oc get crd | grep rosa
oc get deployment -n capa-system capa-controller-manager -o yaml | grep ROSA=true
oc get deploy capi-controller-manager -n capi-system -o yaml | grep MachinePool=true
With the above steps from the Management Cluster done, it is now time to deploy the first (workload) cluster. For this first simple quickstart, that is done in two steps:
- Tweak the values in charts/rosa-capi/values.yaml
- run
helm template --release-name rosa-hcp --set ocmToken=jSDFsdfsdfSDF charts/rosa-capi | oc apply -f -
NOTE: Replace the rosa-hcp release name and OCM Token above with your own values - alternatively set your OCM Token in the values file. The OCM Token can be fetched from https://console.redhat.com/openshift/token/rosa.
Check the status of the the ROSAControlPlane deployment:
oc get rosacontrolplane <name-of-cluster>
Once the cluster shows state "READY" as "true", the cluster is available to access. Extract the kubeconfig and use it access the cluster:
oc get secrets <cluste-rname>-kubeconfig -o jsonpath='{.data.value}' | base64 -d > /tmp/rosa-capi.kubeconfig
export KUBECONFIG=/tmp/rosa-capi.kubeconfig
oc get nodes
coming soon...