# OpenShift Provisioning

The following task helps you to provision the Openshift cluster using the Installer Provided Infrastructure on the desired cloud platform. Supported cloud platforms are :-

- AWS
- GCP

Guide to provision a cluster on AWS can be found [here](https://docs.openshift.com/container-platform/4.3/installing/installing_aws/installing-aws-customizations.html) and for GCP can be found [here](https://docs.openshift.com/container-platform/4.3/installing/installing_gcp/installing-gcp-customizations.html)


## `OpenShift-Destroy`

### **Install the Task**

```
kubectl apply -f https://api.hub.tekton.dev/v1/resource/tekton/task/openshift-uninstall/0.1/raw
```

### **Workspaces**

- **install-dir**: The `PersistentVolume` workspace which will contain all the files generated by the `openshift-install` which later can be used at the time of destroying the cluster.

### **Parameters**

- **OPENSHIFT_INSTALLER_IMAGE**: OpenShift installer base image for UPI installation (_default_: quay.io/openshift/origin-upi-installer:4.6)

## Platforms

The Task can be run on `linux/amd64` platform.

## Usage

Taking example of AWS :-

1. Create the PVC

```
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: install-dir
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 2Gi
```

2. Create the secrets (taking an example of mouting AWS credentials and config)

```
apiVersion: v1
kind: Secret
metadata:
  name: openshift-install
type: Opaque
stringData:
  pull-secret: $(pull-secret)
  public-ssh-key: $(public-ssh-key)
```

The secrets for the respected cloud platform can be mounted as (taking `aws` as an example):-

```
apiVersion: v1
kind: Secret
metadata:
  name: aws-credentials
type: Opaque
stringData:
  credentials: |-
    [profile-name]
    aws_access_key_id     = $(access-key-id)
    aws_secret_access_key = $(secret-access-key)
    [default]
    aws_access_key_id     = $(access-key-id)
    aws_secret_access_key = $(secret-access-key)
  config: |-
    [profile profile-name]
    region = $(region)
    output = json
```

3. Creating `TaskRun` for the OpenShift Create:

```
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
  name: install-run
spec:
  taskRef:
    name: openshift-install
  params:
    - name: PLATFORM
      value: aws
    - name: CLUSTER_NAME
      value: test-cluster
    - name: BASE_DOMAIN
      value: devcluster.openshift.com
    - name: REPLICAS
      value: 3
    - name: REGION
      value: us-east-2
  workspaces:
    - name: install-dir
      persistentvolumeclaim:
        claimName: install-dir
    - name: secrets
      secret:
        secretName: aws-credentials
```

**_NOTE_**

- To access the cluster created in other tasks we need to use the same `Workspace` and keep the `workingDir: $(workspaces.workspaces-name.path)` and to login into the cluster in the next Tekton Task do the following :-
  ```
  export KUBECONFIG=auth/kubeconfig
  ```
  and to get the URL for OpenShift webconsole do the following :-
  ```
  cat auth/webaccess
  ```
- In order to destroy the cluster, it is mandatory to keep the volume which is used at the time of creating the cluster, else deletion of cluster will not be possible. This is because volume contains neccesary files that we get once we get the cluster created and these files are required during deletion of the cluster.