catalog/task/openshift-install/0.1/README.md

OpenShift Provisioning

The following task helps you to provision the Openshift cluster using the Installer Provided Infrastructure on the desired cloud platform. Supported cloud platforms are :-

• AWS
• GCP

Guide to provision a cluster on AWS can be found here and for GCP can be found here

OpenShift-Create

The following task is used to create the cluster.

Install the Task

kubectl apply -f https://api.hub.tekton.dev/v1/resource/tekton/task/openshift-install/0.1/raw

Parameters

• PLATFORM: The cloud platform where you want to create your openshift cluster (accepted values are aws and gcp).
• BASE_DOMAIN: The base domain of the cloud provider.
• CLUSTER_NAME: The desired name of the cluster.
• REPLICAS: Required replicas for the cluster.
• REGION: The region to deploy your cluster in.
• PROJECT_ID: The project id is required in case of deploying at google cloud platform (gcp).
• OPENSHIFT_INSTALLER_IMAGE: OpenShift installer base image for UPI installation (default: quay.io/openshift/origin-upi-installer:4.6)

Workspaces

• secrets: A workspace that consists of credentials required by the cloud provider as a service account which needs to be mounted to their default path as required by the cluster.

• install-dir: The PersistentVolume workspace which will contain all the files generated by the openshift-install which later can be used at the time of destroying the cluster.

Secrets

• The pull secret is obtained from the Pull Secret page on the Red Hat OpenShift Cluster Manager site by selecting the appropriate Infrastructure Cloud Provider and installation type as Installer-provisioned infrastructure. You can use this pull secret to authenticate with the services that are provided by the included authorities.

• The public ssh key used for password-less authentication. The public ssh key can be generated by:

  ssh-keygen -y -f ~/.ssh/openshift-dev.pem > ~/.ssh/openshift-dev.pub
  

  or

  ssh-keygen -t rsa -b 4096 -C "<email id>"
  

  and then the public key can be obtained by

  cat ~/.ssh/openshift-dev.pub
  

Platforms

The Task can be run on linux/amd64 platform.

Usage

Taking example of AWS :-

1. Create the PVC

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: install-dir
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 2Gi

2. Create the secrets (taking an example of mouting AWS credentials and config)

apiVersion: v1
kind: Secret
metadata:
  name: openshift-install
type: Opaque
stringData:
  pull-secret: $(pull-secret)
  public-ssh-key: $(public-ssh-key)

The secrets for the respected cloud platform can be mounted as (taking aws as an example):-

apiVersion: v1
kind: Secret
metadata:
  name: aws-credentials
type: Opaque
stringData:
  credentials: |-
    [profile-name]
    aws_access_key_id     = $(access-key-id)
    aws_secret_access_key = $(secret-access-key)
    [default]
    aws_access_key_id     = $(access-key-id)
    aws_secret_access_key = $(secret-access-key)
  config: |-
    [profile profile-name]
    region = $(region)
    output = json

3. Creating TaskRun for the OpenShift Create:

apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
  name: install-run
spec:
  taskRef:
    name: openshift-install
  params:
    - name: PLATFORM
      value: aws
    - name: CLUSTER_NAME
      value: test-cluster
    - name: BASE_DOMAIN
      value: devcluster.openshift.com
    - name: REPLICAS
      value: 3
    - name: REGION
      value: us-east-2
  workspaces:
    - name: install-dir
      persistentvolumeclaim:
        claimName: install-dir
    - name: secrets
      secret:
        secretName: aws-credentials

NOTE

• To access the cluster created in other tasks we need to use the same Workspace and keep the workingDir: $(workspaces.workspaces-name.path) and to login into the cluster in the next Tekton Task do the following :-

  export KUBECONFIG=auth/kubeconfig
  

  and to get the URL for OpenShift webconsole do the following :-

  cat auth/webaccess