40393cd4cc
- sample --> samples - example --> samples - test --> tests Signed-off-by: Puneet Punamiya <ppunamiy@redhat.com> |
||
---|---|---|
.. | ||
samples | ||
openshift-install.yaml | ||
README.md |
OpenShift Provisioning
The following task helps you to provision the Openshift cluster using the Installer Provided Infrastructure on the desired cloud platform. Supported cloud platforms are :-
- AWS
- GCP
Guide to provision a cluster on AWS can be found here and for GCP can be found here
OpenShift-Create
The following task is used to create the cluster.
Install the Task
kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/task/openshift-install/0.1/openshift-install.yaml
Parameters
- PLATFORM: The cloud platform where you want to create your openshift cluster (accepted values are
aws
andgcp
). - BASE_DOMAIN: The base domain of the cloud provider.
- CLUSTER_NAME: The desired name of the cluster.
- REPLICAS: Required replicas for the cluster.
- REGION: The region to deploy your cluster in.
- PROJECT_ID: The project id is required in case of deploying at google cloud platform (
gcp
). - OPENSHIFT_INSTALLER_IMAGE: OpenShift installer base image for UPI installation (default: quay.io/openshift/origin-upi-installer:4.4)
Workspaces
-
secrets: A workspace that consists of credentials required by the cloud provider as a service account which needs to be mounted to their default path as required by the cluster.
-
install-dir: The
PersistentVolume
workspace which will contain all the files generated by theopenshift-install
which later can be used at the time of destroying the cluster.
Secrets
-
The pull secret is obtained from the Pull Secret page on the Red Hat OpenShift Cluster Manager site by selecting the appropriate
Infrastructure Cloud Provider
and installation type asInstaller-provisioned infrastructure
. You can use this pull secret to authenticate with the services that are provided by the included authorities. -
The public ssh key used for password-less authentication. The public ssh key can be generated by:
ssh-keygen -y -f ~/.ssh/openshift-dev.pem > ~/.ssh/openshift-dev.pub
or
ssh-keygen -t rsa -b 4096 -C "<email id>"
and then the public key can be obtained by
cat ~/.ssh/openshift-dev.pub
Usage
Taking example of AWS :-
- Create the PVC
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: install-dir
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
- Create the secrets (taking an example of mouting AWS credentials and config)
apiVersion: v1
kind: Secret
metadata:
name: openshift-install
type: Opaque
stringData:
pull-secret: $(pull-secret)
public-ssh-key: $(public-ssh-key)
The secrets for the respected cloud platform can be mounted as (taking aws
as an example):-
apiVersion: v1
kind: Secret
metadata:
name: aws-credentials
type: Opaque
stringData:
credentials: |-
[profile-name]
aws_access_key_id = $(access-key-id)
aws_secret_access_key = $(secret-access-key)
[default]
aws_access_key_id = $(access-key-id)
aws_secret_access_key = $(secret-access-key)
config: |-
[profile profile-name]
region = $(region)
output = json
- Creating
TaskRun
for the OpenShift Create:
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
name: install-run
spec:
taskRef:
name: openshift-install
params:
- name: PLATFORM
value: aws
- name: CLUSTER_NAME
value: test-cluster
- name: BASE_DOMAIN
value: devcluster.openshift.com
- name: REPLICAS
value: 3
- name: REGION
value: us-east-2
workspaces:
- name: install-dir
persistentvolumeclaim:
claimName: install-dir
- name: secrets
secret:
secretName: aws-credentials
NOTE
- To access the cluster created in other tasks we need to use the same
Workspace
and keep theworkingDir: $(workspaces.workspaces-name.path)
and to login into the cluster in the next Tekton Task do the following :-
and to get the URL for OpenShift webconsole do the following :-export KUBECONFIG=auth/kubeconfig
cat auth/webaccess