Repo for deploying OCP to AWS
Note
|
fork or clone repo so that you can use Your own GitHub Secrets and worklflow. |
Workflow
To deploy OCP4.x
-
Ensure GitHub Repository Secrets are created and up-to-date - (do not create environment secrets, do create repository secrets)
-
OCP_ADMIN_USER is the cluster admin username
-
OCP_ADMIN_PASS
-
OCP_DEV_USER
-
OCP_DEV_PASS
-
OCP_BASE_DOMAIN is the top level route53 domain and does NOT require a leading dot
-
OCP_CLUSTER_NAME
-
OCP_CLIENT_VERSION will be the version of OpenShift "4", "4.7", or "4.9.9"
-
RED_HAT_PULLSECRET is the required Red Hat creds for their repositories
-
AWS_ACCESS_KEY_ID is the AWS Access Key
-
AWS_SECRET_ACCESS_KEY is the AWS Secret Access key
-
AWS_REGION
-
-
Click Deploy button below and run workflow
Note
|
You can now check the Actions to watch/check the status of the deployment. |
Actions
Running Deploy workflow will automatically kick off.
-
Perform AWS IPI
-
Creates an Artifact for Destroy
-
You can download artifact if needed from GitHub Actions > Runs
-
Double check your retention period for Artifacts
-
-
Setup HTPasswd IDP
-
Uses CLUSTER_ADMIN and ADMIN_PASS
-
Uses DEV_PASS for andrew the developer
-
-
Install GitOps Operator
-
Sets admin password for console to ADMIN_PASS
-
-
Adds MachineSet for infra nodes
On completion of Deploy workflow, the GitOps-Tasks workflow will automatically start.
-
Creates argoCD applications from r3dact3d/gitops/main/blinker19/cluster.yaml
Important
-
During the deploy workflow the artifacts describing the AWS resources that are deployed are needed for the destroy workflow.
-
The artifacts are uploaded for only 90 days and will need to be manually downloaded if it’s not planned to destroy the cluster within that retention period.
TODO
-
Add node sizing templates
-
cost management operator
Note
|
GitHub IDP is disabled currently |
GitHub IDP
-
GitHub IDP is used in this deploy, so a GitHub organization should be created
-
Add the clientSecret to GitHub Secrets as CLIENT_SECRET
-
Update the GitHub Organization name and clientID in idp-oauth.yaml file