- Registered Domain in AWS with a Public Hosted Zone
- AWSCLI is installed and in PATH
- AWS User has Access Key credentials configured
- openshift-installer bindary in PATH from cloud.redhat.com
- Downloaded PullSecret from cloud.redhat.com for customer
- OC and Kubectl binaries are in PATH
- Using AWS Region us-east-1 - if you use another region, make sure it has 3 AZ. Set as your default in ~/.aws/config and update the AWS_DEFAULT_REGION in the .github/workflows/validate.yaml file
- Create working directory
cd; mkdir ocp4Install; cd ocp4Install
- Get the HostedZoneId for your domain and save this output to use later in parameters file. Replace
<domain name<
in the command below with your own domain name.
aws route53 list-hosted-zones-by-name --dns-name <domain name> --query 'HostedZones[0].Id' | cut -d/ -f3 |cut -d\" -f1
- Create SSH Keypair, start ssh-agent, and add keypair to agent. if you do not already have one for use.
ssh-keygen -t rsa -b 4096 -N '' -f ~/.ssh/id_rsa
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_rsa
- Create custom install file
openshift-install create install-config --dir=.
- Edit the install-config.yaml and lower worker replicas from 3 to 0
- Generate manifest files
openshift-install create manifests --dir=.
- Remove files that define control plane and worker nodes
rm -rf openshift/99_openshift-cluster-api_{master,worker}-machines*.yaml
- Create ignition files
openshift-install create ignition-configs --dir=.
- Extract infraID for use later with parameters file
grep infraID metadata.json |cut -d: -f4 |cut -d, -f1
- Create s3 DevopsBucket and Upload Bootstrap ignition. Make your own bucket name.
aws s3 mb s3://<devopsbucket>
aws s3 cp bootstrap.ign s3://<devopsbucket>/bootstrap.ign
- Clone this repo
git clone https://github.com/r3dact3d/rhocp4_aws.git
cd rhocp4_aws
- Upload Cloudformation cf-modules to DevopsBucket
aws s3 sync cf-modules s3://<devopsbucket>/cf-modules/
- If you don't already have a RHCOS AMI to use, list and pick one
aws ec2 describe-images --query 'sort_by(Images, &CreationDate)[*].[CreationDate,Name,ImageId]' --filters "Name=name,Values=rhcos*" --output table
- Create a new git branch and update params.json with parameters for your cluster *See Cloudformation Files section below* *NOTE: don't update certificate authorities here, that is updated next*
git checkout -b deploy/<new branch name>
- Update GitHub Secrets with your values *See GitHub Secrets section below*
- Create PR for approval and merge to master branch. This will kick off the GitHub Actions CI/CD pipeline. Watch progress of CloudFormation deployment either from AWS console or using AWS CLI*See GitHub Actions section below*
aws cloudformation describe-stacks --stack-name sandboxStack --query 'Stacks[*].StackStatus'
- Watch for successful bootstrapping of OCP Cluster
openshift-install wait-for bootstrap-complete --dir=. --log-level debug
- Get kube credentials
export KUBECONFIG=auth/kubeconfig
- Approve CSR
- CERTIFICATE_AUTHORITIES - This is found in master.ign
- AWS_ACCESS_KEY_ID - This is your key
- AWS_SECRET_ACCESS_KEY - This is your secret
- params.json - This is the parameters file that passes customizable params to the parent stack infra.yml
- infra.yml - This is in root directory and is the parent stack, it holds some parameters that can be modified that aren't in the parameters file.
- cf-modules - This directory holds the Cloudformation templates that create the different nested stacks that are called by infra.yml
- validate.aml - After updating pushing any changes to Master this will automatically start a pipeline to validate the template and create a parent stack with nested resources. Will need to edit this, to make specific stack name or change the AWS region.
- Add step in pipeline to put cf-modules in s3 bucket - needs to read DevopsBucket from params
- Add some kind of way to either create-stack or update-stack via GitHub Action
- Add creation of Public Hosted Zone -> HostedZoneId
Deploy 0.0.2