Skip to content

Automated way to deploy and destroy OCP4.x IPI to AWS

License

Notifications You must be signed in to change notification settings

r3dact3d/OCP4-Deploy

Repository files navigation

Repo for deploying OCP to AWS

Note
Please fork or clone this repository so that you can use your own GitHub Secrets and workflow.

Overview

This repository provides the necessary scripts and instructions for deploying OpenShift clusters on AWS. It is designed for system administrators and DevOps engineers who are familiar with AWS and OpenShift environments.

Deployment Workflow

Deploying OpenShift 4.x

  1. Prerequisites:

    1. Ensure that all GitHub Repository Secrets are created and up-to-date (repository secrets only, no environment secrets required).

    2. Review and understand each secret required for deployment listed in the Configuration Secrets section.

  2. Deployment Steps:

    1. Click the 'Deploy' button below to initiate the deployment workflow.

    2. Monitor the workflow progress and verify deployment via the AWS and OpenShift consoles.

badge

Prerequisites and Requirements

Ensure you have the following before starting the deployment:

  • Access to an AWS account with administrative privileges.

  • A GitHub account for fork or clone operations.

  • Basic understanding of YAML and shell scripting.

Configuration Secrets

Here’s a list of all required GitHub secrets for the deployment:

Note
There are multiple places to create secrets in GitHub, be sure to the Actions and Repository Secrets like this path link: OCP4-Deploy/settings/secrets/actions
  • OCP_ADMIN_USER: Cluster admin username.

  • OCP_ADMIN_PASS: Cluster admin password.

  • OCP_DEV_USER: Development user username.

  • OCP_DEV_PASS: Development user password.

  • OCP_BASE_DOMAIN: Top-level domain for Route53, does not require a leading dot.

  • OCP_CLUSTER_NAME: Name of the OpenShift cluster.

  • OCP_CLIENT_VERSION: OpenShift client version, e.g., "4", "4.7", or "4.9.9".

  • RED_HAT_PULLSECRET: Red Hat credentials for accessing Red Hat repositories. link: Pull Secret

  • AWS_ACCESS_KEY_ID: AWS Access Key.

  • AWS_SECRET_ACCESS_KEY: AWS Secret Access Key.

  • AWS_REGION: AWS Region where the cluster will be deployed.

Actions

Running Deploy workflow will automatically kick off.

  1. Perform AWS IPI

  2. Creates an Artifact for Destroy

    1. You can download artifact if needed from GitHub Actions > Runs

    2. Double check your retention period for Artifacts

  3. Setup HTPasswd IDP

    1. Uses CLUSTER_ADMIN and ADMIN_PASS

    2. Uses DEV_PASS for andrew the developer

  4. Install GitOps Operator

    1. Sets admin password for console to ADMIN_PASS

  5. Adds MachineSet

    1. labels infra nodes

    2. labels control worker node for Automation Controller

  6. Enables cluster and machine autoscaling

    1. Creates cluster autoscaling config

    2. Creates autoscaling groups from workers and infra machines

  7. Creates an S3 bucket for AAP and the namespace for the operator

On completion of Deploy workflow, the GitOps-Tasks workflow will automatically start.

  1. Update with Day2 and Applications appset pointing to examples

Important

  • During the deploy workflow the artifacts describing the AWS resources that are deployed are needed for the destroy workflow.

  • The artifacts are uploaded for only 90 days and will need to be manually downloaded if it’s not planned to destroy the cluster within that retention period.

To destroy OCP4.x

  1. Click below Destroy button to use last saved artifact to destroy Openshift cluster and infra resources.

badge

This will kick off the destroy workflow, pulling the artifact from deploy workflow automatically and destroying the AWS resources.

Troubleshooting Common Issues

This section provides guidance on common issues that you might encounter during the deployment process, along with recommended solutions.

How to Contribute

We welcome contributions! Please submit issues, enhancements, and pull requests through GitHub. For major changes, please open an issue first to discuss what you would like to change.

Ensure to update tests as appropriate and maintain the quality of the deployment scripts.

TODO

  • Add node sizing templates

  • cost management operator

Note
GitHub IDP is disabled currently

GitHub IDP

  • GitHub IDP is used in this deploy, so a GitHub organization should be created

  • Add the clientSecret to GitHub Secrets as CLIENT_SECRET

  • Update the GitHub Organization name and clientID in idp-oauth.yaml file

About

Automated way to deploy and destroy OCP4.x IPI to AWS

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published