Skip to content

Commit

Permalink
ocp4_workload_rhacm_cloud_credentials: add kubevirt support (#8852)
Browse files Browse the repository at this point in the history
acm hcp kubevirt secret ssh pubkey
  • Loading branch information
newgoliath authored Nov 26, 2024
1 parent 27cef09 commit 235a0ed
Show file tree
Hide file tree
Showing 4 changed files with 48 additions and 66 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,13 @@ silent: false
tmp_dir: /tmp/{{ guid }}
tmp_kubeconfig: "{{ tmp_dir }}/.kube/config"

# Common variables
ocp4_token: CHANGEME
ssh_privatekey: CHANGEME
ssh_publickey: CHANGEME

ocp4_workload_rhacm_cloud_credentials_namespace: open-cluster-management

# Azure Cloud credentials
az_acm_secret_name: azure-secret
# az_acm_secret_namespace: "open-cluster-management"
Expand All @@ -26,7 +33,6 @@ ocp4_base_domain: CHANGEME
# AWS ACM namespace (optional)
# aws_acm_secret_namespace: CHANGEME

# Common variables
ocp4_token: CHANGEME
ssh_privatekey: CHANGEME
ssh_publickey: CHANGEME
# kubevirt credentials
ocp4_workload_rhacm_cloud_credentials_kubevirt: false
ocp4_workload_rhacm_cloud_credentials_kubevirt_secret_name: kubevirt-secret
Original file line number Diff line number Diff line change
@@ -1,67 +1,11 @@
= ocp4_workload_lpe_automation_controller - automation_controller Workload Role
= ocp4_workload_rhacm_cloud_credentials

== Role overview

Deploys an instance of automation_controller on your cluster, into a new project or an existing project.
Create the Secrets necessary for RHACM to deploy clusters.

== Review the defaults variable file
Supports:

* This file link:./defaults/main.yml[./defaults/main.yml] contains all the variables you need to define to control the deployment of your workload.
* The variable *ocp_username* is mandatory to assign the workload to the correct OpenShift user.
* A variable *silent=True* can be passed to suppress debug messages.
* You can modify any of these default values by adding `-e "variable_name=variable_value"` to the command line

=== Deploy a Workload with the `ocp-workload` playbook [Mostly for testing]

----
TARGET_HOST="bastion.na39.openshift.opentlc.com"
OCP_USERNAME="mitsharm-redhat.com"
WORKLOAD="ocp4_workload_lpe_automation_controller"
GUID=1001
# a TARGET_HOST is specified in the command line, without using an inventory file
ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \
-e"ansible_ssh_private_key_file=~/.ssh/keytoyourhost.pem" \
-e"ansible_user=ec2-user" \
-e"ocp_username=${OCP_USERNAME}" \
-e"ocp_workload=${WORKLOAD}" \
-e"silent=False" \
-e"guid=${GUID}" \
-e"ACTION=create"
----

=== To Delete an environment

----
TARGET_HOST="bastion.na39.openshift.opentlc.com"
OCP_USERNAME="psrivast-redhat.com"
WORKLOAD="ocp4_workload_lpe_automation_controller"
GUID=1002
# a TARGET_HOST is specified in the command line, without using an inventory file
ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \
-e"ansible_ssh_private_key_file=~/.ssh/keytoyourhost.pem" \
-e"ansible_user=ec2-user" \
-e"ocp_username=${OCP_USERNAME}" \
-e"ocp_workload=${WORKLOAD}" \
-e"guid=${GUID}" \
-e"ACTION=remove"
----


== Other related information:

=== Deploy Workload on OpenShift Cluster from an existing playbook:

[source,yaml]
----
- name: Deploy a workload role on a master host
hosts: all
become: true
gather_facts: False
tags:
- step007
roles:
- { role: "{{ocp_workload}}", when: 'ocp_workload is defined' }
----
NOTE: You might want to change `hosts: all` to fit your requirements
* AWS
* Azure
* KubeVirt
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,17 @@
state: present
definition: "{{ lookup('template', './templates/azure_secret.j2' ) | from_yaml }}"

- when: ocp4_workload_rhacm_cloud_credentials_kubevirt | default(false) | bool
vars:
ocp4_workload_rhacm_cloud_credentials_kubevirt_pubkey: |
{{ hostvars.localhost.ssh_provision_pubkey_content |
default(hostvars.localhost.env_authorized_key_content_pub) }}
block:
- name: Create OpenShift objects for workload - KubeVirt
kubernetes.core.k8s:
state: present
definition: "{{ lookup('template', './templates/kubevirt_ns_and_secret.yaml.j2' ) | from_yaml_all }}"

# Leave this as the last task in the playbook.
- name: workload tasks complete
debug:
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: {{ ocp4_workload_rhacm_cloud_credentials_namespace }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ ocp4_workload_rhacm_cloud_credentials_kubevirt_secret_name }}
namespace: {{ ocp4_workload_rhacm_cloud_credentials_namespace }}
annotations:
labels:
cluster.open-cluster-management.io/credentials: ""
cluster.open-cluster-management.io/type: kubevirt
type: Opaque
data:
pullSecret: {{ ocp4_token | string | b64encode }}
ssh-publickey: |
{{ ocp4_workload_rhacm_cloud_credentials_kubevirt_pubkey |
string | b64encode }}

0 comments on commit 235a0ed

Please sign in to comment.