forked from openshift/release
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add rosa hcp cilium CNI support (openshift#49181)
* add hcp cilium support * update by comments * make job after rebase upstream * fix shell-check error * update description
- Loading branch information
Showing
15 changed files
with
385 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
6 changes: 6 additions & 0 deletions
6
ci-operator/step-registry/cucushift/hypershift-extended/cilium/OWNERS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
approvers: | ||
- LiangquanLi930 | ||
- heliubj18 | ||
reviewers: | ||
- LiangquanLi930 | ||
- heliubj18 |
87 changes: 87 additions & 0 deletions
87
...try/cucushift/hypershift-extended/cilium/cucushift-hypershift-extended-cilium-commands.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
#!/bin/bash | ||
|
||
set -xeuo pipefail | ||
|
||
export KUBECONFIG="${SHARED_DIR}/kubeconfig" | ||
if [[ -f "${SHARED_DIR}/nested_kubeconfig" ]]; then | ||
export KUBECONFIG="${SHARED_DIR}/nested_kubeconfig" | ||
fi | ||
|
||
# for rosa kubeadmin kubeconfig | ||
if [[ -f "${SHARED_DIR}/kubeconfig.kubeadmin" ]]; then | ||
export KUBECONFIG="${SHARED_DIR}/kubeconfig.kubeadmin" | ||
fi | ||
|
||
|
||
cilium_ns=$(oc get ns cilium --ignore-not-found) | ||
if [[ -z "$cilium_ns" ]]; then | ||
oc create ns cilium | ||
fi | ||
|
||
oc label ns cilium security.openshift.io/scc.podSecurityLabelSync=false pod-security.kubernetes.io/enforce=privileged pod-security.kubernetes.io/audit=privileged pod-security.kubernetes.io/warn=privileged --overwrite | ||
|
||
# apply isovalent cilium 1.14.5 CNI | ||
version="1.14.5" | ||
oc apply -f https://raw.githubusercontent.com/isovalent/olm-for-cilium/main/manifests/cilium.v${version}/cluster-network-03-cilium-ciliumconfigs-crd.yaml | ||
oc apply -f https://raw.githubusercontent.com/isovalent/olm-for-cilium/main/manifests/cilium.v${version}/cluster-network-06-cilium-00000-cilium-namespace.yaml | ||
oc apply -f https://raw.githubusercontent.com/isovalent/olm-for-cilium/main/manifests/cilium.v${version}/cluster-network-06-cilium-00001-cilium-olm-serviceaccount.yaml | ||
oc apply -f https://raw.githubusercontent.com/isovalent/olm-for-cilium/main/manifests/cilium.v${version}/cluster-network-06-cilium-00002-cilium-olm-deployment.yaml | ||
oc apply -f https://raw.githubusercontent.com/isovalent/olm-for-cilium/main/manifests/cilium.v${version}/cluster-network-06-cilium-00003-cilium-olm-service.yaml | ||
oc apply -f https://raw.githubusercontent.com/isovalent/olm-for-cilium/main/manifests/cilium.v${version}/cluster-network-06-cilium-00004-cilium-olm-leader-election-role.yaml | ||
oc apply -f https://raw.githubusercontent.com/isovalent/olm-for-cilium/main/manifests/cilium.v${version}/cluster-network-06-cilium-00005-cilium-olm-role.yaml | ||
oc apply -f https://raw.githubusercontent.com/isovalent/olm-for-cilium/main/manifests/cilium.v${version}/cluster-network-06-cilium-00006-leader-election-rolebinding.yaml | ||
oc apply -f https://raw.githubusercontent.com/isovalent/olm-for-cilium/main/manifests/cilium.v${version}/cluster-network-06-cilium-00007-cilium-olm-rolebinding.yaml | ||
oc apply -f https://raw.githubusercontent.com/isovalent/olm-for-cilium/main/manifests/cilium.v${version}/cluster-network-06-cilium-00008-cilium-cilium-olm-clusterrole.yaml | ||
oc apply -f https://raw.githubusercontent.com/isovalent/olm-for-cilium/main/manifests/cilium.v${version}/cluster-network-06-cilium-00009-cilium-cilium-clusterrole.yaml | ||
oc apply -f https://raw.githubusercontent.com/isovalent/olm-for-cilium/main/manifests/cilium.v${version}/cluster-network-06-cilium-00010-cilium-cilium-olm-clusterrolebinding.yaml | ||
oc apply -f https://raw.githubusercontent.com/isovalent/olm-for-cilium/main/manifests/cilium.v${version}/cluster-network-06-cilium-00011-cilium-cilium-clusterrolebinding.yaml | ||
|
||
PODCIDR=$(oc get network cluster -o jsonpath='{.spec.clusterNetwork[0].cidr}') | ||
HOSTPREFIX=$(oc get network cluster -o jsonpath='{.spec.clusterNetwork[0].hostPrefix}') | ||
export PODCIDR=$PODCIDR | ||
export HOSTPREFIX=$HOSTPREFIX | ||
|
||
echo ' | ||
apiVersion: cilium.io/v1alpha1 | ||
kind: CiliumConfig | ||
metadata: | ||
name: cilium | ||
namespace: cilium | ||
spec: | ||
debug: | ||
enabled: true | ||
k8s: | ||
requireIPv4PodCIDR: true | ||
logSystemLoad: true | ||
bpf: | ||
preallocateMaps: true | ||
etcd: | ||
leaseTTL: 30s | ||
ipv4: | ||
enabled: true | ||
ipv6: | ||
enabled: false | ||
identityChangeGracePeriod: 0s | ||
ipam: | ||
mode: "cluster-pool" | ||
operator: | ||
clusterPoolIPv4PodCIDRList: | ||
- "${PODCIDR}" | ||
clusterPoolIPv4MaskSize: "${HOSTPREFIX}" | ||
nativeRoutingCIDR: "${PODCIDR}" | ||
endpointRoutes: {enabled: true} | ||
clusterHealthPort: 9940 | ||
tunnelPort: 4789 | ||
cni: | ||
binPath: "/var/lib/cni/bin" | ||
confPath: "/var/run/multus/cni/net.d" | ||
chainingMode: portmap | ||
prometheus: | ||
serviceMonitor: {enabled: false} | ||
hubble: | ||
tls: {enabled: false} | ||
sessionAffinity: true | ||
' | envsubst > /tmp/ciliumconfig.json | ||
|
||
oc apply -f /tmp/ciliumconfig.json | ||
oc wait --for=condition=Ready pod -n cilium --all --timeout=5m |
13 changes: 13 additions & 0 deletions
13
...cushift/hypershift-extended/cilium/cucushift-hypershift-extended-cilium-ref.metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
{ | ||
"path": "cucushift/hypershift-extended/cilium/cucushift-hypershift-extended-cilium-ref.yaml", | ||
"owners": { | ||
"approvers": [ | ||
"LiangquanLi930", | ||
"heliubj18" | ||
], | ||
"reviewers": [ | ||
"LiangquanLi930", | ||
"heliubj18" | ||
] | ||
} | ||
} |
15 changes: 15 additions & 0 deletions
15
...gistry/cucushift/hypershift-extended/cilium/cucushift-hypershift-extended-cilium-ref.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
ref: | ||
as: cucushift-hypershift-extended-cilium | ||
from_image: | ||
namespace: ocp | ||
name: "4.12" | ||
tag: upi-installer | ||
grace_period: 5m | ||
cli: latest | ||
commands: cucushift-hypershift-extended-cilium-commands.sh | ||
resources: | ||
requests: | ||
cpu: 100m | ||
memory: 100Mi | ||
documentation: |- | ||
install cilium CNI for the hosted cluster. In this case, the HostedCluster.spec.networking.networkType should be Other |
14 changes: 14 additions & 0 deletions
14
ci-operator/step-registry/osd-ccs/cluster/provision/admin-kubeconfig/OWNERS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
reviewers: | ||
- yasun1 | ||
- xueli181114 | ||
- yuwang-RH | ||
- tzhou5 | ||
- yingzhanredhat | ||
- yufchang | ||
- radtriste | ||
approvers: | ||
- yasun1 | ||
- xueli181114 | ||
- yuwang-RH | ||
- yufchang | ||
- radtriste |
16 changes: 16 additions & 0 deletions
16
...cluster/provision/admin-kubeconfig/osd-ccs-cluster-provision-admin-kubeconfig-commands.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
#!/bin/bash | ||
|
||
set -o nounset | ||
set -o errexit | ||
set -o pipefail | ||
|
||
trap 'CHILDREN=$(jobs -p); if test -n "${CHILDREN}"; then kill ${CHILDREN} && wait; fi' TERM | ||
|
||
# Log in | ||
OCM_VERSION=$(ocm version) | ||
OCM_TOKEN=$(cat "${CLUSTER_PROFILE_DIR}/ocm-token") | ||
echo "Logging into ${OCM_LOGIN_ENV} with offline token using ocm cli ${OCM_VERSION}" | ||
ocm login --url "${OCM_LOGIN_ENV}" --token "${OCM_TOKEN}" | ||
|
||
CLUSTER_ID=$(cat "${SHARED_DIR}/cluster-id") | ||
ocm get /api/clusters_mgmt/v1/clusters/${CLUSTER_ID}/credentials | jq -r .kubeconfig > "${SHARED_DIR}/kubeconfig.kubeadmin" |
21 changes: 21 additions & 0 deletions
21
...r/provision/admin-kubeconfig/osd-ccs-cluster-provision-admin-kubeconfig-ref.metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
{ | ||
"path": "osd-ccs/cluster/provision/admin-kubeconfig/osd-ccs-cluster-provision-admin-kubeconfig-ref.yaml", | ||
"owners": { | ||
"approvers": [ | ||
"yasun1", | ||
"xueli181114", | ||
"yuwang-RH", | ||
"yufchang", | ||
"radtriste" | ||
], | ||
"reviewers": [ | ||
"yasun1", | ||
"xueli181114", | ||
"yuwang-RH", | ||
"tzhou5", | ||
"yingzhanredhat", | ||
"yufchang", | ||
"radtriste" | ||
] | ||
} | ||
} |
15 changes: 15 additions & 0 deletions
15
...cs/cluster/provision/admin-kubeconfig/osd-ccs-cluster-provision-admin-kubeconfig-ref.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
ref: | ||
as: osd-ccs-cluster-provision-admin-kubeconfig | ||
from: cli-ocm | ||
grace_period: 10m | ||
commands: osd-ccs-cluster-provision-admin-kubeconfig-commands.sh | ||
resources: | ||
requests: | ||
cpu: 100m | ||
memory: 300Mi | ||
env: | ||
- name: OCM_LOGIN_ENV | ||
default: "staging" | ||
documentation: The environment for ocm login. The supported values are [production, staging]. | ||
documentation: |- | ||
Using ocm cli to get kubeadmin kubeconfig |
20 changes: 20 additions & 0 deletions
20
ci-operator/step-registry/rosa/aws/sts/hypershift/cilium/OWNERS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
reviewers: | ||
- yasun1 | ||
- xueli181114 | ||
- yuwang-RH | ||
- tzhou5 | ||
- yingzhanredhat | ||
- yufchang | ||
- jtaleric | ||
- svetsa-rh | ||
- radtriste | ||
- heliubj18 | ||
approvers: | ||
- yasun1 | ||
- xueli181114 | ||
- yuwang-RH | ||
- yufchang | ||
- jtaleric | ||
- svetsa-rh | ||
- radtriste | ||
- heliubj18 |
27 changes: 27 additions & 0 deletions
27
...stry/rosa/aws/sts/hypershift/cilium/rosa-aws-sts-hypershift-cilium-workflow.metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
{ | ||
"path": "rosa/aws/sts/hypershift/cilium/rosa-aws-sts-hypershift-cilium-workflow.yaml", | ||
"owners": { | ||
"approvers": [ | ||
"yasun1", | ||
"xueli181114", | ||
"yuwang-RH", | ||
"yufchang", | ||
"jtaleric", | ||
"svetsa-rh", | ||
"radtriste", | ||
"heliubj18" | ||
], | ||
"reviewers": [ | ||
"yasun1", | ||
"xueli181114", | ||
"yuwang-RH", | ||
"tzhou5", | ||
"yingzhanredhat", | ||
"yufchang", | ||
"jtaleric", | ||
"svetsa-rh", | ||
"radtriste", | ||
"heliubj18" | ||
] | ||
} | ||
} |
Oops, something went wrong.