-
Notifications
You must be signed in to change notification settings - Fork 1.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
17 changed files
with
430 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
6 changes: 6 additions & 0 deletions
6
ci-operator/step-registry/cucushift/hypershift-extended/cilium/OWNERS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
approvers: | ||
- LiangquanLi930 | ||
- heliubj18 | ||
reviewers: | ||
- LiangquanLi930 | ||
- heliubj18 |
79 changes: 79 additions & 0 deletions
79
...try/cucushift/hypershift-extended/cilium/cucushift-hypershift-extended-cilium-commands.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
#!/bin/bash | ||
|
||
set -xeuo pipefail | ||
|
||
export KUBECONFIG="${SHARED_DIR}/kubeconfig" | ||
if [[ -f "${SHARED_DIR}/nested_kubeconfig" ]]; then | ||
export KUBECONFIG="${SHARED_DIR}/nested_kubeconfig" | ||
fi | ||
|
||
cilium_ns=$(oc get ns cilium --ignore-not-found) | ||
if [[ -z "$cilium_ns" ]]; then | ||
oc create ns cilium | ||
fi | ||
|
||
oc label ns cilium security.openshift.io/scc.podSecurityLabelSync=false pod-security.kubernetes.io/enforce=privileged pod-security.kubernetes.io/audit=privileged pod-security.kubernetes.io/warn=privileged --overwrite | ||
|
||
# apply isovalent cilium 1.14.5 CNI | ||
version="1.14.5" | ||
oc apply -f https://raw.githubusercontent.com/isovalent/olm-for-cilium/main/manifests/cilium.v${version}/cluster-network-03-cilium-ciliumconfigs-crd.yaml | ||
oc apply -f https://raw.githubusercontent.com/isovalent/olm-for-cilium/main/manifests/cilium.v${version}/cluster-network-06-cilium-00000-cilium-namespace.yaml | ||
oc apply -f https://raw.githubusercontent.com/isovalent/olm-for-cilium/main/manifests/cilium.v${version}/cluster-network-06-cilium-00001-cilium-olm-serviceaccount.yaml | ||
oc apply -f https://raw.githubusercontent.com/isovalent/olm-for-cilium/main/manifests/cilium.v${version}/cluster-network-06-cilium-00002-cilium-olm-deployment.yaml | ||
oc apply -f https://raw.githubusercontent.com/isovalent/olm-for-cilium/main/manifests/cilium.v${version}/cluster-network-06-cilium-00003-cilium-olm-service.yaml | ||
oc apply -f https://raw.githubusercontent.com/isovalent/olm-for-cilium/main/manifests/cilium.v${version}/cluster-network-06-cilium-00004-cilium-olm-leader-election-role.yaml | ||
oc apply -f https://raw.githubusercontent.com/isovalent/olm-for-cilium/main/manifests/cilium.v${version}/cluster-network-06-cilium-00005-cilium-olm-role.yaml | ||
oc apply -f https://raw.githubusercontent.com/isovalent/olm-for-cilium/main/manifests/cilium.v${version}/cluster-network-06-cilium-00006-leader-election-rolebinding.yaml | ||
oc apply -f https://raw.githubusercontent.com/isovalent/olm-for-cilium/main/manifests/cilium.v${version}/cluster-network-06-cilium-00007-cilium-olm-rolebinding.yaml | ||
oc apply -f https://raw.githubusercontent.com/isovalent/olm-for-cilium/main/manifests/cilium.v${version}/cluster-network-06-cilium-00008-cilium-cilium-olm-clusterrole.yaml | ||
oc apply -f https://raw.githubusercontent.com/isovalent/olm-for-cilium/main/manifests/cilium.v${version}/cluster-network-06-cilium-00009-cilium-cilium-clusterrole.yaml | ||
oc apply -f https://raw.githubusercontent.com/isovalent/olm-for-cilium/main/manifests/cilium.v${version}/cluster-network-06-cilium-00010-cilium-cilium-olm-clusterrolebinding.yaml | ||
oc apply -f https://raw.githubusercontent.com/isovalent/olm-for-cilium/main/manifests/cilium.v${version}/cluster-network-06-cilium-00011-cilium-cilium-clusterrolebinding.yaml | ||
|
||
|
||
PODCIDR=$(oc get network cluster -o jsonpath='{.spec.clusterNetwork[0].cidr}') | ||
HOSTPREFIX=$(oc get network cluster -o jsonpath='{.spec.clusterNetwork[0].hostPrefix}') | ||
echo 'apiVersion: cilium.io/v1alpha1 | ||
kind: CiliumConfig | ||
metadata: | ||
name: cilium | ||
namespace: cilium | ||
spec: | ||
debug: | ||
enabled: true | ||
k8s: | ||
requireIPv4PodCIDR: true | ||
logSystemLoad: true | ||
bpf: | ||
preallocateMaps: true | ||
etcd: | ||
leaseTTL: 30s | ||
ipv4: | ||
enabled: true | ||
ipv6: | ||
enabled: false | ||
identityChangeGracePeriod: 0s | ||
ipam: | ||
mode: "cluster-pool" | ||
operator: | ||
clusterPoolIPv4PodCIDRList: | ||
- "${PODCIDR}" | ||
clusterPoolIPv4MaskSize: "${HOSTPREFIX}" | ||
nativeRoutingCIDR: "${PODCIDR}" | ||
endpointRoutes: {enabled: true} | ||
clusterHealthPort: 9940 | ||
tunnelPort: 4789 | ||
cni: | ||
binPath: "/var/lib/cni/bin" | ||
confPath: "/var/run/multus/cni/net.d" | ||
chainingMode: portmap | ||
prometheus: | ||
serviceMonitor: {enabled: false} | ||
hubble: | ||
tls: {enabled: false} | ||
sessionAffinity: true | ||
' | envsubst > /tmp/ciliumconfig.json | ||
|
||
cat /tmp/ciliumconfig.json | ||
oc apply -f /tmp/ciliumconfig.json | ||
oc wait --for=condition=Ready pod -n cilium --all --timeout=5m |
13 changes: 13 additions & 0 deletions
13
...cushift/hypershift-extended/cilium/cucushift-hypershift-extended-cilium-ref.metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
{ | ||
"path": "cucushift/hypershift-extended/cilium/cucushift-hypershift-extended-cilium-ref.yaml", | ||
"owners": { | ||
"approvers": [ | ||
"LiangquanLi930", | ||
"heliubj18" | ||
], | ||
"reviewers": [ | ||
"LiangquanLi930", | ||
"heliubj18" | ||
] | ||
} | ||
} |
15 changes: 15 additions & 0 deletions
15
...gistry/cucushift/hypershift-extended/cilium/cucushift-hypershift-extended-cilium-ref.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
ref: | ||
as: cucushift-hypershift-extended-cilium | ||
from_image: | ||
namespace: ocp | ||
name: "4.12" | ||
tag: upi-installer | ||
grace_period: 5m | ||
cli: latest | ||
commands: cucushift-hypershift-extended-cilium-commands.sh | ||
resources: | ||
requests: | ||
cpu: 100m | ||
memory: 100Mi | ||
documentation: |- | ||
install cilium CNI for the hosted cluster. In this case, the HostedCluster.spec.networking.networkType should be Other |
14 changes: 14 additions & 0 deletions
14
ci-operator/step-registry/osd-ccs/cluster/provision/admin-kubeconfig/OWNERS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
reviewers: | ||
- yasun1 | ||
- xueli181114 | ||
- yuwang-RH | ||
- tzhou5 | ||
- yingzhanredhat | ||
- yufchang | ||
- radtriste | ||
approvers: | ||
- yasun1 | ||
- xueli181114 | ||
- yuwang-RH | ||
- yufchang | ||
- radtriste |
27 changes: 27 additions & 0 deletions
27
...cluster/provision/admin-kubeconfig/osd-ccs-cluster-provision-admin-kubeconfig-commands.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
#!/bin/bash | ||
|
||
set -o nounset | ||
set -o errexit | ||
set -o pipefail | ||
|
||
trap 'CHILDREN=$(jobs -p); if test -n "${CHILDREN}"; then kill ${CHILDREN} && wait; fi' TERM | ||
|
||
# Obtain aws credentials | ||
AWSCRED="${CLUSTER_PROFILE_DIR}/.awscred" | ||
if [[ -f "${AWSCRED}" ]]; then | ||
AWS_ACCOUNT_ID=$(cat "${AWSCRED}" | grep aws_account_id | tr -d ' ' | cut -d '=' -f 2) | ||
AWS_ACCESS_KEY_ID=$(cat "${AWSCRED}" | grep aws_access_key_id | tr -d ' ' | cut -d '=' -f 2) | ||
AWS_SECRET_ACCESS_KEY=$(cat "${AWSCRED}" | grep aws_secret_access_key | tr -d ' ' | cut -d '=' -f 2) | ||
else | ||
echo "Did not find compatible cloud provider cluster_profile" | ||
exit 1 | ||
fi | ||
|
||
# Log in | ||
OCM_VERSION=$(ocm version) | ||
OCM_TOKEN=$(cat "${CLUSTER_PROFILE_DIR}/ocm-token") | ||
echo "Logging into ${OCM_LOGIN_ENV} with offline token using ocm cli ${OCM_VERSION}" | ||
ocm login --url "${OCM_LOGIN_ENV}" --token "${OCM_TOKEN}" | ||
|
||
CLUSTER_ID=$(cat "${SHARED_DIR}/cluster-id") | ||
ocm get /api/clusters_mgmt/v1/clusters/${CLUSTER_ID}/credentials | jq -r .kubeconfig > "${SHARED_DIR}/kubeconfig" |
23 changes: 23 additions & 0 deletions
23
...r/provision/admin-kubeconfig/osd-ccs-cluster-provision-admin-kubeconfig-ref.metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
{ | ||
"path": "osd-ccs/cluster/provision/admin-kubeconfig/osd-ccs-cluster-provision-admin-kubeconfig-ref.yaml", | ||
"owners": { | ||
"approvers": [ | ||
"yasun1", | ||
"xueli181114", | ||
"yuwang-RH", | ||
"yufchang", | ||
"radtriste", | ||
"heliubj18" | ||
], | ||
"reviewers": [ | ||
"yasun1", | ||
"xueli181114", | ||
"yuwang-RH", | ||
"tzhou5", | ||
"yingzhanredhat", | ||
"yufchang", | ||
"radtriste", | ||
"heliubj18" | ||
] | ||
} | ||
} |
16 changes: 16 additions & 0 deletions
16
...cs/cluster/provision/admin-kubeconfig/osd-ccs-cluster-provision-admin-kubeconfig-ref.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
ref: | ||
as: osd-ccs-cluster-provision-admin-kubeconfig | ||
from: cli-ocm | ||
grace_period: 10m | ||
commands: osd-ccs-cluster-provision-admin-kubeconfig-commands.sh | ||
resources: | ||
requests: | ||
cpu: 100m | ||
memory: 300Mi | ||
timeout: 2h0m0s | ||
env: | ||
- name: OCM_LOGIN_ENV | ||
default: "staging" | ||
documentation: The environment for ocm login. The supported values are [production, staging]. | ||
documentation: |- | ||
Using ocm cli to create an osd ccs AWS cluster with the provided cluster profile. The cluster profile should include the offline token ocm-token to login. |
20 changes: 20 additions & 0 deletions
20
ci-operator/step-registry/rosa/aws/sts/hypershift/cilium/OWNERS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
reviewers: | ||
- yasun1 | ||
- xueli181114 | ||
- yuwang-RH | ||
- tzhou5 | ||
- yingzhanredhat | ||
- yufchang | ||
- jtaleric | ||
- svetsa-rh | ||
- radtriste | ||
- heliubj18 | ||
approvers: | ||
- yasun1 | ||
- xueli181114 | ||
- yuwang-RH | ||
- yufchang | ||
- jtaleric | ||
- svetsa-rh | ||
- radtriste | ||
- heliubj18 |
27 changes: 27 additions & 0 deletions
27
...egistry/rosa/aws/sts/hypershift/cilium/rosa-aws-sts-hypershift-cilium-chain.metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
{ | ||
"path": "rosa/aws/sts/hypershift/cilium/rosa-aws-sts-hypershift-cilium-chain.yaml", | ||
"owners": { | ||
"approvers": [ | ||
"yasun1", | ||
"xueli181114", | ||
"yuwang-RH", | ||
"yufchang", | ||
"jtaleric", | ||
"svetsa-rh", | ||
"radtriste", | ||
"heliubj18" | ||
], | ||
"reviewers": [ | ||
"yasun1", | ||
"xueli181114", | ||
"yuwang-RH", | ||
"tzhou5", | ||
"yingzhanredhat", | ||
"yufchang", | ||
"jtaleric", | ||
"svetsa-rh", | ||
"radtriste", | ||
"heliubj18" | ||
] | ||
} | ||
} |
Oops, something went wrong.