Skip to content

Instantly share code, notes, and snippets.

@afflom

afflom/1. Instructions.md

Last active January 25, 2021 22:37
Show Gist options
  • Save afflom/794f360fe47da48ff1cdbcf298430150 to your computer and use it in GitHub Desktop.
Save afflom/794f360fe47da48ff1cdbcf298430150 to your computer and use it in GitHub Desktop.
Download ZIP
OCP Disconnected Installs
Raw
1. Instructions.md

  1. Download and compress bundle on internet connected machine

    podman run -it --security-opt label=disable -v ./:/app/bundle quay.io/redhatgov/openshift4_mirror:latest     ./openshift_mirror bundle \
  --openshift-version 4.6.3 \
  --platform aws \ 
  --skip-existing \ #  skip downloading content that already exists on disk
  --skip-catalogs \ # This demo assumes operator catalog upload as day two operation.
  --pull-secret '{"auths":{"cloud.openshift.com":{"auth":"b3Blb...' # Mind the literals here. Get pull secret from https://cloud.redhat.com/openshift/install/aws/installer-provisioned
mkdir ./4.6.3/config
curl -L https://gist.githubusercontent.com/afflom/794f360fe47da48ff1cdbcf298430150/raw/0698aecf33ea01b522bfcaddd9fd0d349fb71428/install-config-template.yaml -o ./4.6.3/config-template/install-config.yaml
git clone https://github.com/afflom/OCP4.6.x-Helpers.git ./4.6.3/OCP4.6.x-Helpers
curl -L https://gist.githubusercontent.com/afflom/794f360fe47da48ff1cdbcf298430150/raw/88824ece3fbb532cea275eefae93c0e98e363dd0/operator-credentials-template.yaml -o ./4.6.3/config-template/operator-credentials-template.yaml
tar -zcvf openshift-4-6-3.tar.gz 4.6.3

  2. Transfer bundle from internet connected machine to disconnected vpc host

  3. Extract bundle on disconnected vpc host

    tar -xzxf openshift-4-6-3.tar.gz

  4. Create registry cert on disconnected vpc host

    export SUBJ="/C=US/ST=Virginia/O=Red Hat/CN=${HOSTNAME}"
openssl req -newkey rsa:4096 -nodes -sha256 -keyout registry.key -x509 -days 365 -out registry.crt -subj "$SUBJ"

  5. create iam users and Policies

    cd ./4.6.3/OCP4.6.x-Helpers/policy-templates
chmod +x ../ocp-users.sh
../ocp-users.sh prepPolicies
../ocp-users.sh createUsers
cat account_names.txt

  6. Using the output from the previous command, identify the new accounts and utilize your preferred method for generating and retrieving associated access ids and keys.

  7. Open and update the following file with the key id and key for each respective account.

    vi ~/

  8. create the RH CoreOS ami

  9. start up the registry

oc image serve --dir=$PWD/4.6.3/release/ --tls-crt=registry.crt --tls-key=registry.key

  1. Create install config

  2. create manifests from install config

  3. Delete admin credentials

Raw
install-config-template.yaml
apiVersion: v1
baseDomain: << Domain Name >>
credentialsMode: Manual
additionalTrustBundle: |
-----BEGIN CERTIFICATE-----
MIIFtTCCA52gAwIBAgIUATPXseBaaRHE0Mgybh29VgOyZBUwDQYJKoZIhvcNAQEL
-----END CERTIFICATE-----
imageContentSources:
- mirrors:
- << registry-hostname >>:5000/openshift/release
source: quay.io/openshift-release-dev/ocp-release
- mirrors:
- << registry-hostname >>:5000/openshift/release
source: registry.svc.ci.openshift.org/ocp/release
- mirrors:
- << registry-hostname >>:5000/openshift/release
source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
controlPlane:
architecture: amd64
hyperthreading: Enabled
name: master
platform: {}
replicas: 3
compute:
- architecture: amd64
hyperthreading: Enabled
name: worker
platform:
aws:
type: m5.xlarge
replicas: 3
metadata:
name: << Cluster Name >>
networking:
clusterNetwork:
- cidr: 10.128.0.0/14
hostPrefix: 23
machineNetwork:
- cidr: << Subnet/CIDR 1 >>
- cidr: << Subnet/CIDR 2 >>
- cidr: << Subnet/CIDR 3 >>
networkType: OpenShiftSDN
serviceNetwork:
- 172.30.0.0/16
platform:
aws:
region: << AWS Region Name >>
zones:
- << Availability Zone Name 1 >>
- << Availability Zone Name 2 >>
- << Availability Zone Name 3 >>
subnets:
- << Subnet ID 1 >>
- << Subnet ID 1 >>
- << Subnet ID 1 >>
amiID: << Your RHCOS AMI ID >>
pullSecret: '<< Your Pull Secret Here >>'
sshKey: << Your SSH KEY HERE >>
fips: false
publish: Internal
Raw
operator-credentials-template.yaml
apiVersion: v1
kind: Secret
metadata:
namespace: openshift-cluster-csi-drivers
name: ebs-cloud-credentials
stringData:
aws_access_key_id: << key id >>
aws_secret_access_key: << access key >>
---
apiVersion: v1
kind: Secret
metadata:
namespace: openshift-cloud-credential-operator
name: cloud-credential-operator-iam-ro-creds
stringData:
aws_access_key_id: << key id >>
aws_secret_access_key: << access key >>
---
apiVersion: v1
kind: Secret
metadata:
namespace: openshift-cloud-credential-operator
name: cloud-credential-operator-s3-creds
stringData:
aws_access_key_id: << key id >>
aws_secret_access_key: << access key >>
---
apiVersion: v1
kind: Secret
metadata:
namespace: openshift-image-registry
name: installer-cloud-credentials
stringData:
aws_access_key_id: << key id >>
aws_secret_access_key: << access key >>
---
apiVersion: v1
kind: Secret
metadata:
namespace: openshift-ingress-operator
name: cloud-credentials
stringData:
aws_access_key_id: << key id >>
aws_secret_access_key: << access key >>
---
apiVersion: v1
kind: Secret
metadata:
namespace: openshift-machine-api
name: aws-cloud-credentials
stringData:
aws_access_key_id: << key id >>
aws_secret_access_key: << access key >>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment