diff --git a/CLOUDFLARE.md b/CLOUDFLARE.md index 0a2aa98..0e01f0a 100644 --- a/CLOUDFLARE.md +++ b/CLOUDFLARE.md @@ -11,7 +11,7 @@ This deployment automation uses the Cloudflare Managed DNS service. This domain name (in its "base domain" form) will be used later as a value for the `cluster_basedomain` variable in the Terraform configuration. ```console - Example of the cluster_basedomain value: "domain.com" + Example of the cluster_basedomain value: "example.com" ``` 1. Create Cloudflare account @@ -32,22 +32,12 @@ This deployment automation uses the Cloudflare Managed DNS service. 1. Copy the API key - On the same page as above click on the “Get your API token” link. + Follow the directions on to create an API Token for use with this zone. - You will be presented with the “API Token” tab from the “My Profile” page, click the “View” button at the “Global API key”. - - Save this key value, it will be used later as value of the `dns_options` `api_key` option in the Terraform configuration. - - ```console - Example of the cf_api_key parameter value: "65ca543659011ba2a13b2ab06dab12c158bcb" - ``` - -1. Copy email address - - On the page above, change to the “Communication” page and save the “Email Address” value, it will be used later as the `dns_options` `email` option in the Terraform configuration. + Save this key value. You will use it in your Terraform environment by defining it as `CLOUDFLARE_API_TOKEN` in the environment. ```console - Example of the cf_email parameter value: "me@mywork.org" + Example of the cf_api_token parameter value: "65ca543659011ba2a13b2ab06dab12c158bcb" ``` [Top](README.md) diff --git a/EQUINIX.md b/EQUINIX.md index f532000..09a2b49 100644 --- a/EQUINIX.md +++ b/EQUINIX.md @@ -1,8 +1,8 @@ # Equinix Metal -1. Sign up for a Equinix Metal account at https://console.equinix.com/signup +1. Sign up for a Equinix Metal account at -2. Follow the wizard **"Getting Started with Equinix Metal"** at https://console.equinix.com/getting-started/overview that guides you through creating a project. +2. Follow the wizard **"Getting Started with Equinix Metal"** at that guides you through creating a project. **IMPORTANT:** @@ -10,20 +10,22 @@ Using the Equinix Metal [web portal](https://console.equinix.com/), upload one o These keys will be automatically added (to `.ssh/authorized_keys`) on every server created by you on Equinix Metal. These keys must be generated for every SSH client you will be using to access these servers. -See details at https://metal.equinix.com/developers/docs/servers/key-features/ssh-keys/ +See details at One of these SSH keys must be generated in the host system used for driving the deployment. Copy location and names of these SSH key files on that system, they will be used later as values for `ssh_private_key_path` and `ssh_public_key_path` variables in the Terraform configuration. -3. After the project has been created, navigate to its *"Project Settings"*, and at the *"General"* tab locate the project ID, copy it as is, it will be used later as a value for the `project_id` variable in the Terraform configuration. +3. After the project has been created, navigate to its *"Project Settings"*, and at the *"General"* tab locate the project ID, copy it as is, it will be used later as a value for the `metal_project_id` variable in the Terraform configuration. ``` -Example of the project_id value: "e36a901f-d5e1-28e1-0f21-efb1c3676d89" +Example of the metal_project_id value: "e36a901f-d5e1-28e1-0f21-efb1c3676d89" ``` -4. Create a single API key, either from either your *"Personal Settings"* or from your project *"Project Settings"*, give it a descriptive name and *"Read/Write"* permissions. Copy this key's token value as is, it will be used later as a value for the `auth_token` variable in the Terraform configuration. +4. Create a single API key, either from either your *"Personal Settings"* or from your project *"Project Settings"*, give it a descriptive name and *"Read/Write"* permissions. Copy this key's token value as is, it will be used later as a value for the `metal_auth_token` variable in the Terraform configuration. + +See details at ``` -Example of the auth_token value: "atBncno1a8ipxEYAKNTpuFp7CyyDDZVA" +Example of the metal_auth_token value: "atBncno1a8ipxEYAKNTpuFp7CyyDDZVA" ``` Next, follow [this](CLOUDFLARE.md) diff --git a/README.md b/README.md index 9200546..7211822 100644 --- a/README.md +++ b/README.md @@ -28,22 +28,27 @@ cd terraform-metal-openshift 1. Follow [this](EQUINIX.md) to configure your Equinix Metal project and collect required parameters. -1. Follow [this](CLOUDFLARE.md) to configure your Cloudflare account and collect required parameters. +1. Follow [this](CLOUDFLARE.md) to configure your Cloudflare account and collect required parameters (AWS and Linode DNS options are also available). 1. [Obtain an OpenShift Cluster Manager API Token](https://cloud.redhat.com/openshift/token) for pullSecret generation. 1. Configure TF_VARs applicable to your Equinix Metal project, DNS settings, and OpenShift API Token: ```bash - export TF_VAR_project_id="kajs886-l59-8488-19910kj" - export TF_VAR_auth_token="lka6702KAmVAP8957Abny01051" + export TF_VAR_metal_project_id="fake-uuid-4159-8488-19910kj" + export TF_VAR_metal_auth_token="faketokenAP8957Abny01051" + ``` + + If you have the [Metal CLI](https://deploy.equinix.com/labs/metal-cli) installed, you can use `eval $(metal env --export -o terraform)` to use the token and project configured for use by Metal CLI. + ```bash export TF_VAR_cluster_basedomain="domain.com" - export TF_VAR_ocp_cluster_manager_token="eyJhbGc...d8Agva" - export TF_VAR_dns_provider="cloudflare" # aws and linode are also supported - export TF_VAR_dns_options='{"email": "abc@xyz.com", "api_key": "...", "api_token": "..."}' # fields differ by DNS provider + export TF_VAR_ocp_cluster_manager_token="eyJhbGc...d8Agva" # https://cloud.redhat.com/openshift/token + export TF_VAR_dns_provider="cloudflare" # aws and linode are also offered ``` + Alternatively, copy `terraform.tfvars.example` to `terraform.tfvars` and modify the values in that file accordingly. + 1. Initialize and validate terraform: ```bash @@ -57,22 +62,120 @@ cd terraform-metal-openshift terraform apply ``` + The Terraform output will look like the following after a successful deployment: + + ```console + Apply complete! Resources: X added, 0 changed, 0 destroyed. + + Outputs: + + Information = < + ssh_private_key_file = "/Users/username/.ssh/id_rsa_mos-mx94n" + ssh_public_key = "ssh-rsa AAAA...==" + username = "kubeadm" + ``` + + To view this output later, use `terraform output`. + 1. Cleanup the boostrap node once provisioning and installation is complete by permanently (recommended) or temporarily setting `count_bootstrap=0` ```bash - terraform apply -var="count_bootstrap=0" + export TF_VAR_count_bootstrap=0 # use the terraform.tfvars file to persist this change + terraform apply ``` If you need to obtain your `kubeadmin` credentials at a later time: ```sh - terraform output + terraform output -raw password + ``` + +1. Login to the various nodes via SSH + + Bastion: + + ```sh + ssh -i $(terraform output -raw ssh_private_key_file) root@$(terraform output -raw bastion_ip) ``` -## Experimental Statement + Bootstrap Node: + + ```sh + ssh -i $(terraform output -raw ssh_private_key_file) core@$(terraform output -json openshift_bootstrap_ip | jq -r '.[0]') + ``` + + Three Control Plane Nodes (default, 0-2): + + ```sh + ssh -i $(terraform output -raw ssh_private_key_file) core@$(terraform output -json openshift_controlplane_ips | jq -r '.[0].[0]') # Change the last 0 for other nodes + ``` + + Two Worker Nodes (default, 0-1): + + ```sh + ssh -i $(terraform output -raw ssh_private_key_file) core@$(terraform output -json openshift_worker_ips | jq -r '.[0].[0]') # Change the last 0 for other nodes + ``` + +1. Access the console (MacOS, Linux) + + ```sh + open $(terraform output -raw console) + ``` + + You will have to navigate your browser settings to access the URL with an invalid certificate. + +1. View OpenShift nodes with Kubernetes CLI (`kubectl`) -This repository is [Experimental](https://github.com/packethost/standards/blob/master/experimental-statement.md)! + ```sh + % kubectl --kubeconfig $(terraform output -raw kubeconfig) get nodes + NAME STATUS ROLES AGE VERSION + master-0.mos.meyu.us Ready control-plane,master 6h28m v1.25.16+306a47e + master-1.mos.meyu.us Ready control-plane,master 6h28m v1.25.16+306a47e + master-2.mos.meyu.us Ready control-plane,master 6h28m v1.25.16+306a47e + worker-0.mos.meyu.us Ready worker 6h17m v1.25.16+306a47e + worker-1.mos.meyu.us Ready worker 6h14m v1.25.16+306a47e + ``` --- -1 As of OpenShift Container Platform 4.5 you can [deploy three-node clusters on bare metal](https://docs.openshift.com/container-platform/4.5/installing/installing_bare_metal/installing-bare-metal.html#installation-three-node-cluster_installing-bare-metal). Setting `count_compute=0` will support deployment of a 3-node cluster. [↩](#openshift-via-terraform-on-equinix-metal) +1 As of OpenShift Container Platform 4.12 you can [deploy three-node clusters on bare metal](https://docs.openshift.com/container-platform/4.12/installing/installing_bare_metal/installing-bare-metal.html#installing-bare-metal). Setting `count_compute=0` will support deployment of a 3-node cluster. [↩](#openshift-via-terraform-on-equinix-metal)