From afe4a1e5c010731613eff1d62812bc635f9221bd Mon Sep 17 00:00:00 2001 From: Gus Parvin Date: Fri, 26 Apr 2024 08:12:16 -0400 Subject: [PATCH] Configure machine sets to work with multiple platforms, adding vmware This adds a vmware machine set that will help customers learn how to easily setup OPP in different environments. This setup is intended to work with the QE interop vmware environment. Feedback welcome on this since I don't have a vmware environment to directly work with. Signed-off-by: Gus Parvin --- .../openshift-plus-setup/ami-ids.yaml | 25 -- .../aws-machine-sets.yaml | 214 ------------------ .../openshift-plus-setup/machine-sets.yaml | 167 ++++++++++++++ .../openshift-plus-setup/machineset-1c.yaml | 66 ------ .../openshift-plus-setup/machineset-2c.yaml | 66 ------ .../openshift-plus-setup/policyGenerator.yaml | 9 +- .../subscription-admin.yaml | 15 -- 7 files changed, 168 insertions(+), 394 deletions(-) delete mode 100644 policygenerator/policy-sets/community/openshift-plus-setup/ami-ids.yaml delete mode 100644 policygenerator/policy-sets/community/openshift-plus-setup/aws-machine-sets.yaml create mode 100644 policygenerator/policy-sets/community/openshift-plus-setup/machine-sets.yaml delete mode 100644 policygenerator/policy-sets/community/openshift-plus-setup/machineset-1c.yaml delete mode 100644 policygenerator/policy-sets/community/openshift-plus-setup/machineset-2c.yaml delete mode 100644 policygenerator/policy-sets/community/openshift-plus-setup/subscription-admin.yaml diff --git a/policygenerator/policy-sets/community/openshift-plus-setup/ami-ids.yaml b/policygenerator/policy-sets/community/openshift-plus-setup/ami-ids.yaml deleted file mode 100644 index df54067a7..000000000 --- a/policygenerator/policy-sets/community/openshift-plus-setup/ami-ids.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -data: - us-east-1-4.16: ami-057df4d0cb8cbae0d - us-east-2-4.16: ami-0f736c64d5751d7d3 - us-east-1-4.15: ami-0b56cb92505dea7ed - us-east-2-4.15: ami-0b577c67f5371f6d1 - us-east-1-4.14: ami-0b56cb92505dea7ed - us-east-2-4.14: ami-0dc6c4d1bd5161f13 - us-east-1-4.13: ami-0624891c612b5eaa0 - us-east-2-4.13: ami-0dc6c4d1bd5161f13 - us-east-1-4.12: ami-0fe05b1aa8dacfa90 - us-east-2-4.12: ami-0ff64f495c7e977cf - us-east-1-4.11: ami-0722eb0819717090f - us-east-2-4.11: ami-026e5701f495c94a2 - us-east-1-4.10: ami-0c72f473496a7b1c2 - us-east-2-4.10: ami-09e637fc5885c13cc - replicas: "2" - instanceType: m6a.2xlarge - zone1: a - zone2: b - zone3: c -kind: ConfigMap -metadata: - name: aws-ocp-ami-ids - namespace: policies diff --git a/policygenerator/policy-sets/community/openshift-plus-setup/aws-machine-sets.yaml b/policygenerator/policy-sets/community/openshift-plus-setup/aws-machine-sets.yaml deleted file mode 100644 index e6c074958..000000000 --- a/policygenerator/policy-sets/community/openshift-plus-setup/aws-machine-sets.yaml +++ /dev/null @@ -1,214 +0,0 @@ -# This manifest creates 3 OpenShift MachineSets that are intended for installing OpenShift Cluster Storage on AWS. -# -# More details on installing OCS including the creation of the MachineSets is located here: -# https://red-hat-storage.github.io/ocs-training/training/ocs4/ocs.html#_scale_ocp_cluster_and_add_new_worker_nodes -# -# This policy contains an Amazon Machine Identifier which must be updated in the policy. Obtain the AMI id from: -# https://access.redhat.com/documentation/en-us/openshift_container_platform/4.12/html/installing/installing-on-aws#installation-aws-user-infra-rhcos-ami_installing-aws-user-infra -# -apiVersion: machine.openshift.io/v1beta1 -kind: MachineSet -metadata: - labels: - machine.openshift.io/cluster-api-cluster: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}' - machine.openshift.io/cluster-api-machine-role: workerocs - machine.openshift.io/cluster-api-machine-type: workerocs - name: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-workerocs-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region }}{{ fromConfigMap "policies" "aws-ocp-ami-ids" "zone1" }}' - namespace: openshift-machine-api -spec: - replicas: '{{ fromConfigMap "policies" "aws-ocp-ami-ids" "replicas" | toInt }}' - selector: - matchLabels: - machine.openshift.io/cluster-api-cluster: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}' - machine.openshift.io/cluster-api-machineset: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-workerocs-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region }}{{ fromConfigMap "policies" "aws-ocp-ami-ids" "zone1" }}' - template: - metadata: - labels: - machine.openshift.io/cluster-api-cluster: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}' - machine.openshift.io/cluster-api-machine-role: workerocs - machine.openshift.io/cluster-api-machine-type: workerocs - machine.openshift.io/cluster-api-machineset: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-workerocs-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region }}{{ fromConfigMap "policies" "aws-ocp-ami-ids" "zone1" }}' - spec: - metadata: - labels: - cluster.ocs.openshift.io/openshift-storage: "" - node-role.kubernetes.io/worker: "" - providerSpec: - value: - ami: - id: '{{ fromConfigMap "policies" "aws-ocp-ami-ids" (printf "%s-%s" (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region (fromClusterClaim "openshiftversion-major-minor")) }}' - apiVersion: awsproviderconfig.openshift.io/v1beta1 - blockDevices: - - ebs: - iops: 0 - volumeSize: 120 - volumeType: gp3 - credentialsSecret: - name: aws-cloud-credentials - deviceIndex: 0 - iamInstanceProfile: - id: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-worker-profile' - instanceType: '{{ fromConfigMap "policies" "aws-ocp-ami-ids" "instanceType" }}' - kind: AWSMachineProviderConfig - metadata: - creationTimestamp: null - placement: - availabilityZone: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region }}{{ fromConfigMap "policies" "aws-ocp-ami-ids" "zone1" }}' - region: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region }}' - publicIp: null - securityGroups: - - filters: - - name: tag:Name - values: - - '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-worker-sg' - subnet: - filters: - - name: tag:Name - values: - - '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-private-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region }}{{ fromConfigMap "policies" "aws-ocp-ami-ids" "zone1" }}' - tags: - - name: 'kubernetes.io/cluster/{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}' - value: owned - userDataSecret: - name: worker-user-data -status: - readyReplicas: '{{ fromConfigMap "policies" "aws-ocp-ami-ids" "replicas" | toInt - }}' ---- -apiVersion: machine.openshift.io/v1beta1 -kind: MachineSet -metadata: - labels: - machine.openshift.io/cluster-api-cluster: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}' - machine.openshift.io/cluster-api-machine-role: workerocs - machine.openshift.io/cluster-api-machine-type: workerocs - name: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-workerocs-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region }}{{ fromConfigMap "policies" "aws-ocp-ami-ids" "zone2" }}' - namespace: openshift-machine-api -spec: - replicas: '{{ fromConfigMap "policies" "aws-ocp-ami-ids" "replicas" | toInt }}' - selector: - matchLabels: - machine.openshift.io/cluster-api-cluster: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}' - machine.openshift.io/cluster-api-machineset: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-workerocs-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region }}{{ fromConfigMap "policies" "aws-ocp-ami-ids" "zone2" }}' - template: - metadata: - labels: - machine.openshift.io/cluster-api-cluster: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}' - machine.openshift.io/cluster-api-machine-role: workerocs - machine.openshift.io/cluster-api-machine-type: workerocs - machine.openshift.io/cluster-api-machineset: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-workerocs-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region }}{{ fromConfigMap "policies" "aws-ocp-ami-ids" "zone2" }}' - spec: - metadata: - labels: - cluster.ocs.openshift.io/openshift-storage: "" - node-role.kubernetes.io/worker: "" - providerSpec: - value: - ami: - id: '{{ fromConfigMap "policies" "aws-ocp-ami-ids" (printf "%s-%s" (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region (fromClusterClaim "openshiftversion-major-minor")) }}' - apiVersion: awsproviderconfig.openshift.io/v1beta1 - blockDevices: - - ebs: - iops: 0 - volumeSize: 120 - volumeType: gp3 - credentialsSecret: - name: aws-cloud-credentials - deviceIndex: 0 - iamInstanceProfile: - id: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-worker-profile' - instanceType: '{{ fromConfigMap "policies" "aws-ocp-ami-ids" "instanceType" }}' - kind: AWSMachineProviderConfig - metadata: - creationTimestamp: null - placement: - availabilityZone: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region }}{{ fromConfigMap "policies" "aws-ocp-ami-ids" "zone2" }}' - region: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region }}' - publicIp: null - securityGroups: - - filters: - - name: tag:Name - values: - - '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-worker-sg' - subnet: - filters: - - name: tag:Name - values: - - '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-private-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region }}{{ fromConfigMap "policies" "aws-ocp-ami-ids" "zone2" }}' - tags: - - name: 'kubernetes.io/cluster/{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}' - value: owned - userDataSecret: - name: worker-user-data -status: - readyReplicas: '{{ fromConfigMap "policies" "aws-ocp-ami-ids" "replicas" | toInt - }}' ---- -apiVersion: machine.openshift.io/v1beta1 -kind: MachineSet -metadata: - labels: - machine.openshift.io/cluster-api-cluster: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}' - machine.openshift.io/cluster-api-machine-role: workerocs - machine.openshift.io/cluster-api-machine-type: workerocs - name: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-workerocs-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region }}{{ fromConfigMap "policies" "aws-ocp-ami-ids" "zone3" }}' - namespace: openshift-machine-api -spec: - replicas: '{{ fromConfigMap "policies" "aws-ocp-ami-ids" "replicas" | toInt }}' - selector: - matchLabels: - machine.openshift.io/cluster-api-cluster: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}' - machine.openshift.io/cluster-api-machineset: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-workerocs-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region }}{{ fromConfigMap "policies" "aws-ocp-ami-ids" "zone3" }}' - template: - metadata: - labels: - machine.openshift.io/cluster-api-cluster: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}' - machine.openshift.io/cluster-api-machine-role: workerocs - machine.openshift.io/cluster-api-machine-type: workerocs - machine.openshift.io/cluster-api-machineset: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-workerocs-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region }}{{ fromConfigMap "policies" "aws-ocp-ami-ids" "zone3" }}' - spec: - metadata: - labels: - cluster.ocs.openshift.io/openshift-storage: "" - node-role.kubernetes.io/worker: "" - providerSpec: - value: - ami: - id: '{{ fromConfigMap "policies" "aws-ocp-ami-ids" (printf "%s-%s" (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region (fromClusterClaim "openshiftversion-major-minor")) }}' - apiVersion: awsproviderconfig.openshift.io/v1beta1 - blockDevices: - - ebs: - iops: 0 - volumeSize: 120 - volumeType: gp3 - credentialsSecret: - name: aws-cloud-credentials - deviceIndex: 0 - iamInstanceProfile: - id: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-worker-profile' - instanceType: '{{ fromConfigMap "policies" "aws-ocp-ami-ids" "instanceType" }}' - kind: AWSMachineProviderConfig - metadata: - creationTimestamp: null - placement: - availabilityZone: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region }}{{ fromConfigMap "policies" "aws-ocp-ami-ids" "zone3" }}' - region: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region }}' - publicIp: null - securityGroups: - - filters: - - name: tag:Name - values: - - '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-worker-sg' - subnet: - filters: - - name: tag:Name - values: - - '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-private-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region }}{{ fromConfigMap "policies" "aws-ocp-ami-ids" "zone3" }}' - tags: - - name: 'kubernetes.io/cluster/{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}' - value: owned - userDataSecret: - name: worker-user-data -status: - readyReplicas: '{{ fromConfigMap "policies" "aws-ocp-ami-ids" "replicas" | toInt - }}' diff --git a/policygenerator/policy-sets/community/openshift-plus-setup/machine-sets.yaml b/policygenerator/policy-sets/community/openshift-plus-setup/machine-sets.yaml new file mode 100644 index 000000000..7800323c6 --- /dev/null +++ b/policygenerator/policy-sets/community/openshift-plus-setup/machine-sets.yaml @@ -0,0 +1,167 @@ +# This manifest creates 3 OpenShift MachineSets that are intended for installing OpenShift Cluster Storage on AWS. +# +# More details on installing OCS including the creation of the MachineSets is located here: +# https://red-hat-storage.github.io/ocs-training/training/ocs4/ocs.html#_scale_ocp_cluster_and_add_new_worker_nodes +# +# This policy contains an Amazon Machine Identifier which must be updated in the policy. Obtain the AMI id from: +# https://access.redhat.com/documentation/en-us/openshift_container_platform/4.12/html/installing/installing-on-aws#installation-aws-user-infra-rhcos-ami_installing-aws-user-infra +# +apiVersion: policy.open-cluster-management.io/v1 +kind: ConfigurationPolicy +metadata: + name: opp-storage-machinesets +spec: + remediationAction: enforce + severity: low + object-templates-raw: | + {{- if (eq (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type "AWS") }} + - complianceType: musthave + objectDefinition: + apiVersion: v1 + data: + us-east-1-4.16: ami-057df4d0cb8cbae0d + us-east-2-4.16: ami-0f736c64d5751d7d3 + us-east-1-4.15: ami-0b56cb92505dea7ed + us-east-2-4.15: ami-0b577c67f5371f6d1 + us-east-1-4.14: ami-0b56cb92505dea7ed + us-east-2-4.14: ami-0dc6c4d1bd5161f13 + us-east-1-4.13: ami-0624891c612b5eaa0 + us-east-2-4.13: ami-0dc6c4d1bd5161f13 + us-east-1-4.12: ami-0fe05b1aa8dacfa90 + us-east-2-4.12: ami-0ff64f495c7e977cf + us-east-1-4.11: ami-0722eb0819717090f + us-east-2-4.11: ami-026e5701f495c94a2 + us-east-1-4.10: ami-0c72f473496a7b1c2 + us-east-2-4.10: ami-09e637fc5885c13cc + replicas: "2" + instanceType: m6a.2xlarge + kind: ConfigMap + metadata: + name: aws-ocp-ami-ids + namespace: policies + {{- range $i, $zone := list "a" "b" "c" }} + - complianceType: musthave + objectDefinition: + apiVersion: machine.openshift.io/v1beta1 + kind: MachineSet + metadata: + labels: + machine.openshift.io/cluster-api-cluster: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}' + machine.openshift.io/cluster-api-machine-role: workerocs + machine.openshift.io/cluster-api-machine-type: workerocs + name: {{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-workerocs-{{ list (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region $zone | join "" }} + namespace: openshift-machine-api + spec: + replicas: '{{ fromConfigMap "policies" "aws-ocp-ami-ids" "replicas" | toInt }}' + selector: + matchLabels: + machine.openshift.io/cluster-api-cluster: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}' + machine.openshift.io/cluster-api-machineset: {{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-workerocs-{{ list (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region $zone | join "" }} + template: + metadata: + labels: + machine.openshift.io/cluster-api-cluster: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}' + machine.openshift.io/cluster-api-machine-role: workerocs + machine.openshift.io/cluster-api-machine-type: workerocs + machine.openshift.io/cluster-api-machineset: {{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-workerocs-{{ list (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region $zone | join "" }} + spec: + metadata: + labels: + cluster.ocs.openshift.io/openshift-storage: "" + node-role.kubernetes.io/worker: "" + providerSpec: + value: + ami: + id: '{{ fromConfigMap "policies" "aws-ocp-ami-ids" (printf "%s-%s" (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region (fromClusterClaim "openshiftversion-major-minor")) }}' + apiVersion: awsproviderconfig.openshift.io/v1beta1 + blockDevices: + - ebs: + iops: 0 + volumeSize: 120 + volumeType: gp3 + credentialsSecret: + name: aws-cloud-credentials + deviceIndex: 0 + iamInstanceProfile: + id: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-worker-profile' + instanceType: '{{ fromConfigMap "policies" "aws-ocp-ami-ids" "instanceType" }}' + kind: AWSMachineProviderConfig + metadata: + creationTimestamp: null + placement: + availabilityZone: {{ list (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region $zone | join "" }} + region: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region }}' + publicIp: null + securityGroups: + - filters: + - name: tag:Name + values: + - '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-worker-sg' + subnet: + filters: + - name: tag:Name + values: + - {{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-private-{{ list (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region $zone | join "" }} + tags: + - name: 'kubernetes.io/cluster/{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}' + value: owned + userDataSecret: + name: worker-user-data + {{- end }} + {{- else }} + - complianceType: musthave + objectDefinition: + apiVersion: machine.openshift.io/v1beta1 + kind: MachineSet + metadata: + annotations: + machine.openshift.io/memoryMb: "16384" + machine.openshift.io/vCPU: "4" + labels: + machine.openshift.io/cluster-api-cluster: {{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }} + name: {{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-storage + namespace: openshift-machine-api + spec: + replicas: 6 + selector: + matchLabels: + machine.openshift.io/cluster-api-cluster: {{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }} + machine.openshift.io/cluster-api-machineset: {{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-storage + template: + metadata: + labels: + machine.openshift.io/cluster-api-cluster: {{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }} + machine.openshift.io/cluster-api-machine-role: storage + machine.openshift.io/cluster-api-machine-type: storage + machine.openshift.io/cluster-api-machineset: {{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-storage + spec: + lifecycleHooks: {} + metadata: + labels: + cluster.ocs.openshift.io/openshift-storage: "" + providerSpec: + value: + apiVersion: machine.openshift.io/v1beta1 + credentialsSecret: + name: vsphere-cloud-credentials + diskGiB: 120 + kind: VSphereMachineProviderSpec + memoryMiB: 16384 + metadata: + creationTimestamp: null + network: + devices: + - networkName: {{ (index (index (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.vsphere.failureDomains 0).topology.networks 0) }} + numCPUs: 4 + numCoresPerSocket: 4 + snapshot: "" + template: {{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-rhcos-generated-region-generated-zone + userDataSecret: + name: worker-user-data + workspace: + datacenter: {{ (index (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.vsphere.failureDomains 0).topology.datacenter }} + datastore: {{ (index (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.vsphere.failureDomains 0).topology.datastore }} + folder: /{{ (index (index (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.vsphere.vcenters 0).datacenters 0) }}/vm/{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }} + resourcePool: {{ (index (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.vsphere.failureDomains 0).topology.resourcePool }} + server: {{ (index (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.vsphere.vcenters 0).server }} + {{- end }} diff --git a/policygenerator/policy-sets/community/openshift-plus-setup/machineset-1c.yaml b/policygenerator/policy-sets/community/openshift-plus-setup/machineset-1c.yaml deleted file mode 100644 index 117327e92..000000000 --- a/policygenerator/policy-sets/community/openshift-plus-setup/machineset-1c.yaml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: machine.openshift.io/v1beta1 -kind: MachineSet -metadata: - labels: - machine.openshift.io/cluster-api-cluster: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}' - name: openshift-storage-machines - namespace: openshift-machine-api -spec: - replicas: 6 - selector: - matchLabels: - machine.openshift.io/cluster-api-cluster: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}' - machine.openshift.io/cluster-api-machineset: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-storage-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region }}c' - template: - metadata: - labels: - machine.openshift.io/cluster-api-cluster: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}' - machine.openshift.io/cluster-api-machine-role: worker - machine.openshift.io/cluster-api-machine-type: worker - machine.openshift.io/cluster-api-machineset: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-storage-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region }}c' - spec: - lifecycleHooks: {} - metadata: - labels: - cluster.ocs.openshift.io/openshift-storage: "" - node-role.kubernetes.io/worker: "" - providerSpec: - value: - ami: - id: ami-0722eb0819717090f - apiVersion: awsproviderconfig.openshift.io/v1beta1 - blockDevices: - - ebs: - encrypted: true - iops: 0 - kmsKey: - arn: "" - volumeSize: 200 - volumeType: gp3 - credentialsSecret: - name: aws-cloud-credentials - deviceIndex: 0 - iamInstanceProfile: - id: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-worker-profile' - instanceType: m6a.2xlarge - kind: AWSMachineProviderConfig - metadata: - creationTimestamp: null - placement: - availabilityZone: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region }}c' - region: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region }}' - securityGroups: - - filters: - - name: tag:Name - values: - - '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-worker-sg' - subnet: - filters: - - name: tag:Name - values: - - '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-private-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region }}c' - tags: - - name: 'kubernetes.io/cluster/{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}' - value: owned - userDataSecret: - name: worker-user-data diff --git a/policygenerator/policy-sets/community/openshift-plus-setup/machineset-2c.yaml b/policygenerator/policy-sets/community/openshift-plus-setup/machineset-2c.yaml deleted file mode 100644 index b64fe38ac..000000000 --- a/policygenerator/policy-sets/community/openshift-plus-setup/machineset-2c.yaml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: machine.openshift.io/v1beta1 -kind: MachineSet -metadata: - labels: - machine.openshift.io/cluster-api-cluster: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}' - name: openshift-storage-machines - namespace: openshift-machine-api -spec: - replicas: 6 - selector: - matchLabels: - machine.openshift.io/cluster-api-cluster: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}' - machine.openshift.io/cluster-api-machineset: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-storage-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region }}c' - template: - metadata: - labels: - machine.openshift.io/cluster-api-cluster: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}' - machine.openshift.io/cluster-api-machine-role: worker - machine.openshift.io/cluster-api-machine-type: worker - machine.openshift.io/cluster-api-machineset: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-storage-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region }}c' - spec: - lifecycleHooks: {} - metadata: - labels: - cluster.ocs.openshift.io/openshift-storage: "" - node-role.kubernetes.io/worker: "" - providerSpec: - value: - ami: - id: ami-026e5701f495c94a2 - apiVersion: awsproviderconfig.openshift.io/v1beta1 - blockDevices: - - ebs: - encrypted: true - iops: 0 - kmsKey: - arn: "" - volumeSize: 200 - volumeType: gp3 - credentialsSecret: - name: aws-cloud-credentials - deviceIndex: 0 - iamInstanceProfile: - id: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-worker-profile' - instanceType: m6a.2xlarge - kind: AWSMachineProviderConfig - metadata: - creationTimestamp: null - placement: - availabilityZone: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region }}c' - region: '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region }}' - securityGroups: - - filters: - - name: tag:Name - values: - - '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-worker-sg' - subnet: - filters: - - name: tag:Name - values: - - '{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}-private-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.platformStatus.aws.region }}c' - tags: - - name: 'kubernetes.io/cluster/{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").status.infrastructureName }}' - value: owned - userDataSecret: - name: worker-user-data diff --git a/policygenerator/policy-sets/community/openshift-plus-setup/policyGenerator.yaml b/policygenerator/policy-sets/community/openshift-plus-setup/policyGenerator.yaml index 33e17da3c..a00a22a35 100644 --- a/policygenerator/policy-sets/community/openshift-plus-setup/policyGenerator.yaml +++ b/policygenerator/policy-sets/community/openshift-plus-setup/policyGenerator.yaml @@ -17,19 +17,12 @@ policyDefaults: standards: - NIST SP 800-53 policies: -- name: policy-aws-config - manifests: - - path: ami-ids.yaml - name: policy-opp-prereq-ns manifests: - path: namespace.yaml - name: policy-opp-prereq-machines - dependencies: - - name: policy-aws-config manifests: - - path: aws-machine-sets.yaml - #- path: machineset-1c.yaml - #- path: machineset-2c.yaml + - path: machine-sets.yaml - name: policy-opp-prereq-binding dependencies: - name: policy-opp-prereq-ns diff --git a/policygenerator/policy-sets/community/openshift-plus-setup/subscription-admin.yaml b/policygenerator/policy-sets/community/openshift-plus-setup/subscription-admin.yaml deleted file mode 100644 index 4e05b5d11..000000000 --- a/policygenerator/policy-sets/community/openshift-plus-setup/subscription-admin.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: open-cluster-management:subscription-admin -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: open-cluster-management:subscription-admin -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: kube:admin -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:admin