From 5e24ab9a951881bd7509d769910a00f2e3b65ad6 Mon Sep 17 00:00:00 2001 From: Simon Gerber Date: Fri, 2 Aug 2024 09:23:24 +0200 Subject: [PATCH 1/6] Bump OpenShift and K8s version in cloudscale install instructions --- docs/modules/ROOT/pages/how-tos/cloudscale/install.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/modules/ROOT/pages/how-tos/cloudscale/install.adoc b/docs/modules/ROOT/pages/how-tos/cloudscale/install.adoc index 84502b70..9ac2130b 100644 --- a/docs/modules/ROOT/pages/how-tos/cloudscale/install.adoc +++ b/docs/modules/ROOT/pages/how-tos/cloudscale/install.adoc @@ -1,6 +1,6 @@ = Install OpenShift 4 on cloudscale.ch -:ocp-minor-version: 4.14 -:k8s-minor-version: 1.27 +:ocp-minor-version: 4.15 +:k8s-minor-version: 1.28 :ocp-patch-version: {ocp-minor-version}.0 :provider: cloudscale From 129b22364a427a0d52e64030e5a745e24e3639ed Mon Sep 17 00:00:00 2001 From: Simon Gerber Date: Fri, 2 Aug 2024 09:24:36 +0200 Subject: [PATCH 2/6] Bump OpenShift and K8s version in OpenStack install instructions --- docs/modules/ROOT/pages/how-tos/openstack/install.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/modules/ROOT/pages/how-tos/openstack/install.adoc b/docs/modules/ROOT/pages/how-tos/openstack/install.adoc index 13983913..b9c767a0 100644 --- a/docs/modules/ROOT/pages/how-tos/openstack/install.adoc +++ b/docs/modules/ROOT/pages/how-tos/openstack/install.adoc @@ -1,6 +1,6 @@ = Install OpenShift 4 on OpenStack -:ocp-minor-version: 4.14 -:k8s-minor-version: 1.27 +:ocp-minor-version: 4.15 +:k8s-minor-version: 1.28 :ocp-patch-version: {ocp-minor-version}.0 :provider: openstack From 7ad92a2073053446044d7ee35317f28ba06c7deb Mon Sep 17 00:00:00 2001 From: Simon Gerber Date: Fri, 2 Aug 2024 09:25:02 +0200 Subject: [PATCH 3/6] Bump OpenShift and K8s version in vSphere install instructions --- docs/modules/ROOT/pages/how-tos/vsphere/install.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/modules/ROOT/pages/how-tos/vsphere/install.adoc b/docs/modules/ROOT/pages/how-tos/vsphere/install.adoc index 45ab8373..2a98ac26 100644 --- a/docs/modules/ROOT/pages/how-tos/vsphere/install.adoc +++ b/docs/modules/ROOT/pages/how-tos/vsphere/install.adoc @@ -1,6 +1,6 @@ = Install OpenShift 4 on vSphere -:ocp-minor-version: 4.14 -:k8s-minor-version: 1.27 +:ocp-minor-version: 4.15 +:k8s-minor-version: 1.28 :ocp-patch-version: {ocp-minor-version}.0 :provider: vsphere From 6ccd46e159c2c1b3f5e248633dc1b2686e9feb0d Mon Sep 17 00:00:00 2001 From: Simon Gerber Date: Fri, 2 Aug 2024 09:40:16 +0200 Subject: [PATCH 4/6] Bump RHCOS image to 4.15.23 --- docs/modules/ROOT/pages/how-tos/cloudscale/install.adoc | 2 +- docs/modules/ROOT/pages/how-tos/exoscale/install.adoc | 2 +- docs/modules/ROOT/pages/how-tos/openstack/install.adoc | 2 +- docs/modules/ROOT/pages/how-tos/vsphere/install.adoc | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/modules/ROOT/pages/how-tos/cloudscale/install.adoc b/docs/modules/ROOT/pages/how-tos/cloudscale/install.adoc index 9ac2130b..1c680c40 100644 --- a/docs/modules/ROOT/pages/how-tos/cloudscale/install.adoc +++ b/docs/modules/ROOT/pages/how-tos/cloudscale/install.adoc @@ -1,7 +1,7 @@ = Install OpenShift 4 on cloudscale.ch :ocp-minor-version: 4.15 :k8s-minor-version: 1.28 -:ocp-patch-version: {ocp-minor-version}.0 +:ocp-patch-version: {ocp-minor-version}.23 :provider: cloudscale [abstract] diff --git a/docs/modules/ROOT/pages/how-tos/exoscale/install.adoc b/docs/modules/ROOT/pages/how-tos/exoscale/install.adoc index 453d7207..33b092a2 100644 --- a/docs/modules/ROOT/pages/how-tos/exoscale/install.adoc +++ b/docs/modules/ROOT/pages/how-tos/exoscale/install.adoc @@ -1,7 +1,7 @@ = Installation on Exoscale :ocp-minor-version: 4.15 :k8s-minor-version: 1.28 -:ocp-patch-version: {ocp-minor-version}.0 +:ocp-patch-version: {ocp-minor-version}.23 :provider: exoscale :kubectl_extra_args: diff --git a/docs/modules/ROOT/pages/how-tos/openstack/install.adoc b/docs/modules/ROOT/pages/how-tos/openstack/install.adoc index b9c767a0..1f6cd9b9 100644 --- a/docs/modules/ROOT/pages/how-tos/openstack/install.adoc +++ b/docs/modules/ROOT/pages/how-tos/openstack/install.adoc @@ -1,7 +1,7 @@ = Install OpenShift 4 on OpenStack :ocp-minor-version: 4.15 :k8s-minor-version: 1.28 -:ocp-patch-version: {ocp-minor-version}.0 +:ocp-patch-version: {ocp-minor-version}.23 :provider: openstack [abstract] diff --git a/docs/modules/ROOT/pages/how-tos/vsphere/install.adoc b/docs/modules/ROOT/pages/how-tos/vsphere/install.adoc index 2a98ac26..7a67b155 100644 --- a/docs/modules/ROOT/pages/how-tos/vsphere/install.adoc +++ b/docs/modules/ROOT/pages/how-tos/vsphere/install.adoc @@ -1,7 +1,7 @@ = Install OpenShift 4 on vSphere :ocp-minor-version: 4.15 :k8s-minor-version: 1.28 -:ocp-patch-version: {ocp-minor-version}.0 +:ocp-patch-version: {ocp-minor-version}.23 :provider: vsphere [abstract] From c282d87b7a5426f397fa60d21372d71d189d91ce Mon Sep 17 00:00:00 2001 From: Simon Gerber Date: Fri, 2 Aug 2024 12:40:07 +0200 Subject: [PATCH 5/6] Add steps to allow cluster bootstrap to complete with Cilium in kube-proxy-free mode --- .../partials/install/bootstrap-nodes.adoc | 59 +++++++++++++++++-- 1 file changed, 54 insertions(+), 5 deletions(-) diff --git a/docs/modules/ROOT/partials/install/bootstrap-nodes.adoc b/docs/modules/ROOT/partials/install/bootstrap-nodes.adoc index 52d491c9..7666d445 100644 --- a/docs/modules/ROOT/partials/install/bootstrap-nodes.adoc +++ b/docs/modules/ROOT/partials/install/bootstrap-nodes.adoc @@ -38,6 +38,46 @@ while ! curl --connect-timeout 1 "${API_URL}/healthz" -k &>/dev/null; do done && echo -e "\nAPI is up" ---- +. Patch Cilium config to allow control plane bootstrap to succeed ++ +[NOTE] +==== +We need to temporarily adjust the Cilium config to not use full kube-proxy replacement, since we currently don't have a way to disable the initial OpenShift-managed kube-proxy deployment. +Additionally, Because the cloudscale Cloud Controller Manager accesses the K8s API via service IP, we need to configure Cilium to provide partial kube-proxy replacement so that the CCM can start and untaint the control plane nodes so that other pods can be scheduled. +==== ++ +[source,bash] +---- +export KUBECONFIG="${INSTALLER_DIR}/auth/kubeconfig" + +while ! kubectl get ciliumconfig -A &>/dev/null; do + echo -n "." + sleep 2 +done && echo -e "\nCiliumConfig CR is present" + +kubectl patch -n cilium ciliumconfig cilium-enterprise --type=merge \ + -p '{ + "spec": { + "cilium": { + "kubeProxyReplacement": "false", + "nodePort": { + "enabled": true + }, + "socketLB": { + "enabled": true + }, + "sessionAffinity": true, + "externalIPs": { + "enabled": true + }, + "hostPort": { + "enabled": true + } + } + } + }' +---- + . Deploy control plane nodes + [source,bash,subs="attributes+"] @@ -92,6 +132,20 @@ terraform apply popd ---- +. Disable OpenShift kube-proxy deployment and revert Cilium patch ++ +[source,bash] +---- +kubectl patch network.operator cluster --type=merge \ + -p '{"spec":{"deployKubeProxy":false}}' +kubectl -n cilium replace -f catalog/manifests/cilium/olm/cluster-network-07-cilium-ciliumconfig.yaml +while ! kubectl -n cilium get cm cilium-config -oyaml | grep 'kube-proxy-replacement: "true"' &>/dev/null; do + echo -n "." + sleep 2 +done && echo -e "\nCilium config updated" +kubectl -n cilium rollout restart ds/cilium +---- + . Review and merge the LB hieradata MR (listed in Terraform output `hieradata_mr`) and run Puppet on the LBs after the deploy job has completed + [source,bash] @@ -103,11 +157,6 @@ done . Approve node certs + -[source,bash] ----- -export KUBECONFIG="${INSTALLER_DIR}/auth/kubeconfig" ----- -+ include::partial$install/approve-node-csrs.adoc[] . Label infra nodes From 6d9717aa24eb7c1950eeccea8937d58e2fe060e2 Mon Sep 17 00:00:00 2001 From: Simon Gerber Date: Fri, 2 Aug 2024 14:06:52 +0200 Subject: [PATCH 6/6] Adjust cloudscale decommissioning instructions --- docs/modules/ROOT/pages/how-tos/cloudscale/decommission.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/modules/ROOT/pages/how-tos/cloudscale/decommission.adoc b/docs/modules/ROOT/pages/how-tos/cloudscale/decommission.adoc index d866d254..f0c88705 100644 --- a/docs/modules/ROOT/pages/how-tos/cloudscale/decommission.adoc +++ b/docs/modules/ROOT/pages/how-tos/cloudscale/decommission.adoc @@ -54,7 +54,7 @@ done + [source,console] ---- -terraform state rm module.cluster.module.lb.module.hiera.gitfile_checkout.appuio_hieradata +terraform state rm module.cluster.module.lb.module.hiera[0].gitfile_checkout.appuio_hieradata ---- + NOTE: This step is necessary to ensure the subsequent `terraform destroy` completes without errors.