A cli tool and set of libraries that verify the pre-configured networking components for ROSA and OSD CCS clusters.
osd-network-verifier can be used prior to or after the installation of osd/rosa clusters to ensure the network configuration is correctly set up per OSD requirements listed on https://docs.openshift.com/container-platform/4.6/installing/installing_aws/installing-aws-vpc.html#installation-custom-aws-vpc-requirements_installing-aws-vpc
It currently verifies:
- Egress from VPC subnets to essential OSD domains
- DNS resolution in a VPC
The recommended workflow of diagnostic use of ONV is shown in the following flow diagram:
make build
: Builds osd-network-verifier
executable in base directory
The Terraform scripts in this repository allow you to set up a secure and scalable network infrastructure in AWS for testing. It will create a VPC with public, private, and firewall(optinal) subnets, an Internet Gateway, a NAT Gateway, and a network firewall(optinal).
- Clone this repository.
- Navigate to the Terraform scripts directory:
examples/aws/terraform
. - Copy the
terraform.tfvars.example
file toterraform.tfvars
and replace the placeholder values with your actual values. - Run
terraform init
to initialize Terraform. - Run
terraform apply
to create the infrastructure.
See the Terraform README.md
for detailed instructions.
If interested, please fork this repo and create pull requests to the main
branch.
osd-network-verifier depends on these publicly available AMIs built from the osd-network-verifier-golden-ami repo.
Golden AMI provides the following:
- runtime environment setup (such as container engine, configurations, etc.)
- building and embedding the validator binary which performs the individual checks to the endpoints
This lists of essential domains for egress verification should be maintained in the GitLab repo. Newly-added lists should be registered as "platform types" in helpers.go
using the list file's extensionless name as the value (e.g., abc.yaml should be registered as PlatformABC string = "abc"
). Finally, the --platform
help message and value handling logic in cmd.go
should also be updated.
Version ID required for IAM support role may need update to match specification in AWS docs.
See RELEASE.md