Skip to content

Repository of Preflight Checks test BYOVPC Configurations

License

Notifications You must be signed in to change notification settings

mikeshng/osd-network-verifier

 
 

Repository files navigation

osd-network-verifier

A cli tool and set of libraries that verify the pre-configured networking components for ROSA and OSD CCS clusters.

Overview

osd-network-verifier can be used prior to or after the installation of osd/rosa clusters to ensure the network configuration is correctly set up per OSD requirements listed on https://docs.openshift.com/container-platform/4.6/installing/installing_aws/installing-aws-vpc.html#installation-custom-aws-vpc-requirements_installing-aws-vpc

It currently verifies:

The recommended workflow of diagnostic use of ONV is shown in the following flow diagram:

shift

Cloud Provider Specific READMEs

Building

make build: Builds osd-network-verifier executable in base directory

Terraform Scripts (AWS)

The Terraform scripts in this repository allow you to set up a secure and scalable network infrastructure in AWS for testing. It will create a VPC with public, private, and firewall(optinal) subnets, an Internet Gateway, a NAT Gateway, and a network firewall(optinal).

Getting Started

  1. Clone this repository.
  2. Navigate to the Terraform scripts directory: examples/aws/terraform.
  3. Copy the terraform.tfvars.example file to terraform.tfvars and replace the placeholder values with your actual values.
  4. Run terraform init to initialize Terraform.
  5. Run terraform apply to create the infrastructure.

See the Terraform README.md for detailed instructions.

Contributing and Maintenance

If interested, please fork this repo and create pull requests to the main branch.

Golden AMI

osd-network-verifier depends on these publicly available AMIs built from the osd-network-verifier-golden-ami repo.

Golden AMI provides the following:

  • runtime environment setup (such as container engine, configurations, etc.)
  • building and embedding the validator binary which performs the individual checks to the endpoints

Egress Lists

This lists of essential domains for egress verification should be maintained in the GitLab repo. Newly-added lists should be registered as "platform types" in helpers.go using the list file's extensionless name as the value (e.g., abc.yaml should be registered as PlatformABC string = "abc"). Finally, the --platform help message and value handling logic in cmd.go should also be updated.

IAM Permission Requirement List

Version ID required for IAM support role may need update to match specification in AWS docs.

Release Process

See RELEASE.md

About

Repository of Preflight Checks test BYOVPC Configurations

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Go 86.1%
  • Shell 13.2%
  • Makefile 0.7%