Deploying CaaSP CAP on ECP

I spent many days testing different deployment configurations on ECP, because ever since the introduction of manually configuring pod security policies (PSPs) I have not had a successful deployment, and we doc peeps are getting conflicting information. The basis for my testing is Setup CAP on CaaSP on ECP. Prabal's scripts automate creating an NFS storage class and applying PSPs. I forked SUSE/cf-ci to test two different PSP configurations. Which still do not make sense, as it seems the end result is akin to mode 0777.

I tried upgrading CaaSP 3.0 (transactional-update up), and my CAP deployments failed. I do not know why, and have not had time yet to test different PSP configurations.

This is all fragile, and fixing a damaged deployment is difficult, so the CAP Guides must present exact perfect steps for customers to get it right the first time.

1. Create a CaaSP cluster on ECP:

$ git clone https://github.com/prabalsharma/automation.git
$ cd automation/caasp-openstack-heat

Edit heat-environment.yaml.example with your DNS server and desired internal Kube cluster network range. Do not overlap with the CaaSP defaults of 172.16.0.0/13 and 172.24.0.0/16. Current usable DNS servers are 10.84.2.20, 10.84.2.21, and 10.84.100.100.

---

parameters: root_password: rootpass admin_flavor: m1.large master_flavor: m1.xlarge worker_flavor: m1.xlarge external_net: floating internal_net_cidr: 172.24.8.0/24 dns_nameserver: 10.84.100.100 worker_num_volumes: 0 worker_volume_size: 60

./caasp-openstack --build -m 1 -w 3 --openrc --image CaaSP-3.0.0-GMC --name

2.