Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update install instructions for OpenShift 4.15 and Cilium kube-proxy-free mode #348

Merged
merged 6 commits into from
Aug 5, 2024
Merged

Update install instructions for OpenShift 4.15 and Cilium kube-proxy-free mode #348

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
5e24ab9
Bump OpenShift and K8s version in cloudscale install instructions
simu Aug 2, 2024
129b223
Bump OpenShift and K8s version in OpenStack install instructions
simu Aug 2, 2024
7ad92a2
Bump OpenShift and K8s version in vSphere install instructions
simu Aug 2, 2024
6ccd46e
Bump RHCOS image to 4.15.23
simu Aug 2, 2024
c282d87
Add steps to allow cluster bootstrap to complete with Cilium in kube-…
simu Aug 2, 2024
6d9717a
Adjust cloudscale decommissioning instructions
simu Aug 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion docs/modules/ROOT/pages/how-tos/cloudscale/decommission.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ done
+
[source,console]
----
terraform state rm module.cluster.module.lb.module.hiera.gitfile_checkout.appuio_hieradata
terraform state rm module.cluster.module.lb.module.hiera[0].gitfile_checkout.appuio_hieradata
----
+
NOTE: This step is necessary to ensure the subsequent `terraform destroy` completes without errors.
Expand Down
6 changes: 3 additions & 3 deletions docs/modules/ROOT/pages/how-tos/cloudscale/install.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
= Install OpenShift 4 on cloudscale.ch
:ocp-minor-version: 4.14
:k8s-minor-version: 1.27
:ocp-patch-version: {ocp-minor-version}.0
:ocp-minor-version: 4.15
:k8s-minor-version: 1.28
:ocp-patch-version: {ocp-minor-version}.23
:provider: cloudscale

[abstract]
Expand Down
2 changes: 1 addition & 1 deletion docs/modules/ROOT/pages/how-tos/exoscale/install.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
= Installation on Exoscale
:ocp-minor-version: 4.15
:k8s-minor-version: 1.28
:ocp-patch-version: {ocp-minor-version}.0
:ocp-patch-version: {ocp-minor-version}.23
:provider: exoscale
:kubectl_extra_args:

Expand Down
6 changes: 3 additions & 3 deletions docs/modules/ROOT/pages/how-tos/openstack/install.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
= Install OpenShift 4 on OpenStack
:ocp-minor-version: 4.14
:k8s-minor-version: 1.27
:ocp-patch-version: {ocp-minor-version}.0
:ocp-minor-version: 4.15
:k8s-minor-version: 1.28
:ocp-patch-version: {ocp-minor-version}.23
:provider: openstack

[abstract]
Expand Down
6 changes: 3 additions & 3 deletions docs/modules/ROOT/pages/how-tos/vsphere/install.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
= Install OpenShift 4 on vSphere
:ocp-minor-version: 4.14
:k8s-minor-version: 1.27
:ocp-patch-version: {ocp-minor-version}.0
:ocp-minor-version: 4.15
:k8s-minor-version: 1.28
:ocp-patch-version: {ocp-minor-version}.23
:provider: vsphere

[abstract]
Expand Down
59 changes: 54 additions & 5 deletions docs/modules/ROOT/partials/install/bootstrap-nodes.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,46 @@ while ! curl --connect-timeout 1 "${API_URL}/healthz" -k &>/dev/null; do
done && echo -e "\nAPI is up"
----

. Patch Cilium config to allow control plane bootstrap to succeed
+
[NOTE]
====
We need to temporarily adjust the Cilium config to not use full kube-proxy replacement, since we currently don't have a way to disable the initial OpenShift-managed kube-proxy deployment.
Additionally, Because the cloudscale Cloud Controller Manager accesses the K8s API via service IP, we need to configure Cilium to provide partial kube-proxy replacement so that the CCM can start and untaint the control plane nodes so that other pods can be scheduled.
====
+
[source,bash]
----
export KUBECONFIG="${INSTALLER_DIR}/auth/kubeconfig"

while ! kubectl get ciliumconfig -A &>/dev/null; do
echo -n "."
sleep 2
done && echo -e "\nCiliumConfig CR is present"

kubectl patch -n cilium ciliumconfig cilium-enterprise --type=merge \
-p '{
"spec": {
"cilium": {
"kubeProxyReplacement": "false",
"nodePort": {
"enabled": true
},
"socketLB": {
"enabled": true
},
"sessionAffinity": true,
"externalIPs": {
"enabled": true
},
"hostPort": {
"enabled": true
}
}
}
}'
----

. Deploy control plane nodes
+
[source,bash,subs="attributes+"]
Expand Down Expand Up @@ -92,6 +132,20 @@ terraform apply
popd
----

. Disable OpenShift kube-proxy deployment and revert Cilium patch
+
[source,bash]
----
kubectl patch network.operator cluster --type=merge \
-p '{"spec":{"deployKubeProxy":false}}'
kubectl -n cilium replace -f catalog/manifests/cilium/olm/cluster-network-07-cilium-ciliumconfig.yaml
while ! kubectl -n cilium get cm cilium-config -oyaml | grep 'kube-proxy-replacement: "true"' &>/dev/null; do
echo -n "."
sleep 2
done && echo -e "\nCilium config updated"
kubectl -n cilium rollout restart ds/cilium
----

. Review and merge the LB hieradata MR (listed in Terraform output `hieradata_mr`) and run Puppet on the LBs after the deploy job has completed
+
[source,bash]
Expand All @@ -103,11 +157,6 @@ done

. Approve node certs
+
[source,bash]
----
export KUBECONFIG="${INSTALLER_DIR}/auth/kubeconfig"
----
+
include::partial$install/approve-node-csrs.adoc[]

. Label infra nodes
Expand Down