Azure
/
ARO-RP
зеркало из https://github.com/Azure/ARO-RP.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Update dedicated RP deployment docs to include AKS, VPN, and Hive (#2621) 

Co-authored-by: Matthew Barnes <mbarnes@fedoraproject.org>
This commit is contained in:
David Newman 2023-01-31 15:13:26 +10:00 коммит произвёл GitHub
Родитель 127b0565f1
Коммит 9b77c9f7e6
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
3 изменённых файлов: 149 добавлений и 3 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

41
docs/deploy-full-rp-service-in-dev.md
Просмотреть файл

@ -29,11 +29,42 @@
make dev-config.yaml
```
1. Run `make deploy`. This will fail on the first attempt to run due to AKS not being installed, so after the first failure, please skip to the next step to deploy the VPN Gateway and then deploy AKS.
> __NOTE:__ If the deployment fails with `InvalidResourceReference` due to the RP Network Security Groups not found, delete the "gateway-production-predeploy" deployment in the gateway resource group, and re-run `make deploy`.
1. Run `make deploy`
> __NOTE:__ This will fail on the first attempt to run due to certificate and container mirroring requirements.
> __NOTE:__ If the deployment fails with `A vault with the same name already exists in deleted state`, then you will need to recover the deleted keyvaults from a previous deploy using: `az keyvault recover --name <KEYVAULT_NAME>` for each keyvault, and re-run.
> __NOTE:__ If the deployment fails with `InvalidResourceReference` due to the RP Network Security Groups not found, delete the gateway predeploy deployment, and re-run.
1. Deploy a VPN Gateway
This is required in order to be able to connect to AKS from your local machine:
```bash
source ./hack/devtools/deploy-shared-env.sh
deploy_vpn_for_dedicated_rp
```
1. Deploy AKS by running these commands from the ARO-RP root directory:
```bash
source ./hack/devtools/deploy-shared-env.sh
deploy_aks_dev
```
> __NOTE:__ If the AKS deployment fails with missing RP VNETs, delete the "gateway-production-predeploy" deployment in the gateway resource group, and re-run `make deploy` and then re-run `deploy_aks_dev`.
1. Install Hive into AKS
1. Download the VPN config. Please note that this action will _**OVER WRITE**_ the `secrets/vpn-$LOCATION.ovpn` on your local machine. **DO NOT** run `make secrets-update` after doing this, as you will overwrite existing config, until such time as you have run `make secrets` to get the config restored.
```bash
vpn_configuration
```
1. Connect to the Dev VPN in a new terminal:
```bash
sudo openvpn secrets/vpn-$LOCATION.ovpn
```
1. Now that your machine is able access the AKS cluster, you can deploy Hive:
```bash
make aks.kubeconfig
./hack/hive-generate-config.sh
KUBECONFIG=$(pwd)/aks.kubeconfig ./hack/hive-dev-install.sh
```
1. Mirror the OpenShift images to your new ACR
<!-- TODO (bv) allow mirroring through a pipeline would be faster and a nice to have -->
@ -57,6 +88,10 @@
```bash
go run -tags aro ./cmd/aro mirror latest
```
If you are going to test or work with multi-version installs, then you should mirror any additional versions as well, for example for 4.11.21 it would be
```bash
go run -tags aro ./cmd/aro mirror 4.11.21
```
1. Push the ARO and Fluentbit images to your ACR

10
hack/devtools/deploy-shared-env.sh
Просмотреть файл

@ -81,6 +81,16 @@ deploy_aks_dev() {
"sshRSAPublicKey=$(<secrets/proxy_id_rsa.pub)" >/dev/null
}
deploy_vpn_for_dedicated_rp() {
echo "########## Deploying Dev VPN in RG $RESOURCEGROUP ##########"
az deployment group create \
-g "$RESOURCEGROUP" \
-n dev-vpn \
--template-file pkg/deploy/assets/vpn-development.json \
--parameters \
"vpnCACertificate=$(base64 -w0 <secrets/vpn-ca.crt)" >/dev/null
}
deploy_env_dev_override() {
echo "########## Deploying env-development in RG $RESOURCEGROUP ##########"
az deployment group create \

101
pkg/deploy/assets/vpn-development.json Normal file
Просмотреть файл

@ -0,0 +1,101 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"publicIPAddressSkuName": {
"type": "string",
"defaultValue": "Standard"
},
"publicIPAddressAllocationMethod": {
"type": "string",
"defaultValue": "Static"
},
"vpnCACertificate": {
"type": "string",
"defaultValue": ""
}
},
"resources": [
{
"type": "Microsoft.Network/publicIPAddresses",
"apiVersion": "2020-08-01",
"name": "dev-vpn-pip",
"location": "[resourceGroup().location]",
"sku": {
"name": "[parameters('publicIPAddressSkuName')]"
},
"properties": {
"publicIPAllocationMethod": "[parameters('publicIPAddressAllocationMethod')]"
}
},
{
"type": "Microsoft.Network/virtualNetworks",
"apiVersion": "2020-08-01",
"name": "dev-vpn-vnet",
"location": "[resourceGroup().location]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"10.2.0.0/24"
]
},
"subnets": [
{
"properties": {
"addressPrefix": "10.2.0.0/24"
},
"name": "GatewaySubnet"
}
]
}
},
{
"type": "Microsoft.Network/virtualNetworkGateways",
"apiVersion": "2020-08-01",
"name": "dev-vpn",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Network/publicIPAddresses', 'dev-vpn-pip')]",
"[resourceId('Microsoft.Network/virtualNetworks', 'dev-vpn-vnet')]"
],
"properties": {
"ipConfigurations": [
{
"properties": {
"subnet": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', 'dev-vpn-vnet', 'GatewaySubnet')]"
},
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses', 'dev-vpn-pip')]"
}
},
"name": "default"
}
],
"vpnType": "RouteBased",
"sku": {
"name": "VpnGw1",
"tier": "VpnGw1"
},
"vpnClientConfiguration": {
"vpnClientAddressPool": {
"addressPrefixes": [
"192.168.255.0/24"
]
},
"vpnClientRootCertificates": [
{
"properties": {
"publicCertData": "[parameters('vpnCACertificate')]"
},
"name": "dev-vpn-ca"
}
],
"vpnClientProtocols": [
"OpenVPN"
]
}
}
}
]
}