5.0 KiB
Deploy an Entire RP Development Service
Prerequisites
- Your development environment is prepared according to the steps outlined in Prepare Your Dev Environment
Deploying an int-like Development RP
-
Fetch the most up-to-date secrets with
make secrets -
Copy and source your environment file.
cp env.example env vi env . ./env -
Generate the development RP configuration
make dev-config.yaml -
Update and resource your environment file
It should look something like below once completed
export LOCATION=eastus export ARO_IMAGE=arointsvc.azurecr.io/aro:latest . secrets/env export RESOURCEGROUP=$USER-aro-$LOCATION export DATABASE_ACCOUNT_NAME=$USER-aro-$LOCATION export DATABASE_NAME=ARO export KEYVAULT_PREFIX=$USER-aro-$LOCATION export ARO_IMAGE=${USER}aro.azurecr.io/aro:$(git rev-parse --short=7 HEAD)$([[ $(git status --porcelain) = "" ]] || echo -dirty). ./env -
Run
make deployNOTE: This will fail on the first attempt to run due to certificate and container mirroring requirements.
-
Update the certificates in keyvault
```bash
az keyvault certificate import \
--vault-name "$KEYVAULT_PREFIX-svc" \
--name rp-mdm \
--file secrets/rp-metrics-int.pem >/dev/null
az keyvault certificate import \
--vault-name "$KEYVAULT_PREFIX-svc" \
--name rp-mdsd \
--file secrets/rp-logging-int.pem >/dev/null
az keyvault certificate import \
--vault-name "$KEYVAULT_PREFIX-svc" \
--name cluster-mdsd \
--file secrets/cluster-logging-int.pem >/dev/null
az keyvault certificate import \
--vault-name "$KEYVAULT_PREFIX-svc" \
--name dev-arm \
--file secrets/arm.pem >/dev/null
az keyvault certificate import \
--vault-name "$KEYVAULT_PREFIX-svc" \
--name rp-firstparty \
--file secrets/firstparty.pem >/dev/null
az keyvault certificate import \
--vault-name "$KEYVAULT_PREFIX-svc" \
--name rp-server \
--file secrets/localhost.pem >/dev/null
az keyvault certificate import \
--vault-name "$KEYVAULT_PREFIX-por" \
--name portal-server \
--file secrets/localhost.pem >/dev/null
az keyvault certificate import \
--vault-name "$KEYVAULT_PREFIX-por" \
--name portal-client \
--file secrets/portal-client.pem >/dev/null
```
-
Mirror the OpenShift images to your new ACR
-
Setup mirroring environment variables
export DST_ACR_NAME=${USER}aro export SRC_AUTH_QUAY=FILL_IN # Get quay auth https://cloud.redhat.com/openshift/create/local -> Download Pull Secret export SRC_AUTH_REDHAT=$(echo $USER_PULL_SECRET | jq -r '.auths."registry.redhat.io".auth') export DST_AUTH=$(echo -n '00000000-0000-0000-0000-000000000000:'$(az acr login -n ${DST_ACR_NAME} --expose-token | jq -r .accessToken) | base64 -w0) -
Login to the Azure Container Registry
docker login -u 00000000-0000-0000-0000-000000000000 -p "$(echo $DST_AUTH | base64 -d | cut -d':' -f2)" "${DST_ACR_NAME}.azurecr.io" -
Run the mirroring
The
latestargument will take the InstallStream frompkg/util/version/const.goand mirror that versiongo run ./cmd/aro mirror latest -
Push the ARO image to your ACR
make publish-image-aro-multistage
-
-
Delete the existing VMSS
NOTE: This needs to be deleted as deploying won't recreate the VMSS if the commit hash is the same.
az vmss delete -g ${RESOURCEGROUP} --name rp-vmss-$(git rev-parse --short=7 HEAD)$([[ $(git status --porcelain) = "" ]] || echo -dirty) -
Run
make deploy
Deploying a cluster
-
Setup a local tunnel to the RP
make tunnel -
Deploy your cluster
RESOURCEGROUP=v4-$LOCATION CLUSTER=bvesel go run ./hack/cluster createNOTE: The cluster will not be accessible via DNS unless you update the parent domain of the cluster.
SSHing into RP VMSS Instance
-
Update the RP NSG to allow SSH
az network nsg rule create \ --name ssh-to-rp \ --resource-group $RESOURCEGROUP \ --nsg-name rp-nsg \ --access Allow \ --priority 140 \ --source-address-prefixes "$(curl --silent ipecho.net/plain)/32" \ --protocol Tcp \ --destination-port-ranges 22 -
SSH into the VM
VMSS_PIP=$(az vmss list-instance-public-ips -g $RESOURCEGROUP --name rp-vmss-$(git rev-parse --short=7 HEAD)$([[ $(git status --porcelain) = "" ]] || echo -dirty) | jq -r '.[0].ipAddress') ssh cloud-user@${VMSS_PIP}