Use cloudscale.ch

Currently the Terraform module which this component uses for cloudscale.ch only supports provisioning VSHN-managed OCP4 clusters.
See the cloudscale.ch installation how-to for a comprehensive how-to for setting up OCP4 on cloudscale.ch.

The following steps show how to set up Terraform with cloudscale.ch

The component currently assumes that the Git repositories live on a GitLab instance.

Setup credentials

Don’t create new tokens for clusters already set up with the standard install instructions. Use the existing ones stored in vault under /cloudscale and /floaty.

  1. Set up 2 new API tokens with read+write permissions in control.cloudscale.ch.

    1. The first token should be named ${CLUSTER_ID} and will be used for the initial cluster setup, the cluster’s CSI driver and GitLab CI jobs.

    2. The second token should be named ${CLUSTER_ID}_floaty and will be deployed onto the LBs for Floaty).

  2. Create a "Project Access Token" for the hieradata repository. The token requires the following permissions:

    • api

    • read_repository

    • write_repository

    The user which is created will be named project_<project-id>_bot, where <project-id> is the project ID of the GitLab project. If the project already has access tokens the user will be named project_<project-id>_bot<N> instead, where N is a running counter (1 for the second token, etc.)

  3. Set up a "Servers API" token on control.vshn.net.

  4. If there’s no access token configured on the APPUiO hieradata repo, create one. Otherwise check Vault for the token.

Setup component

  1. Configure component parameters.

    openshift4_terraform:
  provider: cloudscale
  gitlab_ci:
    git: (1)
      username: Max Mustermann
      email: mm@example.com
  terraform_variables:
    # Required parameters
    base_domain: ${openshift:baseDomain}
    ignition_ca: |-
      -----BEGIN CERTIFICATE-----
      ...
    ssh_keys:
      - ssh-ed25519 AA...
    hieradata_repo_user: project_123_bot (2)

    # Optional parameters:
    worker_count: 3
    infra_flavor: plus-24-6
    1 The Git author name and email address. Used when creating hieradata commits. If not specified, the GitLab CI defaults will be used.
    2 The user created for the hieradata project access token. Please note that the Terraform module currently only supports the VSHN APPUiO hieradata

  2. Compile the cluster catalog

  3. Configure GitLab repository

    • Settings  CI/CD  General pipelines  Configuration file
      manifests/openshift4-terraform/gitlab-ci.yml

    • Settings  CI/CD  Variables

      • CLOUDSCALE_TOKEN_RW

      • CLOUDSCALE_FLOATY_SECRET

      • HIERADATA_REPO_TOKEN — the VSHN APPUiO hieradata project access token

      • CONTROL_VSHN_NET_TOKEN