Use cloudscale.ch
Currently the Terraform module which this component uses for cloudscale.ch only supports provisioning VSHN-managed OCP4 clusters. |
See the cloudscale.ch installation how-to for a comprehensive how-to for setting up OCP4 on cloudscale.ch. |
The following steps show how to set up Terraform with cloudscale.ch
The component currently assumes that the Git repositories live on a GitLab instance. |
Setup credentials
-
Set up 3 new API keys in control.cloudscale.ch. Two of them are used for the Terraform pipeline.
-
The first key should be created with read-only permissions and will be used for read-only GitLab CI jobs.
-
The second key can be created with read/write permissions and will be used for mutating GitLab CI jobs but also for the initial cluster installation.
-
The third key needs read/write permissions and will be deployed onto the LBs for Floaty):
-
-
Create a "Project Access Token" for the hieradata repository. The token requires the following permissions:
-
api
-
read_repository
-
write_repository
The user which is created will be named
project_<project-id>_bot
, where<project-id>
is the project ID of the GitLab project. If the project already has access tokens the user will be namedproject_<project-id>_bot<N>
instead, whereN
is a running counter (1
for the second token, etc.) -
-
Set up a "Servers API" token on control.vshn.net.
-
If there’s no access token configured on the APPUiO hieradata repo, create one. Otherwise check Vault for the token.
Setup component
-
Configure component parameters.
openshift4_terraform: provider: cloudscale gitlab_ci: git: (1) username: Max Mustermann email: mm@example.com terraform_variables: # Required parameters base_domain: ${openshift:baseDomain} ignition_ca: |- -----BEGIN CERTIFICATE----- ... ssh_keys: - ssh-ed25519 AA... hieradata_repo_user: project_123_bot (2) # Optional parameters: worker_count: 3 infra_flavor: plus-24
1 The Git author name and email address. Used when creating hieradata commits. If not specified, the GitLab CI defaults will be used. 2 The user created for the hieradata project access token. Please note that the Terraform module currently only supports the VSHN APPUiO hieradata -
Compile the cluster catalog
-
Configure GitLab repository
-
manifests/openshift4-terraform/gitlab-ci.yml
-
-
CLOUDSCALE_TOKEN_RO
-
CLOUDSCALE_TOKEN_RW
-
CLOUDSCALE_FLOATY_SECRET
-
HIERADATA_REPO_TOKEN
— the VSHN APPUiO hieradata project access token -
CONTROL_VSHN_NET_TOKEN
-
-