Use cloudscale.ch

Currently the Terraform module which this component uses for cloudscale.ch only supports provisioning VSHN-managed OCP4 clusters.
See the cloudscale.ch installation how-to for a comprehensive how-to for setting up OCP4 on cloudscale.ch.

The following steps show how to set up Terraform with cloudscale.ch

The component currently assumes that the Git repositories live on a GitLab instance.

Setup credentials

  1. Set up 3 new API keys in control.cloudscale.ch. Two of them are used for the Terraform pipeline.

    1. The first key should be created with read-only permissions and will be used for read-only GitLab CI jobs.

    2. The second key can be created with read/write permissions and will be used for mutating GitLab CI jobs but also for the initial cluster installation.

    3. The third key needs read/write permissions and will be deployed onto the LBs for Floaty):

  2. Create a "Project Access Token" for the hieradata repository. The token requires the following permissions:

    • api

    • read_repository

    • write_repository

    The user which is created will be named project_<project-id>_bot, where <project-id> is the project ID of the GitLab project. If the project already has access tokens the user will be named project_<project-id>_bot<N> instead, where N is a running counter (1 for the second token, etc.)

  3. Set up a "Servers API" token on control.vshn.net.

  4. If there’s no access token configured on the APPUiO hieradata repo, create one. Otherwise check Vault for the token.

Setup component

  1. Configure component parameters.

    openshift4_terraform:
  provider: cloudscale
  gitlab_ci:
    git: (1)
      username: Max Mustermann
      email: mm@example.com
  terraform_variables:
    # Required parameters
    base_domain: ${openshift:baseDomain}
    ignition_ca: |-
      -----BEGIN CERTIFICATE-----
      ...
    ssh_keys:
      - ssh-ed25519 AA...
    hieradata_repo_user: project_123_bot (2)

    # Optional parameters:
    worker_count: 3
    infra_flavor: plus-24
    1 The Git author name and email address. Used when creating hieradata commits. If not specified, the GitLab CI defaults will be used.
    2 The user created for the hieradata project access token. Please note that the Terraform module currently only supports the VSHN APPUiO hieradata

  2. Compile the cluster catalog

  3. Configure GitLab repository

    • Settings  CI/CD  General pipelines  Configuration file
      manifests/openshift4-terraform/gitlab-ci.yml

    • Settings  CI/CD  Variables

      • CLOUDSCALE_TOKEN_RO

      • CLOUDSCALE_TOKEN_RW

      • CLOUDSCALE_FLOATY_SECRET

      • HIERADATA_REPO_TOKEN — the VSHN APPUiO hieradata project access token

      • CONTROL_VSHN_NET_TOKEN