Use Exoscale

Currently the Terraform module which this component uses for Exoscale only supports provisioning VSHN-managed OCP4 clusters on Exoscale.
See the Exoscale installation how-to for a comprehensive how-to for setting up OCP4 on Exoscale.

The following steps show how to set up Terraform with Exoscale.

The component currently assumes that the Git repositories live on a GitLab instance.

Setup credentials

  1. Set up 3 new API keys in portal.exoscale.com. Two of them are used for the Terraform pipeline.

    1. The first key should be created with restricted permissions:

      • compute

        • get*

        • list*

        • query*

        • show*

        • validate*

      • DNS

        • list*

        • get*

    2. The second key can be created as unrestricted.

    3. The third key needs the following permissions (this key will be deployed onto the LBs for Floaty):

      • compute:

        • addIpToNic

        • listNics

        • listResourceDetails

        • listVirtualMachines

        • queryAsyncJobResult

        • removeIpFromNic

  2. Create a "Project Access Token" for the hieradata repository. The token requires the following permissions:

    • api

    • read_repository

    • write_repository

    The user which is created will be named project_<project-id>_bot, where <project-id> is the project ID of the GitLab project. If the project already has access tokens the user will be named project_<project-id>_bot<N> instead, where N is a running counter (1 for the second token, etc.)

  3. Set up a "Servers API" token on control.vshn.net.

  4. If there’s no access token configured on the APPUiO hieradata repo, create one. Otherwise check Vault for the token.

Setup component

  1. Configure component parameters

    openshift4_terraform:
      provider: exoscale
      gitlab_ci:
        git: (1)
          username: Max Mustermann
          email: mm@example.com
      terraform_variables:
        # Required parameters
        rhcos_template: TheTemplateNameForRHCOS
        base_domain: ${openshift:baseDomain}
        ignition_ca: |-
          -----BEGIN CERTIFICATE-----
          ...
        ssh_key: ssh-ed25519 AA...
        bootstrap_bucket: https://sos-${facts:region}.exo.io/${cluster:name}-bootstrap
        hieradata_repo_user: project_123_bot (2)
    
        # Optional parameters:
        worker_count: 3
        worker_size: Extra-large
    1 The Git author name and email address. Used when creating hieradata commits. If not specified, the GitLab CI defaults will be used.
    2 The user created for the hieradata project access token. Please note that the Terraform module currently only supports the VSHN APPUiO hieradata
  2. Compile the cluster catalog

  3. Configure the cluster catalog GitLab repository CI/CD

    • Settings  CI/CD  General pipelines  Configuration file
      manifests/openshift4-terraform/gitlab-ci.yml

    • Settings  CI/CD  Variables

      • EXOSCALE_API_SECRET_RO

      • EXOSCALE_API_KEY_RO

      • EXOSCALE_API_SECRET_RW

      • EXOSCALE_API_KEY_RW

      • EXOSCALE_FLOATY_KEY

      • EXOSCALE_FLOATY_SECRET

      • HIERADATA_REPO_TOKEN — the VSHN APPUiO hieradata project access token

      • CONTROL_VSHN_NET_TOKEN