WIP: CAPI AWS implementation#7879
Closed
patrickdillon wants to merge 23 commits intoopenshift:masterfrom
Closed
Conversation
Moves tfvars to its own package to decouple it from the cluster asset.
Updates the infrastructure provider interface to accept Parent assets-- rather than a list of files. This allows for easier handling of assets by the infrastructure provider.
Moves LoadMetadata to a separate package to allow implementers of the infrastructure provider interface to utilize the function. The cluster asset/package does not use LoadMetadata but does depend on the implementers of the interface. Moving to a separate package breaks the dependency loop.
Implements the infrastructure provider interface with the CAPI system. This encapsulates the CAPI implementation similar to Terraform. It also maintains pkg/infrastructure/platform.go (and build variants) as the canonical source of truth for choosing an infrastructure provider. This also adds an interface that cloud platforms utilizing the CAPI provisioning should implement to provision additional resources. Add installconfig to capi preprovision input infrastructure/clusterapi: execute control plane available hook SQUASH: CAPI bootstrap destroy
Adds an initial implementation of the CAPI infrastructure provider interface for AWS.
Create IAM roles to be used by control plane and compute nodes.
Add creation of dns records when control plane endpoint becomes available.
Adds filters to the machine api machinesets so they will recognize CAPI-created security groups and subnets. Adds these filters in addition to the Terraform-specific filters, which should be subsequently removed. fixup sg filter
Export load balancer function for use with CAPI provisioning workflow.
This can be merged if we refactor the function to allow target type to be set, but at this stage it is not worth refactoring.
openshift-ci
bot
added
the
do-not-merge/work-in-progress
Contributor
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
r4f4
reviewed
Jan 8, 2024
| "path/filepath" | ||
|
|
||
| "github.com/openshift/installer/pkg/types" | ||
| "github.com/pkg/errors" |
Contributor
There was a problem hiding this comment.
Let's not introduce this lib in new code.
|
|
||
| var metadata *types.ClusterMetadata | ||
| if err = json.Unmarshal(raw, &metadata); err != nil { | ||
| return nil, errors.Wrapf(err, "failed to Unmarshal data from %q to types.ClusterMetadata", path) |
Contributor
There was a problem hiding this comment.
Suggested change
| return nil, errors.Wrapf(err, "failed to Unmarshal data from %q to types.ClusterMetadata", path) | |
| return nil, fmt.Errorf("failed to Unmarshal data from %q to types.ClusterMetadata: %w", path, err) |
| "github.com/aws/aws-sdk-go/service/ec2" | ||
| "github.com/aws/aws-sdk-go/service/elbv2" | ||
| "github.com/aws/aws-sdk-go/service/route53" | ||
| "github.com/pkg/errors" |
| "github.com/aws/aws-sdk-go/aws" | ||
| "github.com/aws/aws-sdk-go/aws/awserr" | ||
| "github.com/aws/aws-sdk-go/service/iam" | ||
| "github.com/pkg/errors" |
| // https://docs.aws.amazon.com/sdk-for-go/api/service/iam/#IAM.CreateRole | ||
| session, err := ic.AWS.Session(context.TODO()) | ||
| if err != nil { | ||
| return errors.Wrap(err, "failed to load AWS session") |
Contributor
There was a problem hiding this comment.
Suggested change
| return errors.Wrap(err, "failed to load AWS session") | |
| return fmt.Errorf("failed to load AWS session: %w", err) |
| } | ||
| time.Sleep(10 * time.Second) | ||
| if err := svc.WaitUntilInstanceProfileExists(&iam.GetInstanceProfileInput{InstanceProfileName: profileName}); err != nil { | ||
| return errors.Wrapf(err, "failed to wait for %s role to exist", role) |
Contributor
There was a problem hiding this comment.
Suggested change
| return errors.Wrapf(err, "failed to wait for %s role to exist", role) | |
| return fmt.Errorf("failed to wait for %s role to exist: %w", role, err) |
| InstanceProfileName: profileName, | ||
| RoleName: roleName, | ||
| }); err != nil { | ||
| return errors.Wrapf(err, "failed to add %s role to instance profile", role) |
Contributor
There was a problem hiding this comment.
Suggested change
| return errors.Wrapf(err, "failed to add %s role to instance profile", role) | |
| return fmt.Errorf("failed to add %s role to instance profile: %w", role, err) |
| "fmt" | ||
| "time" | ||
|
|
||
| "github.com/pkg/errors" |
| masterIgn := string(masterIgnAsset.Files()[0].Data) | ||
| bootstrapIgn, err := injectInstallInfo(bootstrapIgnAsset.Files()[0].Data) | ||
| if err != nil { | ||
| return fileList, errors.Wrap(err, "unable to inject installation info") |
Contributor
There was a problem hiding this comment.
Suggested change
| return fileList, errors.Wrap(err, "unable to inject installation info") | |
| return fileList, fmt.Errorf("unable to inject installation info: %w", err) |
Comment on lines
+242
to
+243
| errMsg := fmt.Sprintf("failed to create infrastructure manifest %s from InstallConfig", fileName) | ||
| return fileList, errors.Wrapf(err, errMsg) |
Contributor
There was a problem hiding this comment.
Suggested change
| errMsg := fmt.Sprintf("failed to create infrastructure manifest %s from InstallConfig", fileName) | |
| return fileList, errors.Wrapf(err, errMsg) | |
| return fileList, fmt.Errorf("failed to create infrastructure manifest %s from InstallConfig: %w", fileName, err) |
Switches the config so that CAPI creates the internal LB and the external LB is created with direct SDK calls. In the opposite configuration, one control plane would always be NOTREADY. This seems preferred anyway because we will ALWAYS need an internal LB, but an external LB is not needed with private clusters. Ultimately this logic will be moved to the CAPA provider.
Contributor
Author
|
Switched the config so that CAPI creates the int LB (and use SDK to create ext) in ecb4551 Now installs are completing! |
openshift-merge-robot
added
the
needs-rebase
Contributor
|
PR needs rebase. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Embeds the default CAPI provider.
Adds an ignition function to the CAPI provider interface and moves the default ignition secret generation to the default CAPI provider implementation.
Contributor
|
/cc @bfournie |
Contributor
|
@patrickdillon: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is a WIP implementation of installing AWS using CAPI providers and the interface from #7824. The intent is to provide a reference for installing a complete, production-level cluster.
Depends on #7824
(the first four commits are from that PR)