Add script, templates and manifests to make RHOBS deployable on test clusters #112
Conversation
Signed-off-by: Matej Gera <[email protected]>
Signed-off-by: Matej Gera <[email protected]>
Signed-off-by: Matej Gera <[email protected]>
Signed-off-by: Matej Gera <[email protected]>
Signed-off-by: Matej Gera <[email protected]>
Signed-off-by: Matej Gera <[email protected]>
Signed-off-by: Matej Gera <[email protected]>
Signed-off-by: Matej Gera <[email protected]>
| authorize_url: aHR0cHM6Ly9hcGkuc3RhZ2Uub3BlbnNoaWZ0LmNvbS9hcGkvYWNjb3VudHNfbWdtdC92MS9jbHVzdGVyX3JlZ2lzdHJhdGlvbnM= | ||
| client_id: dGVzdA== | ||
| client_secret: WlhoaGJYQnNaUzFoY0hBdGMyVmpjbVYw | ||
| oidc_issuer: aHR0cDovL2RleC5kZXguc3ZjLmNsdXN0ZXIubG9jYWw6NTU1Ni9kZXg= |
There was a problem hiding this comment.
Are these placeholders? If not we probably shouldn't check these in.
There was a problem hiding this comment.
They are the base64 encodings of...
authorize_url is https://api.stage.openshift.com/api/accounts_mgmt/v1/cluster_registrations
oidc_issuer is http://dex.dex.svc.cluster.local:5556/dex
So I guess the actual values
There was a problem hiding this comment.
It's either test credentials which should not be really sensitive or publicly known / accessible resources like the OCM staging endpoint to register cluster.
| stringData+: { | ||
| 'client-id': 'test', | ||
| 'client-secret': 'ZXhhbXBsZS1hcHAtc2VjcmV0', | ||
| 'issuer-url': 'http://dex.dex.svc.cluster.local:5556/dex', |
There was a problem hiding this comment.
'issuer-url': 'http://dex.dex.svc.cluster.local:5556/dex',
dupe or just weird local address?
There was a problem hiding this comment.
lol what's weird about this address?
There was a problem hiding this comment.
I think one is namespace and other is service name, right?
| The parameter files can be edited accordingly to accomodate your specific testing scenario. | ||
|
|
||
| ### How to | ||
| To deploy the RHOBS stack on a cluster, use the `launch.sh` script from within this directory. Run: |
There was a problem hiding this comment.
nit: is it worth including links to docs/instructions on how best to requisition a cluster. (I know we already have this documented elsewhere)
Also, is the plan to have a long-lived cluster for rhobs testing, or to create one transiently?
There was a problem hiding this comment.
+1 to that!
I would guess that this is for transient clusters as a long-lived test cluster would be deployed via app-interface just like stage and prod are.
There was a problem hiding this comment.
I'll add links to more resources, good idea! 👍
| @@ -0,0 +1,33 @@ | |||
| ## Deploying RHOBS for testing | |||
There was a problem hiding this comment.
This limits us to a single test 'instance' per project/cluster right?
There was a problem hiding this comment.
At the moment yes but we can add support for more instance I guess in the next iteration if we'd like to
matej-g
force-pushed
the
rhobs-deploy-latest
branch
2 times, most recently
from
bc1882e to
4569ccb
Compare
Signed-off-by: Matej Gera <[email protected]>
matej-g
force-pushed
the
rhobs-deploy-latest
branch
from
4569ccb to
00aa258
Compare
| authorize_url: aHR0cHM6Ly9hcGkuc3RhZ2Uub3BlbnNoaWZ0LmNvbS9hcGkvYWNjb3VudHNfbWdtdC92MS9jbHVzdGVyX3JlZ2lzdHJhdGlvbnM= | ||
| client_id: dGVzdA== | ||
| client_secret: WlhoaGJYQnNaUzFoY0hBdGMyVmpjbVYw | ||
| oidc_issuer: aHR0cDovL2RleC5kZXguc3ZjLmNsdXN0ZXIubG9jYWw6NTU1Ni9kZXg= |
There was a problem hiding this comment.
They are the base64 encodings of...
authorize_url is https://api.stage.openshift.com/api/accounts_mgmt/v1/cluster_registrations
oidc_issuer is http://dex.dex.svc.cluster.local:5556/dex
So I guess the actual values
| stringData+: { | ||
| 'client-id': 'test', | ||
| 'client-secret': 'ZXhhbXBsZS1hcHAtc2VjcmV0', | ||
| 'issuer-url': 'http://dex.dex.svc.cluster.local:5556/dex', |
There was a problem hiding this comment.
lol what's weird about this address?
| The parameter files can be edited accordingly to accomodate your specific testing scenario. | ||
|
|
||
| ### How to | ||
| To deploy the RHOBS stack on a cluster, use the `launch.sh` script from within this directory. Run: |
There was a problem hiding this comment.
+1 to that!
I would guess that this is for transient clusters as a long-lived test cluster would be deployed via app-interface just like stage and prod are.
|
My only comment would be to hold off merging until members of the team have had the chance to go through the whole flow so we can find and catch any bugs at source. |
|
@matej-g I would say that this is ready to merge 💪 |
I'm on this today, just need to go through comments to see what's up and I'm merging 👍 |
Co-authored-by: Moad Zardab <[email protected]>
|
This has been marinating long enough, it's good to be merged and we can potentially iterate on this further in future PRs. |
This PR intends to allow deployment of the RHOBS stack outside of our typical depolyment scenario, which is using this repository in conjunction with the AppSRE Interface.
In order to allow for easier deployment for testing purposes, this PR contains additional resources that allow for the RHOBS to be deployed on any OpenShift cluster by replacing external dependencies (objects provided by AppSRE Interface - secrets, service accounts, object storage, OIDC provider). The additional resources are included in the
testsdirectory, which includes:On top of the additional manifests, there is a convenience script provided to easily deploy (and tear down) all manifests and templates.
Not included
Presently, the change set does include only 'core' parts of the RHOBS, meaning some templates / namespaces / objects are not part of the test deployment:
oc exposecan be use or a directly port forwarding withoc port-forwardis possible as well