feat: Update Sandbox Install Script

ArthurVardevanyan · Feb 14, 2024 · c6ea951 · c6ea951
1 parent 3df037e
commit c6ea951
Show file tree

Hide file tree

Showing 8 changed files with 139 additions and 5 deletions.
diff --git a/kubernetes/quay/base/config.yaml b/kubernetes/quay/base/config.yaml
@@ -1,6 +1,6 @@
 FEATURE_APP_REGISTRY: true
 ALLOW_PULLS_WITHOUT_STRICT_LOGGING: false
-AUTHENTICATION_TYPE: OIDC
+AUTHENTICATION_TYPE: Database #OIDC
 ENTERPRISE_LOGO_URL: /static/img/quay-horizontal-color.svg
 FEATURE_BUILD_SUPPORT: false
 FEATURE_DIRECT_LOGIN: false

diff --git a/kubernetes/quay/base/kyverno.yaml b/kubernetes/quay/base/kyverno.yaml
@@ -74,3 +74,37 @@ spec:
                         memory: 256Mi
       name: quay-mirror
   validationFailureAction: Audit
+---
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: replace-quay-image
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+spec:
+  background: false
+  rules:
+    - name: replace-quay-image
+      match:
+        any:
+          - resources:
+              kinds:
+                - Pod
+      mutate:
+        patchStrategicMerge:
+          spec:
+            containers:
+              - (image): "quay.io/projectquay/quay:3.10.2"
+                image: "quay.io/projectquay/quay:v3.10.2"
+    - name: replace-quay-image-init
+      match:
+        any:
+          - resources:
+              kinds:
+                - Pod
+      mutate:
+        patchStrategicMerge:
+          spec:
+            initContainers:
+              - (image): "quay.io/projectquay/quay:3.10.2"
+                image: "quay.io/projectquay/quay:v3.10.2"
diff --git a/main.bash b/main.bash
@@ -880,9 +880,10 @@ install_okd() {
   mkdir -p "${OKD}/vm"
 
   echo -e "\n\n${BLUE}Download Dependencies:${NC}"
+  export OKD_VERSION=${OKD_VERSION:-latest} # tag/RELEASE_NAME
   # Download openshift-install and openshift-client
-  wget "$(curl https://api.github.com/repos/openshift/okd/releases/latest -L | grep openshift-install-linux | grep browser_download_url | grep -v arm | cut -d\" -f4)" -P ${OKD}/
-  wget "$(curl https://api.github.com/repos/openshift/okd/releases/latest -L | grep openshift-client-linux | grep -v arm | grep browser_download_url | cut -d\" -f4)" -P ${OKD}/
+  wget "$(curl https://api.github.com/repos/openshift/okd/releases/"${OKD_VERSION}" -L | grep openshift-install-linux | grep browser_download_url | grep -v arm | cut -d\" -f4)" -P ${OKD}/
+  wget "$(curl https://api.github.com/repos/openshift/okd/releases/"${OKD_VERSION}" -L | grep openshift-client-linux | grep -v arm | grep browser_download_url | cut -d\" -f4)" -P ${OKD}/
   tar xvzf ${OKD}/openshift-install-linux* -C ${OKD}
   tar xvzf ${OKD}/openshift-client-linux* -C ${OKD}
 
@@ -938,12 +939,13 @@ install_okd() {
   terraform apply -auto-approve
 
   echo -e "\n\n${BLUE}Wait for Install To Complete:${NC}"
-  yq 'del(.spec.defaultCertificate)' "${HOMELAB}/okd/okd-configuration/base/certificates/ingress-controller.yaml" | ${OKD}/oc apply -f -
+  ${OKD}/oc apply -f "${HOMELAB}/okd/okd-configuration/overlays/sandbox/ingress-controller.yaml"
   ${OKD}/openshift-install --dir=${OKD}/okd wait-for install-complete --log-level debug
 
   ${OKD}/oc apply -f "${HOMELAB}/okd/okd-configuration/base/operator-hub.yaml"
   ${OKD}/oc apply -f "${HOMELAB}/okd/okd-configuration/base/operators"
 
+  echo -e "\n\n${BLUE}Setup Image Mirroring:${NC}"
   sed 's/AllowContactingSource/NeverContactSource/' "${HOMELAB}"/okd/okd-configuration/base/image-mirror-set.yaml | kubectl apply -f -
 
   echo -e "\n\n${BLUE}Install Complete:${NC}"

diff --git a/okd/okd-configuration/base/kustomization.yaml b/okd/okd-configuration/base/kustomization.yaml
@@ -10,7 +10,6 @@ resources:
   - certificates/api-certificate.yaml
   - certificates/api-server.yaml
   - certificates/ingress-certificate.yaml
-  - certificates/ingress-controller.yaml
   - operators/image-registry.yaml
   - operators/samples.yaml
   # - operators/insights.yaml

diff --git a/okd/okd-configuration/overlays/okd/ingress-controller.yaml b/okd/okd-configuration/overlays/okd/ingress-controller.yaml
@@ -0,0 +1,76 @@
+apiVersion: operator.openshift.io/v1
+kind: IngressController
+metadata:
+  name: default
+  namespace: openshift-ingress-operator
+  annotations:
+    ingress.operator.openshift.io/default-enable-http2: "true"
+  labels:
+    app.kubernetes.io/instance: okd-configuration
+spec:
+  replicas: 2
+  defaultCertificate:
+    name: ingress-certificate
+  # Kube Vip
+  endpointPublishingStrategy:
+    loadBalancer:
+      allowedSourceRanges:
+        # Need to Manually Add loadBalancerIP, hence patch below
+        # Also need to Scale entire Ingress Operator before making the change
+        - 10.0.0.131/32
+      dnsManagementPolicy: Unmanaged
+      providerParameters:
+        type: BareMetal
+      scope: External
+    type: LoadBalancerService
+  ## HaProxy
+  # endpointPublishingStrategy:
+  #   hostNetwork:
+  #     protocol: PROXY
+  #   type: HostNetwork
+  tlsSecurityProfile:
+    type: Modern
+  nodePlacement:
+    tolerations:
+      - key: node-role.kubernetes.io/infra
+        effect: NoSchedule
+        operator: Exists
+---
+# Kube VIP
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    traffic-policy.network.alpha.openshift.io/local-with-fallback: ""
+  labels:
+    app: router
+    ingresscontroller.operator.openshift.io/owning-ingresscontroller: default
+    router: router-default
+  name: router-default
+  namespace: openshift-ingress
+spec:
+  allocateLoadBalancerNodePorts: true
+  clusterIP: 172.30.55.53
+  clusterIPs:
+    - 172.30.55.53
+  externalTrafficPolicy: Local
+  healthCheckNodePort: 32014
+  internalTrafficPolicy: Cluster
+  ipFamilies:
+    - IPv4
+  ipFamilyPolicy: SingleStack
+  loadBalancerIP: 10.0.0.131
+  loadBalancerSourceRanges:
+    - 10.0.0.131/32
+  ports:
+    - name: http
+      nodePort: 32504
+      port: 80
+      targetPort: http
+    - name: https
+      nodePort: 32540
+      port: 443
+      targetPort: https
+  selector:
+    ingresscontroller.operator.openshift.io/deployment-ingresscontroller: default
+  type: LoadBalancer
diff --git a/okd/okd-configuration/overlays/okd/kustomization.yaml b/okd/okd-configuration/overlays/okd/kustomization.yaml
@@ -4,3 +4,4 @@ resources:
   - ../../base
   - ./wif.yaml
   - ./cluster-version.yaml
+  - ./ingress-controller.yaml
diff --git a/okd/okd-configuration/overlays/sandbox/ingress-controller.yaml b/okd/okd-configuration/overlays/sandbox/ingress-controller.yaml
@@ -0,0 +1,21 @@
+apiVersion: operator.openshift.io/v1
+kind: IngressController
+metadata:
+  name: default
+  namespace: openshift-ingress-operator
+  annotations:
+    ingress.operator.openshift.io/default-enable-http2: "true"
+  labels:
+    app.kubernetes.io/instance: okd-configuration
+spec:
+  endpointPublishingStrategy:
+    hostNetwork:
+      protocol: PROXY
+    type: HostNetwork
+  tlsSecurityProfile:
+    type: Modern
+  nodePlacement:
+    tolerations:
+      - key: node-role.kubernetes.io/infra
+        effect: NoSchedule
+        operator: Exists
diff --git a/okd/okd-configuration/overlays/sandbox/kustomization.yaml b/okd/okd-configuration/overlays/sandbox/kustomization.yaml
@@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ../../base
+  - ./ingress-controller.yaml
 patches:
   - target:
       kind: APIServer