OKD Install Guide on AWS provider with platform agnostic

Steps to install OpenShift cluster on AWS with Platform Agnostic installation (platform:None).

Table of Contents:

• Setup the environment
  • Create and export config variables
  • Create the install config
• Create the cluster
• Cluster Review (optional)
  • Approve the node certificates
  • Wait for install complete
  • Review Cluster Operators
  • Day-2 Operation: Enable image-registry
  • Create Load Balancer for default router
• Destroy cluster

Setup the environment

Create and export config variables

Create and export the environments:

• When deploying OpenShift:

# Release controller for each distribution:
# OKD: https://amd64.origin.releases.ci.openshift.org/
# OCP: https://openshift-release.apps.ci.l2s4.p1.openshiftapps.com/
DISTRIBUTION="ocp"
RELEASE_REPO="quay.io/openshift-release-dev/ocp-release"
VERSION="4.14.0-rc.0"
RELEASE_VERSION="${VERSION}-x86_64"
PULL_SECRET_FILE="${HOME}/.openshift/pull-secret-latest.json"

• When deploying OKD with FCOS:

DISTRIBUTION="okd"
RELEASE_REPO=quay.io/openshift/okd
VERSION=4.12.0-0.okd-2023-04-16-041331
RELEASE_VERSION=$VERSION
PULL_SECRET_FILE="{{ playbook_dir }}/../tests/config/pull-secret-okd-fake.json"

• When deploying OKD with SCOS:

DISTRIBUTION="okd"
RELEASE_REPO=quay.io/okd/scos-release
VERSION=4.13.0-0.okd-scos-2023-05-04-192252
RELEASE_VERSION=$VERSION
PULL_SECRET_FILE="{{ playbook_dir }}/../tests/config/pull-secret-okd-fake.json"

Create the Ansible var files:

CLUSTER_NAME="aws-n414rc0"
BASE_DOMAIN="devcluster.openshift.com"
SSH_PUB_KEY="$(cat ~/.ssh/id_rsa.pub)"

VARS_FILE="./vars-${CLUSTER_NAME}.yaml"
cat <<EOF> $VARS_FILE

cluster_name: ${CLUSTER_NAME}
config_base_domain: ${BASE_DOMAIN}

distro_default: $DISTRIBUTION
version: $VERSION
release_image: $RELEASE_REPO
release_version: $RELEASE_VERSION
#release_image_version_arch: "quay.io/openshift-release-dev/ocp-release:4.13.0-x86_64"

provider: aws
config_provider: aws
config_platform: none
cluster_profile: ha
config_cluster_region: us-east-1

config_ssh_key: "${SSH_PUB_KEY}"
config_pull_secret_file: "${PULL_SECRET_FILE}"
EOF

Check if all required variables has been set:

ansible-playbook  mtulio.okd_installer.config -e mode=check-vars -e @$VARS_FILE

Create or customize the openshift-install binary

Check the Guide Install the openshift-install binary if you aren't set or would like to customize the cluster version.

ansible-playbook mtulio.okd_installer.install_clients -e @$VARS_FILE

Create the install config

To generate the install config, you must set variables (defined above) and the cluster_name:

ansible-playbook mtulio.okd_installer.config -e mode=create-config -e @$VARS_FILE

Create the cluster

The okd-installer Collection provides one single playbook to create the cluster based on the environment variables and install-config previously created on the last sections. If you would like to review stack-by-stack and add customizations, you can check the "AWS UPI Guide"

Call the playbook to create the cluster:

ansible-playbook mtulio.okd_installer.create_all -e @$VARS_FILE

Cluster Review (optional)

Approve the node certificates

The create_all already trigger the certificates approval with one default timeout. If the nodes was not yet joined to the cluster (oc get nodes) or still have pending certificates (oc get csr) due the short delay for approval, you can call it again with longer timeout, for example 5 minutes:

ansible-playbook mtulio.okd_installer.approve_certs \
    -e provider=${CONFIG_PROVIDER} \
    -e cluster_name=${CONFIG_CLUSTER_NAME} \
    -e certs_max_retries=3 \
    -e cert_wait_interval_sec=60

<!-- - Approve the certificates (manually)

approve_certs() {
    export KUBECONFIG=${HOME}/.ansible/okd-installer/clusters/${CONFIG_CLUSTER_NAME}/auth/kubeconfig
    for i in $(oc get csr --no-headers  | \
                grep -i pending         | \
                awk '{ print $1 }')     ; do \
        echo "> Approving certificate $i"; \
        oc adm certificate approve $i; \
    done
}
while true; do approve_certs; sleep 30; done
``` -->

### Wait for install complete <a name="review-wait-for-complete"></a>

```bash
~/.ansible/okd-installer/bin/openshift-install \
    wait-for install-complete \
    --dir ~/.ansible/okd-installer/clusters/${CONFIG_CLUSTER_NAME}/ \
    --log-level debug

Destroy cluster

ansible-playbook mtulio.okd_installer.destroy_cluster \
    -e provider=${CONFIG_PROVIDER} \
    -e cluster_name=${CONFIG_CLUSTER_NAME}

Quick install 4.14

CLUSTER_NAME=aws-none127
VARS_FILE=./vars-oci-ha_${CLUSTER_NAME}.yaml

cat <<EOF > ${VARS_FILE}
provider: aws
cluster_name: ${CLUSTER_NAME}
config_cluster_region: us-east-1

cluster_profile: ha
# destroy_bootstrap: no

config_base_domain: devcluster.openshift.com
config_ssh_key: "$(cat ~/.ssh/openshift-dev.pub)"
config_pull_secret_file: "${HOME}/.openshift/pull-secret-latest.json"

config_featureset: TechPreviewNoUpgrade

config_cluster_version: 4.14.0-ec.3
version: 4.14.0-ec.3
EOF

ansible-playbook mtulio.okd_installer.create_all \
    -e cert_max_retries=30 \
    -e cert_wait_interval_sec=60 \
    -e @$VARS_FILE