forked from kubevirt/kubevirtci
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Also: - Incrase cluster-up workers memory - Use OVNKubernetes as networking type - Free cached/buffer memory before cluster-up and provision Signed-off-by: Quique Llorente <[email protected]>
- Loading branch information
Showing
20 changed files
with
423 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
#!/bin/bash | ||
|
||
set -x | ||
|
||
PARENT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )"/../.. && pwd )" | ||
KUBEVIRTCI_DIR="$( cd ${PARENT_DIR}/../kubevirtci && pwd)" | ||
|
||
okd_base_hash="sha256:73ede51ce464546a82b81956b7f58cf98662a4c5fded9c659b57746bc131e047" | ||
gocli_image_hash="sha256:220f55f6b1bcb3975d535948d335bd0e6b6297149a3eba1a4c14cad9ac80f80d" | ||
|
||
gocli="docker run \ | ||
--privileged \ | ||
--net=host \ | ||
--rm -t \ | ||
-v /var/run/docker.sock:/var/run/docker.sock \ | ||
-v ${PARENT_DIR}:${PARENT_DIR} \ | ||
docker.io/kubevirtci/gocli@${gocli_image_hash}" | ||
|
||
provisioner_container_id=$(docker ps --filter name=ocp-4.4-provision-cluster --format {{.ID}}) | ||
docker kill $provisioner_container_id | ||
docker container rm $provisioner_container_id | ||
|
||
# For ocp-4.4 we want OVNKubernetes | ||
${gocli} provision okd \ | ||
--prefix ocp-4.4-provision \ | ||
--dir-scripts ${PARENT_DIR}/okd/scripts \ | ||
--dir-manifests ${PARENT_DIR}/manifests \ | ||
--dir-hacks ${PARENT_DIR}/okd/hacks \ | ||
--skip-cnao \ | ||
--master-memory 10240 \ | ||
--workers-memory 8192 \ | ||
--workers-cpu 4 \ | ||
--networking-type OVNKubernetes \ | ||
--installer-pull-secret-file ${INSTALLER_PULL_SECRET} \ | ||
--installer-repo-tag release-4.4 \ | ||
--installer-release-image registry.svc.ci.openshift.org/ocp/release:4.4 \ | ||
"kubevirtci/okd-base@${okd_base_hash}" | ||
rc=$? | ||
|
||
|
||
|
||
exit $rc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
#!/bin/bash | ||
|
||
tag=$(git log -1 --pretty=%h)-$(date +%s) | ||
destination="quay.io/kubevirtci/ocp-4.4:$tag" | ||
|
||
docker tag kubevirtci/ocp-4.4-provision:latest $destination | ||
docker push $destination |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
#!/bin/bash | ||
|
||
set -x | ||
|
||
ocp_image_hash="sha256:16a70403141142aae387a50feb2fd039a745c6916aa3f61e1a5d5a74efb6be39" | ||
gocli_image_hash="sha256:a7880757e2d2755c6a784c1b64c64b096769ed3ccfac9d8e535df481731c2144" | ||
|
||
gocli="docker run --privileged --net=host --rm -t -v /var/run/docker.sock:/var/run/docker.sock docker.io/kubevirtci/gocli@${gocli_image_hash}" | ||
|
||
${gocli} run ocp --random-ports --background --prefix ocp-4.4 --registry-volume ocp-4.4-registry "kubevirtci/ocp-4.4@${ocp_image_hash}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,210 @@ | ||
diff --git a/cmd/openshift-install/create.go b/cmd/openshift-install/create.go | ||
index f9ae4c6bb..dea45f0d7 100644 | ||
--- a/cmd/openshift-install/create.go | ||
+++ b/cmd/openshift-install/create.go | ||
@@ -244,7 +244,7 @@ func waitForBootstrapComplete(ctx context.Context, config *rest.Config, director | ||
|
||
discovery := client.Discovery() | ||
|
||
- apiTimeout := 30 * time.Minute | ||
+ apiTimeout := 120 * time.Minute | ||
logrus.Infof("Waiting up to %v for the Kubernetes API at %s...", apiTimeout, config.Host) | ||
apiContext, cancel := context.WithTimeout(ctx, apiTimeout) | ||
defer cancel() | ||
@@ -285,7 +285,7 @@ func waitForBootstrapComplete(ctx context.Context, config *rest.Config, director | ||
// and waits for the bootstrap configmap to report that bootstrapping has | ||
// completed. | ||
func waitForBootstrapConfigMap(ctx context.Context, client *kubernetes.Clientset) error { | ||
- timeout := 30 * time.Minute | ||
+ timeout := 120 * time.Minute | ||
logrus.Infof("Waiting up to %v for bootstrapping to complete...", timeout) | ||
|
||
waitCtx, cancel := context.WithTimeout(ctx, timeout) | ||
@@ -323,7 +323,7 @@ func waitForBootstrapConfigMap(ctx context.Context, client *kubernetes.Clientset | ||
// waitForInitializedCluster watches the ClusterVersion waiting for confirmation | ||
// that the cluster has been initialized. | ||
func waitForInitializedCluster(ctx context.Context, config *rest.Config) error { | ||
- timeout := 30 * time.Minute | ||
+ timeout := 120 * time.Minute | ||
logrus.Infof("Waiting up to %v for the cluster at %s to initialize...", timeout, config.Host) | ||
cc, err := configclient.NewForConfig(config) | ||
if err != nil { | ||
diff --git a/data/data/libvirt/main.tf b/data/data/libvirt/main.tf | ||
index 9ba88c9cf..09f6500bf 100644 | ||
--- a/data/data/libvirt/main.tf | ||
+++ b/data/data/libvirt/main.tf | ||
@@ -33,6 +33,7 @@ resource "libvirt_volume" "master" { | ||
name = "${var.cluster_id}-master-${count.index}" | ||
base_volume_id = module.volume.coreos_base_volume_id | ||
pool = libvirt_pool.storage_pool.name | ||
+ size = 32212254720 | ||
} | ||
|
||
resource "libvirt_ignition" "master" { | ||
@@ -73,6 +74,8 @@ resource "libvirt_network" "net" { | ||
data.libvirt_network_dns_host_template.masters.*.rendered, | ||
data.libvirt_network_dns_host_template.masters_int.*.rendered, | ||
data.libvirt_network_dns_host_template.etcds.*.rendered, | ||
+ data.libvirt_network_dns_host_template.console.*.rendered, | ||
+ data.libvirt_network_dns_host_template.auth.*.rendered, | ||
) | ||
content { | ||
hostname = hosts.value.hostname | ||
@@ -114,6 +117,19 @@ resource "libvirt_domain" "master" { | ||
} | ||
} | ||
|
||
+data "libvirt_network_dns_host_template" "auth" { | ||
+ count = "${var.master_count}" | ||
+ ip = "${var.libvirt_auth_ip}" | ||
+ hostname = "oauth-openshift.apps.${var.cluster_domain}" | ||
+} | ||
+ | ||
+data "libvirt_network_dns_host_template" "console" { | ||
+ count = "${var.master_count}" | ||
+ ip = "${var.libvirt_auth_ip}" | ||
+ hostname = "console-openshift-console.apps.${var.cluster_domain}" | ||
+} | ||
+ | ||
+ | ||
data "libvirt_network_dns_host_template" "bootstrap" { | ||
count = var.bootstrap_dns ? 1 : 0 | ||
ip = var.libvirt_bootstrap_ip | ||
diff --git a/data/data/libvirt/variables-libvirt.tf b/data/data/libvirt/variables-libvirt.tf | ||
index 53cf68bae..3c5f7f905 100644 | ||
--- a/data/data/libvirt/variables-libvirt.tf | ||
+++ b/data/data/libvirt/variables-libvirt.tf | ||
@@ -28,6 +28,11 @@ variable "libvirt_master_ips" { | ||
description = "the list of desired master ips. Must match master_count" | ||
} | ||
|
||
+variable "libvirt_auth_ip" { | ||
+ type = "string" | ||
+ description = "node with authentication server ip" | ||
+} | ||
+ | ||
# It's definitely recommended to bump this if you can. | ||
variable "libvirt_master_memory" { | ||
type = string | ||
diff --git a/pkg/asset/tls/aggregator.go b/pkg/asset/tls/aggregator.go | ||
index 9ec6432da..6dac0b736 100644 | ||
--- a/pkg/asset/tls/aggregator.go | ||
+++ b/pkg/asset/tls/aggregator.go | ||
@@ -27,7 +27,7 @@ func (a *AggregatorCA) Generate(dependencies asset.Parents) error { | ||
cfg := &CertCfg{ | ||
Subject: pkix.Name{CommonName: "aggregator", OrganizationalUnit: []string{"bootkube"}}, | ||
KeyUsages: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, | ||
- Validity: ValidityOneDay, | ||
+ Validity: ValidityOneYear, | ||
IsCA: true, | ||
} | ||
|
||
@@ -65,7 +65,7 @@ func (a *APIServerProxyCertKey) Generate(dependencies asset.Parents) error { | ||
Subject: pkix.Name{CommonName: "system:kube-apiserver-proxy", Organization: []string{"kube-master"}}, | ||
KeyUsages: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, | ||
ExtKeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, | ||
- Validity: ValidityOneDay, | ||
+ Validity: ValidityOneYear, | ||
} | ||
|
||
return a.SignedCertKey.Generate(cfg, aggregatorCA, "apiserver-proxy", DoNotAppendParent) | ||
@@ -93,7 +93,7 @@ func (c *AggregatorSignerCertKey) Generate(parents asset.Parents) error { | ||
cfg := &CertCfg{ | ||
Subject: pkix.Name{CommonName: "aggregator-signer", OrganizationalUnit: []string{"openshift"}}, | ||
KeyUsages: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, | ||
- Validity: ValidityOneDay, | ||
+ Validity: ValidityOneYear, | ||
IsCA: true, | ||
} | ||
|
||
@@ -158,7 +158,7 @@ func (a *AggregatorClientCertKey) Generate(dependencies asset.Parents) error { | ||
Subject: pkix.Name{CommonName: "system:kube-apiserver-proxy", Organization: []string{"kube-master"}}, | ||
KeyUsages: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, | ||
ExtKeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, | ||
- Validity: ValidityOneDay, | ||
+ Validity: ValidityOneYear, | ||
} | ||
|
||
return a.SignedCertKey.Generate(cfg, ca, "aggregator-client", DoNotAppendParent) | ||
diff --git a/pkg/asset/tls/apiserver.go b/pkg/asset/tls/apiserver.go | ||
index a50bee836..cd63ff13c 100644 | ||
--- a/pkg/asset/tls/apiserver.go | ||
+++ b/pkg/asset/tls/apiserver.go | ||
@@ -185,7 +185,7 @@ func (a *KubeAPIServerLocalhostServerCertKey) Generate(dependencies asset.Parent | ||
Subject: pkix.Name{CommonName: "system:kube-apiserver", Organization: []string{"kube-master"}}, | ||
KeyUsages: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, | ||
ExtKeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, | ||
- Validity: ValidityOneDay, | ||
+ Validity: ValidityOneYear, | ||
DNSNames: []string{ | ||
"localhost", | ||
}, | ||
@@ -288,7 +288,7 @@ func (a *KubeAPIServerServiceNetworkServerCertKey) Generate(dependencies asset.P | ||
Subject: pkix.Name{CommonName: "system:kube-apiserver", Organization: []string{"kube-master"}}, | ||
KeyUsages: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, | ||
ExtKeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, | ||
- Validity: ValidityOneDay, | ||
+ Validity: ValidityOneYear, | ||
DNSNames: []string{ | ||
"kubernetes", "kubernetes.default", | ||
"kubernetes.default.svc", | ||
@@ -392,7 +392,7 @@ func (a *KubeAPIServerExternalLBServerCertKey) Generate(dependencies asset.Paren | ||
Subject: pkix.Name{CommonName: "system:kube-apiserver", Organization: []string{"kube-master"}}, | ||
KeyUsages: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, | ||
ExtKeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, | ||
- Validity: ValidityOneDay, | ||
+ Validity: ValidityOneYear, | ||
DNSNames: []string{ | ||
apiAddress(installConfig.Config), | ||
}, | ||
@@ -431,7 +431,7 @@ func (a *KubeAPIServerInternalLBServerCertKey) Generate(dependencies asset.Paren | ||
Subject: pkix.Name{CommonName: "system:kube-apiserver", Organization: []string{"kube-master"}}, | ||
KeyUsages: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, | ||
ExtKeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, | ||
- Validity: ValidityOneDay, | ||
+ Validity: ValidityOneYear, | ||
DNSNames: []string{ | ||
internalAPIAddress(installConfig.Config), | ||
}, | ||
diff --git a/pkg/asset/tls/kubelet.go b/pkg/asset/tls/kubelet.go | ||
index 01264e898..32cc8059d 100644 | ||
--- a/pkg/asset/tls/kubelet.go | ||
+++ b/pkg/asset/tls/kubelet.go | ||
@@ -24,7 +24,7 @@ func (c *KubeletCSRSignerCertKey) Generate(parents asset.Parents) error { | ||
cfg := &CertCfg{ | ||
Subject: pkix.Name{CommonName: "kubelet-signer", OrganizationalUnit: []string{"openshift"}}, | ||
KeyUsages: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, | ||
- Validity: ValidityOneDay, | ||
+ Validity: ValidityOneYear, | ||
IsCA: true, | ||
} | ||
|
||
@@ -181,7 +181,7 @@ func (a *KubeletClientCertKey) Generate(dependencies asset.Parents) error { | ||
Subject: pkix.Name{CommonName: "system:serviceaccount:openshift-machine-config-operator:node-bootstrapper", Organization: []string{"system:serviceaccounts:openshift-machine-config-operator"}}, | ||
KeyUsages: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, | ||
ExtKeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, | ||
- Validity: ValidityOneDay, | ||
+ Validity: ValidityOneYear, | ||
} | ||
|
||
return a.SignedCertKey.Generate(cfg, ca, "kubelet-client", DoNotAppendParent) | ||
diff --git a/pkg/tfvars/libvirt/libvirt.go b/pkg/tfvars/libvirt/libvirt.go | ||
index a51fbfba1..7542dc278 100644 | ||
--- a/pkg/tfvars/libvirt/libvirt.go | ||
+++ b/pkg/tfvars/libvirt/libvirt.go | ||
@@ -20,6 +20,7 @@ type config struct { | ||
BootstrapIP string `json:"libvirt_bootstrap_ip,omitempty"` | ||
MasterMemory string `json:"libvirt_master_memory,omitempty"` | ||
MasterVcpu string `json:"libvirt_master_vcpu,omitempty"` | ||
+ AuthNodeIP string `json:"libvirt_auth_ip,omitempty"` | ||
} | ||
|
||
// TFVars generates libvirt-specific Terraform variables. | ||
@@ -45,6 +46,7 @@ func TFVars(masterConfig *v1beta1.LibvirtMachineProviderConfig, osImage string, | ||
IfName: bridge, | ||
BootstrapIP: bootstrapIP.String(), | ||
MasterIPs: masterIPs, | ||
+ AuthNodeIP: "192.168.126.51", | ||
MasterMemory: strconv.Itoa(masterConfig.DomainMemory), | ||
MasterVcpu: strconv.Itoa(masterConfig.DomainVcpu), | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.