Skip to content

add examples of byoc, private link and multi az #29

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

add examples of byoc, private link and multi az #29

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
62 changes: 62 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -183,6 +183,68 @@ resource "ocm_cluster_wait" "rosa_cluster" {
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please remove the 

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bardielle can you elaborate?

Copy link
Member

@bardielle bardielle Mar 13, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In your lase commit you added the line 181 and 183 with a sign that looks different: 

  cluster = ocm_cluster.rosa_cluster.id
   timeout = 30 
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmm. I do not see that in either diff/file difference on github 🤔

```

## Advanced Usages

### Bring your own VPC

To deploy ROSA to an existing VPC, the end user needs to provide subnet ids by editing aws_subnet_ids attribute.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please fix the commit message (byoc-> byo VPC)


```
resource "ocm_cluster_rosa_classic" "rosa_sts_cluster" {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe we need to supply the tf files for creating a VPC? or adding prerequisites?

name = var.cluster_name
cloud_region = var.region
aws_account_id = data.aws_caller_identity.current.account_id
aws_subnet_ids = [var.subnet_ids]
availability_zones = [var.zone]
disable_waiting_in_destroy = false
properties = {
rosa_creator_arn = data.aws_caller_identity.current.arn
}
sts = local.sts_roles
}
```

### Private Link Cluster

To deploy ROSA with private link, the end user needs to add multi_az = true

**NOTES** It is users' responsibility to make sure the VPC has appropriate egress routes to fullil [rosa firewall prerequisites](https://docs.openshift.com/rosa/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-aws-prereqs.html#osd-aws-privatelink-firewall-prerequisites_prerequisites)

```
resource "ocm_cluster_rosa_classic" "rosa_sts_cluster" {
name = var.cluster_name
cloud_region = var.region
aws_account_id = data.aws_caller_identity.current.account_id
aws_subnet_ids = [var.subnet_ids]
availability_zones = [var.zone]
aws_private_link = true
disable_waiting_in_destroy = false
properties = {
rosa_creator_arn = data.aws_caller_identity.current.arn
}
sts = local.sts_roles
}
```

### Multi AZ

To Deploy ROSA into multiple availability zones, end user needs to add multi_az = true

```
resource "ocm_cluster_rosa_classic" "rosa_sts_cluster" {
name = var.cluster_name
cloud_region = var.region
aws_account_id = data.aws_caller_identity.current.account_id
multi_az = true
availability_zones = ["zone1", "zone2", "zone3"]
disable_waiting_in_destroy = false
properties = {
rosa_creator_arn = data.aws_caller_identity.current.arn
}
sts = local.sts_roles
}
```

## Development Introduction
Running `terraform plan` against a local build of OCM provider can be done by those steps:
1. Run ```make install ```. After running ```make install``` you will find the ocm provider binary file in the directory:
Expand Down
62 changes: 62 additions & 0 deletions docs/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -166,4 +166,66 @@ module operator_roles {
rh_oidc_provider_url = ocm_cluster_rosa_classic.rosa_sts_cluster.sts.oidc_endpoint_url
operator_roles_properties = data.ocm_rosa_operator_roles.operator_roles.operator_iam_roles
}
```

## Advanced Usages
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please do not edit the index.md manually - I tried to talk about it in the last sync meeting, after running make generate, the generate tool replaced that file with an auto-generated...
we need to find a different way to edit that file


### Bring your own VPC

To deploy ROSA to an existing VPC, the end user needs to provide subnet ids by editing aws_subnet_ids attribute.

```
resource "ocm_cluster_rosa_classic" "rosa_sts_cluster" {
name = var.cluster_name
cloud_region = var.region
aws_account_id = data.aws_caller_identity.current.account_id
aws_subnet_ids = [var.subnet_ids]
availability_zones = [var.zone]
disable_waiting_in_destroy = false
properties = {
rosa_creator_arn = data.aws_caller_identity.current.arn
}
sts = local.sts_roles
}
```

### Private Link Cluster

To deploy ROSA with private link, the end user needs to add multi_az = true

**NOTES** It is users' responsibility to make sure the VPC has appropriate egress routes to fullil [rosa firewall prerequisites](https://docs.openshift.com/rosa/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-aws-prereqs.html#osd-aws-privatelink-firewall-prerequisites_prerequisites)

```
resource "ocm_cluster_rosa_classic" "rosa_sts_cluster" {
name = var.cluster_name
cloud_region = var.region
aws_account_id = data.aws_caller_identity.current.account_id
aws_subnet_ids = [var.subnet_ids]
availability_zones = [var.zone]
aws_private_link = true
disable_waiting_in_destroy = false
properties = {
rosa_creator_arn = data.aws_caller_identity.current.arn
}
sts = local.sts_roles
}
```

### Multi AZ

To Deploy ROSA into multiple availability zones, end user needs to add multi_az = true

```
resource "ocm_cluster_rosa_classic" "rosa_sts_cluster" {
name = var.cluster_name
cloud_region = var.region
aws_account_id = data.aws_caller_identity.current.account_id
multi_az = true
availability_zones = ["zone1", "zone2", "zone3"]
disable_waiting_in_destroy = false
properties = {
rosa_creator_arn = data.aws_caller_identity.current.arn
}
sts = local.sts_roles
}
```