Last active
May 7, 2020 01:31
-
-
Save alaypatel07/259c794320585fe8d6e029906b706928 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| oc create namespace openshift-migration | |
| #create service for mongo-db | |
| cat <<EOF | oc create -f - | |
| kind: Service | |
| apiVersion: v1 | |
| metadata: | |
| name: mig-operator-noobaa-db | |
| namespace: openshift-migration | |
| labels: | |
| app: mig-operator-noobaa | |
| # ownerReferences: | |
| # TODO: same as L8 | |
| spec: | |
| ports: | |
| - name: mongodb | |
| protocol: TCP | |
| port: 27017 | |
| targetPort: 27017 | |
| selector: | |
| noobaa-db: mig-operator-nooba-db | |
| type: ClusterIP | |
| sessionAffinity: None | |
| EOF | |
| #create secret for noobaa server | |
| cat <<EOF | oc create -f - | |
| apiVersion: v1 | |
| data: | |
| jwt: UlRBYkZxZGsyeEVjcEZ0OHQwQ3Fkdz09 | |
| server_secret: ZjBlMjA4ZTc= | |
| kind: Secret | |
| metadata: | |
| labels: | |
| app: mig-operator-noobaa | |
| name: mig-operator-noobaa-server | |
| namespace: openshift-migration | |
| # ownerReferences: | |
| # TODO: same as L8 | |
| type: Opaque | |
| EOF | |
| #create service for noobaa management | |
| cat <<EOF | oc create -f - | |
| kind: Service | |
| apiVersion: v1 | |
| metadata: | |
| annotations: | |
| prometheus.io/port: '8080' | |
| prometheus.io/scheme: http | |
| prometheus.io/scrape: 'true' | |
| service.beta.openshift.io/serving-cert-secret-name: noobaa-mgmt-serving-cert | |
| name: noobaa-mgmt | |
| namespace: openshift-migration | |
| # ownerReferences: | |
| # TODO: | |
| finalizers: | |
| - service.kubernetes.io/load-balancer-cleanup | |
| labels: | |
| app: mig-operator-noobaa | |
| spec: | |
| ports: | |
| - name: mgmt | |
| protocol: TCP | |
| port: 80 | |
| targetPort: 8080 | |
| - name: mgmt-https | |
| protocol: TCP | |
| port: 443 | |
| targetPort: 8443 | |
| - name: bg-https | |
| protocol: TCP | |
| port: 8445 | |
| targetPort: 8445 | |
| - name: hosted-agents-https | |
| protocol: TCP | |
| port: 8446 | |
| targetPort: 8446 | |
| selector: | |
| noobaa-mgmt: mig-operator-noobaa | |
| type: LoadBalancer | |
| sessionAffinity: None | |
| externalTrafficPolicy: Cluster | |
| EOF | |
| #deploy mongodb as stateful set | |
| cat <<EOF | oc create -f - | |
| kind: StatefulSet | |
| apiVersion: apps/v1 | |
| metadata: | |
| name: mig-operator-noobaa-db | |
| namespace: openshift-migration | |
| # ownerReferences: | |
| # TODO: add reference for mig-operator to garbage collecte | |
| labels: | |
| app: mig-operator-noobaa | |
| # TODO: add appropriate labels | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: | |
| noobaa-db: mig-operator-nooba-db | |
| template: | |
| metadata: | |
| creationTimestamp: null | |
| labels: | |
| app: mig-operator-noobaa | |
| noobaa-db: mig-operator-nooba-db | |
| spec: | |
| restartPolicy: Always | |
| initContainers: | |
| - name: init | |
| image: >- | |
| registry.redhat.io/ocs4/mcg-core-rhel8@sha256:74d03cc253774bd817750ba0fe3cfec125282f8549343067610799f2eee5ea80 | |
| command: | |
| - /noobaa_init_files/noobaa_init.sh | |
| - init_mongo | |
| resources: | |
| limits: | |
| cpu: 100m | |
| memory: 256Mi | |
| requests: | |
| cpu: 100m | |
| memory: 256Mi | |
| volumeMounts: | |
| - name: db | |
| mountPath: /mongo_data | |
| terminationMessagePath: /dev/termination-log | |
| terminationMessagePolicy: File | |
| imagePullPolicy: IfNotPresent | |
| schedulerName: default-scheduler | |
| terminationGracePeriodSeconds: 30 | |
| securityContext: {} | |
| containers: | |
| - name: db | |
| image: >- | |
| registry.redhat.io/rhscl/mongodb-36-rhel7@sha256:254c9046eaf61c451b40bac3f897c40bc59f187e5313b9799fbcacf17398a191 | |
| command: | |
| - bash | |
| - '-c' | |
| - >- | |
| /opt/rh/rh-mongodb36/root/usr/bin/mongod --port 27017 | |
| --bind_ip_all --dbpath /data/mongo/cluster/shard1 | |
| resources: | |
| requests: | |
| cpu: 100m | |
| memory: 256Mi | |
| volumeMounts: | |
| - name: db | |
| mountPath: /data | |
| terminationMessagePath: /dev/termination-log | |
| terminationMessagePolicy: File | |
| imagePullPolicy: IfNotPresent | |
| dnsPolicy: ClusterFirst | |
| volumeClaimTemplates: | |
| - metadata: | |
| name: db | |
| creationTimestamp: null | |
| labels: | |
| app: mig-operator-noobaa | |
| # ownerReferences: | |
| # TODO: same as L8 | |
| spec: | |
| accessModes: | |
| - ReadWriteOnce | |
| resources: | |
| requests: | |
| storage: 1Gi | |
| volumeMode: Filesystem | |
| serviceName: mig-operator-noobaa-db | |
| podManagementPolicy: OrderedReady | |
| updateStrategy: | |
| type: RollingUpdate | |
| revisionHistoryLimit: 10 | |
| EOF | |
| #deploy noobaa-core statefulset | |
| cat <<EOF | oc create -f - | |
| --- | |
| kind: StatefulSet | |
| apiVersion: apps/v1 | |
| metadata: | |
| name: mig-operator-noobaa-core | |
| generation: 1 | |
| namespace: openshift-migration | |
| # ownerReferences: | |
| # TODO: same as L8 | |
| labels: | |
| app: mig-operator-noobaa | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: | |
| noobaa-core: mig-operator-noobaa | |
| template: | |
| metadata: | |
| creationTimestamp: null | |
| labels: | |
| app: mig-operator-noobaa | |
| noobaa-core: mig-operator-noobaa | |
| noobaa-mgmt: mig-operator-noobaa | |
| spec: | |
| restartPolicy: Always | |
| schedulerName: default-scheduler | |
| terminationGracePeriodSeconds: 30 | |
| securityContext: {} | |
| containers: | |
| - resources: | |
| requests: | |
| cpu: 100m | |
| memory: 256M | |
| terminationMessagePath: /dev/termination-log | |
| name: core | |
| env: | |
| - name: MONGODB_URL | |
| value: 'mongodb://mig-operator-noobaa-db.openshift-migration.svc/nbcore' | |
| - name: CONTAINER_PLATFORM | |
| value: KUBERNETES | |
| - name: NOOBAA_DISABLE_COMPRESSION | |
| value: 'false' | |
| - name: JWT_SECRET | |
| valueFrom: | |
| secretKeyRef: | |
| name: mig-operator-noobaa-server | |
| key: jwt | |
| - name: SERVER_SECRET | |
| valueFrom: | |
| secretKeyRef: | |
| name: mig-operator-noobaa-server | |
| key: server_secret | |
| - name: AGENT_PROFILE | |
| value: >- | |
| {"image":"registry.redhat.io/ocs4/mcg-core-rhel8@sha256:74d03cc253774bd817750ba0fe3cfec125282f8549343067610799f2eee5ea80"} | |
| - name: NOOBAA_SERVICE_ACCOUNT | |
| value: "migration" | |
| - name: container_dbg | |
| - name: CONTAINER_CPU_REQUEST | |
| valueFrom: | |
| resourceFieldRef: | |
| resource: requests.cpu | |
| divisor: '0' | |
| - name: CONTAINER_MEM_REQUEST | |
| valueFrom: | |
| resourceFieldRef: | |
| resource: requests.memory | |
| divisor: '0' | |
| - name: CONTAINER_CPU_LIMIT | |
| valueFrom: | |
| resourceFieldRef: | |
| resource: limits.cpu | |
| divisor: '0' | |
| - name: CONTAINER_MEM_LIMIT | |
| valueFrom: | |
| resourceFieldRef: | |
| resource: limits.memory | |
| divisor: '0' | |
| ports: | |
| - containerPort: 8080 | |
| protocol: TCP | |
| - containerPort: 8443 | |
| protocol: TCP | |
| - containerPort: 8444 | |
| protocol: TCP | |
| - containerPort: 8445 | |
| protocol: TCP | |
| - containerPort: 8446 | |
| protocol: TCP | |
| - containerPort: 60100 | |
| protocol: TCP | |
| imagePullPolicy: IfNotPresent | |
| volumeMounts: | |
| - name: logs | |
| mountPath: /log | |
| - name: mgmt-secret | |
| readOnly: true | |
| mountPath: /etc/mgmt-secret | |
| - name: s3-secret | |
| readOnly: true | |
| mountPath: /etc/s3-secret | |
| terminationMessagePolicy: File | |
| image: >- | |
| registry.redhat.io/ocs4/mcg-core-rhel8@sha256:74d03cc253774bd817750ba0fe3cfec125282f8549343067610799f2eee5ea80 | |
| volumes: | |
| - name: logs | |
| emptyDir: {} | |
| - name: mgmt-secret | |
| secret: | |
| secretName: noobaa-mgmt-serving-cert | |
| defaultMode: 420 | |
| optional: true | |
| - name: s3-secret | |
| secret: | |
| secretName: noobaa-s3-serving-cert | |
| defaultMode: 420 | |
| optional: true | |
| dnsPolicy: ClusterFirst | |
| serviceName: noobaa-mgmt | |
| podManagementPolicy: OrderedReady | |
| updateStrategy: | |
| type: RollingUpdate | |
| revisionHistoryLimit: 10 | |
| EOF | |
| until oc get -n openshift-migration svc noobaa-mgmt -o=jsonpath='{.status.loadBalancer.ingress[0].hostname}{"\n"}'; do | |
| echo "waiting for management load balancer url" | |
| sleep 1; | |
| done | |
| export NOOBAA_MGMT_URL="https://$(oc get -n openshift-migration svc noobaa-mgmt -o=jsonpath='{.status.loadBalancer.ingress[0].hostname}{"\n"}')/rpc" | |
| echo "NooBaa core deployed with URL=$NOOBAA_MGMT_URL" | |
| #create s3 service | |
| cat <<EOF | oc create -f - | |
| kind: Service | |
| apiVersion: v1 | |
| metadata: | |
| annotations: | |
| service.beta.openshift.io/serving-cert-secret-name: noobaa-s3-serving-cert | |
| name: s3 | |
| namespace: openshift-migration | |
| # ownerReferences: | |
| # TODO | |
| finalizers: | |
| - service.kubernetes.io/load-balancer-cleanup | |
| labels: | |
| app: mig-operator-noobaa | |
| spec: | |
| ports: | |
| - name: s3 | |
| protocol: TCP | |
| port: 80 | |
| targetPort: 6001 | |
| - name: s3-https | |
| protocol: TCP | |
| port: 443 | |
| targetPort: 6443 | |
| - name: md-https | |
| protocol: TCP | |
| port: 8444 | |
| targetPort: 8444 | |
| selector: | |
| noobaa-s3: mig-operator-noobaa | |
| type: LoadBalancer | |
| sessionAffinity: None | |
| externalTrafficPolicy: Cluster | |
| EOF | |
| until oc get -n openshift-migration svc s3 -o=jsonpath='{.status.loadBalancer.ingress[0].hostname}{"\n"}'; do | |
| echo "waiting for s3 endpoint load balancer url" | |
| sleep 1; | |
| done | |
| #get S3 load balancer URL | |
| export LOAD_BALANCER_URL=$(oc get -n openshift-migration svc s3 -o=jsonpath='{.status.loadBalancer.ingress[0].hostname}{"\n"}') | |
| echo "s3 url = $LOAD_BALANCER_URL" | |
| #deploy noobaa endpoint | |
| cat <<EOF | oc create -f - | |
| --- | |
| kind: Deployment | |
| apiVersion: apps/v1 | |
| metadata: | |
| name: mig-operatornoobaa-endpoint | |
| namespace: openshift-migration | |
| # ownerReferences: | |
| # TODO: | |
| labels: | |
| app: mig-operator-noobaa | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: | |
| noobaa-s3: mig-operator-noobaa | |
| template: | |
| metadata: | |
| creationTimestamp: null | |
| labels: | |
| noobaa-s3: mig-operator-noobaa | |
| spec: | |
| restartPolicy: Always | |
| schedulerName: default-scheduler | |
| terminationGracePeriodSeconds: 30 | |
| securityContext: {} | |
| containers: | |
| - resources: | |
| limits: | |
| cpu: 100m | |
| memory: 256M | |
| requests: | |
| cpu: 100m | |
| memory: 256M | |
| readinessProbe: | |
| tcpSocket: | |
| port: 6001 | |
| timeoutSeconds: 5 | |
| periodSeconds: 10 | |
| successThreshold: 1 | |
| failureThreshold: 3 | |
| terminationMessagePath: /dev/termination-log | |
| name: endpoint | |
| command: | |
| - /noobaa_init_files/noobaa_init.sh | |
| - init_endpoint | |
| env: | |
| - name: MGMT_ADDR | |
| value: 'wss://noobaa-mgmt.openshift-migration.svc:443' | |
| - name: BG_ADDR | |
| value: 'wss://noobaa-mgmt.openshift-migration.svc:8445' | |
| - name: MD_ADDR | |
| value: 'wss://s3.openshift-migration.svc:8444' | |
| - name: HOSTED_AGENTS_ADDR | |
| value: 'wss://noobaa-mgmt.openshift-migration.svc:8446' | |
| - name: MONGODB_URL | |
| value: 'mongodb://mig-operator-noobaa-db.openshift-migration.svc/nbcore' | |
| - name: VIRTUAL_HOSTS | |
| value: >- | |
| s3.openshift-migration.svc | |
| ${LOAD_BALANCER_URL} | |
| - name: REGION | |
| - name: ENDPOINT_GROUP_ID | |
| value: 69d1ad5d-1b4b-4059-b3e5-fb7a8f628f53 | |
| - name: LOCAL_MD_SERVER | |
| value: 'true' | |
| - name: LOCAL_N2N_AGENT | |
| value: 'true' | |
| - name: JWT_SECRET | |
| valueFrom: | |
| secretKeyRef: | |
| name: mig-operator-noobaa-server | |
| key: jwt | |
| - name: NOOBAA_DISABLE_COMPRESSION | |
| value: 'false' | |
| - name: NOOBAA_AUTH_TOKEN | |
| valueFrom: | |
| secretKeyRef: | |
| name: noobaa-endpoints | |
| key: auth_token | |
| - name: CONTAINER_CPU_REQUEST | |
| valueFrom: | |
| resourceFieldRef: | |
| resource: requests.cpu | |
| divisor: '0' | |
| - name: CONTAINER_MEM_REQUEST | |
| valueFrom: | |
| resourceFieldRef: | |
| resource: requests.memory | |
| divisor: '0' | |
| - name: CONTAINER_CPU_LIMIT | |
| valueFrom: | |
| resourceFieldRef: | |
| resource: limits.cpu | |
| divisor: '0' | |
| - name: CONTAINER_MEM_LIMIT | |
| valueFrom: | |
| resourceFieldRef: | |
| resource: limits.memory | |
| divisor: '0' | |
| ports: | |
| - containerPort: 6001 | |
| protocol: TCP | |
| - containerPort: 6443 | |
| protocol: TCP | |
| imagePullPolicy: IfNotPresent | |
| volumeMounts: | |
| - name: mgmt-secret | |
| readOnly: true | |
| mountPath: /etc/mgmt-secret | |
| - name: s3-secret | |
| readOnly: true | |
| mountPath: /etc/s3-secret | |
| terminationMessagePolicy: File | |
| image: >- | |
| registry.redhat.io/ocs4/mcg-core-rhel8@sha256:74d03cc253774bd817750ba0fe3cfec125282f8549343067610799f2eee5ea80 | |
| volumes: | |
| - name: mgmt-secret | |
| secret: | |
| secretName: noobaa-mgmt-serving-cert | |
| defaultMode: 420 | |
| optional: true | |
| - name: s3-secret | |
| secret: | |
| secretName: noobaa-s3-serving-cert | |
| defaultMode: 420 | |
| optional: true | |
| dnsPolicy: ClusterFirst | |
| strategy: | |
| type: RollingUpdate | |
| rollingUpdate: | |
| maxUnavailable: 25% | |
| maxSurge: 1 | |
| revisionHistoryLimit: 10 | |
| progressDeadlineSeconds: 600 | |
| EOF | |
| # grant admin to noobaa for creating pv pool statefulset | |
| # TODO: restrict the permissions just for the needed resources instead of admin | |
| cat <<EOF | oc create -f - | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: openshift-migration:default | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: cluster-admin | |
| subjects: | |
| - kind: ServiceAccount | |
| name: default | |
| namespace: openshift-migration | |
| EOF | |
| export url=$NOOBAA_MGMT_URL | |
| # create system | |
| curl $NOOBAA_MGMT_URL -sd '{ | |
| "api": "system_api", | |
| "method": "create_system", | |
| "params": { | |
| "name": "migration", | |
| "email": "migration@noobaa.com", | |
| "password": "changeme" | |
| }}'| jq -r '.reply.operator_token' > .operatortoken | |
| oc create secret generic noobaa-endpoints --from-literal=auth_token=$(cat ./.operatortoken) | |
| #create set up s3 access | |
| curl $NOOBAA_MGMT_URL -sd '{ | |
| "api": "account_api", | |
| "method": "update_account_s3_access", | |
| "params": { | |
| "email": "migration@noobaa.com", | |
| "s3_access": true, | |
| "allowed_buckets": {"full_permission": true, "permission_list":[]} | |
| }, | |
| "auth_token": "'$(cat .operatortoken)'" | |
| }' | jq | |
| # save the aws credentials | |
| # TODO: need to save it in a secret | |
| curl $NOOBAA_MGMT_URL -sd '{ | |
| "api": "account_api", | |
| "method": "read_account", | |
| "params": { | |
| "email": "migration@noobaa.com" | |
| }, | |
| "auth_token": "'$(cat .operatortoken)'" | |
| }' | jq -r '.reply.access_keys[0].access_key' > .aws_secret_id | |
| curl $NOOBAA_MGMT_URL -sd '{ | |
| "api": "account_api", | |
| "method": "read_account", | |
| "params": { | |
| "email": "migration@noobaa.com" | |
| }, | |
| "auth_token": "'$(cat .operatortoken)'" | |
| }' | jq -r '.reply.access_keys[0].secret_key' > .aws_secret_key | |
| # create noobaa pool | |
| curl $NOOBAA_MGMT_URL -sd '{ | |
| "api": "pool_api", | |
| "method": "create_hosts_pool", | |
| "params": { | |
| "name": "migration-pvc-pool", | |
| "is_managed": true, | |
| "host_count": 1, | |
| "host_config": { | |
| "volume_size": 32212254720 | |
| }, | |
| "backingstore": { | |
| "name": "migration-pvc-pool-backing-store", | |
| "namespace": "openshift-migration" | |
| } | |
| }, | |
| "auth_token": "'$(cat .operatortoken)'" | |
| }' | |
| # create noobaa pool | |
| until curl $NOOBAA_MGMT_URL -sd '{"api": "pool_api","method": "read_pool","params": { "name": "migration-pvc-pool"},"auth_token": "'$(cat .operatortoken)'"}' | jq -r '.reply.mode' | grep "OPTIMAL"; do | |
| echo "waiting for pool to be ready" | |
| sleep 1; | |
| done | |
| # | |
| #curl $NOOBAA_MGMT_URL -sd '{ | |
| # "api": "tiering_policy_api", | |
| # "method": "update_bucket_class", | |
| # "params": { | |
| # "name": "migration-pvc-pool-bucket-class", | |
| # "policy": { | |
| # "name": "TEMP", | |
| # "tiers": [{ | |
| # "order": 0, | |
| # "tier": "TEMP" | |
| # }] | |
| # }, | |
| # "tiers": [ | |
| # { | |
| # "name": "TEMP", | |
| # "attached_pools": ["migration-pvc-pool"], | |
| # "data_placement": "SPREAD" | |
| # } | |
| # ] | |
| # }, | |
| # "auth_token": "'$(cat .operatortoken)'" | |
| #}' | |
| curl $NOOBAA_MGMT_URL -sd '{ | |
| "api": "tier_api", | |
| "method": "create_tier", | |
| "params": { | |
| "name": "migration-pvc-pool-tier", | |
| "data_placement": "SPREAD", | |
| "attached_pools": ["migration-pvc-pool"] | |
| }, | |
| "auth_token": "'$(cat .operatortoken)'" | |
| }' | |
| curl $NOOBAA_MGMT_URL -sd '{ | |
| "api": "tiering_policy_api", | |
| "method": "create_policy", | |
| "params": { | |
| "name": "migration-pvc-pool-tiering-policy", | |
| "tiers": [{ | |
| "order": 0, | |
| "tier": "migration-pvc-pool-tier" | |
| }] | |
| }, | |
| "auth_token": "'$(cat .operatortoken)'" | |
| }' | |
| curl $NOOBAA_MGMT_URL -sd '{ | |
| "api": "bucket_api", | |
| "method": "create_bucket", | |
| "params": { | |
| "name": "migration", | |
| "tiering": "migration-pvc-pool-tiering-policy", | |
| "bucket_claim": { | |
| "bucket_class": "migration-pvc-pool-bucket-class", | |
| "namespace": "openshift-migration" | |
| } | |
| }, | |
| "auth_token": "'$(cat .operatortoken)'" | |
| }' | jq | |
| # TODO: need to create oauth clients and routes for UI | |
| #cat <<EOF | oc create -f - | |
| #apiVersion: oauth.openshift.io/v1 | |
| #kind: OAuthClient | |
| #grantMethod: auto | |
| #metadata: | |
| # name: openshift-migration-noobaa-oauth | |
| # namespace: openshift-migration | |
| #EOF | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment