jharrington22/create-sts-cluster.sh

## create-sts-cluster.sh
#!/bin/bash

usage() {
cat <<EOF
    usage: $0 [ OPTION ]
    Options
    -a         AWS Account ID
    -c         Cluster name
    -o         OCP Version
    -r         AWS Region
EOF
}

if ( ! getopts ":a:c:o:r:h" opt); then
    echo ""
    echo "    $0 requries an argument!"
    usage
    exit 1
fi

while getopts ":a:c:o:r:h" opt; do
    case $opt in
        a)
            AWS_ACCOUNT_ID="$OPTARG" >&2
            ;;
        c)
            CLUSTER_NAME="$OPTARG" >&2
            ;;
        o)
            OCP_VERSION="$OPTARG" >&2
            ;;
        r)
            REGION="$OPTARG" >&2
            ;;
        h)
            echo "Invalid option: -$OPTARG" >&2
            usage
            exit 1
            ;;
        \?)
            echo "Invalid option: -$OPTARG" >&2
            usage
            exit 1
            ;;
        :)
            echo "$0 Requires an argument" >&2
            usage
            exit 1
            ;;
        esac
    done

if ! ocm account status | grep -oq api\.stage\.openshift\.com ; then
    echo "You must be logged into api.stage.openshift.com"
    exit 1
fi

if [ -z "${AWS_ACCOUNT_ID}" ]; then
    echo "AWS Account ID must be set"
    exit 1
fi

if [ -z "${CLUSTER_NAME}" ]; then
    echo "Cluster name must be set"
    exit 1
fi

if [ -z "${OCP_VERSION}" ]; then
    echo "OCP Version must be set"
    exit 1
fi

if [ -z "${REGION}" ]; then
    echo "AWS Region must be set"
    exit 1
fi

echo "Creating OSD cluster with version $OCP_VERSION in $AWS_ACCOUNT_ID"

CLOUD_CREDENTIAL_OPERATOR_ROLE_ARN="arn:aws:iam::${AWS_ACCOUNT_ID}:role/"
CLOUD_CREDENTIAL_OPERATOR_ROLE="${CLUSTER_NAME}-openshift-cloud-credential-operator-cloud-credentials"
EBS_CSI_DRIVER_OPERATOR_ROLE_ARN="arn:aws:iam::${AWS_ACCOUNT_ID}:role/"
EBS_CSI_DRIVER_OPERATOR_ROLE="${CLUSTER_NAME}-openshift-cluster-csi-drivers-ebs-cloud-credentials"
INSTALLER_ROLE_ARN="arn:aws:iam::${AWS_ACCOUNT_ID}:role/"
INSTALLER_ROLE="${CLUSTER_NAME}-openshift-image-registry-installer-cloud-credentials"
INGRESS_OPERATOR_ROLE_ARN="arn:aws:iam::${AWS_ACCOUNT_ID}:role/"
INGRESS_OPERATOR_ROLE="${CLUSTER_NAME}-openshift-ingress-operator-cloud-credentials"
MACHINE_API_OPERATOR_ROLE_ARN="arn:aws:iam::${AWS_ACCOUNT_ID}:role/"
MACHINE_API_OPERATOR_ROLE="${CLUSTER_NAME}-openshift-machine-api-aws-cloud-credentials"
MANAGED_VELERO_OPERATOR_ROLE_ARN="arn:aws:iam::${AWS_ACCOUNT_ID}:role/"
MANAGED_VELERO_OPERATOR_ROLE="${CLUSTER_NAME}-openshift-velero-operator-cloud-credentials"


OUTPUT=$(ocm post /api/clusters_mgmt/v1/clusters << EOM
{
  "name": "${CLUSTER_NAME}",
  "display_name": "${CLUSTER_NAME}",
  "product": {
    "id": "osd"
  },
  "region": {
    "id": "us-east-1"
  },
  "version": {
    "id": "openshift-v${OCP_VERSION}-candidate",
    "channel_group": "candidate"
  },
  "ccs": {
    "enabled": true
  },
  "aws": {
    "account_id": "${AWS_ACCOUNT_ID}",
    "tags": {
      "is-this-cluster-awesome": "true",
      "yeah-but-does-it-work": "maybe",
      "foo": "bar"
    },
    "sts": {
      "role_arn": "arn:aws:iam::${AWS_ACCOUNT_ID}:role/OSDCCSAdmin",
      "operator_iam_roles": [
        {
          "name": "cloud-credential-operator-iam-ro-creds",
          "namespace": "openshift-cloud-credential-operator",
          "role_arn": "${CLOUD_CREDENTIAL_OPERATOR_ROLE_ARN}${CLOUD_CREDENTIAL_OPERATOR_ROLE:0:64}"
        },
        {
          "name": "ebs-cloud-credentials",
          "namespace": "openshift-cluster-csi-drivers",
          "role_arn": "${EBS_CSI_DRIVER_OPERATOR_ROLE_ARN}${EBS_CSI_DRIVER_OPERATOR_ROLE:0:64}"
        },
        {
          "name": "installer-cloud-credentials",
          "namespace": "openshift-image-registry",
          "role_arn": "${INSTALLER_ROLE_ARN}${INSTALLER_ROLE:0:64}"
        },
        {
          "name": "cloud-credentials",
          "namespace": "openshift-ingress-operator",
          "role_arn": "${INGRESS_OPERATOR_ROLE_ARN}${INGRESS_OPERATOR_ROLE:0:64}"
        },
        {
          "name": "aws-cloud-credentials",
          "namespace": "openshift-machine-api",
          "role_arn": "${MACHINE_API_OPERATOR_ROLE_ARN}${MACHINE_API_OPERATOR_ROLE:0:64}"
        },
        {
          "name": "managed-velero-operator-iam-credentials",
          "namespace": "openshift-velero",
          "role_arn": "${MANAGED_VELERO_OPERATOR_ROLE_ARN}${MANAGED_VELERO_OPERATOR_ROLE:0:64}"
        }
      ]
    }
  }
}
EOM
)

#echo "Output"
#echo "$OUTPUT" | jq '.'
CLUSTER_ID=$(echo "$OUTPUT" | jq -r '.id')

echo "Creatd cluster with id: $CLUSTER_ID"
echo "Waiting 2 minutes for bucket to be created"
sleep 120

./ccoctl aws create-identity-provider --name "${CLUSTER_ID}" --region "${REGION}" --configure-s3-bucket=false

# Create ARN with ID for prefix
ARN="arn:aws:iam::${AWS_ACCOUNT_ID}:oidc-provider/${CLUSTER_ID}-oidc.s3.${REGION}.amazonaws.com"

./ccoctl aws create-iam-roles --credentials-requests-dir credrequests/ --identity-provider-arn "${ARN}" --name "${CLUSTER_NAME}" --region "${REGION}"
	#!/bin/bash

	usage() {
	cat <<EOF
	usage: $0 [ OPTION ]
	Options
	-a AWS Account ID
	-c Cluster name
	-o OCP Version
	-r AWS Region
	EOF
	}

	if ( ! getopts ":a:c:o:r:h" opt); then
	echo ""
	echo " $0 requries an argument!"
	usage
	exit 1
	fi

	while getopts ":a:c:o:r:h" opt; do
	case $opt in
	a)
	AWS_ACCOUNT_ID="$OPTARG" >&2
	;;
	c)
	CLUSTER_NAME="$OPTARG" >&2
	;;
	o)
	OCP_VERSION="$OPTARG" >&2
	;;
	r)
	REGION="$OPTARG" >&2
	;;
	h)
	echo "Invalid option: -$OPTARG" >&2
	usage
	exit 1
	;;
	\?)
	echo "Invalid option: -$OPTARG" >&2
	usage
	exit 1
	;;
	:)
	echo "$0 Requires an argument" >&2
	usage
	exit 1
	;;
	esac
	done

	if ! ocm account status \| grep -oq api\.stage\.openshift\.com ; then
	echo "You must be logged into api.stage.openshift.com"
	exit 1
	fi

	if [ -z "${AWS_ACCOUNT_ID}" ]; then
	echo "AWS Account ID must be set"
	exit 1
	fi

	if [ -z "${CLUSTER_NAME}" ]; then
	echo "Cluster name must be set"
	exit 1
	fi

	if [ -z "${OCP_VERSION}" ]; then
	echo "OCP Version must be set"
	exit 1
	fi

	if [ -z "${REGION}" ]; then
	echo "AWS Region must be set"
	exit 1
	fi

	echo "Creating OSD cluster with version $OCP_VERSION in $AWS_ACCOUNT_ID"

	CLOUD_CREDENTIAL_OPERATOR_ROLE_ARN="arn:aws:iam::${AWS_ACCOUNT_ID}:role/"
	CLOUD_CREDENTIAL_OPERATOR_ROLE="${CLUSTER_NAME}-openshift-cloud-credential-operator-cloud-credentials"
	EBS_CSI_DRIVER_OPERATOR_ROLE_ARN="arn:aws:iam::${AWS_ACCOUNT_ID}:role/"
	EBS_CSI_DRIVER_OPERATOR_ROLE="${CLUSTER_NAME}-openshift-cluster-csi-drivers-ebs-cloud-credentials"
	INSTALLER_ROLE_ARN="arn:aws:iam::${AWS_ACCOUNT_ID}:role/"
	INSTALLER_ROLE="${CLUSTER_NAME}-openshift-image-registry-installer-cloud-credentials"
	INGRESS_OPERATOR_ROLE_ARN="arn:aws:iam::${AWS_ACCOUNT_ID}:role/"
	INGRESS_OPERATOR_ROLE="${CLUSTER_NAME}-openshift-ingress-operator-cloud-credentials"
	MACHINE_API_OPERATOR_ROLE_ARN="arn:aws:iam::${AWS_ACCOUNT_ID}:role/"
	MACHINE_API_OPERATOR_ROLE="${CLUSTER_NAME}-openshift-machine-api-aws-cloud-credentials"
	MANAGED_VELERO_OPERATOR_ROLE_ARN="arn:aws:iam::${AWS_ACCOUNT_ID}:role/"
	MANAGED_VELERO_OPERATOR_ROLE="${CLUSTER_NAME}-openshift-velero-operator-cloud-credentials"


	OUTPUT=$(ocm post /api/clusters_mgmt/v1/clusters << EOM
	{
	"name": "${CLUSTER_NAME}",
	"display_name": "${CLUSTER_NAME}",
	"product": {
	"id": "osd"
	},
	"region": {
	"id": "us-east-1"
	},
	"version": {
	"id": "openshift-v${OCP_VERSION}-candidate",
	"channel_group": "candidate"
	},
	"ccs": {
	"enabled": true
	},
	"aws": {
	"account_id": "${AWS_ACCOUNT_ID}",
	"tags": {
	"is-this-cluster-awesome": "true",
	"yeah-but-does-it-work": "maybe",
	"foo": "bar"
	},
	"sts": {
	"role_arn": "arn:aws:iam::${AWS_ACCOUNT_ID}:role/OSDCCSAdmin",
	"operator_iam_roles": [
	{
	"name": "cloud-credential-operator-iam-ro-creds",
	"namespace": "openshift-cloud-credential-operator",
	"role_arn": "${CLOUD_CREDENTIAL_OPERATOR_ROLE_ARN}${CLOUD_CREDENTIAL_OPERATOR_ROLE:0:64}"
	},
	{
	"name": "ebs-cloud-credentials",
	"namespace": "openshift-cluster-csi-drivers",
	"role_arn": "${EBS_CSI_DRIVER_OPERATOR_ROLE_ARN}${EBS_CSI_DRIVER_OPERATOR_ROLE:0:64}"
	},
	{
	"name": "installer-cloud-credentials",
	"namespace": "openshift-image-registry",
	"role_arn": "${INSTALLER_ROLE_ARN}${INSTALLER_ROLE:0:64}"
	},
	{
	"name": "cloud-credentials",
	"namespace": "openshift-ingress-operator",
	"role_arn": "${INGRESS_OPERATOR_ROLE_ARN}${INGRESS_OPERATOR_ROLE:0:64}"
	},
	{
	"name": "aws-cloud-credentials",
	"namespace": "openshift-machine-api",
	"role_arn": "${MACHINE_API_OPERATOR_ROLE_ARN}${MACHINE_API_OPERATOR_ROLE:0:64}"
	},
	{
	"name": "managed-velero-operator-iam-credentials",
	"namespace": "openshift-velero",
	"role_arn": "${MANAGED_VELERO_OPERATOR_ROLE_ARN}${MANAGED_VELERO_OPERATOR_ROLE:0:64}"
	}
	]
	}
	}
	}
	EOM
	)

	#echo "Output"
	#echo "$OUTPUT" \| jq '.'
	CLUSTER_ID=$(echo "$OUTPUT" \| jq -r '.id')

	echo "Creatd cluster with id: $CLUSTER_ID"
	echo "Waiting 2 minutes for bucket to be created"
	sleep 120

	./ccoctl aws create-identity-provider --name "${CLUSTER_ID}" --region "${REGION}" --configure-s3-bucket=false

	# Create ARN with ID for prefix
	ARN="arn:aws:iam::${AWS_ACCOUNT_ID}:oidc-provider/${CLUSTER_ID}-oidc.s3.${REGION}.amazonaws.com"

	./ccoctl aws create-iam-roles --credentials-requests-dir credrequests/ --identity-provider-arn "${ARN}" --name "${CLUSTER_NAME}" --region "${REGION}"