Last active
May 12, 2021 19:06
-
-
Save jharrington22/7849d52e3f65e7e2a366584e21406617 to your computer and use it in GitHub Desktop.
Create STS cluster
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
usage() { | |
cat <<EOF | |
usage: $0 [ OPTION ] | |
Options | |
-a AWS Account ID | |
-c Cluster name | |
-o OCP Version | |
-r AWS Region | |
EOF | |
} | |
if ( ! getopts ":a:c:o:r:h" opt); then | |
echo "" | |
echo " $0 requries an argument!" | |
usage | |
exit 1 | |
fi | |
while getopts ":a:c:o:r:h" opt; do | |
case $opt in | |
a) | |
AWS_ACCOUNT_ID="$OPTARG" >&2 | |
;; | |
c) | |
CLUSTER_NAME="$OPTARG" >&2 | |
;; | |
o) | |
OCP_VERSION="$OPTARG" >&2 | |
;; | |
r) | |
REGION="$OPTARG" >&2 | |
;; | |
h) | |
echo "Invalid option: -$OPTARG" >&2 | |
usage | |
exit 1 | |
;; | |
\?) | |
echo "Invalid option: -$OPTARG" >&2 | |
usage | |
exit 1 | |
;; | |
:) | |
echo "$0 Requires an argument" >&2 | |
usage | |
exit 1 | |
;; | |
esac | |
done | |
if ! ocm account status | grep -oq api\.stage\.openshift\.com ; then | |
echo "You must be logged into api.stage.openshift.com" | |
exit 1 | |
fi | |
if [ -z "${AWS_ACCOUNT_ID}" ]; then | |
echo "AWS Account ID must be set" | |
exit 1 | |
fi | |
if [ -z "${CLUSTER_NAME}" ]; then | |
echo "Cluster name must be set" | |
exit 1 | |
fi | |
if [ -z "${OCP_VERSION}" ]; then | |
echo "OCP Version must be set" | |
exit 1 | |
fi | |
if [ -z "${REGION}" ]; then | |
echo "AWS Region must be set" | |
exit 1 | |
fi | |
echo "Creating OSD cluster with version $OCP_VERSION in $AWS_ACCOUNT_ID" | |
CLOUD_CREDENTIAL_OPERATOR_ROLE_ARN="arn:aws:iam::${AWS_ACCOUNT_ID}:role/" | |
CLOUD_CREDENTIAL_OPERATOR_ROLE="${CLUSTER_NAME}-openshift-cloud-credential-operator-cloud-credentials" | |
EBS_CSI_DRIVER_OPERATOR_ROLE_ARN="arn:aws:iam::${AWS_ACCOUNT_ID}:role/" | |
EBS_CSI_DRIVER_OPERATOR_ROLE="${CLUSTER_NAME}-openshift-cluster-csi-drivers-ebs-cloud-credentials" | |
INSTALLER_ROLE_ARN="arn:aws:iam::${AWS_ACCOUNT_ID}:role/" | |
INSTALLER_ROLE="${CLUSTER_NAME}-openshift-image-registry-installer-cloud-credentials" | |
INGRESS_OPERATOR_ROLE_ARN="arn:aws:iam::${AWS_ACCOUNT_ID}:role/" | |
INGRESS_OPERATOR_ROLE="${CLUSTER_NAME}-openshift-ingress-operator-cloud-credentials" | |
MACHINE_API_OPERATOR_ROLE_ARN="arn:aws:iam::${AWS_ACCOUNT_ID}:role/" | |
MACHINE_API_OPERATOR_ROLE="${CLUSTER_NAME}-openshift-machine-api-aws-cloud-credentials" | |
MANAGED_VELERO_OPERATOR_ROLE_ARN="arn:aws:iam::${AWS_ACCOUNT_ID}:role/" | |
MANAGED_VELERO_OPERATOR_ROLE="${CLUSTER_NAME}-openshift-velero-operator-cloud-credentials" | |
OUTPUT=$(ocm post /api/clusters_mgmt/v1/clusters << EOM | |
{ | |
"name": "${CLUSTER_NAME}", | |
"display_name": "${CLUSTER_NAME}", | |
"product": { | |
"id": "osd" | |
}, | |
"region": { | |
"id": "us-east-1" | |
}, | |
"version": { | |
"id": "openshift-v${OCP_VERSION}-candidate", | |
"channel_group": "candidate" | |
}, | |
"ccs": { | |
"enabled": true | |
}, | |
"aws": { | |
"account_id": "${AWS_ACCOUNT_ID}", | |
"tags": { | |
"is-this-cluster-awesome": "true", | |
"yeah-but-does-it-work": "maybe", | |
"foo": "bar" | |
}, | |
"sts": { | |
"role_arn": "arn:aws:iam::${AWS_ACCOUNT_ID}:role/OSDCCSAdmin", | |
"operator_iam_roles": [ | |
{ | |
"name": "cloud-credential-operator-iam-ro-creds", | |
"namespace": "openshift-cloud-credential-operator", | |
"role_arn": "${CLOUD_CREDENTIAL_OPERATOR_ROLE_ARN}${CLOUD_CREDENTIAL_OPERATOR_ROLE:0:64}" | |
}, | |
{ | |
"name": "ebs-cloud-credentials", | |
"namespace": "openshift-cluster-csi-drivers", | |
"role_arn": "${EBS_CSI_DRIVER_OPERATOR_ROLE_ARN}${EBS_CSI_DRIVER_OPERATOR_ROLE:0:64}" | |
}, | |
{ | |
"name": "installer-cloud-credentials", | |
"namespace": "openshift-image-registry", | |
"role_arn": "${INSTALLER_ROLE_ARN}${INSTALLER_ROLE:0:64}" | |
}, | |
{ | |
"name": "cloud-credentials", | |
"namespace": "openshift-ingress-operator", | |
"role_arn": "${INGRESS_OPERATOR_ROLE_ARN}${INGRESS_OPERATOR_ROLE:0:64}" | |
}, | |
{ | |
"name": "aws-cloud-credentials", | |
"namespace": "openshift-machine-api", | |
"role_arn": "${MACHINE_API_OPERATOR_ROLE_ARN}${MACHINE_API_OPERATOR_ROLE:0:64}" | |
}, | |
{ | |
"name": "managed-velero-operator-iam-credentials", | |
"namespace": "openshift-velero", | |
"role_arn": "${MANAGED_VELERO_OPERATOR_ROLE_ARN}${MANAGED_VELERO_OPERATOR_ROLE:0:64}" | |
} | |
] | |
} | |
} | |
} | |
EOM | |
) | |
#echo "Output" | |
#echo "$OUTPUT" | jq '.' | |
CLUSTER_ID=$(echo "$OUTPUT" | jq -r '.id') | |
echo "Creatd cluster with id: $CLUSTER_ID" | |
echo "Waiting 2 minutes for bucket to be created" | |
sleep 120 | |
./ccoctl aws create-identity-provider --name "${CLUSTER_ID}" --region "${REGION}" --configure-s3-bucket=false | |
# Create ARN with ID for prefix | |
ARN="arn:aws:iam::${AWS_ACCOUNT_ID}:oidc-provider/${CLUSTER_ID}-oidc.s3.${REGION}.amazonaws.com" | |
./ccoctl aws create-iam-roles --credentials-requests-dir credrequests/ --identity-provider-arn "${ARN}" --name "${CLUSTER_NAME}" --region "${REGION}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
L81