github.com/telepresenceio/telepresence/v2@v2.20.0-pro.6.0.20240517030216-236ea954e789/test-infra/aws-okd/README.md (about) 1 # Setting up an openshift environment to test 2 3 The resources in this folder should help you set up an openshift environment on AWS. 4 You can use this to test the compatibility of Telepresence within openshift. 5 6 ## 0. Prerequisites 7 8 * A route53 zone in your AWS account. A hosted zone will be created as a subdomain of this existing zone to serve as the DNS name for the VPN's certificates. 9 * A configured, logged-in AWS CLI 10 * `terraform` must be installed, then you'll need to run `terraform init` in the `dns` directory 11 * An account on [RedHat's portal](https://console.redhat.com/) 12 13 ## 1. Setting up DNS 14 15 A DNS hosted zone needs to be created for the cluster to be accessible. 16 It is suggested that you create this as a subdomain of an already existing zone for a domain that you own. 17 18 To do this, simply cd into the `dns` directory, and create a `terraform.tfvars` file like the following: 19 20 ```hcl 21 parent_domain = "foo.net" # The name of an existing route 53 hosted zone 22 child_subdomain = "child" # The name of the subdomain -- a zone "child.foo.net" will be created. 23 child_subdomain_comment = "My DNS zone for openshift" # A human readable comment for the hosted zone 24 aws_region = "us-west-2" # The AWS region to create the hosted zone in 25 ``` 26 27 ## 2. Create an ssh keypair for openshift 28 29 You'll need an ssh private/public key pair to login to your openshift nodes. 30 To do this, simply: 31 32 ```bash 33 ssh-keygen -t ed25519 -N '' -f ~/.ssh/openshift 34 ``` 35 36 Then, set up an ssh agent and add the key to it: 37 38 ```bash 39 eval `ssh-agent -s` 40 ssh-add ~/.ssh/openshift 41 ``` 42 43 ## 3. Download openshift installer 44 45 Download an openshift installer from [this page](https://github.com/openshift/okd/releases). 46 Its name will look like `openshift-install-mac-4.8.0-0.okd-2021-11-14-052418.tar.gz` (with differences for version and OS). 47 Extract the installer somewhere on your computer. 48 49 ## 4. Run the Openshift installer 50 51 At this point all that's left to do is to launch the installer: 52 53 ```bash 54 ./openshift-install create cluster --dir=./tele-test --log-level=info 55 ``` 56 57 This installer will ask you a number of questions, starting with asking you to select an SSH key. 58 Simply select the one you created in step 2: 59 60 ``` 61 ? SSH Public Key [Use arrows to move, type to filter, ? for more help] 62 /Users/USERNAME/.ssh/id_rsa.pub 63 > /Users/USERNAME/.ssh/openshift.pub 64 <none> 65 ``` 66 67 You'll then have to select `aws` as the platform: 68 69 ``` 70 ? Platform [Use arrows to move, type to filter, ? for more help] 71 > aws 72 azure 73 gcp 74 openstack 75 ovirt 76 vsphere 77 ``` 78 79 Then select the AWS region from step 1: 80 81 ``` 82 ? Region [Use arrows to move, type to filter, ? for more help] 83 eu-west-3 (Europe (Paris)) 84 me-south-1 (Middle East (Bahrain)) 85 sa-east-1 (South America (Sao Paulo)) 86 us-east-1 (US East (N. Virginia)) 87 us-east-2 (US East (Ohio)) 88 us-west-1 (US West (N. California)) 89 > us-west-2 (US West (Oregon)) 90 ``` 91 92 The installer will next ask you for a domain -- find the domain from step 1: 93 94 ``` 95 ? Base Domain [Use arrows to move, type to filter, ? for more help] 96 bar.org 97 abc.foo.net 98 xyz.foo.net 99 > child.foo.net 100 foo.net 101 bar.foo.net 102 etc.foo.net 103 ``` 104 105 Then the name of the cluster: 106 107 ``` 108 ? Cluster Name [? for help] my-test-okd 109 ``` 110 111 And finally a pull secret; to get this pull secret, login to [https://console.redhat.com/openshift/install/pull-secret](https://console.redhat.com/openshift/install/pull-secret): 112 113 ``` 114 ? Pull Secret ************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************** 115 ``` 116 117 At that point, the cluster will be created. 118 This may take slightly longer than an hour. At the end, the installer will prompt you to update your kubeconfig: 119 120 ``` 121 INFO Install complete! 122 INFO To access the cluster as the system:admin user when using 'oc', run 'export KUBECONFIG=/Users/USER/openshift/tele-test/auth/kubeconfig' 123 INFO Access the OpenShift web-console here: https://console-openshift-console.apps.my-test-okd.child.foo.net 124 INFO Login to the console with user: "kubeadmin", and password: "XXXXX-XXXXX-XXXXX-XXXXX" 125 ``` 126 127 Once you've `export`ed your kubeconfig, you'll have a usable openshift cluster! 128 129 ## 5. Install Telepresence 130 131 Installing Telepresence on openshift requires some special configuration. 132 133 The easiest way to do this is to install through the Helm chart, from 134 the root of your telepresence.git checkout (`../../` from this 135 directory), run: 136 137 ```bash 138 mkdir tmpdir 139 go run ./packaging/gen_chart.go tmpdir 140 helm install traffic-manager ./tmpdir/telepresence-*.tgz -n ambassador --create-namespace --set securityContext=null 141 ``` 142 143 At that point, `telepresence connect` should work, and you can start doing testing! 144 145 ## 6. Destroy the cluster 146 147 You probably don't want the cluster to hang around forever if you're just using it to test Telepresence. 148 To destroy it, simply run: 149 150 ```bash 151 ./openshift-install destroy cluster --dir=./tele-test --log-level=info 152 ```