From: Chris Wheeler Date: Wed, 22 Oct 2025 21:17:45 +0000 (+0000) Subject: OKD cluster provisioning via O-Cloud Manager X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=commitdiff_plain;h=86a382d687c39b5488de6506bf7db49ff4ea1547;p=pti%2Frtp.git OKD cluster provisioning via O-Cloud Manager - Adding example manifests for OKD cluster provisioning via oran-o2ims O-Cloud Manager Issue-ID: INF-498 Change-Id: If1e6df586da435eca2258bcbcdf45303a7ae9bb8 Signed-Off-By: Chris Wheeler --- diff --git a/okd/manifests-examples/README.md b/okd/manifests-examples/README.md new file mode 100644 index 00000000..5b05a0d7 --- /dev/null +++ b/okd/manifests-examples/README.md @@ -0,0 +1,14 @@ +# Overview + +This directory contains example manifests for OKD cluster provisioning via O-Cloud Manager. + +# Contents + +- clusterimagesets +- clustertemplates +- policytemplates +- provisioningrequests + +# References + +Refer to [Cluster Provisioning](https://github.com/openshift-kni/oran-o2ims/blob/main/docs/user-guide/cluster-provisioning.md) and [Template Overview](https://github.com/openshift-kni/oran-o2ims/blob/main/docs/user-guide/template-overview.md) in the oran-o2ims user guide for more details and see the [sample GitOps setup](https://github.com/openshift-kni/oran-o2ims/tree/main/docs/samples/git-setup) for additional examples. diff --git a/okd/manifests-examples/clusterimagesets/4.19.0-okd-scos.19.yaml b/okd/manifests-examples/clusterimagesets/4.19.0-okd-scos.19.yaml new file mode 100644 index 00000000..3dfecaf4 --- /dev/null +++ b/okd/manifests-examples/clusterimagesets/4.19.0-okd-scos.19.yaml @@ -0,0 +1,6 @@ +apiVersion: hive.openshift.io/v1 +kind: ClusterImageSet +metadata: + name: 4.19.0-okd-scos.19 +spec: + releaseImage: quay.io/okd/scos-release:4.19.0-okd-scos.19 diff --git a/okd/manifests-examples/clustertemplates/hardwareprofiles/hpe-dl360-bios-v1.54-bmc-v2.63.yaml b/okd/manifests-examples/clustertemplates/hardwareprofiles/hpe-dl360-bios-v1.54-bmc-v2.63.yaml new file mode 100644 index 00000000..a8032373 --- /dev/null +++ b/okd/manifests-examples/clustertemplates/hardwareprofiles/hpe-dl360-bios-v1.54-bmc-v2.63.yaml @@ -0,0 +1,15 @@ +apiVersion: clcm.openshift.io/v1alpha1 +kind: HardwareProfile +metadata: + name: hpe-dl360-bios-v1.54-bmc-v2.63 + namespace: oran-o2ims +spec: + bios: + attributes: + BootMode: Uefi + biosFirmware: + version: U46 v1.54 (11/03/2021) + url: http://192.168.42.10/cp049737.exe + bmcFirmware: + version: iLO 5 v2.70 + url: http://192.168.42.10/ilo5_270.fwpkg diff --git a/okd/manifests-examples/clustertemplates/hardwareprofiles/kustomization.yaml b/okd/manifests-examples/clustertemplates/hardwareprofiles/kustomization.yaml new file mode 100644 index 00000000..a0b1bf77 --- /dev/null +++ b/okd/manifests-examples/clustertemplates/hardwareprofiles/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- hpe-dl360-bios-v1.54-bmc-v2.63.yaml diff --git a/okd/manifests-examples/clustertemplates/hardwaretemplates/kustomization.yaml b/okd/manifests-examples/clustertemplates/hardwaretemplates/kustomization.yaml new file mode 100644 index 00000000..abe42143 --- /dev/null +++ b/okd/manifests-examples/clustertemplates/hardwaretemplates/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- sno-du/hpe-dl360-bios-v1.54-bmc-v2.63.yaml diff --git a/okd/manifests-examples/clustertemplates/hardwaretemplates/sno-du/hpe-dl360-bios-v1.54-bmc-v2.63.yaml b/okd/manifests-examples/clustertemplates/hardwaretemplates/sno-du/hpe-dl360-bios-v1.54-bmc-v2.63.yaml new file mode 100644 index 00000000..4275e613 --- /dev/null +++ b/okd/manifests-examples/clustertemplates/hardwaretemplates/sno-du/hpe-dl360-bios-v1.54-bmc-v2.63.yaml @@ -0,0 +1,20 @@ +apiVersion: clcm.openshift.io/v1alpha1 +kind: HardwareTemplate +metadata: + name: hpe-dl360-bios-v1.54-bmc-v2.63 + namespace: oran-o2ims +spec: + # hardwareProvisioningTimeout is optional. + # The value should be a duration string + # (e.g., "90m" for 90 minutes) + hardwareProvisioningTimeout: "90m" + hardwarePluginRef: metal3-hwplugin + bootInterfaceLabel: bootable-interface + nodeGroupData: + - name: controller + role: master + hwProfile: hpe-dl360-bios-v1.54-bmc-v2.63 + resourceSelector: + "resourceselector.clcm.openshift.io/server-type": "DL360" + "hardwaredata/cpu_arch": "x86_64" + "hardwaredata/num_threads;>=": "64" diff --git a/okd/manifests-examples/clustertemplates/inventory/common.yaml b/okd/manifests-examples/clustertemplates/inventory/common.yaml new file mode 100644 index 00000000..6e9b8acb --- /dev/null +++ b/okd/manifests-examples/clustertemplates/inventory/common.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: du-pool diff --git a/okd/manifests-examples/clustertemplates/inventory/kustomization.yaml b/okd/manifests-examples/clustertemplates/inventory/kustomization.yaml new file mode 100644 index 00000000..1c159e93 --- /dev/null +++ b/okd/manifests-examples/clustertemplates/inventory/kustomization.yaml @@ -0,0 +1,3 @@ +resources: +- common.yaml +- master-0-sno.yaml diff --git a/okd/manifests-examples/clustertemplates/inventory/master-0-sno.yaml b/okd/manifests-examples/clustertemplates/inventory/master-0-sno.yaml new file mode 100644 index 00000000..254fd7fc --- /dev/null +++ b/okd/manifests-examples/clustertemplates/inventory/master-0-sno.yaml @@ -0,0 +1,68 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: network-data-master-0-sno + namespace: du-pool +type: Opaque +stringData: + nmstate: | + dns-resolver: + config: + server: + - 192.168.42.10 + interfaces: + - ipv4: + address: + - ip: 192.168.42.42 + prefix-length: 25 + dhcp: false + enabled: true + ipv6: + dhcp: false + enabled: false + name: ens10f0 + type: ethernet + routes: + config: + - destination: 0.0.0.0/0 + next-hop-address: 192.168.42.1 + next-hop-interface: ens10f0 + table-id: 254 +--- +apiVersion: v1 +data: + username: QWRtaW5pc3RyYXRvcgo= + password: UGFzc3dvcmRHb2VzSGVyZQo= +kind: Secret +metadata: + name: bmc-secret-master-0-sno + namespace: du-pool +type: Opaque +--- +apiVersion: metal3.io/v1alpha1 +kind: BareMetalHost +metadata: + labels: + resources.clcm.openshift.io/siteId: oransc-bos2-lab + resources.clcm.openshift.io/resourcePoolId: du-pool + resourceselector.clcm.openshift.io/server-type: DL360 + resourceselector.clcm.openshift.io/server-id: master-0-sno + resourceselector.clcm.openshift.io/subnet: "192.168.42.0" + interfacelabel.clcm.openshift.io/data-interface: ens10f0 + annotations: + bmac.agent-install.openshift.io/allow-provisioned-host-management: "" + resourceinfo.clcm.openshift.io/description: "DL360 DU" + resourceinfo.clcm.openshift.io/partNumber: "00001" + resourceinfo.clcm.openshift.io/globalAssetId: "asset0001" + resourceinfo.clcm.openshift.io/groups: "groupA, groupB" + name: master-0-sno + namespace: du-pool +spec: + online: false + bmc: + address: redfish-virtualmedia://192.168.42.142/redfish/v1/Systems/1 + credentialsName: bmc-secret-master-0-sno + disableCertificateVerification: true + bootMACAddress: de:ad:be:ef:ca:fe + preprovisioningNetworkDataName: network-data-master-0-sno diff --git a/okd/manifests-examples/clustertemplates/kustomization.yaml b/okd/manifests-examples/clustertemplates/kustomization.yaml new file mode 100644 index 00000000..50069d4c --- /dev/null +++ b/okd/manifests-examples/clustertemplates/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- okd-4.19 diff --git a/okd/manifests-examples/clustertemplates/okd-4.19/extra-manifest/README.md b/okd/manifests-examples/clustertemplates/okd-4.19/extra-manifest/README.md new file mode 100644 index 00000000..d6ec5071 --- /dev/null +++ b/okd/manifests-examples/clustertemplates/okd-4.19/extra-manifest/README.md @@ -0,0 +1 @@ +Copy extra-manifests from the [cnf-features-deploy](https://github.com/openshift-kni/cnf-features-deploy/tree/master/ztp/source-crs/extra-manifest) repo diff --git a/okd/manifests-examples/clustertemplates/okd-4.19/kustomization.yaml b/okd/manifests-examples/clustertemplates/okd-4.19/kustomization.yaml new file mode 100644 index 00000000..ff663188 --- /dev/null +++ b/okd/manifests-examples/clustertemplates/okd-4.19/kustomization.yaml @@ -0,0 +1,15 @@ +configMapGenerator: +- files: + - extra-manifest/99-sync-time-once-master.yaml + - extra-manifest/99-sync-time-once-worker.yaml + name: okd.v1.0.0-extramanifests + namespace: sno-du-okd-v4-19 +generatorOptions: + disableNameSuffixHash: true + +resources: +- sno-du/ns.yaml +- sno-du/pull-secret.yaml +- sno-du/clusterinstance-defaults-v1.yaml +- sno-du/policytemplate-defaults-v1.yaml +- sno-du/sno-du-okd-v4-19.yaml diff --git a/okd/manifests-examples/clustertemplates/okd-4.19/sno-du/clusterinstance-defaults-v1.yaml b/okd/manifests-examples/clustertemplates/okd-4.19/sno-du/clusterinstance-defaults-v1.yaml new file mode 100644 index 00000000..f209560d --- /dev/null +++ b/okd/manifests-examples/clustertemplates/okd-4.19/sno-du/clusterinstance-defaults-v1.yaml @@ -0,0 +1,58 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: clusterinstance-defaults-v1 + namespace: sno-du-okd-v4-19 +data: + clusterInstallationTimeout: "90m" + clusterinstance-defaults: | + baseDomain: example.com + clusterType: SNO + clusterImageSetNameRef: "4.19.0-okd-scos.19" + pullSecretRef: + name: pull-secret + networkType: OVNKubernetes + sshPublicKey: ssh-rsa xxxxxxxxxxx + installConfigOverrides: '{"capabilities": {"baselineCapabilitySet": "None", "additionalEnabledCapabilities": ["NodeTuning", "OperatorLifecycleManager", "Ingress"]}}' + ignitionConfigOverride: '{"ignition": {"version": "3.2.0"}, "storage": {"files": [{"overwrite": true, "path": "/etc/containers/policy.json", "contents": {"source":"data:text/plain;base64,ewogICAgImRlZmF1bHQiOiBbCiAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJpbnNlY3VyZUFjY2VwdEFueXRoaW5nIgogICAgICAgIH0KICAgIF0sCiAgICAidHJhbnNwb3J0cyI6CiAgICAgICAgewogICAgICAgICAgICAiZG9ja2VyLWRhZW1vbiI6CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgIiI6IFt7InR5cGUiOiJpbnNlY3VyZUFjY2VwdEFueXRoaW5nIn1dCiAgICAgICAgICAgICAgICB9CiAgICAgICAgfQp9Cgo="}}]}}' + clusterNetwork: + - cidr: 10.128.0.0/14 + hostPrefix: 23 + machineNetwork: + - cidr: 192.168.123.0/24 + serviceNetwork: + - cidr: 172.30.0.0/16 + additionalNTPSources: + - 1.pool.ntp.org + templateRefs: + - name: ai-cluster-templates-v1 + namespace: open-cluster-management + cpuPartitioningMode: AllNodes + extraManifestsRefs: + - name: okd.v1.0.0-extramanifests + nodes: + - role: master + bootMode: UEFI + rootDeviceHints: + deviceName: /dev/sda + nodeNetwork: + interfaces: + - name: ens1f0 + label: bootable-interface + config: + routes: + config: + - destination: 0.0.0.0/0 + next-hop-interface: ens1f0 + table-id: 254 + interfaces: + - ipv6: + enabled: false + ipv4: + enabled: true + name: ens1f0 + state: up + type: ethernet + templateRefs: + - name: ai-node-templates-v1 + namespace: open-cluster-management diff --git a/okd/manifests-examples/clustertemplates/okd-4.19/sno-du/ns.yaml b/okd/manifests-examples/clustertemplates/okd-4.19/sno-du/ns.yaml new file mode 100644 index 00000000..30ffbee2 --- /dev/null +++ b/okd/manifests-examples/clustertemplates/okd-4.19/sno-du/ns.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: sno-du-okd-v4-19 diff --git a/okd/manifests-examples/clustertemplates/okd-4.19/sno-du/policytemplate-defaults-v1.yaml b/okd/manifests-examples/clustertemplates/okd-4.19/sno-du/policytemplate-defaults-v1.yaml new file mode 100644 index 00000000..b4a17c7f --- /dev/null +++ b/okd/manifests-examples/clustertemplates/okd-4.19/sno-du/policytemplate-defaults-v1.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: policytemplate-defaults-v1 + namespace: sno-du-okd-v4-19 +data: + clusterConfigurationTimeout: "60m" + policytemplate-defaults: | + sriov-network-vlan-1: "140" + sriov-network-vlan-2: "150" + sriov-network-pfNames-1: '["ens4f1"]' + sriov-network-pfNames-2: '["ens4f2"]' + cpu-isolated: "0-1,64-65" + cpu-reserved: "2-10" + hugepages-default: "1G" + hugepages-size: "1G" + hugepages-count: "32" + install-plan-approval: "Automatic" diff --git a/okd/manifests-examples/clustertemplates/okd-4.19/sno-du/pull-secret.yaml b/okd/manifests-examples/clustertemplates/okd-4.19/sno-du/pull-secret.yaml new file mode 100644 index 00000000..9e1840c9 --- /dev/null +++ b/okd/manifests-examples/clustertemplates/okd-4.19/sno-du/pull-secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: pull-secret + namespace: sno-du-okd-v4-19 +data: + .dockerconfigjson: ewogICJhdXRocyI6IHsKICAgICJmYWtlIjogewogICAgICAiYXV0aCI6ICJhV1E2Y0dGemN3bz0iCiAgICB9CiAgfQp9 +type: kubernetes.io/dockerconfigjson diff --git a/okd/manifests-examples/clustertemplates/okd-4.19/sno-du/sno-du-okd-v4-19.yaml b/okd/manifests-examples/clustertemplates/okd-4.19/sno-du/sno-du-okd-v4-19.yaml new file mode 100644 index 00000000..891e5d81 --- /dev/null +++ b/okd/manifests-examples/clustertemplates/okd-4.19/sno-du/sno-du-okd-v4-19.yaml @@ -0,0 +1,192 @@ +apiVersion: clcm.openshift.io/v1alpha1 +kind: ClusterTemplate +metadata: + name: sno-du.okd-v4-19 + namespace: sno-du-okd-v4-19 + annotations: + clcm.openshift.io/skip-clusterimageset-validation: "true" +spec: + name: sno-du + version: okd-v4-19 + release: 4.19.0-okd-scos.19 + templates: + hwTemplate: hpe-dl360-bios-v1.54-bmc-v2.63 + clusterInstanceDefaults: clusterinstance-defaults-v1 + policyTemplateDefaults: policytemplate-defaults-v1 + templateParameterSchema: + properties: + nodeClusterName: + type: string + oCloudSiteId: + type: string + policyTemplateParameters: + description: policyTemplateSchema defines the available parameters for cluster configuration + properties: + sriov-network-vlan-1: + type: string + sriov-network-pfNames-1: + type: string + sriov-network-vlan-2: + type: string + sriov-network-pfNames-2: + type: string + cpu-isolated: + type: string + cpu-reserved: + type: string + hugepages-default: + type: string + hugepages-size: + type: string + hugepages-count: + type: string + install-plan-approval: + type: string + type: object + clusterInstanceParameters: + description: clusterInstanceParameters defines the available parameters for cluster installation + properties: + additionalNTPSources: + description: AdditionalNTPSources is a list of NTP sources (hostname + or IP) to be added to all cluster hosts. They are added to any NTP + sources that were configured through other means. + items: + type: string + type: array + apiVIPs: + description: APIVIPs are the virtual IPs used to reach the OpenShift + cluster's API. Enter one IP address for single-stack clusters, or + up to two for dual-stack clusters (at most one IP address per IP + stack used). The order of stacks should be the same as order of + subnets in Cluster Networks, Service Networks, and Machine Networks. + items: + type: string + maxItems: 2 + type: array + baseDomain: + description: BaseDomain is the base domain to use for the deployed + cluster. + type: string + clusterName: + description: ClusterName is the name of the cluster. + type: string + extraAnnotations: + additionalProperties: + additionalProperties: + type: string + type: object + description: Additional cluster-wide annotations to be applied to + the rendered templates + type: object + extraLabels: + additionalProperties: + additionalProperties: + type: string + type: object + description: Additional cluster-wide labels to be applied to the rendered + templates + type: object + ingressVIPs: + description: IngressVIPs are the virtual IPs used for cluster ingress + traffic. Enter one IP address for single-stack clusters, or up to + two for dual-stack clusters (at most one IP address per IP stack + used). The order of stacks should be the same as order of subnets + in Cluster Networks, Service Networks, and Machine Networks. + items: + type: string + maxItems: 2 + type: array + machineNetwork: + description: MachineNetwork is the list of IP address pools for machines. + items: + description: MachineNetworkEntry is a single IP address block for + node IP blocks. + properties: + cidr: + description: CIDR is the IP block address pool for machines + within the cluster. + type: string + required: + - cidr + type: object + type: array + nodes: + items: + description: NodeSpec + properties: + extraAnnotations: + additionalProperties: + additionalProperties: + type: string + type: object + description: Additional node-level annotations to be applied + to the rendered templates + type: object + extraLabels: + additionalProperties: + additionalProperties: + type: string + type: object + description: Additional node-level labels to be applied to the + rendered templates + type: object + hostName: + description: Hostname is the desired hostname for the host + type: string + nodeLabels: + additionalProperties: + type: string + description: NodeLabels allows the specification of custom roles + for your nodes in your managed clusters. These are additional + roles are not used by any OpenShift Container Platform components, + only by the user. When you add a custom role, it can be associated + with a custom machine config pool that references a specific + configuration for that role. Adding custom labels or roles + during installation makes the deployment process more effective + and prevents the need for additional reboots after the installation + is complete. + type: object + nodeNetwork: + description: NodeNetwork is a set of configurations pertaining + to the network settings for the node. + properties: + config: + description: yaml that can be processed by nmstate, using + custom marshaling/unmarshaling that will allow to populate + nmstate config as plain yaml. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + required: + - hostName + type: object + type: array + serviceNetwork: + description: ServiceNetwork is the list of IP address pools for services. + items: + description: ServiceNetworkEntry is a single IP address block for + node IP blocks. + properties: + cidr: + description: CIDR is the IP block address pool for machines + within the cluster. + type: string + required: + - cidr + type: object + type: array + sshPublicKey: + description: SSHPublicKey is the public Secure Shell (SSH) key to + provide access to instances. This key will be added to the host + to allow ssh access + type: string + required: + - clusterName + - nodes + type: object + required: + - nodeClusterName + - oCloudSiteId + - policyTemplateParameters + - clusterInstanceParameters + type: object diff --git a/okd/manifests-examples/policytemplates/common/copy-acm-route-observability-v1.yaml b/okd/manifests-examples/policytemplates/common/copy-acm-route-observability-v1.yaml new file mode 100644 index 00000000..0f4fa1db --- /dev/null +++ b/okd/manifests-examples/policytemplates/common/copy-acm-route-observability-v1.yaml @@ -0,0 +1,29 @@ +# This full DU profile example is based on OCP 4.17. +apiVersion: policy.open-cluster-management.io/v1 +kind: PolicyGenerator +metadata: + name: oran-o2ims-pg-obs-v1 +policyDefaults: + namespace: open-cluster-management-observability + # Use an existing placement rule so that placement bindings can be consolidated + placement: + labelSelector: + local-cluster: "true" + remediationAction: enforce + severity: low + namespaceSelector: + exclude: + - kube-* + include: + - '*' + evaluationInterval: + compliant: 10m + noncompliant: 10s + orderPolicies: true +policies: +- name: v1-copy-acm-route + manifests: + # REDUCE FOOTPRINT + # Do not add retention field for prometheusK8s when observability is enabled. + # It will be overridden by OBS. + - path: common/source-cr-observability.yaml diff --git a/okd/manifests-examples/policytemplates/common/msc-binding-observability.yaml b/okd/manifests-examples/policytemplates/common/msc-binding-observability.yaml new file mode 100644 index 00000000..fd5ddf0b --- /dev/null +++ b/okd/manifests-examples/policytemplates/common/msc-binding-observability.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cluster.open-cluster-management.io/v1beta2 +kind: ManagedClusterSetBinding +metadata: + name: global + namespace: open-cluster-management-observability +spec: + clusterSet: global diff --git a/okd/manifests-examples/policytemplates/common/source-cr-observability.yaml b/okd/manifests-examples/policytemplates/common/source-cr-observability.yaml new file mode 100644 index 00000000..fd2fa665 --- /dev/null +++ b/okd/manifests-examples/policytemplates/common/source-cr-observability.yaml @@ -0,0 +1,12 @@ +object-templates-raw: | + {{hub range $namespace := (list "ztp-sno-du-okd-v4-19") hub}} + - complianceType: musthave + objectDefinition: + apiVersion: v1 + kind: ConfigMap + metadata: + name: acm-route + namespace: {{hub $namespace hub}} + data: + host: '{{hub (lookup "route.openshift.io/v1" "Route" "open-cluster-management-observability" "alertmanager").spec.host hub}}' + {{hub end hub}} diff --git a/okd/manifests-examples/policytemplates/kustomization.yaml b/okd/manifests-examples/policytemplates/kustomization.yaml new file mode 100644 index 00000000..1aeda36a --- /dev/null +++ b/okd/manifests-examples/policytemplates/kustomization.yaml @@ -0,0 +1,8 @@ +generators: +# ACM PG needed for observability: +- common/copy-acm-route-observability-v1.yaml + +resources: +# MSC binding needed for observability: +- common/msc-binding-observability.yaml +- okd-4.19 diff --git a/okd/manifests-examples/policytemplates/okd-4.19/custom-crs/catalogsource-okderators.yaml b/okd/manifests-examples/policytemplates/okd-4.19/custom-crs/catalogsource-okderators.yaml new file mode 100644 index 00000000..d4b61707 --- /dev/null +++ b/okd/manifests-examples/policytemplates/okd-4.19/custom-crs/catalogsource-okderators.yaml @@ -0,0 +1,36 @@ +# source: https://github.com/okd-project/okderators-catalog-index/blob/release-4.19/hack/catalog-source.yaml +apiVersion: operators.coreos.com/v1alpha1 +kind: CatalogSource +metadata: + name: okderators + namespace: openshift-marketplace +spec: + displayName: OKDerators + image: 'quay.io/okderators/catalog-index:4.19' + publisher: OKD Community + icon: + base64data: '' # Todo + mediatype: '' # Todo + updateStrategy: + registryPoll: + interval: 10m + priority: -100 # Prefer default/manual CatalogSources + sourceType: grpc + grpcPodConfig: + nodeSelector: + kubernetes.io/os: linux + node-role.kubernetes.io/master: '' + priorityClassName: system-cluster-critical + securityContextConfig: restricted + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 120 + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 120 diff --git a/okd/manifests-examples/policytemplates/okd-4.19/custom-crs/namespace-openshift-marketplace.yaml b/okd/manifests-examples/policytemplates/okd-4.19/custom-crs/namespace-openshift-marketplace.yaml new file mode 100644 index 00000000..c99c8a65 --- /dev/null +++ b/okd/manifests-examples/policytemplates/okd-4.19/custom-crs/namespace-openshift-marketplace.yaml @@ -0,0 +1,21 @@ +# source: https://github.com/operator-framework/operator-marketplace/raw/refs/heads/release-4.19/manifests/01_namespace.yaml +apiVersion: v1 +kind: Namespace +metadata: + annotations: + include.release.openshift.io/hypershift: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + openshift.io/node-selector: "" + workload.openshift.io/allowed: "management" + capability.openshift.io/name: "marketplace" + labels: + openshift.io/cluster-monitoring: "true" + pod-security.kubernetes.io/enforce: baseline + pod-security.kubernetes.io/enforce-version: latest + pod-security.kubernetes.io/audit: baseline + pod-security.kubernetes.io/audit-version: latest + pod-security.kubernetes.io/warn: baseline + pod-security.kubernetes.io/warn-version: latest + name: "openshift-marketplace" diff --git a/okd/manifests-examples/policytemplates/okd-4.19/kustomization.yaml b/okd/manifests-examples/policytemplates/okd-4.19/kustomization.yaml new file mode 100644 index 00000000..bca9b97a --- /dev/null +++ b/okd/manifests-examples/policytemplates/okd-4.19/kustomization.yaml @@ -0,0 +1,6 @@ +generators: +- sno-du/sno-du-v1.yaml + +resources: +- sno-du/ns.yaml +- sno-du/msc-binding.yaml diff --git a/okd/manifests-examples/policytemplates/okd-4.19/sno-du/msc-binding.yaml b/okd/manifests-examples/policytemplates/okd-4.19/sno-du/msc-binding.yaml new file mode 100644 index 00000000..4c1ffcda --- /dev/null +++ b/okd/manifests-examples/policytemplates/okd-4.19/sno-du/msc-binding.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cluster.open-cluster-management.io/v1beta2 +kind: ManagedClusterSetBinding +metadata: + name: global + namespace: ztp-sno-du-okd-v4-19 +spec: + clusterSet: global diff --git a/okd/manifests-examples/policytemplates/okd-4.19/sno-du/ns.yaml b/okd/manifests-examples/policytemplates/okd-4.19/sno-du/ns.yaml new file mode 100644 index 00000000..ec40f3ff --- /dev/null +++ b/okd/manifests-examples/policytemplates/okd-4.19/sno-du/ns.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: ztp-sno-du-okd-v4-19 diff --git a/okd/manifests-examples/policytemplates/okd-4.19/sno-du/sno-du-v1.yaml b/okd/manifests-examples/policytemplates/okd-4.19/sno-du/sno-du-v1.yaml new file mode 100644 index 00000000..b5a985c2 --- /dev/null +++ b/okd/manifests-examples/policytemplates/okd-4.19/sno-du/sno-du-v1.yaml @@ -0,0 +1,113 @@ +apiVersion: policy.open-cluster-management.io/v1 +kind: PolicyGenerator +metadata: + name: sno-du-okd-v4-19 +policyDefaults: + namespace: ztp-sno-du-okd-v4-19 + # Use an existing placement rule so that placement bindings can be consolidated + placement: + # These labels must match the labels set for the ManagedCluster either through the ProvisioningRequest + # or the ClusterInstance ConfigMap. + labelSelector: + cluster-version: "v4.19" + sno-du-policy: "v1" + remediationAction: enforce + severity: low + namespaceSelector: + exclude: + - kube-* + include: + - '*' + evaluationInterval: + compliant: 5m + noncompliant: 10s + orderPolicies: true +policies: +- name: v1-subscriptions-policy + manifests: + - path: custom-crs/namespace-openshift-marketplace.yaml + - path: custom-crs/catalogsource-okderators.yaml + - path: source-crs/SriovSubscriptionNS.yaml + - path: source-crs/SriovSubscriptionOperGroup.yaml + - path: source-crs/SriovSubscription.yaml + patches: + - spec: + channel: "alpha" + source: okderators + installPlanApproval: + '{{hub $configMap:=(lookup "v1" "ConfigMap" "" (printf "%s-pg" .ManagedClusterName)) hub}}{{hub dig "data" "install-plan-approval" "Manual" $configMap hub}}' + - path: source-crs/SriovOperatorConfig.yaml +- name: v1-perf-configuration-policy + manifests: + - path: source-crs/PerformanceProfile-SetSelector.yaml + patches: + - metadata: + name: openshift-node-performance-profile + spec: + additionalKernelArgs: + - rcupdate.rcu_normal_after_boot=0 + - vfio_pci.enable_sriov=1 + - vfio_pci.disable_idle_d3=1 + - efi=runtime + cpu: + # These must be tailored for the specific hardware platform + isolated: '{{hub fromConfigMap "" (printf "%s-pg" .ManagedClusterName) "cpu-isolated" hub}}' + reserved: '{{hub fromConfigMap "" (printf "%s-pg" .ManagedClusterName) "cpu-reserved" hub}}' + hugepages: + defaultHugepagesSize: '{{hub fromConfigMap "" (printf "%s-pg" .ManagedClusterName) "hugepages-default" hub}}' + pages: + - size: '{{hub fromConfigMap "" (printf "%s-pg" .ManagedClusterName) "hugepages-size" hub}}' + count: '{{hub fromConfigMap "" (printf "%s-pg" .ManagedClusterName) "hugepages-count" | toInt hub}}' + realTimeKernel: + enabled: true + machineConfigPoolSelector: + pools.operator.machineconfiguration.openshift.io/master: "" + nodeSelector: + node-role.kubernetes.io/master: '' +- name: v1-sriov-configuration-policy + manifests: + - path: source-crs/SriovNetwork.yaml + patches: + - metadata: + name: sriov-nw-du-fh + spec: + resourceName: du_fh + vlan: '{{hub fromConfigMap "" (printf "%s-pg" .ManagedClusterName) "sriov-network-vlan-1" | toInt hub}}' + - path: source-crs/SriovNetworkNodePolicy-SetSelector.yaml + patches: + - metadata: + name: sriov-nnp-du-fh + spec: + deviceType: netdevice + isRdma: false + nicSelector: + pfNames: '{{hub fromConfigMap "" (printf "%s-pg" .ManagedClusterName) "sriov-network-pfNames-1" | toLiteral hub}}' + nodeSelector: + node-role.kubernetes.io/master: "" + numVfs: 8 + priority: 10 + resourceName: du_fh + - path: source-crs/SriovNetwork.yaml + patches: + - metadata: + name: sriov-nw-du-mh + spec: + resourceName: du_mh + vlan: '{{hub fromConfigMap "" (printf "%s-pg" .ManagedClusterName) "sriov-network-vlan-2" | toInt hub}}' + - path: source-crs/SriovNetworkNodePolicy-SetSelector.yaml + patches: + - metadata: + name: sriov-nnp-du-mh + spec: + deviceType: vfio-pci + isRdma: false + nicSelector: + pfNames: '{{hub fromConfigMap "" (printf "%s-pg" .ManagedClusterName) "sriov-network-pfNames-2" | toLiteral hub}}' + nodeSelector: + node-role.kubernetes.io/master: "" + numVfs: 8 + priority: 10 + resourceName: du_mh +- name: v1-sctp-policy + manifests: + - path: source-crs/MachineConfigSctp.yaml diff --git a/okd/manifests-examples/policytemplates/okd-4.19/source-crs/README.md b/okd/manifests-examples/policytemplates/okd-4.19/source-crs/README.md new file mode 100644 index 00000000..4d50292b --- /dev/null +++ b/okd/manifests-examples/policytemplates/okd-4.19/source-crs/README.md @@ -0,0 +1 @@ +Copy source-crs from the [cnf-features-deploy](https://github.com/openshift-kni/cnf-features-deploy/tree/master/ztp/source-crs/) repo diff --git a/okd/manifests-examples/provisioningrequests/sno-du-1.json b/okd/manifests-examples/provisioningrequests/sno-du-1.json new file mode 100644 index 00000000..1cab8df8 --- /dev/null +++ b/okd/manifests-examples/provisioningrequests/sno-du-1.json @@ -0,0 +1,93 @@ +{ + "provisioningRequestId": "123e4567-e89b-12d3-a456-426614174000", + "name": "sno-du-1", + "description": "Provisioning request for setting up a Single Node OKD (SNO) cluster in the test environment.", + "templateName": "sno-du", + "templateVersion": "okd-v4-19", + "templateParameters": { + "nodeClusterName": "sno-du-1", + "oCloudSiteId": "oransc-example-lab", + "policyTemplateParameters": { + "sriov-network-pfNames-1": "[\"ens1f0\"]", + "sriov-network-vlan-1": "110", + "sriov-network-pfNames-2": "[\"ens1f1\"]", + "sriov-network-vlan-2": "111", + "cpu-isolated": "0-1,28-29", + "cpu-reserved": "2-10" + }, + "clusterInstanceParameters": { + "additionalNTPSources": [ + "192.168.42.10" + ], + "baseDomain": "oran-sc.example.lab", + "clusterName": "sno-du-1", + "extraLabels": { + "ManagedCluster": { + "cluster-version": "v4.19", + "sno-du-policy": "v1" + } + }, + "machineNetwork": [ + { + "cidr": "192.168.42.0/25" + } + ], + "nodes": [ + { + "hostName": "master-0-sno.oran-sc.example.lab", + "nodeLabels": { + "node-role.kubernetes.io/infra": "", + "node-role.kubernetes.io/master": "" + }, + "nodeNetwork": { + "config": { + "dns-resolver": { + "config": { + "server": [ + "192.168.42.10" + ] + } + }, + "interfaces": [ + { + "ipv4": { + "address": [ + { + "ip": "192.168.42.42", + "prefix-length": 25 + } + ], + "dhcp": false, + "enabled": true + }, + "ipv6": { + "dhcp": false, + "enabled": false + }, + "name": "ens10f0", + "type": "ethernet" + } + ], + "routes": { + "config": [ + { + "destination": "0.0.0.0/0", + "next-hop-address": "192.168.42.1", + "next-hop-interface": "ens10f0", + "table-id": 254 + } + ] + } + } + } + } + ], + "serviceNetwork": [ + { + "cidr": "172.30.0.0/16" + } + ], + "sshPublicKey": "ssh-rsa xxxxxxxxxx" + } + } +} diff --git a/okd/manifests-examples/provisioningrequests/sno-du-1.yaml b/okd/manifests-examples/provisioningrequests/sno-du-1.yaml new file mode 100644 index 00000000..f590d34c --- /dev/null +++ b/okd/manifests-examples/provisioningrequests/sno-du-1.yaml @@ -0,0 +1,70 @@ +apiVersion: clcm.openshift.io/v1alpha1 +kind: ProvisioningRequest +metadata: + labels: + app.kubernetes.io/name: provisioningrequest + app.kubernetes.io/instance: provisioningrequest-sample + app.kubernetes.io/part-of: oran-o2ims + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/created-by: oran-o2ims + name: 123e4567-e89b-12d3-a456-426614174000 +spec: + name: "sno-du-1" + description: "Provisioning request for setting up a Single Node OKD (SNO) cluster in the test environment." + templateName: sno-du + templateVersion: okd-v4-19 + templateParameters: + nodeClusterName: "sno-du-1" + oCloudSiteId: "oransc-example-lab" + policyTemplateParameters: + sriov-network-pfNames-1: '["ens1f0"]' + sriov-network-vlan-1: "110" + sriov-network-pfNames-2: '["ens1f1"]' + sriov-network-vlan-2: "111" + cpu-isolated: "0-1,28-29" + cpu-reserved: "2-10" + clusterInstanceParameters: + additionalNTPSources: + - 192.168.20.34 + baseDomain: oran-sc.example.lab + clusterName: sno-du-1 + extraLabels: + ManagedCluster: + cluster-version: "v4.19" + sno-du-policy: "v1" + machineNetwork: + - cidr: 192.168.42.0/25 + nodes: + - hostName: master-0-sno.oran-sc.example.lab + nodeLabels: + node-role.kubernetes.io/infra: "" + node-role.kubernetes.io/master: "" + nodeNetwork: + config: + dns-resolver: + config: + server: + - 192.168.42.10 + interfaces: + - ipv4: + address: + - ip: 192.168.42.42 + prefix-length: 25 + dhcp: false + enabled: true + ipv6: + dhcp: false + enabled: false + name: ens10f0 + type: ethernet + routes: + config: + - destination: 0.0.0.0/0 + next-hop-address: 192.168.42.1 + next-hop-interface: ens10f0 + table-id: 254 + serviceNetwork: + - cidr: 172.30.0.0/16 + sshPublicKey: ssh-rsa xxxxxxxxxx +status: + conditions: []