diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md index 5487aa9..f8b1385 100644 --- a/DEVELOPMENT.md +++ b/DEVELOPMENT.md @@ -186,3 +186,130 @@ Users can just run kubectl apply -f to install the project ```sh kubectl apply -f https://raw.githubusercontent.com//cluster-api-provider-metal-stack//dist/install.yaml ``` + +## Quick opinionated Cluster Bootstrap and move + +This is a short and opinionated fast track to create and move a cluster using our provider. +In contrast to a guide and the README, we do not explain all commands and try to be concise. + +Configure your clusterctl: + +```yaml +# ~/.config/cluster-api/clusterctl.yaml +providers: + - name: "metal-stack" + url: "https://github.com/metal-stack/cluster-api-provider-metal-stack/releases/latest/download/infrastructure-components.yaml" + # or for PRs + # url: "${HOME}/path/to/infrastructure-metal-stack/v0.4.0/infrastructure-components.yaml" + # generate with: + # IMG_TAG=branch-name RELEASE_DIR=${HOME}/path/to/infrastructure-metal-stack/v0.4.0 make release-manifests + type: InfrastructureProvider +``` + +Set environment variables. Don't forget to update them along the way. + +```bash +export EXP_KUBEADM_BOOTSTRAP_FORMAT_IGNITION=true + +export METAL_API_HMAC= +export METAL_API_HMAC_AUTH_TYPE= +export METAL_API_URL= + +export METAL_PARTITION= +export METAL_PROJECT_ID= +export METAL_NODE_NETWORK_ID= + +export FIREWALL_MACHINE_IMAGE= +export FIREWALL_MACHINE_SIZE= + +export CONTROL_PLANE_MACHINE_IMAGE= +export CONTROL_PLANE_MACHINE_SIZE= +export WORKER_MACHINE_IMAGE= +export WORKER_MACHINE_SIZE= + +export CLUSTER_NAME= +export NAMESPACE=default +export KUBERNETES_VERSION=v1.30.6 + +export CONTROL_PLANE_MACHINE_COUNT=1 +export WORKER_MACHINE_COUNT=1 + +# Additional envs +export repo_path=$HOME/path/to/cluster-api-provider-metal-stack +export project_name= +export tenant_name= +export firewall_id= +``` + +Create firewall if needed: + +```bash +metalctl project create --name $project_name --tenant $tenant_name --description "Cluster API test project" +metalctl network allocate --description "Node network for $CLUSTER_NAME" --name $CLUSTER_NAME --project $METAL_PROJECT_ID --partition $METAL_PARTITION +metalctl firewall create --description "Firewall for $CLUSTER_NAME cluster" --name firewall-$CLUSTER_NAME --hostname firewall-$CLUSTER_NAME --project $METAL_PROJECT_ID --partition $METAL_PARTITION --image $FIREWALL_MACHINE_IMAGE --size $FIREWALL_MACHINE_SIZE --firewall-rules-file $repo_path/config/target-cluster/firewall-rules.yaml --networks internet,$METAL_NODE_NETWORK_ID +``` + +```bash +kind create cluster --name bootstrap +kind export kubeconfig --name bootstrap --kubeconfig kind-bootstrap.kubeconfig + +clusterctl init --infrastructure metal-stack --kubeconfig kind-bootstrap.kubeconfig +clusterctl generate cluster $CLUSTER_NAME --infrastructure metal-stack > cluster-$CLUSTER_NAME.yaml +kubectl apply -n $NAMESPACE -f cluster-$CLUSTER_NAME.yaml + +# once the control plane node is in phoned home +metalctl machine consolepassword $firewall_id +metalctl machine console --ipmi $firewall_id +# sudo systemctl restart frr +# ~. + +kubectl --kubeconfig kind-bootstrap.kubeconfig -n $NAMESPACE get metalstackmachines.infrastructure.cluster.x-k8s.io +export control_plane_machine_id= +metalctl machine console --ipmi $control_plane_machine_id +# ip r +# sudo systemctl restart kubeadm +# crictl ps +# ~. + +clusterctl get kubeconfig > capms-cluster.kubeconfig + +# metal-ccm +cat $repo_path/config/target-cluster/metal-ccm.yaml | envsubst | kubectl --kubeconfig capms-cluster.kubeconfig apply -f - + +# cni +kubectl --kubeconfig=capms-cluster.kubeconfig create -f https://raw.githubusercontent.com/projectcalico/calico/v3.28.2/manifests/tigera-operator.yaml +cat <" --name --project export METAL_NODE_NETWORK_ID=$(metalctl network list --name -o template --template '{{ .id }}') ``` -A firewall needs to be created with appropriate firewall rules. An example can be found at [firewall-rules.yaml](capi-lab/firewall-rules.yaml). +A firewall needs to be created with appropriate firewall rules. An example can be found at [firewall-rules.yaml](config/target-cluster/firewall-rules.yaml). ```bash # export environment variable for the firewall image and size export FIREWALL_MACHINE_IMAGE= diff --git a/config/target-cluster/firewall-rules.yaml b/config/target-cluster/firewall-rules.yaml new file mode 100644 index 0000000..4bc99d5 --- /dev/null +++ b/config/target-cluster/firewall-rules.yaml @@ -0,0 +1,39 @@ +--- +# used for metalctl firewall create --firewall-rules-file +egress: + - comment: allow outgoing HTTP and HTTPS traffic + ports: + - 80 + - 443 + protocol: TCP + to: + - 0.0.0.0/0 + - comment: allow outgoing DNS traffic via TCP + ports: + - 53 + protocol: TCP + to: + - 0.0.0.0/0 + - comment: allow outgoing traffic to control plane for ccm + ports: + - 8080 + protocol: TCP + to: + - 0.0.0.0/0 # could be more specific + - comment: allow outgoing DNS and NTP traffic via UDP + ports: + - 53 + - 123 + protocol: UDP + to: + - 0.0.0.0/0 +ingress: + - comment: allow incoming HTTP and HTTPS traffic + ports: + - 80 + - 443 + protocol: TCP + from: + - 0.0.0.0/0 # could be more specific + to: + - 0.0.0.0/0 # could be more specific