emf onprem simplification (#939)

Co-authored-by: Palash Goel <[email protected]>
Co-authored-by: Gary Loughnane <[email protected]>
Co-authored-by: sys-orch <[email protected]>

Author: 4 people

.github/workflows/virtual-integration.yml

@@ -818,7 +818,10 @@ jobs:
           TF_VAR_no_proxy: "localhost,127.0.0.0/8,10.0.0.0/8,192.168.0.0/16,.svc,.cluster.local,.default,.internal,.orch-platform,.orch-app,.orch-cluster,.orch-infra,.orch-database,.cattle-system,.orch-secret,.onprem"
           TF_VAR_en_http_proxy: "http://192.168.99.30:8080"
           TF_VAR_en_https_proxy: "http://192.168.99.30:8080"
-          TF_VAR_overwrite_profiles: '[["profile-oxm", "argo:\n  infra-onboarding:\n    pxe-server:\n      interface: \"orchnet\"\n      bootServerIP: \"192.168.99.20\"\n      subnetAddress: \"192.168.99.0\""]]'
+          TF_VAR_oxm_pxe_server_int: "orchnet"
+          TF_VAR_oxm_pxe_server_ip: "192.168.99.20"
+          TF_VAR_oxm_pxe_server_subnet: "192.168.99.0"
+          TF_VAR_enable_explicit_proxy: "true"
         with:
           orch_version: ${{ github.event.pull_request.head.sha }}
           orch_profile: onprem-oxm

installer/Dockerfile

@@ -64,7 +64,8 @@ ARG DEPLOY_TYPE
 ENV DEBIAN_FRONTEND=noninteractive DEPLOY_TYPE=$DEPLOY_TYPE SSHUTTLE_ARGS="--disable-ipv6" USER=root
 
 COPY Makefile configure-cluster.sh initialize-gitops-repos.sh start-tunnel.sh utils.sh await-argo.sh \
-    prepare-upgrade.sh update-cluster.sh query-git-user.sh get-argo-login.sh cluster.tpl \
+    prepare-upgrade.sh update-cluster.sh query-git-user.sh get-argo-login.sh cluster_aws.tpl generate_cluster_yaml.sh \
+    reconnect-aws-cluster.sh \
     ./
 ADD $DEPLOY_TARBALL .
 ADD $POD_CONFIGS_TARBALL .

installer/cluster_aws.tpl

@@ -0,0 +1,70 @@
+# SPDX-FileCopyrightText: 2025 Intel Corporation
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# Cluster specific values applied to root-app only
+root:
+  useLocalValues: true
+  clusterValues:
+    - orch-configs/profiles/enable-platform.yaml
+    ${O11Y_ENABLE_PROFILE}
+    - orch-configs/profiles/enable-kyverno.yaml
+    ${AO_PROFILE}
+    ${CO_PROFILE}
+    ${EDGEINFRA_PROFILE}
+    - orch-configs/profiles/enable-full-ui.yaml
+    - orch-configs/profiles/enable-aws.yaml
+    ${SRE_PROFILE}
+    - orch-configs/profiles/proxy-none.yaml
+    - orch-configs/profiles/profile-aws.yaml
+    - orch-configs/profiles/resource-default.yaml
+    ${AWS_PROD_PROFILE}
+    ${O11Y_PROFILE}
+    ${SINGLE_TENANCY_PROFILE}
+    ${EMAIL_PROFILE}
+    ${AUTOCERT_PROFILE}
+    - orch-configs/profiles/artifact-rs-production-noauth.yaml
+    - orch-configs/clusters/${CLUSTER_NAME}.yaml
+# Values applied to both root app and shared among all child apps
+argo:
+  ## Basic cluster information
+  project: ${CLUSTER_NAME}
+  namespace: ${CLUSTER_NAME}
+  clusterName: ${CLUSTER_NAME}
+  clusterDomain: ${CLUSTER_FQDN}
+  adminEmail: ${ADMIN_EMAIL}
+
+  deployRepoURL: https://gitea.${CLUSTER_FQDN}/argocd/edge-manageability-framework
+  deployRepoRevision: main
+
+  git:
+    server: https://gitea.${CLUSTER_FQDN}
+
+  targetServer: "https://kubernetes.default.svc"
+  autosync: true
+
+  o11y:
+    # If the cluster has a node dedicated to edgenode observability services
+    dedicatedEdgenodeEnabled: true
+
+  ## AWS Account Info
+  aws:
+    account: "${AWS_ACCOUNT}"
+    region: ${AWS_REGION}
+    bucketPrefix: ${CLUSTER_NAME}-${S3_PREFIX}
+    efs:
+      repository: 602401143452.dkr.ecr.${AWS_REGION}.amazonaws.com/eks/aws-efs-csi-driver
+      fsid: "${FILE_SYSTEM_ID}"
+    targetGroup:
+      traefik: "${TRAEFIK_TG_ARN}"
+      traefikGrpc: "${TRAEFIKGRPC_TG_ARN}"
+      # nginx: "${NGINX_TG_ARN}"
+      argocd: "${ARGOCD_TG_ARN}"
+
+  traefik:
+    tlsOption: ""
+
+orchestratorDeployment:
+  targetCluster: cloud
+
+postCustomTemplateOverwrite: {}

installer/configure-cluster.sh

@@ -59,7 +59,6 @@ parse_params "$@"
 
 load_cluster_state_env
 check_provision_env -p
-load_provision_values
 save_cluster_env
 
 load_cluster_state_env
@@ -68,100 +67,25 @@ if ! load_scm_auth; then
 fi
 save_scm_auth
 
-update_kube_config
-
 #
 # Create Cluster Configuration
 #
-export FILE_SYSTEM_ID=$(aws efs --region ${AWS_REGION} describe-file-systems --query "FileSystems[?Name == '${CLUSTER_NAME}'].FileSystemId" --output text)
-export S3_PREFIX=$(get_s3_prefix)
-
-export TRAEFIK_TG_HASH=$(echo -n "${CLUSTER_NAME}-traefik-default" | sha256sum | cut -c-32)
-export TRAEFIKGRPC_TG_HASH=$(echo -n "${CLUSTER_NAME}-traefik-grpc" | sha256sum | cut -c-32)
-export NGINX_TG_HASH=$(echo -n "${CLUSTER_NAME}-traefik2-https" | sha256sum | cut -c-32)
-export ARGOCD_TG_HASH=$(echo -n "${CLUSTER_NAME}-argocd-default" | sha256sum | cut -c-32)
-
-export TRAEFIK_TG_ARN=$(aws elbv2 describe-target-groups --names ${TRAEFIK_TG_HASH} | jq -r '.TargetGroups[].TargetGroupArn')
-if [ -z $TRAEFIK_TG_ARN ]; then
-    export TRAEFIK_TG_ARN=$(aws elbv2 describe-target-groups --names ${CLUSTER_NAME}-traefik-https | jq -r '.TargetGroups[].TargetGroupArn')
-fi
-if [ -z $TRAEFIK_TG_ARN ]; then
-    echo "  error: Load balancer Target Group for ${CLUSTER_NAME} not found."
+if [ -z "$FILE_SYSTEM_ID" ] || [ -z "$TRAEFIK_TG_ARN" ] || [ -z "$ARGOCD_TG_ARN" ]; then
+    echo "  Missing one or more of: FILE_SYSTEM_ID, TRAEFIK_TG_ARN, ARGOCD_TG_ARN"
+    echo "  Please run provision.sh first."
     exit 1
 fi
 
-export TRAEFIKGRPC_TG_ARN=$(aws elbv2 describe-target-groups --names ${TRAEFIKGRPC_TG_HASH} | jq -r '.TargetGroups[].TargetGroupArn')
-export NGINX_TG_ARN=$(aws elbv2 describe-target-groups --names ${NGINX_TG_HASH} | jq -r '.TargetGroups[].TargetGroupArn')
-export ARGOCD_TG_ARN=$(aws elbv2 describe-target-groups --names ${ARGOCD_TG_HASH} | jq -r '.TargetGroups[].TargetGroupArn')
-if [ -z $ARGOCD_TG_ARN ]; then
-    export ARGOCD_TG_ARN=$(aws elbv2 describe-target-groups --names ${CLUSTER_NAME}-argocd-https | jq -r '.TargetGroups[].TargetGroupArn')
-fi
-
-
-# AO_PROFILE  disabled check
-if [ "${DISABLE_CO_PROFILE:-false}" = "true" ] || [ "${DISABLE_AO_PROFILE:-false}" = "true" ]; then
-    export AO_PROFILE="#- orch-configs/profiles/enable-app-orch.yaml"
-else
-    export AO_PROFILE="- orch-configs/profiles/enable-app-orch.yaml"
-fi
-
-# CO_PROFILE disabled check
-if [ "${DISABLE_CO_PROFILE:-false}" = "true" ]; then
-    export CO_PROFILE="#- orch-configs/profiles/enable-cluster-orch.yaml"
-    export AO_PROFILE="#- orch-configs/profiles/enable-app-orch.yaml"
-else
-    export CO_PROFILE="- orch-configs/profiles/enable-cluster-orch.yaml"
-fi
-
-if [ -n "$SRE_BASIC_AUTH_USERNAME" ] || [ -n "$SRE_BASIC_AUTH_PASSWORD" ] || [ -n "$SRE_DESTINATION_SECRET_URL" ] || [ -n "$SRE_DESTINATION_CA_SECRET" ]; then
-    export SRE_PROFILE="- orch-configs/profiles/enable-sre.yaml"
-else
-    export SRE_PROFILE="#- orch-configs/profiles/enable-sre.yaml"
-fi
-
-if [ -z $SINGLE_TENANCY ]; then
-    export SINGLE_TENANCY_PROFILE="#- orch-configs/profiles/enable-singleTenancy.yaml"
-else
-    export SINGLE_TENANCY_PROFILE="- orch-configs/profiles/enable-singleTenancy.yaml"
-fi
-
-if [ "${DISABLE_O11Y:-false}" = "true" ]; then
-    export O11Y_ENABLE_PROFILE="#- orch-configs/profiles/enable-o11y.yaml"
-else
-    export O11Y_ENABLE_PROFILE="- orch-configs/profiles/enable-o11y.yaml"
-fi
+export FILE_SYSTEM_ID
+export TRAEFIK_TG_ARN
+export TRAEFIKGRPC_TG_ARN
+export NGINX_TG_ARN
+export ARGOCD_TG_ARN
+export S3_PREFIX
 
-if [ -z $SMTP_URL ]; then
-    export EMAIL_PROFILE="#- orch-configs/profiles/alerting-emails.yaml"
-else
-    export EMAIL_PROFILE="- orch-configs/profiles/alerting-emails.yaml"
-fi
+source ./generate_cluster_yaml.sh aws
 
-if [ -z $AUTO_CERT ]; then
-    export AUTOCERT_PROFILE="#- orch-configs/profiles/profile-autocert.yaml"
-else
-    export AUTOCERT_PROFILE="- orch-configs/profiles/profile-autocert.yaml"
-fi
-
-export AWS_PROD_PROFILE="- orch-configs/profiles/profile-aws-production.yaml"
-if [[ "$DISABLE_AWS_PROD_PROFILE" == "true" ]]; then
-    export AWS_PROD_PROFILE="#- orch-configs/profiles/profile-aws-production.yaml"
-fi
-
-if [ "${DISABLE_O11Y:-false}" = "true" ]; then
-    export O11Y_PROFILE="#- orch-configs/profiles/o11y-release.yaml"
-else
-    export O11Y_PROFILE="- orch-configs/profiles/o11y-release.yaml"
-    if [[ "$CLUSTER_SCALE_PROFILE" == "500en" || "$CLUSTER_SCALE_PROFILE" == "1ken" || "$CLUSTER_SCALE_PROFILE" == "10ken" ]]; then
-      export O11Y_PROFILE="- orch-configs/profiles/o11y-release-large.yaml"
-    fi
-fi
-
-export CLUSTER_SCALE_PROFILE=$(grep -oP '^# Profile: "\K[^"]+' ~/pod-configs/SAVEME/${AWS_ACCOUNT}-${CLUSTER_NAME}-profile.tfvar)
-
-echo
-echo "Creating cluster definition for ${CLUSTER_NAME}"
-cat cluster.tpl | envsubst > edge-manageability-framework/orch-configs/clusters/${CLUSTER_NAME}.yaml
+cp -rf ${CLUSTER_NAME}.yaml edge-manageability-framework/orch-configs/clusters/
 
 echo
 echo =============================================================================