Merge pull request #66 from ibm-client-engineering/revert-65-adam-upd…

…ates Revert "Adam updates"
ibm-client-engineering · Apr 1, 2024 · 5551958 · 5551958
2 parents 7138b23 + e1e061f
commit 5551958
Show file tree

Hide file tree

Showing 10 changed files with 64 additions and 238 deletions.
diff --git a/docs/2-Deployment/2-UPI_Install.mdx b/docs/2-Deployment/2-UPI_Install.mdx
@@ -493,66 +493,4 @@ spec:
     requests:
       storage: 1Mi
 EOF
-```
-
-## Extras
-
-### Change Console & Oauth domain
-
-
-
-
-#### Generate CA certs
-
-```
-openssl genrsa -out ca.key 2048
-
-openssl req -new -x509 -days 365 -key ca.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=Acme Root CA" -out ca.crt
-
-```
-
-#### Generate Server Certs
-
-
-
-```
-openssl req -newkey rsa:2048 -nodes -keyout server.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=*.{BASE_DOMAIN}" -out server.csr
-```
-
-#### Generate 'server.crt'
-
-```
-openssl x509 -req -extfile <(printf "subjectAltName=DNS:*.{BASE_DOMAIN}") -days 365 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt
-```
-
-
-#### Update the cluster:
-
-Create the new secret which will contain the cert and key:
-
-```
-oc create secret tls custom-cert --cert=server.crt --key=server.key -n openshift-config
-```
-
-
-#### Update the ingress:
-
-```
-oc edit ingresses.config/cluster -o yaml
-```
-
-Add the following under 'spec:'
-
-```
-  componentRoutes:
-  - hostname: console.{NEW_URL}
-    name: console
-    namespace: openshift-console
-    servingCertKeyPairSecret:
-      name: custom-cert
-  - hostname: oauth.{NEW_URL}
-    name: oauth-openshift
-    namespace: openshift-authentication
-    servingCertKeyPairSecret:
-      name: custom-cert
-```
+```
diff --git a/docs/README.mdx b/docs/README.mdx
@@ -12,10 +12,10 @@ graph LR;
     C --> D(Manage);
 ```
 
-### Flight Path
+#### Flight Path
 This is a living document for an adoption journey that synthesizes the best practices from IBM when considering and implementing **`watsonx.ai`** in AWS.
 
-### Working In The Open
+#### Working In The Open
 
 The Flight Path approach embodies IBM Client Engineering's dedication to transparency and collaboration, which is evident through the creation of this accessible repository that showcases real-life customer experiences. By sharing this knowledge, IBM aims to develop user-friendly and scalable landing zones that encourage the adoption of IBM Technology while prioritizing innovation and user experience. This repository represents IBM Client Engineering's commitment to working in the open, where stakeholders and interested parties can participate, provide feedback and benefit from collective knowledge.
 

diff --git a/static/scripts/Install-OCP-UPI/add_node.sh b/static/scripts/Install-OCP-UPI/add_node.sh
diff --git a/static/scripts/Install-OCP-UPI/bin/create_install_config.sh b/static/scripts/Install-OCP-UPI/bin/create_install_config.sh
@@ -1,23 +1,22 @@
 #!/bin/bash
 
-if [[ $# -ne 9 ]]
+if [[ $# -ne 10 ]]
 then
     echo "Incorrect number of parameters"
-    echo "Usage: $0 <output_dir> <base_domain> <cluster_name> <pull_secret> <ssh_key> <additionalcacert> <httpProxy> <httpsProxy> <noProxy>"
+    echo "Usage: $0 <output_dir> <base_domain> <cluster_name> <registry_url> <registry_creds> <ssh_key> <additionalcacert> <httpProxy> <httpsProxy> <noProxy>"
     exit 1
 fi
 
 output_dir=$1
 base_domain=$2
 cluster_name=$3
-# registry_url=$4
-# registry_creds=$5
-pull_secret=$4
-ssh_key=$5
-ca_cert=$6
-httpProxy=$7
-httpsProxy=$7
-noProxy=$9
+registry_url=$4
+registry_creds=$5
+ssh_key=$6
+ca_cert=$7
+httpProxy=$8
+httpsProxy=$9
+noProxy=${10}
 
 ssh_line=""
 if [[ ! -z "${ssh_key}" ]]
@@ -52,8 +51,15 @@ networking:
 platform:
   none: {} 
 fips: true 
-pullSecret: '${pull_secret}'
+pullSecret: '{ "auths": { "${registry_url}": { "auth": "${registry_creds}" } } }'
 ${ssh_line}
+imageContentSources: 
+- mirrors:
+  - ${registry_url}/openshift
+  source: quay.io/openshift-release-dev/ocp-release
+- mirrors:
+  - ${registry_url}/openshift
+  source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
 EOF
 
 if [[ -f "${ca_cert}" ]]

diff --git a/static/scripts/Install-OCP-UPI/cloudformation/bootstrap-template.yaml b/static/scripts/Install-OCP-UPI/cloudformation/bootstrap-template.yaml
@@ -83,13 +83,13 @@ Resources:
         FromPort: 19531
         CidrIp: 10.0.0.0/8
       SecurityGroupEgress:
-      - IpProtocol: -1
+      - IpProtocol: tcp
         FromPort: 0
         ToPort: 65535
         CidrIp: 10.0.0.0/8
       - IpProtocol: icmp
-        FromPort: -1
-        ToPort: -1
+        FromPort: 0
+        ToPort: 0
         CidrIp: 10.0.0.0/8
       VpcId: !Ref VpcId
 

diff --git a/static/scripts/Install-OCP-UPI/cloudformation/sg-lb-template.yaml b/static/scripts/Install-OCP-UPI/cloudformation/sg-lb-template.yaml
@@ -52,8 +52,8 @@ Resources:
       GroupDescription: Cluster Master Security Group
       SecurityGroupIngress:
       - IpProtocol: icmp
-        FromPort: -1
-        ToPort: -1
+        FromPort: 0
+        ToPort: 0
         CidrIp: !Ref VpcCidr
       - IpProtocol: tcp
         FromPort: 22
@@ -68,7 +68,7 @@ Resources:
         ToPort: 22623
         CidrIp: !Ref VpcCidr
       SecurityGroupEgress:
-      - IpProtocol: -1
+      - IpProtocol: tcp
         FromPort: 0
         ToPort: 65335
         CidrIp: 10.0.0.0/8
@@ -80,8 +80,8 @@ Resources:
       GroupDescription: Cluster Worker Security Group
       SecurityGroupIngress:
       - IpProtocol: icmp
-        FromPort: -1
-        ToPort: -1
+        FromPort: 0
+        ToPort: 0
         CidrIp: !Ref VpcCidr
       - IpProtocol: tcp
         FromPort: 22
@@ -96,7 +96,7 @@ Resources:
         ToPort: 443
         CidrIp: 10.0.0.0/8
       SecurityGroupEgress:
-      - IpProtocol: -1
+      - IpProtocol: tcp
         FromPort: 0
         ToPort: 65535
         CidrIp: 10.0.0.0/8

diff --git a/static/scripts/Install-OCP-UPI/cloudformation/worker-template.yaml b/static/scripts/Install-OCP-UPI/cloudformation/worker-template.yaml
@@ -72,7 +72,6 @@ Parameters:
     - "c5a.12xlarge"
     - "c5a.16xlarge"
     - "c5a.24xlarge"
-    - "p4d.24xlarge"
     - "r4.large"
     - "r4.xlarge"
     - "r4.2xlarge"

diff --git a/static/scripts/Install-OCP-UPI/config.sh b/static/scripts/Install-OCP-UPI/config.sh
@@ -11,8 +11,7 @@ base_domain="ocp-cluster.com"
 ###
 registry_url="HOSTNAME:PORT"
 local_auth_json="/ibm/security/auth/auth.json"
-#additional_trust_cert=""
-pull_secret=""
+additional_trust_cert="/ibm/security/certs/ca.crt"
 ###
 # AWS info
 ###
@@ -27,9 +26,9 @@ tag1key="test"
 tag1value="one"
 tag2key="test"
 tag2value="two"
-# httpProxy="http://proxy.example.com:PORT"
-# httpsProxy="http://proxy.example.com:PORT"
-# noProxy=".${base_domain},172.30.0.0/16,10.128.0.0/14,${aws_vpc_cidr},.apps.${cluster}.${base_domain},.${cluster}.${base_domain}"
+httpProxy="http://proxy.example.com:PORT"
+httpsProxy="http://proxy.example.com:PORT"
+noProxy=".${base_domain},172.30.0.0/16,10.128.0.0/14,${aws_vpc_cidr}
 
 ###
 # ocp architecture
@@ -43,13 +42,4 @@ master_1_subnet=$aws_private_subnets
 master_2_subnet=$aws_private_subnets
 worker_subnet_list=$aws_private_subnets  #Don't Change
 worker_count=6
-worker_instance_type="m6i.8xlarge"
-
-###
-# GPU Node
-###
-gpu_count=1
-gpu_subnet="subnet-0797e8067a532db0d" #US-EAST-2
-#gpu_instance_type="p4d.24xlarge"
-gpu_instance_type="m6i.8xlarge"
-gpu_securitygroup=""
+worker_instance_type="m6i.8xlarge"