feat: use openshift kubernetes distribution 3.10

CHANGELOG.md

@@ -0,0 +1,4 @@
+## OKD 3.10
+
+- Updated the inventory to support OpenShift Node Groups
+- RHEL 7.5 is now used (as RHEL 7.4 onwards is needed, see https://docs.okd.io/3.10/install/prerequisites.html)

README.md

@@ -2,9 +2,9 @@
 
 [![CircleCI](https://circleci.com/gh/dwmkerr/terraform-aws-openshift.svg?style=shield)](https://circleci.com/gh/dwmkerr/terraform-aws-openshift)
 
-This project shows you how to set up OpenShift Origin on AWS using Terraform. This the companion project to my article [Get up and running with OpenShift on AWS](http://www.dwmkerr.com/get-up-and-running-with-openshift-on-aws/).
+This project shows you how to set up OpenShift on AWS using Terraform. This the companion project to my article [Get up and running with OpenShift on AWS](http://www.dwmkerr.com/get-up-and-running-with-openshift-on-aws/).
 
-![OpenShift Sample Project](./docs/origin_3.9_screenshot.png)
+![OpenShift Sample Project](./docs/okd_3.10_screenshot.png)
 
 I am also adding some 'recipes' which you can use to mix in more advanced features:
 
@@ -133,7 +133,7 @@ The url will be something like `https://a.b.c.d.xip.io:8443`.
 
 ### The Master Node
 
-The master node has the OpenShift client installed and is authenticated as a cluter administrator. If you SSH onto the master node via the bastion, then you can use the OpenShift client and have full access to all projects:
+The master node has the OpenShift client installed and is authenticated as a cluster administrator. If you SSH onto the master node via the bastion, then you can use the OpenShift client and have full access to all projects:
 
 ```
 $ make ssh-master # or if you prefer: ssh -t -A ec2-user@$(terraform output bastion-public_dns) ssh master.openshift.local
@@ -219,7 +219,7 @@ When you run `make openshift`, all that happens is the `inventory.template.cfg`
 
 ## Choosing the OpenShift Version
 
-Currently, OpenShift 3.9 is installed.
+Currently, OKD 3.10 is installed.
 
 To change the version, just update the version identifier in this line of the [`./install-from-bastion.sh`](./install-from-bastion.sh) script:
 
@@ -230,12 +230,13 @@ git clone -b release-3.9 https://github.com/openshift/openshift-ansible
 Available versions are listed [here](https://github.com/openshift/openshift-ansible#getting-the-correct-version).
 
 
-| Version | Status              | Branch                                                                                       |
-|---------|---------------------|----------------------------------------------------------------------------------------------|
-| 3.9     | Tested successfully | [`release/ocp-3.9`](https://github.com/dwmkerr/terraform-aws-openshift/tree/release/ocp-3.9) |
-| 3.7     | Tested successfully |                                                                                              |
-| 3.6     | Tested successfully |                                                                                              |
-| 3.5     | Tested successfully |                                                                                              |
+| Version | Status              | Branch                                                                                         |
+|---------|---------------------|------------------------------------------------------------------------------------------------|
+| 3.10    | Tested successfully | [`release/okd-3.10`](https://github.com/dwmkerr/terraform-aws-openshift/tree/release/okd-3.10) |
+| 3.9     | Tested successfully | [`release/ocp-3.9`](https://github.com/dwmkerr/terraform-aws-openshift/tree/release/ocp-3.9)   |
+| 3.7     | Tested successfully |                                                                                                |
+| 3.6     | Tested successfully |                                                                                                |
+| 3.5     | Tested successfully |                                                                                                |
 
 OpenShift 3.5 is fully tested, and has a slightly different setup. You can build 3.5 by checking out the [`release/openshift-3.5`](https://github.com/dwmkerr/terraform-aws-openshift/tree/release/openshift-3.5) branch.
 

docs/releases.md

@@ -0,0 +1,3 @@
+## OKD 3.10
+
+- RHEL 7.5 is now used (as RHEL 7.4 onwards is needed, see https://docs.okd.io/3.10/install/prerequisites.html)

install-from-bastion.sh

@@ -7,8 +7,12 @@ sudo -E su
 yum install -y "@Development Tools" python2-pip openssl-devel python-devel gcc libffi-devel
 
 # Get the OpenShift 3.9 installer.
-pip install -I ansible==2.4.3.0
-git clone -b release-3.9 https://github.com/openshift/openshift-ansible
+pip install -I ansible==2.6.5
+git clone -b release-3.10 https://github.com/openshift/openshift-ansible
+
+# Get the OpenShift 3.9 installer.
+# pip install -I ansible==2.4.3.0
+# git clone -b release-3.9 https://github.com/openshift/openshift-ansible
 
 # Get the OpenShift 3.7 installer.
 # pip install -Iv ansible==2.4.1.0

inventory.template.cfg

@@ -18,17 +18,17 @@ ansible_ssh_user=ec2-user
 # If ansible_ssh_user is not root, ansible_become must be set to true
 ansible_become=true
 
-# Deploy OpenShift Origin 3.9.
+# Deploy OKD 3.10.
 openshift_deployment_type=origin
-openshift_release=v3.9
+openshift_release=v3.10
 
 # We need a wildcard DNS setup for our public access to services, fortunately
 # we can use the superb xip.io to get one for free.
 openshift_public_hostname=${public_hostname}
 openshift_master_default_subdomain=${public_hostname}
 
 # Use an htpasswd file as the indentity provider.
-openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]
+openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}]
 
 # Uncomment the line below to enable metrics for the cluster.
 # openshift_hosted_metrics_deploy=true
@@ -42,19 +42,24 @@ openshift_cloudprovider_aws_secret_key=${secret_key}
 # Set the cluster_id.
 openshift_clusterid=${cluster_id}
 
+# Define the standard set of node groups, as per:
+#   https://github.com/openshift/openshift-ansible#node-group-definition-and-mapping
+openshift_node_groups=[{'name': 'node-config-master', 'labels': ['node-role.kubernetes.io/master=true']}, {'name': 'node-config-infra', 'labels': ['node-role.kubernetes.io/infra=true']}, {'name': 'node-config-compute', 'labels': ['node-role.kubernetes.io/compute=true']}, {'name': 'node-config-master-infra', 'labels': ['node-role.kubernetes.io/infra=true,node-role.kubernetes.io/master=true']}, {'name': 'node-config-all-in-one', 'labels': ['node-role.kubernetes.io/infra=true,node-role.kubernetes.io/master=true,node-role.kubernetes.io/compute=true']}]
+
 # Create the masters host group. Note that due do:
 #   https://github.com/dwmkerr/terraform-aws-openshift/issues/40
 # We cannot use the internal DNS names (such as master.openshift.local) as there
 # is a bug with the installer when using the AWS cloud provider.
+# Note that we use the master node as an infra node as well, which is not recommended for production use.
 [masters]
 ${master_hostname} openshift_hostname=${master_hostname}
 
 # host group for etcd
 [etcd]
 ${master_hostname} openshift_hostname=${master_hostname}
 
-# host group for nodes, includes region info
+# all nodes - along with their openshift_node_groups.
 [nodes]
-${master_hostname} openshift_hostname=${master_hostname} openshift_node_labels="{'region': 'infra', 'zone': 'default'}" openshift_schedulable=true
-${node1_hostname} openshift_hostname=${node1_hostname} openshift_node_labels="{'region': 'primary', 'zone': 'east'}"
-${node2_hostname} openshift_hostname=${node2_hostname} openshift_node_labels="{'region': 'primary', 'zone': 'west'}"
+${master_hostname} openshift_hostname=${master_hostname} openshift_node_group_name='node-config-master-infra' openshift_schedulable=true
+${node1_hostname} openshift_hostname=${node1_hostname} openshift_node_group_name='node-config-compute'
+${node2_hostname} openshift_hostname=${node2_hostname} openshift_node_group_name='node-config-compute'

modules/openshift/02-amis.tf

@@ -1,6 +1,6 @@
-# Define the RHEL 7.2 AMI by:
+# Define the RHEL 7.5 AMI by:
 # RedHat, Latest, x86_64, EBS, HVM, RHEL 7.2
-data "aws_ami" "rhel7_2" {
+data "aws_ami" "rhel7_5" {
   most_recent = true
 
   owners = ["309956199498"] // Red Hat's account ID.
@@ -22,7 +22,7 @@ data "aws_ami" "rhel7_2" {
 
   filter {
     name   = "name"
-    values = ["RHEL-7.2*"]
+    values = ["RHEL-7.5*"]
   }
 }
 

modules/openshift/06-nodes.tf

@@ -14,7 +14,7 @@ data "template_file" "setup-master" {
 
 //  Launch configuration for the consul cluster auto-scaling group.
 resource "aws_instance" "master" {
-  ami                  = "${data.aws_ami.rhel7_2.id}"
+  ami                  = "${data.aws_ami.rhel7_5.id}"
   # Master nodes require at least 16GB of memory.
   instance_type        = "m4.xlarge"
   subnet_id            = "${aws_subnet.public-subnet.id}"
@@ -63,7 +63,7 @@ data "template_file" "setup-node" {
 //  Create the two nodes. This would be better as a Launch Configuration and
 //  autoscaling group, but I'm keeping it simple...
 resource "aws_instance" "node1" {
-  ami                  = "${data.aws_ami.rhel7_2.id}"
+  ami                  = "${data.aws_ami.rhel7_5.id}"
   instance_type        = "${var.amisize}"
   subnet_id            = "${aws_subnet.public-subnet.id}"
   iam_instance_profile = "${aws_iam_instance_profile.openshift-instance-profile.id}"
@@ -100,7 +100,7 @@ resource "aws_instance" "node1" {
   )}"
 }
 resource "aws_instance" "node2" {
-  ami                  = "${data.aws_ami.rhel7_2.id}"
+  ami                  = "${data.aws_ami.rhel7_5.id}"
   instance_type        = "${var.amisize}"
   subnet_id            = "${aws_subnet.public-subnet.id}"
   iam_instance_profile = "${aws_iam_instance_profile.openshift-instance-profile.id}"