feat: update RHDP tooling and wrapper scripts

Update RHDP cluster definition tooling, wrapper script improvements,
gen-secrets simplification, and letsencrypt chart version bump.

Co-authored-by: Beraldo Leal <bleal@redhat.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: 3 people

charts/all/letsencrypt/Chart.yaml

@@ -1,6 +1,10 @@
 apiVersion: v2
 name: letsencrypt
-description: A Helm chart to add letsencrypt support to Validated Patterns.
+description: >-
+  DEPRECATED: This chart is unsupported and will be removed in a future release.
+  Trustee 1.0 uses cert-manager for certificate management, making Let's Encrypt
+  integration unnecessary. A Helm chart to add letsencrypt support to Validated Patterns.
+deprecated: true
 
 type: application
 

rhdp/requirements.txt

@@ -1,3 +1,4 @@
 typer
 rich
-Jinja2
+Jinja2
+typing_extensions

rhdp/rhdp-cluster-define.py

@@ -13,8 +13,22 @@
 from typing_extensions import Annotated
 
 
-def get_default_cluster_configs() -> List[Dict]:
-    """Get default cluster configurations"""
+def get_default_cluster_configs(prefix: str = "") -> List[Dict]:
+    """Get default cluster configurations
+
+    Args:
+        prefix: Optional prefix to add to cluster name and directory
+    """
+    if prefix:
+        return [
+            {
+                "name": f"coco-{prefix}",
+                "directory": f"openshift-install-{prefix}",
+                "cluster_network_cidr": "10.128.0.0/14",
+                "machine_network_cidr": "10.0.0.0/16",
+                "service_network_cidr": "172.30.0.0/16",
+            }
+        ]
     return [
         {
             "name": "coco",
@@ -135,23 +149,35 @@ def run(
     multicluster: Annotated[
         bool, typer.Option("--multicluster", help="Deploy hub and spoke clusters")
     ] = False,
+    prefix: Annotated[
+        str, typer.Option("--prefix", help="Prefix for cluster name and directory")
+    ] = "",
 ):
     """
     Region flag requires an azure region key which can be (authoritatively)
     requested with: "az account list-locations -o table".
 
     Use --multicluster flag to deploy both hub (coco-hub) and spoke (coco-spoke)
     clusters.
+
+    Use --prefix to add a prefix to cluster name and install directory, enabling
+    multiple cluster deployments (e.g., --prefix cluster1 creates coco-cluster1
+    in openshift-install-cluster1).
     """
     validate_dir()
 
     # Choose cluster configurations based on multicluster flag
     if multicluster:
+        if prefix:
+            rprint("WARNING: --prefix is ignored when using --multicluster")
         cluster_configs = get_multicluster_configs()
         rprint("Setting up multicluster deployment (hub and spoke)")
     else:
-        cluster_configs = get_default_cluster_configs()
-        rprint("Setting up single cluster deployment")
+        cluster_configs = get_default_cluster_configs(prefix)
+        if prefix:
+            rprint(f"Setting up single cluster deployment with prefix: {prefix}")
+        else:
+            rprint("Setting up single cluster deployment")
 
     cleanup(pathlib.Path.cwd(), cluster_configs)
     setup_install(

rhdp/wrapper.sh

@@ -14,13 +14,56 @@ get_python_cmd() {
     fi
 } 
 
-if [ "$#" -ne 1 ]; then
-    echo "Error: Exactly one argument is required."
-    echo "Usage: $0 {azure-region-code}"
+# Parse arguments
+AZUREREGION=""
+PREFIX=""
+
+while [[ $# -gt 0 ]]; do
+    case $1 in
+        --prefix)
+            PREFIX="$2"
+            shift 2
+            ;;
+        --prefix=*)
+            PREFIX="${1#*=}"
+            shift
+            ;;
+        -*)
+            echo "Error: Unknown option $1"
+            echo "Usage: $0 [--prefix <prefix>] {azure-region-code}"
+            echo "Example: $0 eastasia"
+            echo "Example: $0 --prefix cluster1 eastasia"
+            exit 1
+            ;;
+        *)
+            if [ -z "$AZUREREGION" ]; then
+                AZUREREGION="$1"
+            else
+                echo "Error: Too many positional arguments."
+                echo "Usage: $0 [--prefix <prefix>] {azure-region-code}"
+                exit 1
+            fi
+            shift
+            ;;
+    esac
+done
+
+if [ -z "$AZUREREGION" ]; then
+    echo "Error: Azure region is required."
+    echo "Usage: $0 [--prefix <prefix>] {azure-region-code}"
     echo "Example: $0 eastasia"
+    echo "Example: $0 --prefix cluster1 eastasia"
     exit 1
 fi
-AZUREREGION=$1
+
+# Set install directory based on prefix
+if [ -n "$PREFIX" ]; then
+    INSTALL_DIR="openshift-install-${PREFIX}"
+    echo "Using prefix: $PREFIX"
+    echo "Install directory: $INSTALL_DIR"
+else
+    INSTALL_DIR="openshift-install"
+fi
 
 echo "---------------------"
 echo "Validating configuration"
@@ -40,6 +83,17 @@ if ! command -v yq &> /dev/null; then
     exit 1
 fi
 
+# Check if podman is available and running
+if ! command -v podman &> /dev/null; then
+    echo "ERROR: podman is required but not installed"
+    exit 1
+fi
+
+if ! podman info &> /dev/null; then
+    echo "ERROR: podman is installed but not responding"
+    exit 1
+fi
+
 # Extract clusterGroupName from values-global.yaml using yq
 CLUSTER_GROUP_NAME=$(yq eval '.main.clusterGroupName' values-global.yaml)
 
@@ -113,27 +167,35 @@ echo "---------------------"
 echo "defining cluster"
 echo "---------------------"
 PYTHON_CMD=$(get_python_cmd)
-$PYTHON_CMD rhdp/rhdp-cluster-define.py ${AZUREREGION}
+if [ -n "$PREFIX" ]; then
+    $PYTHON_CMD rhdp/rhdp-cluster-define.py --prefix "${PREFIX}" ${AZUREREGION}
+else
+    $PYTHON_CMD rhdp/rhdp-cluster-define.py ${AZUREREGION}
+fi
 echo "---------------------"
 echo "cluster defined"
 echo "---------------------"
 sleep 10
 echo "---------------------"
 echo "openshift-install"
 echo "---------------------"
-openshift-install create cluster --dir=./openshift-install
+openshift-install create cluster --dir=./${INSTALL_DIR}
 echo "openshift-install done"
 echo "---------------------"
 echo "setting up secrets"
 
 bash ./scripts/gen-secrets.sh
 
+echo "---------------------"
+echo "retrieving PCR measurements"
+echo "---------------------"
+bash ./scripts/get-pcr.sh
 
 sleep 60
 echo "---------------------"
 echo "pattern install"
 echo "---------------------"
-export KUBECONFIG="$(pwd)/openshift-install/auth/kubeconfig"
+export KUBECONFIG="$(pwd)/${INSTALL_DIR}/auth/kubeconfig"
 
 
 ./pattern.sh make install

scripts/gen-secrets.sh

@@ -1,49 +1,36 @@
 #!/usr/bin/env bash
 
 echo "Creating secrets as required"
-echo 
+echo
 
 COCO_SECRETS_DIR="${HOME}/.coco-pattern"
-SECURITY_POLICY_FILE="${COCO_SECRETS_DIR}/security-policy-config.json"
-SSH_KEY_FILE="${COCO_SECRETS_DIR}/id_rsa"
 KBS_PRIVATE_KEY="${COCO_SECRETS_DIR}/kbsPrivateKey"
 KBS_PUBLIC_KEY="${COCO_SECRETS_DIR}/kbsPublicKey"
-SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 VALUES_FILE="${HOME}/values-secret-coco-pattern.yaml"
 
 mkdir -p ${COCO_SECRETS_DIR}
 
-if [ ! -f "${SECURITY_POLICY_FILE}" ]; then
-echo "Creating security policy"
-cat > ${SECURITY_POLICY_FILE} <<EOF
-{
-  "default": [
-  {
-    "type": "insecureAcceptAnything"
-  }],
-  "transports": {}
-}
-EOF
+SSH_KEY_FILE="${COCO_SECRETS_DIR}/id_rsa"
 
+if [ "${COCO_ENABLE_SSH_DEBUG:-false}" = "true" ]; then
+	if [ ! -f "${SSH_KEY_FILE}" ]; then
+		echo "Creating ssh keys for podvm debug access"
+		rm -f "${SSH_KEY_FILE}.pub"
+		ssh-keygen -f "${SSH_KEY_FILE}" -N ""
+	fi
 fi
 
 if [ ! -f "${KBS_PRIVATE_KEY}" ]; then
-    echo "Creating kbs keys"
-    rm -f "${KBS_PUBLIC_KEY}"
-    openssl genpkey -algorithm ed25519 > ${KBS_PRIVATE_KEY}
-    openssl pkey -in "${KBS_PRIVATE_KEY}" -pubout -out "${KBS_PUBLIC_KEY}"
-fi
-
-if [ ! -f "${SSH_KEY_FILE}" ]; then
-    echo "Creating ssh keys"
-    rm -f "${SSH_KEY_FILE}.pub"
-    ssh-keygen -f "${SSH_KEY_FILE}" -N ""
+	echo "Creating kbs keys"
+	rm -f "${KBS_PUBLIC_KEY}"
+	openssl genpkey -algorithm ed25519 >${KBS_PRIVATE_KEY}
+	openssl pkey -in "${KBS_PRIVATE_KEY}" -pubout -out "${KBS_PUBLIC_KEY}"
 fi
 
-
 ## Copy a sample values file if this stuff doesn't exist
 
 if [ ! -f "${VALUES_FILE}" ]; then
-    echo "No values file was found copying template.. please review before deploying"
-    cp "${SCRIPT_DIR}/../values-secret.yaml.template" "${VALUES_FILE}"
-fi
+	echo "No values file was found copying template.. please review before deploying"
+	cp "${SCRIPT_DIR}/../values-secret.yaml.template" "${VALUES_FILE}"
+fi