Merge pull request #15 from mhjacks/test_byoc

mhjacks · web-flow · commit 879f3a13e276 · 2026-04-17T06:38:16.000-05:00
Add BYOC
diff --git a/Changes.md b/Changes.md
@@ -30,3 +30,4 @@ v1.1 - April 2026
 * Change submariner to use vxlan mode by default, for compatibility reasons
 * Default to OCP 4.20+. The subscription for OADP requires "stable" channel not "stable-1.4".
 * Numerous small changes to deal with race conditions and other potential issues
+* Introduce "BYOC" (bring-your-own-cluster) as an option for cluster provisioning (thanks @darkdoc)
diff --git a/Makefile b/Makefile
@@ -1,5 +1,12 @@
 # Generated by patternizer
 # This Makefile includes the common pattern targets from Makefile-common
 # You can add custom targets above or below the include line
-
 include Makefile-common
+
+.PHONY: install-byoc
+install-byoc: ramen-prereq pattern-install ## Installs the pattern onto a cluster (Loads secrets as well if configured)
+
+.PHONY: ramen-prereq
+ramen-prereq: ## Check if values.byoc false do nothing, else run the precheck agains clusters accessed from values-secrets
+	echo "Running precheck for ramendr"
+	cd ansible && ansible-playbook -i hosts $(EXTRA_ARGS) $(EXTRA_VARS) playbooks/validate_byoc.yml
diff --git a/ansible/playbooks/validate_byoc.yml b/ansible/playbooks/validate_byoc.yml
@@ -0,0 +1,195 @@
+---
+- name: Validates that the regional clusters are good to use (byoc)
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  roles:
+    - role: rhvp.cluster_utils.pattern_settings
+      vars:
+        pattern_dir: "{{ playbook_dir }}/../../"
+    - role: rhvp.cluster_utils.find_vp_secrets
+  vars:
+    byoc_enabled: true
+  tasks:
+    - name: Parse secrets data
+      no_log: "{{ hide_sensitive_output | default(true) }}"
+      rhvp.cluster_utils.parse_secrets_info:
+        values_secrets_plaintext: "{{ values_secrets_data }}"
+        secrets_backing_store: "{{ secrets_backing_store | default('vault') }}"
+      register: secrets_results
+
+    - name: Check byoc if we need to
+      block:
+      - name: Set facts for dr clusters backend
+        ansible.builtin.set_fact:
+            clusters:
+              primary_cluster: "{{ secrets_results.parsed_secrets['ocp-primary_cluster_kubeconfig'].fields.kubeconfig }}"
+              secondary_cluster: "{{ secrets_results.parsed_secrets['ocp-secondary_cluster_kubeconfig'].fields.kubeconfig }}"
+
+      - name: Get a tempfile for the kubeconfigs
+        ansible.builtin.tempfile:
+          state: directory
+        register: kubeconfigs_tempfolder
+
+      - name: Store pull secrets in tempfile
+        ansible.builtin.copy:
+          dest: "{{ kubeconfigs_tempfolder.path }}/{{ cluster.key }}"
+          content: "{{ cluster.value }}"
+          mode: "0644"
+        loop_control:
+          loop_var: cluster
+          label: "{{ cluster.key }}"
+        loop: "{{ clusters | dict2items }}"
+
+      - name: Check that both DR clusters are reachable
+        kubernetes.core.k8s_cluster_info:
+          kubeconfig: "{{ kubeconfigs_tempfolder.path }}/{{ cluster.key }}"
+        register: api_status
+        loop_control:
+          loop_var: cluster
+          label: "{{ cluster.key }}"
+        loop: "{{ clusters | dict2items }}"
+
+      - name: Hub cluster version
+        kubernetes.core.k8s_info:
+          api: config.openshift.io/v1
+          kind: ClusterVersion
+          name: version
+        register: hub_clusterversion_raw
+
+      - name: Primary cluster version
+        kubernetes.core.k8s_info:
+          kubeconfig: "{{ kubeconfigs_tempfolder.path }}/primary_cluster"
+          api: config.openshift.io/v1
+          kind: ClusterVersion
+          name: version
+        register: primary_clusterversion_raw
+
+      - name: Secondary cluster version
+        kubernetes.core.k8s_info:
+          kubeconfig: "{{ kubeconfigs_tempfolder.path }}/secondary_cluster"
+          api: config.openshift.io/v1
+          kind: ClusterVersion
+          name: version
+        register: secondary_clusterversion_raw
+
+      - name: Set fact for cluster minor.major versions
+        ansible.builtin.set_fact:
+            primary_cluster_version: "{{ primary_clusterversion_raw.resources[0].status.desired.version.split('.')[:2] | join('.') }}"
+            secondary_cluster_version: "{{ secondary_clusterversion_raw.resources[0].status.desired.version.split('.')[:2] | join('.') }}"
+            hub_cluster_version: "{{ hub_clusterversion_raw.resources[0].status.desired.version.split('.')[:2] | join('.') }}"
+
+      - name: Validate BYOC DR Clusters have the same minor version between 4.18 and 4.20
+        ansible.builtin.assert:
+          that:
+            - hub_cluster_version is ansible.builtin.version("4.18", ">=")
+            - primary_cluster_version is ansible.builtin.version(hub_cluster_version)
+            - secondary_cluster_version is ansible.builtin.version(hub_cluster_version)
+          fail_msg: |
+            FATAL: BYOC DR Clusters have different versions:
+            Primary: {{ primary_cluster_version }}, Secondary: {{ secondary_cluster_version }} HUB: {{ hub_cluster_version }}).
+            Currently only same minor verion supported by ramenDR and odf.
+
+      - name: Hub cluster network
+        kubernetes.core.k8s_info:
+          api: config.openshift.io/v1
+          kind: Network
+          name: cluster
+        register: hub_clusternetwork_raw
+
+      - name: Primary cluster network
+        kubernetes.core.k8s_info:
+          kubeconfig: "{{ kubeconfigs_tempfolder.path }}/primary_cluster"
+          api: config.openshift.io/v1
+          kind: Network
+          name: cluster
+        register: primary_clusternetwork_raw
+
+      - name: Secondary cluster network
+        kubernetes.core.k8s_info:
+          kubeconfig: "{{ kubeconfigs_tempfolder.path }}/secondary_cluster"
+          api: config.openshift.io/v1
+          kind: Network
+          name: cluster
+        register: secondary_clusternetwork_raw
+
+      - name: Set fact for cluster network vars
+        ansible.builtin.set_fact:
+            hub_cluster_cluster_cidr: "{{ hub_clusternetwork_raw.resources[0].spec.clusterNetwork[0].cidr }}"
+            hub_cluster_service_cidr: "{{ hub_clusternetwork_raw.resources[0].spec.serviceNetwork[0] }}"
+            primary_cluster_cluster_cidr: "{{ primary_clusternetwork_raw.resources[0].spec.clusterNetwork[0].cidr }}"
+            primary_cluster_service_cidr: "{{ primary_clusternetwork_raw.resources[0].spec.serviceNetwork[0] }}"
+            secondary_cluster_cluster_cidr: "{{ secondary_clusternetwork_raw.resources[0].spec.clusterNetwork[0].cidr }}"
+            secondary_cluster_service_cidr: "{{ secondary_clusternetwork_raw.resources[0].spec.serviceNetwork[0] }}"
+
+      - name: Validate BYOC DR Clusters have non overlapping pod networks.
+        ansible.builtin.assert:
+          that:
+            - not (hub_cluster_cluster_cidr | ansible.utils.ipaddr(primary_cluster_cluster_cidr))
+            - not (hub_cluster_cluster_cidr | ansible.utils.ipaddr(secondary_cluster_cluster_cidr))
+            - not (primary_cluster_cluster_cidr | ansible.utils.ipaddr(secondary_cluster_cluster_cidr))
+          fail_msg: |
+            FATAL: BYOC DR Clusters have overlapping pod networks :
+            Primary: {{ primary_cluster_cluster_cidr }}, Secondary: {{ secondary_cluster_cluster_cidr }} HUB: {{ hub_cluster_cluster_cidr }}).
+
+      - name: Validate BYOC DR Clusters have non overlapping service networks.
+        ansible.builtin.assert:
+          that:
+            - not (hub_cluster_service_cidr | ansible.utils.ipaddr(primary_cluster_service_cidr))
+            - not (hub_cluster_service_cidr | ansible.utils.ipaddr(secondary_cluster_service_cidr))
+            - not (primary_cluster_service_cidr | ansible.utils.ipaddr(secondary_cluster_service_cidr))
+          fail_msg: |
+            FATAL: BYOC DR Clusters have overlapping service networks:
+            Primary: {{ primary_cluster_service_cidr }}, Secondary: {{ secondary_cluster_service_cidr }} HUB: {{ hub_cluster_service_cidr }}).
+
+      - name: Get primary cluster node info
+        kubernetes.core.k8s_info:
+          kubeconfig: "{{ kubeconfigs_tempfolder.path }}/primary_cluster"
+          kind: Node
+          label_selectors:
+            - node-role.kubernetes.io/worker
+        register: primary_nodes_raw
+
+      - name: Build instance type list (primary)
+        ansible.builtin.set_fact:
+          primary_worker_instance_types: "{{ primary_worker_instance_types | default([]) + [ item.metadata.labels['node.kubernetes.io/instance-type'] ] }}"
+        loop: "{{ primary_nodes_raw.resources }}"
+        loop_control:
+          label: "{{ item.metadata.name }}"
+        when: item.metadata.labels is defined and
+              'node.kubernetes.io/instance-type' in item.metadata.labels
+
+      - name: Make instance types unique (primary-cluster)
+        ansible.builtin.set_fact:
+          primary_worker_instance_types: "{{ primary_worker_instance_types | unique }}"
+
+      - name: Get secondary cluster node info
+        kubernetes.core.k8s_info:
+          kubeconfig: "{{ kubeconfigs_tempfolder.path }}/secondary_cluster"
+          kind: Node
+          label_selectors:
+            - node-role.kubernetes.io/worker
+        register: secondary_nodes_raw
+
+      - name: Build instance type list (secondary)
+        ansible.builtin.set_fact:
+          secondary_worker_instance_types: "{{ secondary_worker_instance_types | default([]) + [ item.metadata.labels['node.kubernetes.io/instance-type'] ] }}"
+        loop_control:
+          label: "{{ item.metadata.name }}"
+        loop: "{{ secondary_nodes_raw.resources }}"
+        when: item.metadata.labels is defined and
+              'node.kubernetes.io/instance-type' in item.metadata.labels
+
+      - name: Make instance types unique (primary-cluster)
+        ansible.builtin.set_fact:
+          secondary_worker_instance_types: "{{ secondary_worker_instance_types | unique }}"
+
+      - name: Validate BYOC DR Clusters have metal node to run virtual machine workload
+        ansible.builtin.assert:
+          that:
+            - primary_worker_instance_types | select('search', 'metal') | list | length > 0
+            - secondary_worker_instance_types | select('search', 'metal') | list | length > 0
+          fail_msg: |
+            FATAL: BYOC DR Clusters have no metal nodes:
+            Primary: {{ primary_worker_instance_types }}).
+            Secondary: {{ primary_worker_instance_types }}).
diff --git a/overrides/values-cluster-names.yaml b/overrides/values-cluster-names.yaml
@@ -27,3 +27,10 @@ clusterOverrides:
 # DRPC overrides (preferredCluster defaults to primary if unset)
 drpc:
   preferredCluster: ocp-primary
+
+# Set this to "true", provision clusters, and add their kubeconfigs
+# as described in the values-secret template; then run
+# ./pattern.sh make install-byoc.
+# That target will run a validation play to ensure the cluster
+# setup will work with ramen patterns
+byoc: false
diff --git a/requirements.yml b/requirements.yml
@@ -1,3 +1,6 @@
 ---
 collections:
   - kubernetes.core
+  - name: https://github.com/mhjacks/rhvp.cluster_utils
+    type: git
+    version: v1
diff --git a/values-hub.yaml b/values-hub.yaml
@@ -110,8 +110,10 @@ clusterGroup:
       name: regional-dr
       namespace: regional-dr
       project: opp
-      repoURL: https://github.com/validatedpatterns/regionaldr-with-virt-chart.git
-      chartVersion: main
+      #repoURL: https://github.com/validatedpatterns/regionaldr-with-virt-chart.git
+      #chartVersion: main
+      repoURL: https://github.com/mhjacks/regionaldr-with-virt-chart.git
+      chartVersion: test_byoc
       path: "."
       annotations:
         argocd.argoproj.io/sync-wave: "10"
diff --git a/values-secret.yaml.template b/values-secret.yaml.template
@@ -2,7 +2,7 @@
 # NEVER COMMIT THESE VALUES TO GIT
 version: "2.0"
 secrets:
-  # This is to make the secrets available to spoke clusters 
+  # This is to make the secrets available to spoke clusters
   - name: vm-ssh
     vaultPrefixes:
     - global
@@ -16,7 +16,7 @@ secrets:
     - name: publickey
       value: 'Public ssh key of the user who will be able to elevate to root to provision kiosks'
 
-  # This is to make the secrets available to spoke clusters 
+  # This is to make the secrets available to spoke clusters
   - name: cloud-init
     vaultPrefixes:
     - global
@@ -49,3 +49,14 @@ secrets:
     fields:
       - name: .dockerconfigjson
         value: "A standard OpenShift pull secret"
+
+# These are needed if you want to use and import your own regional clusters
+# by setting byoc: true in rdr chart
+# - name: ocp-primary_cluster_kubeconfig
+#   fields:
+#     - name: kubeconfig
+#       path: path to kubeconfig for the cluster
+# - name: ocp-secondary_cluster_kubeconfig
+#   fields:
+#     - name: kubeconfig
+#       path: path to kubeconfig for the cluster
