Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ibmcloud: Improvements to ROKS demo instructions #2253

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

ibmcloud: Improvements to ROKS demo instructions #2253

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
fa35b24
ibmcloud: Improvements to ROKS demo instructions
gcoon151 Jan 21, 2025
3b1e7cb
Merge branch 'confidential-containers:main' into demo1
gcoon151 Feb 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 21 additions & 16 deletions src/cloud-api-adaptor/ibmcloud/ROKS_SETUP.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ If you are using an existing cluster, you can skip this section and proceed to [
1. Create a ROKS cluster

```bash
ibmcloud ks cluster create vpc-gen2 --flavor bx2.4x16 --name "$CLUSTER_NAME" --subnet-id "$SUBNET_ID" --vpc-id "$VPC_ID" --zone "$ZONE" --operating-system RHCOS --workers 2 --version 4.16.23_openshift --disable-outbound-traffic-protection --cos-instance "$COS_CRN"
ibmcloud ks cluster create vpc-gen2 --flavor bx2.4x16 --name "$CLUSTER_NAME" --subnet-id "$SUBNET_ID" --vpc-id "$VPC_ID" --zone "$ZONE" --operating-system RHCOS --workers 2 --version 4.17.12_openshift --disable-outbound-traffic-protection --cos-instance "$COS_CRN"

```

Expand Down Expand Up @@ -80,7 +80,7 @@ By default, your Red Hat OpenShift cluster will not work with the peer pod compo
1. Allow `cloud-api-adaptor` to update pod finalizers

```bash
kubectl apply -n default -f - <<EOF
oc apply -n default -f - <<EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
Expand Down Expand Up @@ -111,7 +111,7 @@ By default, your Red Hat OpenShift cluster will not work with the peer pod compo
1. Label worker nodes for `cloud-api-adaptor`

```bash
kubectl label nodes $(kubectl get nodes -o jsonpath={.items..metadata.name}) node.kubernetes.io/worker=
oc label nodes $(oc get nodes -o jsonpath={.items..metadata.name}) node.kubernetes.io/worker=
```

1. Give `cc-operator` and `cloud-api-adaptor` priviledged OpenShift SCC permission
Expand Down Expand Up @@ -207,7 +207,7 @@ popd
Run the following command to confirm that the operator and cloud-api-adaptor have been deployed:

```bash
kubectl get pods -n confidential-containers-system
oc get pods -n confidential-containers-system
```

Once everything is up and ruuning, you should see output similar to the following:
Expand All @@ -228,8 +228,8 @@ peerpod-ctrl-controller-manager-65f76cb59-vhbt4 2/2 Running 0 5
You can run the following commands to validate that your cluster has been set up properly and is working as expected.

```bash
kubectl apply -n default -f https://raw.githubusercontent.com/istio/istio/release-1.24/samples/curl/curl.yaml
kubectl apply -n default -f - <<EOF
oc apply -n default -f https://raw.githubusercontent.com/istio/istio/release-1.24/samples/curl/curl.yaml
oc apply -n default -f - <<EOF
apiVersion: v1
kind: Pod
metadata:
Expand All @@ -250,8 +250,8 @@ EOF
Run the following commands to verify that the pods, peer pod, and pod VM are up and running:

```bash
kubectl get pods -n default
kubectl get peerpod -n default
oc get pods -n default
oc get peerpod -n default
ibmcloud is instances | grep podvm
```

Expand All @@ -263,9 +263,9 @@ Finally, run the following command to verify that the helloworld service, runnin
from the curl pod:

```bash
export CURL_POD=$(kubectl get pod -n default -l app=curl -o jsonpath={.items..metadata.name})
export HELLO_IP=$(kubectl get pod -n default -l app=helloworld -o jsonpath={.items..status.podIP})
kubectl exec -n default -it $CURL_POD -c curl -- curl http://$HELLO_IP:5000/hello
export CURL_POD=$(oc get pod -n default -l app=curl -o jsonpath={.items..metadata.name})
export HELLO_IP=$(oc get pod -n default -l app=helloworld -o jsonpath={.items..status.podIP})
oc exec -n default -it $CURL_POD -c curl -- curl http://$HELLO_IP:5000/hello
```

If everything is working, you will see the following output:
Expand All @@ -276,22 +276,27 @@ Hello version: v1, instance: helloworld

## Uninstall and clean up

If you want to cleanup the whole demo, including the cluster, simply delete the IBM Cloud cluster. Otherwise:
If you want to cleanup the whole demo, including the cluster, simply delete the IBM Cloud cluster.

> [!NOTE]
> Deleting the cluster might persist the podvm created by cloud-api-adaptor. Make sure to delete the Helloworld pod first.

Otherwise:

1. To delete the Helloworld sample

```bash
kubectl delete -n default -f https://raw.githubusercontent.com/istio/istio/release-1.24/samples/curl/curl.yaml
kubectl delete -n default pod helloworld
oc delete -n default -f https://raw.githubusercontent.com/istio/istio/release-1.24/samples/curl/curl.yaml
oc delete -n default pod helloworld
```

1. To uninstall the peer pod components
1. To uninstall the peer pod components

```bash
pushd test/tools
export CLOUD_PROVIDER=ibmcloud
export TEST_PROVISION_FILE="$HOME/peerpods-cluster.properties"
./caa-provisioner-cli -action=uninstall
kubectl delete ns confidential-containers-system
oc delete ns confidential-containers-system
popd
```
Loading