Step: ipi-conf-vsphere-lb

This step only proceeds for periodic launch jobs. Uses VIPs in ${SHARED_DIR}/vips.txt to create AWS Network Load Balancer and Target Groups. Outputs ${SHARED_DIR}/nlb_arn.txt and ${SHARED_DIR}/tg_arn.txt for use later during deprovisioning.

Container image used for this step: tools

tools resolves to an image built or imported by the ci-operator configuration (documentation).

Environment

Step exposes no environmental variables except the defaults.

Source Code

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
#!/bin/bash

set -o nounset
set -o errexit
set -o pipefail

# Continue iff this is a launch job
if [ "${JOB_NAME_SAFE}" != "launch" ]; then
  echo "Skipping Load Balancer setup."
  exit 0
fi

export AWS_DEFAULT_REGION=us-west-2  # TODO: Derive this?
export AWS_SHARED_CREDENTIALS_FILE=/var/run/vault/vsphere/.awscred
export AWS_MAX_ATTEMPTS=50
export AWS_RETRY_MODE=adaptive
export HOME=/tmp

if ! command -v aws &> /dev/null
then
    echo "$(date -u --rfc-3339=seconds) - Install AWS cli..."
    export PATH="${HOME}/.local/bin:${PATH}"
    if command -v pip3 &> /dev/null
    then
        pip3 install --user awscli
    else
        if [ "$(python -c 'import sys;print(sys.version_info.major)')" -eq 2 ]
        then
          easy_install --user 'pip<21'
          pip install --user awscli
        else
          echo "$(date -u --rfc-3339=seconds) - No pip available exiting..."
          exit 1
        fi
    fi
fi

cluster_name=${NAMESPACE}-${JOB_NAME_HASH}

# Load array created in setup-vips:
# 0: API
# 1: Ingress
declare -a vips
mapfile -t vips < "${SHARED_DIR}"/vips.txt

# Create Network Load Balancer in the subnet that is routable into VMC network
vpc_id=$(aws ec2 describe-vpcs --filters Name=tag:"aws:cloudformation:stack-name",Values=vsphere-vpc --query 'Vpcs[0].VpcId' --output text)
vmc_subnet="subnet-011c2a9515cdc7ef7"  # TODO: Derive this?

echo "Creating Network Load Balancer..."

nlb_arn=$(aws elbv2 create-load-balancer --name ${cluster_name} --subnets ${vmc_subnet} --type network --query 'LoadBalancers[0].LoadBalancerArn' --output text)

# Save NLB ARN for later during deprovision
echo ${nlb_arn} > ${SHARED_DIR}/nlb_arn.txt

echo "Waiting for Network Load Balancer to become available..."

aws elbv2 wait load-balancer-available --load-balancer-arns "${nlb_arn}"

echo "Network Load Balancer created."


# Create the Target Groups and save to tg_arn.txt for later during deprovision
echo "Creating Target Groups for 80/tcp, 443/tcp, and 6443/tcp..."

http_tg_arn=$(aws elbv2 create-target-group --name ${cluster_name}-http --protocol TCP --port 80 --vpc-id ${vpc_id} --target-type ip --query 'TargetGroups[0].TargetGroupArn' --output text)
echo ${http_tg_arn} > ${SHARED_DIR}/tg_arn.txt

https_tg_arn=$(aws elbv2 create-target-group --name ${cluster_name}-https --protocol TCP --port 443 --vpc-id ${vpc_id} --target-type ip --query 'TargetGroups[0].TargetGroupArn' --output text)
echo ${https_tg_arn} >> ${SHARED_DIR}/tg_arn.txt

api_tg_arn=$(aws elbv2 create-target-group --name ${cluster_name}-api --protocol TCP --port 6443 --vpc-id ${vpc_id} --target-type ip --query 'TargetGroups[0].TargetGroupArn' --output text)
echo ${api_tg_arn} >> ${SHARED_DIR}/tg_arn.txt

echo "Target Groups created."


# Register the API and Ingress VIPs with Target Groups
echo "Registering VIPs with Target Groups..."

aws elbv2 register-targets \
    --target-group-arn ${http_tg_arn} \
    --targets Id="${vips[1]}",Port=80,AvailabilityZone=all

aws elbv2 register-targets \
    --target-group-arn ${https_tg_arn} \
    --targets Id="${vips[1]}",Port=443,AvailabilityZone=all

aws elbv2 register-targets \
    --target-group-arn ${api_tg_arn} \
    --targets Id="${vips[0]}",Port=6443,AvailabilityZone=all

echo "VIPs registered."


# Register the VIPs with Target Groups and NLB
echo "Creating Listeners..."

aws elbv2 create-listener \
    --load-balancer-arn ${nlb_arn} \
    --protocol TCP \
    --port 80 \
    --default-actions Type=forward,TargetGroupArn=${http_tg_arn}

aws elbv2 create-listener \
    --load-balancer-arn ${nlb_arn} \
    --protocol TCP \
    --port 443 \
    --default-actions Type=forward,TargetGroupArn=${https_tg_arn}

aws elbv2 create-listener \
    --load-balancer-arn ${nlb_arn} \
    --protocol TCP \
    --port 6443 \
    --default-actions Type=forward,TargetGroupArn=${api_tg_arn}

echo "Listeners created."

Properties

Property Value Description
Resource requests (cpu) 10m Used in .resources.requests of the pod running this step.
Resource requests (memory) 100Mi Used in .resources.requests of the pod running this step.

GitHub Link:

https://github.com/openshift/release/blob/master/ci-operator/step-registry/ipi/conf/vsphere/lb/ipi-conf-vsphere-lb-ref.yaml

Owners:

Approvers:

Source code for this page located on GitHub