README
¶
osd-network-verifier
A cli tool and set of libraries that verify the pre-configured networking components for ROSA and OSD CCS clusters.
Overview
osd-network-verifier can be used prior to or after the installation of osd/rosa clusters to ensure the network configuration is correctly set up per OSD requirements listed on https://docs.openshift.com/container-platform/4.6/installing/installing_aws/installing-aws-vpc.html#installation-custom-aws-vpc-requirements_installing-aws-vpc
It currently verifies:
- Egress from VPC subnets to essential OSD domains
- DNS resolution in a VPC
The recommended workflow of diagnostic use of ONV is shown in the following flow diagram:
Cloud Provider Specific READMEs
Building
make build: Builds osd-network-verifier executable in base directory
Terraform Scripts (AWS)
The Terraform scripts in this repository allow you to set up a secure and scalable network infrastructure in AWS for testing. It will create a VPC with public, private, and firewall(optinal) subnets, an Internet Gateway, a NAT Gateway, and a network firewall(optinal).
Getting Started
- Clone this repository.
- Navigate to the Terraform scripts directory:
examples/aws/terraform. - Copy the
terraform.tfvars.examplefile toterraform.tfvarsand replace the placeholder values with your actual values. - Run
terraform initto initialize Terraform. - Run
terraform applyto create the infrastructure.
See the Terraform README.md for detailed instructions.
Contributing and Maintenance
If interested, please fork this repo and create pull requests to the main branch.
Golden AMI
osd-network-verifier depends on these publicly available AMIs built from the osd-network-verifier-golden-ami repo.
Golden AMI provides the following:
- runtime environment setup (such as container engine, configurations, etc.)
- building and embedding the validator binary which performs the individual checks to the endpoints
Egress Lists
This lists of essential domains for egress verification should be maintained in the GitLab repo. Newly-added lists should be registered as "platform types" in helpers.go using the list file's extensionless name as the value (e.g., abc.yaml should be registered as PlatformABC string = "abc"). Finally, the --platform help message and value handling logic in cmd.go should also be updated.
IAM Permission Requirement List
Version ID required for IAM support role may need update to match specification in AWS docs.
Release Process
See RELEASE.md
Documentation
¶
There is no documentation for this package.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
cleangoldenami
module
|
|
|
egress
Experimental curl-based probe shim Allows the verifier client to parse YAML endpoint lists while testing the experimental probe This is just a shim to allow for testing until OSD-21609 proposes a new endpoint list format
|
Experimental curl-based probe shim Allows the verifier client to parse YAML endpoint lists while testing the experimental probe This is just a shim to allow for testing until OSD-21609 proposes a new endpoint list format |
|
examples
|
|
|
integration
module
|
|
|
pkg
|
|
|
mocks
Package mocks is a generated GoMock package.
|
Package mocks is a generated GoMock package. |
|
verifier/aws
Experimental curl-based probe shim Allows the verifier client to use the experimental probe interface This is just a shim to allow for testing until we deprecate the legacy probe code
|
Experimental curl-based probe shim Allows the verifier client to use the experimental probe interface This is just a shim to allow for testing until we deprecate the legacy probe code |