cma-ssh

README

CMA SSH Helper API

Overview

The cma-ssh repo provides a helper API for cluster-manager-api by utilizing ssh to interact with virtual machines for kubernetes cluster create, upgrade, add node, and delete.

Getting started

See Protocol Documentation

• open api in swagger ui
• open api in swagger editor

Requirements

• Kubernetes 1.10+

Deployment

The default way to deploy CMA-SSH is by the provided helm chart located in the deployment/helm/cma-ssh directory.

install via helm

1. Locate the private IP of a k8s node that cma-ssh is going to be deployed on and will be used as the install.bootstrapIp.
2. Locate the nginx proxy used by the airgap environment to be used as the install.airgapProxyIp.
3. Install helm chart passing in the above values:

   helm install deployments/helm/cma-ssh --name cma-ssh --set install.bootstrapIp="ip from step 1" --set install.airgapProxyIp="ip of step 2"
   

   *alternatively you can update values.yaml with IPs

Utilizes:

• kubebuilder
• Protocol Buffers
• kustomize

Build

one time setup of tools

• mac osx: make -f build/Makefile install-tools-darwin

• linux: make -f build/Makefile install-tools-linux

To generate code and binary:

• mac osx: make -f build/Makefile darwin

• linux: make -f build/Makefile linux

CRDs are generated in ./crd
RBAC is generated in ./rbac

Helm chart under ./deployments/helm/cma-ssh gets updated with the right CRDs and RBAC

Testing with Azure

Requirements:

• docker
• opctl
• azure cli
  • install on mac osx: brew install azure-cli

Setup steps:

1. create the ssh key pair (requires rsa and 2048 bit) no password

   ssh-keygen -t rsa -b 2048 -f id_rsa
   

2. create args.yml file

   touch .opspec/args.yml
   

   add inputs:

     subscriptionId: <azure subscription id>
     loginId: <azure service principal id (must have permission to edit user permissions in subscription>
     loginSecret: <azure service principal secret>
     loginTenantId: <azure active directory id>
     sshKeyValue: <path to public key from step 1>
     sshPrivateKey: <path to private key from step 1>
     clusterAccountId: <azure service principal for in cluster resources (ex: load balancer creation)>
     clusterAccountSecret: <azure service principal secret>
     rootPassword: <root password for client vm>
     name: <prefix name to give to all resources> (ex: zaptest01)
   

3. from root directory of repo run

   opctl run build-azure
   

   first run takes 10/15 minutes. *this can be run multiple times

4. to get kubeconfig for central cluster:

   • login to azure via cli:

     az login
     

   • get kubeconfig from aks cluster:

     az aks get-credentials -n <name> -g <name>-group
     

     *replace with name from args.yml (step 2)

5. install bootstrap and connect to proxy:

   helm install deployments/helm/cma-ssh --name cma-ssh \
   --set install.operator=false \
   --set images.bootstrap.tag=0.1.17-local \
   --set install.bootstrapIp=10.240.0.6 \
   --set install.airgapProxyIp=10.240.0.7
   

   • check bootstrap latest tag at quay.io
   • bootstrapIP is any node private ip (most likely: 10.240.0.4 thru .6)
   • to get airgapProxyIp run:

   az vm show -g <name>-group -n <name>-proxy -d --query publicIps --out tsv
   

6. locally start operator

   CMA_BOOTSTRAP_IP=10.240.0.6 CMA_NEXUS_PROXY_IP=10.240.0.7 ./cma-ssh
   

creating additional azure vm for testing clusters:

• to create additional vms:

opctl run create-vm

• this will create a new vm and provide the name/public ip

• TODO: return private IP also

cleanup azure:

• TODO: create azure-delete op.

• currently requires manually deleting resources / resource group manually in the azure portal or cli

• resource group will be named <name>-group from args.yml file.