From db345467defaf73f1ddb3ad74d9a5b9f02092e86 Mon Sep 17 00:00:00 2001 From: Chris Butler Date: Tue, 29 Apr 2025 15:06:10 +1000 Subject: [PATCH 1/3] fix: add ripple ns Signed-off-by: Chris Butler --- values-simple.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/values-simple.yaml b/values-simple.yaml index 61383f0b..def003ce 100644 --- a/values-simple.yaml +++ b/values-simple.yaml @@ -16,6 +16,8 @@ clusterGroup: - kbs-access - encrypted-storage - experiment + - ripple + subscriptions: # ACM is kept anticipating From d2260b7dfdc3309f1cb4cfac5e3ed404963233fa Mon Sep 17 00:00:00 2001 From: Chris Butler Date: Thu, 1 May 2025 10:57:53 +1000 Subject: [PATCH 2/3] feat: enable LE Signed-off-by: Chris Butler --- .gitignore | 3 ++- rhdp/wrapper.sh | 4 ++-- values-simple.yaml | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index b6764c81..32dc120a 100644 --- a/.gitignore +++ b/.gitignore @@ -17,4 +17,5 @@ azure-env.sh .openshift* .DS_Store openshift-install -node_modules \ No newline at end of file +node_modules +.envrc diff --git a/rhdp/wrapper.sh b/rhdp/wrapper.sh index 67b20ebe..4a7dc17d 100644 --- a/rhdp/wrapper.sh +++ b/rhdp/wrapper.sh @@ -76,10 +76,10 @@ sleep 60 echo "---------------------" echo "pattern install" echo "---------------------" -export KUBECONFIG=`pwd`/openshift-install/auth/kubeconfig +#export KUBECONFIG=`pwd`/openshift-install/auth/kubeconfig -./pattern.sh make install +#./pattern.sh make install echo "---------------------" echo "pattern install done" echo "---------------------" diff --git a/values-simple.yaml b/values-simple.yaml index def003ce..355200f3 100644 --- a/values-simple.yaml +++ b/values-simple.yaml @@ -97,7 +97,7 @@ clusterGroup: # Default to 'safe' for ARO overrides: - name: letsencrypt.enabled - value: false + value: true hello-openshift: name: hello-openshift namespace: hello-openshift From 1697a16d2290e1a5b9f7e76e4368d3cea6cde57a Mon Sep 17 00:00:00 2001 From: Chris Butler Date: Thu, 1 May 2025 12:59:24 +1000 Subject: [PATCH 3/3] chore(docs): add nat gateway Signed-off-by: Chris Butler --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 6a865e03..36a27c80 100644 --- a/README.md +++ b/README.md @@ -26,6 +26,7 @@ Future work includes: - Only known to work today with everything on one cluster. The work to expand this is in flight. - If not using ARO you must either provide your own CA signed certs, or use let's encrypt. - Must be on 4.16.14 or later. +**- Users must provide a NAT Gateway attached to the worker node subnet when using Azure.** ## Major versions @@ -40,6 +41,7 @@ The pattern has been tested on Azure for two installation methods: 1. Installing onto an ARO cluster 2. Self managed OpenShift install using the `openshift-install` CLI. **REQUIRES ADDITIONAL CONFIGURATION** + ### `1.0.0` 1.0.0 supports OpenShift Sandboxed containers version `1.8.1` along with Trustee version `0.2.0`. @@ -78,6 +80,10 @@ This only has to be done once. 1. Run `sh scripts/gen-secrets.sh` +#### Check your cluster on Azure has a NAT gateway attached +OpenShift does not require a NAT gateway by default, however, peer-pods do require a NAT gateway attached to the worker node subnet. + + #### Configuring let's encrypt. Trustee requires a trusted CA issued certificate. Let's Encrypt is included for environments without a trusted cert on OpenShift's routes.