External variables and verbosity #6
Conversation
…ript - Add CS_CCMLB parameter to configuration files for CCM load balancer type - Replace hardcoded OCTOVN setting in cloud-secret script - Simplify wait-cluster script to show status without looping - Remove .yaml extension from kubeconfig filename
Signed-off-by: Karsten Samaschke <[email protected]>
…/SovereignCloudStack/scs-training-kaas-scripts into external_variables_and_verbosity
- Add 99-prepare-files.sh to automate certificate and clouds.yaml setup - Update README with prerequisites and instructions for config preparation - Clarify that only the last certificate from ca-certificates.crt is needed - Remove unused CL_WAIT_TIMEOUT parameter from all configuration files - Document how to obtain and extract Cloud-in-a-Box certificate
|
Since this is to be published as CC-BY-SA, I would prefer to mark code generated with AI as such in the commit messages. For example, we use Also I think it makes sense to have the |
cluster-settings.env.sample
Outdated
There was a problem hiding this comment.
Why do we need a sample file when we have a template?
And it copies all the comments (which is documentation),
so we now need to adjust one more file when we update them ...
clouds.yaml.sample
Outdated
| region_name: "RegionOne" | ||
| interface: "public" | ||
| identity_api_version: 3 | ||
| verify: false # Skip TLS verification for self-signed certs |
There was a problem hiding this comment.
Hmm, let's comment this one out and rather suggest to fill in a valid ca-bundle.crt, hinting that it would be the last cert in /etc/ssl/certs/ca-certificates.crt on the system with self-signed certs typically.
verify: false is an insecure workaround for cases where you lack it.
|
|
||
| * 17-delete-cluster.sh: Remove cluster again. | ||
| * `08-wait-cluster.sh`: Check cluster status and save kubeconfig if ready. | ||
| This script no longer waits in a loop but provides immediate status |
There was a problem hiding this comment.
It never did.
But that's what's expected from a script with the name wait.
So call it poll or implement waiting ...
|
|
||
| ### Configuration Parameters | ||
|
|
||
| #### Registry and Repository Settings |
There was a problem hiding this comment.
I like the way you structure the settings in different groups.
We probably should be thinking about new prefixes for the first two categories.
We also need to make sure we don't duplicate information too much, as divergence is otherwise hard to avoid.
We have the main documentation for the parameters in the -template.env file. It would be my preferred place, TBH.
Additional documentation then should NOT repeat the explanations in there, but introduce higher level concepts etc.
|
|
||
| ### Obtaining the Cloud-in-a-Box Certificate | ||
|
|
||
| If you're using SCS Cloud-in-a-Box (CiaB), you'll need to obtain the certificate. The certificates are located on the CiaB manager host at `/etc/ssl/certs/ca-certificates.crt`. |
There was a problem hiding this comment.
| If you're using SCS Cloud-in-a-Box (CiaB), you'll need to obtain the certificate. The certificates are located on the CiaB manager host at `/etc/ssl/certs/ca-certificates.crt`. | |
| If you're using SCS Cloud-in-a-Box (CiaB), you'll need to obtain the certificate. The certificates are located on the CiaB manager host at `/etc/ssl/certs/ca-certificates.crt`. | |
| This step is only required because CiaB uses self-signed certificates -- please skip it on clouds that use TLS certificates that are signed by a proper certificate authority (CA). |
17-delete-cluster.sh
Outdated
| @@ -16,7 +16,7 @@ if test -z "$CS_MAINVER"; then echo "Configure CS_MAINVER"; exit 2; fi | |||
| if test -z "$CS_VERSION"; then echo "Configure CS_VERSION"; exit 3; fi | |||
| if test -z "$CL_PATCHVER"; then echo "Configure CL_PATCHVER"; exit 4; fi | |||
| if test -z "$CL_NAME"; then echo "Configure CL_NAME"; exit 5; fi | |||
| if test -z "$CL_PODDIDR"; then echo "Configure CL_PODCIDR"; exit 6; fi | |||
| if test -z "$CL_PODCIDR"; then echo "Configure CL_PODCIDR"; exit 6; fi | |||
Signed-off-by: Kurt Garloff <[email protected]>
|
Overall comments:
Sidenote: #9 adds a lot more robustness to the clouds.yaml handling, one thing that people will stumble upon. |
Signed-off-by: Kurt Garloff <[email protected]>
04-cloud-secret.sh can only append auth values to the end. Signed-off-by: Kurt Garloff <[email protected]>
Adjust sample to be consistent. Signed-off-by: Kurt Garloff <[email protected]>
Signed-off-by: Kurt Garloff <[email protected]>
Signed-off-by: Kurt Garloff <[email protected]>
Summary
Changes Made
Configuration Enhancement
CS_CCMLBparameter to bothcluster-settings-template.envandcluster-settings.env.sample04-cloud-secret.sh, replacing it with dynamic configuration based on CS_CCMLB valueScript Simplification
08-wait-cluster.shto check cluster status once instead of looping.yamlextension from kubeconfig filename to follow Kubernetes conventions