do not use internal router, since new projects do not have their own router with internet access

50f5c478 · Tim Kreuzer · b073de34 · 50f5c478 · 50f5c478
Commit 50f5c478 authored 1 year ago by Tim Kreuzer
--- a/.gitignore
+++ b/.gitignore
+managed_clusters/**/*
 managed_clusters/*_credentials.sh
 **/keypair.key
--- a/managed_clusters/create.sh
+++ b/managed_clusters/create.sh
@@ -2,9 +2,9 @@

 ### Customization

-NAME="jupyterjsc-production" # Enter a (ideally) unique name for the cluster
-PROJECT_ID="800dd44618eb4fe08f874109d6a54417" # project id from the users project, where the k8s cluster should be created
-SUBNET_CIDR="10.0.101.0/24" # Unique CIDR (10.0.x.0/24) , each cluster needs a different subnet CIDR.
+NAME="loki-1" # Enter a (ideally) unique name for the cluster
+PROJECT_ID="da90a49b04a54afca1298491a5e23ba5" # project id from the users project, where the k8s cluster should be created
+SUBNET_CIDR="10.0.180.0/24" # Unique CIDR (10.0.x.0/24) , each cluster needs a different subnet CIDR.

 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"

@@ -22,7 +22,7 @@ mkdir -p ${DIR}/${NAME}
 # Some variables for our `jsc-cloud-team` management project
 MANAGEMENT_PROJECT_ID=2092d29f72ca4f32ac416cc545986007
 MANAGEMENT_ROUTER_ID=90d2a94c-3bff-4a79-88d2-00dc6626e278
-MANAGEMENT_ROUTER_INTERNAL_ID=5e048465-53ed-4f24-8eec-871cf7d668d5
+#MANAGEMENT_ROUTER_INTERNAL_ID=5e048465-53ed-4f24-8eec-871cf7d668d5
 MANAGEMENT_NETWORK_CIDR="10.0.1.0/24"
 MANAGEMENT_GATEWAY_INTERNAL="10.0.1.253"
 MANAGEMENT_SECGROUP_ID=7b7de2f9-a561-4f3c-929a-fd8bc26a0d2c
@@ -30,13 +30,10 @@ MANAGEMENT_SECGROUP_ID=7b7de2f9-a561-4f3c-929a-fd8bc26a0d2c
 # activate `<user>` project credentials
 source ${DIR}/${NAME}_credentials.sh

-USER_ROUTER_ID=$(openstack router show router -f value -c id)
-
 if [[ $CREATE == "true" ]]; then
    # Create network and share it with `jsc-cloud-team`
    USER_NETWORK_ID=$(openstack network create $NAME -c id -f value)
    USER_SUBNET_ID=$(openstack subnet create --subnet-range $SUBNET_CIDR --dns-nameserver 134.94.32.3 --dns-nameserver 134.94.32.4 --dns-nameserver 134.94.32.5 --network $USER_NETWORK_ID $NAME -c id -f value)
-    openstack router add subnet $USER_ROUTER_ID $USER_SUBNET_ID
    openstack network rbac create --target-project $MANAGEMENT_PROJECT_ID --action access_as_shared --type network $USER_NETWORK_ID
 else
    # Get IDs
@@ -49,11 +46,12 @@ source ${DIR}/management_credentials.sh

 if [[ $CREATE == "true" ]]; then
    # Add port from shared network to jsc-cloud-team's internal router
-    INTERNAL_ROUTER_PORT_ID=$(openstack port create --network $USER_NETWORK_ID -f value -c id ${NAME})
-    INTERNAL_ROUTER_PORT_IP=$(openstack port show $INTERNAL_ROUTER_PORT_ID -f json -c fixed_ips | jq -r '.fixed_ips[0].ip_address')
-    openstack router add port $MANAGEMENT_ROUTER_INTERNAL_ID $INTERNAL_ROUTER_PORT_ID
+    #INTERNAL_ROUTER_PORT_ID=$(openstack port create --network $USER_NETWORK_ID -f value -c id ${NAME})
+    #INTERNAL_ROUTER_PORT_IP=$(openstack port show $INTERNAL_ROUTER_PORT_ID -f json -c fixed_ips | jq -r '.fixed_ips[0].ip_address')
+    #openstack router add port $MANAGEMENT_ROUTER_INTERNAL_ID $INTERNAL_ROUTER_PORT_ID
+    openstack router add subnet $MANAGEMENT_ROUTER_ID $USER_SUBNET_ID
    # Set static route for external (default) router
-    openstack router set --route destination=$SUBNET_CIDR,gateway=$MANAGEMENT_GATEWAY_INTERNAL $MANAGEMENT_ROUTER_ID
+    #openstack router set --route destination=$SUBNET_CIDR,gateway=$MANAGEMENT_GATEWAY_INTERNAL $MANAGEMENT_ROUTER_ID
    # Add security group rules to allow new cluster to reach Rancher VMs
    openstack security group rule create --dst-port 443 --remote-ip=$SUBNET_CIDR --protocol tcp --description "Rancher access for ${NAME} cluster" $MANAGEMENT_SECGROUP_ID -f value -c id
    openstack security group rule create --dst-port 111 --remote-ip=$SUBNET_CIDR --protocol tcp --description "NFS access for ${NAME} cluster" $MANAGEMENT_SECGROUP_ID -f value -c id
@@ -67,7 +65,7 @@ source ${DIR}/${NAME}_credentials.sh

 if [[ $CREATE == "true" ]]; then
    # Set static route for <user> project router
-    openstack router set --route destination=$MANAGEMENT_NETWORK_CIDR,gateway=$INTERNAL_ROUTER_PORT_IP $USER_ROUTER_ID
+    # openstack router set --route destination=$MANAGEMENT_NETWORK_CIDR,gateway=$INTERNAL_ROUTER_PORT_IP $USER_ROUTER_ID

    # Create security group
    # More details: https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/installation-requirements/port-requirements
@@ -135,4 +133,3 @@ echo "--------------------------------"
 echo "---- Logs for the cluster creation (on Rancher-1 VM)----"
 echo "kubectl -n cattle-system logs -f -l app=rancher"
 echo "----------------------------------"
-