diff --git a/managed_clusters/create.sh b/managed_clusters/create.sh
index f93e9d101dace06b75ff750d2b3abab8c7ea0afc..7ff9f959d03fc2dd97e8ce36e6f80d6022315104 100644
--- a/managed_clusters/create.sh
+++ b/managed_clusters/create.sh
@@ -2,9 +2,24 @@
### Customization
-NAME="loki-1" # Enter a (ideally) unique name for the cluster
-PROJECT_ID="da90a49b04a54afca1298491a5e23ba5" # project id from the users project, where the k8s cluster should be created
-SUBNET_CIDR="10.0.180.0/24" # Unique CIDR (10.0.x.0/24) , each cluster needs a different subnet CIDR.
+NAME="blabladork8s" # Enter a (ideally) unique name for the cluster
+PROJECT_ID="3f8a1f8047b44653babe4b67af7ac84a" # project id from the users project, where the k8s cluster should be created
+SUBNET_CIDR="10.0.151.0/24" # Unique CIDR (10.0.x.0/24) , each cluster needs a different subnet CIDR.
+
+###
+# It is easier to setup a network, which uses the Management router to access the internet.
+# However, sometimes this is not the desired solution.
+# This flag allows you to use a project specific router.
+###
+USE_OWN_ROUTER="true"
+# Only required if USE_OWN_ROUTER is set to true
+if [[ $USE_OWN_ROUTER == "true" ]]; then
+ MANAGEMENT_ROUTER_INTERNAL_ID=5e048465-53ed-4f24-8eec-871cf7d668d5
+ USER_ROUTER_NAME=blablador_router
+fi
+
+USE_RKE2="true"
+
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
@@ -21,8 +36,7 @@ mkdir -p ${DIR}/${NAME}
# Some variables for our `jsc-cloud-team` management project
MANAGEMENT_PROJECT_ID=2092d29f72ca4f32ac416cc545986007
-MANAGEMENT_ROUTER_ID=90d2a94c-3bff-4a79-88d2-00dc6626e278
-#MANAGEMENT_ROUTER_INTERNAL_ID=5e048465-53ed-4f24-8eec-871cf7d668d5
+MANAGEMENT_ROUTER_ID=0cb50dae-dcf9-4c40-8286-f14423a3d471
MANAGEMENT_NETWORK_CIDR="10.0.1.0/24"
MANAGEMENT_GATEWAY_INTERNAL="10.0.1.253"
MANAGEMENT_SECGROUP_ID=7b7de2f9-a561-4f3c-929a-fd8bc26a0d2c
@@ -45,13 +59,16 @@ fi
source ${DIR}/management_credentials.sh
if [[ $CREATE == "true" ]]; then
- # Add port from shared network to jsc-cloud-team's internal router
- #INTERNAL_ROUTER_PORT_ID=$(openstack port create --network $USER_NETWORK_ID -f value -c id ${NAME})
- #INTERNAL_ROUTER_PORT_IP=$(openstack port show $INTERNAL_ROUTER_PORT_ID -f json -c fixed_ips | jq -r '.fixed_ips[0].ip_address')
- #openstack router add port $MANAGEMENT_ROUTER_INTERNAL_ID $INTERNAL_ROUTER_PORT_ID
- openstack router add subnet $MANAGEMENT_ROUTER_ID $USER_SUBNET_ID
- # Set static route for external (default) router
- #openstack router set --route destination=$SUBNET_CIDR,gateway=$MANAGEMENT_GATEWAY_INTERNAL $MANAGEMENT_ROUTER_ID
+ if [[ $USE_OWN_ROUTER == "true" ]]; then
+ # Create new port in shared network and attach it to the internal router
+ INTERNAL_ROUTER_PORT_ID=$(openstack port create --network $USER_NETWORK_ID -f value -c id ${NAME})
+ INTERNAL_ROUTER_PORT_IP=$(openstack port show $INTERNAL_ROUTER_PORT_ID -f json -c fixed_ips | jq -r '.fixed_ips[0].ip_address')
+ openstack router add port $MANAGEMENT_ROUTER_INTERNAL_ID $INTERNAL_ROUTER_PORT_ID
+ # Set static route for external (default) router
+ openstack router set --route destination=$SUBNET_CIDR,gateway=$MANAGEMENT_GATEWAY_INTERNAL $MANAGEMENT_ROUTER_ID
+ else
+ openstack router add subnet $MANAGEMENT_ROUTER_ID $USER_SUBNET_ID
+ fi
# Add security group rules to allow new cluster to reach Rancher VMs
openstack security group rule create --dst-port 443 --remote-ip=$SUBNET_CIDR --protocol tcp --description "Rancher access for ${NAME} cluster" $MANAGEMENT_SECGROUP_ID -f value -c id
openstack security group rule create --dst-port 111 --remote-ip=$SUBNET_CIDR --protocol tcp --description "NFS access for ${NAME} cluster" $MANAGEMENT_SECGROUP_ID -f value -c id
@@ -64,25 +81,46 @@ fi
source ${DIR}/${NAME}_credentials.sh
if [[ $CREATE == "true" ]]; then
- # Set static route for <user> project router
- # openstack router set --route destination=$MANAGEMENT_NETWORK_CIDR,gateway=$INTERNAL_ROUTER_PORT_IP $USER_ROUTER_ID
+ if [[ $USE_OWN_ROUTER == "true" ]]; then
+ # Set static route for <user> project router
+ USER_ROUTER_ID=$(openstack router show -f value -c id ${USER_ROUTER_NAME})
+ openstack router add subnet $USER_ROUTER_ID $USER_SUBNET_ID
+ openstack router set --route destination=$MANAGEMENT_NETWORK_CIDR,gateway=$INTERNAL_ROUTER_PORT_IP $USER_ROUTER_ID
+ fi
# Create security group
# More details: https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/installation-requirements/port-requirements
USER_SEC_GROUP_ID=$(openstack security group create ${NAME} -c id -f value)
- openstack security group rule create --dst-port 22 --remote-ip=$MANAGEMENT_NETWORK_CIDR --protocol tcp --description "SSH provisioning of node by RKE" $USER_SEC_GROUP_ID -f value -c id
- openstack security group rule create --dst-port 2376 --remote-ip=$MANAGEMENT_NETWORK_CIDR --protocol tcp --description "Docker daemon TLS port used by node driver" $USER_SEC_GROUP_ID -f value -c id
- openstack security group rule create --dst-port 80 --remote-ip=$SUBNET_CIDR --protocol tcp --description "http ingress" $USER_SEC_GROUP_ID -f value -c id
- openstack security group rule create --dst-port 443 --remote-ip=$SUBNET_CIDR --protocol tcp --description "https ingress" $USER_SEC_GROUP_ID -f value -c id
- openstack security group rule create --dst-port 2379 --remote-ip=$SUBNET_CIDR --protocol tcp --description "etcd client requests" $USER_SEC_GROUP_ID -f value -c id
- openstack security group rule create --dst-port 2380 --remote-ip=$SUBNET_CIDR --protocol tcp --description "etcd peer communication" $USER_SEC_GROUP_ID -f value -c id
- openstack security group rule create --dst-port 6443 --remote-ip=$SUBNET_CIDR --protocol tcp --description "Kubernetes apiserver" $USER_SEC_GROUP_ID -f value -c id
- openstack security group rule create --dst-port 8472 --remote-ip=$SUBNET_CIDR --protocol udp --description "Canal/Flannel VXLAN overlay networking" $USER_SEC_GROUP_ID -f value -c id
- openstack security group rule create --dst-port 9099 --remote-ip=$SUBNET_CIDR --protocol tcp --description "Canal/Flannel livenessProbe/readinessProbe" $USER_SEC_GROUP_ID -f value -c id
- openstack security group rule create --dst-port 10250 --remote-ip=$SUBNET_CIDR --protocol tcp --description "Metrics server communication with all nodes" $USER_SEC_GROUP_ID -f value -c id
- openstack security group rule create --dst-port 10254 --remote-ip=$SUBNET_CIDR --protocol tcp --description "Ingress controller livenessProbe/readinessProbe" $USER_SEC_GROUP_ID -f value -c id
- openstack security group rule create --dst-port 30000:32767 --remote-ip=$SUBNET_CIDR --protocol tcp --description "NodePort port range" $USER_SEC_GROUP_ID -f value -c id
- openstack security group rule create --dst-port 30000:32767 --remote-ip=$SUBNET_CIDR --protocol udp --description "NodePort port range" $USER_SEC_GROUP_ID -f value -c id
+ if [[ $USE_RKE2 == "true" ]]; then
+ openstack security group rule create --dst-port 9345 --remote-ip=$SUBNET_CIDR --protocol tcp --description "Node registration" $USER_SEC_GROUP_ID -f value -c id
+ openstack security group rule create --dst-port 6443 --remote-ip=$SUBNET_CIDR --protocol tcp --description "Kubernetes API" $USER_SEC_GROUP_ID -f value -c id
+ openstack security group rule create --dst-port 8472 --remote-ip=$SUBNET_CIDR --protocol udp --description "Flannel VXLAN" $USER_SEC_GROUP_ID -f value -c id
+ openstack security group rule create --dst-port 10250 --remote-ip=$SUBNET_CIDR --protocol tcp --description "kubelet, metrics server" $USER_SEC_GROUP_ID -f value -c id
+ openstack security group rule create --dst-port 2379 --remote-ip=$SUBNET_CIDR --protocol tcp --description "etcd client port" $USER_SEC_GROUP_ID -f value -c id
+ openstack security group rule create --dst-port 2380 --remote-ip=$SUBNET_CIDR --protocol tcp --description "etcd peer port" $USER_SEC_GROUP_ID -f value -c id
+ openstack security group rule create --dst-port 30000:32767 --remote-ip=$SUBNET_CIDR --protocol tcp --description "NodePort port range" $USER_SEC_GROUP_ID -f value -c id
+ openstack security group rule create --dst-port 30000:32767 --remote-ip=$SUBNET_CIDR --protocol udp --description "NodePort port range" $USER_SEC_GROUP_ID -f value -c id
+ openstack security group rule create --dst-port 5473 --remote-ip=$SUBNET_CIDR --protocol tcp --description "Calico" $USER_SEC_GROUP_ID -f value -c id
+ openstack security group rule create --dst-port 80 --remote-ip=$SUBNET_CIDR --protocol tcp --description "Rancher UI/API" $USER_SEC_GROUP_ID -f value -c id
+ openstack security group rule create --dst-port 443 --remote-ip=$SUBNET_CIDR --protocol tcp --description "Rancher agent, UI/API, kubectl" $USER_SEC_GROUP_ID -f value -c id
+ openstack security group rule create --dst-port 22 --remote-ip=$SUBNET_CIDR --protocol tcp --description "ssh" $USER_SEC_GROUP_ID -f value -c id
+ openstack security group rule create --dst-port 22 --remote-ip=$MANAGEMENT_NETWORK_CIDR --protocol tcp --description "SSH provisioning of node by RKE" $USER_SEC_GROUP_ID -f value -c id
+ openstack security group rule create --dst-port 2376 --remote-ip=$MANAGEMENT_NETWORK_CIDR --protocol tcp --description "Docker daemon TLS port used by node driver" $USER_SEC_GROUP_ID -f value -c id
+ else
+ openstack security group rule create --dst-port 22 --remote-ip=$MANAGEMENT_NETWORK_CIDR --protocol tcp --description "SSH provisioning of node by RKE" $USER_SEC_GROUP_ID -f value -c id
+ openstack security group rule create --dst-port 2376 --remote-ip=$MANAGEMENT_NETWORK_CIDR --protocol tcp --description "Docker daemon TLS port used by node driver" $USER_SEC_GROUP_ID -f value -c id
+ openstack security group rule create --dst-port 80 --remote-ip=$SUBNET_CIDR --protocol tcp --description "http ingress" $USER_SEC_GROUP_ID -f value -c id
+ openstack security group rule create --dst-port 443 --remote-ip=$SUBNET_CIDR --protocol tcp --description "https ingress" $USER_SEC_GROUP_ID -f value -c id
+ openstack security group rule create --dst-port 2379 --remote-ip=$SUBNET_CIDR --protocol tcp --description "etcd client requests" $USER_SEC_GROUP_ID -f value -c id
+ openstack security group rule create --dst-port 2380 --remote-ip=$SUBNET_CIDR --protocol tcp --description "etcd peer communication" $USER_SEC_GROUP_ID -f value -c id
+ openstack security group rule create --dst-port 6443 --remote-ip=$SUBNET_CIDR --protocol tcp --description "Kubernetes apiserver" $USER_SEC_GROUP_ID -f value -c id
+ openstack security group rule create --dst-port 8472 --remote-ip=$SUBNET_CIDR --protocol udp --description "Canal/Flannel VXLAN overlay networking" $USER_SEC_GROUP_ID -f value -c id
+ openstack security group rule create --dst-port 9099 --remote-ip=$SUBNET_CIDR --protocol tcp --description "Canal/Flannel livenessProbe/readinessProbe" $USER_SEC_GROUP_ID -f value -c id
+ openstack security group rule create --dst-port 10250 --remote-ip=$SUBNET_CIDR --protocol tcp --description "Metrics server communication with all nodes" $USER_SEC_GROUP_ID -f value -c id
+ openstack security group rule create --dst-port 10254 --remote-ip=$SUBNET_CIDR --protocol tcp --description "Ingress controller livenessProbe/readinessProbe" $USER_SEC_GROUP_ID -f value -c id
+ openstack security group rule create --dst-port 30000:32767 --remote-ip=$SUBNET_CIDR --protocol tcp --description "NodePort port range" $USER_SEC_GROUP_ID -f value -c id
+ openstack security group rule create --dst-port 30000:32767 --remote-ip=$SUBNET_CIDR --protocol udp --description "NodePort port range" $USER_SEC_GROUP_ID -f value -c id
+ fi
# Create a keypair, will be used to bootstrap VMs of the new cluster
openstack keypair create ${NAME} > ${DIR}/${NAME}/keypair.key
@@ -99,9 +137,12 @@ echo "applicationCredentialId: ${OS_APPLICATION_CREDENTIAL_ID}"
echo "applicationCredentialSecret: ${OS_APPLICATION_CREDENTIAL_SECRET}"
echo "authUrl: https://cloud.jsc.fz-juelich.de:5000/v3"
echo "domainId: default"
+echo "flavorId: bccc50e4-b3e2-4486-a8f2-628b662b3e15 (16Cpu / 64GB)"
+echo "flavorId: 044f173e-bf2b-4d5a-b326-cf4e2e7416fe (16Cpu / 32GB)"
+echo "flavorId: 373b1465-5a84-4ac6-b264-182099406441 (4Cpu / 16GB)"
echo "flavorId: d468d3fb-18da-4bd3-94ce-9c4793cf2082 (4Cpu / 8GB)"
echo "flavorId: 05572232-73cc-4dfc-87af-b9f84d56bd33 (2Cpu / 4GB)"
-echo "imageId: 1b14ce21-5bd3-4776-860f-8d77a0232d24"
+echo "imageId: efee49e6-c2ab-4242-83ca-5ca78f4548fa"
echo "keypairName: ${NAME}"
echo "netId: ${USER_NETWORK_ID}"
echo "privateKeyFile:"
diff --git a/managed_clusters/delete.sh b/managed_clusters/delete.sh
index aaeec32e10e1cfafff508fb3e1f74ef92013c652..705f879187853f4918c5c460e4ecc04e1d08d4b3 100644
--- a/managed_clusters/delete.sh
+++ b/managed_clusters/delete.sh
@@ -2,8 +2,8 @@
### Customization
-NAME=""
-SUBNET_CIDR=""
+NAME="blablador"
+SUBNET_CIDR="10.0.150.0/24"
###