-
Story
-
Resolution: Done
-
Normal
-
None
-
4.16.0
-
None
-
Strategic Product Work
-
5
-
False
-
None
-
False
-
OCPSTRAT-1006 - [Tech Preview] Remove Terraform from the GCP IPI installer
-
-
-
Sprint 249, Sprint 250
When installing on GCP, I want control-plane (including bootstrap) machines to bootstrap using ignition.
I want bootstrap ignition to be secured so that sensitive data is not publicly available.
Acceptance Criteria:
Description of criteria:
- Control-plane machines pull ignition (boot successfully)
- Bootstrap ignition is not public (typically signed url)
- Service account is not required for signed url (stretch goal)
- Should be labeled (with owned and user tags)
(optional) Out of Scope:
Destroying bootstrap ignition can be handled separately.
Engineering Details:
- CAPG does not support ignition, so we will need to determine what to pass in Bootstrap to allow passing ignition stub in the user data.
- terraform: https://github.com/openshift/installer/blob/master/data/data/gcp/cluster/master/main.tf#L85
- create storage bucket
- upload bootstrap ignition to object in storage bucket
- create signed url for object
- pass signed url in ignition stub
This requires/does not require a design proposal.
This requires/does not require a feature gate.