Skip to content

Update install instructions from guided-setup #481

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
HappyTetrahedron merged 1 commit into from
Apr 29, 2026
Merged

Update install instructions from guided-setup #481

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 23 additions & 8 deletions docs/modules/ROOT/partials/guided-setup/cloudscale-decommission.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,6 +124,8 @@ You might use the WebUI at https://control.vshn.net/syn/lieutenantapiendpoints t
==== Outputs

* `commodore_tenant_id`
* `vault_address`
* `vault_login_method`
* `csp_region`

==== Script
Expand All @@ -147,6 +149,12 @@ region=$(curl -sH "Authorization: Bearer $(commodore fetch-token)" ${COMMODORE_A
if test -z "$region" && test "$region" != "null" ; then { echo "❌ Failed to retrieve CSP region for cluster ID '$INPUT_commodore_cluster_id'."; exit 1; } ; else { echo "✅ Retrieved CSP region '$region' for cluster ID '$INPUT_commodore_cluster_id'."; } ; fi
env -i "csp_region=$region" >> "$OUTPUT"

echo "Retrieving Vault address and login method..."
vault_addr=$(curl -s "${COMMODORE_API_URL}" | jq -r '.vault.addr')
env -i "vault_address=${vault_addr}" >> "$OUTPUT"
vault_login_method=$(curl -s "${COMMODORE_API_URL}" | jq -r '.vault.loginMethod')
env -i "vault_login_method=${vault_login_method}" >> "$OUTPUT"


# echo "# Outputs"
# cat "$OUTPUT"
Expand Down Expand Up @@ -256,10 +264,8 @@ This step fetches the cluster's Cloudscale token and Floaty token from Vault.

* `vault_address`: Address of the Vault server associated with the Lieutenant API to store cluster secrets.

https://vault-prod.syn.vshn.net/ for production clusters.
https://vault-int.syn.vshn.net/ for test clusters.


* `vault_login_method`
* `commodore_cluster_id`
* `commodore_tenant_id`

Expand All @@ -275,12 +281,13 @@ https://vault-int.syn.vshn.net/ for test clusters.
OUTPUT=$(mktemp)

# export INPUT_vault_address=
# export INPUT_vault_login_method=
# export INPUT_commodore_cluster_id=
# export INPUT_commodore_tenant_id=

set -euo pipefail
export VAULT_ADDR=${INPUT_vault_address}
vault login -method=oidc
vault login -method=${INPUT_vault_login_method}

token=$(vault kv get -format=json \
"clusters/kv/${INPUT_commodore_tenant_id}/${INPUT_commodore_cluster_id}/cloudscale" | \
Expand Down Expand Up @@ -396,6 +403,7 @@ during decommissioning.
==== Inputs

* `vault_address`
* `vault_login_method`
* `commodore_cluster_id`

==== Script
Expand All @@ -405,11 +413,12 @@ during decommissioning.
OUTPUT=$(mktemp)

# export INPUT_vault_address=
# export INPUT_vault_login_method=
# export INPUT_commodore_cluster_id=

set -euo pipefail
export VAULT_ADDR=${INPUT_vault_address}
vault login -method=oidc
vault login -method=${INPUT_vault_login_method}
OPSGENIE_KEY=$(vault kv get -format=json \
clusters/kv/__shared__/__shared__/opsgenie/aldebaran | \
jq -r '.data.data["heartbeat-password"]')
Expand Down Expand Up @@ -943,6 +952,7 @@ This step deletes the cluster's associated backup bucket from Cloudscale.

* `cloudscale_token`
* `vault_address`
* `vault_login_method`
* `commodore_cluster_id`
* `commodore_api_url`
* `backup_deletion_confirmation`: Really delete the cluster backup?
Expand All @@ -962,6 +972,7 @@ OUTPUT=$(mktemp)

# export INPUT_cloudscale_token=
# export INPUT_vault_address=
# export INPUT_vault_login_method=
# export INPUT_commodore_cluster_id=
# export INPUT_commodore_api_url=
# export INPUT_backup_deletion_confirmation=
Expand Down Expand Up @@ -991,7 +1002,7 @@ mkdir catalog
git archive --remote "${REPO_URL}" master | tar -xC catalog

export VAULT_ADDR=${INPUT_vault_address}
vault login -method=oidc
vault login -method=${INPUT_vault_login_method}

# extract restic credentials from catalog and vault
restic_repo=s3:$(yq -o=json 'select(.kind == "Schedule")| .spec.backend.s3 | .endpoint + "/" + .bucket' catalog/manifests/cluster-backup/10_object.yaml | tr -d '"')
Expand Down Expand Up @@ -1306,6 +1317,7 @@ This step cleans up all the cluster's Vault secrets.
* `commodore_cluster_id`
* `commodore_api_url`
* `vault_address`
* `vault_login_method`
* `backup_deletion_confirmation`

==== Script
Expand All @@ -1317,6 +1329,7 @@ OUTPUT=$(mktemp)
# export INPUT_commodore_cluster_id=
# export INPUT_commodore_api_url=
# export INPUT_vault_address=
# export INPUT_vault_login_method=
# export INPUT_backup_deletion_confirmation=

set -euo pipefail
Expand All @@ -1338,7 +1351,7 @@ ID_KEY="$(yq -o=json 'select(.kind == "Secret" and .metadata.name == "objects-ba
SECRET_KEY="$(yq -o=json 'select(.kind == "Secret" and .metadata.name == "objects-backup-s3-credentials") | .stringData.password' catalog/manifests/cluster-backup/10_object.yaml | cut -d: -f2)"

export VAULT_ADDR=${INPUT_vault_address}
vault login -method=oidc
vault login -method=${INPUT_vault_login_method}

for secret in $(find catalog/refs/ -type f \
| sed -r -e 's#catalog/refs#clusters/kv#' -e 's#(.*)/.*#\1#' \
Expand Down Expand Up @@ -1374,6 +1387,7 @@ This step deletes the cluster's OpsGenie heartbeat.
==== Inputs

* `vault_address`
* `vault_login_method`
* `commodore_cluster_id`

==== Script
Expand All @@ -1383,11 +1397,12 @@ This step deletes the cluster's OpsGenie heartbeat.
OUTPUT=$(mktemp)

# export INPUT_vault_address=
# export INPUT_vault_login_method=
# export INPUT_commodore_cluster_id=

set -euo pipefail
export VAULT_ADDR=${INPUT_vault_address}
vault login -method=oidc
vault login -method=${INPUT_vault_login_method}
OPSGENIE_KEY=$(vault kv get -format=json \
clusters/kv/__shared__/__shared__/opsgenie/aldebaran | \
jq -r '.data.data["heartbeat-password"]')
Expand Down
22 changes: 17 additions & 5 deletions docs/modules/ROOT/partials/guided-setup/cloudscale.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -183,6 +183,8 @@ You might use the WebUI at https://control.vshn.net/syn/lieutenantapiendpoints t
==== Outputs

* `commodore_tenant_id`
* `vault_address`
* `vault_login_method`
* `csp_region`

==== Script
Expand All @@ -206,6 +208,12 @@ region=$(curl -sH "Authorization: Bearer $(commodore fetch-token)" ${COMMODORE_A
if test -z "$region" && test "$region" != "null" ; then { echo "❌ Failed to retrieve CSP region for cluster ID '$INPUT_commodore_cluster_id'."; exit 1; } ; else { echo "✅ Retrieved CSP region '$region' for cluster ID '$INPUT_commodore_cluster_id'."; } ; fi
env -i "csp_region=$region" >> "$OUTPUT"

echo "Retrieving Vault address and login method..."
vault_addr=$(curl -s "${COMMODORE_API_URL}" | jq -r '.vault.addr')
env -i "vault_address=${vault_addr}" >> "$OUTPUT"
vault_login_method=$(curl -s "${COMMODORE_API_URL}" | jq -r '.vault.loginMethod')
env -i "vault_login_method=${vault_login_method}" >> "$OUTPUT"


# echo "# Outputs"
# cat "$OUTPUT"
Expand Down Expand Up @@ -679,9 +687,8 @@ This step stores the collected secrets and tokens in the ProjectSyn Vault.

* `vault_address`: Address of the Vault server associated with the Lieutenant API to store cluster secrets.

https://vault-prod.syn.vshn.net/ for production clusters.


* `vault_login_method`
* `commodore_cluster_id`
* `commodore_tenant_id`
* `bucket_user`
Expand All @@ -700,6 +707,7 @@ https://vault-prod.syn.vshn.net/ for production clusters.
OUTPUT=$(mktemp)

# export INPUT_vault_address=
# export INPUT_vault_login_method=
# export INPUT_commodore_cluster_id=
# export INPUT_commodore_tenant_id=
# export INPUT_bucket_user=
Expand All @@ -709,7 +717,7 @@ OUTPUT=$(mktemp)
set -euo pipefail

export VAULT_ADDR=${INPUT_vault_address}
vault login -method=oidc
vault login -method=${INPUT_vault_login_method}

# Set the cloudscale.ch access secrets
vault kv put clusters/kv/${INPUT_commodore_tenant_id}/${INPUT_commodore_cluster_id}/cloudscale \
Expand Down Expand Up @@ -887,6 +895,7 @@ the necessary installation files using Commodore.
* `base_domain`
* `cluster_domain`
* `vault_address`
* `vault_login_method`
* `redhat_pull_secret`
* `csp_region`
* `bucket_user`
Expand All @@ -909,6 +918,7 @@ OUTPUT=$(mktemp)
# export INPUT_base_domain=
# export INPUT_cluster_domain=
# export INPUT_vault_address=
# export INPUT_vault_login_method=
# export INPUT_redhat_pull_secret=
# export INPUT_csp_region=
# export INPUT_bucket_user=
Expand All @@ -922,7 +932,7 @@ openshift-install() {
}

export VAULT_ADDR="${INPUT_vault_address}"
vault login -method=oidc
vault login -method="${INPUT_vault_login_method}"

ssh_private_key="$(pwd)/ssh_${INPUT_commodore_cluster_id}"
ssh_public_key="${ssh_private_key}.pub"
Expand Down Expand Up @@ -1764,6 +1774,7 @@ and ingress loadbalancer.

* `commodore_api_url`
* `vault_address`
* `vault_login_method`
* `kubeconfig_path`

==== Script
Expand All @@ -1774,14 +1785,15 @@ OUTPUT=$(mktemp)

# export INPUT_commodore_api_url=
# export INPUT_vault_address=
# export INPUT_vault_login_method=
# export INPUT_kubeconfig_path=

set -euo pipefail
export COMMODORE_API_URL="${INPUT_commodore_api_url}"
export KUBECONFIG="${INPUT_kubeconfig_path}"

export VAULT_ADDR=${INPUT_vault_address}
vault login -method=oidc
vault login -method=${INPUT_vault_login_method}

echo '# Applying cert-manager ... #'
kubectl apply -f catalog/manifests/cert-manager/00_namespace.yaml
Expand Down
24 changes: 20 additions & 4 deletions docs/modules/ROOT/partials/guided-setup/exoscale-decommission.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -128,6 +128,8 @@ You might use the WebUI at https://control.vshn.net/syn/lieutenantapiendpoints t
==== Outputs

* `commodore_tenant_id`
* `vault_address`
* `vault_login_method`
* `csp_region`

==== Script
Expand All @@ -151,6 +153,12 @@ region=$(curl -sH "Authorization: Bearer $(commodore fetch-token)" ${COMMODORE_A
if test -z "$region" && test "$region" != "null" ; then { echo "❌ Failed to retrieve CSP region for cluster ID '$INPUT_commodore_cluster_id'."; exit 1; } ; else { echo "✅ Retrieved CSP region '$region' for cluster ID '$INPUT_commodore_cluster_id'."; } ; fi
env -i "csp_region=$region" >> "$OUTPUT"

echo "Retrieving Vault address and login method..."
vault_addr=$(curl -s "${COMMODORE_API_URL}" | jq -r '.vault.addr')
env -i "vault_address=${vault_addr}" >> "$OUTPUT"
vault_login_method=$(curl -s "${COMMODORE_API_URL}" | jq -r '.vault.loginMethod')
env -i "vault_login_method=${vault_login_method}" >> "$OUTPUT"


# echo "# Outputs"
# cat "$OUTPUT"
Expand Down Expand Up @@ -400,6 +408,7 @@ during decommissioning.
==== Inputs

* `vault_address`
* `vault_login_method`
* `commodore_cluster_id`

==== Script
Expand All @@ -409,11 +418,12 @@ during decommissioning.
OUTPUT=$(mktemp)

# export INPUT_vault_address=
# export INPUT_vault_login_method=
# export INPUT_commodore_cluster_id=

set -euo pipefail
export VAULT_ADDR=${INPUT_vault_address}
vault login -method=oidc
vault login -method=${INPUT_vault_login_method}
OPSGENIE_KEY=$(vault kv get -format=json \
clusters/kv/__shared__/__shared__/opsgenie/aldebaran | \
jq -r '.data.data["heartbeat-password"]')
Expand Down Expand Up @@ -808,6 +818,7 @@ This step deletes the cluster's associated backup bucket from Exoscale.
* `exoscale_key`
* `exoscale_secret`
* `vault_address`
* `vault_login_method`
* `commodore_cluster_id`
* `commodore_api_url`
* `backup_deletion_confirmation`: Really delete the cluster backup?
Expand All @@ -828,6 +839,7 @@ OUTPUT=$(mktemp)
# export INPUT_exoscale_key=
# export INPUT_exoscale_secret=
# export INPUT_vault_address=
# export INPUT_vault_login_method=
# export INPUT_commodore_cluster_id=
# export INPUT_commodore_api_url=
# export INPUT_backup_deletion_confirmation=
Expand Down Expand Up @@ -860,7 +872,7 @@ mkdir catalog
git archive --remote "${REPO_URL}" master | tar -xC catalog

export VAULT_ADDR=${INPUT_vault_address}
vault login -method=oidc
vault login -method=${INPUT_vault_login_method}

# extract restic credentials from catalog and vault
restic_repo=s3:$(yq -o=json 'select(.kind == "Schedule")| .spec.backend.s3 | .endpoint + "/" + .bucket' catalog/manifests/cluster-backup/10_object.yaml | tr -d '"')
Expand Down Expand Up @@ -1150,6 +1162,7 @@ This step cleans up all the cluster's Vault secrets.
* `commodore_cluster_id`
* `commodore_api_url`
* `vault_address`
* `vault_login_method`
* `backup_deletion_confirmation`

==== Script
Expand All @@ -1161,6 +1174,7 @@ OUTPUT=$(mktemp)
# export INPUT_commodore_cluster_id=
# export INPUT_commodore_api_url=
# export INPUT_vault_address=
# export INPUT_vault_login_method=
# export INPUT_backup_deletion_confirmation=

set -euo pipefail
Expand All @@ -1182,7 +1196,7 @@ ID_KEY="$(yq -o=json 'select(.kind == "Secret" and .metadata.name == "objects-ba
SECRET_KEY="$(yq -o=json 'select(.kind == "Secret" and .metadata.name == "objects-backup-s3-credentials") | .stringData.password' catalog/manifests/cluster-backup/10_object.yaml | cut -d: -f2)"

export VAULT_ADDR=${INPUT_vault_address}
vault login -method=oidc
vault login -method=${INPUT_vault_login_method}

for secret in $(find catalog/refs/ -type f \
| sed -r -e 's#catalog/refs#clusters/kv#' -e 's#(.*)/.*#\1#' \
Expand Down Expand Up @@ -1218,6 +1232,7 @@ This step deletes the cluster's OpsGenie heartbeat.
==== Inputs

* `vault_address`
* `vault_login_method`
* `commodore_cluster_id`

==== Script
Expand All @@ -1227,11 +1242,12 @@ This step deletes the cluster's OpsGenie heartbeat.
OUTPUT=$(mktemp)

# export INPUT_vault_address=
# export INPUT_vault_login_method=
# export INPUT_commodore_cluster_id=

set -euo pipefail
export VAULT_ADDR=${INPUT_vault_address}
vault login -method=oidc
vault login -method=${INPUT_vault_login_method}
OPSGENIE_KEY=$(vault kv get -format=json \
clusters/kv/__shared__/__shared__/opsgenie/aldebaran | \
jq -r '.data.data["heartbeat-password"]')
Expand Down
Loading