This repository provides the tools and configuration needed to deploy and manage Red Hat OpenShift Container Platform clusters on Oracle Cloud Infrastructure (OCI). It includes:

• Terraform stacks for provisioning the required OCI infrastructure.
• OpenShift and Kubernetes manifest files for installing and configuring clusters.

Overview

Installing OpenShift clusters on OCI involves two main stages:

1. Provisioning Infrastructure

Before installing OpenShift clusters, you must set up the required OCI infrastructure including Virtual Cloud Networks (VCNs), public and private subnets, compute instances (control plane and worker nodes), load balancers, IAM policies, and object storage buckets. You can provision infrastructure in two ways:

• Using Terraform: Create OCI resources using the Terraform stack provided in this repo or available via the OCI Console. This method is recommended for connected environments.

• Manual Provisioning: Manually create the resources using OCI Console and CLI. Use this method for disconnected or air-gapped environments, or if you can't use the OCI-provided Terraform due to policy restrictions.

2. Installing and Configuring Cluster

Deploying an OpenShift cluster on OCI combines actions performed in the Red Hat Hybrid Cloud Console and the OCI Console. You can install and configure OpenShift clusters on OCI using either the Red Hat's Assisted Installer or Agent-based Installer.

Pre-Installation

Before you begin, ensure you have:

• A Red Hat account and access to either the Assisted Installer or the Agent-based Installer.
• An OCI account with the required permissions to create and manage resources.
• An internet domain to serve the OpenShift Container Platform console that runs on cluster resources in OCI.
• An SSH key pair for cluster installation.
• A pull secret provided from the Red Hat Hybrid Cloud Console. See Using image pull secrets in the Red Hat documentation for details.
• (Optional) A dedicated compartment for the cluster resources. You can also use an existing compartment.
• (Optional) An Object Storage bucket to store the discovery ISO image. You can also use an existing bucket.
• Access to the required configuration files, including the custom manifests and terraform stacks.

⚠️ Important: Resource attribution tags are mandatory for OpenShift on OCI.

Before creating the cluster, ensure the required resource attribution tags already exist. If they do not exist yet, run the create-attribution-tags stack first. You typically do this for the first cluster deployment in a tenancy or environment. After the tags exist, later cluster deployments can reuse them.

These tags are not optional. The tagging-controller ensures the required OpenShift resource attribution tags exist on the OCI resources used by the cluster, including the instances that run OpenShift on OCI. If the tag namespace or defined tag is missing, or if the cluster does not have permission to use that tag namespace, the OpenShift cluster will fail to bootstrap.

The required resource attribution tag structure is:

{"openshift-tags": {"openshift-resource": "openshift-resource-infra"}}

Customers must also ensure that the OpenShift cluster can access the compartment that owns the resource attribution tags. When the cluster uses OCI instance principals, the control plane dynamic group must be allowed to use the tag namespace in the compartment where the resource attribution tags are defined.

Example:

1. The resource attribution tags exist in compartment ocid.id.aaaa.
2. The cluster runs with instance principals and uses the dynamic group openshift_control_plane_nodes.
3. Add a policy that allows that dynamic group to use tag namespaces in the compartment that owns the tags.

Allow dynamic-group openshift_control_plane_nodes to use tag-namespaces in compartment id ocid.id.aaaa

Before creating the cluster, verify both of the following:

• The openshift-tags tag namespace and the openshift-resource=openshift-resource-infra defined tag already exist.
• The cluster's instance principal dynamic group has permission to use tag namespaces in the compartment that contains those tags.

Install OpenShift Clusters on OCI

Follow the installation instructions for your preferred method:

• Assisted Installer: An automated installation method using the Red Hat Assisted Installer for connected environments.
• Agent-based Installer: An advanced installation method that requires you to provision the infrastructure in one of the two ways:
  • Terraform Provisioning - For connected environments.
  • Manual Provisioning - For disconnected or air-gapped environments.

Post-Installation

Verify that your cluster is installed and running smoothly. For instructions see the following Red Hat documentation:

• Verifying successful cluster installation for Assisted Installer
• Verifying successful cluster installation for Agent-based Installer

Additional Documentation

Oracle Documentation

• Overview of OpenShift Container Platform on OCI

Red Hat Documentation

• Installing a cluster on Oracle Cloud Infrastructure (OCI) by using the Assisted Installer
• Installing a cluster on Oracle Cloud Infrastructure (OCI) by using the Agent-based Installer

Contributing

This project welcomes contributions from the community. Before submitting a pull request, please review our contribution guide

Security

Please consult the security guide for our responsible security vulnerability disclosure process

License

Copyright (c) 2022 Oracle and/or its affiliates.

Released under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl/.