From 3d7435669c7e5408badeecec6f2063fad9013df9 Mon Sep 17 00:00:00 2001
From: Aline Abler <aline.abler@vshn.ch>
Date: Fri, 15 Nov 2024 11:19:19 +0100
Subject: [PATCH 1/4] Update Cloudscale install documentation to enable
 machine-api provider

---
 .../partials/install/bootstrap-nodes.adoc     | 66 ++++++++++++++++---
 .../prepare-syn-config-machine-api.adoc       | 20 ++++++
 .../partials/install/prepare-syn-config.adoc  |  4 ++
 3 files changed, 81 insertions(+), 9 deletions(-)
 create mode 100644 docs/modules/ROOT/partials/install/prepare-syn-config-machine-api.adoc

diff --git a/docs/modules/ROOT/partials/install/bootstrap-nodes.adoc b/docs/modules/ROOT/partials/install/bootstrap-nodes.adoc
index 7666d445..220e5e14 100644
--- a/docs/modules/ROOT/partials/install/bootstrap-nodes.adoc
+++ b/docs/modules/ROOT/partials/install/bootstrap-nodes.adoc
@@ -98,6 +98,32 @@ terraform apply
 
 ifeval::["{provider}" == "cloudscale"]
 . Add the DNS records for etcd shown in output variable `dns_entries` from the previous step to the cluster's parent zone
+
+. Apply the manifests for the cloudscale machine-api provider
++
+[source,bash,subs="attributes+"]
+----
+cat ../machine-api-provider-cloudscale/00_secrets.yaml  | yq '(select(document_index==0) | .stringData.token) = "'$(vault kv get -format=json clusters/kv/${TENANT_ID}/${CLUSTER_ID}/cloudscale/ | jq -r .data.data.token)'" ' | kubectl apply -f -
+
+kubectl apply  -f ../machine-api-provider-cloudscale/10_clusterRoleBinding.yaml
+
+kubectl apply -f ../machine-api-provider-cloudscale/10_serviceAccount.yaml
+
+kubectl apply -f ../machine-api-provider-cloudscale/11_deployment.yaml
+----
+
+. Apply the machinesets from terraform
++
+[source,bash,subs="attributes+"]
+----
+terraform output -raw worker-machineset_yml | grep -vP '^(│|╵|╷|There are some problems with the CLI configuration)' | yq -P > worker-machineset.yml
+head worker-machineset.yml
+kubectl apply -f worker-machineset.yml
+
+terraform output -raw infra-machineset_yml | grep -vP '^(│|╵|╷|There are some problems with the CLI configuration)' | yq -P > infra-machineset.yml
+head infra-machineset.yml
+kubectl apply -f infra-machineset.yml
+----
 endif::[]
 
 . Wait for bootstrap to complete
@@ -122,7 +148,12 @@ kubectl taint no -l node-role.kubernetes.io/master node.cloudprovider.kubernetes
 ----
 --
 
+ifeval::["{provider}" != "cloudscale"]
 . Remove bootstrap node and provision remaining nodes
+endif::[]
+ifeval::["{provider}" == "cloudscale"]
+. Remove bootstrap node
+endif::[]
 +
 [source,bash,subs="attributes+"]
 ----
@@ -132,6 +163,30 @@ terraform apply
 popd
 ----
 
+. Review and merge the LB hieradata MR (listed in Terraform output `hieradata_mr`) and run Puppet on the LBs after the deploy job has completed
++
+[source,bash]
+----
+for fqdn in "${LB_FQDNS[@]}"; do
+  ssh "${fqdn}" sudo puppetctl run
+done
+----
+
+. Scale up the infra and worker machinesets
++
+[source,bash]
+----
+INFRA_NODES=3 # adjust to desired number of infra nodes
+WORKER_NODES=3 # adjust to desired number of worker nodes
+----
++
+[source,bash]
+----
+kubectl scale machineset -nopenshift-machine-api infra --replicas="${INFRA_NODES}"
+kubectl scale machineset -nopenshift-machine-api worker --replicas="${WORKER_NODES}"
+----
+endif::[]
+
 . Disable OpenShift kube-proxy deployment and revert Cilium patch
 +
 [source,bash]
@@ -146,15 +201,7 @@ done && echo -e "\nCilium config updated"
 kubectl -n cilium rollout restart ds/cilium
 ----
 
-. Review and merge the LB hieradata MR (listed in Terraform output `hieradata_mr`) and run Puppet on the LBs after the deploy job has completed
-+
-[source,bash]
-----
-for fqdn in "${LB_FQDNS[@]}"; do
-  ssh "${fqdn}" sudo puppetctl run
-done
-----
-
+ifeval::["{provider}" != "cloudscale"]
 . Approve node certs
 +
 include::partial$install/approve-node-csrs.adoc[]
@@ -185,6 +232,7 @@ kubectl get node -ojson | \
 +
 [NOTE]
 At this point you may want to add extra labels to the additional worker groups, if there are any.
+endif::[]
 
 . Enable proxy protocol on ingress controller
 +
diff --git a/docs/modules/ROOT/partials/install/prepare-syn-config-machine-api.adoc b/docs/modules/ROOT/partials/install/prepare-syn-config-machine-api.adoc
new file mode 100644
index 00000000..87663c50
--- /dev/null
+++ b/docs/modules/ROOT/partials/install/prepare-syn-config-machine-api.adoc
@@ -0,0 +1,20 @@
+ifeval::["{provider}" == "cloudscale"]
+. Prepare cloudscale machine-api provider
++
+[source,bash,subs="attributes+"]
+----
+yq eval -i ".parameters.openshift4_terraform.terraform_variables.worker_count = 0" \
+  ${CLUSTER_ID}.yml
+
+yq eval -i ".parameters.openshift4_terraform.terraform_variables.infra_count = 0" \
+  ${CLUSTER_ID}.yml
+
+
+yq -i '.applications += "machine-api-provider-cloudscale"' \
+  ${CLUSTER_ID}.yml
+yq eval -i ".parameters.openshift4_terraform.terraform_variables.make_worker_adoptable_by_provider = true" \
+  ${CLUSTER_ID}.yml
+yq eval -i '.parameters.machine_api_provider_cloudscale.secrets["cloudscale-user-data"].stringData.ignitionCA = "${openshift4_terraform:terraform_variables:ignition_ca}"' \
+  ${CLUSTER_ID}.yml
+----
+endif::[]
diff --git a/docs/modules/ROOT/partials/install/prepare-syn-config.adoc b/docs/modules/ROOT/partials/install/prepare-syn-config.adoc
index 5a45a509..4d989483 100644
--- a/docs/modules/ROOT/partials/install/prepare-syn-config.adoc
+++ b/docs/modules/ROOT/partials/install/prepare-syn-config.adoc
@@ -62,6 +62,7 @@ yq eval -i ".parameters.openshift4_version.spec.channel = \"fast-{ocp-minor-vers
 
 ifeval::["{provider}" == "cloudscale"]
 :is-terraform: yes
+:use-machine-api: yes
 endif::[]
 ifeval::["{provider}" == "exoscale"]
 :is-terraform: yes
@@ -70,6 +71,9 @@ endif::[]
 ifeval::["{is-terraform}" == "yes"]
 include::partial$install/prepare-syn-config-terraform.adoc[]
 endif::[]
+ifeval::["{use-machine-api}" == "yes"]
+include::partial$install/prepare-syn-config-machine-api.adoc[]
+endif::[]
 ifeval::["{provider}" == "vsphere"]
 include::partial$install/prepare-syn-config-vsphere.adoc[]
 endif::[]

From d79c4db537216f2fa8581a61194709a3c832eb81 Mon Sep 17 00:00:00 2001
From: Aline Abler <alinea@riseup.net>
Date: Fri, 15 Nov 2024 12:39:59 +0100
Subject: [PATCH 2/4] Update
 docs/modules/ROOT/partials/install/bootstrap-nodes.adoc

Co-authored-by: Simon Gerber <simon.gerber@vshn.ch>
---
 docs/modules/ROOT/partials/install/bootstrap-nodes.adoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/modules/ROOT/partials/install/bootstrap-nodes.adoc b/docs/modules/ROOT/partials/install/bootstrap-nodes.adoc
index 220e5e14..6417e03e 100644
--- a/docs/modules/ROOT/partials/install/bootstrap-nodes.adoc
+++ b/docs/modules/ROOT/partials/install/bootstrap-nodes.adoc
@@ -103,7 +103,7 @@ ifeval::["{provider}" == "cloudscale"]
 +
 [source,bash,subs="attributes+"]
 ----
-cat ../machine-api-provider-cloudscale/00_secrets.yaml  | yq '(select(document_index==0) | .stringData.token) = "'$(vault kv get -format=json clusters/kv/${TENANT_ID}/${CLUSTER_ID}/cloudscale/ | jq -r .data.data.token)'" ' | kubectl apply -f -
+kapitan refs --reveal --refs-path ../../refs ../machine-api-provider-cloudscale/00_secrets.yaml | kubectl apply -f -
 
 kubectl apply  -f ../machine-api-provider-cloudscale/10_clusterRoleBinding.yaml
 

From b263563181ef38cc0bf2950d82eefb41ca804c4c Mon Sep 17 00:00:00 2001
From: Aline Abler <alinea@riseup.net>
Date: Fri, 15 Nov 2024 12:40:07 +0100
Subject: [PATCH 3/4] Update
 docs/modules/ROOT/partials/install/bootstrap-nodes.adoc

Co-authored-by: Simon Gerber <simon.gerber@vshn.ch>
---
 docs/modules/ROOT/partials/install/bootstrap-nodes.adoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/modules/ROOT/partials/install/bootstrap-nodes.adoc b/docs/modules/ROOT/partials/install/bootstrap-nodes.adoc
index 6417e03e..77011eef 100644
--- a/docs/modules/ROOT/partials/install/bootstrap-nodes.adoc
+++ b/docs/modules/ROOT/partials/install/bootstrap-nodes.adoc
@@ -176,7 +176,7 @@ done
 +
 [source,bash]
 ----
-INFRA_NODES=3 # adjust to desired number of infra nodes
+INFRA_NODES=4 # adjust to desired number of infra nodes
 WORKER_NODES=3 # adjust to desired number of worker nodes
 ----
 +

From 86b47efc0f41dd4ccac7d166b6e44e65986a9fa7 Mon Sep 17 00:00:00 2001
From: Aline Abler <aline.abler@vshn.ch>
Date: Mon, 18 Nov 2024 11:30:06 +0100
Subject: [PATCH 4/4] Add step to manually update LB hieradata

---
 .../partials/install/bootstrap-nodes.adoc     | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/docs/modules/ROOT/partials/install/bootstrap-nodes.adoc b/docs/modules/ROOT/partials/install/bootstrap-nodes.adoc
index 77011eef..14f493ee 100644
--- a/docs/modules/ROOT/partials/install/bootstrap-nodes.adoc
+++ b/docs/modules/ROOT/partials/install/bootstrap-nodes.adoc
@@ -201,6 +201,26 @@ done && echo -e "\nCilium config updated"
 kubectl -n cilium rollout restart ds/cilium
 ----
 
+ifeval::["{provider}" == "cloudscale"]
+. Add Infra Node IPs to LB Hieradata
++
+[source,bash]
+----
+git clone git@git.vshn.net:appuio/appuio_hieradata.git
+
+pushd appuio_hieradata/lbaas
+
+kubectl get node -l "node-role.kubernetes.io/infra" -oyaml | yq '.items[].status.addresses | filter(.type == "InternalIP") | map(.address)' > ips.yml
+
+yq -i '."profile_openshift4_gateway::backends".router = load("ips.yml")' "${CLUSTER_ID}.yaml"
+
+rm ips.yml
+
+git commit -am "Add infra nodes as backends for ${CLUSTER_ID}."
+git push
+popd
+----
+endif::[]
 ifeval::["{provider}" != "cloudscale"]
 . Approve node certs
 +