Closed ckupe closed 3 years ago
Finding; 'additionalTrustBundle' is not templated into the install-config.yml within the codebase; which is required for the bootstrap to trust the local edge registry in ECR in order to pull the requisite images.
https://www.openshift.com/blog/openshift-4-2-disconnected-install https://repo1.dsop.io/dsop/redhat/platformone/ocp4x/ansible/deploy/-/blob/v2-govcloud-automation/templates/openshift-install/aws-fences-install-config.yaml.j2#L3
Finding; ECR does not allow for unauthenticated image pulls. additional IAM policies will need to be defined and attached to the nodes in order for them to be able to pull from ECR.
Agreed - it is not implemented fully. - will add in readme
Description;
Running the terraform plan does not produce a working bootstrap node with healthy bootkube service in disconnected architecture.
How to reproduce:
This is for following a disconnected/airgapped strategy.
Result:
No logs are returned from bootkube, nor is the bootkube service online.
Expected Result: bootstrap.ign should have been ingested correctly by ignition at boot to configure the bootkube service at runtime; a dead service and lack of logs suggests bootstrap.ign was not successfully pulled from the S3 Bucket for ignition to work.