Create unique machine CIDR per ROSA cluster (keycloak#478)

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
andyuk1986 · Aug 10, 2023 · e5e3354 · e5e3354
1 parent 34d9891
commit e5e3354
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 9 deletions.
diff --git a/.github/workflows/rosa-cluster-create.yml b/.github/workflows/rosa-cluster-create.yml
@@ -21,11 +21,6 @@ on:
         required: true
         default: '2'
         type: string
-      machineCidr:
-        description: 'Machine CIDR of the ROSA cluster'
-        required: true
-        default: '10.0.0.0/16'
-        type: string
 
 concurrency: cluster_${{ github.event.inputs.clusterName || format('gh-{0}', github.repository_owner) }}
 
@@ -59,7 +54,6 @@ jobs:
           COMPUTE_MACHINE_TYPE: ${{ inputs.computeMachineType }}
           MULTI_AZ: ${{ inputs.multiAz }}
           REPLICAS: ${{ inputs.replicas }}
-          MACHINE_CIDR: ${{ inputs.machineCidr }}
 
       - name: Archive ROSA logs
         uses: actions/upload-artifact@v3

diff --git a/doc/kubernetes/modules/ROOT/pages/prerequisite/prerequisite-rosa.adoc b/doc/kubernetes/modules/ROOT/pages/prerequisite/prerequisite-rosa.adoc
@@ -67,8 +67,6 @@ If not set, the value of the `$(whoami)` command will be used.
 If not set, it is obtained from AWS Secrets Manager secret equal to `KEYCLOAK_MASTER_PASSWORD_SECRET_NAME` parameter.
 `KEYCLOAK_MASTER_PASSWORD_SECRET_NAME`:: Name of the AWS Secrets Manager secret containing the password for the `cluster-admin` user.
 Defaults to `keycloak-master-password`.
-`MACHINE_CIDR`:: Machine CIDR field, you must specify the IP address range for machines or cluster nodes.
-This range must encompass all CIDR address ranges for your virtual private cloud (VPC) subnets. Defaults to `10.0.0.0/16`.
 
 == Finding URLs
 

diff --git a/provision/aws/rosa_create_cluster.sh b/provision/aws/rosa_create_cluster.sh
@@ -33,7 +33,7 @@ else
 
   echo "Installing ROSA cluster ${CLUSTER_NAME}"
 
-  MACHINE_CIDR=${MACHINE_CIDR:-"10.0.0.0/16"}
+  MACHINE_CIDR=$(./rosa_machine_cidr.sh)
 
   ROSA_CMD="rosa create cluster \
   --sts \

diff --git a/provision/aws/rosa_machine_cidr.sh b/provision/aws/rosa_machine_cidr.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+set -e
+
+if [[ "$RUNNER_DEBUG" == "1" ]]; then
+  set -x
+fi
+
+# https://access.redhat.com/documentation/en-us/red_hat_openshift_service_on_aws/4/html/networking/cidr-range-definitions
+# Must not overlap with Pod CDR: 10.128.0.0/14
+# Must not overlap with OVN Kubernetes: 100.64.0.0/16
+
+EXISTING_MACHINE_CIDRS=$(rosa list clusters -o json | jq -r ".[].network.machine_cidr" | sort -u)
+
+if (( $(echo ${EXISTING_MACHINE_CIDRS} | wc -l) > 63 )); then
+  echo "Maximum number of unique machine CIDRS reached"
+  echo ${EXISTING_MACHINE_CIDRS}
+  exit 1
+fi
+
+while true; do
+  CIDR="10.0.$(shuf -i 0-63 -n 1).0/24"
+  if [[ "${EXISTING_MACHINE_CIDRS}" != *"${CIDR}"* ]]; then
+    break
+  fi
+done
+echo ${CIDR}