Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This WIP PR separates cluster/bootstrap concerns and optional components out of this repo so the remaining installer is centered on deploying Ascender onto an existing Kubernetes cluster.
Changes:
- Removes in-repo cluster provisioning/bootstrap logic, especially platform-specific
k8s_setupand cloud/IaC assets. - Removes Ledger and Ascender React installation paths, templates, defaults, and bundle contents.
- Updates top-level docs and sample configs to describe an Ascender-only installer.
Reviewed changes
Copilot reviewed 80 out of 81 changed files in this pull request and generated 9 comments.
Show a summary per file
| File | Description |
|---|---|
| README.md | Reframes installer as Ascender-only and existing-cluster focused. |
| playbooks/setup.yml | Stops importing React and Ledger install playbooks. |
| playbooks/roles/ledger_install/templates/ledger_deployment_rke2.yaml | Deletes Ledger RKE2 manifest template. |
| playbooks/roles/ledger_install/templates/ledger_deployment_registry_secret.yaml | Deletes Ledger registry secret template. |
| playbooks/roles/ledger_install/templates/ledger_deployment_gke.yaml | Deletes Ledger GKE manifest template. |
| playbooks/roles/ledger_install/templates/ledger_deployment_eks.yaml | Deletes Ledger EKS manifest template. |
| playbooks/roles/ledger_install/templates/ledger_deployment_dkp.yaml | Deletes Ledger DKP manifest template. |
| playbooks/roles/ledger_install/templates/ledger_deployment_aks.yaml | Deletes Ledger AKS manifest template. |
| playbooks/roles/ledger_install/tasks/ledger_install_rke2.yml | Deletes Ledger RKE2 install role tasks. |
| playbooks/roles/ledger_install/tasks/ledger_install_ocp.yml | Deletes Ledger OCP install role tasks. |
| playbooks/roles/ledger_install/tasks/ledger_install_k3s.yml | Deletes Ledger K3s install role tasks. |
| playbooks/roles/ledger_install/tasks/ledger_install_gke.yml | Deletes Ledger GKE install role tasks. |
| playbooks/roles/ledger_install/tasks/ledger_install_eks.yml | Deletes Ledger EKS install role tasks. |
| playbooks/roles/ledger_install/tasks/ledger_install_dkp.yml | Deletes Ledger DKP install role tasks. |
| playbooks/roles/ledger_install/tasks/ledger_install_aks.yml | Deletes Ledger AKS install role tasks. |
| playbooks/roles/ledger_install/defaults/main.yml | Deletes Ledger defaults. |
| playbooks/roles/k8s_setup/templates/eks/storage/io2.yml | Deletes EKS storage-class template. |
| playbooks/roles/k8s_setup/templates/eks/storage/gp3.yml | Deletes EKS storage-class template. |
| playbooks/roles/k8s_setup/templates/eks/storage/gp2.yml | Deletes EKS storage-class template. |
| playbooks/roles/k8s_setup/templates/eks/NodeConfig.yml | Deletes EKS node bootstrap template. |
| playbooks/roles/k8s_setup/templates/eks/ingress-class-params.yml | Deletes EKS ingress-class template. |
| playbooks/roles/k8s_setup/templates/eks/iam-policy.json | Deletes EKS IAM policy template. |
| playbooks/roles/k8s_setup/templates/eks/eks-cluster-manifest.yml | Deletes EKS cluster manifest template. |
| playbooks/roles/k8s_setup/templates/eks/ebs-scsi-driver-role.json | Deletes EKS EBS CSI role template. |
| playbooks/roles/k8s_setup/templates/eks/ebs-scsi-driver-policy.json | Deletes EKS EBS CSI policy template. |
| playbooks/roles/k8s_setup/tasks/k8s_setup_rke2.yml | Deletes RKE2 bootstrap/access tasks. |
| playbooks/roles/k8s_setup/tasks/k8s_setup_ocp.yml | Deletes OCP bootstrap/access tasks. |
| playbooks/roles/k8s_setup/tasks/k8s_setup_k3s.yml | Deletes K3s bootstrap/access tasks. |
| playbooks/roles/k8s_setup/tasks/k8s_setup_gke.yml | Deletes GKE bootstrap/provision tasks. |
| playbooks/roles/k8s_setup/tasks/k8s_setup_eks.yml | Deletes EKS bootstrap/configure tasks. |
| playbooks/roles/k8s_setup/tasks/k8s_setup_eks_provision.yml | Deletes EKS provisioning tasks. |
| playbooks/roles/k8s_setup/tasks/k8s_setup_dkp.yml | Deletes DKP bootstrap/access tasks. |
| playbooks/roles/k8s_setup/tasks/k8s_setup_aks.yml | Deletes AKS bootstrap/provision tasks. |
| playbooks/roles/k8s_setup/files/gke_deploy/vars.tf | Deletes GKE Terraform variables. |
| playbooks/roles/k8s_setup/files/gke_deploy/providers.tf | Deletes GKE Terraform providers. |
| playbooks/roles/k8s_setup/files/gke_deploy/main.tf | Deletes GKE Terraform cluster definition. |
| playbooks/roles/k8s_setup/files/aks_deploy/vars.tf | Deletes AKS Terraform variables. |
| playbooks/roles/k8s_setup/files/aks_deploy/providers.tf | Deletes AKS Terraform providers. |
| playbooks/roles/k8s_setup/files/aks_deploy/main.tf | Deletes AKS Terraform cluster definition. |
| playbooks/roles/ascender_react/templates/react-deployment/react-deployment-k3s.yml | Deletes React K3s deployment template. |
| playbooks/roles/ascender_react/templates/react-deployment/react-deployment-gke.yml | Deletes React GKE deployment template. |
| playbooks/roles/ascender_react/templates/react-deployment/react-deployment-eks.yml | Deletes React EKS deployment template. |
| playbooks/roles/ascender_react/templates/react-deployment/react-deployment-aks.yml | Deletes React AKS deployment template. |
| playbooks/roles/ascender_react/templates/eda-operator/kustomization.j2 | Deletes React operator kustomization. |
| playbooks/roles/ascender_react/tasks/react_install_k3s.yml | Deletes React K3s install tasks. |
| playbooks/roles/ascender_react/tasks/react_install_gke.yml | Deletes React GKE install tasks. |
| playbooks/roles/ascender_react/tasks/react_install_eks.yml | Deletes React EKS install tasks. |
| playbooks/roles/ascender_react/tasks/react_install_aks.yml | Deletes React AKS install tasks. |
| playbooks/kubernetes_setup.yml | Reduces Kubernetes setup phase to common prerequisites only. |
| playbooks/install_react.yml | Deletes top-level React playbook. |
| playbooks/install_ledger.yml | Deletes top-level Ledger playbook. |
| playbooks/group_vars/all.yml | Removes Ledger/cluster-bootstrap defaults from shared vars. |
| playbooks/create_bundle.yml | Removes Ledger images from bundle/push flow. |
| playbooks/assertions.yml | Simplifies assertions for Ascender-only installs. |
| playbooks/apply_cloud_permissions.yml | Deletes cloud-permissions playbook. |
| docs/README.md | Removes Ledger references from docs index. |
| docs/issues/kubeconfig_missing.md | Rewrites troubleshooting for external cluster installer usage. |
| docs/installation/rke2/rke2.default.config.yml | Removes Ledger/bootstrap settings from RKE2 sample config. |
| docs/installation/rke2/README.md | Updates RKE2 guide for Ascender-only scope. |
| docs/installation/ocp/README.md | Updates OCP guide for Ascender-only scope. |
| docs/installation/ocp/ocp.basic.config.yml | Removes Ledger/bootstrap settings from OCP sample config. |
| docs/installation/k3s/README.md | Updates K3s guide for Ascender-only scope. |
| docs/installation/k3s/k3s/k3s.basic.config.yml | Removes Ledger/bootstrap settings from K3s sample config. |
| docs/installation/k3s/k3s.offline.default.config.yml | Removes Ledger/bootstrap settings from offline K3s config. |
| docs/installation/k3s/k3s.default.config.yml | Removes Ledger/bootstrap settings from K3s default config. |
| docs/installation/k3s/k3s.basic.config.yml | Removes Ledger/bootstrap settings from K3s basic config. |
| docs/installation/gke/README.md | Updates GKE guide for Ascender-only scope. |
| docs/installation/gke/gke.custom.config.yml | Removes cluster/bootstrap and Ledger settings from GKE sample config. |
| docs/installation/eks/README.md | Updates EKS guide for Ascender-only scope. |
| docs/installation/eks/eks.custom.config.yml | Removes cluster/bootstrap and Ledger settings from EKS sample config. |
| docs/installation/dkp/dkp.default.config.yml | Removes Ledger settings from DKP sample config. |
| docs/installation/aks/README.md | Updates AKS guide for Ascender-only scope. |
| docs/installation/aks/aks.custom.config.yml | Removes cluster/bootstrap and Ledger settings from AKS sample config. |
| docs/configuration/upgrading.md | Removes old bootstrap-related upgrade guidance. |
| docs/configuration/uninstall.md | Narrows uninstall guide to Ascender only. |
| default.config.yml | Removes cluster-bootstrap and Ledger defaults from main config. |
Comments suppressed due to low confidence (3)
playbooks/apply_cloud_permissions.yml:1
- Deleting this playbook breaks the
setup.sh -ppath:setup.shstill unconditionally runsplaybooks/apply_cloud_permissions.yml, so that command now fails immediately with a missing-playbook error.
default.config.yml:42 setup.shfalls back todefault.config.ymlwhen no custom config exists, and this file still defaultsk8s_platformtoeks. Removing the EKS defaults here means a stock install now reachesascender_install_eks.ymlwith required variables likeEKS_CLUSTER_REGION,EKS_CLUSTER_NAME,EKS_PUBLIC,EKS_SSL_POLICY,EKS_ALB_INBOUND_CIDRS, andUSE_ROUTE_53undefined, so the default setup path will fail before the manifest is even rendered.
# ---Local artifact variables---
# TLS Certificate file, required when deploying HTTPS in K3s
tls_crt_path: "~/ascender.crt"
docs/installation/eks/eks.custom.config.yml:14
- This template no longer includes the EKS settings that the install playbook still dereferences (
EKS_CLUSTER_NAME,EKS_CLUSTER_REGION,EKS_PUBLIC,EKS_SSL_POLICY,EKS_ALB_INBOUND_CIDRS, and oftenUSE_ROUTE_53). Users who follow this example will end up with an incompletecustom.config.ymland hit undefined-variable failures duringascender_install_eks.yml.
# ---Local artifact variables---
# TLS Certificate file, required when deploying HTTPS in K3s
tls_crt_path: "~/ascender.crt"
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
17
to
19
| - name: "Install prerequisite packages on localhost" | ||
| ansible.builtin.include_role: | ||
| name: common |
| @@ -17,24 +17,3 @@ | |||
| - name: "Install prerequisite packages on localhost" | |||
| ansible.builtin.include_role: | |||
| name: common | |||
| #### AWS Certificate Manager | ||
|
|
||
| Before configuring the installer, you must create an SSL certificate in [AWS Certificate Manager](https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html) (ACM) in the same region as your EKS cluster. The certificate should cover the hostnames you plan to use for Ascender and Ledger (e.g., `ascender.example.com` and `ledger.example.com`). If you plan to use the Automation Mesh feature to deploy external execution nodes, the certificate should also include the mesh hostname (e.g., `mesh.ascender.example.com`). Using a wildcard certificate (e.g., `*.example.com`) is recommended to cover all components. The ARN of this certificate will be used for the `EKS_SSL_CERT` variable in the configuration step below. | ||
| Before configuring the installer, you must create an SSL certificate in [AWS Certificate Manager](https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html) (ACM) in the same region as your EKS cluster. The certificate should cover the hostnames you plan to use for Ascender (e.g., `ascender.example.com`). If you plan to use the Automation Mesh feature to deploy external execution nodes, the certificate should also include the mesh hostname (e.g., `mesh.ascender.example.com`). Using a wildcard certificate (e.g., `*.example.com`) is recommended to cover all components. The ARN of this certificate will be used for the `EKS_SSL_CERT` variable in the configuration step below. |
| - `k8s_protocol`: Determines whether to use HTTP or HTTPS for Ascender. | ||
| - AKS_K8S_VERSION: The kubernetes version for the aks cluster; available kubernetes versions can be found here: [Supported Kubernetes versions in AKS](https://learn.microsoft.com/en-us/azure/aks/supported-kubernetes-versions?tabs=azure-cli) | ||
| - `USE_AZURE_DNS`: Determines whether to use Route53's Domain Management, or a third-party service such as Cloudflare, or GoDaddy. If this value is set to false, you will have to manually set a CNAME record for `ASCENDER_HOSTNAME` and `LEDGER_HOSTNAME` to point to the AWS Loadbalancers that the installer creates. | ||
| - `USE_AZURE_DNS`: Determines whether to use Route53's Domain Management, or a third-party service such as Cloudflare, or GoDaddy. If this value is set to false, you will have to manually set a CNAME record for `ASCENDER_HOSTNAME` to point to the AWS Loadbalancers that the installer creates. |
| - `k8s_platform`: This variable specificies which Kubernetes platform Ascender and its components will be installed on. | ||
| - `k8s_lb_protocol`: For EKS is this ignored, it will always use https for Ascender running on EKS. | ||
| - `USE_ROUTE_53`: Determines whether to use Route53's Domain Management, or a third-party service such as Cloudflare, or GoDaddy. If this value is set to false, you will have to manually set a CNAME record for `ASCENDER_HOSTNAME` and `LEDGER_HOSTNAME` to point to the AWS Loadbalancers that the installer creates. | ||
| - `USE_ROUTE_53`: Determines whether to use Route53's Domain Management, or a third-party service such as Cloudflare, or GoDaddy. If this value is set to false, you will have to manually set a CNAME record for `ASCENDER_HOSTNAME` to point to the AWS Loadbalancers that the installer creates. |
| that: | ||
| - ansible_processor_vcpus >= 2 | ||
| - ansible_memtotal_mb >= 3500 | ||
| fail_msg: "K3s server requires at least 2 vCPUs and 4000 MB of memory; target server has {{ ansible_processor_vcpus }} vCPUs and {{ ansible_memtotal_mb }} MBs of memory" |
|
|
||
| - `k8s_platform`: This variable specificies which Kubernetes platform Ascender and its components will be installed on. | ||
| - `k8s_protocol`: Determines whether to use HTTP or HTTPS for Ascender and Ledger. | ||
| - `k8s_protocol`: Determines whether to use HTTP or HTTPS for Ascender. |
|
|
||
| - `k8s_platform`: This variable specificies which Kubernetes platform Ascender and its components will be installed on. | ||
| - `k8s_protocol`: Determines whether to use HTTP or HTTPS for Ascender and Ledger. | ||
| - `k8s_protocol`: Determines whether to use HTTP or HTTPS for Ascender. |
| For certain Kubernetes platforms (such as k3s, kubeadm, rke2), the Ascender installer supports installation for clusters that do not have outside internet access. In these cases, you can either use: | ||
| - An included bundle of container images (this is the case for k3s) | ||
| - Move the Ascender and Ledger container images into an internal container registry for the installer to consume (this is the case for rke2 and kubeadm) | ||
| - Move the Ascender container images into an internal container registry for the installer to consume (this is the case for rke2 and kubeadm) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
We are splitting the Ascender installation and the Cluster installation into separate repos. This will simplify the installer a bit, and help with upgrades, as the cluster installation only ever needs to be run once.
Also all non-Open Source installation will be removed and will be migrated to an internal customer repo.