From 324609963ff3f864813c4dcc139ebe2806e80060 Mon Sep 17 00:00:00 2001 From: Gerd Oberlechner Date: Fri, 20 Dec 2024 12:54:39 +0100 Subject: [PATCH 1/2] CS pipeline.yaml Signed-off-by: Gerd Oberlechner --- cluster-service/Makefile | 42 +++++--- cluster-service/config.tmpl.mk | 39 -------- .../deploy/helm/azuredb.values.yaml | 6 ++ .../deploy/helm/containerdb.values.yaml | 6 ++ ...s-managed-identities-config.configmap.yaml | 81 +++++++++++++++- .../deploy/helm/templates/deployment.yaml | 8 ++ cluster-service/deploy/helm/values.yaml | 20 +++- cluster-service/pipeline.yaml | 87 +++++++++++++++++ config/config.msft.yaml | 13 +++ config/config.schema.json | 47 ++++++++- config/config.yaml | 96 +++---------------- config/public-cloud-cs-pr.json | 21 +++- config/public-cloud-dev.json | 21 +++- config/public-cloud-msft-int.json | 20 ++++ config/public-cloud-personal-dev.json | 21 +++- tooling/templatize/pkg/pipeline/shell.go | 3 + 16 files changed, 389 insertions(+), 142 deletions(-) delete mode 100644 cluster-service/config.tmpl.mk create mode 100644 cluster-service/deploy/helm/azuredb.values.yaml create mode 100644 cluster-service/deploy/helm/containerdb.values.yaml create mode 100644 cluster-service/pipeline.yaml diff --git a/cluster-service/Makefile b/cluster-service/Makefile index 67728090e..072ef98b7 100644 --- a/cluster-service/Makefile +++ b/cluster-service/Makefile @@ -1,7 +1,7 @@ -SHELL = /bin/bash -DEPLOY_ENV ?= personal-dev -$(shell ../templatize.sh $(DEPLOY_ENV) config.tmpl.mk config.mk) -include config.mk +-include ../setup-env.mk + +ZONE_NAME ?= "${REGIONAL_DNS_SUBDOMAIN}.${BASE_DNS_ZONE_NAME}" + deploy: provision-shard @ISTO_VERSION=$(shell az aks show -n ${AKS_NAME} -g ${RESOURCEGROUP} --query serviceMeshProfile.istio.revisions[-1] -o tsv) && \ @@ -14,8 +14,17 @@ deploy: provision-shard OIDC_ISSUER_BASE_ENDPOINT=$(shell az storage account show -n ${OIDC_STORAGE_ACCOUNT} -g ${RESOURCEGROUP} --query primaryEndpoints.web -o tsv) && \ OCP_ACR_URL=$(shell az acr show -n ${OCP_ACR_NAME} --query loginServer -o tsv) && \ OCP_ACR_RESOURCE_ID=$(shell az acr show -n ${OCP_ACR_NAME} --query id -o tsv) && \ - helm upgrade --install cluster-service --namespace cluster-service \ - deploy/helm/ \ + DB_HOST=$$(if [ "${USE_AZURE_DB}" = "true" ]; then az postgres flexible-server show -g ${RESOURCEGROUP} -n ${DATABASE_SERVER_NAME} --query fullyQualifiedDomainName -o tsv; else echo "ocm-cs-db"; fi) && \ + OVERRIDES=$$(if [ "${USE_AZURE_DB}" = "true" ]; then echo "azuredb.values.yaml"; else echo "containerdb.values.yaml"; fi) && \ + OP_CLOUD_CONTROLLER_MANAGER_ROLE_ID=$(shell az role definition list --name "${OP_CLOUD_CONTROLLER_MANAGER_ROLE_NAME}" --query "[].name" -o tsv) && \ + OP_INGRESS_ROLE_ID=$(shell az role definition list --name "${OP_INGRESS_ROLE_NAME}" --query "[].name" -o tsv) && \ + OP_DISK_CSI_DRIVER_ROLE_ID=$(shell az role definition list --name "${OP_DISK_CSI_DRIVER_ROLE_NAME}" --query "[].name" -o tsv) && \ + OP_FILE_CSI_DRIVER_ROLE_ID=$(shell az role definition list --name "${OP_FILE_CSI_DRIVER_ROLE_NAME}" --query "[].name" -o tsv) && \ + OP_IMAGE_REGISTRY_DRIVER_ROLE_ID=$(shell az role definition list --name "${OP_IMAGE_REGISTRY_DRIVER_ROLE_NAME}" --query "[].name" -o tsv) && \ + OP_CLOUD_NETWORK_CONFIG_ROLE_ID=$(shell az role definition list --name "${OP_CLOUD_NETWORK_CONFIG_ROLE_NAME}" --query "[].name" -o tsv) && \ + helm upgrade --install --wait ${HELM_DRY_RUN} cluster-service deploy/helm \ + --namespace cluster-service \ + -f deploy/helm/$${OVERRIDES} \ --set azureCsMiClientId=$${AZURE_CS_MI_CLIENT_ID} \ --set oidcIssuerBlobServiceUrl=$${OIDC_BLOB_SERVICE_ENDPOINT} \ --set oidcIssuerBaseUrl=$${OIDC_ISSUER_BASE_ENDPOINT} \ @@ -30,21 +39,26 @@ deploy: provision-shard --set fpaCertName=${FPA_CERT_NAME} \ --set ocpAcrResourceId=$${OCP_ACR_RESOURCE_ID} \ --set ocpAcrUrl=$${OCP_ACR_URL} \ - --set databaseDisableTls=${DATABASE_DISABLE_TLS} \ - --set databaseAuthMethod=${DATABASE_AUTH_METHOD} \ --set provisionShardsConfig="$(shell base64 -i deploy/provisioning-shards.yml | tr -d '\n')" \ - --set deployLocalDatabase=${DEPLOY_LOCAL_DB} \ - --set databaseHost=${DB_HOST} \ - --set databaseName=${DB_NAME} \ - --set databaseUser=${DB_USERNAME} \ - --set databasePassword=${DB_PASSWORD} \ + --set databaseHost=$${DB_HOST} \ --set azureMiMockServicePrincipalPrincipalId=${AZURE_MI_MOCK_SERVICE_PRINCIPAL_PRINCIPAL_ID} \ --set azureMiMockServicePrincipalClientId=${AZURE_MI_MOCK_SERVICE_PRINCIPAL_CLIENT_ID} \ --set azureMiMockServicePrincipalCertName=${MI_MOCK_SERVICE_PRINCIPAL_CERT_NAME} \ --set azureArmHelperIdentityCertName=${ARM_HELPER_CERT_NAME} \ --set azureArmHelperIdentityClientId=${AZURE_ARM_HELPER_IDENTITY_CLIENT_ID} \ --set azureArmHelperMockFpaPrincipalId=${AZURE_ARM_HELPER_MOCK_FPA_PRINCIPAL_ID} \ - --set azureOperatorsManagedIdentitiesConfig=${AZURE_OPERATORS_MANAGED_IDENTITIES_CONFIG} + --set azureOperatorsMI.cloudControllerManager.roleName="${OP_CLOUD_CONTROLLER_MANAGER_ROLE_NAME}" \ + --set azureOperatorsMI.cloudControllerManager.roleId="$${OP_CLOUD_CONTROLLER_MANAGER_ROLE_ID}" \ + --set azureOperatorsMI.ingress.roleName="${OP_INGRESS_ROLE_NAME}" \ + --set azureOperatorsMI.ingress.roleId="$${OP_INGRESS_ROLE_ID}" \ + --set azureOperatorsMI.diskCsiDriver.roleName="${OP_DISK_CSI_DRIVER_ROLE_NAME}" \ + --set azureOperatorsMI.diskCsiDriver.roleId="$${OP_DISK_CSI_DRIVER_ROLE_ID}" \ + --set azureOperatorsMI.fileCsiDriver.roleName="${OP_FILE_CSI_DRIVER_ROLE_NAME}" \ + --set azureOperatorsMI.fileCsiDriver.roleId="$${OP_FILE_CSI_DRIVER_ROLE_ID}" \ + --set azureOperatorsMI.imageRegistry.roleName="${OP_IMAGE_REGISTRY_DRIVER_ROLE_NAME}" \ + --set azureOperatorsMI.imageRegistry.roleId="$${OP_IMAGE_REGISTRY_DRIVER_ROLE_ID}" \ + --set azureOperatorsMI.cloudNetworkConfig.roleName="${OP_CLOUD_NETWORK_CONFIG_ROLE_NAME}" \ + --set azureOperatorsMI.cloudNetworkConfig.roleId="$${OP_CLOUD_NETWORK_CONFIG_ROLE_ID}" deploy-pr-env-deps: AZURE_CS_MI_CLIENT_ID=$(shell az identity show -g ${RESOURCEGROUP} -n clusters-service --query clientId -o tsv) && \ diff --git a/cluster-service/config.tmpl.mk b/cluster-service/config.tmpl.mk deleted file mode 100644 index 558c1d649..000000000 --- a/cluster-service/config.tmpl.mk +++ /dev/null @@ -1,39 +0,0 @@ -REGION ?= {{ .region }} -CONSUMER_NAME ?= {{ .maestro.consumerName }} -RESOURCEGROUP ?= {{ .svc.rg }} -REGIONAL_RESOURCEGROUP ?= {{ .regionRG }} -AKS_NAME ?= {{ .aksName }} -SERVICE_KV ?= {{ .serviceKeyVault.name }} -OIDC_STORAGE_ACCOUNT ?= {{ .oidcStorageAccountName }} -IMAGE_REPO ?= {{ .clusterService.imageRepo }} -IMAGE_TAG ?= {{ .clusterService.imageTag }} -ACR_NAME ?= {{ .svcAcrName }} -OCP_ACR_NAME ?= {{ .ocpAcrName }} -AZURE_FIRST_PARTY_APPLICATION_CLIENT_ID ?= {{ .firstPartyAppClientId }} -FPA_CERT_NAME ?= firstPartyCert -AZURE_MI_MOCK_SERVICE_PRINCIPAL_PRINCIPAL_ID ?= {{ .miMockPrincipalId }} -AZURE_MI_MOCK_SERVICE_PRINCIPAL_CLIENT_ID ?= {{ .miMockClientId }} -AZURE_ARM_HELPER_IDENTITY_CLIENT_ID ?= {{ .armHelperClientId }} -AZURE_ARM_HELPER_MOCK_FPA_PRINCIPAL_ID ?= {{ .armHelperFPAPrincipalId }} -MI_MOCK_SERVICE_PRINCIPAL_CERT_NAME ?= msiMockCert -ARM_HELPER_CERT_NAME ?= armHelperCert -ZONE_NAME ?= {{ .regionalDNSSubdomain }}.{{ .baseDnsZoneName }} - -DATABASE_DISABLE_TLS ?= {{ not .clusterService.postgres.deploy }} -DATABASE_AUTH_METHOD ?= {{ ternary "az-entra" "postgres" .clusterService.postgres.deploy }} -DATABASE_SERVER_NAME ?= {{ .clusterService.postgres.name }} -DB_SECRET_TARGET = {{ ternary "deploy-azure-db-secret" "deploy-local-db-secret" .clusterService.postgres.deploy }} -DEPLOY_LOCAL_DB ?= {{ ternary "false" "true" .clusterService.postgres.deploy }} -DB_HOST ?= {{ ternary "$(shell az postgres flexible-server show --resource-group ${RESOURCEGROUP} -n ${DATABASE_SERVER_NAME} --query fullyQualifiedDomainName -o tsv)" "ocm-cs-db" .clusterService.postgres.deploy }} -DB_NAME ?= {{ ternary "clusters-service" "ocm-cs-db" .clusterService.postgres.deploy }} -DB_USERNAME ?= {{ ternary "clusters-service" "ocm" .clusterService.postgres.deploy }} -DB_PASSWORD ?= {{ ternary "" "TheBlurstOfTimes" .clusterService.postgres.deploy }} - -DEVOPS_MSI_ID ?= {{ .aroDevopsMsiId }} - -# MGMT CLUSTER KVs -MGMT_RESOURCEGROUP ?= {{ .mgmt.rg }} -CX_SECRETS_KV_NAME ?= {{ .cxKeyVault.name }} -CX_MI_KV_NAME ?= {{ .msiKeyVault.name }} - -AZURE_OPERATORS_MANAGED_IDENTITIES_CONFIG ?= {{ .clusterService.azureOperatorsManagedIdentitiesConfig | b64enc }} \ No newline at end of file diff --git a/cluster-service/deploy/helm/azuredb.values.yaml b/cluster-service/deploy/helm/azuredb.values.yaml new file mode 100644 index 000000000..6278ef61e --- /dev/null +++ b/cluster-service/deploy/helm/azuredb.values.yaml @@ -0,0 +1,6 @@ +databaseDisableTls: false +databaseAuthMethod: az-entra +deployLocalDatabase: false +databaseName: clusters-service +databaseUser: clusters-service +databasePassword: '' diff --git a/cluster-service/deploy/helm/containerdb.values.yaml b/cluster-service/deploy/helm/containerdb.values.yaml new file mode 100644 index 000000000..0b814b1b2 --- /dev/null +++ b/cluster-service/deploy/helm/containerdb.values.yaml @@ -0,0 +1,6 @@ +databaseDisableTls: true +databaseAuthMethod: postgres +deployLocalDatabase: true +databaseName: ocm-cs-db +databaseUser: ocm +databasePassword: TheBlurstOfTimes diff --git a/cluster-service/deploy/helm/templates/azure-operators-managed-identities-config.configmap.yaml b/cluster-service/deploy/helm/templates/azure-operators-managed-identities-config.configmap.yaml index fb22618ba..42343c7ec 100644 --- a/cluster-service/deploy/helm/templates/azure-operators-managed-identities-config.configmap.yaml +++ b/cluster-service/deploy/helm/templates/azure-operators-managed-identities-config.configmap.yaml @@ -6,4 +6,83 @@ metadata: namespace: {{ .Release.Namespace }} data: azure-operators-managed-identities-config.yaml: | -{{ .Values.azureOperatorsManagedIdentitiesConfig | b64dec | indent 4 }} + controlPlaneOperatorsIdentities: + cloud-controller-manager: + minOpenShiftVersion: 4.17 + azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/{{ .Values.azureOperatorsMI.cloudControllerManager.roleId }}' + azureRoleDefinitionName: '{{ .Values.azureOperatorsMI.cloudControllerManager.roleName }}' + optional: false + ingress: + minOpenShiftVersion: 4.17 + azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/{{ .Values.azureOperatorsMI.ingress.roleId }}' + azureRoleDefinitionName: '{{ .Values.azureOperatorsMI.ingress.roleName }}' + optional: false + disk-csi-driver: + minOpenShiftVersion: 4.17 + azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/{{ .Values.azureOperatorsMI.diskCsiDriver.roleId }}' + azureRoleDefinitionName: '{{ .Values.azureOperatorsMI.diskCsiDriver.roleName }}' + optional: false + file-csi-driver: + minOpenShiftVersion: 4.17 + azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/{{ .Values.azureOperatorsMI.fileCsiDriver.roleId }}' + azureRoleDefinitionName: '{{ .Values.azureOperatorsMI.fileCsiDriver.roleName }}' + optional: false + image-registry: + minOpenShiftVersion: 4.17 + azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/{{ .Values.azureOperatorsMI.imageRegistry.roleId }}' + azureRoleDefinitionName: '{{ .Values.azureOperatorsMI.imageRegistry.roleName }}' + optional: false + cloud-network-config: + minOpenShiftVersion: 4.17 + azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/{{ .Values.azureOperatorsMI.cloudNetworkConfig.roleId }}' + azureRoleDefinitionName: '{{ .Values.azureOperatorsMI.cloudNetworkConfig.roleName }}' + optional: false + dataPlaneOperatorsIdentities: + disk-csi-driver: + minOpenShiftVersion: 4.17 + azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/{{ .Values.azureOperatorsMI.diskCsiDriver.roleId }}' + azureRoleDefinitionName: '{{ .Values.azureOperatorsMI.diskCsiDriver.roleName }}' + k8sServiceAccounts: + - name: 'azure-disk-csi-driver-operator' + namespace: 'openshift-cluster-csi-drivers' + - name: 'azure-disk-csi-driver-controller-sa' + namespace: 'openshift-cluster-csi-drivers' + optional: false + image-registry: + minOpenShiftVersion: 4.17 + azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/{{ .Values.azureOperatorsMI.imageRegistry.roleId }}' + azureRoleDefinitionName: '{{ .Values.azureOperatorsMI.imageRegistry.roleName }}' + k8sServiceAccounts: + - name: 'cluster-image-registry-operator' + namespace: 'openshift-image-registry' + - name: 'registry' + namespace: 'openshift-image-registry' + optional: false + file-csi-driver: + minOpenShiftVersion: 4.17 + azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/{{ .Values.azureOperatorsMI.fileCsiDriver.roleId }}' + azureRoleDefinitionName: '{{ .Values.azureOperatorsMI.fileCsiDriver.roleName }}' + k8sServiceAccounts: + - name: 'azure-file-csi-driver-operator' + namespace: 'openshift-cluster-csi-drivers' + - name: 'azure-file-csi-driver-controller-sa' + namespace: 'openshift-cluster-csi-drivers' + - name: 'azure-file-csi-driver-node-sa' + namespace: 'openshift-cluster-csi-drivers' + optional: false + ingress: + minOpenShiftVersion: 4.17 + azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/{{ .Values.azureOperatorsMI.ingress.roleId }}' + azureRoleDefinitionName: '{{ .Values.azureOperatorsMI.ingress.roleName }}' + k8sServiceAccounts: + - name: 'ingress-operator' + namespace: 'openshift-ingress-operator' + optional: false + cloud-network-config: + minOpenShiftVersion: 4.17 + azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/{{ .Values.azureOperatorsMI.cloudNetworkConfig.roleId }}' + azureRoleDefinitionName: '{{ .Values.azureOperatorsMI.cloudNetworkConfig.roleName }}' + k8sServiceAccounts: + - name: 'cloud-network-config-controller' + namespace: 'openshift-cloud-network-config-controller' + optional: false diff --git a/cluster-service/deploy/helm/templates/deployment.yaml b/cluster-service/deploy/helm/templates/deployment.yaml index 38542ebbe..0ebc9e23e 100644 --- a/cluster-service/deploy/helm/templates/deployment.yaml +++ b/cluster-service/deploy/helm/templates/deployment.yaml @@ -16,6 +16,14 @@ spec: labels: app: clusters-service azure.workload.identity/use: "true" + annotations: + checksum/db: {{ include (print $.Template.BasePath "/database.secret.yaml") . | sha256sum }} + checksum/azurecreds: {{ include (print $.Template.BasePath "/azure-credentials.secret.yaml") . | sha256sum }} + checksum/operatorcfg: {{ include (print $.Template.BasePath "/azure-operators-managed-identities-config.configmap.yaml") . | sha256sum }} + checksum/cskv: {{ include (print $.Template.BasePath "/cs-keyvault.secret.yaml") . | sha256sum }} + checksum/provisionshard: {{ include (print $.Template.BasePath "/provisioning-shards.secret.yaml") . | sha256sum }} + checksum/cs: {{ include (print $.Template.BasePath "/clusters-service.secret.yaml") . | sha256sum }} + checksum/runtime: {{ include (print $.Template.BasePath "/azure-runtime-config.configmap.yaml") . | sha256sum }} spec: serviceAccount: clusters-service serviceAccountName: clusters-service diff --git a/cluster-service/deploy/helm/values.yaml b/cluster-service/deploy/helm/values.yaml index 187290670..3ffaeaaad 100644 --- a/cluster-service/deploy/helm/values.yaml +++ b/cluster-service/deploy/helm/values.yaml @@ -262,4 +262,22 @@ databasePort: "5432" managedIdentitiesDataPlaneAudienceResource: "https://dummy.org" # The Azure Operator Managed Identities. -azureOperatorsManagedIdentitiesConfig: "" +azureOperatorsMI: + cloudControllerManager: + roleName: '' + roleId: '' + ingress: + roleName: '' + roleId: '' + diskCsiDriver: + roleName: '' + roleId: '' + fileCsiDriver: + roleName: '' + roleId: '' + imageRegistry: + roleName: '' + roleId: '' + cloudNetworkConfig: + roleName: '' + roleId: '' diff --git a/cluster-service/pipeline.yaml b/cluster-service/pipeline.yaml new file mode 100644 index 000000000..e30f15e91 --- /dev/null +++ b/cluster-service/pipeline.yaml @@ -0,0 +1,87 @@ +$schema: "pipeline.schema.v1" +serviceGroup: Microsoft.Azure.ARO.HCP.ClusterService +rolloutName: Cluster Service Rollout +resourceGroups: +- name: {{ .svc.rg }} + subscription: {{ .svc.subscription }} + aksCluster: {{ .aksName }} + steps: + - name: deploy + action: Shell + command: make deploy + dryRun: + variables: + - name: HELM_DRY_RUN + value: "--dry-run=server --debug" + - name: KUBECTL_DRY_RUN + value: "--dry-run=server" + variables: + - name: REGION + configRef: region + - name: RESOURCEGROUP + configRef: svc.rg + - name: AKS_NAME + configRef: aksName + - name: SERVICE_KV + configRef: serviceKeyVault.name + - name: OIDC_STORAGE_ACCOUNT + configRef: oidcStorageAccountName + - name: IMAGE_REPO + configRef: clusterService.imageRepo + - name: IMAGE_TAG + configRef: clusterService.imageTag + - name: ACR_NAME + configRef: svcAcrName + - name: OCP_ACR_NAME + configRef: ocpAcrName + - name: AZURE_FIRST_PARTY_APPLICATION_CLIENT_ID + configRef: firstPartyAppClientId + - name: FPA_CERT_NAME + value: firstPartyCert + - name: AZURE_MI_MOCK_SERVICE_PRINCIPAL_PRINCIPAL_ID + configRef: miMockPrincipalId + - name: AZURE_MI_MOCK_SERVICE_PRINCIPAL_CLIENT_ID + configRef: miMockClientId + - name: AZURE_ARM_HELPER_IDENTITY_CLIENT_ID + configRef: armHelperClientId + - name: AZURE_ARM_HELPER_MOCK_FPA_PRINCIPAL_ID + configRef: armHelperFPAPrincipalId + - name: MI_MOCK_SERVICE_PRINCIPAL_CERT_NAME + value: msiMockCert + - name: ARM_HELPER_CERT_NAME + value: armHelperCert + - name: BASE_DNS_ZONE_NAME + configRef: baseDnsZoneName + - name: REGIONAL_DNS_SUBDOMAIN + configRef: regionalDNSSubdomain + - name: USE_AZURE_DB + configRef: clusterService.postgres.deploy + - name: DATABASE_SERVER_NAME + configRef: clusterService.postgres.name + - name: DEVOPS_MSI_ID + configRef: aroDevopsMsiId + - name: OP_CLOUD_CONTROLLER_MANAGER_ROLE_NAME + configRef: clusterService.azureOperatorsManagedIdentities.cloudControllerManager.roleName + - name: OP_INGRESS_ROLE_NAME + configRef: clusterService.azureOperatorsManagedIdentities.ingress.roleName + - name: OP_DISK_CSI_DRIVER_ROLE_NAME + configRef: clusterService.azureOperatorsManagedIdentities.diskCsiDriver.roleName + - name: OP_FILE_CSI_DRIVER_ROLE_NAME + configRef: clusterService.azureOperatorsManagedIdentities.fileCsiDriver.roleName + - name: OP_IMAGE_REGISTRY_DRIVER_ROLE_NAME + configRef: clusterService.azureOperatorsManagedIdentities.imageRegistry.roleName + - name: OP_CLOUD_NETWORK_CONFIG_ROLE_NAME + configRef: clusterService.azureOperatorsManagedIdentities.cloudNetworkConfig.roleName + + # this is maestro consumer registration stuff + # this goes away when we have a real registration process + - name: CONSUMER_NAME + configRef: maestro.consumerName + - name: REGIONAL_RESOURCEGROUP + configRef: regionRG + - name: MGMT_RESOURCEGROUP + configRef: mgmt.rg + - name: CX_SECRETS_KV_NAME + configRef: cxKeyVault.name + - name: CX_MI_KV_NAME + configRef: msiKeyVault.name diff --git a/config/config.msft.yaml b/config/config.msft.yaml index 202cdb473..112ed65ac 100644 --- a/config/config.msft.yaml +++ b/config/config.msft.yaml @@ -138,6 +138,19 @@ clouds: clusterService: imageTag: ecd15ad imageRepo: app-sre/uhc-clusters-service + azureOperatorsManagedIdentities: + cloudControllerManager: + roleName: Azure Red Hat OpenShift Cloud Controller Manager Role + ingress: + roleName: Azure Red Hat OpenShift Cluster Ingress Operator Role + diskCsiDriver: + roleName: Azure Red Hat OpenShift Disk Storage Operator Role + fileCsiDriver: + roleName: Azure Red Hat OpenShift File Storage Operator Role + imageRegistry: + roleName: Azure Red Hat OpenShift Image Registry Operator Role + cloudNetworkConfig: + roleName: Azure Red Hat OpenShift Network Operator Role hypershiftOperator: imageTag: 9aca808 imageSync: diff --git a/config/config.schema.json b/config/config.schema.json index 071ec9dab..c3ef42f7b 100644 --- a/config/config.schema.json +++ b/config/config.schema.json @@ -2,6 +2,20 @@ "$schema": "http://json-schema.org/draft-07/schema#", "title": "Generated schema for Root", "type": "object", + "definitions": { + "operatorConfig": { + "type": "object", + "properties": { + "roleName": { + "type": "string" + } + }, + "additionalProperties": false, + "required": [ + "roleName" + ] + } + }, "properties": { "aksName": { "type": "string" @@ -55,8 +69,37 @@ "minTLSVersion" ] }, - "azureOperatorsManagedIdentitiesConfig":{ - "type": "string" + "azureOperatorsManagedIdentities": { + "type": "object", + "properties": { + "cloudControllerManager": { + "$ref": "#/definitions/operatorConfig" + }, + "ingress": { + "$ref": "#/definitions/operatorConfig" + }, + "diskCsiDriver": { + "$ref": "#/definitions/operatorConfig" + }, + "fileCsiDriver": { + "$ref": "#/definitions/operatorConfig" + }, + "imageRegistry": { + "$ref": "#/definitions/operatorConfig" + }, + "cloudNetworkConfig": { + "$ref": "#/definitions/operatorConfig" + } + }, + "additionalProperties": false, + "required": [ + "cloudControllerManager", + "ingress", + "diskCsiDriver", + "fileCsiDriver", + "imageRegistry", + "cloudNetworkConfig" + ] } }, "additionalProperties": false, diff --git a/config/config.yaml b/config/config.yaml index 52fd074f3..b58d3c823 100644 --- a/config/config.yaml +++ b/config/config.yaml @@ -145,87 +145,19 @@ clouds: clusterService: imageTag: 9f7fef3 imageRepo: app-sre/uhc-clusters-service - azureOperatorsManagedIdentitiesConfig: | - controlPlaneOperatorsIdentities: - cloud-controller-manager: - minOpenShiftVersion: 4.17 - azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/ebe170ec-1247-536a-86d9-74c829dd9844' - azureRoleDefinitionName: 'Azure Red Hat OpenShift Cloud Controller Manager - Dev' - optional: false - ingress: - minOpenShiftVersion: 4.17 - azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/589ca160-4fac-501e-ad6c-006a19583727' - azureRoleDefinitionName: 'Azure Red Hat OpenShift Cluster Ingress Operator - Dev' - optional: false - disk-csi-driver: - minOpenShiftVersion: 4.17 - azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/4367fe74-0b43-5033-b629-15d9f28415ac' - azureRoleDefinitionName: 'Azure Red Hat OpenShift Disk Storage Operator - Dev' - optional: false - file-csi-driver: - minOpenShiftVersion: 4.17 - azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/fdc0aaaa-1c3e-548e-ad27-0321e5fab18b' - azureRoleDefinitionName: 'Azure Red Hat OpenShift File Storage Operator - Dev' - optional: false - image-registry: - minOpenShiftVersion: 4.17 - azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/357b9263-656f-5d45-9d7a-ccb825f0683f' - azureRoleDefinitionName: 'Azure Red Hat OpenShift Image Registry Operator - Dev' - optional: false - cloud-network-config: - minOpenShiftVersion: 4.17 - azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/4e4f23fe-3fab-568b-a001-10b233b0f840' - azureRoleDefinitionName: 'Azure Red Hat OpenShift Network Operator - Dev' - optional: false - dataPlaneOperatorsIdentities: - disk-csi-driver: - minOpenShiftVersion: 4.17 - azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/4367fe74-0b43-5033-b629-15d9f28415ac' - azureRoleDefinitionName: 'Azure Red Hat OpenShift Disk Storage Operator - Dev' - k8sServiceAccounts: - - name: 'azure-disk-csi-driver-operator' - namespace: 'openshift-cluster-csi-drivers' - - name: 'azure-disk-csi-driver-controller-sa' - namespace: 'openshift-cluster-csi-drivers' - optional: false - image-registry: - minOpenShiftVersion: 4.17 - azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/357b9263-656f-5d45-9d7a-ccb825f0683f' - azureRoleDefinitionName: 'Azure Red Hat OpenShift Image Registry Operator - Dev' - k8sServiceAccounts: - - name: 'cluster-image-registry-operator' - namespace: 'openshift-image-registry' - - name: 'registry' - namespace: 'openshift-image-registry' - optional: false - file-csi-driver: - minOpenShiftVersion: 4.17 - azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/fdc0aaaa-1c3e-548e-ad27-0321e5fab18b' - azureRoleDefinitionName: 'Azure Red Hat OpenShift File Storage Operator - Dev' - k8sServiceAccounts: - - name: 'azure-file-csi-driver-operator' - namespace: 'openshift-cluster-csi-drivers' - - name: 'azure-file-csi-driver-controller-sa' - namespace: 'openshift-cluster-csi-drivers' - - name: 'azure-file-csi-driver-node-sa' - namespace: 'openshift-cluster-csi-drivers' - optional: false - ingress: - minOpenShiftVersion: 4.17 - azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/589ca160-4fac-501e-ad6c-006a19583727' - azureRoleDefinitionName: 'Azure Red Hat OpenShift Cluster Ingress Operator - Dev' - k8sServiceAccounts: - - name: 'ingress-operator' - namespace: 'openshift-ingress-operator' - optional: false - cloud-network-config: - minOpenShiftVersion: 4.17 - azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/4e4f23fe-3fab-568b-a001-10b233b0f840' - azureRoleDefinitionName: 'Azure Red Hat OpenShift Network Operator - Dev' - k8sServiceAccounts: - - name: 'cloud-network-config-controller' - namespace: 'openshift-cloud-network-config-controller' - optional: false + azureOperatorsManagedIdentities: + cloudControllerManager: + roleName: Azure Red Hat OpenShift Cloud Controller Manager - Dev + ingress: + roleName: Azure Red Hat OpenShift Cluster Ingress Operator - Dev + diskCsiDriver: + roleName: Azure Red Hat OpenShift Disk Storage Operator - Dev + fileCsiDriver: + roleName: Azure Red Hat OpenShift File Storage Operator - Dev + imageRegistry: + roleName: Azure Red Hat OpenShift Image Registry Operator - Dev + cloudNetworkConfig: + roleName: Azure Red Hat OpenShift Network Operator - Dev # Hypershift Operator hypershiftOperator: imageTag: 9aca808 @@ -345,7 +277,7 @@ clouds: # Cluster Service clusterService: postgres: - deploy: false + deploy: true # DNS regionalDNSSubdomain: '{{ .ctx.regionShort }}' # Maestro diff --git a/config/public-cloud-cs-pr.json b/config/public-cloud-cs-pr.json index 2b70860ec..964b1a136 100644 --- a/config/public-cloud-cs-pr.json +++ b/config/public-cloud-cs-pr.json @@ -10,7 +10,26 @@ "baseDnsZoneRG": "global", "clusterService": { "acrRG": "global", - "azureOperatorsManagedIdentitiesConfig": "controlPlaneOperatorsIdentities:\n cloud-controller-manager:\n minOpenShiftVersion: 4.17\n azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/ebe170ec-1247-536a-86d9-74c829dd9844'\n azureRoleDefinitionName: 'Azure Red Hat OpenShift Cloud Controller Manager - Dev'\n optional: false\n ingress:\n minOpenShiftVersion: 4.17\n azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/589ca160-4fac-501e-ad6c-006a19583727'\n azureRoleDefinitionName: 'Azure Red Hat OpenShift Cluster Ingress Operator - Dev'\n optional: false\n disk-csi-driver:\n minOpenShiftVersion: 4.17\n azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/4367fe74-0b43-5033-b629-15d9f28415ac'\n azureRoleDefinitionName: 'Azure Red Hat OpenShift Disk Storage Operator - Dev'\n optional: false\n file-csi-driver:\n minOpenShiftVersion: 4.17\n azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/fdc0aaaa-1c3e-548e-ad27-0321e5fab18b'\n azureRoleDefinitionName: 'Azure Red Hat OpenShift File Storage Operator - Dev'\n optional: false\n image-registry:\n minOpenShiftVersion: 4.17\n azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/357b9263-656f-5d45-9d7a-ccb825f0683f'\n azureRoleDefinitionName: 'Azure Red Hat OpenShift Image Registry Operator - Dev'\n optional: false\n cloud-network-config:\n minOpenShiftVersion: 4.17\n azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/4e4f23fe-3fab-568b-a001-10b233b0f840'\n azureRoleDefinitionName: 'Azure Red Hat OpenShift Network Operator - Dev'\n optional: false\ndataPlaneOperatorsIdentities:\n disk-csi-driver:\n minOpenShiftVersion: 4.17\n azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/4367fe74-0b43-5033-b629-15d9f28415ac'\n azureRoleDefinitionName: 'Azure Red Hat OpenShift Disk Storage Operator - Dev'\n k8sServiceAccounts:\n - name: 'azure-disk-csi-driver-operator'\n namespace: 'openshift-cluster-csi-drivers'\n - name: 'azure-disk-csi-driver-controller-sa'\n namespace: 'openshift-cluster-csi-drivers'\n optional: false\n image-registry:\n minOpenShiftVersion: 4.17\n azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/357b9263-656f-5d45-9d7a-ccb825f0683f'\n azureRoleDefinitionName: 'Azure Red Hat OpenShift Image Registry Operator - Dev'\n k8sServiceAccounts:\n - name: 'cluster-image-registry-operator'\n namespace: 'openshift-image-registry'\n - name: 'registry'\n namespace: 'openshift-image-registry'\n optional: false\n file-csi-driver:\n minOpenShiftVersion: 4.17\n azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/fdc0aaaa-1c3e-548e-ad27-0321e5fab18b'\n azureRoleDefinitionName: 'Azure Red Hat OpenShift File Storage Operator - Dev'\n k8sServiceAccounts:\n - name: 'azure-file-csi-driver-operator'\n namespace: 'openshift-cluster-csi-drivers'\n - name: 'azure-file-csi-driver-controller-sa'\n namespace: 'openshift-cluster-csi-drivers'\n - name: 'azure-file-csi-driver-node-sa'\n namespace: 'openshift-cluster-csi-drivers'\n optional: false\n ingress:\n minOpenShiftVersion: 4.17\n azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/589ca160-4fac-501e-ad6c-006a19583727'\n azureRoleDefinitionName: 'Azure Red Hat OpenShift Cluster Ingress Operator - Dev'\n k8sServiceAccounts:\n - name: 'ingress-operator'\n namespace: 'openshift-ingress-operator'\n optional: false\n cloud-network-config:\n minOpenShiftVersion: 4.17\n azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/4e4f23fe-3fab-568b-a001-10b233b0f840'\n azureRoleDefinitionName: 'Azure Red Hat OpenShift Network Operator - Dev'\n k8sServiceAccounts:\n - name: 'cloud-network-config-controller'\n namespace: 'openshift-cloud-network-config-controller'\n optional: false\n", + "azureOperatorsManagedIdentities": { + "cloudControllerManager": { + "roleName": "Azure Red Hat OpenShift Cloud Controller Manager - Dev" + }, + "cloudNetworkConfig": { + "roleName": "Azure Red Hat OpenShift Network Operator - Dev" + }, + "diskCsiDriver": { + "roleName": "Azure Red Hat OpenShift Disk Storage Operator - Dev" + }, + "fileCsiDriver": { + "roleName": "Azure Red Hat OpenShift File Storage Operator - Dev" + }, + "imageRegistry": { + "roleName": "Azure Red Hat OpenShift Image Registry Operator - Dev" + }, + "ingress": { + "roleName": "Azure Red Hat OpenShift Cluster Ingress Operator - Dev" + } + }, "imageRepo": "app-sre/uhc-clusters-service", "imageTag": "9f7fef3", "postgres": { diff --git a/config/public-cloud-dev.json b/config/public-cloud-dev.json index 0220889b0..b459f4c48 100644 --- a/config/public-cloud-dev.json +++ b/config/public-cloud-dev.json @@ -10,7 +10,26 @@ "baseDnsZoneRG": "global", "clusterService": { "acrRG": "global", - "azureOperatorsManagedIdentitiesConfig": "controlPlaneOperatorsIdentities:\n cloud-controller-manager:\n minOpenShiftVersion: 4.17\n azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/ebe170ec-1247-536a-86d9-74c829dd9844'\n azureRoleDefinitionName: 'Azure Red Hat OpenShift Cloud Controller Manager - Dev'\n optional: false\n ingress:\n minOpenShiftVersion: 4.17\n azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/589ca160-4fac-501e-ad6c-006a19583727'\n azureRoleDefinitionName: 'Azure Red Hat OpenShift Cluster Ingress Operator - Dev'\n optional: false\n disk-csi-driver:\n minOpenShiftVersion: 4.17\n azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/4367fe74-0b43-5033-b629-15d9f28415ac'\n azureRoleDefinitionName: 'Azure Red Hat OpenShift Disk Storage Operator - Dev'\n optional: false\n file-csi-driver:\n minOpenShiftVersion: 4.17\n azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/fdc0aaaa-1c3e-548e-ad27-0321e5fab18b'\n azureRoleDefinitionName: 'Azure Red Hat OpenShift File Storage Operator - Dev'\n optional: false\n image-registry:\n minOpenShiftVersion: 4.17\n azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/357b9263-656f-5d45-9d7a-ccb825f0683f'\n azureRoleDefinitionName: 'Azure Red Hat OpenShift Image Registry Operator - Dev'\n optional: false\n cloud-network-config:\n minOpenShiftVersion: 4.17\n azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/4e4f23fe-3fab-568b-a001-10b233b0f840'\n azureRoleDefinitionName: 'Azure Red Hat OpenShift Network Operator - Dev'\n optional: false\ndataPlaneOperatorsIdentities:\n disk-csi-driver:\n minOpenShiftVersion: 4.17\n azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/4367fe74-0b43-5033-b629-15d9f28415ac'\n azureRoleDefinitionName: 'Azure Red Hat OpenShift Disk Storage Operator - Dev'\n k8sServiceAccounts:\n - name: 'azure-disk-csi-driver-operator'\n namespace: 'openshift-cluster-csi-drivers'\n - name: 'azure-disk-csi-driver-controller-sa'\n namespace: 'openshift-cluster-csi-drivers'\n optional: false\n image-registry:\n minOpenShiftVersion: 4.17\n azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/357b9263-656f-5d45-9d7a-ccb825f0683f'\n azureRoleDefinitionName: 'Azure Red Hat OpenShift Image Registry Operator - Dev'\n k8sServiceAccounts:\n - name: 'cluster-image-registry-operator'\n namespace: 'openshift-image-registry'\n - name: 'registry'\n namespace: 'openshift-image-registry'\n optional: false\n file-csi-driver:\n minOpenShiftVersion: 4.17\n azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/fdc0aaaa-1c3e-548e-ad27-0321e5fab18b'\n azureRoleDefinitionName: 'Azure Red Hat OpenShift File Storage Operator - Dev'\n k8sServiceAccounts:\n - name: 'azure-file-csi-driver-operator'\n namespace: 'openshift-cluster-csi-drivers'\n - name: 'azure-file-csi-driver-controller-sa'\n namespace: 'openshift-cluster-csi-drivers'\n - name: 'azure-file-csi-driver-node-sa'\n namespace: 'openshift-cluster-csi-drivers'\n optional: false\n ingress:\n minOpenShiftVersion: 4.17\n azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/589ca160-4fac-501e-ad6c-006a19583727'\n azureRoleDefinitionName: 'Azure Red Hat OpenShift Cluster Ingress Operator - Dev'\n k8sServiceAccounts:\n - name: 'ingress-operator'\n namespace: 'openshift-ingress-operator'\n optional: false\n cloud-network-config:\n minOpenShiftVersion: 4.17\n azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/4e4f23fe-3fab-568b-a001-10b233b0f840'\n azureRoleDefinitionName: 'Azure Red Hat OpenShift Network Operator - Dev'\n k8sServiceAccounts:\n - name: 'cloud-network-config-controller'\n namespace: 'openshift-cloud-network-config-controller'\n optional: false\n", + "azureOperatorsManagedIdentities": { + "cloudControllerManager": { + "roleName": "Azure Red Hat OpenShift Cloud Controller Manager - Dev" + }, + "cloudNetworkConfig": { + "roleName": "Azure Red Hat OpenShift Network Operator - Dev" + }, + "diskCsiDriver": { + "roleName": "Azure Red Hat OpenShift Disk Storage Operator - Dev" + }, + "fileCsiDriver": { + "roleName": "Azure Red Hat OpenShift File Storage Operator - Dev" + }, + "imageRegistry": { + "roleName": "Azure Red Hat OpenShift Image Registry Operator - Dev" + }, + "ingress": { + "roleName": "Azure Red Hat OpenShift Cluster Ingress Operator - Dev" + } + }, "imageRepo": "app-sre/uhc-clusters-service", "imageTag": "9f7fef3", "postgres": { diff --git a/config/public-cloud-msft-int.json b/config/public-cloud-msft-int.json index 90668adf3..92bfdfdef 100644 --- a/config/public-cloud-msft-int.json +++ b/config/public-cloud-msft-int.json @@ -10,6 +10,26 @@ "baseDnsZoneRG": "global-shared-resources", "clusterService": { "acrRG": "global-shared-resources", + "azureOperatorsManagedIdentities": { + "cloudControllerManager": { + "roleName": "Azure Red Hat OpenShift Cloud Controller Manager Role" + }, + "cloudNetworkConfig": { + "roleName": "Azure Red Hat OpenShift Network Operator Role" + }, + "diskCsiDriver": { + "roleName": "Azure Red Hat OpenShift Disk Storage Operator Role" + }, + "fileCsiDriver": { + "roleName": "Azure Red Hat OpenShift File Storage Operator Role" + }, + "imageRegistry": { + "roleName": "Azure Red Hat OpenShift Image Registry Operator Role" + }, + "ingress": { + "roleName": "Azure Red Hat OpenShift Cluster Ingress Operator Role" + } + }, "imageRepo": "app-sre/uhc-clusters-service", "imageTag": "ecd15ad", "postgres": { diff --git a/config/public-cloud-personal-dev.json b/config/public-cloud-personal-dev.json index 894ec7ad8..9d5610c81 100644 --- a/config/public-cloud-personal-dev.json +++ b/config/public-cloud-personal-dev.json @@ -10,7 +10,26 @@ "baseDnsZoneRG": "global", "clusterService": { "acrRG": "global", - "azureOperatorsManagedIdentitiesConfig": "controlPlaneOperatorsIdentities:\n cloud-controller-manager:\n minOpenShiftVersion: 4.17\n azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/ebe170ec-1247-536a-86d9-74c829dd9844'\n azureRoleDefinitionName: 'Azure Red Hat OpenShift Cloud Controller Manager - Dev'\n optional: false\n ingress:\n minOpenShiftVersion: 4.17\n azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/589ca160-4fac-501e-ad6c-006a19583727'\n azureRoleDefinitionName: 'Azure Red Hat OpenShift Cluster Ingress Operator - Dev'\n optional: false\n disk-csi-driver:\n minOpenShiftVersion: 4.17\n azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/4367fe74-0b43-5033-b629-15d9f28415ac'\n azureRoleDefinitionName: 'Azure Red Hat OpenShift Disk Storage Operator - Dev'\n optional: false\n file-csi-driver:\n minOpenShiftVersion: 4.17\n azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/fdc0aaaa-1c3e-548e-ad27-0321e5fab18b'\n azureRoleDefinitionName: 'Azure Red Hat OpenShift File Storage Operator - Dev'\n optional: false\n image-registry:\n minOpenShiftVersion: 4.17\n azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/357b9263-656f-5d45-9d7a-ccb825f0683f'\n azureRoleDefinitionName: 'Azure Red Hat OpenShift Image Registry Operator - Dev'\n optional: false\n cloud-network-config:\n minOpenShiftVersion: 4.17\n azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/4e4f23fe-3fab-568b-a001-10b233b0f840'\n azureRoleDefinitionName: 'Azure Red Hat OpenShift Network Operator - Dev'\n optional: false\ndataPlaneOperatorsIdentities:\n disk-csi-driver:\n minOpenShiftVersion: 4.17\n azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/4367fe74-0b43-5033-b629-15d9f28415ac'\n azureRoleDefinitionName: 'Azure Red Hat OpenShift Disk Storage Operator - Dev'\n k8sServiceAccounts:\n - name: 'azure-disk-csi-driver-operator'\n namespace: 'openshift-cluster-csi-drivers'\n - name: 'azure-disk-csi-driver-controller-sa'\n namespace: 'openshift-cluster-csi-drivers'\n optional: false\n image-registry:\n minOpenShiftVersion: 4.17\n azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/357b9263-656f-5d45-9d7a-ccb825f0683f'\n azureRoleDefinitionName: 'Azure Red Hat OpenShift Image Registry Operator - Dev'\n k8sServiceAccounts:\n - name: 'cluster-image-registry-operator'\n namespace: 'openshift-image-registry'\n - name: 'registry'\n namespace: 'openshift-image-registry'\n optional: false\n file-csi-driver:\n minOpenShiftVersion: 4.17\n azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/fdc0aaaa-1c3e-548e-ad27-0321e5fab18b'\n azureRoleDefinitionName: 'Azure Red Hat OpenShift File Storage Operator - Dev'\n k8sServiceAccounts:\n - name: 'azure-file-csi-driver-operator'\n namespace: 'openshift-cluster-csi-drivers'\n - name: 'azure-file-csi-driver-controller-sa'\n namespace: 'openshift-cluster-csi-drivers'\n - name: 'azure-file-csi-driver-node-sa'\n namespace: 'openshift-cluster-csi-drivers'\n optional: false\n ingress:\n minOpenShiftVersion: 4.17\n azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/589ca160-4fac-501e-ad6c-006a19583727'\n azureRoleDefinitionName: 'Azure Red Hat OpenShift Cluster Ingress Operator - Dev'\n k8sServiceAccounts:\n - name: 'ingress-operator'\n namespace: 'openshift-ingress-operator'\n optional: false\n cloud-network-config:\n minOpenShiftVersion: 4.17\n azureRoleDefinitionResourceId: '/providers/Microsoft.Authorization/roleDefinitions/4e4f23fe-3fab-568b-a001-10b233b0f840'\n azureRoleDefinitionName: 'Azure Red Hat OpenShift Network Operator - Dev'\n k8sServiceAccounts:\n - name: 'cloud-network-config-controller'\n namespace: 'openshift-cloud-network-config-controller'\n optional: false\n", + "azureOperatorsManagedIdentities": { + "cloudControllerManager": { + "roleName": "Azure Red Hat OpenShift Cloud Controller Manager - Dev" + }, + "cloudNetworkConfig": { + "roleName": "Azure Red Hat OpenShift Network Operator - Dev" + }, + "diskCsiDriver": { + "roleName": "Azure Red Hat OpenShift Disk Storage Operator - Dev" + }, + "fileCsiDriver": { + "roleName": "Azure Red Hat OpenShift File Storage Operator - Dev" + }, + "imageRegistry": { + "roleName": "Azure Red Hat OpenShift Image Registry Operator - Dev" + }, + "ingress": { + "roleName": "Azure Red Hat OpenShift Cluster Ingress Operator - Dev" + } + }, "imageRepo": "app-sre/uhc-clusters-service", "imageTag": "9f7fef3", "postgres": { diff --git a/tooling/templatize/pkg/pipeline/shell.go b/tooling/templatize/pkg/pipeline/shell.go index 4761a2ef0..8babcae18 100644 --- a/tooling/templatize/pkg/pipeline/shell.go +++ b/tooling/templatize/pkg/pipeline/shell.go @@ -91,7 +91,10 @@ func (s *ShellStep) mapStepVariables(vars config.Variables) (map[string]string, return nil, fmt.Errorf("failed to lookup config reference %s for %s", e.ConfigRef, e.Name) } envVars[e.Name] = utils.AnyToString(value) + } else if e.Value != "" { + envVars[e.Name] = e.Value } + // what about output chaining? :( } return envVars, nil } From ccb77a0c45694f89e1258d32c30d0bceb126983b Mon Sep 17 00:00:00 2001 From: Gerd Oberlechner Date: Sat, 21 Dec 2024 14:09:19 +0100 Subject: [PATCH 2/2] remove linter exception Signed-off-by: Gerd Oberlechner --- .yamllint.yml | 3 +-- config/config.yaml | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.yamllint.yml b/.yamllint.yml index 37489b560..0be3556a7 100644 --- a/.yamllint.yml +++ b/.yamllint.yml @@ -3,8 +3,7 @@ yaml-files: - '*.yaml' - '*.yml' - '.yamllint' -ignore: - - 'cluster-service/deploy/helm/templates/azure-operators-managed-identities-config.configmap.yaml' +ignore: [] rules: brackets: enable diff --git a/config/config.yaml b/config/config.yaml index b58d3c823..247cf83b4 100644 --- a/config/config.yaml +++ b/config/config.yaml @@ -277,7 +277,7 @@ clouds: # Cluster Service clusterService: postgres: - deploy: true + deploy: false # DNS regionalDNSSubdomain: '{{ .ctx.regionShort }}' # Maestro