Skip to content

WIP: Add MSI Support for Azure HostedClusters#4484

Closed
bryan-cox wants to merge 5 commits into
openshift:mainfrom
bryan-cox:msi-deployment
Closed

WIP: Add MSI Support for Azure HostedClusters#4484
bryan-cox wants to merge 5 commits into
openshift:mainfrom
bryan-cox:msi-deployment

Conversation

@bryan-cox
Copy link
Copy Markdown
Member

@bryan-cox bryan-cox commented Aug 5, 2024
edited
Loading

What this PR does / why we need it:
This PR adds:

  • API support for the client IDs related to the MSIs for cluster-image-registry, cluster-ingress, cluster-storage,
    and cluster-network operators
  • Adds an environment variable AZURE_MSI_AUTHENTICATION, set to true when the client ID is provided, in the deployments of cluster-image-registry, cluster-ingress, cluster-storage,
    and cluster-network operators

Which issue(s) this PR fixes:
Fixes #

Checklist

  • Subject and description added to both, commit and PR.
  • Relevant issues have been referenced.
  • This change includes docs.
  • This change includes unit tests.

@openshift-ci openshift-ci Bot added do-not-merge/needs-area do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. labels Aug 5, 2024
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Aug 5, 2024

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@netlify
Copy link
Copy Markdown

netlify Bot commented Aug 5, 2024
edited
Loading

Deploy Preview for hypershift-docs ready!

Name Link
🔨 Latest commit afb0388
🔍 Latest deploy log https://app.netlify.com/sites/hypershift-docs/deploys/66b24047beba7a0008d51f53
😎 Deploy Preview https://deploy-preview-4484--hypershift-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Aug 5, 2024

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@openshift-ci openshift-ci Bot added area/ci-tooling Indicates the PR includes changes for CI or tooling area/cli Indicates the PR includes changes for CLI labels Aug 5, 2024
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Aug 5, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bryan-cox

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added area/control-plane-operator Indicates the PR includes changes for the control plane operator - in an OCP release approved Indicates a PR has been approved by an approver from all required OWNERS files. area/documentation Indicates the PR includes changes for documentation area/hypershift-operator Indicates the PR includes changes for the hypershift operator and API - outside an OCP release and removed do-not-merge/needs-area labels Aug 5, 2024
@bryan-cox bryan-cox force-pushed the msi-deployment branch 6 times, most recently from f3eebcb to 5db947e Compare August 6, 2024 14:46
@bryan-cox bryan-cox changed the title WIP: Add ImageRegistry MSI to HostedCluster for Azure Add MSI Support for Azure HostedClusters Aug 6, 2024
@bryan-cox bryan-cox changed the title Add MSI Support for Azure HostedClusters NE-1688,SDN-4773,STOR-1992,IR-467:Add MSI Support for Azure HostedClusters Aug 6, 2024
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Aug 6, 2024
@openshift-ci-robot
Copy link
Copy Markdown

openshift-ci-robot commented Aug 6, 2024
edited by openshift-ci Bot
Loading

@bryan-cox: This pull request references NE-1688 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.17.0" version, but no target version was set.

This pull request references SDN-4773 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.17.0" version, but no target version was set.

This pull request references STOR-1992 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.17.0" version, but no target version was set.

This pull request references IR-467 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target either version "4.17." or "openshift-4.17.", but it targets "openshift-4.16" instead.

Details

In response to this:

What this PR does / why we need it:
This PR adds:

  • API support for the client IDs related to the MSIs for cluster-image-registry, cluster-ingress, cluster-storage,
    and cluster-network operators
  • Adds an environment variable AZURE_MSI_AUTHENTICATION, set to true when the client ID is provided, in the deployments of cluster-image-registry, cluster-ingress, cluster-storage,
    and cluster-network operators

Which issue(s) this PR fixes:
Fixes #

Checklist

  • Subject and description added to both, commit and PR.
  • Relevant issues have been referenced.
  • This change includes docs.
  • This change includes unit tests.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@bryan-cox bryan-cox changed the title NE-1688,SDN-4773,STOR-1992,IR-467:Add MSI Support for Azure HostedClusters NE-1688,SDN-4773,STOR-1992,IR-467: Add MSI Support for Azure HostedClusters Aug 6, 2024
@bryan-cox bryan-cox force-pushed the msi-deployment branch 2 times, most recently from afb0388 to 7da38f4 Compare August 6, 2024 16:25
@bryan-cox
Copy link
Copy Markdown
Member Author

bryan-cox commented Aug 6, 2024

/test all

@bryan-cox
Add MSI Support in Azure HC API
5223fb9 
Adds fields in the Azure HostedCluster API for the client IDs related to
 the managed service identities used for the following control plane
 components: cluster-image-registry, cluster-ingress, cluster-storage,
 and cluster-network operators

Signed-off-by: Bryan Cox <brcox@redhat.com>
@bryan-cox
Copy link
Copy Markdown
Member Author

bryan-cox commented Aug 6, 2024

/test all

@bryan-cox
Set Azure MSI override for cluster-image-registry
de2ac6a 
Set the Azure MSI override for the cluster-image-registry-operator
deployment through an environment variable.

Signed-off-by: Bryan Cox <brcox@redhat.com>
@bryan-cox
Set Azure MSI override in cluster-ingress-operator
610fd23 
Set the Azure MSI override in the cluster-ingress-operator
deployment through an environment variable.

Signed-off-by: Bryan Cox <brcox@redhat.com>
@bryan-cox
Set Azure MSI override in cluster-storage-operator
3d32cdd 
Set the Azure MSI override for the cluster-storage-operator deployment
through an environment variable.

Signed-off-by: Bryan Cox <brcox@redhat.com>
@bryan-cox
Set Azure MSI override in cluster-network-operator
e542a67 
Set the Azure MSI override for the cluster-network-operator deployment
through an environment variable.

Signed-off-by: Bryan Cox <brcox@redhat.com>
@bryan-cox
Copy link
Copy Markdown
Member Author

bryan-cox commented Aug 7, 2024

/test all

@bryan-cox
Copy link
Copy Markdown
Member Author

bryan-cox commented Aug 7, 2024

/retest

@bryan-cox
Copy link
Copy Markdown
Member Author

bryan-cox commented Aug 7, 2024

/test e2e-aws

@bryan-cox bryan-cox marked this pull request as ready for review August 7, 2024 12:47
@openshift-ci openshift-ci Bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Aug 7, 2024
@openshift-ci openshift-ci Bot requested review from enxebre and hasueki August 7, 2024 12:48
muraee
muraee reviewed Aug 7, 2024
View reviewed changes
Comment thread api/hypershift/v1alpha1/hostedcluster_types.go
//
// +kubebuilder:validation:Required
// +required
ImageRegistryMSIClientID string `json:"imageRegistryMSIClientID,omitempty"`
Copy link
Copy Markdown
Contributor

@muraee muraee Aug 7, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

required fields should not have omitempty
same comment for the rest of the fields.

@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Aug 7, 2024

@bryan-cox: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-kubevirt-aws-ovn-reduced e542a67 link true /test e2e-kubevirt-aws-ovn-reduced
ci/prow/e2e-aks e542a67 link false /test e2e-aks
ci/prow/e2e-azure e542a67 link false /test e2e-azure

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@bryan-cox bryan-cox marked this pull request as draft August 8, 2024 19:10
@openshift-ci openshift-ci Bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Aug 8, 2024
@bryan-cox bryan-cox changed the title NE-1688,SDN-4773,STOR-1992,IR-467: Add MSI Support for Azure HostedClusters WIP: Add MSI Support for Azure HostedClusters Aug 8, 2024
@openshift-ci-robot openshift-ci-robot removed the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Aug 8, 2024
@openshift-ci-robot
Copy link
Copy Markdown

openshift-ci-robot commented Aug 8, 2024

@bryan-cox: No Jira issue is referenced in the title of this pull request.
To reference a jira issue, add 'XYZ-NNN:' to the title of this pull request and request another refresh with /jira refresh.

Details

In response to this:

What this PR does / why we need it:
This PR adds:

  • API support for the client IDs related to the MSIs for cluster-image-registry, cluster-ingress, cluster-storage,
    and cluster-network operators
  • Adds an environment variable AZURE_MSI_AUTHENTICATION, set to true when the client ID is provided, in the deployments of cluster-image-registry, cluster-ingress, cluster-storage,
    and cluster-network operators

Which issue(s) this PR fixes:
Fixes #

Checklist

  • Subject and description added to both, commit and PR.
  • Relevant issues have been referenced.
  • This change includes docs.
  • This change includes unit tests.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Aug 13, 2024
@openshift-merge-robot
Copy link
Copy Markdown
Contributor

openshift-merge-robot commented Aug 13, 2024

PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@bryan-cox
Copy link
Copy Markdown
Member Author

bryan-cox commented Sep 10, 2024

/close
Working on this through #4690

@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Sep 10, 2024

@bryan-cox: Closed this PR.

Details

In response to this:

/close
Working on this through #4690

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-ci openshift-ci Bot closed this Sep 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@enxebre enxebre Awaiting requested review from enxebre

@hasueki hasueki Awaiting requested review from hasueki

1 more reviewer

@muraee muraee muraee left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. area/ci-tooling Indicates the PR includes changes for CI or tooling area/cli Indicates the PR includes changes for CLI area/control-plane-operator Indicates the PR includes changes for the control plane operator - in an OCP release area/documentation Indicates the PR includes changes for documentation area/hypershift-operator Indicates the PR includes changes for the hypershift operator and API - outside an OCP release do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@bryan-cox @openshift-ci-robot @openshift-merge-robot @muraee