pipeline.yaml for RP (#851)

* pipeline.yaml for region, SVC and RP * MSFT configuration
Azure · Nov 21, 2024 · 96e593e · 96e593e
1 parent 35a9823
commit 96e593e
Show file tree

Hide file tree

Showing 39 changed files with 1,542 additions and 274 deletions.
diff --git a/backend/.gitignore b/backend/.gitignore
@@ -1 +0,0 @@
-config.mk

diff --git a/backend/Makefile b/backend/Makefile
@@ -1,38 +1,40 @@
-SHELL = /bin/bash
-DEPLOY_ENV ?= personal-dev
-$(shell ../templatize.sh $(DEPLOY_ENV) config.tmpl.mk config.mk)
-include config.mk
+include ../setup-env.mk
 
-COMMIT = $(shell git rev-parse --short=7 HEAD)
+COMMIT ?= $(shell git rev-parse --short=7 HEAD)
 ARO_HCP_BASE_IMAGE ?= ${ARO_HCP_IMAGE_ACR}.azurecr.io
 ARO_HCP_BACKEND_IMAGE ?= $(ARO_HCP_BASE_IMAGE)/arohcpbackend:$(COMMIT)
 
 backend:
 	go build -o aro-hcp-backend .
+.PHONY: backend
 
 run:
 	./aro-hcp-backend --location ${LOCATION} \
 		--clusters-service-url http://localhost:8000
+.PHONY: run
 
 clean:
 	rm -f aro-hcp-backend
+.PHONY: clean
 
 image:
 	pushd .. && git archive --output backend/archive.tar.gz HEAD && popd
 	docker build -f "./Dockerfile" -t ${ARO_HCP_BACKEND_IMAGE} .
 	rm -f archive.tar.gz
+.PHONY: image
 
 push: image
 	az acr login --name ${ARO_HCP_IMAGE_ACR}
 	docker push ${ARO_HCP_BACKEND_IMAGE}
+.PHONY: push
 
 deploy:
-	BACKEND_MI_CLIENT_ID=$(shell az identity show \
+	BACKEND_MI_CLIENT_ID=$$(az identity show \
 			-g ${RESOURCEGROUP} \
 			-n backend \
-			--query clientId);\
-	ISTO_VERSION=$(shell az aks show -n ${AKS_NAME} -g ${RESOURCEGROUP} --query serviceMeshProfile.istio.revisions[-1] -o tsv) && \
-	DB_URL=$(shell az cosmosdb show -n ${DB_NAME} -g ${RESOURCEGROUP} --query documentEndpoint -o tsv) && \
+			--query clientId -o tsv) && \
+	ISTO_VERSION=$$(az aks show -n ${AKS_NAME} -g ${RESOURCEGROUP} --query serviceMeshProfile.istio.revisions[-1] -o tsv) && \
+	DB_URL=$$(az cosmosdb show -n ${DB_NAME} -g ${RESOURCEGROUP} --query documentEndpoint -o tsv) && \
 	kubectl create namespace aro-hcp --dry-run=client -o json | kubectl apply -f - && \
 	kubectl label namespace aro-hcp "istio.io/rev=$${ISTO_VERSION}" --overwrite=true && \
 	helm upgrade --install aro-hcp-backend-dev \
@@ -45,8 +47,8 @@ deploy:
 		--set configMap.location=${LOCATION} \
 		--set deployment.imageName=${ARO_HCP_BACKEND_IMAGE} \
 		--namespace aro-hcp
+.PHONY: deploy
 
 undeploy:
 	helm uninstall aro-hcp-backend-dev --namespace aro-hcp
-
-.PHONY: backend run clean image push deploy undeploy
+.PHONY: undeploy
diff --git a/backend/config.tmpl.mk b/backend/config.tmpl.mk
diff --git a/backend/pipeline.yaml b/backend/pipeline.yaml
@@ -0,0 +1,21 @@
+serviceGroup: Microsoft.Azure.ARO.Test
+rolloutName: RP - Backend
+resourceGroups:
+- name: {{ .svc.rg }}
+  subscription: {{ .svc.subscription }}
+  aksCluster: {{ .aksName }}
+  steps:
+  - name: deploy
+    action: Shell
+    command: ["make", "deploy"]
+    env:
+    - name: ARO_HCP_IMAGE_ACR
+      configRef: svcAcrName
+    - name: LOCATION
+      configRef: region
+    - name: RESOURCEGROUP
+      configRef: svc.rg
+    - name: AKS_NAME
+      configRef: aksName
+    - name: DB_NAME
+      configRef: frontend.cosmosDB.name
diff --git a/config/config.msft.yaml b/config/config.msft.yaml
@@ -1,6 +1,6 @@
+$schema: config.schema.json
 defaults:
   region: {{ .ctx.region }}
-
   # Resourcegroups
   globalRG: global-shared-resources
   regionRG: '{{ .ctx.region }}-shared-resources'
@@ -14,26 +14,26 @@ defaults:
   aksName: aro-hcp-aks
 
   # ACR
-  serviceComponentAcrResourceGroups: global-shared-resources
+  serviceComponentAcrResourceGroups: '{{ .ctx.region }}-shared-resources'
 
   # Hypershift
   hypershift:
     namespace: hypershift
-    additionalInstallArg: ''
+    additionalInstallArg: '--tech-preview-no-upgrade'
     externalDNSManagedIdentityName: external-dns
     externalDNSServiceAccountName: external-dns
 
   svc:
+    subscription: hcp-{{ .ctx.region }}
     rg: hcp-underlay-{{ .ctx.region }}-svc
-    clusterSubscription: hcp-{{ .ctx.region }}
     etcd:
       kvName: arohcp-etcd-{{ .ctx.regionShort }}
       kvSoftDelete: true
 
   # MGMT cluster specifics
   mgmt:
+    subscription: hcp-{{ .ctx.region }}
     rg: hcp-underlay-{{ .ctx.region }}-mgmt-{{ .ctx.stamp }}
-    clusterSubscription: hcp-{{ .ctx.region }}
     etcd:
       kvName: arohcp-etcd-{{ .ctx.regionShort }}-{{ .ctx.stamp }}
       kvSoftDelete: true
@@ -55,24 +55,26 @@ defaults:
       name: arohcp-maestro-{{ .ctx.regionShort }}
       serverVersion: '15'
       serverStorageSizeGB: '32'
-      deploy: true
+      deploy: false
       private: false
+      minTLSVersion: 'TLSV1.2'
     restrictIstioIngress: true
     consumerName: hcp-underlay-{{ .ctx.regionShort }}-mgmt-{{ .ctx.stamp }}
     imageBase: quay.io/redhat-user-workloads/maestro-rhtap-tenant/maestro/maestro
 
   # Cluster Service
   clusterService:
-    acrRG: global-shared-resources
+    acrRG: '{{ .ctx.region }}-shared-resources'
     postgres:
       name: arohcp-cs-{{ .ctx.regionShort }}
       deploy: true
       private: false
+      minTLSVersion: 'TLSV1.2'
 
   # Image Sync
   imageSync:
     rg: hcp-underlay-imagesync
-    acrRG: global-shared-resources
+    acrRG: '{{ .ctx.region }}-shared-resources'
     environmentName: aro-hcp-image-sync
     repositories: registry.k8s.io/external-dns/external-dns,quay.io/acm-d/rhtap-hypershift-operator,quay.io/app-sre/uhc-clusters-service,quay.io/package-operator/package-operator-package
     imageRepo: image-sync/component-sync
@@ -85,28 +87,25 @@ defaults:
     name: arohcp-svc-{{ .ctx.regionShort }}
     rg: hcp-underlay-{{ .ctx.regionShort }}
     region: {{ .ctx.region }}
-    softDelete: true
-    private: true
+    softDelete: false
+    private: false
 
   # Management Cluster KV
   cxKeyVault:
     name: arohcp-cx-{{ .ctx.regionShort }}-{{ .ctx.stamp }}
-    softDelete: true
-    private: true
+    softDelete: false
+    private: false
   msiKeyVault:
     name: arohcp-msi-{{ .ctx.regionShort }}-{{ .ctx.stamp }}
-    softDelete: true
-    private: true
+    softDelete: false
+    private: false
   mgmtKeyVault:
     name: arohcp-mgmt-{{ .ctx.regionShort }}-{{ .ctx.stamp }}
-    softDelete: true
-    private: true
-
-  # OIDC
-  oidcStorageAccountName: arohcpoidc{{ .ctx.regionShort }}
+    softDelete: false
+    private: false
 
   # DNS
-  baseDnsZoneRG: 'global-shared-resources'
+  baseDnsZoneRG: '{{ .ctx.region }}-shared-resources'
   regionalDNSSubdomain: '{{ .ctx.region }}'
 
   # Metrics
@@ -115,38 +114,29 @@ defaults:
     grafanaName: 'arohcp-{{ .ctx.regionShort }}'
     msiName: 'aro-hcp-metrics-msi-{{ .ctx.regionShort }}'
 
-  # ACR
-  acrName: arohcpdev
-  svcAcrName: arohcpsvcdev
-  ocpAcrName: arohcpocpdev
-
 clouds:
   public:
     # this configuration serves as a template for for all RH DEV subscription deployments
     # the following vars need approprivate overrides:
     defaults:
-      # Maestro
       maestro:
-        postgres:
-          deploy: false
         imageTag: ea066c250a002f0cc458711945165591bc9f6d3f
-      # Cluster Service
       clusterService:
-        imageTag: a23276d
+        imageTag: aac7623
         imageRepo: app-sre/uhc-clusters-service
-
-      # Hypershift Operator
-      hypershiftOperatorImageTag: 99a256f
-      externalDNSImageTag: v0.14.2
+      hypershiftOperator:
+        imageTag: 9aca808
+      externalDNS:
+        imageTag: v0.14.2
 
     environments:
       int:
         # this is the MSFT INT environment
         defaults:
-          svc:
-            clusterSubscription: hcp-{{ .ctx.region }}
+            # OIDC
+          oidcStorageAccountName: arohcpoidcint{{ .ctx.regionShort }}
+          # MC
           mgmt:
-            clusterSubscription: hcp-{{ .ctx.region }}
             # MGMTM AKS nodepools - big enough for 2 HCPs
             systemAgentPool:
               minCount: 1
@@ -162,18 +152,24 @@ clouds:
           # DNS
           baseDnsZoneName: aro-hcp.azure-test.net'
           regionalDNSSubdomain: '{{ .ctx.region }}'
+
+          # ACR
+          acrName: arohcpint
+          svcAcrName: arohcpsvcint
+          ocpAcrName: arohcpocpint
+
           # 1P app
           firstPartyAppClientId: '??? the one used by CS to do first party stuff ???'
 
           # disable KV softdelete for easy cleanup and recreate in INT
           cxKeyVault:
-            softdelete: false
+            softDelete: false
             private: false
           msiKeyVault:
-            softdelete: false
+            softDelete: false
             private: false
           mgmtKeyVault:
-            softdelete: false
+            softDelete: false
             private: false
 
           # Grafana

diff --git a/config/config.yaml b/config/config.yaml
@@ -63,6 +63,7 @@ defaults:
       minTLSVersion: 'TLSV1.2'
     restrictIstioIngress: true
     consumerName: hcp-underlay-{{ .ctx.regionShort }}-mgmt-{{ .ctx.stamp }}
+    imageBase: quay.io/redhat-user-workloads/maestro-rhtap-tenant/maestro/maestro
 
   # Cluster Service
   clusterService:
@@ -121,7 +122,6 @@ clouds:
       maestro:
         postgres:
           deploy: false
-        imageBase: quay.io/redhat-user-workloads/maestro-rhtap-tenant/maestro/maestro
         imageTag: ea066c250a002f0cc458711945165591bc9f6d3f
       # Cluster Service
       clusterService:

diff --git a/dev-infrastructure/region-pipeline.yaml b/dev-infrastructure/region-pipeline.yaml
@@ -0,0 +1,16 @@
+serviceGroup: Microsoft.Azure.ARO.Test
+rolloutName: Region Rollout
+resourceGroups:
+- name: {{ .regionRG }}
+  subscription: {{ .svc.subscription }}
+  steps:
+  - name: region
+    action: ARM
+    template: templates/region.bicep
+    parameters: configurations/region.tmpl.bicepparam
+  - name: region
+    action: ARM
+    template: modules/modules/metrics.bicep
+    parameters: configurations/metrics.tmpl.bicepparam
+    dependsOn:
+    - region
diff --git a/dev-infrastructure/svc-pipeline.yaml b/dev-infrastructure/svc-pipeline.yaml
@@ -0,0 +1,27 @@
+serviceGroup: Microsoft.Azure.ARO.Test
+rolloutName: Service Cluster Rollout
+resourceGroups:
+- name: {{ .svc.rg }}
+  subscription: {{ .svc.subscription }}
+  aksCluster: {{ .aksName }}
+  steps:
+  - name: svc
+    action: ARM
+    template: templates/svc-cluster.bicep
+    parameters: configurations/svc-cluster.tmpl.bicepparam
+  - name: enable-metrics
+    action: Shell
+    command: ["/bin/bash", "-c", "scripts/enable-aks-metrics.sh"]
+    env:
+    - name: RESOURCEGROUP
+      configRef: serviceClusterRG
+    - name: AKS_NAME
+      configRef: aksName
+    - name: GRAFANA_RESOURCEGROUP
+      configRef: regionRG
+    - name: MONITORING_WORKSPACE_NAME
+      configRef: monitoringWorkspaceName
+    - name: GRAFANA_NAME
+      configRef: grafanaName
+    dependsOn:
+    - svc
diff --git a/frontend/.gitignore b/frontend/.gitignore
@@ -1 +0,0 @@
-config.mk

diff --git a/frontend/Makefile b/frontend/Makefile
@@ -1,9 +1,6 @@
-SHELL = /bin/bash
-DEPLOY_ENV ?= personal-dev
-$(shell ../templatize.sh $(DEPLOY_ENV) config.tmpl.mk config.mk)
-include config.mk
+include ../setup-env.mk
 
-COMMIT = $(shell git rev-parse --short=7 HEAD)
+COMMIT ?= $(shell git rev-parse --short=7 HEAD)
 ARO_HCP_BASE_IMAGE ?= ${ARO_HCP_IMAGE_ACR}.azurecr.io
 ARO_HCP_FRONTEND_IMAGE ?= $(ARO_HCP_BASE_IMAGE)/arohcpfrontend:$(COMMIT)
 
@@ -19,25 +16,27 @@ run:
 
 clean:
 	rm -f aro-hcp-frontend
+.PHONY: clean
 
 build-push: image push
 
 image:
 	pushd .. && git archive --output frontend/archive.tar.gz HEAD && popd
 	docker build -f "./Dockerfile" -t ${ARO_HCP_FRONTEND_IMAGE} .
 	rm -f archive.tar.gz
+.PHONY: image
 
 push: image
 	az acr login --name ${ARO_HCP_IMAGE_ACR}
 	docker push ${ARO_HCP_FRONTEND_IMAGE}
 
 deploy:
-	FRONTEND_MI_CLIENT_ID=$(shell az identity show \
+	FRONTEND_MI_CLIENT_ID=$$(az identity show \
 			-g ${RESOURCEGROUP} \
 			-n frontend \
 			--query clientId);\
-	ISTO_VERSION=$(shell az aks show -n ${AKS_NAME} -g ${RESOURCEGROUP} --query serviceMeshProfile.istio.revisions[-1] -o tsv) && \
-	DB_URL=$(shell az cosmosdb show -n ${DB_NAME} -g ${RESOURCEGROUP} --query documentEndpoint -o tsv) && \
+	ISTO_VERSION=$$(az aks show -n ${AKS_NAME} -g ${RESOURCEGROUP} --query serviceMeshProfile.istio.revisions[-1] -o tsv) && \
+	DB_URL=$$(az cosmosdb show -n ${DB_NAME} -g ${RESOURCEGROUP} --query documentEndpoint -o tsv) && \
 	kubectl create namespace aro-hcp --dry-run=client -o json | kubectl apply -f - && \
 	kubectl label namespace aro-hcp "istio.io/rev=$${ISTO_VERSION}" --overwrite=true && \
 	helm upgrade --install aro-hcp-frontend-dev \
@@ -50,11 +49,11 @@ deploy:
 		--set configMap.location=${LOCATION}  \
 		--set deployment.imageName=${ARO_HCP_FRONTEND_IMAGE} \
 		--namespace aro-hcp
+.PHONY: deploy
 
 undeploy:
 	helm uninstall aro-hcp-frontend-dev --namespace aro-hcp
+.PHONY: undeploy
 
 smoke-tests:
 	go test -v -count 1 ./utils/frontend_smoke_test.go
-
-.PHONY: frontend clean image deploy undeploy
diff --git a/frontend/config.tmpl.mk b/frontend/config.tmpl.mk