ev2 gaps

Signed-off-by: Gerd Oberlechner <[email protected]>
Azure · Nov 13, 2024 · b893faf · b893faf
1 parent 17708c8
commit b893faf
Show file tree

Hide file tree

Showing 46 changed files with 1,946 additions and 489 deletions.
diff --git a/cluster-service/config.tmpl.mk b/cluster-service/config.tmpl.mk
@@ -13,9 +13,16 @@ AZURE_FIRST_PARTY_APPLICATION_CLIENT_ID ?= {{ .firstPartyAppClientId }}
 FPA_CERT_NAME ?= firstPartyCert
 ZONE_NAME ?= {{ .regionalDNSSubdomain }}.{{ .baseDnsZoneName }}
 
-DATABASE_DISABLE_TLS ?= {{ not .clusterServicePostgresDeploy }}
-DATABASE_AUTH_METHOD ?= {{ ternary "az-entra" "postgres" .clusterServicePostgresDeploy }}
 DATABASE_SERVER_NAME ?= {{ .clusterServicePostgresName }}
-DB_SECRET_TARGET = {{ ternary "deploy-azure-db-secret" "deploy-local-db-secret" .clusterServicePostgresDeploy }}
+USE_AZURE_DB ?= {{ .clusterServicePostgresDeploy }}
+ifeq ($(USE_AZURE_DB), true)
+DB_SECRET_TARGET = deploy-azure-db-secret
+DATABASE_AUTH_METHOD = az-entra
+DATABASE_DISABLE_TLS = false
+else
+DB_SECRET_TARGET = deploy-local-db-secret
+DATABASE_AUTH_METHOD = postgres
+DATABASE_DISABLE_TLS = true
+endif
 
 DEVOPS_MSI_ID ?= {{ .aroDevopsMsiId }}
diff --git a/config/GENERATE_ALL_THE_THINGS.MD b/config/GENERATE_ALL_THE_THINGS.MD
@@ -0,0 +1,28 @@
+The original config file
+
+```yaml
+defaults:
+  file: filename
+```
+
+Jennys tool generates a flavor his modified config
+
+* this flavor generation procedure defines the mapping
+* this tool has a transformation logic that replaces the value of a field `field` into a value `derived(field)`
+
+```yaml
+defaults:
+  file: ${FILE}
+```
+
+config.tmpl.mk
+
+```Makefile
+MY_FILE ?= {{ .file }}
+```
+
+./templatize --config-file modified-config.yaml config.tmpl.mk config.mk
+
+```Makefile
+MY_FILE ?= ${FILE}
+```
diff --git a/config/config.common.yaml b/config/config.common.yaml
@@ -0,0 +1,53 @@
+defaults:
+  region: {{ .ctx.region }}
+  # Resourcegroups
+  globalRG: global
+  regionRG: hcp-underlay-{{ .ctx.regionShort }}
+
+  # ACR
+  serviceComponentAcrResourceGroups: global # we need to replace this with the resource ID to the SVC ACR
+
+  # DNS
+  baseDnsZoneRG: 'global' # we need to replace this with the resource ID of the base DNS zone
+
+clouds:
+  public:
+    # this configuration serves as a template for for all RH DEV subscription deployments
+    defaults:
+      # DNS
+      baseDnsZoneName: 'hcp.osadev.cloud'
+
+      # Maestro
+      maestroImageBase: quay.io/redhat-user-workloads/maestro-rhtap-tenant/maestro/maestro
+      maestroImageTag: ea066c250a002f0cc458711945165591bc9f6d3f
+
+      # Shared ACRs
+      acrName: arohcpdev
+      svcAcrName: arohcpsvcdev
+      ocpAcrName: arohcpocpdev
+
+      # Metrics
+      monitoringWorkspaceName: 'aro-hcp-monitor-{{ .ctx.regionShort }}'
+      grafanaName: 'aro-hcp-grafana-{{ .ctx.regionShort }}'
+      monitoringMsiName: 'aro-hcp-metrics-msi-{{ .ctx.regionShort }}'
+      grafanaAdminGroupPrincipalId: 6b6d3adf-8476-4727-9812-20ffdef2b85c
+
+      # DEVOPS MSI
+      aroDevopsMsiId: '/subscriptions/1d3378d3-5a3f-4712-85a1-2485495dfc4b/resourceGroups/global/providers/Microsoft.ManagedIdentity/userAssignedIdentities/aro-hcp-devops'
+
+    environments:
+      dev:
+        # this is the integrated DEV environment
+        defaults:
+          # DNS
+          regionalDNSSubdomain: '{{ .ctx.region }}'
+      cs-pr:
+        # this is the cluster service PR check and full cycle test environment
+        defaults:
+          # DNS
+          regionalDNSSubdomain: '{{ .ctx.region }}-cs'
+      personal-dev:
+        # this is the personal DEV environment
+        defaults:
+          # DNS
+          regionalDNSSubdomain: '{{ .ctx.regionShort }}'
diff --git a/config/config.cx.yaml b/config/config.cx.yaml
@@ -0,0 +1,67 @@
+defaults:
+  # Resourcegroups
+  managementClusterRG: hcp-underlay-{{ .ctx.regionShort }}-mgmt-{{ .ctx.stamp }}
+
+  # MGMT Cluster AKS
+  kubernetesVersion: 1.30.5
+  vnetAddressPrefix: "10.128.0.0/14"
+  subnetPrefix: "10.128.8.0/21"
+  podSubnetPrefix: "10.128.64.0/18"
+  aksName: aro-hcp-aks
+  mgmtEtcdKVName: aro-hcp-etcd-mgmt-{{ .ctx.regionShort }}-{{ .ctx.stamp }}
+  mgmtEtcdKVSoftDelete: true
+
+  # Maestro
+  maestroConsumerName: hcp-underlay-{{ .ctx.regionShort }}-mgmt-{{ .ctx.stamp }}
+
+  # Management Cluster KV
+  cxKeyVaultName: aro-hcp-cx-{{ .ctx.regionShort }}
+  cxKeyVaultSoftDelete: true
+  cxKeyVaultPrivate: false
+  msiKeyVaultName: aro-hcp-msi-{{ .ctx.regionShort }}
+  msiKeyVaultSoftDelete: true
+  msiKeyVaultPrivate: false
+  mgmtKeyVaultName: aro-hcp-mgmt-{{ .ctx.regionShort }}
+  mgmtKeyVaultSoftDelete: true
+  mgmtKeyVaultPrivate: false
+
+clouds:
+  public:
+    # this configuration serves as a template for for all RH DEV subscription deployments
+    defaults:
+      # AKS nodepools - big enough for 2 HCPs
+      mgmtSystemAgentPoolMinCount: 1
+      mgmtSystemAgentPoolMaxCount: 4
+      mgmtSystemAgentPoolVmSize: 'Standard_D2s_v3'
+      mgmtSystemAgentPoolOsDiskSizeGB: 32
+      mgmtUserAgentPoolMinCount: 1
+      mgmtUserAgentPoolMaxCount: 6
+      mgmtUserAgentPoolVmSize: 'Standard_D4s_v3'
+      mgmtUserAgentPoolOsDiskSizeGB: 100
+      mgmtUserAgentPoolAzCount: 3
+
+      # Hypershift Operator
+      hypershiftOperatorImageTag: 99a256f
+      externalDNSImageTag: v0.14.2
+
+      # Management Cluster KVs
+      mgmtEtcdKVSoftDelete: false
+      cxKeyVaultSoftDelete: false
+      msiKeyVaultSoftDelete: false
+      mgmtKeyVaultSoftDelete: false
+
+    environments:
+      dev:
+        # this is the integrated DEV environment
+        defaults:
+          # AKS nodepools - big enough for multiple HCPs
+          mgmtUserAgentPoolMinCount: 2
+          mgmtUserAgentPoolMaxCount: 12
+          # DNS
+          regionalDNSSubdomain: '{{ .ctx.region }}'
+      cs-pr:
+        # this is the cluster service PR check and full cycle test environment
+        defaults:
+          # AKS nodepools - big enough for multiple HCPs
+          mgmtUserAgentPoolMinCount: 2
+          mgmtUserAgentPoolMaxCount: 12
diff --git a/config/config.global.yaml b/config/config.global.yaml
@@ -0,0 +1,9 @@
+defaults:
+  # Image Sync
+  imageSyncAcrRG: global
+  imageSyncEnvironmentName: aro-hcp-image-sync
+  imageSyncRepositories: registry.k8s.io/external-dns/external-dns,quay.io/acm-d/rhtap-hypershift-operator,quay.io/app-sre/uhc-clusters-service,quay.io/package-operator/package-operator-package
+  imageSyncImageRepo: image-sync/component-sync
+  imageSyncImageTag: latest
+  ocMirrorImageRepo: image-sync/oc-mirror
+  ocMirrorImageTag: 7abc8af
diff --git a/config/config.region.yaml b/config/config.region.yaml
@@ -0,0 +1,86 @@
+defaults:
+  # Resourcegroups
+  imageSyncRG: hcp-underlay-{{ .ctx.regionShort }}-imagesync
+  serviceClusterRG: hcp-underlay-{{ .ctx.regionShort }}-svc-{{ .ctx.stamp }}
+
+  # SVC AKS
+  kubernetesVersion: 1.30.5
+  istioVersion: "['asm-1-22']"
+  vnetAddressPrefix: "10.128.0.0/14"
+  subnetPrefix: "10.128.8.0/21"
+  podSubnetPrefix: "10.128.64.0/18"
+  aksName: aro-hcp-aks-{{ .ctx.stamp }}
+  svcEtcdKVName: aro-hcp-etcd-svc-{{ .ctx.regionShort }}-{{ .ctx.stamp }}
+  svcEtcdKVSoftDelete: true
+
+  # Frontend
+  frontendCosmosDBDeploy: true
+  frontendCosmosDBDisableLocalAuth: true
+  frontendCosmosDBName: aro-hcp-rp-{{ .ctx.regionShort }}
+
+  # Maestro
+  maestroEventgridName: maestro-{{ .ctx.regionShort }}
+  maestroEventGridMaxClientSessionsPerAuthName: '4'
+  maestroCertDomain: 'selfsigned.maestro.keyvault.azure.com'
+  maestroPostgresName: maestro-{{ .ctx.regionShort }}
+  maestroPostgresServerVersion: '15'
+  maestroPostgresServerStorageSizeGB: '32'
+  maestroPostgresDeploy: true
+  maestroPostgresPrivate: false
+  maestroRestrictIstioIngress: true
+
+  # Cluster Service
+  clusterServicePostgresName: cs-{{ .ctx.regionShort }}
+  clusterServicePostgresDeploy: true
+  clusterServicePostgresPrivate: false
+  clusterServiceAcrRG: global # we need to replace this with a resource ID to OCP ACR
+
+  # Service KeyVault
+  serviceKeyVaultName: aro-hcp-svc-{{ .ctx.regionShort }}
+  serviceKeyVaultRG: hcp-underlay-{{ .ctx.regionShort }}
+  serviceKeyVaultRegion: {{ .ctx.region }}
+  serviceKeyVaultSoftDelete: true
+  serviceKeyVaultPrivate: true
+
+  # OIDC
+  oidcStorageAccountName: arohcpoidc{{ .ctx.regionShort }}
+
+clouds:
+  public:
+    # this configuration serves as a template for for all RH DEV subscription deployments
+    defaults:
+      # 1P app
+      firstPartyAppClientId: 57e54810-3138-4f38-bd3b-29cb33f4c358
+
+      # Maestro
+      maestroPostgresDeploy: false
+
+      # Cluster Service
+      clusterServiceImageTag: a23276d
+      clusterServiceImageRepo: app-sre/uhc-clusters-service
+
+      # Shared SVC KV
+      #serviceKeyVaultName: 'aro-hcp-dev-svc-kv'
+      serviceKeyVaultName: 'aro-hcp-svc-{{ .ctx.regionShort }}'
+      serviceKeyVaultRG: 'global'
+      serviceKeyVaultRegion: 'westus3'
+      serviceKeyVaultPrivate: false
+
+      # disable soft delete on etcd KVs in DEV
+      svcEtcdKVSoftDelete: false
+
+      # Shared Image Sync
+      imageSyncRG: hcp-underlay-westus3-imagesync-dev
+
+    environments:
+      cs-pr:
+        # this is the cluster service PR check and full cycle test environment
+        defaults:
+          # Maestro
+          # because there are many CS instances running on the cluster
+          maestroRestrictIstioIngress: false
+      personal-dev:
+        # this is the personal DEV environment
+        defaults:
+          # Cluster Service
+          clusterServicePostgresDeploy: false
diff --git a/config/config.yaml b/config/config.yaml
@@ -1,11 +1,14 @@
 defaults:
   region: {{ .ctx.region }}
+  # Subscriptions
+  serviceClusterSubscription: hcp-{{ .ctx.region }}
+  managementClusterSubscription: hcp-{{ .ctx.region }}
   # Resourcegroups
   globalRG: global
-  regionRG: hcp-underlay-{{ .ctx.region }}-{{ .ctx.regionStamp }}
-  serviceClusterRG: hcp-underlay-{{ .ctx.region }}-{{ .ctx.regionStamp }}-svc
-  managementClusterRG: hcp-underlay-{{ .ctx.region }}-{{ .ctx.regionStamp }}-mgmt-{{ .ctx.cxStamp }}
-  imageSyncRG: hcp-underlay-{{ .ctx.region }}-{{ .ctx.regionStamp }}-imagesync
+  regionRG: hcp-underlay-{{ .ctx.regionShort }}
+  serviceClusterRG: hcp-underlay-{{ .ctx.regionShort }}-svc
+  managementClusterRG: hcp-underlay-{{ .ctx.regionShort }}-mgmt-{{ .ctx.stamp }}
+  imageSyncRG: hcp-underlay-{{ .ctx.regionShort }}-imagesync
 
   # General AKS config
   kubernetesVersion: 1.30.5
@@ -19,33 +22,33 @@ defaults:
   serviceComponentAcrResourceGroups: global
 
   # SVC cluster specifics
-  svcEtcdKVName: {{ azureKeyVaultName "aro-hcp-etcd" 5 .ctx.region .ctx.regionStamp }}
+  svcEtcdKVName: arohcp-etcd-{{ .ctx.regionShort }}
   svcEtcdKVSoftDelete: true
 
   # MGMT cluster specifics
-  mgmtEtcdKVName: {{ azureKeyVaultName "aro-hcp-etcd" 5 .ctx.region .ctx.regionStamp .ctx.cxStamp }}
+  mgmtEtcdKVName: arohcp-etcd-{{ .ctx.regionShort }}-{{ .ctx.stamp }}
   mgmtEtcdKVSoftDelete: true
 
   # Frontend
   frontendCosmosDBDeploy: true
   frontendCosmosDBDisableLocalAuth: true
-  frontendCosmosDBName: {{ azureCosmosDBName "aro-hcp-rp" 5 .ctx.region .ctx.regionStamp }}
+  frontendCosmosDBName: arohcp-rp-{{ .ctx.regionShort }}
 
   # Maestro
-  maestroKeyVaultName: {{ azureKeyVaultName "maestro" 5 .ctx.region .ctx.regionStamp }}
-  maestroEventgridName: {{ azureEventGridName "maestro" 5 .ctx.region .ctx.regionStamp }}
+  maestroKeyVaultName: arohcp-maestro-{{ .ctx.regionShort }}
+  maestroEventgridName: arohcp-maestro-{{ .ctx.regionShort }}
   maestroEventGridMaxClientSessionsPerAuthName: '4'
   maestroCertDomain: 'selfsigned.maestro.keyvault.azure.com'
-  maestroPostgresName: {{ azurePostgresName "maestro" 5 .ctx.region .ctx.regionStamp }}
+  maestroPostgresName: arohcp-maestro-{{ .ctx.regionShort }}
   maestroPostgresServerVersion: '15'
   maestroPostgresServerStorageSizeGB: '32'
   maestroPostgresDeploy: true
   maestroPostgresPrivate: false
   maestroRestrictIstioIngress: true
-  maestroConsumerName: hcp-underlay-{{ .ctx.region }}-{{ .ctx.regionStamp }}-mgmt-{{ .ctx.cxStamp }}
+  maestroConsumerName: hcp-underlay-{{ .ctx.regionShort }}-mgmt-{{ .ctx.stamp }}
 
   # Cluster Service
-  clusterServicePostgresName: {{ azurePostgresName "cs" 5 .ctx.region .ctx.regionStamp }}
+  clusterServicePostgresName: arohcp-cs-{{ .ctx.regionShort }}
   clusterServicePostgresDeploy: true
   clusterServicePostgresPrivate: false
   clusterServiceAcrRG: global
@@ -60,20 +63,20 @@ defaults:
   ocMirrorImageTag: 7abc8af
 
   # Service KeyVault
-  serviceKeyVaultName: {{ azureKeyVaultName "aro-hcp-svc" 5 .ctx.region .ctx.regionStamp }}
-  serviceKeyVaultRG: hcp-underlay-{{ .ctx.region }}-svc-{{ .ctx.regionStamp }}
+  serviceKeyVaultName: arohcp-svc-{{ .ctx.regionShort }}
+  serviceKeyVaultRG: hcp-underlay-{{ .ctx.regionShort }}
   serviceKeyVaultRegion: {{ .ctx.region }}
   serviceKeyVaultSoftDelete: true
   serviceKeyVaultPrivate: true
 
   # Management Cluster KV
-  cxKeyVaultName: {{ azureKeyVaultName "aro-hcp-cx" 5 .ctx.region .ctx.regionStamp .ctx.cxStamp }}
+  cxKeyVaultName: arohcp-cx-{{ .ctx.regionShort }}-{{ .ctx.stamp }}
   cxKeyVaultSoftDelete: true
   cxKeyVaultPrivate: true
-  msiKeyVaultName: {{ azureKeyVaultName "aro-hcp-msi" 5 .ctx.region .ctx.regionStamp .ctx.cxStamp }}
+  msiKeyVaultName: arohcp-msi-{{ .ctx.regionShort }}-{{ .ctx.stamp }}
   msiKeyVaultSoftDelete: true
   msiKeyVaultPrivate: true
-  mgmtKeyVaultName: {{ azureKeyVaultName "aro-hcp-mgmt" 5 .ctx.region .ctx.regionStamp .ctx.cxStamp }}
+  mgmtKeyVaultName: arohcp-mgmt-{{ .ctx.regionShort }}-{{ .ctx.stamp }}
   mgmtKeyVaultSoftDelete: true
   mgmtKeyVaultPrivate: true
 
@@ -84,6 +87,9 @@ clouds:
     # this configuration serves as a template for for all RH DEV subscription deployments
     # the following vars need approprivate overrides:
     defaults:
+      # Subscription
+      serviceClusterSubscription: ARO Hosted Control Planes (EA Subscription 1)
+      managementClusterSubscription: ARO Hosted Control Planes (EA Subscription 1)
       # DNS
       baseDnsZoneName: 'hcp.osadev.cloud'
       # MGMTM AKS nodepools - big enough for 2 HCPs
@@ -130,11 +136,11 @@ clouds:
       # Shared Image Sync
       imageSyncRG: hcp-underlay-westus3-imagesync-dev
       # OIDC
-      oidcStorageAccountName: {{ azureStorageAccountName "arohcpoidc" 5 .ctx.region .ctx.regionStamp }}
+      oidcStorageAccountName: arohcpoidc{{ .ctx.regionShort }}
       # Metrics
-      monitoringWorkspaceName: 'aro-hcp-monitor-{{ uniqueString 5 .ctx.region .ctx.regionStamp}}'
-      grafanaName: 'aro-hcp-grafana-{{ uniqueString 5 .ctx.region .ctx.regionStamp}}'
-      monitoringMsiName: 'aro-hcp-metrics-msi-{{ uniqueString 5 .ctx.region .ctx.regionStamp }}'
+      monitoringWorkspaceName: 'arohcp-{{ .ctx.regionShort }}'
+      grafanaName: 'arohcp-{{ .ctx.regionShort }}'
+      monitoringMsiName: 'aro-hcp-metrics-msi-{{ .ctx.regionShort }}'
       grafanaAdminGroupPrincipalId: 6b6d3adf-8476-4727-9812-20ffdef2b85c
       # DEVOPS MSI
       aroDevopsMsiId: '/subscriptions/1d3378d3-5a3f-4712-85a1-2485495dfc4b/resourceGroups/global/providers/Microsoft.ManagedIdentity/userAssignedIdentities/aro-hcp-devops'
@@ -147,6 +153,9 @@ clouds:
           mgmtUserAgentPoolMaxCount: 12
           # DNS
           regionalDNSSubdomain: '{{ .ctx.region }}'
+        regions:
+          westus2:
+            mgmtUserAgentPoolMinCount: 5
       cs-pr:
         # this is the cluster service PR check and full cycle test environment
         defaults:
@@ -163,4 +172,4 @@ clouds:
           # Cluster Service
           clusterServicePostgresDeploy: false
           # DNS
-          regionalDNSSubdomain: '{{ .ctx.region }}-{{ uniqueString 5 .ctx.region .ctx.regionStamp }}'
+          regionalDNSSubdomain: '{{ .ctx.regionShort }}'