cluster-service: Add CS development configuration

This allows the local_CS command to fully configure the Cluster Service deployment without requiring manual editing of the development YAML file.
Azure · Dec 10, 2024 · baab910 · baab910
1 parent 419ca9c
commit baab910
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 2 deletions.
diff --git a/dev-infrastructure/generate-cs-config.sh b/dev-infrastructure/generate-cs-config.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+cd ../uhc-clusters-service/
+
+echo "fetching first-party app configuration"
+az keyvault secret show --vault-name "aro-hcp-dev-svc-kv" --name "firstPartyCert" --query "value" -o tsv | base64 -d > ./configs/azure/firstPartyCert.pem
+FP_CLIENT_ID=$(az ad app list --display-name aro-dev-first-party --query '[*]'.appId -o tsv)
+yq -i '(.azure-first-party-application-certificate-bundle-path) = "./configs/azure/firstPartyCert.pem"' development.yml
+yq -i "(.azure-first-party-application-client-id) = \"$FP_CLIENT_ID\"" development.yml
+
+echo "fetching MSI mock configuration"
+az keyvault secret show --vault-name "aro-hcp-dev-svc-kv" --name "msiMockCert" --query value  -o tsv | base64 -d > ./configs/azure/msiMockCert.pem
+MSI_CLIENT_ID=$(az ad sp list --display-name aro-dev-msi-mock --query "[*].appId" -o tsv)
+MSI_PRINCIPAL_ID=$(az ad sp list --display-name aro-dev-msi-mock --query "[*].id" -o tsv)
+yq -i '(.azure-mi-mock-service-principal-certificate-bundle-path) = "./configs/azure/msiMockCert.pem"' development.yml
+yq -i "(.azure-mi-mock-service-principal-client-id) = \"$MSI_CLIENT_ID\"" development.yml
+yq -i "(.azure-mi-mock-service-principal-principal-id) = \"$MSI_PRINCIPAL_ID\"" development.yml
+
+echo "fetching ARM helper configuration"
+az keyvault secret show --vault-name "aro-hcp-dev-svc-kv" --name "armHelperCert" --query "value" -o tsv | base64 -d > ./configs/azure/armHelperCert.pem
+ARM_CLIENT_ID=$(az ad app list --display-name aro-dev-arm-helper --query '[*]'.appId -o tsv)
+ARM_PRINCIPAL_ID=$(az ad sp list --display-name aro-dev-first-party --query "[*].id" -o tsv)
+yq -i '(.azure-arm-helper-identity-certificate-bundle-path) = "./configs/azure/armHelperCert.pem"' development.yml
+yq -i "(.azure-arm-helper-identity-client-id) = \"$MSI_CLIENT_ID\"" development.yml
+yq -i "(.azure-arm-helper-mock-fpa-principal-id) = \"$MSI_PRINCIPAL_ID\"" development.yml
+
+echo "fetching service principal credentials"
+az keyvault secret show --vault-name "aro-hcp-dev-svc-kv" --name "aro-hcp-dev-sp-cs" | jq .value -r > ./configs/azure/azure-creds.json
+yq -i '(.azure-auth-config-path) = "./configs/azure/azure-creds.json"' development.yml
+
+cd ../ARO-HCP/
+
+echo "preparing Azure runtime configuration"
+make -s -C ./cluster-service personal-runtime-config > ../uhc-clusters-service/configs/azure/personal-runtime-config.json
+yq -i '(.azure-runtime-config-path) = "./configs/azure/personal-runtime-config.json"' ../uhc-clusters-service/development.yml
+
+echo "extracting managed identity configuration"
+cat cluster-service/deploy/openshift-templates/arohcp-service-template.yml | yq eval '.objects[].data["azure-operators-managed-identities-config.yaml"]' | grep -v ^null > ../uhc-clusters-service/configs/azure-operators-managed-identities-config.yaml
+yq -i '(.azure-operators-managed-identities-config-path) = "./configs/azure-operators-managed-identities-config.yaml"' ../uhc-clusters-service/development.yml
diff --git a/dev-infrastructure/local_CS.sh b/dev-infrastructure/local_CS.sh
@@ -12,12 +12,13 @@ az keyvault secret show --vault-name $VAULTNAME --name "aro-hcp-dev-sp-cs" | jq
 
 # Setup the development.yml
 cp ./configs/development.yml .
+bash ../ARO-HCP/dev-infrastructure/generate-cs-config.sh
 
 # Update any required empty strings to 'none'
 yq -i '(.aws-access-key-id, .aws-secret-access-key, .route53-access-key-id, .route53-secret-access-key, .oidc-access-key-id, .oidc-secret-access-key, .network-verifier-access-key-id, .network-verifier-secret-access-key, .client-id, .client-secret) = "none"' development.yml
 
 # Generate a provision_shards.config for port-forwarded maestro ...
-make -C ../ARO-HCP/cluster-service provision-shard > provision_shards.config
+make -s -C ../ARO-HCP/cluster-service provision-shard > provision_shards.config
 
 # Enable the westus3 region in cloud region config
 
@@ -28,7 +29,7 @@ cat <<EOF>> ./configs/cloud-resources/cloud-regions.yaml
     supports_multi_az: true
 EOF
 
-cat <<EOF>> ./configs/cloud-resources/cloud-regions-constraints.yaml
+cat <<EOF>> ./configs/cloud-resource-constraints/cloud-region-constraints.yaml
   - id: westus3
     enabled: true
     govcloud: false