From baab910d341607c9b4d5d29fa45d6ee3d5d753af Mon Sep 17 00:00:00 2001 From: Victor Kareh Date: Sun, 1 Dec 2024 14:50:03 -0500 Subject: [PATCH] cluster-service: Add CS development configuration This allows the local_CS command to fully configure the Cluster Service deployment without requiring manual editing of the development YAML file. --- dev-infrastructure/generate-cs-config.sh | 39 ++++++++++++++++++++++++ dev-infrastructure/local_CS.sh | 5 +-- 2 files changed, 42 insertions(+), 2 deletions(-) create mode 100755 dev-infrastructure/generate-cs-config.sh diff --git a/dev-infrastructure/generate-cs-config.sh b/dev-infrastructure/generate-cs-config.sh new file mode 100755 index 000000000..d61345397 --- /dev/null +++ b/dev-infrastructure/generate-cs-config.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +cd ../uhc-clusters-service/ + +echo "fetching first-party app configuration" +az keyvault secret show --vault-name "aro-hcp-dev-svc-kv" --name "firstPartyCert" --query "value" -o tsv | base64 -d > ./configs/azure/firstPartyCert.pem +FP_CLIENT_ID=$(az ad app list --display-name aro-dev-first-party --query '[*]'.appId -o tsv) +yq -i '(.azure-first-party-application-certificate-bundle-path) = "./configs/azure/firstPartyCert.pem"' development.yml +yq -i "(.azure-first-party-application-client-id) = \"$FP_CLIENT_ID\"" development.yml + +echo "fetching MSI mock configuration" +az keyvault secret show --vault-name "aro-hcp-dev-svc-kv" --name "msiMockCert" --query value -o tsv | base64 -d > ./configs/azure/msiMockCert.pem +MSI_CLIENT_ID=$(az ad sp list --display-name aro-dev-msi-mock --query "[*].appId" -o tsv) +MSI_PRINCIPAL_ID=$(az ad sp list --display-name aro-dev-msi-mock --query "[*].id" -o tsv) +yq -i '(.azure-mi-mock-service-principal-certificate-bundle-path) = "./configs/azure/msiMockCert.pem"' development.yml +yq -i "(.azure-mi-mock-service-principal-client-id) = \"$MSI_CLIENT_ID\"" development.yml +yq -i "(.azure-mi-mock-service-principal-principal-id) = \"$MSI_PRINCIPAL_ID\"" development.yml + +echo "fetching ARM helper configuration" +az keyvault secret show --vault-name "aro-hcp-dev-svc-kv" --name "armHelperCert" --query "value" -o tsv | base64 -d > ./configs/azure/armHelperCert.pem +ARM_CLIENT_ID=$(az ad app list --display-name aro-dev-arm-helper --query '[*]'.appId -o tsv) +ARM_PRINCIPAL_ID=$(az ad sp list --display-name aro-dev-first-party --query "[*].id" -o tsv) +yq -i '(.azure-arm-helper-identity-certificate-bundle-path) = "./configs/azure/armHelperCert.pem"' development.yml +yq -i "(.azure-arm-helper-identity-client-id) = \"$MSI_CLIENT_ID\"" development.yml +yq -i "(.azure-arm-helper-mock-fpa-principal-id) = \"$MSI_PRINCIPAL_ID\"" development.yml + +echo "fetching service principal credentials" +az keyvault secret show --vault-name "aro-hcp-dev-svc-kv" --name "aro-hcp-dev-sp-cs" | jq .value -r > ./configs/azure/azure-creds.json +yq -i '(.azure-auth-config-path) = "./configs/azure/azure-creds.json"' development.yml + +cd ../ARO-HCP/ + +echo "preparing Azure runtime configuration" +make -s -C ./cluster-service personal-runtime-config > ../uhc-clusters-service/configs/azure/personal-runtime-config.json +yq -i '(.azure-runtime-config-path) = "./configs/azure/personal-runtime-config.json"' ../uhc-clusters-service/development.yml + +echo "extracting managed identity configuration" +cat cluster-service/deploy/openshift-templates/arohcp-service-template.yml | yq eval '.objects[].data["azure-operators-managed-identities-config.yaml"]' | grep -v ^null > ../uhc-clusters-service/configs/azure-operators-managed-identities-config.yaml +yq -i '(.azure-operators-managed-identities-config-path) = "./configs/azure-operators-managed-identities-config.yaml"' ../uhc-clusters-service/development.yml diff --git a/dev-infrastructure/local_CS.sh b/dev-infrastructure/local_CS.sh index 5f0f722ed..400d1c9a6 100755 --- a/dev-infrastructure/local_CS.sh +++ b/dev-infrastructure/local_CS.sh @@ -12,12 +12,13 @@ az keyvault secret show --vault-name $VAULTNAME --name "aro-hcp-dev-sp-cs" | jq # Setup the development.yml cp ./configs/development.yml . +bash ../ARO-HCP/dev-infrastructure/generate-cs-config.sh # Update any required empty strings to 'none' yq -i '(.aws-access-key-id, .aws-secret-access-key, .route53-access-key-id, .route53-secret-access-key, .oidc-access-key-id, .oidc-secret-access-key, .network-verifier-access-key-id, .network-verifier-secret-access-key, .client-id, .client-secret) = "none"' development.yml # Generate a provision_shards.config for port-forwarded maestro ... -make -C ../ARO-HCP/cluster-service provision-shard > provision_shards.config +make -s -C ../ARO-HCP/cluster-service provision-shard > provision_shards.config # Enable the westus3 region in cloud region config @@ -28,7 +29,7 @@ cat <> ./configs/cloud-resources/cloud-regions.yaml supports_multi_az: true EOF -cat <> ./configs/cloud-resources/cloud-regions-constraints.yaml +cat <> ./configs/cloud-resource-constraints/cloud-region-constraints.yaml - id: westus3 enabled: true govcloud: false