diff --git a/cluster-service/.gitignore b/cluster-service/.gitignore index b714207f2e..4492bf9c65 100644 --- a/cluster-service/.gitignore +++ b/cluster-service/.gitignore @@ -1,5 +1,5 @@ deploy/tmp-provisioning-shard.yml deploy/provisioning-shards.yml -deploy/dev-provisioning-shards.yml +deploy/local-provisioning-shards.yml deploy/azure-runtime-config.yaml config.mk diff --git a/cluster-service/Makefile b/cluster-service/Makefile index ac2f3c6b54..e24845c796 100644 --- a/cluster-service/Makefile +++ b/cluster-service/Makefile @@ -41,7 +41,7 @@ deploy-local-db-secret: configure-tmp-provision-shard -p PROVISION_SHARDS_CONFIG="$$( base64 -i deploy/provisioning-shards.yml)" | oc apply -f - oc process --local -f deploy/openshift-templates/arohcp-db-template.yml | oc apply -f - -deploy-azure-db-secret: configure-tmp-provision-shard +deploy-azure-db-secret: provision-shard oc process --local -f deploy/openshift-templates/arohcp-secrets-template.yml \ -p DATABASE_USER=clusters-service \ -p DATABASE_NAME=clusters-service \ @@ -49,21 +49,25 @@ deploy-azure-db-secret: configure-tmp-provision-shard -p DATABASE_HOST=$(shell az postgres flexible-server show --resource-group ${RESOURCEGROUP} -n ${DATABASE_SERVER_NAME} --query fullyQualifiedDomainName -o tsv) \ -p PROVISION_SHARDS_CONFIG="$$( base64 -i deploy/provisioning-shards.yml)" | oc apply -f - -configure-tmp-provision-shard: - ZONE_RESOURCE_ID=$(shell az network dns zone show -n ${ZONE_NAME} -g ${REGIONAL_RESOURCEGROUP} --query id -o tsv) && \ - ../templatize.sh $(DEPLOY_ENV) deploy/provisioning-shards.tmpl.yml deploy/provisioning-shards.yml -e zoneResourceId=$${ZONE_RESOURCE_ID} - deploy-pr-env-deps: AZURE_CS_MI_CLIENT_ID=$(shell az identity show -g ${RESOURCEGROUP} -n clusters-service --query clientId -o tsv) && \ oc process --local -f deploy/integration/cluster-service-namespace.yaml \ -p CLIENT_ID=$${AZURE_CS_MI_CLIENT_ID} | oc apply -f - -# for local development provision-shard: - ZONE_RESOURCE_ID=$(shell az network dns zone show -n ${ZONE_NAME} -g ${REGIONAL_RESOURCEGROUP} --query id -o tsv) && \ - ../templatize.sh $(DEPLOY_ENV) deploy/provisioning-shards.tmpl.yml deploy/provisioning-shards.yml -e zoneResourceId=$${ZONE_RESOURCE_ID} + @ZONE_RESOURCE_ID=$(shell az network dns zone show -n ${ZONE_NAME} -g ${REGIONAL_RESOURCEGROUP} --query id -o tsv) && \ + CX_SECRETS_KV_URL=$(shell az keyvault show -n ${CX_SECRETS_KV_NAME} -g ${MGMT_RESOURCEGROUP} --query properties.vaultUri -o tsv) && \ + CX_MI_KV_URL=$(shell az keyvault show -n ${CX_MI_KV_NAME} -g ${MGMT_RESOURCEGROUP} --query properties.vaultUri -o tsv) && \ + ../templatize.sh $(DEPLOY_ENV) deploy/provisioning-shards.tmpl.yml deploy/provisioning-shards.yml -e zoneResourceId=$${ZONE_RESOURCE_ID},cxSecretsKeyVaultUrl=$${CX_SECRETS_KV_URL},cxMiKeyVaultUrl=$${CX_MI_KV_URL},maestroRestUrl=http://maestro.maestro.svc.cluster.local:8000,maestroGrpUrl=maestro-grpc.maestro.svc.cluster.local:8090 @cat deploy/provisioning-shards.yml +local-deploy-provision-shard: + @ZONE_RESOURCE_ID=$(shell az network dns zone show -n ${ZONE_NAME} -g ${REGIONAL_RESOURCEGROUP} --query id -o tsv) && \ + CX_SECRETS_KV_URL=$(shell az keyvault show -n ${CX_SECRETS_KV_NAME} -g ${MGMT_RESOURCEGROUP} --query properties.vaultUri -o tsv) && \ + CX_MI_KV_URL=$(shell az keyvault show -n ${CX_MI_KV_NAME} -g ${MGMT_RESOURCEGROUP} --query properties.vaultUri -o tsv) && \ + ../templatize.sh $(DEPLOY_ENV) deploy/provisioning-shards.tmpl.yml deploy/local-provisioning-shards.yml -e zoneResourceId=$${ZONE_RESOURCE_ID},cxSecretsKeyVaultUrl=$${CX_SECRETS_KV_URL},cxMiKeyVaultUrl=$${CX_MI_KV_URL},maestroRestUrl=http://localhost:8080,maestroGrpUrl=localhost:8090 + @cat deploy/local-provisioning-shards.yml + personal-runtime-config: @TENANT_ID=$(shell az account show --query tenantId --output tsv) && \ OIDC_BLOB_SERVICE_ENDPOINT=$(shell az storage account show -n ${OIDC_STORAGE_ACCOUNT} -g ${RESOURCEGROUP} --query primaryEndpoints.blob -o tsv) && \ diff --git a/cluster-service/config.tmpl.mk b/cluster-service/config.tmpl.mk index d1e8887167..8628c44aa0 100644 --- a/cluster-service/config.tmpl.mk +++ b/cluster-service/config.tmpl.mk @@ -19,3 +19,8 @@ DATABASE_SERVER_NAME ?= {{ .clusterServicePostgresName }} DB_SECRET_TARGET = {{ ternary "deploy-azure-db-secret" "deploy-local-db-secret" .clusterServicePostgresDeploy }} DEVOPS_MSI_ID ?= {{ .aroDevopsMsiId }} + +# MGMT CLUSTER KVs +MGMT_RESOURCEGROUP ?= {{ .managementClusterRG }} +CX_SECRETS_KV_NAME ?= {{ .cxKeyVaultName }} +CX_MI_KV_NAME ?= {{ .msiKeyVaultName }} diff --git a/cluster-service/deploy/dev-provisioning-shards.tmpl.yml b/cluster-service/deploy/dev-provisioning-shards.tmpl.yml deleted file mode 100644 index 0f99e08eb6..0000000000 --- a/cluster-service/deploy/dev-provisioning-shards.tmpl.yml +++ /dev/null @@ -1,18 +0,0 @@ -provision_shards: -- id: 1 - maestro_config: | - { - "rest_api_config": { - "url": "http://localhost:8001" - }, - "grpc_api_config": { - "url": "localhost:8090" - }, - "consumer_name": "{{ .maestroConsumerName }}" - } - status: active - azure_base_domain: {{ .extraVars.zoneResourceId }} - management_cluster_id: {{ .regionRG }} - region: {{ .regionRG }} - cloud_provider: azure - topology: dedicated diff --git a/cluster-service/deploy/provisioning-shards.tmpl.yml b/cluster-service/deploy/provisioning-shards.tmpl.yml index 95fd14e27f..60817aa889 100644 --- a/cluster-service/deploy/provisioning-shards.tmpl.yml +++ b/cluster-service/deploy/provisioning-shards.tmpl.yml @@ -3,16 +3,19 @@ provision_shards: maestro_config: | { "rest_api_config": { - "url": "http://maestro.maestro.svc.cluster.local:8000" + "url": "{{ .extraVars.maestroRestUrl }}" }, "grpc_api_config": { - "url": "maestro-grpc.maestro.svc.cluster.local:8090" + "url": "{{ .extraVars.maestroGrpUrl }}" }, "consumer_name": "{{ .maestroConsumerName }}" } status: active - azure_base_domain: "{{ .extraVars.zoneResourceId }}" management_cluster_id: local-cluster region: {{ .region }} cloud_provider: azure topology: dedicated + azure_shard: + public_dns_zone_resource_id: "{{ .extraVars.zoneResourceId }}" + cx_secrets_key_vault_url: "{{ .extraVars.cxSecretsKeyVaultUrl }}" + cx_managed_identities_key_vault_url: "{{ .extraVars.cxMiKeyVaultUrl }}"