parameterize cs runtime config

Signed-off-by: Gerd Oberlechner <goberlec@redhat.com>
Azure · Oct 31, 2024 · f428525 · f428525
1 parent 1bcb055
commit f428525
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 3 deletions.
diff --git a/cluster-service/Makefile b/cluster-service/Makefile
@@ -10,6 +10,8 @@ deploy: deploy-namespace-template deploy-istio-configurations-template ${DB_SECR
 	OIDC_BLOB_SERVICE_ENDPOINT=$(shell az storage account show -n ${OIDC_STORAGE_ACCOUNT} -g ${RESOURCEGROUP} --query primaryEndpoints.blob -o tsv) && \
 	OIDC_ISSUER_BASE_ENDPOINT=$(shell az storage account show -n ${OIDC_STORAGE_ACCOUNT} -g ${RESOURCEGROUP} --query primaryEndpoints.web -o tsv) && \
 	OIDC_CONTAINER="$$web" && \
+	OCP_ACR_URL=$(shell az acr show -n ${OCP_ACR_NAME} --query loginServer -o tsv) && \
+	OCP_ACR_RESOURCE_ID=$(shell az acr show -n ${OCP_ACR_NAME} --query id -o tsv) && \
 	oc process --local -f deploy/openshift-templates/arohcp-service-template.yml \
 	  -p AZURE_CS_MI_CLIENT_ID=$${AZURE_CS_MI_CLIENT_ID} \
 	  -p TENANT_ID=$${TENANT_ID} \
@@ -21,6 +23,8 @@ deploy: deploy-namespace-template deploy-istio-configurations-template ${DB_SECR
 	  -p AZURE_FIRST_PARTY_APPLICATION_CLIENT_ID=${AZURE_FIRST_PARTY_APPLICATION_CLIENT_ID} \
 	  -p FPA_CERT_NAME=${FPA_CERT_NAME} \
 	  -p IMAGE_TAG=${IMAGE_TAG} \
+	  -p OCP_ACR_RESOURCE_ID=${OCP_ACR_RESOURCE_ID} \
+	  -p OCP_ACR_URL=${OCP_ACR_URL} \
 	  -p DATABASE_DISABLE_TLS=${DATABASE_DISABLE_TLS} \
 	  -p DATABASE_AUTH_METHOD=${DATABASE_AUTH_METHOD} | oc apply -f -
 

diff --git a/cluster-service/config.tmpl.mk b/cluster-service/config.tmpl.mk
@@ -8,6 +8,7 @@ OIDC_STORAGE_ACCOUNT ?= {{ .oidcStorageAccountName }}
 IMAGE_REPO ?= {{ .clusterServiceImageRepo }}
 IMAGE_TAG ?= {{ .clusterServiceImageTag }}
 ACR_NAME ?= {{ .svcAcrName }}
+OCP_ACR_NAME ?= {{ .ocpAcrName }}
 AZURE_FIRST_PARTY_APPLICATION_CLIENT_ID ?= {{ .firstPartyAppClientId }}
 FPA_CERT_NAME ?= firstPartyCert
 ZONE_NAME ?= {{ .regionalDNSSubdomain }}.{{ .baseDnsZoneName }}

diff --git a/cluster-service/deploy/openshift-templates/arohcp-service-template.yml b/cluster-service/deploy/openshift-templates/arohcp-service-template.yml
@@ -130,6 +130,14 @@ parameters:
   description: Date identification of each batch process expected to be run. Comma separated sequence.
   value: ""
 
+- name: OCP_ACR_URL
+  description: The URL of the Azure Container Registry where the OpenShift images are stored.
+  required: true
+
+- name: OCP_ACR_RESOURCE_ID
+  description: The resource ID of the Azure Container Registry where the OpenShift images are stored.
+  required: true
+
 
 # These limits are based on the metrics collected in the production environment
 # over the last year. In particular the following Prometheus queries were used
@@ -352,10 +360,10 @@ objects:
     config.json: |
       {
         "cloudEnvironment": "AzurePublicCloud",
-        "tenantId": "64dc69e4-d083-49fc-9569-ebece1dd1408",
+        "tenantId": "${TENANT_ID}",
         "ocpImagesAcr": {
-          "resourceId": "/subscriptions/1d3378d3-5a3f-4712-85a1-2485495dfc4b/resourceGroups/global/providers/Microsoft.ContainerRegistry/registries/arohcpdev",
-          "url": "arohcpdev.azurecr.io",
+          "resourceId": "${OCP_ACR_RESOURCE_ID}",
+          "url": "${OCP_ACR_URL}",
           "scopeMapName": "_repositories_pull"
         }
       }