ARO-RP/README.md

# github.com/jim-minter/rp

## Install

1. Install the following:

   * go 1.12 or later
   * az client

1. Log in to Azure:

   ```
   az login
   ```

1. You will need a publicly resolvable DNS zone resource in Azure.  For RH ARO
   engineering, this is the `osadev.cloud` zone in the `dns` resource group.

1. You will need an AAD application with:

   * client certificate and (for now) client secret authentication enabled
   * (for now) User Access Administrator role granted on the subscription
   * (for now) `Azure Active Directory Graph / Application.ReadWrite.OwnedBy`
     privileges granted

   For RH ARO engineering, this is the `aro-team-shared` AAD application. You
   will need the client ID, client secret, and a key/certificate file
   (`aro-team-shared.pem`) that can be loaded into your key vault.  Ask if you
   do not have these.

   For non-RH ARO engineering, a suitable key/certificate file can be generated
   using the following helper utility:

   ```
   # Non-RH ARO engineering only
   go run ./hack/genkey -extKeyUsage client "$AZURE_CLIENT_ID"
   ```

1. Copy env.example to env, edit the values and source the env file.  This file
   holds (only) the environment variables necessary for the RP to run.

   * AZURE_TENANT_ID:       Azure tenant UUID
   * AZURE_SUBSCRIPTION_ID: Azure subscription UUID
   * AZURE_CLIENT_ID:       Azure AD application client UUID
   * AZURE_CLIENT_SECRET:   Azure AD application client secret

   * LOCATION:              Azure location where RP and cluster(s) will run (default: `eastus`)
   * RESOURCEGROUP:         Name of a new resource group which will contain the RP resources

   * PULL_SECRET:           A cluster pull secret retrieved from [Red Hat OpenShift Cluster Manager](https://cloud.redhat.com/openshift/install/azure/installer-provisioned)

   * RP_MODE:               Set to `development` when not in production.
   ```
   cp env.example env
   vi env
   . ./env
   ```

1. Choose the RP deployment parameters:

   * COSMOSDB_ACCOUNT: Name of a new CosmosDB account
   * DOMAIN:           DNS subdomain shared by all clusters (RH: $something.osadev.cloud)
   * KEYVAULT_NAME:    Name of a new key vault
   * ADMIN_OBJECT_ID:  AAD object ID for key vault admin(s) (RH: `az ad group list --query "[?displayName=='Engineering'].objectId" -o tsv`)
   * RP_OBJECT_ID:     AAD object ID for AAD application    (RH: `az ad app list --all --query "[?appId=='$AZURE_CLIENT_ID'].objectId" -o tsv`)

1. Create the resource group and deploy the RP resources:

   ```
   COSMOSDB_ACCOUNT=mycosmosdb
   DOMAIN=mydomain.osadev.cloud
   KEYVAULT_NAME=mykeyvault
   ADMIN_OBJECT_ID=$(az ad group list --query "[?displayName=='Engineering'].objectId" -o tsv)
   RP_OBJECT_ID=$(az ad sp list --all --query "[?appId=='$AZURE_CLIENT_ID'].objectId" -o tsv)

   az group create -g "$RESOURCEGROUP" -l "$LOCATION"

   az group deployment create -g "$RESOURCEGROUP" --mode complete --template-file deploy/rp.json --parameters "location=$LOCATION" "databaseAccountName=$COSMOSDB_ACCOUNT" "domainName=$DOMAIN" "keyvaultName=$KEYVAULT_NAME" "adminObjectId=$ADMIN_OBJECT_ID" "rpObjectId=$RP_OBJECT_ID"
   ```

1. Load the application key/certificate into the key vault:

   ```
   AZURE_KEY_FILE=aro-team-shared.pem

   az keyvault certificate import --vault-name "$KEYVAULT_NAME" --name azure --file "$AZURE_KEY_FILE"
   ```

1. Generate a self-signed serving key/certificate and load it into the key vault:

   ```
   TLS_KEY_FILE=localhost.pem
   go run ./hack/genkey localhost
   az keyvault certificate import --vault-name "$KEYVAULT_NAME" --name tls --file "$TLS_KEY_FILE"
   ```

1. Create a glue record in the parent DNS zone:

   ```
   PARENT_DNS_RESOURCEGROUP=dns

   az network dns record-set ns create --resource-group "$PARENT_DNS_RESOURCEGROUP" --zone "$(cut -d. -f2- <<<"$DOMAIN")" --name "$(cut -d. -f1 <<<"$DOMAIN")"

   for ns in $(az network dns zone show --resource-group "$RESOURCEGROUP" --name "$DOMAIN" --query nameServers -o tsv); do az network dns record-set ns add-record --resource-group "$PARENT_DNS_RESOURCEGROUP" --zone "$(cut -d. -f2- <<<"$DOMAIN")" --record-set-name "$(cut -d. -f1 <<<"$DOMAIN")" --nsdname $ns; done
   ```

## Running the RP

```
go run ./cmd/rp
```

## Useful commands

```
export CLUSTER=cluster
```

* Register a subscription:

curl -k -X PUT "https://localhost:8443/subscriptions/$AZURE_SUBSCRIPTION_ID?api-version=2.0" -H 'Content-Type: application/json' -d '{"state": "Registered"}'

* Create a cluster:

```
az group create -g "$CLUSTER-vnet" -l "$LOCATION"
az network vnet create -g "$CLUSTER-vnet" -n "$CLUSTER-vnet" --address-prefixes 10.0.0.0/16
az network vnet subnet create -g "$CLUSTER-vnet" --vnet-name "$CLUSTER-vnet" -n master --address-prefixes 10.0.0.0/24
az network vnet subnet create -g "$CLUSTER-vnet" --vnet-name "$CLUSTER-vnet" -n worker --address-prefixes 10.0.1.0/24

envsubst <examples/cluster-v20191231.json | curl -k -X PUT "https://localhost:8443/subscriptions/$AZURE_SUBSCRIPTION_ID/resourceGroups/$CLUSTER/providers/Microsoft.RedHatOpenShift/openShiftClusters/$CLUSTER?api-version=2019-12-31-preview" -H 'Content-Type: application/json' -d @-
```

* Get a cluster:

```
curl -k "https://localhost:8443/subscriptions/$AZURE_SUBSCRIPTION_ID/resourceGroups/$CLUSTER/providers/Microsoft.RedHatOpenShift/openShiftClusters/$CLUSTER?api-version=2019-12-31-preview"
```

* Get a cluster's kubeadmin credentials:

```
curl -k -X POST "https://localhost:8443/subscriptions/$AZURE_SUBSCRIPTION_ID/resourceGroups/$CLUSTER/providers/Microsoft.RedHatOpenShift/openShiftClusters/$CLUSTER/credentials?api-version=2019-12-31-preview" -H 'Content-Type: application/json' -d '{}'
```

* List clusters in resource group:

```
curl -k "https://localhost:8443/subscriptions/$AZURE_SUBSCRIPTION_ID/resourceGroups/$CLUSTER/providers/Microsoft.RedHatOpenShift/openShiftClusters?api-version=2019-12-31-preview"
```

* List clusters in subscription:

```
curl -k "https://localhost:8443/subscriptions/$AZURE_SUBSCRIPTION_ID/providers/Microsoft.RedHatOpenShift/openShiftClusters?api-version=2019-12-31-preview"
```

* Scale a cluster:

```
COUNT=3

curl -k -X PATCH "https://localhost:8443/subscriptions/$AZURE_SUBSCRIPTION_ID/resourceGroups/$CLUSTER/providers/Microsoft.RedHatOpenShift/openShiftClusters/$CLUSTER?api-version=2019-12-31-preview" -H 'Content-Type: application/json' -d '{"properties": {"workerProfiles": [{"name": "worker", "count": '"$COUNT"'}]}}'
```

* Delete a cluster:

```
curl -k -X DELETE "https://localhost:8443/subscriptions/$AZURE_SUBSCRIPTION_ID/resourceGroups/$CLUSTER/providers/Microsoft.RedHatOpenShift/openShiftClusters/$CLUSTER?api-version=2019-12-31-preview"

az group delete -g "$CLUSTER-vnet"
```

* List operations:

```
curl -k "https://localhost:8443/providers/Microsoft.RedHatOpenShift/operations?api-version=2019-12-31-preview"
```

## Basic architecture

* pkg/frontend is intended to become a spec-compliant RP web server.  It is
  backed by CosmosDB.  Incoming PUT/DELETE requests are written to the database
  with an non-terminal (Updating/Deleting) provisioningState.

* pkg/backend reads documents with non-terminal provisioningStates,
  asynchronously updates them and finally updates document with a terminal
  provisioningState (Succeeded/Failed).  The backend updates the document with a
  heartbeat - if this fails, the document will be picked up by a different
  worker.

* As CosmosDB does not support document patch, care is taken to correctly pass
  through any fields in the internal model which the reader is unaware of (see
  `github.com/ugorji/go/codec.MissingFielder`).  This is intended to help in
  upgrade cases and (in the future) with multiple microservices reading from the
  database in parallel.

* Care is taken to correctly use optimistic concurrency to avoid document
  corruption through concurrent writes (see `RetryOnPreconditionFailed`).

* The pkg/api architecture differs somewhat from
  `github.com/openshift/openshift-azure`: the intention is to fix the broken
  merge semantics and try pushing validation into the versioned APIs to improve
  error reporting.

* Everything is intended to be crash/restart/upgrade-safe, horizontally
  scaleable, upgradeable...

## Debugging

* Get an admin kubeconfig:

  ```
  hack/get-admin-kubeconfig.sh /subscriptions/$AZURE_SUBSCRIPTION_ID/resourceGroups/$CLUSTER/providers/Microsoft.RedHatOpenShift/openShiftClusters/$CLUSTER
  export KUBECONFIG=admin.kubeconfig
  oc version
  ```

* SSH to the bootstrap node:

  ```
  hack/ssh-bootstrap.sh /subscriptions/$AZURE_SUBSCRIPTION_ID/resourceGroups/$CLUSTER/providers/Microsoft.RedHatOpenShift/openShiftClusters/$CLUSTER
  ```

## Useful links

* https://github.com/Azure/azure-resource-manager-rpc

* https://github.com/microsoft/api-guidelines

* https://docs.microsoft.com/en-gb/rest/api/cosmos-db

* https://github.com/jim-minter/go-cosmosdb
add initial keyvault support 2019-11-18 09:00:37 +03:00			`# github.com/jim-minter/rp`
Initial commit 2019-10-16 06:29:17 +03:00
add initial keyvault support 2019-11-18 09:00:37 +03:00			`## Install`
Initial commit 2019-10-16 06:29:17 +03:00
add initial keyvault support 2019-11-18 09:00:37 +03:00			`1. Install the following:`
Initial commit 2019-10-16 06:29:17 +03:00
add initial keyvault support 2019-11-18 09:00:37 +03:00			`* go 1.12 or later`
			`* az client`
Initial commit 2019-10-16 06:29:17 +03:00
update README formatting 2019-11-18 09:05:38 +03:00			`1. Log in to Azure:`
Initial commit 2019-10-16 06:29:17 +03:00
update README formatting 2019-11-18 09:05:38 +03:00			```
			`az login`
			```
improve README.md 2019-10-28 23:56:18 +03:00
add initial keyvault support 2019-11-18 09:00:37 +03:00			`1. You will need a publicly resolvable DNS zone resource in Azure. For RH ARO`
			engineering, this is the `osadev.cloud` zone in the `dns` resource group.
improve README.md 2019-10-28 23:56:18 +03:00
add initial keyvault support 2019-11-18 09:00:37 +03:00			`1. You will need an AAD application with:`
improve README.md 2019-10-28 23:56:18 +03:00
add initial keyvault support 2019-11-18 09:00:37 +03:00			`* client certificate and (for now) client secret authentication enabled`
			`* (for now) User Access Administrator role granted on the subscription`
			* (for now) `Azure Active Directory Graph / Application.ReadWrite.OwnedBy`
			`privileges granted`
update README.md 2019-10-19 04:20:51 +03:00
add initial keyvault support 2019-11-18 09:00:37 +03:00			For RH ARO engineering, this is the `aro-team-shared` AAD application. You
			`will need the client ID, client secret, and a key/certificate file`
update README formatting 2019-11-18 09:05:38 +03:00			(`aro-team-shared.pem`) that can be loaded into your key vault. Ask if you
			`do not have these.`
improve README.md 2019-10-28 23:56:18 +03:00
add initial keyvault support 2019-11-18 09:00:37 +03:00			`For non-RH ARO engineering, a suitable key/certificate file can be generated`
			`using the following helper utility:`
improve README.md 2019-10-28 23:56:18 +03:00
update README formatting 2019-11-18 09:05:38 +03:00			```
			`# Non-RH ARO engineering only`
listen on TLS 2019-11-18 09:55:32 +03:00			`go run ./hack/genkey -extKeyUsage client "$AZURE_CLIENT_ID"`
update README formatting 2019-11-18 09:05:38 +03:00			```
improve README.md 2019-10-28 23:56:18 +03:00
add initial keyvault support 2019-11-18 09:00:37 +03:00			`1. Copy env.example to env, edit the values and source the env file. This file`
			`holds (only) the environment variables necessary for the RP to run.`

			`* AZURE_TENANT_ID: Azure tenant UUID`
			`* AZURE_SUBSCRIPTION_ID: Azure subscription UUID`
			`* AZURE_CLIENT_ID: Azure AD application client UUID`
			`* AZURE_CLIENT_SECRET: Azure AD application client secret`

			* LOCATION: Azure location where RP and cluster(s) will run (default: `eastus`)
			`* RESOURCEGROUP: Name of a new resource group which will contain the RP resources`

minor README change 2019-11-18 09:07:28 +03:00			`* PULL_SECRET: A cluster pull secret retrieved from [Red Hat OpenShift Cluster Manager](https://cloud.redhat.com/openshift/install/azure/installer-provisioned)`
update README.md 2019-10-19 04:20:51 +03:00
document RP_MODE environment variable 2019-11-19 03:51:39 +03:00			* RP_MODE: Set to `development` when not in production.
update README formatting 2019-11-18 09:05:38 +03:00			```
			`cp env.example env`
			`vi env`
			`. ./env`
			```
improve README.md 2019-10-28 23:56:18 +03:00
update README formatting 2019-11-18 09:05:38 +03:00			`1. Choose the RP deployment parameters:`
improve README.md 2019-10-28 23:56:18 +03:00
add initial keyvault support 2019-11-18 09:00:37 +03:00			`* COSMOSDB_ACCOUNT: Name of a new CosmosDB account`
minor README change 2019-11-18 09:06:22 +03:00			`* DOMAIN: DNS subdomain shared by all clusters (RH: $something.osadev.cloud)`
add initial keyvault support 2019-11-18 09:00:37 +03:00			`* KEYVAULT_NAME: Name of a new key vault`
			* ADMIN_OBJECT_ID: AAD object ID for key vault admin(s) (RH: `az ad group list --query "[?displayName=='Engineering'].objectId" -o tsv`)
			* RP_OBJECT_ID: AAD object ID for AAD application (RH: `az ad app list --all --query "[?appId=='$AZURE_CLIENT_ID'].objectId" -o tsv`)
update README.md 2019-10-19 04:20:51 +03:00
update README formatting 2019-11-18 09:05:38 +03:00			`1. Create the resource group and deploy the RP resources:`
update README.md 2019-10-19 04:20:51 +03:00
update README formatting 2019-11-18 09:05:38 +03:00			```
			`COSMOSDB_ACCOUNT=mycosmosdb`
			`DOMAIN=mydomain.osadev.cloud`
			`KEYVAULT_NAME=mykeyvault`
			`ADMIN_OBJECT_ID=$(az ad group list --query "[?displayName=='Engineering'].objectId" -o tsv)`
Use "az ad sp" not "az ad app" for keyvault access 2019-11-28 06:26:12 +03:00			`RP_OBJECT_ID=$(az ad sp list --all --query "[?appId=='$AZURE_CLIENT_ID'].objectId" -o tsv)`
remove DOMAIN environment variable 2019-11-18 06:43:35 +03:00
update README formatting 2019-11-18 09:05:38 +03:00			`az group create -g "$RESOURCEGROUP" -l "$LOCATION"`
update README.md 2019-10-19 04:20:51 +03:00
update README formatting 2019-11-18 09:05:38 +03:00			`az group deployment create -g "$RESOURCEGROUP" --mode complete --template-file deploy/rp.json --parameters "location=$LOCATION" "databaseAccountName=$COSMOSDB_ACCOUNT" "domainName=$DOMAIN" "keyvaultName=$KEYVAULT_NAME" "adminObjectId=$ADMIN_OBJECT_ID" "rpObjectId=$RP_OBJECT_ID"`
			```
remove DOMAIN_RESOURCEGROUP environment variable 2019-11-18 06:32:53 +03:00
update README formatting 2019-11-18 09:05:38 +03:00			`1. Load the application key/certificate into the key vault:`
remove DOMAIN_RESOURCEGROUP environment variable 2019-11-18 06:32:53 +03:00
update README formatting 2019-11-18 09:05:38 +03:00			```
listen on TLS 2019-11-18 09:55:32 +03:00			`AZURE_KEY_FILE=aro-team-shared.pem`
add initial keyvault support 2019-11-18 09:00:37 +03:00
listen on TLS 2019-11-18 09:55:32 +03:00			`az keyvault certificate import --vault-name "$KEYVAULT_NAME" --name azure --file "$AZURE_KEY_FILE"`
			```

			`1. Generate a self-signed serving key/certificate and load it into the key vault:`

			```
			`TLS_KEY_FILE=localhost.pem`
			`go run ./hack/genkey localhost`
			`az keyvault certificate import --vault-name "$KEYVAULT_NAME" --name tls --file "$TLS_KEY_FILE"`
update README formatting 2019-11-18 09:05:38 +03:00			```
remove DOMAIN environment variable 2019-11-18 06:43:35 +03:00
update README formatting 2019-11-18 09:05:38 +03:00			`1. Create a glue record in the parent DNS zone:`
remove DOMAIN_RESOURCEGROUP environment variable 2019-11-18 06:32:53 +03:00
update README formatting 2019-11-18 09:05:38 +03:00			```
			`PARENT_DNS_RESOURCEGROUP=dns`
update README.md 2019-10-19 04:20:51 +03:00
update README formatting 2019-11-18 09:05:38 +03:00			`az network dns record-set ns create --resource-group "$PARENT_DNS_RESOURCEGROUP" --zone "$(cut -d. -f2- <<<"$DOMAIN")" --name "$(cut -d. -f1 <<<"$DOMAIN")"`
Initial commit 2019-10-16 06:29:17 +03:00
update README formatting 2019-11-18 09:05:38 +03:00			`for ns in $(az network dns zone show --resource-group "$RESOURCEGROUP" --name "$DOMAIN" --query nameServers -o tsv); do az network dns record-set ns add-record --resource-group "$PARENT_DNS_RESOURCEGROUP" --zone "$(cut -d. -f2- <<<"$DOMAIN")" --record-set-name "$(cut -d. -f1 <<<"$DOMAIN")" --nsdname $ns; done`
			```
add initial keyvault support 2019-11-18 09:00:37 +03:00
			`## Running the RP`
update README.md 2019-10-19 04:20:51 +03:00
			```
			`go run ./cmd/rp`
			```
Initial commit 2019-10-16 06:29:17 +03:00
			`## Useful commands`

update README.md 2019-10-19 04:20:51 +03:00			```
update to 4.3 and enable byo-vnet 2019-11-21 05:32:34 +03:00			`export CLUSTER=cluster`
update README.md 2019-10-19 04:20:51 +03:00			```

add subscription API 2019-11-28 20:32:24 +03:00			`* Register a subscription:`

			`curl -k -X PUT "https://localhost:8443/subscriptions/$AZURE_SUBSCRIPTION_ID?api-version=2.0" -H 'Content-Type: application/json' -d '{"state": "Registered"}'`

update README formatting 2019-11-18 09:05:38 +03:00			`* Create a cluster:`
update README.md 2019-10-19 04:20:51 +03:00
			```
update to 4.3 and enable byo-vnet 2019-11-21 05:32:34 +03:00			`az group create -g "$CLUSTER-vnet" -l "$LOCATION"`
			`az network vnet create -g "$CLUSTER-vnet" -n "$CLUSTER-vnet" --address-prefixes 10.0.0.0/16`
			`az network vnet subnet create -g "$CLUSTER-vnet" --vnet-name "$CLUSTER-vnet" -n master --address-prefixes 10.0.0.0/24`
			`az network vnet subnet create -g "$CLUSTER-vnet" --vnet-name "$CLUSTER-vnet" -n worker --address-prefixes 10.0.1.0/24`

swagger updates 2019-11-21 07:31:34 +03:00			`envsubst <examples/cluster-v20191231.json \| curl -k -X PUT "https://localhost:8443/subscriptions/$AZURE_SUBSCRIPTION_ID/resourceGroups/$CLUSTER/providers/Microsoft.RedHatOpenShift/openShiftClusters/$CLUSTER?api-version=2019-12-31-preview" -H 'Content-Type: application/json' -d @-`
update README.md 2019-10-19 04:20:51 +03:00			```

update README formatting 2019-11-18 09:05:38 +03:00			`* Get a cluster:`
update README.md 2019-10-19 04:20:51 +03:00
			```
swagger updates 2019-11-21 07:31:34 +03:00			`curl -k "https://localhost:8443/subscriptions/$AZURE_SUBSCRIPTION_ID/resourceGroups/$CLUSTER/providers/Microsoft.RedHatOpenShift/openShiftClusters/$CLUSTER?api-version=2019-12-31-preview"`
update README.md 2019-10-19 04:20:51 +03:00			```

update README formatting 2019-11-18 09:05:38 +03:00			`* Get a cluster's kubeadmin credentials:`
update README.md 2019-10-19 04:20:51 +03:00
			```
swagger updates 2019-11-21 07:31:34 +03:00			`curl -k -X POST "https://localhost:8443/subscriptions/$AZURE_SUBSCRIPTION_ID/resourceGroups/$CLUSTER/providers/Microsoft.RedHatOpenShift/openShiftClusters/$CLUSTER/credentials?api-version=2019-12-31-preview" -H 'Content-Type: application/json' -d '{}'`
update README.md 2019-10-19 04:20:51 +03:00			```

update README formatting 2019-11-18 09:05:38 +03:00			`* List clusters in resource group:`
update README.md 2019-10-19 04:20:51 +03:00
			```
swagger updates 2019-11-21 07:31:34 +03:00			`curl -k "https://localhost:8443/subscriptions/$AZURE_SUBSCRIPTION_ID/resourceGroups/$CLUSTER/providers/Microsoft.RedHatOpenShift/openShiftClusters?api-version=2019-12-31-preview"`
update README.md 2019-10-19 04:20:51 +03:00			```
Initial commit 2019-10-16 06:29:17 +03:00
update README formatting 2019-11-18 09:05:38 +03:00			`* List clusters in subscription:`
Initial commit 2019-10-16 06:29:17 +03:00
update README.md 2019-10-19 04:20:51 +03:00			```
swagger updates 2019-11-21 07:31:34 +03:00			`curl -k "https://localhost:8443/subscriptions/$AZURE_SUBSCRIPTION_ID/providers/Microsoft.RedHatOpenShift/openShiftClusters?api-version=2019-12-31-preview"`
update README.md 2019-10-19 04:20:51 +03:00			```
Initial commit 2019-10-16 06:29:17 +03:00
update README formatting 2019-11-18 09:05:38 +03:00			`* Scale a cluster:`
Initial commit 2019-10-16 06:29:17 +03:00
update README.md 2019-10-19 04:20:51 +03:00			```
			`COUNT=3`
allow worker scaling 2019-10-19 01:39:32 +03:00
swagger updates 2019-11-21 07:31:34 +03:00			`curl -k -X PATCH "https://localhost:8443/subscriptions/$AZURE_SUBSCRIPTION_ID/resourceGroups/$CLUSTER/providers/Microsoft.RedHatOpenShift/openShiftClusters/$CLUSTER?api-version=2019-12-31-preview" -H 'Content-Type: application/json' -d '{"properties": {"workerProfiles": [{"name": "worker", "count": '"$COUNT"'}]}}'`
update README.md 2019-10-19 04:20:51 +03:00			```
allow worker scaling 2019-10-19 01:39:32 +03:00
update README formatting 2019-11-18 09:05:38 +03:00			`* Delete a cluster:`
allow worker scaling 2019-10-19 01:39:32 +03:00
update README.md 2019-10-19 04:20:51 +03:00			```
swagger updates 2019-11-21 07:31:34 +03:00			`curl -k -X DELETE "https://localhost:8443/subscriptions/$AZURE_SUBSCRIPTION_ID/resourceGroups/$CLUSTER/providers/Microsoft.RedHatOpenShift/openShiftClusters/$CLUSTER?api-version=2019-12-31-preview"`
update to 4.3 and enable byo-vnet 2019-11-21 05:32:34 +03:00
			`az group delete -g "$CLUSTER-vnet"`
add operations API 2019-11-21 18:36:22 +03:00			```

			`* List operations:`
update to 4.3 and enable byo-vnet 2019-11-21 05:32:34 +03:00
add operations API 2019-11-21 18:36:22 +03:00			```
			`curl -k "https://localhost:8443/providers/Microsoft.RedHatOpenShift/operations?api-version=2019-12-31-preview"`
update README.md 2019-10-19 04:20:51 +03:00			```
Initial commit 2019-10-16 06:29:17 +03:00
			`## Basic architecture`

			`* pkg/frontend is intended to become a spec-compliant RP web server. It is`
			`backed by CosmosDB. Incoming PUT/DELETE requests are written to the database`
update README.md 2019-10-19 04:20:51 +03:00			`with an non-terminal (Updating/Deleting) provisioningState.`
Initial commit 2019-10-16 06:29:17 +03:00
stop using storage account for queue 2019-10-18 21:46:27 +03:00			`* pkg/backend reads documents with non-terminal provisioningStates,`
			`asynchronously updates them and finally updates document with a terminal`
			`provisioningState (Succeeded/Failed). The backend updates the document with a`
			`heartbeat - if this fails, the document will be picked up by a different`
			`worker.`
Initial commit 2019-10-16 06:29:17 +03:00
			`* As CosmosDB does not support document patch, care is taken to correctly pass`
			`through any fields in the internal model which the reader is unaware of (see`
			`github.com/ugorji/go/codec.MissingFielder`). This is intended to help in
			`upgrade cases and (in the future) with multiple microservices reading from the`
			`database in parallel.`

			`* Care is taken to correctly use optimistic concurrency to avoid document`
			corruption through concurrent writes (see `RetryOnPreconditionFailed`).

			`* The pkg/api architecture differs somewhat from`
			`github.com/openshift/openshift-azure`: the intention is to fix the broken
			`merge semantics and try pushing validation into the versioned APIs to improve`
			`error reporting.`

update README.md 2019-10-19 04:20:51 +03:00			`* Everything is intended to be crash/restart/upgrade-safe, horizontally`
			`scaleable, upgradeable...`
add some debugging tools 2019-11-14 04:08:34 +03:00
			`## Debugging`

update README formatting 2019-11-18 09:05:38 +03:00			`* Get an admin kubeconfig:`
add some debugging tools 2019-11-14 04:08:34 +03:00
update README formatting 2019-11-18 09:05:38 +03:00			```
swagger updates 2019-11-21 07:31:34 +03:00			`hack/get-admin-kubeconfig.sh /subscriptions/$AZURE_SUBSCRIPTION_ID/resourceGroups/$CLUSTER/providers/Microsoft.RedHatOpenShift/openShiftClusters/$CLUSTER`
update README formatting 2019-11-18 09:05:38 +03:00			`export KUBECONFIG=admin.kubeconfig`
			`oc version`
			```
add some debugging tools 2019-11-14 04:08:34 +03:00
update README formatting 2019-11-18 09:05:38 +03:00			`* SSH to the bootstrap node:`
add some debugging tools 2019-11-14 04:08:34 +03:00
update README formatting 2019-11-18 09:05:38 +03:00			```
swagger updates 2019-11-21 07:31:34 +03:00			`hack/ssh-bootstrap.sh /subscriptions/$AZURE_SUBSCRIPTION_ID/resourceGroups/$CLUSTER/providers/Microsoft.RedHatOpenShift/openShiftClusters/$CLUSTER`
update README formatting 2019-11-18 09:05:38 +03:00			```
add initial keyvault support 2019-11-18 09:00:37 +03:00
			`## Useful links`

update README formatting 2019-11-18 09:05:38 +03:00			`* https://github.com/Azure/azure-resource-manager-rpc`
add initial keyvault support 2019-11-18 09:00:37 +03:00
update README formatting 2019-11-18 09:05:38 +03:00			`* https://github.com/microsoft/api-guidelines`
add initial keyvault support 2019-11-18 09:00:37 +03:00
update README formatting 2019-11-18 09:05:38 +03:00			`* https://docs.microsoft.com/en-gb/rest/api/cosmos-db`
add initial keyvault support 2019-11-18 09:00:37 +03:00
update README formatting 2019-11-18 09:05:38 +03:00			`* https://github.com/jim-minter/go-cosmosdb`