ARO-RP/env.example

29 строки
1.2 KiB
Plaintext
Исходник Обычный вид История

# use unique prefix for Azure resources when it is set, otherwise use your user's name
export AZURE_PREFIX="${AZURE_PREFIX:-$USER}"
export LOCATION="${LOCATION:-westeurope}"
export NO_CACHE=false
export AZURE_EXTENSION_DEV_SOURCES="$(pwd)/python"
2019-10-16 06:29:17 +03:00
export CLUSTER_RESOURCEGROUP="${AZURE_PREFIX}-v4-$LOCATION"
export CLUSTER_NAME="${AZURE_PREFIX}-aro-cluster"
export CLUSTER_VNET="${AZURE_PREFIX}-aro-vnet"
export ARO_IMAGE=arointsvc.azurecr.io/aro:latest
Lay groundwork for cluster MSI usage (#3757) * Add a parameter for enabling Entra ID RBAC on key vaults * Add an RP-level feature flag for determining whether to use the mock MSI RP * Tweak the mock identity URL to play nicely with the mock MSI RP * Add Azure SDK client wrappers for new clients (federated identity credentials control plane and key vault data plane) * Vendor in new Azure SDK clients and update msi-dataplane * Lay groundwork for use of cluster MSI... - Initialize the MSI dataplane client, using the mock MSI RP/stub if appropriate - Initialize key vault store client (for MSI certificates; functionality is implemented in MSI dataplane module) - Create a cluster MSI certificate and store it in the key vault during cluster bootstrap - Instantiate an Azure SDK FederatedIdentityCredential client using the cluster MSI certificate - Delete the cluster MSI certificate as needed during cluster deletion * Don't fail during cluster deletion if the cluster MSI certificate is already gone from the key vault (or was potentially never created) * Establish an RP-Config variable for the MSI RP endpoint - Update doc comment for ensureClusterMsiCertificate - Simplify conditional logic in MSI cert deletion * Use pointer conversion functions that aren't deprecated * Respond to PR comments (and fix some other things along the way) - Move `clusterMsiResourceId` function to `OpenShiftCluster` type - When persisting the MSI cert to KV, use the `NotAfter` returned by the MSI RP (for the stub, just use an arbitrary value) - Move `getClientOptions` functionality to `AROEnvironment` type - Move logic for determining cluster MSI key vault name to `pkg/env` - Pull cloud name mapping stuff out to `AROEnvironment` type - Update msi-dataplane module to include new changes and use `UserAssignedIdentities` type to get Azure credential in `pkg/cluster/clustermsi.go` - Fix typo in https URL in comment in `pkg/cluster/delete.go` - Implement suggestion to use `errors.As` instead of a type assertion in `pkg/cluster/delete.go` * Update documentation with info about new feature flag - Move new cluster MSI steps forward in bootstrap step order - Move MSI dataplane client options stuff to pkg/env - Explicitly check for a single cluster MSI in `ClusterMsiResourceId` - Other small tweaks * Vendor in msi-dataplane update that prevents a potential nil pointer dereference * Add missing method to internal key vault client * Make error messages more specific in ClusterMsiResourceId * Add missing env vars to run-rp make target and uncomment dynamic validation bootstrap step - In newly added Azure clients, return struct types instead of interface types - Move cluster MSI certificate deletion to be after Azure resource deletion for safety just in case cx continues to use cluster that is in Failed/Deleting provisioning state * Add new env vars for MIWI to env.example for clarity/completeness * Turn check for nonzero number of user assigned identities into a utility function * Use existing constant for key vault dns suffix
2024-09-24 15:14:56 +03:00
# You'll need these to create MIWI clusters with your local RP, but you can comment them
# out or remove them from your env file if you're only going to be creating service principal
# clusters.
export MOCK_MSI_CLIENT_ID="replace_with_value_output_by_hack/devtools/msi.sh"
export MOCK_MSI_OBJECT_ID="replace_with_value_output_by_hack/devtools/msi.sh"
Lay groundwork for cluster MSI usage (#3757) * Add a parameter for enabling Entra ID RBAC on key vaults * Add an RP-level feature flag for determining whether to use the mock MSI RP * Tweak the mock identity URL to play nicely with the mock MSI RP * Add Azure SDK client wrappers for new clients (federated identity credentials control plane and key vault data plane) * Vendor in new Azure SDK clients and update msi-dataplane * Lay groundwork for use of cluster MSI... - Initialize the MSI dataplane client, using the mock MSI RP/stub if appropriate - Initialize key vault store client (for MSI certificates; functionality is implemented in MSI dataplane module) - Create a cluster MSI certificate and store it in the key vault during cluster bootstrap - Instantiate an Azure SDK FederatedIdentityCredential client using the cluster MSI certificate - Delete the cluster MSI certificate as needed during cluster deletion * Don't fail during cluster deletion if the cluster MSI certificate is already gone from the key vault (or was potentially never created) * Establish an RP-Config variable for the MSI RP endpoint - Update doc comment for ensureClusterMsiCertificate - Simplify conditional logic in MSI cert deletion * Use pointer conversion functions that aren't deprecated * Respond to PR comments (and fix some other things along the way) - Move `clusterMsiResourceId` function to `OpenShiftCluster` type - When persisting the MSI cert to KV, use the `NotAfter` returned by the MSI RP (for the stub, just use an arbitrary value) - Move `getClientOptions` functionality to `AROEnvironment` type - Move logic for determining cluster MSI key vault name to `pkg/env` - Pull cloud name mapping stuff out to `AROEnvironment` type - Update msi-dataplane module to include new changes and use `UserAssignedIdentities` type to get Azure credential in `pkg/cluster/clustermsi.go` - Fix typo in https URL in comment in `pkg/cluster/delete.go` - Implement suggestion to use `errors.As` instead of a type assertion in `pkg/cluster/delete.go` * Update documentation with info about new feature flag - Move new cluster MSI steps forward in bootstrap step order - Move MSI dataplane client options stuff to pkg/env - Explicitly check for a single cluster MSI in `ClusterMsiResourceId` - Other small tweaks * Vendor in msi-dataplane update that prevents a potential nil pointer dereference * Add missing method to internal key vault client * Make error messages more specific in ClusterMsiResourceId * Add missing env vars to run-rp make target and uncomment dynamic validation bootstrap step - In newly added Azure clients, return struct types instead of interface types - Move cluster MSI certificate deletion to be after Azure resource deletion for safety just in case cx continues to use cluster that is in Failed/Deleting provisioning state * Add new env vars for MIWI to env.example for clarity/completeness * Turn check for nonzero number of user assigned identities into a utility function * Use existing constant for key vault dns suffix
2024-09-24 15:14:56 +03:00
export MOCK_MSI_CERT="replace_with_value_output_by_hack/devtools/msi.sh"
export MOCK_MSI_TENANT_ID="replace_with_value_output_by_hack/devtools/msi.sh"
export PLATFORM_WORKLOAD_IDENTITY_ROLE_SETS="replace_with_value_output_by_hack/devtools/msi.sh"
# you will need this to run-rp , vpn and ci-rp using Docker compose
export REGISTRY=registry.access.redhat.com
export LOCAL_ARO_RP_IMAGE=aro
export VERSION=latest
export TAG=latest
export LOCAL_VPN_IMAGE=vpn
Lay groundwork for cluster MSI usage (#3757) * Add a parameter for enabling Entra ID RBAC on key vaults * Add an RP-level feature flag for determining whether to use the mock MSI RP * Tweak the mock identity URL to play nicely with the mock MSI RP * Add Azure SDK client wrappers for new clients (federated identity credentials control plane and key vault data plane) * Vendor in new Azure SDK clients and update msi-dataplane * Lay groundwork for use of cluster MSI... - Initialize the MSI dataplane client, using the mock MSI RP/stub if appropriate - Initialize key vault store client (for MSI certificates; functionality is implemented in MSI dataplane module) - Create a cluster MSI certificate and store it in the key vault during cluster bootstrap - Instantiate an Azure SDK FederatedIdentityCredential client using the cluster MSI certificate - Delete the cluster MSI certificate as needed during cluster deletion * Don't fail during cluster deletion if the cluster MSI certificate is already gone from the key vault (or was potentially never created) * Establish an RP-Config variable for the MSI RP endpoint - Update doc comment for ensureClusterMsiCertificate - Simplify conditional logic in MSI cert deletion * Use pointer conversion functions that aren't deprecated * Respond to PR comments (and fix some other things along the way) - Move `clusterMsiResourceId` function to `OpenShiftCluster` type - When persisting the MSI cert to KV, use the `NotAfter` returned by the MSI RP (for the stub, just use an arbitrary value) - Move `getClientOptions` functionality to `AROEnvironment` type - Move logic for determining cluster MSI key vault name to `pkg/env` - Pull cloud name mapping stuff out to `AROEnvironment` type - Update msi-dataplane module to include new changes and use `UserAssignedIdentities` type to get Azure credential in `pkg/cluster/clustermsi.go` - Fix typo in https URL in comment in `pkg/cluster/delete.go` - Implement suggestion to use `errors.As` instead of a type assertion in `pkg/cluster/delete.go` * Update documentation with info about new feature flag - Move new cluster MSI steps forward in bootstrap step order - Move MSI dataplane client options stuff to pkg/env - Explicitly check for a single cluster MSI in `ClusterMsiResourceId` - Other small tweaks * Vendor in msi-dataplane update that prevents a potential nil pointer dereference * Add missing method to internal key vault client * Make error messages more specific in ClusterMsiResourceId * Add missing env vars to run-rp make target and uncomment dynamic validation bootstrap step - In newly added Azure clients, return struct types instead of interface types - Move cluster MSI certificate deletion to be after Azure resource deletion for safety just in case cx continues to use cluster that is in Failed/Deleting provisioning state * Add new env vars for MIWI to env.example for clarity/completeness * Turn check for nonzero number of user assigned identities into a utility function * Use existing constant for key vault dns suffix
2024-09-24 15:14:56 +03:00
. secrets/env