Hive AKS development environment deploy (#2171)

* Add hive config generation script

* Script to install hive into the AKS dev environments

* Add note about semi-scientific container image search

* Vanilla hive config gleaned from app-sre config

* Initial OCP 4.10.15 image set

* Ignore the generated hive config files

* Check for crds folder and ask to re-running install

* Add docs

* Add newline to yaml EOF

* Spelling is clearly hard at this hour...

* Fix typo, grammer, and spelling

* Use the shell var instead

* Use the expanded output variable syntax. No lazy typing :)

* Use 1's for all error exit's

* Fix make aks.kubeconfig in docs/hive.md

Co-authored-by: Spencer Amann <samann@redhat.com>

* Fix hive docs kubeconfig typo

* Use HIVE_IMAGE_COMMIT_HASH in the HIVE image and comments for popd/pushd

* Update docs to reflect the use of the HIVE_IMAGE_COMMIT_HASH define

Co-authored-by: Spencer Amann <samann@redhat.com>

.gitignore

@@ -30,3 +30,5 @@ gomock_reflect_*
 /portal/v1/node_modules/
 /portal/v2/node_modules/
 .idea*
+/hack/hive-config/crds
+/hack/hive-config/hive-deployment.yaml

docs/hive.md

@@ -0,0 +1,37 @@
+# Hive
+
+## Version
+
+Update the HIVE_IMAGE_COMMIT_HASH in `hack/hive-generate-config.sh` with the latest commit sha of the Hive image you are deploying. The commit sha is used to specify the image tag and also used during config generation to checkout the correct version of the config files. The config files are subsequently used by the `hack/hive-dev-install.sh` script during iunstallation or during config updates.
+
+## Generating config
+
+In order to generate config for a dev environment you need to ensure you have the correct `LOCATION` is set in your env file. Once this is done you can simply run the config generation script.
+
+```bash
+# source your environment file
+. ./env
+# run the config generation
+./hack/hive-generate-config.sh
+```
+
+This will download the latest source, reset to the hash specified in HIVE_IMAGE_COMMIT_HASH, and build the config using kustomise.
+
+## Installing
+
+Ensure you have the latest AKS kubeconfig:
+```bash
+# get the AKS kubeconfig
+make aks.kubeconfig
+```
+
+Set KUBECONFIG to the aks.kubeconfig file, for example:
+```bash
+export KUBECONFIG="$PWD/aks.kubeconfig"
+```
+
+Installing then simply requires the running of the install script.
+
+```bash
+./hack/hive-dev-install.sh
+```

hack/hive-config/cluster-image-sets/4.10.15.yaml

@@ -0,0 +1,6 @@
+apiVersion: hive.openshift.io/v1
+kind: ClusterImageSet
+metadata:
+  name: openshift-v4.10.15
+spec:
+  releaseImage: quay.io/openshift-release-dev/ocp-release@sha256:ddcb70ce04a01ce487c0f4ad769e9e36a10c8c832a34307c1b1eb8e03a5b7ddb

hack/hive-config/hive-config.yaml

@@ -0,0 +1,15 @@
+apiVersion: hive.openshift.io/v1
+kind: HiveConfig
+metadata:
+  name: hive
+spec:
+  logLevel: debug
+  targetNamespace: HIVE_OPERATOR_NS
+  deleteProtection: enabled
+  disabledControllers:
+  - remoteingress
+  failedProvisionConfig:
+    retryReasons:
+    - UnknownError
+  globalPullSecretRef:
+    name: hive-global-pull-secret

hack/hive-dev-install.sh

@@ -0,0 +1,80 @@
+#!/bin/bash
+
+HIVE_OPERATOR_NS="hive"
+KUBECTL=$( which kubectl 2> /dev/null || which oc 2> /dev/null)
+
+function cleanup {
+	[ -f "$(pwd)/kubectl" ] && rm -f "$(pwd)/kubectl"
+}
+
+function download_tmp_kubectl {
+	curl -sLO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+	if [ $? -ne 0 ]; then
+		echo ": error downloading kubectl"
+		exit 1
+	fi
+	chmod 755 kubectl
+	KUBECTL="$(pwd)/kubectl"
+}
+
+function verify_tools {
+	if [ ! -z "$KUBECTL" ]; then
+		return
+	fi
+	echo -n "kubectl or oc not detected, downloading"
+	download_tmp_kubectl
+	echo ", done."
+
+	if [ $( $KUBECTL get nodes 2>/dev/null | wc -l ) -eq 0 ]; then
+		echo "unable to connect to the cluster"
+		exit 1
+	fi
+}
+
+set -e
+trap cleanup EXIT
+
+if [ ! -f go.mod ] || [ ! -d ".git" ]; then
+	echo "this script must by run from the repo's root directory"
+	exit 1
+fi
+
+if [ ! -f "./hack/hive-config/hive-deployment.yaml" ] || [ ! -d "./hack/hive-config/crds" ] ; then
+	echo "hive config is missing, generating config, please rerun this script afterwards"
+	./hack/hive-generate-config.sh
+	if [ $? -ne 0 ]; then
+		echo "error generating the hive configs"
+		exit 1
+	fi
+fi
+
+if [ -z "$PULL_SECRET" ]; then
+	echo "global pull secret variable required, please source ./env"
+	exit
+fi
+
+verify_tools
+
+if [ $( $KUBECTL get namespace $HIVE_OPERATOR_NS -o yaml 2>/dev/null | wc -l ) -ne 0 ]; then
+	echo "hive is already installed in the namespace"
+	echo -n "would you like to reapply the configs? (y/N): "
+	read answer
+	if [[ "$answer" != "y" ]]; then
+		exit
+	fi
+else
+	$KUBECTL create namespace $HIVE_OPERATOR_NS
+fi
+
+$KUBECTL apply -f ./hack/hive-config/crds
+$KUBECTL apply -f ./hack/hive-config/hive-deployment.yaml
+$KUBECTL apply -f ./hack/hive-config/cluster-image-sets
+
+echo "$PULL_SECRET" > /tmp/.tmp-secret
+# Using dry-run allows updates to work seamlessly
+$KUBECTL create secret generic hive-global-pull-secret --from-file=.dockerconfigjson=/tmp/.tmp-secret --type=kubernetes.io/dockerconfigjson --namespace $HIVE_OPERATOR_NS -o yaml --dry-run=client | $KUBECTL apply -f - 2>/dev/null
+rm -f /tmp/.tmp-secret
+
+sed "s/HIVE_OPERATOR_NS/$HIVE_OPERATOR_NS/g" hack/hive-config/hive-config.yaml | $KUBECTL apply -f -
+
+echo -e "\nHive is installed."

hack/hive-generate-config.sh

@@ -0,0 +1,94 @@
+#!/bin/bash
+
+# This is the commit sha that the image was built from and ensures we use the correct configs for the release
+HIVE_IMAGE_COMMIT_HASH="2383a88"
+
+# For now we'll use the quay hive image, but this will change to an ACR once the quay.io -> ACR mirroring is setup
+# Note: semi-scientific way to get the latest image: `podman search --list-tags --limit 10000 quay.io/app-sre/hive | tail -n1`
+HIVE_IMAGE="quay.io/app-sre/hive:${HIVE_IMAGE_COMMIT_HASH}"
+
+HIVE_OPERATOR_NS="hive"
+
+# This version is specified in the hive repo and is the only hard dependency for this script
+# https://github.com/openshift/hive/blob/master/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/kustomize.mk#L7
+KUSTOMIZE_VERSION=4.1.3
+KUSTOMIZE=$( which kustomize 2>/dev/null )
+TMPDIR=$( mktemp -d )
+
+function cleanup {
+	popd >& /dev/null
+	[ -d "$TMPDIR" ] && rm -fr "$TMPDIR"
+}
+
+function verify_kustomize {
+	if [ ! -z "$KUSTOMIZE" ]; then
+		return
+	fi
+	echo -n "kustomize not detected, downloading "
+	curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/kustomize/v${KUSTOMIZE_VERSION}/hack/install_kustomize.sh" | bash -s "$KUSTOMIZE_VERSION" "$TMPDIR"
+	if [ $? -ne 0 ]; then
+		echo "error downloading kustomize"
+		exit 1
+	fi
+	KUSTOMIZE="${TMPDIR}/kustomize"
+}
+
+function hive_repo_clone {
+	echo -n "Cloning hive repo into tmp for config generation"
+	CLONE_ERROR=$(git clone https://github.com/openshift/hive.git "$TMPDIR" 2>/dev/null )
+	if [ $? -ne 0 ]; then
+		echo ": error cloning the hive repo: ${CLONE_ERROR}"
+		exit 1
+	fi
+	echo ", done."
+}
+
+function hive_repo_hash_checkout {
+	# go into $TMPDIR and checkout the commit the image was built with
+	pushd $TMPDIR >& /dev/null
+	git reset --hard $HIVE_IMAGE_COMMIT_HASH
+	if [ $? -ne 0 ] || [[ $( git rev-parse --short=${#HIVE_IMAGE_COMMIT_HASH} HEAD ) != ${HIVE_IMAGE_COMMIT_HASH} ]]; then
+		echo "error resetting the hive repo to the correct git hash '${HIVE_IMAGE_COMMIT_HASH}'"
+		exit 1
+	fi
+}
+
+function generate_hive_config {
+	# Create the hive operator install config using kustomize
+	mkdir -p overlays/deploy
+	cp overlays/template/kustomization.yaml overlays/deploy
+	pushd overlays/deploy >& /dev/null
+	$KUSTOMIZE edit set image registry.ci.openshift.org/openshift/hive-v4.0:hive=$HIVE_IMAGE
+	$KUSTOMIZE edit set namespace $HIVE_OPERATOR_NS
+	popd >& /dev/null
+
+	$KUSTOMIZE build overlays/deploy > hive-deployment.yaml
+
+	# return to the repo directory to copy the generated config from $TMPDIR
+	popd >& /dev/null
+	mv "$TMPDIR/hive-deployment.yaml" ./hack/hive-config/
+
+	if [ -d ./hack/hive-config/crds ]; then
+		rm -fr ./hack/hive-config/crds
+	fi
+	cp -R "$TMPDIR/config/crds" ./hack/hive-config/
+}
+
+set -e
+trap cleanup EXIT
+
+if [ ! -f go.mod ] || [ ! -d ".git" ]; then
+	echo "this script must by run from the repo's root directory"
+	exit 1
+fi
+if [[ ! "$TMPDIR" || ! -d "$TMPDIR" ]]; then
+	echo "could not create temp working dir"
+	exit 1
+fi
+
+hive_repo_clone
+hive_repo_hash_checkout
+verify_kustomize
+generate_hive_config
+
+echo -e "\nHive config generated."