* Add new initial fields to v20240812preview
* update openshiftcluster_example.go
* add new fields to converter
Co-authored-by: kimorris27 <kimorris@redhat.com>
* use multierror here, so it's more obvious if we're missing multiple keys
* Ignore the written out clusterapp.env
* move create/delete into separate commands, which write out a clusterapp.env file
* delete the app in the e2e.sh file
* update the docs
* Remove dependencies on console-operator and cluster-api-azure
* remove the forks that we don't use
* go mod updates
* go mod vendor
* stop relying on the providerspec being registered in tests
* cleanups
* update go sum
* test coverage fixes
* create oic storage account in dev
* split oic resources into new template for reuse
* add roleassignment, dev script
* parameterize, add documentation
* create new cmd for full env, doc change
* ProvisioningState Cancelled -> Canceled
* add WorkerProfileStatuses to example openshift cluster
* add x-ms-enum header to ProvisioningState and PreconfiguredNSG
* make client
* Don't add security context on <4.11 as OpenShift restricted SCCs do not
tolerate it
* Update GetClusterVersion to return cv.Status.History[0] if no completed update exists
* add archv1 check to multiple ip static validation
* add archv1 check to preview api static validation
* use InstallArchitectureVersion constant in test
* api: Avoid referencing DefaultInstallStream in tests
* frontend: Avoid referencing DefaultInstallStream
The frontend's OpenShiftVersions change feed handler will record
the current default version for the rest of the frontend to use.
* monitor: Remove latestGaMinorVersion metric
The RP no longer has this information internally, so the metric
is no longer relevant.
* update_ocp_versions: Read versions from an environment variable
Read OpenShift versions and pull specs from an OPENSHIFT_VERSIONS
environment variable containing a JSON object. This data includes
the default OpenShift version for new installs that don't specify
a version.
This moves us toward eliminating hard-coded OpenShift versions in
pkg/util/version/const.go.
* cache_fallback_discovery_client_test.go: Hard-code version
I'm not sure what to do with this test. Install stream data has
moved to RP-Config, so if the test is worth keeping then I guess
the oldest supported version will have to be hard-coded and kept
up-to-date. But it probably won't be.
* version: Remove DefaultInstallStreams
DefaultInstallStream will remain for now, but it's ONLY for use by
local development mode until we can come up with a better solution.
---------
Co-authored-by: Matthew Barnes <mbarnes@fedorapeople.org>
* replacing usages of magic strings with flags from the subpackage
* removing the //todo comment regarding the magic strings
* replacing magic strings with operator constants
* move DefaultOperatorFlags to operator package, inject when needed
added exempted user to guardrails
let the cleanup continue when failure occurs
iterate over all namespaces to find out if another gatekeeper is deployed
* If the CredentialsRequest isn't found, retry until timeout instead of immediately erroring out
* `ensureCredentialsRequest` upon every `az aro update`
* Add an E2E test for the `az aro update` scenario where the ARO
operator's CredentialsRequest has been deleted
* add ResourceDeleteAndWait to azureactions
* add delete resource admin action and frontend routing
* add helper functions for lb config manipulation
* refactor azure actions
- moves resource delete code to seperate file
- adds loadbalancer client to handle deleting FrontendIPConfiguration
- updates ResourceDeleteAndWait to handle deleting FrontendIPConfigurations
- adds DeleteByIDAndWait to features/resources client
* add e2e tests
* fix imports and add license headers
* cleanup / fix lint
* add command example to doc
* rename to "managed" resource id
* change query param to camel case
* use var group instead
* return error as adminReply already wraps in CloudError
* fix missed camelCase of query param
* use regex to match frontend ip configurations
* remove focus
* add deny list to prevent deleting PLS and Storage
* fix mixed import
* use fake pls name to prevent accidently deleting e2e cluster pls
* fix test
* add PE to deny list
* Update the cluster authorizer to use a DefaultAzureCredential
* Update the ARO operator to set and use DefaultAzureCredential via env vars
* Add a CredentialsRequest to the ARO operator deployment
* Restart the ARO operator upon `az aro update`
* Removed now unused AzCredentials function
* Changed ARO operator deployment wait time during `az aro update` from
20 minutes -> 5 minutes
* Refactor CliWithApply to generalize to different object types
* Updated Restart in pkg/util/kubernetes to use server-side apply
* Updated Restart in pkg/operator/deploy to only return an error after
at least attempting to restart all of the deployments passed in
* E2E test for ARO operator master deployment's restart upon cluster update
* Wait for the ARO operator's CredentialsRequest to be reconciled before
restarting
* genevalogging: Use AROController as base type
* genevalogging: Split off business logic for uniform error handling
* genevalogging: Add condition for controller status
* genevalogging: Check status conditions in unit tests
---------
Co-authored-by: Matthew Barnes <mbarnes@fedorapeople.org>
* fix: match existing hive-config with production hive-config
* bug: bump hive version to use minimal install version and resolve vulns
* Remove oc-cli domain annotation
* add defaults and update k8s dev version
* update default of outbound_type
* no default set for disk enryption
* nit: fix style
---------
Co-authored-by: gniranjan <gniranjan@microsoft.com>
Added extra validation to verify if etcd certificates are renewed
Also, removed isLessThanMinDuration code block so we can
even renew clusters whose expiry is more than 6 months duration
* revert changes made in #3222 to ensureAccessTokenClaims
* after timeout, return any actionable errors to the user
* combine / improve error messages
* still log err in RP logs if not nil
* fix nil pointer
* swagger: Use struct tags to specify read-only fields
* immutable: Handle `swagger:"readOnly"` tag during validation
The left-hand operand (v) should omit read-only struct fields;
i.e. the field should always be the zero-value for its type.
* api: Add ExternalNoReadOnly method to OpenShiftClusterConverter
ExternalNoReadOnly removes all read-only fields from the external
representation. This is necessary when patching a cluster document;
read-only fields must be omitted from the external representation
in order to pass static validation.
* e2e: Exercise using PUT to update managed outbound IPs
---------
Co-authored-by: Matthew Barnes <mbarnes@fedorapeople.org>
* Add React Router library
* Use React Router for search params
The existing functionality using this appears to be non-functional, but its behavior
is preserved.
* Use cluster resourceID in route for details modal
* Use URL routing to handle Cluster Details navigation
* Route all admin portal frontend subroutes to index.html
* Add handling to portal login redirect to preserve original path
* Update E2E tests for new admin portal routing
* Replace OverviewComponent with new implementation
- Use FluentUI DetailsList for contents
- Always display all properties, even if value is not present
- Modify E2E test to check each individual property
* Build frontend artifacts
* Upgrade Microsoft.Storage API Version to 2019-06-01
* Explicitly set encryption Enabled=True on all storage account services
This is not strictly necessary, as the Storage API will default these to True.
This change is just to reconcile expected with actual.
* Update generated deployment assets
Fixed such that we continue to add vnet rules for cluster subnets if Microsoft.Storage service endpoint present on subnet(s)
Some context for this fix:
"""
Unbeknownst to us, as of OCP 4.11, the default StorageClass object for azurefile-csi was automatically selecting the cluster Storage Account we use to store things like ignition config to also back all PVs created with this storage class, that is, customer data.
As of this RP Release / PUCM, ARO SRE added functionality to ARO to disallow requirements on Service Endpoints on cluster subnets (seen as an attack vector for some highly security-conscious customers), and in doing so, we added some NACL rules to not allow nodes to access the cluster storage account, because we figured from a service perspective it was unused.
These two things are now in conflict. We now have some customers who used the default storage class for Azure File, and can no longer mount volumes due to our new NACL configuration. We need to modify our stack to accommodate these customers (estimated to be a few dozen).
"""
* Fail cluster deletion if RP is not authorized to perform resource group delete
* Refactor deleteResourcesAndResourceGroup to be simpler and more testable
* retry operations on pull-secret when receiving a conflict
* retry the entire pull-secret rotation
* use apply instead of update
* uses aro-rp fieldManager and forces the apply
* refactors to reduce to only one apply for pull secret
Ankur Singh
Ayato Tokubi
Edison Cardenas
Maitiú Ó Ciaráin
b-jhoreman
Hilliary Lipsig
Caden Marchese
Amber Brown
Nont
Tanmay Satam
Ben Vesel
LiniSusan
Jeff Yuan
Roland Kunkel
Maitiú Ó Ciaráin
Tony Schneider
Kipp Morris
Nicolas Ontiveros
Daniel Holmes
Srinivas Atmakuri
carvalhe
Jory Horeman
Matthew Barnes
azoppiserpa
Jeff Yuan
Daniel Ionel Bizau
kimorris27
Amit
Andrew Denton
Steven Fairchild
Matthew Barnes
Goutham Muguluvalli Niranjan
Arris Li
Amit Arora
Mohammed Safwan Aslam Kazi
Steven Fairchild
Christoph Blecker
gniranjan
Spencer Amann