Azure
/
ARO-RP
зеркало из https://github.com/Azure/ARO-RP.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
ARO-RP/docs/feature-flags.md

2.2 KiB
Исходник Ответственный История

Feature flags

Feature flags are used in a couple of different places in the ARO-RP codebase.

Subscription feature flags

Azure has the capability to set feature flags on subscriptions. Depending on the feature flag, it may be settable directly via the end user, or solely via Geneva. See the ARM wiki for more details.

ARM advertises subscription flags to RPs as part of the subscription lifecycle; the ARO RP responds to subscription PUTs by storing the subscription document verbatim in Cosmos DB. Thus subscription feature flags can be checked by reading the subscription document from the database.

Subscription feature flags used by ARO-RP include:

  • Microsoft.RedHatOpenShift/RedHatEngineering: generic feature flag for graduating features to production such that they only apply on our Red Hat engineering subscription.

Subscription feature flags are also used for API preview, INT and region rollout. See the RP ARM manifest for more details.

RP feature flags

The RP_FEATURES environment variable is a comma-delimited list of RP codebase feature flags defined in pkg/env/env.go. At the time of writing these include:

  • DisableDenyAssignments: don't create a deny assignment on the cluster resource group. Used everywhere except PROD, as this capability is not released outside of PROD.

  • DisableSignedCertificates: don't integrate with Digicert to sign cluster certificates. Used in development only.

  • EnableDevelopmentAuthorizer: use the SubjectNameAndIssuer authorizer instead of the ARM authorizer to validate inbound ARM API calls. Used in development only.

  • RequireD2sV3Workers: require cluster worker VMs to be Standard_D2s_v3 SKU. Used in development only (to save money :-).

  • EnableOCMEndpoints: Register the OCM endpoints in the frontend. Otherwise the endpoints are not available at all.

  • RequireOIDCStorageWebEndpoint: Since Azure Front Door is only present for INT and PROD, there is a need to determine the web endpoint of the OIDC Storage Account after its creation. Format of web endpoint(It uses Azure DNS Zone endpoint):- https://[storage-account].z[00-99].web.storage.azure.net . Used in development only.