Azure Red Hat OpenShift RP
Перейти к файлу
Amit Arora 28d48702b5
Added the Actions Icons on Cluster Detail Page (#3051)
* Added the Actions Icons on Cluster Detail Page

* Added Action Icon Button on Cluster Detail Page

* Added Action Icon Button on Cluster Detail Page
2023-09-11 12:38:27 +05:30
.config suppress false positives for passwords found in tests 2022-07-29 13:52:36 -05:00
.gdn Update guardian suppression rules (#3032) 2023-07-14 09:37:19 -04:00
.github Use go version from go.mod 2023-08-31 14:03:52 -07:00
.pipelines Remove unneeded codeql template 2023-08-17 13:46:18 -07:00
cmd/aro add ubi9, latest MUO, mariner azure-cli 2023-09-06 15:40:49 +10:00
docs Remove rhcos publishing doc, can be found in ARO-Installer (#3160) 2023-09-08 16:04:21 -04:00
hack update code to use our generated msgraph sdk 2023-09-04 10:35:48 +10:00
pkg Added the Actions Icons on Cluster Detail Page (#3051) 2023-09-11 12:38:27 +05:30
portal Added the Actions Icons on Cluster Detail Page (#3051) 2023-09-11 12:38:27 +05:30
python Add worker profile status (#3053) 2023-09-05 14:56:27 -04:00
swagger Add worker profile status (#3053) 2023-09-05 14:56:27 -04:00
test Added the Actions Icons on Cluster Detail Page (#3051) 2023-09-11 12:38:27 +05:30
vendor Bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4 2023-09-07 13:08:37 +00:00
.dockerignore dockerignore: remove /env* files since they're in the git repo 2023-01-13 08:35:57 -05:00
.env Implement ARO extension 2019-12-15 22:06:27 -06:00
.gitignore makefile to run kiota 2023-09-04 10:35:48 +10:00
.golangci.yml Move pkg/api dependencies on util/subnet to api/util/subnet (#3070) 2023-08-03 16:41:32 +10:00
.mega-linter.yml update the mega linter because deprecations (#2877) 2023-05-19 15:08:22 +10:00
.prettierignore Run prettier on the pipeline yaml files (#2979) 2023-08-01 21:41:31 +10:00
.prettierrc.yaml Run prettier on the pipeline yaml files (#2979) 2023-08-01 21:41:31 +10:00
.sha256sum Add worker profile status (#3053) 2023-09-05 14:56:27 -04:00
.yaml-lint.yml added yaml lint (#2132) 2022-05-27 13:10:11 -04:00
CONTRIBUTING.md add CONTRIBUTING.md 2019-12-16 19:16:53 -06:00
Dockerfile.aro Remove 3rd party dependencies: dockerfile registry arg (#2126) 2022-06-24 14:40:13 -04:00
Dockerfile.aro-e2e update to go 1.18.10 2023-09-08 14:43:08 +10:00
Dockerfile.aro-multistage update to go 1.18.10 2023-09-08 14:43:08 +10:00
Dockerfile.autorest Fix client generation (#2867) 2023-05-02 13:36:41 +10:00
Dockerfile.ci update to go 1.18.10 2023-09-08 14:43:08 +10:00
Dockerfile.fluentbit change mariner to go from MCR 2023-03-30 09:35:45 -04:00
Dockerfile.gatekeeper Update gatekeeper version tag (#3028) 2023-07-14 22:22:33 +12:00
Dockerfile.portal_lint Remove all reported CVE issues with npm packages, create fallbacks for polyfills, use absolute path to eslint with formatter, upgrade all packages 2022-09-12 15:36:22 +10:00
Dockerfile.proxy update to go 1.18.10 2023-09-08 14:43:08 +10:00
LICENSE Initial commit 2019-10-15 22:43:52 -05:00
Makefile makefile to run kiota 2023-09-04 10:35:48 +10:00
README.md when mhc is managed create an alert for frequent remediation (#2123) 2022-05-31 09:34:48 -04:00
SECURITY.md add SECURITY.md 2019-12-16 19:16:53 -06:00
deps.go Move CI/dev tool usage to use go run pkg@version to reduce the number of vendored dependencies (#2789) 2023-03-24 10:01:05 +11:00
env-int.example Better documentation support for multiple envs (#1932) 2022-03-15 15:24:59 -04:00
env.example Add aro-operator 2020-07-29 15:46:23 +01:00
go.mod Bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4 2023-09-07 13:08:37 +00:00
go.sum Bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4 2023-09-07 13:08:37 +00:00
requirements.txt pin python versions using requirements.txt. 2022-08-10 16:57:18 +01:00

README.md

Azure Red Hat OpenShift Resource Provider

Welcome!

For information relating to the generally available Azure Red Hat OpenShift v4 service, please see the following links:

Quickstarts

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.

When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repositories using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Repository map

  • .pipelines: CI workflows using Azure pipelines.

  • cmd/aro: RP entrypoint.

  • deploy: ARM templates to deploy RP in development and production.

  • docs: Documentation.

  • hack: Build scripts and utilities.

  • pkg: RP source code:

    • pkg/api: RP internal and external API definitions.

    • pkg/backend: RP backend workers.

    • pkg/bootstraplogging: Bootstrap logging configuration

    • pkg/client: Autogenerated ARO service Go client.

    • pkg/cluster: Cluster create/update/delete operations wrapper for OCP installer.

    • pkg/database: RP CosmosDB wrapper layer.

    • pkg/deploy: /deploy ARM template generation code.

    • pkg/env: RP environment-specific shims for running in production, development or test

    • pkg/frontend: RP frontend webserver.

    • pkg/metrics: Handles RP metrics via statsd.

    • pkg/mirror: OpenShift release mirror tooling.

    • pkg/monitor: Monitors running clusters.

    • pkg/operator/controllers: A list of controllers instantiated by the operator component.

      • alertwebhook: Ensures that the receiver endpoint defined in the alertmanager-main secret matches the webserver endpoint at aro-operator-master.openshift-azure-operator:8080, to avoid the AlertmanagerReceiversNotConfigured warning.

      • checker: Watches the Cluster resource for changes and updates conditions of the resource based on checks mentioned below

        • internetchecker: validate outbound internet connectivity to the nodes

        • serviceprincipalchecker: validate cluster service principal has the correct role/permissions

      • clusteroperatoraro: Ensures that the ARO cluster object is consistent and immutable

      • dnsmasq: Ensures that a dnsmasq systemd service is defined as a machineconfig for all nodes. The dnsmasq config contains records for azure load balancers such as api, api-int and *.apps domains so they will resolve even if custom DNS on the VNET is set.

      • genevalogging: Ensures all the Geneva logging resources in the openshift-azure-logging namespace matches the pre-defined specification found in pkg/operator/controllers/genevalogging/genevalogging.go.

      • imageconfig: Ensures that required registries are not blocked in image.config

      • machine: validate machine objects have the correct provider spec, vm type, vm image, disk size, three master nodes exist, and the number of worker nodes match the desired worker replicas

      • machineset: Ensures that a minimum of two worker replicas are met.

      • machinehealthcheck: Ensures the MachineHealthCheck resource is running as configured. See machinehealthcheck/doc.go

      • monitoring: Ensures that the OpenShift monitoring configuration in the openshift-monitoring namespace is consistent and immutable.

      • node: Force deletes pods when a node fails to drain for 1 hour. It should clear up any pods that refuse to be evicted on a drain due to violating a pod disruption budget.

      • pullsecret: Ensures that the ACR credentials in the openshift-config/pull-secret secret match those in the openshift/azure-operator/cluster secret.

      • rbac: Ensures that the aro-sre clusterrole and clusterrolebinding exist and are consistent.

      • routefix: Ensures all the routefix resources in the namespace openshift-azure-routefix remain on the cluster.

      • subnets: Ensures that the Network Security Groups (NSGs) are correct, and updates the Azure Machine Provider spec with subnet, vnet, and Network Resource Group.

      • workaround: Applies a set of temporay workarounds to the ARO cluster.

      • previewfeature: Allows toggling certain features that are not yet enabled by default.

    • pkg/portal: Portal for running promql queries against a cluster or requesting a kubeconfig for a cluster.

    • pkg/proxy: Proxy service for portal kubeconfig cluster access.

    • pkg/swagger: Swagger specification generation code.

    • pkg/util: Utility libraries.

  • python: Autogenerated ARO service Python client and az aro client extension.

  • swagger: Autogenerated ARO service Swagger specification.

  • test: End-to-end tests.

  • vendor: Vendored Go libraries.

Basic architecture

  • pkg/frontend is intended to become a spec-compliant RP web server. It is backed by CosmosDB. Incoming PUT/DELETE requests are written to the database with an non-terminal (Updating/Deleting) provisioningState.

  • pkg/backend reads documents with non-terminal provisioningStates, asynchronously updates them and finally updates document with a terminal provisioningState (Succeeded/Failed). The backend updates the document with a heartbeat - if this fails, the document will be picked up by a different worker.

  • As CosmosDB does not support document patch, care is taken to correctly pass through any fields in the internal model which the reader is unaware of (see github.com/ugorji/go/codec.MissingFielder). This is intended to help in upgrade cases and (in the future) with multiple microservices reading from the database in parallel.

  • Care is taken to correctly use optimistic concurrency to avoid document corruption through concurrent writes (see RetryOnPreconditionFailed).

  • The pkg/api architecture differs somewhat from github.com/openshift/openshift-azure: the intention is to fix the broken merge semantics and try pushing validation into the versioned APIs to improve error reporting.

  • Everything is intended to be crash/restart/upgrade-safe, horizontally scaleable, upgradeable...