Azure Red Hat OpenShift RP
Перейти к файлу
Sanjana Lawande 2bdff21a20 apply suggestions from code review 2024-10-15 15:18:24 -07:00
.bingo Have bingo install mockgen from the Uber fork 2024-09-26 09:00:11 -05:00
.config suppress false positives for passwords found in tests 2022-07-29 13:52:36 -05:00
.gdn Remove portal v1 (#3465) 2024-04-05 12:06:22 +11:00
.github Move linting steps to GitHub Actions (#3869) 2024-10-02 14:23:53 -04:00
.pipelines Migrate VPN and rp service to Docker Compose (#3882) 2024-10-10 13:18:26 -06:00
cmd/aro Hive version bump to resolve RHSA-2024:5535 (CVE-2023-6597) (#3893) 2024-10-09 14:56:49 -04:00
docs Fix Managed Identity Cluster creation dynamic validation flow (#3891) 2024-10-10 14:12:06 -04:00
hack Update localdev platformworkloadidentityrolesets (#3901) 2024-10-11 11:44:58 -04:00
pkg apply suggestions from code review 2024-10-15 15:18:24 -07:00
portal/v2 Bump rollup from 2.79.1 to 2.79.2 in /portal/v2 (#3868) 2024-09-30 11:07:38 -04:00
python Update CLI integration test (#3898) 2024-10-11 09:08:49 -04:00
swagger Move ARM swagger to subfolder (#3805) 2024-08-30 18:18:40 +02:00
test add a regression test param which includes tests which we don't need to run every PR, but are still useful to run on master 2024-10-01 14:59:06 +10:00
vendor Hive version bump to resolve RHSA-2024:5535 (CVE-2023-6597) (#3893) 2024-10-09 14:56:49 -04:00
.dockerignore dockerignore: remove /env* files since they're in the git repo 2023-01-13 08:35:57 -05:00
.env Implement ARO extension 2019-12-15 22:06:27 -06:00
.gitignore Refactor Hive Directory (#3765) 2024-09-11 14:31:35 +02:00
.golangci.yml Update Go to 1.21 (#3698) 2024-07-18 17:35:06 +10:00
.mega-linter.yml update the mega linter because deprecations (#2877) 2023-05-19 15:08:22 +10:00
.prettierignore Run prettier on the pipeline yaml files (#2979) 2023-08-01 21:41:31 +10:00
.prettierrc.yaml Run prettier on the pipeline yaml files (#2979) 2023-08-01 21:41:31 +10:00
.sha256sum Move ARM swagger to subfolder (#3805) 2024-08-30 18:18:40 +02:00
.yaml-lint.yml exclude autogenerated from yaml lint 2024-02-20 14:10:44 +11:00
CONTRIBUTING.md add CONTRIBUTING.md 2019-12-16 19:16:53 -06:00
Dockerfile.aro-e2e Use Go 1.21.13 instead of 1.21.11 (Uber mockgen needs >= 1.21.12) 2024-09-26 09:00:11 -05:00
Dockerfile.aro-multistage Use Go 1.21.13 instead of 1.21.11 (Uber mockgen needs >= 1.21.12) 2024-09-26 09:00:11 -05:00
Dockerfile.autorest Fix client generation (#2867) 2023-05-02 13:36:41 +10:00
Dockerfile.ci-azext-aro Minimal Python container to build `az aro` extension (#3490) 2024-06-07 16:54:46 -06:00
Dockerfile.ci-rp Use Go 1.21.13 instead of 1.21.11 (Uber mockgen needs >= 1.21.12) 2024-09-26 09:00:11 -05:00
Dockerfile.ci-rp.dockerignore Drop some unneccessary dependencies by moving to `bingo` for tooling (#3719) 2024-09-05 15:29:19 +10:00
Dockerfile.ci-tunnel Use Go 1.21.13 instead of 1.21.11 (Uber mockgen needs >= 1.21.12) 2024-09-26 09:00:11 -05:00
Dockerfile.fluentbit Add libzstd.so.1 to fluentbit container build 2023-12-01 11:13:15 -05:00
Dockerfile.gatekeeper Use Go 1.21.13 instead of 1.21.11 (Uber mockgen needs >= 1.21.12) 2024-09-26 09:00:11 -05:00
Dockerfile.portal_lint Remove all reported CVE issues with npm packages, create fallbacks for polyfills, use absolute path to eslint with formatter, upgrade all packages 2022-09-12 15:36:22 +10:00
Dockerfile.proxy Use Go 1.21.13 instead of 1.21.11 (Uber mockgen needs >= 1.21.12) 2024-09-26 09:00:11 -05:00
Dockerfile.vpn Migrate VPN and rp service to Docker Compose (#3882) 2024-10-10 13:18:26 -06:00
Dockerfile.vpn.dockerignore Migrate VPN and rp service to Docker Compose (#3882) 2024-10-10 13:18:26 -06:00
LICENSE Initial commit 2019-10-15 22:43:52 -05:00
Makefile Made codesign command part of install-tools target 2024-10-14 09:10:18 -05:00
README.md Add git hooks for branch name validation (#3479) 2024-03-25 13:48:08 -06:00
SECURITY.md add SECURITY.md 2019-12-16 19:16:53 -06:00
deps.go Replace model.go dependency with Uber fork's version 2024-09-26 09:00:11 -05:00
docker-compose.yml Selenium Service Migration to Docker Compose (#3883) 2024-10-11 11:19:00 -04:00
env-int.example Optionally Use USER Environment Variable for Azure Resources (#3681) 2024-08-07 14:57:33 +02:00
env.example Migrate VPN and rp service to Docker Compose (#3882) 2024-10-10 13:18:26 -06:00
go.mod Hive version bump to resolve RHSA-2024:5535 (CVE-2023-6597) (#3893) 2024-10-09 14:56:49 -04:00
go.sum Hive version bump to resolve RHSA-2024:5535 (CVE-2023-6597) (#3893) 2024-10-09 14:56:49 -04:00
requirements.txt bump azdev 2024-07-05 17:02:19 +01:00

README.md

Azure Red Hat OpenShift Resource Provider

Welcome!

For information relating to the generally available Azure Red Hat OpenShift v4 service, please see the following links:

Quickstarts

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.

Before you start development, please set up your local git hooks to conform to our development standards:

make init-contrib

When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repositories using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Repository map

  • .pipelines: CI workflows using Azure pipelines.

  • cmd/aro: RP entrypoint.

  • deploy: ARM templates to deploy RP in development and production.

  • docs: Documentation.

  • hack: Build scripts and utilities.

  • pkg: RP source code:

    • pkg/api: RP internal and external API definitions.

    • pkg/backend: RP backend workers.

    • pkg/bootstraplogging: Bootstrap logging configuration

    • pkg/client: Autogenerated ARO service Go client.

    • pkg/cluster: Cluster create/update/delete operations wrapper for OCP installer.

    • pkg/database: RP CosmosDB wrapper layer.

    • pkg/deploy: /deploy ARM template generation code.

    • pkg/env: RP environment-specific shims for running in production, development or test

    • pkg/frontend: RP frontend webserver.

    • pkg/metrics: Handles RP metrics via statsd.

    • pkg/mirror: OpenShift release mirror tooling.

    • pkg/monitor: Monitors running clusters.

    • pkg/operator/controllers: A list of controllers instantiated by the operator component.

      • alertwebhook: Ensures that the receiver endpoint defined in the alertmanager-main secret matches the webserver endpoint at aro-operator-master.openshift-azure-operator:8080, to avoid the AlertmanagerReceiversNotConfigured warning.

      • checker: Watches the Cluster resource for changes and updates conditions of the resource based on checks mentioned below

        • internetchecker: validate outbound internet connectivity to the nodes

        • serviceprincipalchecker: validate cluster service principal has the correct role/permissions

      • clusteroperatoraro: Ensures that the ARO cluster object is consistent and immutable

      • dnsmasq: Ensures that a dnsmasq systemd service is defined as a machineconfig for all nodes. The dnsmasq config contains records for azure load balancers such as api, api-int and *.apps domains so they will resolve even if custom DNS on the VNET is set.

      • genevalogging: Ensures all the Geneva logging resources in the openshift-azure-logging namespace matches the pre-defined specification found in pkg/operator/controllers/genevalogging/genevalogging.go.

      • imageconfig: Ensures that required registries are not blocked in image.config

      • machine: validate machine objects have the correct provider spec, vm type, vm image, disk size, three master nodes exist, and the number of worker nodes match the desired worker replicas

      • machineset: Ensures that a minimum of two worker replicas are met.

      • machinehealthcheck: Ensures the MachineHealthCheck resource is running as configured. See machinehealthcheck/doc.go

      • monitoring: Ensures that the OpenShift monitoring configuration in the openshift-monitoring namespace is consistent and immutable.

      • node: Force deletes pods when a node fails to drain for 1 hour. It should clear up any pods that refuse to be evicted on a drain due to violating a pod disruption budget.

      • pullsecret: Ensures that the ACR credentials in the openshift-config/pull-secret secret match those in the openshift/azure-operator/cluster secret.

      • rbac: Ensures that the aro-sre clusterrole and clusterrolebinding exist and are consistent.

      • routefix: Ensures all the routefix resources in the namespace openshift-azure-routefix remain on the cluster.

      • subnets: Ensures that the Network Security Groups (NSGs) are correct, and updates the Azure Machine Provider spec with subnet, vnet, and Network Resource Group.

      • workaround: Applies a set of temporary workarounds to the ARO cluster.

      • previewfeature: Allows toggling certain features that are not yet enabled by default.

    • pkg/portal: Portal for running promql queries against a cluster or requesting a kubeconfig for a cluster.

    • pkg/proxy: Proxy service for portal kubeconfig cluster access.

    • pkg/swagger: Swagger specification generation code.

    • pkg/util: Utility libraries.

  • python: Autogenerated ARO service Python client and az aro client extension.

  • swagger: Autogenerated ARO service Swagger specification.

  • test: End-to-end tests.

  • vendor: Vendored Go libraries.

Basic architecture

  • pkg/frontend is intended to become a spec-compliant RP web server. It is backed by CosmosDB. Incoming PUT/DELETE requests are written to the database with an non-terminal (Updating/Deleting) provisioningState.

  • pkg/backend reads documents with non-terminal provisioningStates, asynchronously updates them and finally updates document with a terminal provisioningState (Succeeded/Failed). The backend updates the document with a heartbeat - if this fails, the document will be picked up by a different worker.

  • As CosmosDB does not support document patch, care is taken to correctly pass through any fields in the internal model which the reader is unaware of (see github.com/ugorji/go/codec.MissingFielder). This is intended to help in upgrade cases and (in the future) with multiple microservices reading from the database in parallel.

  • Care is taken to correctly use optimistic concurrency to avoid document corruption through concurrent writes (see RetryOnPreconditionFailed).

  • The pkg/api architecture differs somewhat from github.com/openshift/openshift-azure: the intention is to fix the broken merge semantics and try pushing validation into the versioned APIs to improve error reporting.

  • Everything is intended to be crash/restart/upgrade-safe, horizontally scaleable, upgradeable...