Azure Red Hat OpenShift RP
Перейти к файлу
Amber Brown e711e610a0
Move to maintained yaml lib (#3454)
* move to maintained yaml lib

* update validate-imports

* go mod
2024-07-10 09:57:42 +10:00
.config suppress false positives for passwords found in tests 2022-07-29 13:52:36 -05:00
.gdn Remove portal v1 (#3465) 2024-04-05 12:06:22 +11:00
.github Add new NASA codeowners to ARO-RP (#3672) 2024-07-09 13:19:24 +05:30
.pipelines test 2024-06-25 15:16:25 +10:00
cmd/aro Bump Hive Image to commit b1ac27b248159f179abf8c7e03e6ada5f17e86c0 - ARO-5063 2024-07-08 13:11:43 -07:00
docs Merge pull request #3664 from Azure/s-fairchild/ARO-8852-hive-deploy-script 2024-07-08 12:15:53 +02:00
hack Move to maintained yaml lib (#3454) 2024-07-10 09:57:42 +10:00
pkg Move to maintained yaml lib (#3454) 2024-07-10 09:57:42 +10:00
portal/v2 replacing my package-lock with masters 2024-06-11 12:50:59 -07:00
python fix lint error 2024-07-05 18:32:14 +01:00
swagger `make client` 2024-06-18 11:38:56 -05:00
test Move to maintained yaml lib (#3454) 2024-07-10 09:57:42 +10:00
vendor Bump Hive Image to commit b1ac27b248159f179abf8c7e03e6ada5f17e86c0 - ARO-5063 2024-07-08 13:11:43 -07:00
.dockerignore dockerignore: remove /env* files since they're in the git repo 2023-01-13 08:35:57 -05:00
.env
.gitignore Load the app/SP from the environment instead of automatically creating it (#3498) 2024-04-08 08:06:53 +10:00
.golangci.yml removed all the references of dbtoken 2024-06-11 22:24:45 +05:30
.mega-linter.yml update the mega linter because deprecations (#2877) 2023-05-19 15:08:22 +10:00
.prettierignore Run prettier on the pipeline yaml files (#2979) 2023-08-01 21:41:31 +10:00
.prettierrc.yaml Run prettier on the pipeline yaml files (#2979) 2023-08-01 21:41:31 +10:00
.sha256sum `make client` 2024-06-18 11:38:56 -05:00
.yaml-lint.yml exclude autogenerated from yaml lint 2024-02-20 14:10:44 +11:00
CONTRIBUTING.md
Dockerfile.aro-e2e added -5 trailing for image path 2024-04-29 12:27:53 +12:00
Dockerfile.aro-multistage removed all the references of dbtoken 2024-06-11 22:24:45 +05:30
Dockerfile.autorest Fix client generation (#2867) 2023-05-02 13:36:41 +10:00
Dockerfile.ci-azext-aro Minimal Python container to build `az aro` extension (#3490) 2024-06-07 16:54:46 -06:00
Dockerfile.ci-rp added scope to be of the database rather than the whole cosmosdb account 2024-06-11 22:24:46 +05:30
Dockerfile.ci-rp.dockerignore Integrate JS asset build into Golang Dockerfile to ensure consistent builds and deployment process" (#3576) 2024-05-22 12:13:17 -06:00
Dockerfile.fluentbit Add libzstd.so.1 to fluentbit container build 2023-12-01 11:13:15 -05:00
Dockerfile.gatekeeper Merge branch 'master' into f/guardrails-3.15.1 2024-05-07 17:55:29 +12:00
Dockerfile.portal_lint Remove all reported CVE issues with npm packages, create fallbacks for polyfills, use absolute path to eslint with formatter, upgrade all packages 2022-09-12 15:36:22 +10:00
Dockerfile.proxy Merge pull request #3562 from Azure/nwnt/mariner-dev-proxy 2024-05-22 11:34:45 -07:00
LICENSE
Makefile Add new makefile targets for go mod verification 2024-06-26 15:19:38 -04:00
README.md Add git hooks for branch name validation (#3479) 2024-03-25 13:48:08 -06:00
SECURITY.md
deps.go Move CI/dev tool usage to use go run pkg@version to reduce the number of vendored dependencies (#2789) 2023-03-24 10:01:05 +11:00
env-int.example Limiting KEYVAULT_PREFIX to 20 Chars 2024-04-24 15:55:00 +05:30
env.example Change env var to skip pki unit tests (#3605) 2024-06-05 20:35:24 +02:00
go.mod Move to maintained yaml lib (#3454) 2024-07-10 09:57:42 +10:00
go.sum Bump Hive Image to commit b1ac27b248159f179abf8c7e03e6ada5f17e86c0 - ARO-5063 2024-07-08 13:11:43 -07:00
requirements.txt bump azdev 2024-07-05 17:02:19 +01:00

README.md

Azure Red Hat OpenShift Resource Provider

Welcome!

For information relating to the generally available Azure Red Hat OpenShift v4 service, please see the following links:

Quickstarts

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.

Before you start development, please set up your local git hooks to conform to our development standards:

make init-contrib

When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repositories using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Repository map

  • .pipelines: CI workflows using Azure pipelines.

  • cmd/aro: RP entrypoint.

  • deploy: ARM templates to deploy RP in development and production.

  • docs: Documentation.

  • hack: Build scripts and utilities.

  • pkg: RP source code:

    • pkg/api: RP internal and external API definitions.

    • pkg/backend: RP backend workers.

    • pkg/bootstraplogging: Bootstrap logging configuration

    • pkg/client: Autogenerated ARO service Go client.

    • pkg/cluster: Cluster create/update/delete operations wrapper for OCP installer.

    • pkg/database: RP CosmosDB wrapper layer.

    • pkg/deploy: /deploy ARM template generation code.

    • pkg/env: RP environment-specific shims for running in production, development or test

    • pkg/frontend: RP frontend webserver.

    • pkg/metrics: Handles RP metrics via statsd.

    • pkg/mirror: OpenShift release mirror tooling.

    • pkg/monitor: Monitors running clusters.

    • pkg/operator/controllers: A list of controllers instantiated by the operator component.

      • alertwebhook: Ensures that the receiver endpoint defined in the alertmanager-main secret matches the webserver endpoint at aro-operator-master.openshift-azure-operator:8080, to avoid the AlertmanagerReceiversNotConfigured warning.

      • checker: Watches the Cluster resource for changes and updates conditions of the resource based on checks mentioned below

        • internetchecker: validate outbound internet connectivity to the nodes

        • serviceprincipalchecker: validate cluster service principal has the correct role/permissions

      • clusteroperatoraro: Ensures that the ARO cluster object is consistent and immutable

      • dnsmasq: Ensures that a dnsmasq systemd service is defined as a machineconfig for all nodes. The dnsmasq config contains records for azure load balancers such as api, api-int and *.apps domains so they will resolve even if custom DNS on the VNET is set.

      • genevalogging: Ensures all the Geneva logging resources in the openshift-azure-logging namespace matches the pre-defined specification found in pkg/operator/controllers/genevalogging/genevalogging.go.

      • imageconfig: Ensures that required registries are not blocked in image.config

      • machine: validate machine objects have the correct provider spec, vm type, vm image, disk size, three master nodes exist, and the number of worker nodes match the desired worker replicas

      • machineset: Ensures that a minimum of two worker replicas are met.

      • machinehealthcheck: Ensures the MachineHealthCheck resource is running as configured. See machinehealthcheck/doc.go

      • monitoring: Ensures that the OpenShift monitoring configuration in the openshift-monitoring namespace is consistent and immutable.

      • node: Force deletes pods when a node fails to drain for 1 hour. It should clear up any pods that refuse to be evicted on a drain due to violating a pod disruption budget.

      • pullsecret: Ensures that the ACR credentials in the openshift-config/pull-secret secret match those in the openshift/azure-operator/cluster secret.

      • rbac: Ensures that the aro-sre clusterrole and clusterrolebinding exist and are consistent.

      • routefix: Ensures all the routefix resources in the namespace openshift-azure-routefix remain on the cluster.

      • subnets: Ensures that the Network Security Groups (NSGs) are correct, and updates the Azure Machine Provider spec with subnet, vnet, and Network Resource Group.

      • workaround: Applies a set of temporary workarounds to the ARO cluster.

      • previewfeature: Allows toggling certain features that are not yet enabled by default.

    • pkg/portal: Portal for running promql queries against a cluster or requesting a kubeconfig for a cluster.

    • pkg/proxy: Proxy service for portal kubeconfig cluster access.

    • pkg/swagger: Swagger specification generation code.

    • pkg/util: Utility libraries.

  • python: Autogenerated ARO service Python client and az aro client extension.

  • swagger: Autogenerated ARO service Swagger specification.

  • test: End-to-end tests.

  • vendor: Vendored Go libraries.

Basic architecture

  • pkg/frontend is intended to become a spec-compliant RP web server. It is backed by CosmosDB. Incoming PUT/DELETE requests are written to the database with an non-terminal (Updating/Deleting) provisioningState.

  • pkg/backend reads documents with non-terminal provisioningStates, asynchronously updates them and finally updates document with a terminal provisioningState (Succeeded/Failed). The backend updates the document with a heartbeat - if this fails, the document will be picked up by a different worker.

  • As CosmosDB does not support document patch, care is taken to correctly pass through any fields in the internal model which the reader is unaware of (see github.com/ugorji/go/codec.MissingFielder). This is intended to help in upgrade cases and (in the future) with multiple microservices reading from the database in parallel.

  • Care is taken to correctly use optimistic concurrency to avoid document corruption through concurrent writes (see RetryOnPreconditionFailed).

  • The pkg/api architecture differs somewhat from github.com/openshift/openshift-azure: the intention is to fix the broken merge semantics and try pushing validation into the versioned APIs to improve error reporting.

  • Everything is intended to be crash/restart/upgrade-safe, horizontally scaleable, upgradeable...