HOSTEDCP-2193: documenting --managed-identities-file flag #5199
Conversation
openshift-ci
bot
added
area/cli
Patryk-Stefanski
changed the title
openshift-ci-robot
added
the
jira/valid-reference
|
@Patryk-Stefanski: This pull request references HOSTEDCP-2193 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.19.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
Patryk-Stefanski
force-pushed
the
HOSTEDCP-2193-documentation
branch
from
1839f15 to
14424d3
Compare
|
/lgtm |
|
/hold |
openshift-ci
bot
added
the
do-not-merge/hold
|
Waiting to merge this once the old SP logic is cleaned up and the new one is fully implemented and live in our e2es |
| OUTPUT_FILE="service-principals.json" | ||
|
|
||
| cat <<EOF > SP_FILE | ||
| { |
There was a problem hiding this comment.
Should this have the control plane vs data plane distinction? Are you planning to reuse this file for workload identity for the managed identities on the data plane side?
There was a problem hiding this comment.
yep we will use one file for all the managed-identities we will have to pass in
| }, | ||
| "managedIdentitiesKeyVault": { | ||
| "name": "${KV_NAME}", | ||
| "tenantID": "$(az account show --query tenantId -o tsv)" |
There was a problem hiding this comment.
Maybe this should just be predefined above. Maybe the MI KV can be in a different tenant than the use running this.
Patryk-Stefanski
force-pushed
the
HOSTEDCP-2193-documentation
branch
from
14424d3 to
aa302b9
Compare
Patryk-Stefanski
force-pushed
the
HOSTEDCP-2193-documentation
branch
from
aa302b9 to
2c5e6d3
Compare
|
|
||
| ## Steps | ||
| Note: Steps 1-7 set up the environment so that if created in a persistent group they can be | ||
| reused for creation of clusters in the future. |
There was a problem hiding this comment.
Maybe the why should be added here, i.e. quota issues.
|
@Patryk-Stefanski: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
| @@ -4,6 +4,10 @@ set -x | |||
| # This creates an Azure HostedCluster with the VNET in its own RG and the NSG in its own NSG. | |||
| # The MANAGED_RG_NAME contains all the cloud resources created by the HC creation. | |||
|
|
|||
| # Prerequisites: | |||
| # 1. File with control plane managed identities in json format, see steps 5 & 6 in setup_dev_environment.md | |||
There was a problem hiding this comment.
nit
| # 1. File with control plane managed identities in json format, see steps 5 & 6 in setup_dev_environment.md | |
| # 1. JSON file containing control plane service principals, see steps 5 & 6 in setup_dev_environment.md |
| DNS_RECORD_NAME=<DNS_RECORD_NAME> | ||
| EXTERNAL_DNS_SP_NAME=<EXTERNAL_DNS_SP_NAME> | ||
| EXTERNAL_DNS_CREDS=<PATH_TO_FILE_WITH_DNS_CREDS> | ||
| DNS_ZONE_NAME="<DNS_RECORD_NAME>.hypershift.azure.devcluster.openshift.com" |
There was a problem hiding this comment.
Should this block and the two below be generic and not point to our actual resources?
There was a problem hiding this comment.
adding note to that these are meant for hypershift engineers and that attention should be paid when using these
| ### 5. Create Service Principals | ||
|
|
||
| ```sh | ||
| cloudProvider=$(az ad sp create-for-rbac --name "${CLOUD_PROVIDER_SP_NAME}" --create-cert --cert "${CLOUD_PROVIDER_SP_NAME}" --keyvault "${KV_NAME}" --query "{clientID: appId, certificateName: '${CLOUD_PROVIDER_SP_NAME}'}" -o json) |
There was a problem hiding this comment.
Just double checking, this automatically gets filled out correctly?
Patryk-Stefanski
force-pushed
the
HOSTEDCP-2193-documentation
branch
from
2c5e6d3 to
14c88b7
Compare
|
/hold cancel |
openshift-ci
bot
removed
the
do-not-merge/hold
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: bryan-cox, Patryk-Stefanski The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
/lgtm |
|
[ART PR BUILD NOTIFIER] Distgit: hypershift |
What this PR does / why we need it:
Which issue(s) this PR fixes (optional, use
fixes #<issue_number>(, fixes #<issue_number>, ...)format, where issue_number might be a GitHub issue, or a Jira story:Fixes #
Checklist