Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ARO-4639 update the operator master deployment to support workload identity #3776

Merged
merged 3 commits into from
Sep 18, 2024
Merged

ARO-4639 update the operator master deployment to support workload identity #3776

merged 3 commits into from
Sep 18, 2024

Conversation

yithian
Copy link
Collaborator

@yithian yithian commented Aug 16, 2024

Which issue this PR addresses:

Fixes ARO-4639

What this PR does / why we need it:

This causes the spec for the operator master deployment to mount the service account token as a volume, and maps the path to the environment variable expected by Azure to support workload identities

Test plan for issue:

Unit tests confirm that the generated yaml is valid and will be applied to a test cluster to confirm that it's a valid OpenShift resource as well

Is there any documentation that needs to be updated for this PR?

No, part of larger project of adding support for MIWI

How do you know this will function as expected in production?

As with all MIWI support work, it will be extremely challenging to test until we have a way to provision a MIWI cluster. Applying the updated generated resource to a test cluster will probably be the best we can do until then

@kimorris27
Copy link
Contributor

/azp run ci, e2e

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 2 pipeline(s).

kimorris27
kimorris27 reviewed Aug 19, 2024
View reviewed changes
Copy link
Contributor

@kimorris27 kimorris27 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM as long as CI and E2E pass!

SudoBrendan
SudoBrendan requested changes Aug 19, 2024
View reviewed changes
Copy link
Collaborator

@SudoBrendan SudoBrendan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think there's a YAML syntax error on whitespace - dismiss if this is incorrect :)

pkg/operator/deploy/staticresources/master/deployment.yaml.tmpl Show resolved Hide resolved
@SudoBrendan SudoBrendan mentioned this pull request Aug 19, 2024
Merged
@yithian yithian force-pushed the yithian/ARO-4639 branch 2 times, most recently from 49501a7 to 3269780 Compare August 20, 2024 14:07
@github-actions github-actions bot added the needs-rebase branch needs a rebase label Aug 20, 2024
@github-actions GitHub Actions
Copy link

Please rebase pull request.

@github-actions github-actions bot removed the needs-rebase branch needs a rebase label Aug 20, 2024
SudoBrendan
SudoBrendan previously approved these changes Aug 20, 2024
View reviewed changes
@yithian yithian added hold Hold chainsaw Pull requests or issues owned by Team Chainsaw labels Aug 20, 2024
@yithian
Copy link
Collaborator Author

yithian commented Aug 20, 2024

Putting a hold on this until #3761 is merged, as this was rebased onto that to pull in the token file location/mountpoint

@yithian
Copy link
Collaborator Author

yithian commented Aug 27, 2024

#3761 is merged, removing my hold

@yithian yithian removed the hold Hold label Aug 27, 2024
@github-actions github-actions bot added the needs-rebase branch needs a rebase label Aug 27, 2024
@github-actions GitHub Actions
Copy link

Please rebase pull request.

@yithian
update the operator master deployment to support workload identity
1c88479 
This causes the spec for the operator master deployment to mount the
service account token as a volume, and maps the path to the environment
variable expected by Azure to support workload identities
@github-actions github-actions bot removed the needs-rebase branch needs a rebase label Aug 27, 2024
bitoku
bitoku reviewed Sep 2, 2024
View reviewed changes
pkg/operator/deploy/deploy_test.go Outdated Show resolved Hide resolved
pkg/operator/deploy/deploy.go Outdated Show resolved Hide resolved
pkg/operator/deploy/staticresources/master/deployment.yaml.tmpl Show resolved Hide resolved
cadenmarchese
cadenmarchese approved these changes Sep 17, 2024
View reviewed changes
Copy link
Collaborator

@cadenmarchese cadenmarchese left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

makes sense to me!

@kimorris27
Copy link
Contributor

/azp run ci, e2e

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 2 pipeline(s).

@cadenmarchese
Copy link
Collaborator

/azp run e2e

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

kimorris27
kimorris27 approved these changes Sep 17, 2024
View reviewed changes
Copy link
Contributor

@kimorris27 kimorris27 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The only E2E failure is a known flake.

@cadenmarchese cadenmarchese merged commit bd47ae7 into master Sep 18, 2024
23 of 24 checks passed
@yithian yithian deleted the yithian/ARO-4639 branch September 19, 2024 14:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bitoku bitoku bitoku left review comments

@rajdeepc2792 rajdeepc2792 rajdeepc2792 approved these changes

@cadenmarchese cadenmarchese cadenmarchese approved these changes

@kimorris27 kimorris27 kimorris27 approved these changes

@SudoBrendan SudoBrendan SudoBrendan left review comments

@jewzaam jewzaam Awaiting requested review from jewzaam jewzaam is a code owner

@bennerv bennerv Awaiting requested review from bennerv bennerv is a code owner

@hawkowl hawkowl Awaiting requested review from hawkowl hawkowl is a code owner

@rogbas rogbas Awaiting requested review from rogbas rogbas is a code owner

@petrkotas petrkotas Awaiting requested review from petrkotas petrkotas is a code owner

@jharrington22 jharrington22 Awaiting requested review from jharrington22 jharrington22 is a code owner

@cblecker cblecker Awaiting requested review from cblecker cblecker is a code owner

@UlrichSchlueter UlrichSchlueter Awaiting requested review from UlrichSchlueter UlrichSchlueter is a code owner

@yjst2012 yjst2012 Awaiting requested review from yjst2012 yjst2012 is a code owner

@jaitaiwan jaitaiwan Awaiting requested review from jaitaiwan jaitaiwan is a code owner

@anshulvermapatel anshulvermapatel Awaiting requested review from anshulvermapatel anshulvermapatel is a code owner

@hlipsig hlipsig Awaiting requested review from hlipsig hlipsig is a code owner

@tiguelu tiguelu Awaiting requested review from tiguelu tiguelu is a code owner

@SrinivasAtmakuri SrinivasAtmakuri Awaiting requested review from SrinivasAtmakuri SrinivasAtmakuri is a code owner

@mociarain mociarain Awaiting requested review from mociarain mociarain is a code owner

@AldoFusterTurpin AldoFusterTurpin Awaiting requested review from AldoFusterTurpin

@tsatam tsatam Awaiting requested review from tsatam tsatam is a code owner

Assignees
No one assigned
Labels
chainsaw Pull requests or issues owned by Team Chainsaw
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@yithian @kimorris27 @cadenmarchese @bitoku @rajdeepc2792 @SudoBrendan