change detection

Signed-off-by: Gerd Oberlechner <[email protected]>
Azure · Nov 2, 2024 · 58a3809 · 58a3809
1 parent e86e9c0
commit 58a3809
Show file tree

Hide file tree

Showing 6 changed files with 327 additions and 35 deletions.
diff --git a/.github/workflows/config-change-detection.yml b/.github/workflows/config-change-detection.yml
@@ -0,0 +1,27 @@
+---
+name: Config Change Detection
+
+on:
+  pull_request:
+    branches:
+    - main
+    paths:
+    - 'config/*'
+    - .github/workflows/config-change-detection.yml
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    name: change-detection
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 1
+      - name: 'Fail if there is uncommited change'
+        run: |
+            cd config/
+            make detect-change
diff --git a/config/Makefile b/config/Makefile
@@ -0,0 +1,19 @@
+materialize:
+	@../templatize.sh dev > public-cloud-dev.json
+	@../templatize.sh cs-pr > public-cloud-cs-pr.json
+	@USER=tst ../templatize.sh personal-dev > public-cloud-personal-dev.json
+.PHONY: materialize
+
+detect-change: materialize
+	@diff_output=$$(git diff -- './*.json'); \
+	if [ -n "$$diff_output" ]; then \
+		echo "Please review the diffs below:\n\n"; \
+		echo "$$diff_output"; \
+		echo "\n\n===================================================="; \
+		echo "\n\nOnce you reviewed the changes and consider them meaningful, commit them."; \
+		echo "\n\n===================================================="; \
+		exit 1; \
+	else \
+		echo "No changes detected in the configuration files."; \
+	fi
+.PHONY: detect-change
diff --git a/config/public-cloud-cs-pr.json b/config/public-cloud-cs-pr.json
@@ -0,0 +1,77 @@
+{
+  "acrName": "arohcpdev",
+  "aksName": "aro-hcp-aks",
+  "aroDevopsMsiId": "/subscriptions/1d3378d3-5a3f-4712-85a1-2485495dfc4b/resourceGroups/global/providers/Microsoft.ManagedIdentity/userAssignedIdentities/aro-hcp-devops",
+  "baseDnsZoneName": "hcp.osadev.cloud",
+  "baseDnsZoneRG": "global",
+  "clusterServiceAcrRG": "global",
+  "clusterServiceImageRepo": "app-sre/uhc-clusters-service",
+  "clusterServiceImageTag": "4f12dd5",
+  "clusterServicePostgresDeploy": true,
+  "clusterServicePostgresName": "cs-9c782",
+  "clusterServicePostgresPrivate": false,
+  "externalDNSImageTag": "v0.14.2",
+  "firstPartyAppClientId": "57e54810-3138-4f38-bd3b-29cb33f4c358",
+  "frontendCosmosDBDeploy": true,
+  "frontendCosmosDBDisableLocalAuth": true,
+  "frontendCosmosDBName": "aro-hcp-rp-9c782",
+  "globalRG": "global",
+  "grafanaAdminGroupPrincipalId": "6b6d3adf-8476-4727-9812-20ffdef2b85c",
+  "grafanaName": "aro-hcp-grafana-9c782",
+  "hypershiftOperatorImageTag": "99a256f",
+  "imageSyncAcrRG": "global",
+  "imageSyncEnvironmentName": "aro-hcp-image-sync",
+  "imageSyncImageRepo": "image-sync/component-sync",
+  "imageSyncImageTag": "latest",
+  "imageSyncRG": "hcp-underlay-westus3-imagesync-dev",
+  "imageSyncRepositories": "registry.k8s.io/external-dns/external-dns,quay.io/acm-d/rhtap-hypershift-operator,quay.io/app-sre/uhc-clusters-service",
+  "istioVersion": "['asm-1-22']",
+  "kubernetesVersion": "1.30.5",
+  "maestroCertDomain": "selfsigned.maestro.keyvault.azure.com",
+  "maestroConsumerName": "hcp-underlay-westus3-cs-pr-mgmt-1",
+  "maestroEventGridMaxClientSessionsPerAuthName": "4",
+  "maestroEventgridName": "maestro-9c782",
+  "maestroImageBase": "quay.io/redhat-user-workloads/maestro-rhtap-tenant/maestro/maestro",
+  "maestroImageTag": "ea066c250a002f0cc458711945165591bc9f6d3f",
+  "maestroKeyVaultName": "maestro-9c782",
+  "maestroPostgresDeploy": false,
+  "maestroPostgresName": "maestro-9c782",
+  "maestroPostgresPrivate": false,
+  "maestroPostgresServerStorageSizeGB": "32",
+  "maestroPostgresServerVersion": "15",
+  "maestroRestrictIstioIngress": false,
+  "managementClusterRG": "hcp-underlay-westus3-cs-pr-mgmt-1",
+  "mgmtEtcdKVName": "aro-hcp-etcd-1abb8",
+  "mgmtEtcdKVSoftDelete": false,
+  "mgmtSystemAgentPoolMaxCount": 4,
+  "mgmtSystemAgentPoolMinCount": 1,
+  "mgmtSystemAgentPoolOsDiskSizeGB": 32,
+  "mgmtSystemAgentPoolVmSize": "Standard_D2s_v3",
+  "mgmtUserAgentPoolAzCount": 3,
+  "mgmtUserAgentPoolMaxCount": 12,
+  "mgmtUserAgentPoolMinCount": 2,
+  "mgmtUserAgentPoolOsDiskSizeGB": 100,
+  "mgmtUserAgentPoolVmSize": "Standard_D4s_v3",
+  "monitoringMsiName": "aro-hcp-metrics-msi-9c782",
+  "monitoringWorkspaceName": "aro-hcp-monitor-9c782",
+  "ocMirrorImageRepo": "image-sync/oc-mirror",
+  "ocMirrorImageTag": "7abc8af",
+  "ocpAcrName": "arohcpocpdev",
+  "oidcStorageAccountName": "arohcpoidc9c782",
+  "podSubnetPrefix": "10.128.64.0/18",
+  "region": "westus3",
+  "regionRG": "hcp-underlay-westus3-cs-pr",
+  "regionalDNSSubdomain": "westus3-cs",
+  "serviceClusterRG": "hcp-underlay-westus3-cs-pr-svc",
+  "serviceComponentAcrResourceGroups": "global",
+  "serviceKeyVaultName": "aro-hcp-dev-svc-kv",
+  "serviceKeyVaultPrivate": false,
+  "serviceKeyVaultRG": "global",
+  "serviceKeyVaultRegion": "westus3",
+  "serviceKeyVaultSoftDelete": true,
+  "subnetPrefix": "10.128.8.0/21",
+  "svcAcrName": "arohcpsvcdev",
+  "svcEtcdKVName": "aro-hcp-etcd-9c782",
+  "svcEtcdKVSoftDelete": false,
+  "vnetAddressPrefix": "10.128.0.0/14"
+}
diff --git a/config/public-cloud-dev.json b/config/public-cloud-dev.json
@@ -0,0 +1,77 @@
+{
+  "acrName": "arohcpdev",
+  "aksName": "aro-hcp-aks",
+  "aroDevopsMsiId": "/subscriptions/1d3378d3-5a3f-4712-85a1-2485495dfc4b/resourceGroups/global/providers/Microsoft.ManagedIdentity/userAssignedIdentities/aro-hcp-devops",
+  "baseDnsZoneName": "hcp.osadev.cloud",
+  "baseDnsZoneRG": "global",
+  "clusterServiceAcrRG": "global",
+  "clusterServiceImageRepo": "app-sre/uhc-clusters-service",
+  "clusterServiceImageTag": "4f12dd5",
+  "clusterServicePostgresDeploy": true,
+  "clusterServicePostgresName": "cs-157ff",
+  "clusterServicePostgresPrivate": false,
+  "externalDNSImageTag": "v0.14.2",
+  "firstPartyAppClientId": "57e54810-3138-4f38-bd3b-29cb33f4c358",
+  "frontendCosmosDBDeploy": true,
+  "frontendCosmosDBDisableLocalAuth": true,
+  "frontendCosmosDBName": "aro-hcp-rp-157ff",
+  "globalRG": "global",
+  "grafanaAdminGroupPrincipalId": "6b6d3adf-8476-4727-9812-20ffdef2b85c",
+  "grafanaName": "aro-hcp-grafana-157ff",
+  "hypershiftOperatorImageTag": "99a256f",
+  "imageSyncAcrRG": "global",
+  "imageSyncEnvironmentName": "aro-hcp-image-sync",
+  "imageSyncImageRepo": "image-sync/component-sync",
+  "imageSyncImageTag": "latest",
+  "imageSyncRG": "hcp-underlay-westus3-imagesync-dev",
+  "imageSyncRepositories": "registry.k8s.io/external-dns/external-dns,quay.io/acm-d/rhtap-hypershift-operator,quay.io/app-sre/uhc-clusters-service",
+  "istioVersion": "['asm-1-22']",
+  "kubernetesVersion": "1.30.5",
+  "maestroCertDomain": "selfsigned.maestro.keyvault.azure.com",
+  "maestroConsumerName": "hcp-underlay-westus3-dev-mgmt-1",
+  "maestroEventGridMaxClientSessionsPerAuthName": "4",
+  "maestroEventgridName": "maestro-157ff",
+  "maestroImageBase": "quay.io/redhat-user-workloads/maestro-rhtap-tenant/maestro/maestro",
+  "maestroImageTag": "ea066c250a002f0cc458711945165591bc9f6d3f",
+  "maestroKeyVaultName": "maestro-157ff",
+  "maestroPostgresDeploy": false,
+  "maestroPostgresName": "maestro-157ff",
+  "maestroPostgresPrivate": false,
+  "maestroPostgresServerStorageSizeGB": "32",
+  "maestroPostgresServerVersion": "15",
+  "maestroRestrictIstioIngress": true,
+  "managementClusterRG": "hcp-underlay-westus3-dev-mgmt-1",
+  "mgmtEtcdKVName": "aro-hcp-etcd-08101",
+  "mgmtEtcdKVSoftDelete": false,
+  "mgmtSystemAgentPoolMaxCount": 4,
+  "mgmtSystemAgentPoolMinCount": 1,
+  "mgmtSystemAgentPoolOsDiskSizeGB": 32,
+  "mgmtSystemAgentPoolVmSize": "Standard_D2s_v3",
+  "mgmtUserAgentPoolAzCount": 3,
+  "mgmtUserAgentPoolMaxCount": 12,
+  "mgmtUserAgentPoolMinCount": 2,
+  "mgmtUserAgentPoolOsDiskSizeGB": 100,
+  "mgmtUserAgentPoolVmSize": "Standard_D4s_v3",
+  "monitoringMsiName": "aro-hcp-metrics-msi-157ff",
+  "monitoringWorkspaceName": "aro-hcp-monitor-157ff",
+  "ocMirrorImageRepo": "image-sync/oc-mirror",
+  "ocMirrorImageTag": "7abc8af",
+  "ocpAcrName": "arohcpocpdev",
+  "oidcStorageAccountName": "arohcpoidc157ff",
+  "podSubnetPrefix": "10.128.64.0/18",
+  "region": "westus3",
+  "regionRG": "hcp-underlay-westus3-dev",
+  "regionalDNSSubdomain": "westus3",
+  "serviceClusterRG": "hcp-underlay-westus3-dev-svc",
+  "serviceComponentAcrResourceGroups": "global",
+  "serviceKeyVaultName": "aro-hcp-dev-svc-kv",
+  "serviceKeyVaultPrivate": false,
+  "serviceKeyVaultRG": "global",
+  "serviceKeyVaultRegion": "westus3",
+  "serviceKeyVaultSoftDelete": true,
+  "subnetPrefix": "10.128.8.0/21",
+  "svcAcrName": "arohcpsvcdev",
+  "svcEtcdKVName": "aro-hcp-etcd-157ff",
+  "svcEtcdKVSoftDelete": false,
+  "vnetAddressPrefix": "10.128.0.0/14"
+}
diff --git a/config/public-cloud-personal-dev.json b/config/public-cloud-personal-dev.json
@@ -0,0 +1,77 @@
+{
+  "acrName": "arohcpdev",
+  "aksName": "aro-hcp-aks",
+  "aroDevopsMsiId": "/subscriptions/1d3378d3-5a3f-4712-85a1-2485495dfc4b/resourceGroups/global/providers/Microsoft.ManagedIdentity/userAssignedIdentities/aro-hcp-devops",
+  "baseDnsZoneName": "hcp.osadev.cloud",
+  "baseDnsZoneRG": "global",
+  "clusterServiceAcrRG": "global",
+  "clusterServiceImageRepo": "app-sre/uhc-clusters-service",
+  "clusterServiceImageTag": "4f12dd5",
+  "clusterServicePostgresDeploy": false,
+  "clusterServicePostgresName": "cs-76fc6",
+  "clusterServicePostgresPrivate": false,
+  "externalDNSImageTag": "v0.14.2",
+  "firstPartyAppClientId": "57e54810-3138-4f38-bd3b-29cb33f4c358",
+  "frontendCosmosDBDeploy": true,
+  "frontendCosmosDBDisableLocalAuth": true,
+  "frontendCosmosDBName": "aro-hcp-rp-76fc6",
+  "globalRG": "global",
+  "grafanaAdminGroupPrincipalId": "6b6d3adf-8476-4727-9812-20ffdef2b85c",
+  "grafanaName": "aro-hcp-grafana-76fc6",
+  "hypershiftOperatorImageTag": "99a256f",
+  "imageSyncAcrRG": "global",
+  "imageSyncEnvironmentName": "aro-hcp-image-sync",
+  "imageSyncImageRepo": "image-sync/component-sync",
+  "imageSyncImageTag": "latest",
+  "imageSyncRG": "hcp-underlay-westus3-imagesync-dev",
+  "imageSyncRepositories": "registry.k8s.io/external-dns/external-dns,quay.io/acm-d/rhtap-hypershift-operator,quay.io/app-sre/uhc-clusters-service",
+  "istioVersion": "['asm-1-22']",
+  "kubernetesVersion": "1.30.5",
+  "maestroCertDomain": "selfsigned.maestro.keyvault.azure.com",
+  "maestroConsumerName": "hcp-underlay-westus3-tst-mgmt-1",
+  "maestroEventGridMaxClientSessionsPerAuthName": "4",
+  "maestroEventgridName": "maestro-76fc6",
+  "maestroImageBase": "quay.io/redhat-user-workloads/maestro-rhtap-tenant/maestro/maestro",
+  "maestroImageTag": "ea066c250a002f0cc458711945165591bc9f6d3f",
+  "maestroKeyVaultName": "maestro-76fc6",
+  "maestroPostgresDeploy": false,
+  "maestroPostgresName": "maestro-76fc6",
+  "maestroPostgresPrivate": false,
+  "maestroPostgresServerStorageSizeGB": "32",
+  "maestroPostgresServerVersion": "15",
+  "maestroRestrictIstioIngress": true,
+  "managementClusterRG": "hcp-underlay-westus3-tst-mgmt-1",
+  "mgmtEtcdKVName": "aro-hcp-etcd-85fcc",
+  "mgmtEtcdKVSoftDelete": false,
+  "mgmtSystemAgentPoolMaxCount": 4,
+  "mgmtSystemAgentPoolMinCount": 1,
+  "mgmtSystemAgentPoolOsDiskSizeGB": 32,
+  "mgmtSystemAgentPoolVmSize": "Standard_D2s_v3",
+  "mgmtUserAgentPoolAzCount": 3,
+  "mgmtUserAgentPoolMaxCount": 6,
+  "mgmtUserAgentPoolMinCount": 1,
+  "mgmtUserAgentPoolOsDiskSizeGB": 100,
+  "mgmtUserAgentPoolVmSize": "Standard_D4s_v3",
+  "monitoringMsiName": "aro-hcp-metrics-msi-76fc6",
+  "monitoringWorkspaceName": "aro-hcp-monitor-76fc6",
+  "ocMirrorImageRepo": "image-sync/oc-mirror",
+  "ocMirrorImageTag": "7abc8af",
+  "ocpAcrName": "arohcpocpdev",
+  "oidcStorageAccountName": "arohcpoidc76fc6",
+  "podSubnetPrefix": "10.128.64.0/18",
+  "region": "westus3",
+  "regionRG": "hcp-underlay-westus3-tst",
+  "regionalDNSSubdomain": "westus3-76fc6",
+  "serviceClusterRG": "hcp-underlay-westus3-tst-svc",
+  "serviceComponentAcrResourceGroups": "global",
+  "serviceKeyVaultName": "aro-hcp-dev-svc-kv",
+  "serviceKeyVaultPrivate": false,
+  "serviceKeyVaultRG": "global",
+  "serviceKeyVaultRegion": "westus3",
+  "serviceKeyVaultSoftDelete": true,
+  "subnetPrefix": "10.128.8.0/21",
+  "svcAcrName": "arohcpsvcdev",
+  "svcEtcdKVName": "aro-hcp-etcd-76fc6",
+  "svcEtcdKVSoftDelete": false,
+  "vnetAddressPrefix": "10.128.0.0/14"
+}
diff --git a/dev-infrastructure/docs/development-setup.md b/dev-infrastructure/docs/development-setup.md
@@ -107,40 +107,6 @@ az role assignment create --role "Key Vault Secrets User" --assignee $(az ad sig
 
 Note: you only need to run this once. Re-runing it wont hurt, but it will not change anything.
 
-### Create infrastructure the easy way
-
-> A word of caution upfront: dev infrastructure is usually automatically deleted after 48h. If you want to keep your infrastructure indefinitely, run all the following commands with an env variable `PERSIST=true`
-
-To create the service cluster, management cluster and supporting infrastructure run the following command from the root of this repository.
-
-  ```bash
-  SKIP_CONFIRM=1 make infra.all
-  ```
-
-Running this the first time takes around 60 minutes. Afterwards you can access your clusters with
-
-  ```bash
-  export KUBECONFIG=$(make infra.svc.aks.kubeconfigfile)
-  export KUBECONFIG=$(make infra.mgmt.aks.kubeconfigfile)
-  ```
-
-If you only need a management cluster or service cluster for development work, consider using one of the following commands. They take less time and the resulting infrastructure costs less money
-
-  ```bash
-  SKIP_CONFIRM=1 make infra.svc
-  or
-  SKIP_CONFIRM=1 make infra.mgmt
-  ```
-
-### Updating infrastructure
-
-To update already existing infrastructure you can run `make infra.all` again. You can also use more fine grained make tasks that finish quicker, e.g.
-
-  ```bash
-  make infra.svc
-  make infra.mgmt
-  ```
-
 ### Customizing infra deployment
 
 The basic configuration for infrastructure deployment can be found in the `config/config.yaml` file. It holds configuration key/value pairs that can be used in bicep parameter template files (`*.tmpl.bicepparam`) and Makefile config template file (`config.tmpl.mk`).
@@ -183,7 +149,7 @@ clouds:
 
 The base configuration for all Red Hat Azure Subscription based deployments can be found under `clouds.public.defaults`. This configures the shared infrastructure and component versions to be used in general.
 
-The deployment environment used for personal developer infrastructure is found under `.clouds.public.environments.personal-dev`. It inherits the lgobal configuration from `defaults` and the cloud specific ones under `clouds.public.defaults`.
+The deployment environment used for personal developer infrastructure is found under `.clouds.public.environments.personal-dev`. It inherits the global configuration from `defaults` and the cloud specific ones under `clouds.public.defaults`.
 
 You can inspect the final results of configuration value overrides by running
 
@@ -193,6 +159,55 @@ You can inspect the final results of configuration value overrides by running
   ./templatize.sh personal-dev | jq
   ```
 
+If you introduce change to `config.yaml`, run the following command and review the change to the json files in the `config` directory. Make sure all changes are expected and only then commit them to be part of of your next PR (otherwise the PR check will fail):
+
+   ```bash
+   cd config
+   make detect-change
+   ```
+
+### Before creating infrastructure
+
+> A word of caution upfront: dev infrastructure is usually automatically deleted after 48h. If you want to keep your infrastructure indefinitely, run all the following commands with an env variable `PERSIST=true`.
+
+All the following make commands will asume that you want to deploy a `personal-dev` environment in the public cloud section. If you want to deploy/update/interact with other deployment environments, define an environment variable `DEPLOY_ENV=the-env-name`.
+
+* if you want to interact with the integrated DEV environment use `DEPLOY_ENV=dev make ...`
+* if you want to interact with the CS PR check environment use `DEPLOY_ENV=cs-pr make ...`
+* if you want to interact with the personal DEV environment of a collague use `USER=other-user DEPLOY_ENV=personal-dev make ...`
+
+### Create infrastructure the easy way
+
+To create the service cluster, management cluster and supporting infrastructure run the following command from the root of this repository.
+
+  ```bash
+  SKIP_CONFIRM=1 make infra.all
+  ```
+
+Running this the first time takes around 60 minutes. Afterwards you can access your clusters with
+
+  ```bash
+  export KUBECONFIG=$(make infra.svc.aks.kubeconfigfile)
+  export KUBECONFIG=$(make infra.mgmt.aks.kubeconfigfile)
+  ```
+
+If you only need a management cluster or service cluster for development work, consider using one of the following commands. They take less time and the resulting infrastructure costs less money
+
+  ```bash
+  SKIP_CONFIRM=1 make infra.svc
+  or
+  SKIP_CONFIRM=1 make infra.mgmt
+  ```
+
+### Updating infrastructure
+
+To update already existing infrastructure you can run `make infra.all` again. You can also use more fine grained make tasks that finish quicker, e.g.
+
+  ```bash
+  make infra.svc
+  make infra.mgmt
+  ```
+
 ### Access AKS clusters
 
 Running `make infra.all` will provide you with cluster admin on your clusters and kubeconfig files being created under `~/.kube`. The kubeconfigs are named after the resource group name that holds the cluster. The term `svc` and `mgmt` used in these filesnames indicate what cluster they are for.