refactor configuration

Azure · Nov 11, 2024 · 65a6359 · 65a6359
1 parent 29e7554
commit 65a6359
Show file tree

Hide file tree

Showing 22 changed files with 572 additions and 390 deletions.
diff --git a/backend/config.tmpl.mk b/backend/config.tmpl.mk
@@ -1,5 +1,5 @@
 ARO_HCP_IMAGE_ACR ?= {{ .svcAcrName }}
 LOCATION ?= {{ .region }}
-RESOURCEGROUP ?= {{ .serviceClusterRG }}
+RESOURCEGROUP ?= {{ .svc.rg }}
 AKS_NAME ?= {{ .aksName }}
-DB_NAME ?= {{ .frontendCosmosDBName }}
+DB_NAME ?= {{ .frontend.cosmosDB.name }}
diff --git a/cluster-service/config.tmpl.mk b/cluster-service/config.tmpl.mk
@@ -1,21 +1,21 @@
 REGION ?= {{ .region }}
-CONSUMER_NAME ?= {{ .maestroConsumerName }}
-RESOURCEGROUP ?= {{ .serviceClusterRG }}
+CONSUMER_NAME ?= {{ .maestro.consumerName }}
+RESOURCEGROUP ?= {{ .svc.rg }}
 REGIONAL_RESOURCEGROUP ?= {{ .regionRG }}
 AKS_NAME ?= {{ .aksName }}
-SERVICE_KV ?= {{ .serviceKeyVaultName }}
+SERVICE_KV ?= {{ .serviceKeyVault.name }}
 OIDC_STORAGE_ACCOUNT ?= {{ .oidcStorageAccountName }}
-IMAGE_REPO ?= {{ .clusterServiceImageRepo }}
-IMAGE_TAG ?= {{ .clusterServiceImageTag }}
+IMAGE_REPO ?= {{ .clusterService.imageRepo }}
+IMAGE_TAG ?= {{ .clusterService.imageTag }}
 ACR_NAME ?= {{ .svcAcrName }}
 OCP_ACR_NAME ?= {{ .ocpAcrName }}
 AZURE_FIRST_PARTY_APPLICATION_CLIENT_ID ?= {{ .firstPartyAppClientId }}
 FPA_CERT_NAME ?= firstPartyCert
 ZONE_NAME ?= {{ .regionalDNSSubdomain }}.{{ .baseDnsZoneName }}
 
-DATABASE_DISABLE_TLS ?= {{ not .clusterServicePostgresDeploy }}
-DATABASE_AUTH_METHOD ?= {{ ternary "az-entra" "postgres" .clusterServicePostgresDeploy }}
-DATABASE_SERVER_NAME ?= {{ .clusterServicePostgresName }}
-DB_SECRET_TARGET = {{ ternary "deploy-azure-db-secret" "deploy-local-db-secret" .clusterServicePostgresDeploy }}
+DATABASE_DISABLE_TLS ?= {{ not .clusterService.postgres.deploy }}
+DATABASE_AUTH_METHOD ?= {{ ternary "az-entra" "postgres" .clusterService.postgres.deploy }}
+DATABASE_SERVER_NAME ?= {{ .clusterService.postgres.name }}
+DB_SECRET_TARGET = {{ ternary "deploy-azure-db-secret" "deploy-local-db-secret" .clusterService.postgres.deploy }}
 
 DEVOPS_MSI_ID ?= {{ .aroDevopsMsiId }}
diff --git a/config/config.yaml b/config/config.yaml
@@ -3,9 +3,8 @@ defaults:
   # Resourcegroups
   globalRG: global
   regionRG: hcp-underlay-{{ .ctx.region }}-{{ .ctx.regionStamp }}
-  serviceClusterRG: hcp-underlay-{{ .ctx.region }}-{{ .ctx.regionStamp }}-svc
-  managementClusterRG: hcp-underlay-{{ .ctx.region }}-{{ .ctx.regionStamp }}-mgmt-{{ .ctx.cxStamp }}
-  imageSyncRG: hcp-underlay-{{ .ctx.region }}-{{ .ctx.regionStamp }}-imagesync
+  serviceClusterRG: REPLACED
+  managementClusterRG: REPLACED
 
   # General AKS config
   kubernetesVersion: 1.30.5
@@ -19,63 +18,82 @@ defaults:
   serviceComponentAcrResourceGroups: global
 
   # SVC cluster specifics
-  svcEtcdKVName: {{ azureKeyVaultName "aro-hcp-etcd" 5 .ctx.region .ctx.regionStamp }}
-  svcEtcdKVSoftDelete: true
+  svc:
+    rg: hcp-underlay-{{ .ctx.region }}-{{ .ctx.regionStamp }}-svc
+    etcd:
+      kvName: {{ azureKeyVaultName "aro-hcp-etcd" 5 .ctx.region .ctx.regionStamp }}
+      kvSoftDelete: true
 
   # MGMT cluster specifics
-  mgmtEtcdKVName: {{ azureKeyVaultName "aro-hcp-etcd" 5 .ctx.region .ctx.regionStamp .ctx.cxStamp }}
-  mgmtEtcdKVSoftDelete: true
+  mgmt:
+    rg: hcp-underlay-{{ .ctx.region }}-{{ .ctx.regionStamp }}-mgmt-{{ .ctx.cxStamp }}
+    etcd:
+      kvName: {{ azureKeyVaultName "aro-hcp-etcd" 5 .ctx.region .ctx.regionStamp .ctx.cxStamp }}
+      kvSoftDelete: true
 
   # Frontend
-  frontendCosmosDBDeploy: true
-  frontendCosmosDBDisableLocalAuth: true
-  frontendCosmosDBName: {{ azureCosmosDBName "aro-hcp-rp" 5 .ctx.region .ctx.regionStamp }}
+  frontend:
+    cosmosDB:
+      deploy: true
+      disableLocalAuth: true
+      dbName: {{ azureCosmosDBName "aro-hcp-rp" 5 .ctx.region .ctx.regionStamp }}
 
   # Maestro
-  maestroKeyVaultName: {{ azureKeyVaultName "maestro" 5 .ctx.region .ctx.regionStamp }}
-  maestroEventgridName: {{ azureEventGridName "maestro" 5 .ctx.region .ctx.regionStamp }}
-  maestroEventGridMaxClientSessionsPerAuthName: '4'
-  maestroCertDomain: 'selfsigned.maestro.keyvault.azure.com'
-  maestroPostgresName: {{ azurePostgresName "maestro" 5 .ctx.region .ctx.regionStamp }}
-  maestroPostgresServerVersion: '15'
-  maestroPostgresServerStorageSizeGB: '32'
-  maestroPostgresDeploy: true
-  maestroPostgresPrivate: false
-  maestroRestrictIstioIngress: true
-  maestroConsumerName: hcp-underlay-{{ .ctx.region }}-{{ .ctx.regionStamp }}-mgmt-{{ .ctx.cxStamp }}
+  maestro:
+    keyVaultName: {{ azureKeyVaultName "maestro" 5 .ctx.region .ctx.regionStamp }}
+    eventgridName: {{ azureEventGridName "maestro" 5 .ctx.region .ctx.regionStamp }}
+    eventGridMaxClientSessionsPerAuthName: '4'
+    certDomain: 'selfsigned.maestro.keyvault.azure.com'
+    postgres:
+      name: {{ azurePostgresName "maestro" 5 .ctx.region .ctx.regionStamp }}
+      serverVersion: '15'
+      serverStorageSizeGB: '32'
+      deploy: true
+      private: false
+    restrictIstioIngress: true
+    consumerName: hcp-underlay-{{ .ctx.region }}-{{ .ctx.regionStamp }}-mgmt-{{ .ctx.cxStamp }}
 
   # Cluster Service
-  clusterServicePostgresName: {{ azurePostgresName "cs" 5 .ctx.region .ctx.regionStamp }}
-  clusterServicePostgresDeploy: true
-  clusterServicePostgresPrivate: false
-  clusterServiceAcrRG: global
+  clusterService:
+    acrRG: global
+    postgres:
+      name: {{ azurePostgresName "cs" 5 .ctx.region .ctx.regionStamp }}
+      deploy: true
+      private: false
 
   # Image Sync
-  imageSyncAcrRG: global
-  imageSyncEnvironmentName: aro-hcp-image-sync
-  imageSyncRepositories: registry.k8s.io/external-dns/external-dns,quay.io/acm-d/rhtap-hypershift-operator,quay.io/app-sre/uhc-clusters-service,quay.io/package-operator/package-operator-package
-  imageSyncImageRepo: image-sync/component-sync
-  imageSyncImageTag: latest
-  ocMirrorImageRepo: image-sync/oc-mirror
-  ocMirrorImageTag: 7abc8af
+  imageSync:
+    rg: hcp-underlay-{{ .ctx.region }}-{{ .ctx.regionStamp }}-imagesync
+    acrRG: global
+    environmentName: aro-hcp-image-sync
+    repositories: registry.k8s.io/external-dns/external-dns,quay.io/acm-d/rhtap-hypershift-operator,quay.io/app-sre/uhc-clusters-service,quay.io/package-operator/package-operator-package
+    imageRepo: image-sync/component-sync
+    imageTag: latest
+  ocMirror:
+    imageRepo: image-sync/oc-mirror
+    imageTag: 7abc8af
 
   # Service KeyVault
-  serviceKeyVaultName: {{ azureKeyVaultName "aro-hcp-svc" 5 .ctx.region .ctx.regionStamp }}
-  serviceKeyVaultRG: hcp-underlay-{{ .ctx.region }}-svc-{{ .ctx.regionStamp }}
-  serviceKeyVaultRegion: {{ .ctx.region }}
-  serviceKeyVaultSoftDelete: true
-  serviceKeyVaultPrivate: true
+  serviceKeyVault:
+    name: {{ azureKeyVaultName "aro-hcp-svc" 5 .ctx.region .ctx.regionStamp }}
+    rg: hcp-underlay-{{ .ctx.region }}-svc-{{ .ctx.regionStamp }}
+    region: {{ .ctx.region }}
+    softDelete: true
+    private: true
 
   # Management Cluster KV
-  cxKeyVaultName: {{ azureKeyVaultName "aro-hcp-cx" 5 .ctx.region .ctx.regionStamp .ctx.cxStamp }}
-  cxKeyVaultSoftDelete: true
-  cxKeyVaultPrivate: true
-  msiKeyVaultName: {{ azureKeyVaultName "aro-hcp-msi" 5 .ctx.region .ctx.regionStamp .ctx.cxStamp }}
-  msiKeyVaultSoftDelete: true
-  msiKeyVaultPrivate: true
-  mgmtKeyVaultName: {{ azureKeyVaultName "aro-hcp-mgmt" 5 .ctx.region .ctx.regionStamp .ctx.cxStamp }}
-  mgmtKeyVaultSoftDelete: true
-  mgmtKeyVaultPrivate: true
+  cxKeyVault:
+    name: {{ azureKeyVaultName "aro-hcp-cx" 5 .ctx.region .ctx.regionStamp .ctx.cxStamp }}
+    softDelete: true
+    private: true
+  msiKeyVault:
+    name: {{ azureKeyVaultName "aro-hcp-msi" 5 .ctx.region .ctx.regionStamp .ctx.cxStamp }}
+    softDelete: true
+    private: true
+  mgmtKeyVault:
+    name: {{ azureKeyVaultName "aro-hcp-mgmt" 5 .ctx.region .ctx.regionStamp .ctx.cxStamp }}
+    softDelete: true
+    private: true
 
   # DNS
   baseDnsZoneRG: 'global'
@@ -86,73 +104,94 @@ clouds:
     defaults:
       # DNS
       baseDnsZoneName: 'hcp.osadev.cloud'
-      # MGMTM AKS nodepools - big enough for 2 HCPs
-      mgmtSystemAgentPoolMinCount: 1
-      mgmtSystemAgentPoolMaxCount: 4
-      mgmtSystemAgentPoolVmSize: 'Standard_D2s_v3'
-      mgmtSystemAgentPoolOsDiskSizeGB: 32
-      mgmtUserAgentPoolMinCount: 1
-      mgmtUserAgentPoolMaxCount: 6
-      mgmtUserAgentPoolVmSize: 'Standard_D4s_v3'
-      mgmtUserAgentPoolOsDiskSizeGB: 100
-      mgmtUserAgentPoolAzCount: 3
       # 1P app
       firstPartyAppClientId: 57e54810-3138-4f38-bd3b-29cb33f4c358
       # Maestro
-      maestroPostgresDeploy: false
-      maestroImageBase: quay.io/redhat-user-workloads/maestro-rhtap-tenant/maestro/maestro
-      maestroImageTag: ea066c250a002f0cc458711945165591bc9f6d3f
+      maestro:
+        postgres:
+          deploy: false
+        imageBase: quay.io/redhat-user-workloads/maestro-rhtap-tenant/maestro/maestro
+        imageTag: ea066c250a002f0cc458711945165591bc9f6d3f
       # Cluster Service
-      clusterServiceImageTag: a23276d
-      clusterServiceImageRepo: app-sre/uhc-clusters-service
+      clusterService:
+        imageTag: a23276d
+        imageRepo: app-sre/uhc-clusters-service
       # Hypershift Operator
-      hypershiftOperatorImageTag: 99a256f
-      externalDNSImageTag: v0.14.2
+      hypershiftOperator:
+        imageTag: 99a256f
+      externalDNS:
+        imageTag: v0.14.2
       # Shared SVC KV
-      serviceKeyVaultName: 'aro-hcp-dev-svc-kv'
-      serviceKeyVaultRG: 'global'
-      serviceKeyVaultRegion: 'westus3'
-      serviceKeyVaultPrivate: false
+      serviceKeyVault:
+        name: 'aro-hcp-dev-svc-kv'
+        rg: 'global'
+        region: 'westus3'
+        private: false
       # Management Cluster KVs
-      cxKeyVaultSoftDelete: false
-      cxKeyVaultPrivate: false
-      msiKeyVaultSoftDelete: false
-      msiKeyVaultPrivate: false
-      mgmtKeyVaultSoftDelete: false
-      mgmtKeyVaultPrivate: false
+      cxKeyVault:
+        softDelete: false
+        private: false
+      msiKeyVault:
+        softDelete: false
+        private: false
+      mgmtKeyVault:
+        softDelete: false
+        private: false
       # disable soft delete on etcd KVs in DEV
-      svcEtcdKVSoftDelete: false
-      mgmtEtcdKVSoftDelete: false
+      svc:
+        etcd:
+          kvSoftDelete: false
+      mgmt:
+        # MGMTM AKS nodepools - big enough for 2 HCPs
+        SystemAgentPool:
+          minCount: 1
+          maxCount: 4
+          vmSize: 'Standard_D2s_v3'
+          osDiskSizeGB: 32
+        UserAgentPool:
+          minCount: 1
+          maxCount: 6
+          vmSize: 'Standard_D4s_v3'
+          osDiskSizeGB: 100
+          azCount: 3
+        etcd:
+          kvSoftDelete: false
       # Shared ACRs
       acrName: arohcpdev
       svcAcrName: arohcpsvcdev
       ocpAcrName: arohcpocpdev
       # Shared Image Sync
-      imageSyncRG: hcp-underlay-westus3-imagesync-dev
+      imageSync:
+        rg: hcp-underlay-westus3-imagesync-dev
       # OIDC
       oidcStorageAccountName: {{ azureStorageAccountName "arohcpoidc" 5 .ctx.region .ctx.regionStamp }}
       # Metrics
-      monitoringWorkspaceName: 'aro-hcp-monitor-{{ uniqueString 5 .ctx.region .ctx.regionStamp}}'
-      grafanaName: 'aro-hcp-grafana-{{ uniqueString 5 .ctx.region .ctx.regionStamp}}'
-      monitoringMsiName: 'aro-hcp-metrics-msi-{{ uniqueString 5 .ctx.region .ctx.regionStamp }}'
-      grafanaAdminGroupPrincipalId: 6b6d3adf-8476-4727-9812-20ffdef2b85c
+      monitoring:
+        workspaceName: 'aro-hcp-monitor-{{ uniqueString 5 .ctx.region .ctx.regionStamp}}'
+        grafanaName: 'aro-hcp-grafana-{{ uniqueString 5 .ctx.region .ctx.regionStamp}}'
+        msiName: 'aro-hcp-metrics-msi-{{ uniqueString 5 .ctx.region .ctx.regionStamp }}'
+        grafanaAdminGroupPrincipalId: 6b6d3adf-8476-4727-9812-20ffdef2b85c
       # DEVOPS MSI
       aroDevopsMsiId: '/subscriptions/1d3378d3-5a3f-4712-85a1-2485495dfc4b/resourceGroups/global/providers/Microsoft.ManagedIdentity/userAssignedIdentities/aro-hcp-devops'
     environments:
       dev:
         # this is the integrated DEV environment
         defaults:
           # MGMTM AKS nodepools - big enough for multiple HCPs
-          mgmtUserAgentPoolMinCount: 2
-          mgmtUserAgentPoolMaxCount: 12
+          mgmt:
+            userAgentPool:
+              minCount: 2
+              maxCount: 12
           # DNS
           regionalDNSSubdomain: '{{ .ctx.region }}'
       cs-pr:
         # this is the cluster service PR check and full cycle test environment
         defaults:
           # MGMTM AKS nodepools - big enough for multiple HCPs
-          mgmtUserAgentPoolMinCount: 2
-          mgmtUserAgentPoolMaxCount: 12
+          mgmt:
+            userAgentPool:
+              minCount: 2
+              maxCount: 12
           # DNS
           regionalDNSSubdomain: '{{ .ctx.region }}-cs'
           # Maestro
@@ -161,6 +200,8 @@ clouds:
         # this is the personal DEV environment
         defaults:
           # Cluster Service
-          clusterServicePostgresDeploy: false
+          clusterService:
+            postgres:
+              deploy: false
           # DNS
           regionalDNSSubdomain: '{{ .ctx.region }}-{{ uniqueString 5 .ctx.region .ctx.regionStamp }}'