Skip to content

Commit

Permalink
move global infra from hcp repo (#978)
Browse files Browse the repository at this point in the history
add global infra pipeline
* parent dns zones
* MSI for pipeline runs

Signed-off-by: Gerd Oberlechner <[email protected]>
Co-authored-by: Jonathan Chang <[email protected]>
Co-authored-by: Gerd Oberlechner <[email protected]>
  • Loading branch information
3 people authored Dec 13, 2024
1 parent ea5be9f commit 70c5226
Show file tree
Hide file tree
Showing 11 changed files with 70 additions and 10 deletions.
2 changes: 2 additions & 0 deletions config/config.msft.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ defaults:
subscription: hcp-{{ .ctx.region }}
manageTokenCustomRole: false
region: uksouth
globalMSIName: "global-ev2-identity"

# General AKS config
kubernetesVersion: 1.30.6
Expand Down Expand Up @@ -180,6 +181,7 @@ clouds:
# DNS
baseDnsZoneName: aroapp-hcp.azure-test.net
regionalDNSSubdomain: '{{ .ctx.region }}'
svcParentZoneName: "aro-hcp.azure-test.net"

# ACR
svcAcrName: arohcpsvcint
Expand Down
8 changes: 8 additions & 0 deletions config/config.schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,10 @@
"baseDnsZoneName": {
"type": "string"
},
"svcParentZoneName": {
"type": "string",
"description": "The service cluster component domain name"
},
"baseDnsZoneRG": {
"type": "string"
},
Expand Down Expand Up @@ -179,6 +183,10 @@
},
"region": {
"type": "string"
},
"globalMSIName": {
"type": "string",
"description": "The name of the MSI that will be used for ev2"
}
},
"required": [
Expand Down
10 changes: 6 additions & 4 deletions config/config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,10 @@ defaults:

global:
rg: global
subscription: hcp-{{ .ctx.region }}
subscription: ARO Hosted Control Planes (EA Subscription 1)
manageTokenCustomRole: true
region: westus3
globalMSIName: "global-rollout-identity"

# General AKS config
kubernetesVersion: 1.30.6
Expand All @@ -23,7 +24,7 @@ defaults:
additionalInstallArg: '--tech-preview-no-upgrade'

svc:
subscription: hcp-{{ .ctx.region }}
subscription: ARO Hosted Control Planes (EA Subscription 1)
rg: hcp-underlay-{{ .ctx.regionShort }}-svc
etcd:
kvName: arohcp-etcd-{{ .ctx.regionShort }}
Expand All @@ -32,7 +33,7 @@ defaults:
# MGMT cluster specifics
mgmt:
clusterServiceResourceId: /subscriptions/1d3378d3-5a3f-4712-85a1-2485495dfc4b/resourcegroups/hcp-underlay-{{ .ctx.regionShort }}-svc/providers/Microsoft.ManagedIdentity/userAssignedIdentities/clusters-service
subscription: hcp-{{ .ctx.region }}
subscription: ARO Hosted Control Planes (EA Subscription 1)
rg: hcp-underlay-{{ .ctx.regionShort }}-mgmt-{{ .ctx.stamp }}
etcd:
kvName: arohcp-etcd-{{ .ctx.regionShort }}-{{ .ctx.stamp }}
Expand Down Expand Up @@ -128,6 +129,7 @@ clouds:
defaults:
# DNS
baseDnsZoneName: 'hcp.osadev.cloud'
svcParentZoneName: "hcpsvc.osadev.cloud"
# 1P app
firstPartyAppClientId: 57e54810-3138-4f38-bd3b-29cb33f4c358
# Mock Managed Identities Service Princiapl
Expand Down Expand Up @@ -291,7 +293,7 @@ clouds:
msiName: 'aro-hcp-metrics-msi-{{ .ctx.regionShort }}'
grafanaAdminGroupPrincipalId: 6b6d3adf-8476-4727-9812-20ffdef2b85c
# DEVOPS MSI
aroDevopsMsiId: '/subscriptions/1d3378d3-5a3f-4712-85a1-2485495dfc4b/resourceGroups/global/providers/Microsoft.ManagedIdentity/userAssignedIdentities/aro-hcp-devops'
aroDevopsMsiId: '/subscriptions/1d3378d3-5a3f-4712-85a1-2485495dfc4b/resourceGroups/global/providers/Microsoft.ManagedIdentity/userAssignedIdentities/global-rollout-identity'
environments:
dev:
# this is the integrated DEV environment
Expand Down
6 changes: 4 additions & 2 deletions config/public-cloud-cs-pr.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"aksName": "aro-hcp-aks",
"armHelperClientId": "2c6ca254-36bd-43c8-a7a8-fe880bc2c489",
"armHelperFPAPrincipalId": "bc17c825-6cf8-40d0-8bd6-5536a993115e",
"aroDevopsMsiId": "/subscriptions/1d3378d3-5a3f-4712-85a1-2485495dfc4b/resourceGroups/global/providers/Microsoft.ManagedIdentity/userAssignedIdentities/aro-hcp-devops",
"aroDevopsMsiId": "/subscriptions/1d3378d3-5a3f-4712-85a1-2485495dfc4b/resourceGroups/global/providers/Microsoft.ManagedIdentity/userAssignedIdentities/global-rollout-identity",
"backend": {
"imageTag": ""
},
Expand Down Expand Up @@ -40,10 +40,11 @@
"imageTag": ""
},
"global": {
"globalMSIName": "global-rollout-identity",
"manageTokenCustomRole": true,
"region": "westus3",
"rg": "global",
"subscription": "hcp-westus3"
"subscription": "ARO Hosted Control Planes (EA Subscription 1)"
},
"hypershift": {
"additionalInstallArg": "--tech-preview-no-upgrade",
Expand Down Expand Up @@ -169,5 +170,6 @@
}
},
"svcAcrName": "arohcpsvcdev",
"svcParentZoneName": "hcpsvc.osadev.cloud",
"vnetAddressPrefix": "10.128.0.0/14"
}
6 changes: 4 additions & 2 deletions config/public-cloud-dev.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"aksName": "aro-hcp-aks",
"armHelperClientId": "2c6ca254-36bd-43c8-a7a8-fe880bc2c489",
"armHelperFPAPrincipalId": "bc17c825-6cf8-40d0-8bd6-5536a993115e",
"aroDevopsMsiId": "/subscriptions/1d3378d3-5a3f-4712-85a1-2485495dfc4b/resourceGroups/global/providers/Microsoft.ManagedIdentity/userAssignedIdentities/aro-hcp-devops",
"aroDevopsMsiId": "/subscriptions/1d3378d3-5a3f-4712-85a1-2485495dfc4b/resourceGroups/global/providers/Microsoft.ManagedIdentity/userAssignedIdentities/global-rollout-identity",
"backend": {
"imageTag": ""
},
Expand Down Expand Up @@ -40,10 +40,11 @@
"imageTag": ""
},
"global": {
"globalMSIName": "global-rollout-identity",
"manageTokenCustomRole": true,
"region": "westus3",
"rg": "global",
"subscription": "hcp-westus3"
"subscription": "ARO Hosted Control Planes (EA Subscription 1)"
},
"hypershift": {
"additionalInstallArg": "--tech-preview-no-upgrade",
Expand Down Expand Up @@ -169,5 +170,6 @@
}
},
"svcAcrName": "arohcpsvcdev",
"svcParentZoneName": "hcpsvc.osadev.cloud",
"vnetAddressPrefix": "10.128.0.0/14"
}
2 changes: 2 additions & 0 deletions config/public-cloud-msft-int.json
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@
"imageTag": "0b3c08f"
},
"global": {
"globalMSIName": "global-ev2-identity",
"manageTokenCustomRole": false,
"region": "uksouth",
"rg": "global-shared-resources",
Expand Down Expand Up @@ -168,5 +169,6 @@
}
},
"svcAcrName": "arohcpsvcint",
"svcParentZoneName": "aro-hcp.azure-test.net",
"vnetAddressPrefix": "10.128.0.0/14"
}
6 changes: 4 additions & 2 deletions config/public-cloud-personal-dev.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"aksName": "aro-hcp-aks",
"armHelperClientId": "2c6ca254-36bd-43c8-a7a8-fe880bc2c489",
"armHelperFPAPrincipalId": "bc17c825-6cf8-40d0-8bd6-5536a993115e",
"aroDevopsMsiId": "/subscriptions/1d3378d3-5a3f-4712-85a1-2485495dfc4b/resourceGroups/global/providers/Microsoft.ManagedIdentity/userAssignedIdentities/aro-hcp-devops",
"aroDevopsMsiId": "/subscriptions/1d3378d3-5a3f-4712-85a1-2485495dfc4b/resourceGroups/global/providers/Microsoft.ManagedIdentity/userAssignedIdentities/global-rollout-identity",
"backend": {
"imageTag": ""
},
Expand Down Expand Up @@ -40,10 +40,11 @@
"imageTag": ""
},
"global": {
"globalMSIName": "global-rollout-identity",
"manageTokenCustomRole": true,
"region": "westus3",
"rg": "global",
"subscription": "hcp-westus3"
"subscription": "ARO Hosted Control Planes (EA Subscription 1)"
},
"hypershift": {
"additionalInstallArg": "--tech-preview-no-upgrade",
Expand Down Expand Up @@ -169,5 +170,6 @@
}
},
"svcAcrName": "arohcpsvcdev",
"svcParentZoneName": "hcpsvc.osadev.cloud",
"vnetAddressPrefix": "10.128.0.0/14"
}
1 change: 1 addition & 0 deletions dev-infrastructure/.gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -11,4 +11,5 @@ configurations/output-region.bicepparam
configurations/mock-identities.bicepparam
configurations/global-acr.bicepparam
configurations/global-roles.bicepparam
configurations/global-infra.bicepparam
config.mk
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
using '../templates/global-infra.bicep'

param globalMSIName = '{{ .global.globalMSIName }}'
param cxParentZoneName = '{{ .baseDnsZoneName }}'
param svcParentZoneName = '{{ .svcParentZoneName }}'
11 changes: 11 additions & 0 deletions dev-infrastructure/global-pipeline.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
$schema: "pipeline.schema.v1"
serviceGroup: Microsoft.Azure.ARO.HCP.Global
rolloutName: Global Resource Rollout
resourceGroups:
- name: {{ .global.rg }}
subscription: {{ .global.subscription }}
steps:
- name: global-infra
action: ARM
template: templates/global-infra.bicep
parameters: configurations/global-infra.tmpl.bicepparam
23 changes: 23 additions & 0 deletions dev-infrastructure/templates/global-infra.bicep
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
@description('The global msi name')
param globalMSIName string

@description('The cxParentZone Domain')
param cxParentZoneName string

@description('The svcParentZone Domain')
param svcParentZoneName string

resource ev2MSI 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
name: globalMSIName
location: resourceGroup().location
}

resource cxParentZone 'Microsoft.Network/dnsZones@2018-05-01' = {
name: cxParentZoneName
location: 'global'
}

resource svcParentZone 'Microsoft.Network/dnsZones@2018-05-01' = {
name: svcParentZoneName
location: 'global'
}

0 comments on commit 70c5226

Please sign in to comment.