Skip to content

OCPBUGS-42004: Add capability to Add Microsoft Managed Identity Sidecar Containers to HCP Pod Deployments#4801

Closed
bryan-cox wants to merge 1 commit into
openshift:mainfrom
bryan-cox:OCPBUGS-42004
Closed

OCPBUGS-42004: Add capability to Add Microsoft Managed Identity Sidecar Containers to HCP Pod Deployments#4801
bryan-cox wants to merge 1 commit into
openshift:mainfrom
bryan-cox:OCPBUGS-42004

Conversation

@bryan-cox
Copy link
Copy Markdown
Member

@bryan-cox bryan-cox commented Sep 25, 2024
edited
Loading

What this PR does / why we need it:
Adds two functions to include the managed identity sidecar containers in a deployment. The adapter-init is added as an init container and the adapter-server is added as a sidecar container in the related pod deployment it is included in.

Follow on work to integrate these functions and implement managed identity in HCP will be done in OCPBUGS-42434.

Which issue(s) this PR fixes:
Fixes OCPBUGS-42004

Checklist

  • Subject and description added to both, commit and PR.
  • Relevant issues have been referenced.
  • This change includes docs.
  • This change includes unit tests.

@bryan-cox
Add ability to add MI sidecar containers to pods
962a060 
Adds two functions to include the managed identity sidecar containers in
 a deployment. The adapter-init is added as an init container and the
adapter-server is added as a sidecar container in the related pod
deployment it is included in.

Signed-off-by: Bryan Cox <brcox@redhat.com>
@openshift-ci-robot openshift-ci-robot added jira/severity-important Referenced Jira bug's severity is important for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. labels Sep 25, 2024
@openshift-ci-robot
Copy link
Copy Markdown

openshift-ci-robot commented Sep 25, 2024

@bryan-cox: This pull request references Jira Issue OCPBUGS-42004, which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.18.0) matches configured target version for branch (4.18.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @fxierh

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

What this PR does / why we need it:
Adds two functions to include the managed identity sidecar containers in a deployment. The adapter-init is added as an init container and the adapter-server is added as a sidecar container in the related pod deployment it is included in.

Which issue(s) this PR fixes:
Fixes OCPBUGS-42004

Checklist

  • Subject and description added to both, commit and PR.
  • Relevant issues have been referenced.
  • This change includes docs.
  • This change includes unit tests.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci Bot requested a review from fxierh September 25, 2024 14:35
@bryan-cox
Copy link
Copy Markdown
Member Author

bryan-cox commented Sep 25, 2024

/cherry-pick release-4.17

@openshift-cherrypick-robot
Copy link
Copy Markdown

openshift-cherrypick-robot commented Sep 25, 2024

@bryan-cox: once the present PR merges, I will cherry-pick it on top of release-4.17 in a new PR and assign it to you.

Details

In response to this:

/cherry-pick release-4.17

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@bryan-cox
Copy link
Copy Markdown
Member Author

bryan-cox commented Sep 25, 2024

/area hypershift-operator

@openshift-ci openshift-ci Bot added area/hypershift-operator Indicates the PR includes changes for the hypershift operator and API - outside an OCP release and removed do-not-merge/needs-area labels Sep 25, 2024
@openshift-ci openshift-ci Bot requested review from hasueki and sjenning September 25, 2024 14:37
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Sep 25, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bryan-cox

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 25, 2024
@bryan-cox bryan-cox changed the title OCPBUGS-42004: Add capability for Microsoft Managed Identity Sidecar Containers to HCP Pod Deployments OCPBUGS-42004: Add capability to Add Microsoft Managed Identity Sidecar Containers to HCP Pod Deployments Sep 25, 2024
@bryan-cox bryan-cox mentioned this pull request Sep 25, 2024
Closed
4 tasks
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Sep 25, 2024

@bryan-cox: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@bryan-cox bryan-cox mentioned this pull request Sep 27, 2024
Closed
4 tasks
jparrill
jparrill reviewed Sep 30, 2024
View reviewed changes
Comment thread support/azureutil/azureutil.go
jparrill
jparrill reviewed Sep 30, 2024
View reviewed changes
Comment thread support/azureutil/azureutil.go
Comment thread support/azureutil/azureutil.go
Patryk-Stefanski
Patryk-Stefanski reviewed Sep 30, 2024
View reviewed changes
Comment thread support/azureutil/azureutil.go
csrwng
csrwng reviewed Sep 30, 2024
View reviewed changes
Comment thread support/azureutil/azureutil.go
// GetAzureCredentialsFromSecret gets the Service Principal client ID, client secret, and tenant ID from the credentials
// secret. This function will be modified a bit once the Microsoft sidecar containers support Managed Identity are
// delivered (expected Oct 2024).
func GetAzureCredentialsFromSecret(ctx context.Context, c client.Client, namespace, credsName string) (*corev1.Secret, error) {
Copy link
Copy Markdown
Contributor

@csrwng csrwng Sep 30, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I could see this one split into 2. In general, any code that requires a client, we put in the main hcp controller. This could do the same with a *corev1.Secret as an argument.

@stevekuznetsov
Copy link
Copy Markdown
Contributor

stevekuznetsov commented Sep 30, 2024

/hold

Sorry about this - the design was not finalized. I don't have access to the OCPBUGS component so I can't see how this was communicated. In any case even if we do end up with an init/sidecar, the version of the image in there needs to be able to change without releasing a new version of HyperShift, and we need to be able to rev that without causing a thundering herd, which implies that it needs to be a field on the HostedCluster.

@openshift-ci openshift-ci Bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 30, 2024
@bryan-cox
Copy link
Copy Markdown
Member Author

bryan-cox commented Oct 1, 2024

/close

Closing this PR since Microsoft wants to move in a different direction and not use the Managed Identity Sidecar Containers

@openshift-ci openshift-ci Bot closed this Oct 1, 2024
@openshift-ci-robot
Copy link
Copy Markdown

openshift-ci-robot commented Oct 1, 2024

@bryan-cox: This pull request references Jira Issue OCPBUGS-42004. The bug has been updated to no longer refer to the pull request using the external bug tracker.

Details

In response to this:

What this PR does / why we need it:
Adds two functions to include the managed identity sidecar containers in a deployment. The adapter-init is added as an init container and the adapter-server is added as a sidecar container in the related pod deployment it is included in.

Follow on work to integrate these functions and implement managed identity in HCP will be done in OCPBUGS-42434.

Which issue(s) this PR fixes:
Fixes OCPBUGS-42004

Checklist

  • Subject and description added to both, commit and PR.
  • Relevant issues have been referenced.
  • This change includes docs.
  • This change includes unit tests.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Oct 1, 2024

@bryan-cox: Closed this PR.

Details

In response to this:

/close

Closing this PR since Microsoft wants to move in a different direction and not use the Managed Identity Sidecar Containers

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@csrwng csrwng csrwng left review comments

@fxierh fxierh Awaiting requested review from fxierh

@hasueki hasueki Awaiting requested review from hasueki

@sjenning sjenning Awaiting requested review from sjenning

+2 more reviewers

@jparrill jparrill jparrill left review comments

@Patryk-Stefanski Patryk-Stefanski Patryk-Stefanski left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. area/hypershift-operator Indicates the PR includes changes for the hypershift operator and API - outside an OCP release do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. jira/severity-important Referenced Jira bug's severity is important for the branch this PR is targeting. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@bryan-cox @openshift-ci-robot @openshift-cherrypick-robot @stevekuznetsov @jparrill @csrwng @Patryk-Stefanski