OTA-925: clusters/hive: Grant cincinnati-ci-admins cluster-reader-extended #37544
Conversation
openshift-ci-robot
added
the
jira/valid-reference
|
@wking: This pull request references OTA-925 which is a valid jira issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@wking: no rehearsable tests are affected by this change |
openshift-ci-robot
added
the
rehearsals-ack
Hive is the host-cluster for the release-openshift-origin-installer-launch-hypershift-hosted job, using the s hypershift-hosted workflow, and accessible from Cluster Bot via 'launch 4.13.0-rc.0', etc. Folks developing an operator so it works more closely with HyperShift's HostedClusterController can open parallel pull requests and have Cluster Bot launch a HostedCluster on Hive that mixes the pulls together with: launch openshift/hypershift#nnn,openshift/cluster-version-operator#nnn By granting cluster-reader-extended to the folks in the cincinnati-ci-admins Rover group, they can then access the Hive management cluster and check on HostedClusterController state and controller logs and such. Once work on [1] has completed, this access may be revoked. An alternative we considered was having Cincinnati admins install a Cluster-Bot bot cluster to serve as a management cluster, but there are a number of steps needed to set that up [2], and it seems easier for this epic's development to temporarily extend access to Hive's existing deployment. [1]: https://issues.redhat.com/browse/OTA-924 [2]: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/clusters/cluster_mce_overview#hosting-service-cluster-configure-aws
wking
force-pushed
the
grant-cincinnati-admins-hive-read-access
branch
from
6380cf8
to
8db57dc
Compare
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: danilo-gemoli, wking The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
…enshift#37544) Hive is the host-cluster for the release-openshift-origin-installer-launch-hypershift-hosted job, using the s hypershift-hosted workflow, and accessible from Cluster Bot via 'launch 4.13.0-rc.0', etc. Folks developing an operator so it works more closely with HyperShift's HostedClusterController can open parallel pull requests and have Cluster Bot launch a HostedCluster on Hive that mixes the pulls together with: launch openshift/hypershift#nnn,openshift/cluster-version-operator#nnn By granting cluster-reader-extended to the folks in the cincinnati-ci-admins Rover group, they can then access the Hive management cluster and check on HostedClusterController state and controller logs and such. Once work on [1] has completed, this access may be revoked. An alternative we considered was having Cincinnati admins install a Cluster-Bot bot cluster to serve as a management cluster, but there are a number of steps needed to set that up [2], and it seems easier for this epic's development to temporarily extend access to Hive's existing deployment. [1]: https://issues.redhat.com/browse/OTA-924 [2]: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/clusters/cluster_mce_overview#hosting-service-cluster-configure-aws
Hive is the host-cluster for the
release-openshift-origin-installer-launch-hypershift-hostedjob, using thehypershift-hostedworkflow, and accessible from Cluster Bot vialaunch 4.13.0-rc.0, etc. Folks developing an operator so it works more closely with HyperShift's HostedClusterController can open parallel pull requests and have Cluster Bot launch a HostedCluster on Hive that mixes the pulls together with:By granting cluster-reader-extended to the folks in the
cincinnati-ci-adminsRover group, they can then access the Hive management cluster and check on HostedClusterController state and controller logs and such. Once work on OTA-924 has completed, this access may be revoked.An alternative we considered was having Cincinnati admins install a Cluster-Bot bot cluster to serve as a management cluster, but there are a number of steps needed to set that up, and it seems easier for this epic's development to temporarily extend access to Hive's existing deployment.