Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Azure Sandbox #60

Open
wants to merge 27 commits into
base: main
Choose a base branch
from
Open

Azure Sandbox #60

wants to merge 27 commits into from

Conversation

makirill
Copy link

TBD

@makirill makirill requested a review from fridim May 13, 2024 21:54
makirill and others added 22 commits July 24, 2024 09:20
@makirill
Adding pool management
8833906
@makirill
Merge branch 'main' into feature/azure-provider
0b7463c
@makirill
Adding placeholder for azure provider
d7d98f1
@makirill
Adding placeholder for the Azure placement creation
21c6957
@makirill
Resources clean-up
fd038b3
@makirill
Moving azure package to the new directory
2a45684
@makirill
Minor update
7ccfc3b
@makirill
Fixing some bugs with the Azure Sandbox provisioning
2f9cc66
@makirill
Some minor bugfixes
86913a3
@makirill
Creating Azure Sandbox provider as reference
1e68350
@makirill
Adding Mutex to the pool allocation
e8a5075
@makirill
Creating function to init new Azure sandbox structure
2348d33
@makirill
Minor fixes
47784ce
@makirill
Redisigned create and delete functions
1401943
@makirill
Updated Azure sandbox create and cleanup methods
6653577
@fridim @makirill
tools: Remove status check from hurl file
7852431
@fridim @makirill
Implement Quota for OcpSandbox (#79)
40ba7a2 
* Implement Quota for OcpSandbox

Following the design document and proposal, this changes implements the Quota for OcpSandbox.

OcpSharedClusterConfiguration is updated with the new fields:

```go
// For any new project (openshift namespace) created by the sandbox API
// for an OcpSandbox, a default ResourceQuota will be set.
// This quota is designed to be large enough to accommodate general needs.
// Additionally, content developers can specify custom quotas in agnosticV
// based on the requirements of specific Labs/Demos.
DefaultSandboxQuota *v1.ResourceQuota `json:"default_sandbox_quota"`

// StrictDefaultSandboxQuota is a flag to determine if the default sandbox quota
// should be strictly enforced. If set to true, the default sandbox quota will be
// enforced as a hard limit. Requested quota not be allowed to exceed the default.
// If set to false, the default sandbox will be updated
// to the requested quota.
StrictDefaultSandboxQuota bool `json:"strict_default_sandbox_quota"`

// QuotaRequired is a flag to determine if a quota is required in any request
// for an OcpSandbox.
// If set to true, a quota must be provided in the request.
// If set to false, a quota will be created based on the default sandbox quota.
// By default it's false.
QuotaRequired bool `json:"quota_required"`
```

In a nutshell:
* Add and update handlers
* Update openapi spec swagger file
* New DB migration
* Add unit tests for the (tricky) function that derives the quota from the default quota
* Add functional tests for the new feature(s)
* In Release() of the OcpSandbox, remove the part that tries to delete
  the service account. That is useless and can be removed. The service
  account is automatically deleted when the namespace is deleted.

Makefile:
- move CGO_ENABLED to the top of file (DRY)
- simplify running the test by creating a new target `make tokens`

* Add bool SkipQuota to OcpSharedClusterConf

SkipQuota disables quota creation entirely. That will be useful to push the new code to production without any change to current behavior. This way we can set this value on all existing clusters to false as a first step, and enable it as we go. Later we can turn this feature on by default.

* Add test to update quota of a shared cluster
@agonzalezrh @fridim @makirill
Add condition for virt and add rolebinding for hcp (#78)
ea2d3af 
* Add condition for virt and add rolebinding for hcp

* Add test + fix "boolean" strings

---------

Co-authored-by: Guillaume Coré <gucore@redhat.com>
@fridim @makirill
Apply gofmt
b5bdbfb
@fridim @makirill
Add hurl file to update shared cluster
fbdbc75
@fridim @makirill
OcpSandbox: Implement limit range (#81)
56a83bd 
* OcpSandbox: Implement limit range

On 4.14 we hit this bug kubevirt/containerized-data-importer#3157
the container to copy disks, doesn't set the requests/limits
https://kubernetes.io/docs/tasks/administer-cluster/manage-resources/cpu-default-namespace/

Implement Limit range in the OcpSharedClusterConfiguration.
Add a sensible default and the ability to update it.

```
[ec2-user@bastion ~]$ oc describe limitrange
Name:       sandbox-limit-range
Namespace:  sandbox-testg-16e9ff07-4e60-49f5-968b-c3df4a2292b5
Type        Resource  Min  Max  Default Request  Default Limit  Max Limit/Request Ratio
----        --------  ---  ---  ---------------  -------------  -----------------------
Container   cpu       -    -    500m             1              -
Container   memory    -    -    1Gi              2Gi            -
```

* Add the ability for the limitrange in request

* Simplify limit range
@agonzalezrh @makirill
Add secret to generate a token (#82)
81092d8 
* Add secret to generate a token

* Add secret to generate a token
@makirill makirill marked this pull request as ready for review September 26, 2024 14:44
@makirill makirill changed the title WIP: Azure Sandbox Azure Sandbox Sep 26, 2024
fridim
fridim requested changes Oct 23, 2024
View reviewed changes
Copy link
Contributor

@fridim fridim left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added a test to ensure credentials are present.

The test doesn't pass

That is the result

{
  "id": 24,
  "created_at": "2024-10-23T09:47:11.999848+02:00",
  "updated_at": "2024-10-23T09:47:38.520077+02:00",
  "service_uuid": "64005bd8-6c97-457c-be5c-e102f767007f",
  "status": "success",
  "to_cleanup": false,
  "annotations": {
    "guid": "st6zn"
  },
  "request": {
    "annotations": {
      "guid": "st6zn"
    },
    "resources": [
      {
        "annotations": {
          "cost_center": "...EDITED...",
          "domain": "...EDITED...",
          "purpose": "backend",
          "requester": "...EDITED...@redhat.com"
        },
        "count": 1,
        "kind": "AzureSandbox",
        "quota": {}
      }
    ],
    "service_uuid": "64005bd8-6c97-457c-be5c-e102f767007f"
  }
}

credentials are missing and there is an empty quota. I don't think that is intended

internal/api/azure/sandbox.go

const (
sandboxRoleName = "Custom-Owner (Block Billing and Subscription deletion)"
rgNamePrefix = "openenv-"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

openenv is a loaded term.
openenv usually means we charge back.
Here i think it's more generic as in "sandbox" that can either be charged back or not.
So for the prefix i would use sandbox-, wdyt?

internal/api/azure/service_principalp.go
@@ -0,0 +1,75 @@
package azure
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there is a typo in the filename service_principalp.go should be service_principal.go right?

tests/003-azure.hurl Outdated
jsonpath "$.Placement.service_uuid" == "{{uuid}}"
jsonpath "$.Placement.resources" count == 1
jsonpath "$.Placement.resources[0].annotations.guid" == "st6zn"
jsonpath "$.Placement.resources[0].annotations.purpose" == "backend"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need more tests like

  • get a placement, ensure the azure credentials are set

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fridim fridim fridim requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@makirill @fridim @agonzalezrh