-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Azure Sandbox #60
base: main
Are you sure you want to change the base?
Azure Sandbox #60
Conversation
* Implement Quota for OcpSandbox Following the design document and proposal, this changes implements the Quota for OcpSandbox. OcpSharedClusterConfiguration is updated with the new fields: ```go // For any new project (openshift namespace) created by the sandbox API // for an OcpSandbox, a default ResourceQuota will be set. // This quota is designed to be large enough to accommodate general needs. // Additionally, content developers can specify custom quotas in agnosticV // based on the requirements of specific Labs/Demos. DefaultSandboxQuota *v1.ResourceQuota `json:"default_sandbox_quota"` // StrictDefaultSandboxQuota is a flag to determine if the default sandbox quota // should be strictly enforced. If set to true, the default sandbox quota will be // enforced as a hard limit. Requested quota not be allowed to exceed the default. // If set to false, the default sandbox will be updated // to the requested quota. StrictDefaultSandboxQuota bool `json:"strict_default_sandbox_quota"` // QuotaRequired is a flag to determine if a quota is required in any request // for an OcpSandbox. // If set to true, a quota must be provided in the request. // If set to false, a quota will be created based on the default sandbox quota. // By default it's false. QuotaRequired bool `json:"quota_required"` ``` In a nutshell: * Add and update handlers * Update openapi spec swagger file * New DB migration * Add unit tests for the (tricky) function that derives the quota from the default quota * Add functional tests for the new feature(s) * In Release() of the OcpSandbox, remove the part that tries to delete the service account. That is useless and can be removed. The service account is automatically deleted when the namespace is deleted. Makefile: - move CGO_ENABLED to the top of file (DRY) - simplify running the test by creating a new target `make tokens` * Add bool SkipQuota to OcpSharedClusterConf SkipQuota disables quota creation entirely. That will be useful to push the new code to production without any change to current behavior. This way we can set this value on all existing clusters to false as a first step, and enable it as we go. Later we can turn this feature on by default. * Add test to update quota of a shared cluster
* Add condition for virt and add rolebinding for hcp * Add test + fix "boolean" strings --------- Co-authored-by: Guillaume Coré <[email protected]>
* OcpSandbox: Implement limit range On 4.14 we hit this bug kubevirt/containerized-data-importer#3157 the container to copy disks, doesn't set the requests/limits https://kubernetes.io/docs/tasks/administer-cluster/manage-resources/cpu-default-namespace/ Implement Limit range in the OcpSharedClusterConfiguration. Add a sensible default and the ability to update it. ``` [ec2-user@bastion ~]$ oc describe limitrange Name: sandbox-limit-range Namespace: sandbox-testg-16e9ff07-4e60-49f5-968b-c3df4a2292b5 Type Resource Min Max Default Request Default Limit Max Limit/Request Ratio ---- -------- --- --- --------------- ------------- ----------------------- Container cpu - - 500m 1 - Container memory - - 1Gi 2Gi - ``` * Add the ability for the limitrange in request * Simplify limit range
* Add secret to generate a token * Add secret to generate a token
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added a test to ensure credentials are present.
The test doesn't pass
That is the result
{
"id": 24,
"created_at": "2024-10-23T09:47:11.999848+02:00",
"updated_at": "2024-10-23T09:47:38.520077+02:00",
"service_uuid": "64005bd8-6c97-457c-be5c-e102f767007f",
"status": "success",
"to_cleanup": false,
"annotations": {
"guid": "st6zn"
},
"request": {
"annotations": {
"guid": "st6zn"
},
"resources": [
{
"annotations": {
"cost_center": "...EDITED...",
"domain": "...EDITED...",
"purpose": "backend",
"requester": "[email protected]"
},
"count": 1,
"kind": "AzureSandbox",
"quota": {}
}
],
"service_uuid": "64005bd8-6c97-457c-be5c-e102f767007f"
}
}
credentials are missing and there is an empty quota
. I don't think that is intended
|
||
const ( | ||
sandboxRoleName = "Custom-Owner (Block Billing and Subscription deletion)" | ||
rgNamePrefix = "openenv-" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
openenv is a loaded term.
openenv usually means we charge back.
Here i think it's more generic as in "sandbox" that can either be charged back or not.
So for the prefix i would use sandbox-
, wdyt?
@@ -0,0 +1,75 @@ | |||
package azure |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
there is a typo in the filename service_principalp.go
should be service_principal.go
right?
tests/003-azure.hurl
Outdated
jsonpath "$.Placement.service_uuid" == "{{uuid}}" | ||
jsonpath "$.Placement.resources" count == 1 | ||
jsonpath "$.Placement.resources[0].annotations.guid" == "st6zn" | ||
jsonpath "$.Placement.resources[0].annotations.purpose" == "backend" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We need more tests like
- get a placement, ensure the azure credentials are set
TBD