Uploaded image for project: 'OpenShift Hive'
  1. OpenShift Hive
  2. HIVE-2204

RFE: Azure: Custom resource groups (MachinePool, Hibernation)

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Normal Normal
    • None
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • None
    • None
    • Rejected
    • None

      Description of problem:

      When creating an OpenShift cluster on the Azure platform via Hive, it is possible to override the Azure resource group in which the cluster is created within the install config.

Hive MachinePools are unaware of this resource group override and perform operations such as checking for an image gallery in the resource group against the default resource group name which is based on the ClusterID.

This results in errors such as the following where "ocp-lab-68x4h-rg" is used instead of the custom resourceGroupName defined in the install config.

"Message=\"The client 'xx' with object id 'xx' does not have authorization to perform action 'Microsoft.Compute/images/read' over scope '/subscriptions/xx/resourceGroups/ocp-lab-68x4h-rg/providers/Microsoft.Compute'"

      Version-Release number of selected component (if applicable):

      4.14.0

      How reproducible:

      Reproducible with a user provided resource group.

      Steps to Reproduce:

      1. Create an Azure cluster using Hive with a custom resource group set within the install config.
2. Create an additional MachinePool for the cluster or to manage the existing worker MachineSets.
3. Observe authorization error which is looking in the default resource group name which is based on the clusterID.

      Actual results:

      MachineSet generation fails.

      Expected results:

      MachineSet generation succeeds.

      Additional info:

      Hive is looking in the default resource group rather than the resource group defined in the install config. Hive doesn't source information from the install config so I think to fix this bug Hive would either want to source the user provided resource group from the ClusterDeployment object within .spec.platform.azure , requiring that the resource group is duplicated there from the install config when overridden (Hive doesn't have this platform field, we'd need to add it), or have a spec field on MachinePool to specify a custom resource group.

       

        1. hiveadmission-6bc654dcf6-vwmvq.txt
          8 kB
          Feilian Xie
        2. hiveadmission-6bc654dcf6-pkld4.txt
          9 kB
          Feilian Xie
        3. hive-controllers-7d8f9f85d5-5pjlp.txt
          106 kB
          Feilian Xie

              efried.openshift Eric Fried
              abutcher@redhat.com Andrew Butcher
              None
              None
              Feilian Xie Feilian Xie (Inactive)
              None
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: