Uploaded image for project: 'OpenShift Hive'
  1. OpenShift Hive
  2. HIVE-2613

MachinePool: GCP: custom ServiceAccount support (includes revendor)

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Undefined Undefined
    • openshift-4.18
    • None
    • False
    • None
    • False

      Installer recently added support for pre-created ServiceAccounts in GCP for CAPG via https://github.com/openshift/installer/pull/8750 / CORS-3568

      Ideally we would pick this value up from the install-config, but we can't count on that for the usual reasons. So we'll make a MachinePool.Spec.Platform.GCP.ServiceAccount field and plumb it through.

      And we'll need to revendor to pick up the upstream changes that use this thing. We need to get to at least 247522f6659b660dd205a3a78887c5bc34d68571, but the tip of the release-4.17 branch ought to work too.

            [HIVE-2613] MachinePool: GCP: custom ServiceAccount support (includes revendor)

            Jianping Shu added a comment -

            Tested OpenStack worker and infra MP including autoscaling, no issue.

            Hive version:https://quay.io/repository/app-sre/hive:f81dc39b9e

            Spoke cluster version:4.17.0-rc.3

            Close the card.

            Jianping Shu added a comment - Tested OpenStack worker and infra MP including autoscaling, no issue. Hive version: https://quay.io/repository/app-sre/hive:f81dc39b9e Spoke cluster version:4.17.0-rc.3 Close the card.

            Eric Fried added a comment -

            rhaigner@redhat.com

            This will be needed in any MCE with 4.17 support. Which is...?

            ...which would be mce-2.6. However, I just tried doing this, and it would be Hard™. Because it requires revendoring installer to 4.17, which brings the whole world with it.

            A good argument for MCE always using hive's master branch...

            Eric Fried added a comment - rhaigner@redhat.com This will be needed in any MCE with 4.17 support. Which is...? ...which would be mce-2.6. However, I just tried doing this, and it would be Hard™. Because it requires revendoring installer to 4.17, which brings the whole world with it. A good argument for MCE always using hive's master branch...

            Eric Fried added a comment -

            Great test case, thanks!

            Ready to close assuming OpenStack regression shows no issues.

            Eric Fried added a comment - Great test case, thanks! Ready to close assuming OpenStack regression shows no issues.

            Jianping Shu added a comment - - edited

            efried.openshift Tested the new functionality with case OCP-76214, all look good, PTAL

            Next I'll run a simple regression for OpenStack MP.

            Jianping Shu added a comment - - edited efried.openshift Tested the new functionality with case OCP-76214 , all look good, PTAL Next I'll run a simple regression for OpenStack MP.

            Eric Fried added a comment -

            rhaigner@redhat.com This will be needed in any MCE with 4.17 support. Which is...?

            Eric Fried added a comment - rhaigner@redhat.com This will be needed in any MCE with 4.17 support. Which is...?

            Eric Fried added a comment - - edited

            QE Notes

            IIUC it is possible to create a service account prior to install and specify it in the install-config. If that service account is in play for the default worker pool, it is necessary for the corresponding hive MachinePool to get that information through to the providerSpec in the MachineSet; otherwise the MachineSet won't work. (I don't actually know what the failure looks like – does the MachineSet fail to create? does MAPI fail to provision machines?)

            This should also be able to be used for additional MachinePools created day 2.

            Testing should probably include some basic autoscaling.

            Also:
            The revendor triggered some changes in the openstack actuator for MachinePools. Can we please include a quick regression test to make sure nothing broke there?

            Thanks!

            Eric Fried added a comment - - edited QE Notes IIUC it is possible to create a service account prior to install and specify it in the install-config. If that service account is in play for the default worker pool, it is necessary for the corresponding hive MachinePool to get that information through to the providerSpec in the MachineSet; otherwise the MachineSet won't work. (I don't actually know what the failure looks like – does the MachineSet fail to create? does MAPI fail to provision machines?) This should also be able to be used for additional MachinePools created day 2. Testing should probably include some basic autoscaling. Also: The revendor triggered some changes in the openstack actuator for MachinePools. Can we please include a quick regression test to make sure nothing broke there? Thanks!

              efried.openshift Eric Fried
              efried.openshift Eric Fried
              Jianping Shu Jianping Shu
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: