Uploaded image for project: 'OpenShift Cloud'
  1. OpenShift Cloud
  2. OCPCLOUD-2266

Add IBM Cloud service endpoint override support (MAPI)

    XMLWordPrintable

Details

    • Story
    • Resolution: Done
    • Undefined
    • None
    • None
    • None

    Description

      User Story:

      A user currently is not able to create a Disconnected cluster, using IPI, on IBM Cloud. 
      Currently, support for BYON and Private clusters does exist on IBM Cloud, but support to override IBM Cloud Service endpoints does not exist, which is required to allow for Disconnected support to function (reach IBM Cloud private endpoints).

      Description:

      IBM dependent components of OCP will need to add support to use a set of endpoint override values in order to reach IBM Cloud Services in Disconnected environments.

      The MAPI component will need to be able to allow all API calls to IBM Cloud Services, be directed to these endpoint values, in order to communicate in environments where the Public or default IBM Cloud Service endpoint is not available.

      The endpoint overrides are available via the infrastructure/cluster (.status.platformStatus.ibmcloud.serviceEndpoints) resource, which is how a majority of components are consuming cluster specific configurations (Ingress, MAPI, etc.). It will be structured as such

      apiVersion: config.openshift.io/v1
      kind: Infrastructure
      metadata:
        creationTimestamp: "2023-10-04T22:02:15Z"
        generation: 1
        name: cluster
        resourceVersion: "430"
        uid: b923c3de-81fc-4a0e-9fdb-8c4c337fba08
      spec:
        cloudConfig:
          key: config
          name: cloud-provider-config
        platformSpec:
          type: IBMCloud
      status:
        apiServerInternalURI: https://api-int.us-east-disconnect-21.ipi-cjschaef-dns.com:6443
        apiServerURL: https://api.us-east-disconnect-21.ipi-cjschaef-dns.com:6443
        controlPlaneTopology: HighlyAvailable
        cpuPartitioning: None
        etcdDiscoveryDomain: ""
        infrastructureName: us-east-disconnect-21-gtbwd
        infrastructureTopology: HighlyAvailable
        platform: IBMCloud
        platformStatus:
          ibmcloud:
            dnsInstanceCRN: 'crn:v1:bluemix:public:dns-svcs:global:a/fa4fd9fa0695c007d1fdcb69a982868c:f00ac00e-75c2-4774-a5da-44b2183e31f7::'
            location: us-east
            providerType: VPC
            resourceGroupName: us-east-disconnect-21-gtbwd
            serviceEndpoints:
            - name: iam
              url: https://private.us-east.iam.cloud.ibm.com
            - name: vpc
              url: https://us-east.private.iaas.cloud.ibm.com/v1
            - name: resourcecontroller
              url: https://private.us-east.resource-controller.cloud.ibm.com
            - name: resourcemanager
              url: https://private.us-east.resource-controller.cloud.ibm.com
            - name: cis
              url: https://api.private.cis.cloud.ibm.com
            - name: dnsservices
              url: https://api.private.dns-svcs.cloud.ibm.com/v1
            - name: cis
              url: https://s3.direct.us-east.cloud-object-storage.appdomain.cloud
          type: IBMCloud
      

      The CCM is currently relying on updates to the openshift-cloud-controller-manager/cloud-conf configmap, in order to override its required IBM Cloud Service endpoints, such as:

      data:
        config: |+
          [global]
          version = 1.1.0
          [kubernetes]
          config-file = ""
          [provider]
          accountID = ...
          clusterID = temp-disconnect-7m6rw
          cluster-default-provider = g2
          region = eu-de
          g2Credentials = /etc/vpc/ibmcloud_api_key
          g2ResourceGroupName = temp-disconnect-7m6rw
          g2VpcName = temp-disconnect-7m6rw-vpc
          g2workerServiceAccountID = ...
          g2VpcSubnetNames = temp-disconnect-7m6rw-subnet-compute-eu-de-1,temp-disconnect-7m6rw-subnet-compute-eu-de-2,temp-disconnect-7m6rw-subnet-compute-eu-de-3,temp-disconnect-7m6rw-subnet-control-plane-eu-de-1,temp-disconnect-7m6rw-subnet-control-plane-eu-de-2,temp-disconnect-7m6rw-subnet-control-plane-eu-de-3
          iamEndpointOverride = https://private.iam.cloud.ibm.com
          g2EndpointOverride = https://eu-de.private.iaas.cloud.ibm.com
          rmEndpointOverride = https://private.resource-controller.cloud.ibm.com
      

      These changes have already landed in the release-1.28 branch (target OCP release-4.15 branch), but we need to make sure they get pulled into the github.com/openshift/cloud-provider-ibm branch and built into a 4.15 image.

      Acceptance Criteria:

      Installer validates and injects user provided endpoint overrides into cluster deployment process and the MAPI components use specified endpoints and start up properly.

      Attachments

        Activity

          People

            jeffbnowickirh Jeff Nowicki
            jeffbnowickirh Jeff Nowicki
            Christopher Schaefer Christopher Schaefer
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: