Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-760

[Upstream] CAPI provider for ROSA with HCP - Phase 1 (MVP-1 / Demo)

XMLWordPrintable

    • Upstream
    • 0% To Do, 0% In Progress, 100% Done
    • L
    • 1
    • 0

      Feature Overview (aka. Goal Summary)  

      Note: This feature is tracking work focused on updating the upstream CAPI. This does not impact 4.16 release.
      Enable Service Consumer personas to lifecycle managed OpenShift (ROSA with Hosted Control Planes) via CAPI.

      Goal

      Target:

      March-15-2024
      March 20 2024 - Demo without BYO-OIDC demo-script 
      May 1 2024 - Demo with BYO-OIDC

      Considerations

      Once ROSACluster CRD is implemented  in upstream to manage ROSA clusters, downstream bits are to be implemented to integrate with OpenShift/ROSA.

      ROSA managed by Capi =  ROSA -> ocm api (ideally) ->  hypershift api ->  capi -> nodes
      the ROSA CAPI Provider will speak to the OCM API via github.com/openshift-online/ocm-sdk-go.  The ROSA CLI cannot communicate to OCM via CAPI directly because OCM does not expose a Kubernetes CAPI Server (that would not scale).  Instead, the user is expected to run a Kubernetes CAPI environment in their computing environment from which they wish to reconcile.

      The initial request from the customer was to use CAPI as their authoritative source of truth for all their cluster fleet.This feature covers other bits like machinepools, auth-provider etc.

       

      Acceptance criteria.  

      • As a Service Consumer, I should use upstream CAPI to provision ROSA+HCP cluster. As part of this account-wide roles and OIDC configuration should be done by CAPI.
      • Following features should be supported by CAPI: adding SecurityGroups, 54 character cluster name, internal & BYO identity support, user-tags support, crio-o logging passthruough , set max node grace period to 1 week, private cluster, status of clusters, machinepool & controlplane updates, delete cluster.
      • No CNI mode with Cilium
      • Additional AWS security groups
      • AWS resource tags 
      • >15 character cluster name
      • nodeDrainGracePeriod can be set upto 1 week

              rh-ee-smodeel Subin M
              tkatarki@redhat.com Tushar Katarki
              Aaren de Jong, Alberto Garcia Lamela, Antoni Segura Puimedon, Balachandran Chandrasekaran, Derek Carr, Joel Speed, Ju Lim, Mike Worthington, Mulham Raee, Nelson Jean, Steve Kuznetsov (Inactive), Subin M, Vince Prignano (Inactive)
              Mulham Raee Mulham Raee
              He Liu He Liu
              Stephanie Stout Stephanie Stout
              Vince Prignano Vince Prignano (Inactive)
              Subin M Subin M
              Eric Rich Eric Rich
              Votes:
              0 Vote for this issue
              Watchers:
              19 Start watching this issue

                Created:
                Updated:
                Resolved: