Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-760

[Upstream] CAPI provider for ROSA with HCP - Phase 1 (MVP-1 / Demo)

XMLWordPrintable

    • 100
    • 100% 100%
    • L
    • 1
    • 0
    • 0

      Feature Overview (aka. Goal Summary)  

      Enable Service Consumer personas to lifecycle managed OpenShift (ROSA with Hosted Control Planes) via CAPI.
      Note: This feature is tracking work focused on updating the upstream CAPI.

      Goal

      Target:

      March-15-2024
      March 20 2024 - Demo without BYO-OIDC demo-script 
      May 1 2024 - Demo with BYO-OIDC

      Considerations

      Once ROSACluster CRD is implemented  in upstream to manage ROSA clusters, downstream bits are to be implemented to integrate with OpenShift/ROSA.

      ROSA managed by Capi =  ROSA -> ocm api (ideally) ->  hypershift api ->  capi -> nodes
      the ROSA CAPI Provider will speak to the OCM API via github.com/openshift-online/ocm-sdk-go.  The ROSA CLI cannot communicate to OCM via CAPI directly because OCM does not expose a Kubernetes CAPI Server (that would not scale).  Instead, the user is expected to run a Kubernetes CAPI environment in their computing environment from which they wish to reconcile.

      The initial request from the customer was to use CAPI as their authoritative source of truth for all their cluster fleet.This feature covers other bits like machinepools, auth-provider etc.

       

      Acceptance criteria.  

      • As a Service Consumer, I should use upstream CAPI to provision ROSA+HCP cluster. As part of this account-wide roles and OIDC configuration should be done by CAPI.
      • Following features should be supported by CAPI: adding SecurityGroups, 54 character cluster name, internal & BYO identity support, user-tags support, crio-o logging passthruough , set max node grace period to 1 week, private cluster, status of clusters, machinepool & controlplane updates, delete cluster.
      • No CNI mode with Cilium
      • Additional AWS security groups
      • AWS resource tags 
      • >15 character cluster name
      • nodeDrainGracePeriod can be set upto 1 week

            rh-ee-smodeel Subin MM
            tkatarki@redhat.com Tushar Katarki
            Aaren de Jong, Alberto Garcia Lamela, Antoni Segura Puimedon, Balachandran Chandrasekaran, Derek Carr, Joel Speed, Ju Lim, Mike Worthington, Mulham Raee, Nelson Jean, Steve Kuznetsov, Subin MM, Vince Prignano
            Mulham Raee Mulham Raee
            He Liu He Liu
            Stephanie Stout Stephanie Stout
            Vince Prignano Vince Prignano
            Subin MM Subin MM
            Eric Rich Eric Rich
            Votes:
            0 Vote for this issue
            Watchers:
            16 Start watching this issue

              Created:
              Updated:
              Resolved: