Deploy managed clusters s3 secrets using ramen #1146
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nirs
requested review from
raghavendra-talur,
ShyamsundarR,
netzzer and
BenamarMk
nirs
force-pushed
the
ramenctl-s3-secrets
branch
from
317cb9d
to
9f664c4
Compare
Recently the recipe CRD[1] became required if kube object protection is enabled, so we must have it in the test environment unless we disable the feature. Disabling the feature is not a good idea since we will want to be able to test imperative apps or declerative apps that need recipes (e.g. kubvirt with DataVolumeTemplate). [1] https://github.com/RamenDR/recipe/blob/main/config/crd/bases/ramendr.openshift.io_recipes.yaml Signed-off-by: Nir Soffer <nsoffer@redhat.com>
In OpenShift we deploy 2 s3 secrets (one per s3 store) on the hub, and
the secrets are propagated to the managed clusters using the policy
framework.
In ramenctl we deploy the secrets directly to the managed clusters. This
is much simpler and more reliable, but it bypass the ramen code we want
to test, hiding issues in the real code path.
Change ramenctl to deploy the secrets in the same way as in OpenShift:
- Use 2 secrets, one per cluster s3 store
- Deploy the secrets only on the hub
- Wait until the secrets are propagated to the managed clusters by
ramen.
With this issues in ramen related code or OCM will break ramenctl early.
Hopefully this will help to detect regressions before they reach QE or
released in OpenShift.
Example run:
$ ramenctl config $env
2023-11-22 22:05:19,546 INFO [ramenctl] Starting config
2023-11-22 22:05:19,812 INFO [ramenctl] Waiting until ramen-hub-operator is rolled out
2023-11-22 22:05:19,889 INFO [ramenctl] Creating ramen s3 secrets in cluster 'hub'
2023-11-22 22:05:20,428 INFO [ramenctl] Updating ramen config map in cluster 'hub'
2023-11-22 22:05:20,716 INFO [ramenctl] Creating dr-clusters for regional-dr
2023-11-22 22:05:20,988 INFO [ramenctl] Creating dr-policy for regional-dr
2023-11-22 22:05:21,220 INFO [ramenctl] Waiting until s3 secrets are propagated to managed clusters
2023-11-22 22:05:22,800 INFO [ramenctl] Waiting until DRClusters report phase
2023-11-22 22:05:22,941 INFO [ramenctl] Waiting until DRClusters phase is available
2023-11-22 22:05:23,206 INFO [ramenctl] Waiting until DRPolicy is validated
2023-11-22 22:05:23,361 INFO [ramenctl] Finished config in 3.82 seconds
Signed-off-by: Nir Soffer <nsoffer@redhat.com>
nirs
force-pushed
the
ramenctl-s3-secrets
branch
from
9f664c4
to
07b270c
Compare
raghavendra-talur
approved these changes
Dec 8, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In OpenShift we deploy 2 s3 secrets (one per s3 store) on the hub, and the secrets are propagated to the managed clusters using the policy framework.
In ramenctl we deploy the secrets directly to the managed clusters. This is much simpler and more reliable, but it bypass the ramen code we want to test, hiding issues in the real code path.
Change ramenctl to deploy the secrets in the same way as in OpenShift:
With this issues in ramen related code or OCM will break ramenctl early. Hopefully this will help to detect regressions before they reach QE or released in OpenShift.