Step: ocm-e2e-clusterpool-cluster-getcreds

This step generates credential files for the clusters specified by the cluster claim names in the file specified by CLUSTER_CLAIM_FILE. The credential files will be stored in the SHARED_DIR. The cluster name is taken from the cluster claim name in CLUSTER_CLAIM_FILE and stripping off the trailing suffix. For example, hub-1-abc12 would become hub-1. The kubeconfig file name is made by taking the cluster name and adding a .kc extension. For example, the cluster claim name hub-1-abc12 would give the kubeconfig file name "hub-1.kc" and be stored in 'SHARED_DIR/hub-1.kc'. The metadata file name is made by taking the cluster name and adding a .json extension. For example, the cluster claim name hub-1-abc12 would give the metadata file name "hub-1.json" and be stored in 'SHARED_DIR/hub-1.json'.

Container image used for this step: open-cluster-management/builder:go1.16-linux

open-cluster-management/builder:go1.16-linux resolves to an image imported from the specified imagestream tag on the build farm (documentation).

Environment

In addition to the default environment, the step exposes the following:

Variable Name Type Variable Content
MAKEFILE Parameter[?] Location of the build harness Makefile for use on OSCI. (default: /opt/build-harness/Makefile.prow)
CLUSTERPOOL_HOST_API Parameter[?] API URL of the cluster running the target clusterpool, used in oc login, so port :6443 is required (default: https://api.collective.aws.red-chesterfield.com:6443)
CLUSTERPOOL_HOST_NAMESPACE Parameter[?] Namespace on the cluster pool host to use.
CLUSTERPOOL_HOST_PROW_KUBE_SECRET Parameter[?] The name of the kube secret with the kube API user and token.
CLUSTER_CLAIM_FILE Parameter[?] File name that stores the cluster claim names. (default: cluster-claims)

Source Code

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
#!/bin/bash

temp=$(mktemp -d -t ocm-XXXXX)
cd "$temp" || exit 1

cp "$MAKEFILE" ./Makefile

OC_CLUSTER_TOKEN=$(cat "/etc/$CLUSTERPOOL_HOST_PROW_KUBE_SECRET/token")
export OC_CLUSTER_TOKEN
export OC_CLUSTER_URL="$CLUSTERPOOL_HOST_API"

# claims are in the form hub-1-abcde
while read -r claim; do 
    # strip off the -abcde suffix
    cluster=$( sed -e "s/-[[:alnum:]]\+$//" <<<"$claim" )
    kc_output="${SHARED_DIR}/${cluster}.kc"
    json_output="${SHARED_DIR}/${cluster}.json"

    # Get cluster claim namespace
    oc_command="get clusterclaim.hive $claim -n $CLUSTERPOOL_HOST_NAMESPACE -o jsonpath='{.spec.namespace}'"
    if ! make -s oc/command OC_COMMAND="$oc_command" > namespace; then
        echo "Error getting hive namespace for cluster claim $claim"
        exit 1
    fi
    ns=$(cat namespace)

    # Get cluster claim kubeconfig secret name
    oc_command="get -n $ns clusterdeployment $ns -o jsonpath='{.spec.clusterMetadata.adminKubeconfigSecretRef.name}'"
    if ! make -s oc/command OC_COMMAND="$oc_command" > secret_name; then
        echo "Error getting kubeconfig secret name for cluster claim $claim"
        exit 1
    fi
    kc=$(cat secret_name)

    # Get the cluster claim kubeconfig file
    oc_command="get -n $ns secret $kc -o jsonpath='{.data.kubeconfig}'"
    if make -s oc/command OC_COMMAND="$oc_command" > >(base64 --decode > "$kc_output"); then
        echo "Cluster kubeconfig for $claim saved to $kc_output"
    else
        echo "Error getting cluster kubeconfig for $claim"
        exit 1
    fi

    # Get the metadata file for the cluster
    if make clusterpool/get-cluster-metadata \
        CLUSTERPOOL_CLUSTER_CLAIM="$claim" \
        CLUSTERPOOL_METADATA_FILE="$json_output" > /dev/null ; then
        echo "Cluster meta data for $claim saved to $json_output"
    else
        echo "Error getting cluster metadata for $claim"
        exit 1
    fi
    
done < "${SHARED_DIR}/${CLUSTER_CLAIM_FILE}"

Properties

Property Value Description
Resource requests (cpu) 100m Used in .resources.requests of the pod running this step.
Resource requests (memory) 100Mi Used in .resources.requests of the pod running this step.

GitHub Link:

https://github.com/openshift/release/blob/master/ci-operator/step-registry/ocm/e2e/clusterpool/cluster/getcreds/ocm-e2e-clusterpool-cluster-getcreds-ref.yaml

Owners:

Approvers:

Source code for this page located on GitHub