ci: [Service Tags] add public ips with service tags for LBs during cluster creation #3277
Conversation
hack/aks/Makefile
Outdated
| --location $(REGION) \ | ||
| --sku Standard \ | ||
| --tier Regional \ | ||
| --version IPv6 |
There was a problem hiding this comment.
Did we request IPV6 ips for our test ST ?
There was a problem hiding this comment.
discussed offline, should be good to go on ipv6
jpayne3506
changed the title
hack/aks/Makefile
Outdated
| IP_TAG ?= FirstPartyUsage=/DelegatedNetworkControllerTest | ||
| IP_PREFIX ?= serviceTaggedIp |
There was a problem hiding this comment.
are these strings pre-determined?
There was a problem hiding this comment.
IP_TAG is predetermined, but IP_PREFIX is not -- I believe that's just a variable Shubham had created for naming the public ips we create and tag for this workflow
hack/aks/Makefile
Outdated
| @@ -98,6 +120,7 @@ up: swift-up ## Alias to swift-up | |||
|
|
|||
|
|
|||
| nodesubnet-byocni-nokubeproxy-up: rg-up overlay-net-up ## Brings up an NodeSubnet BYO CNI cluster without kube-proxy | |||
| @$(MAKE) public-ipv4 | |||
There was a problem hiding this comment.
why are you reinvoking Make for this? unless you are overriding or changing args and options versus the Make invocation you are already in, you could make the IP target a dependency here, like rg-up etc.
|
Why are we using |
@timraymond yes and no. I originally wrote this Makefile because I needed to build infra that required certain subscription flags enabled (which ARM may be able to do, but was documented as AzCLI commands), and a certain preview CLI installed locally and/or a preview AZ AKS plugin installed locally. This made it easy for everyone to deploy infra identically without copy/pasting out of some install steps OneNote every time. I also find it nice to have a central list of capabilities. We could write Bicep for everything here, but I think I would still want the Makefile to exist as the single entrypoint to all of the |
Co-authored-by: Evan Baker <[email protected]> Signed-off-by: Keerthana Routhu <[email protected]>
|
This pull request is stale because it has been open for 2 weeks with no activity. Remove stale label or comment or this will be closed in 7 days |
|
Pull request closed due to inactivity. |
|
re-opening PR |
Signed-off-by: Keerthana Routhu <[email protected]>
hack/aks/Makefile
Outdated
| PUBLIC_IPv6 ?= $(PUBLIC_IP_ID)/$(IP_PREFIX)-$(CLUSTER)-v6 | ||
| KUBE_PROXY_JSON_PATH ?= ./kube-proxy.json |
Co-authored-by: John Payne <[email protected]> Signed-off-by: Keerthana Routhu <[email protected]>
|
/azp run Azure Container Networking PR |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Reason for Change:
Adding service tags to all public ips. This change adds public ips and attaches these ips as load balancer outbound ips during cluster creation. Branch
spathak/add-service-tagsis where all the changes were made and tested -- created this branch based off of that one.Testing:
spathak/add-service-tagsTested changes in a couple of Cilium pipelines:
Cilium Nightly Pipeline
The public ips created have service tags attached to them, and the ips fall within the allowed ranges for the locations they were created
CNI Release Test
All of the public ips created have service tags attached to them, and the ips fall within the allowed ranges for the locations they were created
CNI - LSG Integration Test
The clusters get created here successfully with the correct public ips. The integration tests do fail, but I checked with John Payne -- he mentioned that the integration tests fail frequently because they're heavily dependent on a partner team (Canonical). He suggested running Cilium Private Test pipelines on v1.14 and v1.16 (the next two on the list) and the remaining pipelines with the service tags. The remaining pipelines look good and create public ips as expected, so I believe we should be good to go on that front.
ACN PR Pipeline
All of the public ips created have service tags attached to them, and the ips fall within the allowed ranges for the locations they were created