fix: Validate RP before cluster creation, add env variables for OCP p…

…ullspecs, and update instructions

fix: Use RP_IMAGE_LOCAL for Linux compatibility in runlocal-rp target

remove the changes

veriable file modified

move the set file to the hack directory and updated the doc

move the set file to the hack directory and updated the doc

Improve Podman Compatibility for Local RP with Secrets Handling

Improve Podman compatibility by switching from 72626 to  syntax for environment variables in Makefile

env file updated

Added logic to print the VNet/Subnets

env file updated

Update OpenShift version to 4.13.40

Update OpenShift version to 4.13.40

file added

file added

modified the makefile

file has been added

file has been added

Makefile has been modifies

Added the dynamic variable to fetch the default openshift version

Update setup_resources.sh to dynamically fetch OpenShift version and pull specs from const.go

Makefile

@@ -67,53 +67,71 @@ build-all:
 aro: check-release generate
 	go build -ldflags "-X github.com/Azure/ARO-RP/pkg/util/version.GitCommit=$(VERSION)" ./cmd/aro
 
+# Target to create docker secrets
+.PHONY: docker-secrets
+docker-secrets: aks.kubeconfig
+	docker secret rm --ignore aks.kubeconfig
+	docker secret create aks.kubeconfig ./aks.kubeconfig
+
+	docker secret rm --ignore proxy-client.key
+	docker secret create proxy-client.key ./secrets/proxy-client.key
+
+	docker secret rm --ignore proxy-client.crt
+	docker secret create proxy-client.crt ./secrets/proxy-client.crt
+
+	docker secret rm --ignore proxy.crt
+	docker secret create proxy.crt ./secrets/proxy.crt
+
 # Target to run the local RP
 .PHONY: runlocal-rp
-runlocal-rp: ci-rp aks.kubeconfig
-	@set -a; source secrets/env; set +a; \
-	podman run --rm -p 127.0.0.1:8443:8443 \
+runlocal-rp: ci-rp docker-secrets
+	docker run --rm -p 127.0.0.1:8443:8443 \
 		--name aro-rp \
 		-w /app \
+		-e ARO_IMAGE \
 		-e RP_MODE="development" \
-		-e PROXY_HOSTNAME="$${PROXY_HOSTNAME}" \
-		-e DOMAIN_NAME="$${DOMAIN_NAME}" \
-		-e AZURE_RP_CLIENT_ID="$${AZURE_RP_CLIENT_ID}" \
-		-e AZURE_FP_CLIENT_ID="$${AZURE_FP_CLIENT_ID}" \
-		-e AZURE_SUBSCRIPTION_ID="$${AZURE_SUBSCRIPTION_ID}" \
-		-e AZURE_TENANT_ID="$${AZURE_TENANT_ID}" \
-		-e AZURE_RP_CLIENT_SECRET="$${AZURE_RP_CLIENT_SECRET}" \
-		-e LOCATION="$${LOCATION}" \
-		-e RESOURCEGROUP="$${RESOURCEGROUP}" \
-		-e AZURE_ARM_CLIENT_ID="$${AZURE_ARM_CLIENT_ID}" \
-		-e AZURE_FP_SERVICE_PRINCIPAL_ID="$${AZURE_FP_SERVICE_PRINCIPAL_ID}" \
-		-e AZURE_DBTOKEN_CLIENT_ID="$${AZURE_DBTOKEN_CLIENT_ID}" \
-		-e AZURE_PORTAL_CLIENT_ID="$${AZURE_PORTAL_CLIENT_ID}" \
-		-e AZURE_PORTAL_ACCESS_GROUP_IDS="$${AZURE_PORTAL_ACCESS_GROUP_IDS}" \
-		-e AZURE_CLIENT_ID="$${AZURE_CLIENT_ID}" \
-		-e AZURE_SERVICE_PRINCIPAL_ID="$${AZURE_SERVICE_PRINCIPAL_ID}" \
-		-e AZURE_CLIENT_SECRET="$${AZURE_CLIENT_SECRET}" \
-		-e AZURE_GATEWAY_CLIENT_ID="$${AZURE_GATEWAY_CLIENT_ID}" \
-		-e AZURE_GATEWAY_SERVICE_PRINCIPAL_ID="$${AZURE_GATEWAY_SERVICE_PRINCIPAL_ID}" \
-		-e AZURE_GATEWAY_CLIENT_SECRET="$${AZURE_GATEWAY_CLIENT_SECRET}" \
-		-e DATABASE_NAME="$${DATABASE_NAME}" \
-		-e PULL_SECRET="$${PULL_SECRET}" \
-		-e SECRET_SA_ACCOUNT_NAME="$${SECRET_SA_ACCOUNT_NAME}" \
-		-e DATABASE_ACCOUNT_NAME="$${DATABASE_ACCOUNT_NAME}" \
-		-e KEYVAULT_PREFIX="$${KEYVAULT_PREFIX}" \
-		-e ADMIN_OBJECT_ID="$${ADMIN_OBJECT_ID}" \
-		-e PARENT_DOMAIN_NAME="$${PARENT_DOMAIN_NAME}" \
-		-e PARENT_DOMAIN_RESOURCEGROUP="$${PARENT_DOMAIN_RESOURCEGROUP}" \
-		-e AZURE_ENVIRONMENT="$${AZURE_ENVIRONMENT}" \
-		-e STORAGE_ACCOUNT_DOMAIN="$${STORAGE_ACCOUNT_DOMAIN}" \
-		-e OIDC_STORAGE_ACCOUNT_NAME="$${OIDC_STORAGE_ACCOUNT_NAME}" \
+		-e PROXY_HOSTNAME \
+		-e DOMAIN_NAME \
+		-e AZURE_RP_CLIENT_ID \
+		-e AZURE_FP_CLIENT_ID \
+		-e AZURE_SUBSCRIPTION_ID \
+		-e AZURE_TENANT_ID \
+		-e AZURE_RP_CLIENT_SECRET \
+		-e LOCATION \
+		-e RESOURCEGROUP \
+		-e AZURE_ARM_CLIENT_ID \
+		-e AZURE_FP_SERVICE_PRINCIPAL_ID \
+		-e AZURE_DBTOKEN_CLIENT_ID \
+		-e AZURE_PORTAL_CLIENT_ID \
+		-e AZURE_PORTAL_ACCESS_GROUP_IDS \
+		-e AZURE_CLIENT_ID \
+		-e AZURE_SERVICE_PRINCIPAL_ID \
+		-e AZURE_CLIENT_SECRET \
+		-e AZURE_GATEWAY_CLIENT_ID \
+		-e AZURE_GATEWAY_SERVICE_PRINCIPAL_ID \
+		-e AZURE_GATEWAY_CLIENT_SECRET \
+		-e DATABASE_NAME \
+		-e PULL_SECRET \
+		-e SECRET_SA_ACCOUNT_NAME \
+		-e DATABASE_ACCOUNT_NAME \
+		-e KEYVAULT_PREFIX \
+		-e ADMIN_OBJECT_ID \
+		-e PARENT_DOMAIN_NAME \
+		-e PARENT_DOMAIN_RESOURCEGROUP \
+		-e AZURE_ENVIRONMENT \
+		-e STORAGE_ACCOUNT_DOMAIN \
+		-e OIDC_STORAGE_ACCOUNT_NAME \
 		-e KUBECONFIG="/app/secrets/aks.kubeconfig" \
 		-e HIVE_KUBE_CONFIG_PATH="/app/secrets/aks.kubeconfig" \
 		-e ARO_CHECKOUT_PATH="/app" \
 		-e ARO_INSTALL_VIA_HIVE="true" \
 		-e ARO_ADOPT_BY_HIVE="true" \
-		-v $(PWD)/aks.kubeconfig:/app/secrets/aks.kubeconfig:z \
-		-v $(PWD)/secrets:/app/secrets:z \
-		$$ARO_IMAGE rp
+		--secret aks.kubeconfig,target=/app/secrets/aks.kubeconfig \
+		--secret proxy-client.key,target=/app/secrets/proxy-client.key \
+		--secret proxy-client.crt,target=/app/secrets/proxy-client.crt \
+		--secret proxy.crt,target=/app/secrets/proxy.crt \
+		$(RP_IMAGE_LOCAL) rp
+
 
 .PHONY: az
 az: pyenv

docs/deploy-development-rp.md

@@ -1,31 +1,19 @@
 # Deploy development RP
 
-## Why to use it?
-This is the **preferred** and fast way to have your own local development RP setup, while also having a functional cluster.
-It uses hacks scripts around a lot of the setup to make things easier to bootstrap and be more sensible for running off of your local laptop. 
-
-- Check the specific use-case examples where [deploying full RP service](https://github.com/Azure/ARO-RP/blob/master/docs/deploy-full-rp-service-in-dev.md) can be a better match.
-
 ## Prerequisites
 
 1. Your development environment is prepared according to the steps outlined in [Prepare Your Dev Environment](./prepare-your-dev-environment.md)
 
 ## Installing the extension
 
-1. Check the `env.example` file and copy it by creating your own:
-
-   ```bash
-   cp env.example env
-   ```
-
-2. Build the development `az aro` extension:
+1. Build the development `az aro` extension:
 
    ```bash
    . ./env
    make az
    ```
 
-3. Verify the ARO extension is registered:
+1. Verify the ARO extension is registered:
 
    ```bash
    az -v
@@ -481,12 +469,69 @@ To run fake metrics socket:
 ```bash
 go run ./hack/monitor
 ```
+## Run the RP and create a Hive cluster
 
-## Troubleshooting
+**Steps to perform on Mac**
 
-1. Trying to use `az aro` CLI in Production, fails with:
+1. Mount your local MacOS filesystem into the podman machine:
+```bash
+podman machine init --now --cpus=4 --memory=4096 -v $HOME:$HOME
 ```
-(NoRegisteredProviderFound) No registered resource provider found for location '$LOCATION' and API version '2024-08-12-preview'
+
+2. Use the openvpn config file (which is now mounted inside the podman machine) to start the VPN connection:
+
+```bash
+podman machine ssh
+
+sudo rpm-ostree install openvpn
+
+sudo systemctl reboot
+
+podman machine ssh
+
+sudo openvpn --config /Users/<user_name>/go/src/github.com/Azure/ARO-RP/secrets/vpn-aks-westeurope.ovpn --daemon --writepid vpnpid
+
+ps aux | grep openvpn
 ```
-- Check if`~/.azure/config` there is a block `extensions.dev_sources`. If yes, comment it.
-- Check if env var `AZURE_EXTENSION_DEV_SOURCES` is set. If yes, unset it.
+
+### Instructions for Modifying Environment File
+
+**Update the env File**
+
+- Open the `env` file.
+-  Update env file instructions: set `OPENSHIFT_VERSION`, update `INSTALLER_PULLSPEC` and `OCP_PULLSPEC`, mention quay.io for SHA256 hash.
+-  Update INSTALLER_PULLSPEC with the appropriate name and tag, typically matching the OpenShift version, e.g., `release-4.13.`(for more detail see the `env.example`)
+
+* Source the environment file before creating the cluster using the `setup_resources.sh` script(Added the updated env in the PR)
+```bash
+cd /hack
+
+./setup_resources.sh
+```
+
+* Once the cluster create verify connectivity with the ARO cluster:
+- Download the admin kubeconfig file
+```bash
+az aro get-admin-kubeconfig --name <cluster_name> --resource-group v4-westeurope --file ~/.kube/aro-admin-kubeconfig
+```
+- Set the KUBECONFIG environment variable
+```bash
+export KUBECONFIG=~/.kube/aro-admin-kubeconfig
+```
+- Verify connectivity with the ARO cluster
+```bash
+kubectl get nodes
+```
+
+```bash
+kubectl get nodes
+NAME                                                  STATUS   ROLES                  AGE   VERSION
+shpaitha-aro-cluster-4sp5c-master-0                   Ready    control-plane,master   39m   v1.25.11+1485cc9
+shpaitha-aro-cluster-4sp5c-master-1                   Ready    control-plane,master   39m   v1.25.11+1485cc9
+shpaitha-aro-cluster-4sp5c-master-2                   Ready    control-plane,master   39m   v1.25.11+1485cc9
+shpaitha-aro-cluster-4sp5c-worker-westeurope1-j9c76   Ready    worker                 29m   v1.25.11+1485cc9
+shpaitha-aro-cluster-4sp5c-worker-westeurope2-j9zrs   Ready    worker                 27m   v1.25.11+1485cc9
+shpaitha-aro-cluster-4sp5c-worker-westeurope3-56tk7   Ready    worker                 28m   v1.25.11+1485cc9 
+```
+
+

setup_resources.sh → hack/setup_resources.sh

@@ -2,6 +2,32 @@
 
 set -e
 
+# Determine the base directory of the script
+BASE_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)
+
+# Construct the path to const.go using the base directory
+CONST_GO_PATH="$BASE_DIR/pkg/util/version/const.go"
+
+# Debugging: Print paths for verification
+echo "Base directory: $BASE_DIR"
+echo "Path to const.go: $CONST_GO_PATH"
+
+# Check if const.go exists
+if [ ! -f "$CONST_GO_PATH" ]; then
+  echo "Error: File $CONST_GO_PATH not found."
+  exit 1
+fi
+
+# Extract version and pullspec from const.go
+OPENSHIFT_VERSION=$(awk -F'[(,)]' '/NewVersion/ {gsub(/ /, ""); print $2"."$3"."$4; exit}' "$CONST_GO_PATH")
+OCP_PULLSPEC=$(awk -F'"' '/PullSpec:/ {print $2; exit}' "$CONST_GO_PATH")
+INSTALLER_PULLSPEC="arointsvc.azurecr.io/aro-installer:release-$OPENSHIFT_VERSION"
+
+# Print the fetched values for verification
+echo "Using OpenShift version: $OPENSHIFT_VERSION"
+echo "Using OCP_PULLSPEC: $OCP_PULLSPEC"
+echo "Using INSTALLER_PULLSPEC: $INSTALLER_PULLSPEC"
+
 # Function to validate RP running
 validate_rp_running() {
     echo "########## Checking ARO RP Status ##########"
@@ -27,26 +53,23 @@ validate_rp_running() {
     done
 }
 
-# Ensure all env vars are set (CLUSTER_LOCATION, CLUSTER_RESOURCEGROUP, CLUSTER_NAME)
+# Ensure all env vars are set (LOCATION, CLUSTER_RESOURCEGROUP, CLUSTER_NAME)
 ALL_SET="true"
-if [ -z ${AZURE_SUBSCRIPTION_ID} ]; then ALL_SET="false" && echo "AZURE_SUBSCRIPTION_ID is unset"; else echo "AZURE_SUBSCRIPTION_ID is set to '$AZURE_SUBSCRIPTION_ID'"; fi
-if [ -z ${LOCATION} ]; then ALL_SET="false" && echo "LOCATION is unset"; else echo "LOCATION is set to '$LOCATION'"; fi
-if [ -z ${CLUSTER_RESOURCEGROUP} ]; then ALL_SET="false" && echo "CLUSTER_RESOURCEGROUP is unset"; else echo "CLUSTER_RESOURCEGROUP is set to '$CLUSTER_RESOURCEGROUP'"; fi
-if [ -z ${CLUSTER_NAME} ]; then ALL_SET="false" && echo "CLUSTER_NAME is unset"; else echo "CLUSTER_NAME is set to '$CLUSTER_NAME'"; fi
-if [ -z ${CLUSTER_VNET} ]; then CLUSTER_VNET="aro-vnet2"; echo "CLUSTER_VNET is ${CLUSTER_VNET}"; fi
-if [ -z ${CLUSTER_MASTER_SUBNET} ]; then CLUSTER_MASTER_SUBNET="master-subnet"; echo "CLUSTER_MASTER_SUBNET is ${CLUSTER_MASTER_SUBNET}"; fi
-if [ -z ${CLUSTER_WORKER_SUBNET} ]; then CLUSTER_WORKER_SUBNET="worker-subnet"; echo "CLUSTER_WORKER_SUBNET is ${CLUSTER_WORKER_SUBNET}"; fi
-if [ -z ${OPENSHIFT_VERSION} ]; then ALL_SET="false" && echo "OPENSHIFT_VERSION is unset"; else echo "OPENSHIFT_VERSION is set to '$OPENSHIFT_VERSION'"; fi
-if [ -z ${OCP_PULLSPEC} ]; then ALL_SET="false" && echo "OCP_PULLSPEC is unset"; else echo "OCP_PULLSPEC is set to '$OCP_PULLSPEC'"; fi
-if [ -z ${INSTALLER_PULLSPEC} ]; then ALL_SET="false" && echo "INSTALLER_PULLSPEC is unset"; else echo "INSTALLER_PULLSPEC is set to '$INSTALLER_PULLSPEC'"; fi
+if [ -z "${AZURE_SUBSCRIPTION_ID}" ]; then ALL_SET="false" && echo "AZURE_SUBSCRIPTION_ID is unset"; else echo "AZURE_SUBSCRIPTION_ID is set to '$AZURE_SUBSCRIPTION_ID'"; fi
+if [ -z "${LOCATION}" ]; then ALL_SET="false" && echo "LOCATION is unset"; else echo "LOCATION is set to '$LOCATION'"; fi
+if [ -z "${CLUSTER_RESOURCEGROUP}" ]; then ALL_SET="false" && echo "CLUSTER_RESOURCEGROUP is unset"; else echo "CLUSTER_RESOURCEGROUP is set to '$CLUSTER_RESOURCEGROUP'"; fi
+if [ -z "${CLUSTER_NAME}" ]; then ALL_SET="false" && echo "CLUSTER_NAME is unset"; else echo "CLUSTER_NAME is set to '$CLUSTER_NAME'"; fi
+if [ -z "${CLUSTER_VNET}" ]; then CLUSTER_VNET="aro-vnet2"; fi; echo "CLUSTER_VNET is ${CLUSTER_VNET}"
+if [ -z "${CLUSTER_MASTER_SUBNET}" ]; then CLUSTER_MASTER_SUBNET="master-subnet"; fi; echo "CLUSTER_MASTER_SUBNET is ${CLUSTER_MASTER_SUBNET}"
+if [ -z "${CLUSTER_WORKER_SUBNET}" ]; then CLUSTER_WORKER_SUBNET="worker-subnet"; fi; echo "CLUSTER_WORKER_SUBNET is ${CLUSTER_WORKER_SUBNET}"
 
 if [[ "${ALL_SET}" != "true" ]]; then exit 1; fi
 
 # Check Azure CLI version
 echo "Checking Azure CLI version..."
 az_version=$(az --version | grep 'azure-cli' | awk '{print $2}')
 required_version="2.30.0"
-if  [ "$(printf '%s\n' "$required_version" "$az_version" | sort -V | head -n1)" = "$required_version" ]; then
+if [ "$(printf '%s\n' "$required_version" "$az_version" | sort -V | head -n1)" = "$required_version" ]; then
     echo "Azure CLI version is compatible"
 else
     echo "Azure CLI version must be $required_version or later. Please upgrade."
@@ -157,3 +180,5 @@ fi
 
 echo "To list cluster credentials, run:"
 echo "    az aro list-credentials --name $CLUSTER_NAME --resource-group $CLUSTER_RESOURCEGROUP"
+
+echo "Note: Do not manually delete any resources. Let the script handle the deletions to avoid issues."

pkg/env/dev.go

@@ -72,8 +72,6 @@ func (d *dev) AROOperatorImage() string {
 }
 
 func (d *dev) Listen() (net.Listener, error) {
-	// in dev mode there is no authentication, so for safety we only listen on
-	// localhost
 	return net.Listen("tcp", ":8443")
 }