Nexus replacement#1800
Draft
guptagunjan wants to merge 33 commits into
Draft
Conversation
PalashGoelIntel
force-pushed
the
nexus-replacement
branch
from
b5574e2 to
b51c40c
Compare
…ST API
The old CreateOrg/CreateProjectInOrg/waitUntil* functions used nexus_client
which relied on Nexus CRDs (orgs.org.edge-orchestrator.intel.com, etc.) that
no longer exist in the nexus-replacement deployment.
Replace with direct HTTP calls to the tenancy-manager REST API:
- tmEnsurePortForward: starts kubectl port-forward to tenancy-manager if needed
- tmGetAdminToken: obtains a Keycloak JWT for the admin user (has global
org-write-role / project-write-role)
- tmRequest: authenticated HTTP helper
- CreateOrg/DeleteOrg/GetOrg: use PUT/DELETE/GET /v1/orgs/{name}
- CreateProjectInOrg/DeleteProject/GetProject: use PUT/DELETE/GET
/v1/projects/{name}?org={orgName}
- waitUntilOrgCreation/waitUntilProjectCreation: poll TM REST API for IDLE
Remove imports for nexus_client, orgsv1, projectv1, folderv1, metav1,
ctrl (controller-runtime) which are no longer needed.
Keycloak user creation helpers (createKeycloakUser, addUserToGroups, etc.)
are unchanged — they still use gocloak directly.
Remove app-orch-tenant-controller and app-deployment-manager which are not deployed in the nexus-replacement configuration. Rename infra-tenant-controller -> tenant-controller to match the appName constant in infra-core/tenant-controller (the controller registers itself as 'tenant-controller', not 'infra-tenant-controller'). This fixes projects being stuck at STATUS_INDICATION_IN_PROGRESS waiting for controllers that either don't exist or use a different name.
…manager App-orch controllers (app-orch-tenant-controller, app-deployment-manager) are only deployed when the enable-app-orch.yaml profile is active (argo.enabled.app-orch-tenant-controller=true). Without this conditional, projects get stuck at IN_PROGRESS waiting for controllers that are not running in non-app-orch deployments. Also renames infra-tenant-controller -> tenant-controller in the override to match the appName constant in infra-core's tenancy-hook.go.
The chart on the nexus-replacement branch of orch-utils uses .Values.config.controllers (not .Values.tenancyManager.controllers). Our valuesObject override was using the wrong key so the ConfigMap was rendered with the chart's default (stale) controller list instead of the overridden one.
…s .Values.tenancyManager.*)
- mage/tenant_utils.go: tmGetAdminToken() now reads KC admin password directly from the platform-keycloak k8s secret instead of using ORCH_DEFAULT_PASSWORD env var, which was stale/wrong after deployment. This fixes: 'invalid_grant: Invalid user credentials' in CreateDefaultMtSetup. - argocd/applications/templates/nexus-api-gw.yaml: restore template that was incorrectly emptied in 35e278c. The nexus-api-gw is still required to inject the Activeprojectid header for cluster-manager and alerting-monitor. The tenancy-manager IngressRoutes only handle /v1/orgs and /v1/projects endpoints; they do NOT replace the project-name->UID resolution and header injection that nexus-api-gw provides for downstream services.
…dd auth-service tag
…ts, remove nexus tenancy apps, update e2e tests
…tead of helm registry Use path: charts/nexus-api-gw from orch-utils git repo (like tenancy-manager) instead of chartRepoURL registry. This ensures the chart without the Nexus CRD init container (wait-for-job) is used, since older registry versions still have the apimappingconfigs CRD wait that never resolves without Nexus.
…rt source Switch from OCI registry chart (26.1.0 with wait-for-crd init container) to git path on utils_nexus_replacement branch which has the init container removed.
…al IDs + add orch-iam to noProxy - argocd/applications/custom/tenancy-manager.tpl: rename 'tenant-controller' to 'infra-tenant-controller' in the registered project controllers list to match the canonical IDs defined in the Nexus Replacement design proposal (§3 'Canonical Controller IDs') and the orch-utils tenancy-manager chart defaults. The infra-core tenant-controller now self-registers as 'infra-tenant-controller' (open-edge-platform/infra-core PR on infra-nexus-replacement branch), so the historical override is no longer needed. - .github/workflows/virtual-integration.yml: add '.orch-iam' to the TF_VAR_no_proxy list. With the tenancy-manager moving into orch-iam, in-cluster traffic to it must bypass the proxy. The runtime proxy preset YAMLs in scorch are updated separately.
…rps resolve-project-id fix
…p stale -0546 suffix)
…le flags - cluster-manager controller only registered when argo.enabled.cluster-manager=true (CO enabled) - observability-tenant-controller only registered when o11y is enabled (alerting-monitor + edgenode-observability) - Prevents projects from getting stuck waiting for controllers not deployed when DISABLE_CO_PROFILE=true or DISABLE_O11Y_PROFILE=true
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Please include a summary of the changes and the related issue. List any dependencies that are required for this change.
Fixes # (issue)
Any Newly Introduced Dependencies
Please describe any newly introduced 3rd party dependencies in this change. List their name, license information and how they are used in the project.
How Has This Been Tested?
Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration
Checklist: