#26

Users should be able to delete the Azure API Management service by removing its correlattting CR via kubectl delete AzureAPIManagement some-resource

DONE: APIM resources removed from Kubernetes should result in services being removed from Azure

This user story covers the following:
Creation of a resource helper library using Azure Go SDK that can be used to deploy/delete/update the resource. This can be used in the operator code.

Acceptance Criteria
[Update this once the owner starts looking at the user story]

• User can create an instance of the Azure API management service given the location and resource group using the helper library

• User can delete an particular instance of the Azure API management service using the helper library

• User can update the settings of a particular instance of the API management service using the helper library

• Unit tests exist for the helper functions

• The service principal information, subscription ID and tenant ID can be passed as environment variables to the helper library

• The helper library has the ability to diagnose issues. (Discuss the logger we want to use)

Tasks
Add a link to tasks you would like to create for this user story

@todo: fill in dettails

This user story covers the following:
Integration tests for the API management operator that can be used in the release pipeline

Acceptance Criteria
[Update this once the owner starts looking at the user story]

• Developer can run integration tests for the operator as part of the release pipeline to catch issues

Tasks
Reference this issue when you create tasks for this user story

Use kubebuilder and the azure sdk for go to create an operator POC that defines a CRD for ACR deployments and an operator that watches instances of those CRDs.

When an ACR CR is created, the operator should deploy a new ACR in Azure.

When an ACR CR is updated, the operator should idempotently update the ACR in Azure.

When an ACR CR is deleted, the operator should remove the cloud resource in Azure.

This user story covers the following:
Creation of README for deploying the operator, using it to deploy Azure services and running tests.

Acceptance Criteria
[Update this once the owner starts looking at the user story]

• Documentation covers instructions to deploy the operator based on the public docker image released.

• Documentation should cover instructions to setup their environment to build the code

• Documentation should cover how to deploy/delete//update Azure resources once the CRDs are installed (on Operator install) with example YAMLs and information on how to store the environment variables

• Documentation should cover how to run unit tests/integration tests

Tasks
Reference this issue when you create tasks for this user story

This user story covers the following:
Handling of tenant ID, Subscription ID, service principal ID/secret that is required to create the Azure service by storing them as secrets in the cluster during Operator install.

Acceptance Criteria
[Update this once the owner starts looking at the user story]

• User can populate the sensitive information needed for the Azure service to be created in the Kubernetes cluster as environment variables during Operator install

• User can ensure that the Operator picks up new values if the information changes after Operator install

Tasks
Reference this issue when you create tasks for this user story

@todo: link to operator spec, add description

#26

1. Clone the master branch
2. check out a new branch for the api mgmt work (call it api-management)
3. checkout a new branch for the first deliverable for this user story (scaffolding)
4. use kubebuilder to scaffold the new operator kubebuilder create api --group azure --version v1 --kind AzureAPIManagement
5. submit PR

DONE: When a user can deploy a blank CRD for API Management and trigger an empty Reconcile loop when mutating APIM CRs

#24

Implement a method for doing the above.

clean up the current repo, removing customer-specific details (namespaces,…) and send pr

#26

This user story covers the following:
Integration tests for the API management operator that can be used in the release pipeline

Acceptance Criteria
[Update this once the owner starts looking at the user story]

• Developer can run integration tests for the operator as part of the release pipeline to catch issues

Tasks
Reference this issue when you create tasks for this user story

This epic covers

• Development of an Azure Service operator using Kubebuilder which creates a CRD for Azure API management

• An user should be able to deploy/delete/update the resource

• We'll use Azure Go SDK for the resource management/creation

• There will need to be tests and logging added

Acceptance criteria
Reference: [Done-Done checklist] Link

• Can you create, delete and update settings for the Azure API Management service?

• Are there unit tests for the resource helper functions?

• Are there integration tests that run as part of the release pipeline?

• Is there logging and telemetry added for diagnosability?

• Is there documentation added for how to deploy and use the operator?

• Code reviewed by product group?

• Code reviewed by customer?

User Stories
Add links to User Stories for this epic. User stories are intended to be completed in one sprint.

This user story covers the following:
Creation of the CI/CD pipeline using Azure Devops for EventHub Operator. This pipeline will be used for other operators too after this.

Acceptance Criteria
[Update this once the owner starts looking at the user story]

• The CI pipeline runs for every pull request. It builds the code and runs unit tests

• All changes to the master branch trigger the CI/CD pipeline to build code, run unit tests in addition to also running integration tests and tagging releases in ACR and Github

• The pipeline to run integration tests can also be triggered manually when we need to test if things are working fine with the external Azure APIs

Tasks
Reference this issue when you create tasks for this user story

This user story covers the following:
Creation of the Kubernetes service operator scaffolding using Kubebuilder. The operator would utilize the helper library developed using Go SDK to perform the actual resource deployment.

Acceptance Criteria
[Update this once the owner starts looking at the user story]

• User can install a Custom Resource Definition (CRD) for Azure API management service on the Kubernetes cluster

• User can install a API management service instance using the CRD in an YAML file

• User can update the settings of a particular instance of the API management service using the CRD

• User can delete the instance of the API management service using the CRD

• User gets clear information on why an operation failed and how to remedy it

Tasks
Reference this issue when you create tasks for this user story

I run into the following error message when running the repo 2019-08-06T14:47:58.105-0600 ERROR setup problem running manager {"error": "open /tmp/k8s-webhook-server/serving-certs/tls.crt: no such file or directory"}

#24

Create a generic interface for concrete implementations of helper functions for API Management Service. The reason for this is so that a Go Azure SDK concrete implementation can be created now, but allowing for ARM and Terraform concrete implementations at a later date.

This will require creating a struct to pass information to / uniquely identify the Go Azure SDK concrete implementation.

This is also from feedback from the AKS PG team. We should look at using AAD pod identity instead of service principals

**Done criteria **
This is the "done" criteria for this task

• The operator should be able to run given an MSI identity using AAD pod identity

Epic reference
#266

#24

Complete helper methods so that a WADL api endpoint can be created / updated / deleted.

This should involve the creation of unit tests for the functionality.

Currently several reconciliation loops return futures from Azure API calls and wait on their completion. This means deploying many object will cause blocking calls and effectively serialize their creation. This is undesirable.

We should instead make reconciliation not care about the result of the call, allowing it to proceed and pick up any information it would need during the next requeue.

#26

Refer to the API Management spec to determine which fields will be needed to properly configure the service: https://github.com/Azure/azure-sdk-for-go/blob/a629ae7873bf2a86184a8bc1b65e65e1ab532f57/services/apimanagement/mgmt/2019-01-01/apimanagement/models.go#L1193:6

update the spec fields in api/v1/azureapimanagement_types.go to reflect the configuration requirementts

DONE: New API Management service manifests can accept all the configuration necessary to deploy API Management services. APIM CRs can be unmarshaled into a go struct with all the data intact.

#24

For the API Management Service, create a unit test file / strategy where unit tests for the helper functions can reside. The initial test should create an API Management Service instance in a manner similar to the way the azure sdk go examples test Key Vault (etc.)

#24
Complete the helper methods so that a "blank" api endpoint can be created / updated / deleted.

This should involve the creation of unit tests for the functionality.

#24

Investigate the API Mgmt Svc in the portal and understand how to setup API endpoints for:

Blank, OpenAPI, and WADL (ignore the rest)

Understand what configuration we should do via YAML vs. what should be done in the portal after deployment

@todo: fill in description and link to spec

#26

When the Reconciliation loop is called, determine if a correlating API Management service exists. If it does not, create it.

DONE: Creation of new AzureAPIManagement CR results in the reconciliation loop creating a service in Azure

#24

In order to better understand the API Mgmt Svc - create example WADL and OpenAPI files for the "actors" api for Helium on AKS, this will be used by #53

#24

Complete helper methods so that a OpenAPI endpoints can be created / updated / deleted.

This should involve the creation of unit tests for the functionality.

Currently, the owner of this repo is ACS-Admin (plus me). The owner should reflect the actual participants and we can't add CSE people to ACS-Admin. So maybe we should create a new group that combines the AKS participants and the CSE ones?

Possibly not high priority!

#26

Create documentation detailing how a user can deploy, update, or delete API Management services from Kubernetes.

DONE: User can perform CRUD operations after following the documentation provided by this issue

Current behavior

Currently, the Eventhub operator employs a Webhook in order to validate that the Eventhub namespace referenced by an Eventhub CR exists in Azure.

If it does not exist, the kubectl create command will fail.

Webhook code here: https://github.com/Azure/azure-service-operator/blob/master/api/v1/eventhub_webhook.go#L71

Expected behavior

My expectation is that kubectl only rejects manifests with malformed yaml or json. Beyond that, it continues to attempt to reach the state desired by the user.

The current solution makes us rely on Flux to deploy the manifests and overcome failures. The expected behavior would allow us to remove the validating webhook and simplify testing.

Proposed Change

Remove webhook for validating Eventhub resources. Check for existence of namespace in reconciliation loop, if it does not exist, set a status explaining the issue on the resource and re-queue.

This user story covers the following:
Creation of a resource helper library using Azure Go SDK that can be used to deploy/delete/update the resource. This can be used in the operator code.

Acceptance Criteria

• User can install a Custom Resource Definition (CRD) for Azure EventHub and EventHub namespace on the Kubernetes cluster

• User can install Azure EventHub and EventHub namespace instance using the CRD in an YAML file

• User can update the settings of a particular instance of the Azure EventHub and EventHub namespace using the CRD

• User can delete the instance of the Azure EventHub and EventHub namespace using the CRD

• User gets clear information on why an operation failed and how to remedy it

Tasks
Reference this issue when you create tasks for this user story

This user story covers the following:
Diagnosability for the operator including logging, telemetry and metric monitoring

Acceptance Criteria
[Update this once the owner starts looking at the user story]

• User can understand clearly what operations succeeded and what failed using the logs

• User can troubleshoot and remedy the problem when the operator does not work

Tasks
Reference this issue when you create tasks for this user story

@todo: fill in spec details and add description

#24

These unit tests should test all 3 supported types of API endpoints: blank, OpenAPI, and WADL.

Use kubebuilder and Terraform to create an operator POC that defines a CRD for ACR deployments and an operator that watches instances of those CRDs.

When an ACR CR is created, the operator should use terraform to deploy a new ACR instance to Azure

When an ACR CR is updated, the operator should redeploy the terraform plan.

When an ACR CR is deleted, the operator should remove the cloud resource in Azure using Terraform.

Use kubebuilder and the azure sdk for go to create an operator POC that defines a CRD for ACR deployments and an operator that watches instances of those CRDs.

When an ACR CR is created, the operator should deploy a new ACR in Azure using the go adk and an Arm template.

When an ACR CR is updated, the operator should redeploy the Arm template.

When an ACR CR is deleted, the operator should remove the Arm deployment and the ACR resource deployed within it.

After merging in the event hub code the source code repository needs additional helper functions from the azure go sdk example repository added in, as well as needs to be restructured so that we can expand the repository to have additional functionality

#24

#26

Users should be able to change the configuration for allowed fields in an AzureAPIManagement CR and have those changes propagated to the Azure service.

DONE: Reconciliation loop applies changes in spec idempotently to Azure APIM service

@todo: link any data about the spec, add a description

@todo: add operator spec and description

This user story covers the following:
Creation of a resource helper library using Azure Go SDK that can be used to deploy/delete/update eventhub and eventhub namespace. This can be used in the operator code.

Acceptance Criteria

• User can create an instance of the Azure EventHub given the location and resource group using the helper library

• User can delete an particular instance of the Azure EventHub using the helper library

• User can update the settings of a particular instance of the Azure EventHub using the helper library

• Unit tests exist for the helper functions

• The service principal information, subscription ID and tenant ID can be passed as environment variables to the helper library

• The helper library has the ability to diagnose issues.

Tasks
Reference this issue when you create tasks for this user story

This user story covers the following:
Handling of tenant ID, Subscription ID, service principal ID/secret that is required to create the Azure service by storing them as environment variables in the cluster during Operator install.

Acceptance Criteria
[Update this once the owner starts looking at the user story]

• User can populate the sensitive information needed for the Azure service to be created in the Kubernetes cluster as environment variables during Operator install

• User can ensure that the Operator picks up new values if the information changes after Operator install

Tasks
Reference this issue when you create tasks for this user story

This user story covers the following:
Diagnosability for the operator including logging, telemetry and metric monitoring

Acceptance Criteria
[Update this once the owner starts looking at the user story]

• User can understand clearly what operations succeeded and what failed using the logs

• User can troubleshoot and remedy the problem when the operator does not work

Tasks
Reference this issue when you create tasks for this user story