Skip to content

Single tenancy init job #264

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 28 commits into
base: main
Choose a base branch
from
Open

Single tenancy init job #264

wants to merge 28 commits into from

Conversation

harishb93
Copy link

Description

i-78542 - Add an optional Kubernetes job that initializes a single tenant in the tenancy model.

Fixes # (issue)

Any Newly Introduced Dependencies

Please describe any newly introduced 3rd party dependencies in this change. List their name, license information and how they are used in the project.

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration

Checklist:

  • I agree to use the APACHE-2.0 license for my code changes
  • I have not introduced any 3rd party dependency changes
  • I have performed a self-review of my code

github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 1, 2025
View reviewed changes
tenancy-init/Dockerfile
@@ -0,0 +1,30 @@
# SPDX-FileCopyrightText: 2025 Intel Corporation

Check notice

Code scanning / Trivy

No HEALTHCHECK defined

Artifact: tenancy-init/Dockerfile Type: dockerfile Vulnerability DS026 Severity: LOW Message: Add HEALTHCHECK instruction in your Dockerfile Link: [DS026](https://avd.aquasec.com/misconfig/ds026)
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 8, 2025
View reviewed changes
johnoloughlin
johnoloughlin previously approved these changes Oct 10, 2025
View reviewed changes
@harishb93 harishb93 marked this pull request as ready for review October 13, 2025 15:05
scottmbaker
scottmbaker reviewed Oct 13, 2025
View reviewed changes
Copy link
Contributor

@scottmbaker scottmbaker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is the dockerfile, makefile, etc., in the edge-manageability-framework repository rather than the orch-utils repository? Seems like most of the container images that serve multitenancy (for example, tenancy-api-mapping, tenancy-datamodel, keycloak-tenant-controller, etc) live over there.

charts/tenancy-init/templates/job.yaml
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
# image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
image: localhost:5000/tenancy-init:25.2.1
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm assuming this will soon be changed to point to a published image?

tenancy-init/pkg/utils/tenant_utils.go
}

func KeycloakLogin(ctx context.Context) (*gocloak.GoCloak, *gocloak.JWT, error) {
keycloakURL := "http://platform-keycloak.orch-platform.svc.cluster.local:8080"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

any issues with this URL being hardcoded?

tenancy-init/README.md

Tenant Initializer is a cloud-native job on the Edge Orchestrator. It
provides a bootstrap tenant during startup if the user wishes to avoid manually
creating a tenant using scripts or commands.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A note in the README about how the password is handled would be useful. I can see in the code that it creates a randomly generated password and then stores it in a secret. We should document that behavior in the readme, as well as the name of the secret.

tenancy-init/pkg/utils/tenant_utils.go
}
log.Info().Msg("Project active watchers are ready.")

return nil
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What about project roles for the admin user?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@scottmbaker scottmbaker scottmbaker left review comments

@garyloug garyloug Awaiting requested review from garyloug garyloug is a code owner

@palade palade Awaiting requested review from palade palade is a code owner

@SushilLakra SushilLakra Awaiting requested review from SushilLakra SushilLakra is a code owner

@diwanc diwanc Awaiting requested review from diwanc diwanc is a code owner

@eoghanlawless eoghanlawless Awaiting requested review from eoghanlawless eoghanlawless is a code owner

@hyunsun hyunsun Awaiting requested review from hyunsun hyunsun is a code owner

@soniabha-intc soniabha-intc Awaiting requested review from soniabha-intc soniabha-intc is a code owner

@sunil-parida sunil-parida Awaiting requested review from sunil-parida sunil-parida is a code owner

@cjnolan cjnolan Awaiting requested review from cjnolan cjnolan is a code owner

@rranjan3 rranjan3 Awaiting requested review from rranjan3 rranjan3 is a code owner

@johnoloughlin johnoloughlin Awaiting requested review from johnoloughlin johnoloughlin is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@harishb93 @scottmbaker @johnoloughlin @actions-user