CS management clusters into cosmosdb by geoberle · Pull Request #4513 · Azure/ARO-HCP

geoberle · 2026-03-18T15:35:37Z

What

mirror CS management clusters into cosmosdb

introduce new cosmosdb types
** Stamp - the infra deployment unit for a management cluster (think capi Machine)
** ManagementCluster - the provision shards for HCPs (think k8s Node)
includes API types, CRUD interface, database lister, informer, OCM conversion logic
... and a periodic sync controller for importing them from CS
CS is still the inventory for management clusters and source of truth
includes a controller to sync the mgmt cluster placement information from CS into the serviceprovidercluster document

"cosmosMetadata": {
    "resourceID": "/providers/microsoft.redhatopenshift/stamps/1"
},
"resourceId": "/providers/microsoft.redhatopenshift/stamps/1",
"spec": {},
"status": {
    "conditions": [
        {
            "type": "Approved",
            "status": "True",
            "lastTransitionTime": "2026-05-11T00:44:23Z",
            "reason": "AutoApproved",
            "message": "Synced from Cluster Service provision shard"
        }
    ]
}

{
  "cosmosMetadata": {
    "resourceID": /providers/microsoft.redhatopenshift/stamps/1/managementclusters/default
  },
  "spec": {
    "schedulingPolicy": "Schedulable"
  },
  "status": {
    "aksResourceID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/hcp-underlay-westus3/providers/Microsoft.ContainerService/managedClusters/hcp-underlay-westus3-mgmt-1",
    "publicDNSZoneResourceID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/global/providers/Microsoft.Network/dnsZones/westus3.aroapp.io",
    "hostedClustersSecretsKeyVaultURL": "https://hcp-underlay-westus3-mgmt-1-cx.vault.azure.net",
    "hostedClustersManagedIdentitiesKeyVaultURL": "https://hcp-underlay-westus3-mgmt-1-msi.vault.azure.net",
    "hostedClustersSecretsKeyVaultManagedIdentityClientID": "00000000-0000-0000-0000-000000000001",
    "maestroConsumerName": "hcp-underlay-westus3-mgmt-1",
    "maestroRESTAPIURL": "http://maestro.maestro.svc.cluster.local:8000",
    "maestroGRPCTarget": "maestro-grpc.maestro.svc.cluster.local:8090",
    "clusterServiceProvisionShardID": "/api/clusters_mgmt/v1/provision_shards/00000000-0000-0000-0000-000000000002",
    "conditions": [
      {
        "type": "Ready",
        "status": "True",
        "lastTransitionTime": "2026-04-01T10:00:00Z",
        "reason": "ProvisionShardActive",
        "message": "ClustersService provision shard is active"
      }
    ]
  }
}

implements phase 1 of https://github.com/openshift-online/aro-enhancements/pull/1

Jira

ARO-26914 ARO-26917 ARO-26918 ARO-26919 ARO-26920 ARO-26921 ARO-26922

machi1990 · 2026-03-18T16:06:00Z

We could potentially make

ARO-HCP/backend/pkg/controllers/delete_orphaned_maestro_readonly_bundles_controller.go

Line 199 in be491ea

provisionShardsIterator := c.clusterServiceClient.ListProvisionShards()

read db content instead of making a CS call to enlist all clusters.

Copilot

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

tuxerrante

/lgtm

openshift-ci · 2026-05-08T06:21:58Z

@tuxerrante: changing LGTM is restricted to collaborators

Details

In response to this:

/lgtm

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Copilot

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

Copilot

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

Copilot

Pull request overview

Copilot reviewed 64 out of 64 changed files in this pull request and generated 6 comments.

Copilot

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

machi1990

/lgtm

geoberle · 2026-05-11T10:24:09Z

/test e2e-parallel

openshift-merge-bot · 2026-05-11T11:32:11Z

/retest-required

Remaining retests: 0 against base HEAD bca1ae4 and 2 for PR HEAD f6ca56c in total

Add the listWatchWithoutWatchListSemantics wrapper and expiringWatcher to internal/database/informers/. These are type-agnostic building blocks for Cosmos-backed SharedIndexInformers that do not support the native Kubernetes watch protocol. Taken from the kube-applier PR (#5076) so both fleet and kube-applier subsystems share the same infrastructure.

Signed-off-by: Gerd Oberlechner <goberlec@redhat.com>

…ntroller * create cosmosdb client once for both clients

Copilot

Pull request overview

Copilot reviewed 66 out of 66 changed files in this pull request and generated 3 comments.

machi1990

/lgtm

openshift-ci · 2026-05-11T13:36:35Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: geoberle, machi1990, tuxerrante

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [geoberle]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

openshift-ci · 2026-05-11T19:14:28Z

@geoberle: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/cspr	`b0d4c11`	link	true	`/test cspr`
ci/prow/images-push	`b0d4c11`	link	true	`/test images-push`

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

openshift-merge-bot · 2026-05-11T19:42:11Z

/retest-required

Remaining retests: 0 against base HEAD 4e66ca0 and 2 for PR HEAD 3e8fb30 in total

geoberle · 2026-05-11T20:12:27Z

/retest-required

openshift-ci Bot requested review from bennerv and deads2k March 18, 2026 15:35

openshift-ci Bot added the approved label Mar 18, 2026

openshift-ci Bot added the needs-rebase label Mar 18, 2026

machi1990 reviewed Mar 18, 2026

View reviewed changes

Comment thread internal/validation/validate_management_cluster_test.go Outdated

geoberle marked this pull request as draft March 18, 2026 16:16

openshift-ci Bot added the do-not-merge/work-in-progress label Mar 18, 2026

geoberle force-pushed the mgmt-cluster-cosmosdb branch from be491ea to 9c07c65 Compare March 19, 2026 08:47

openshift-ci Bot removed the needs-rebase label Mar 19, 2026

geoberle marked this pull request as ready for review March 19, 2026 16:40

openshift-ci Bot removed the do-not-merge/work-in-progress label Mar 19, 2026

openshift-ci Bot requested a review from mbarnes March 19, 2026 16:40

geoberle force-pushed the mgmt-cluster-cosmosdb branch 2 times, most recently from eee29a6 to dec6c48 Compare March 19, 2026 21:57

machi1990 suggested changes Mar 19, 2026

View reviewed changes

geoberle force-pushed the mgmt-cluster-cosmosdb branch from dec6c48 to 2d5c4c3 Compare March 20, 2026 10:13

openshift-ci Bot added the needs-rebase label Mar 20, 2026

geoberle force-pushed the mgmt-cluster-cosmosdb branch from 2d5c4c3 to cac7b80 Compare March 20, 2026 10:14

openshift-ci Bot removed the needs-rebase label Mar 20, 2026

geoberle force-pushed the mgmt-cluster-cosmosdb branch 3 times, most recently from d2df91c to 77f2b6e Compare March 20, 2026 11:45

openshift-ci Bot added the needs-rebase label Mar 21, 2026

machi1990 reviewed Mar 23, 2026

View reviewed changes

Comment thread docs/mgmt-cluster-fleet-management.md Outdated

machi1990 reviewed Mar 23, 2026

View reviewed changes

Comment thread backend/pkg/controllers/managementclustercontrollers/management_cluster_placement_sync_test.go Outdated

machi1990 reviewed Mar 23, 2026

View reviewed changes

Comment thread backend/pkg/controllers/managementclustercontrollers/management_cluster_placement_sync.go Outdated

machi1990 reviewed Mar 23, 2026

View reviewed changes

Comment thread internal/api/types_serviceprovider_cluster.go Outdated

geoberle force-pushed the mgmt-cluster-cosmosdb branch from e885710 to faaaa2b Compare March 24, 2026 15:26

openshift-ci Bot removed the needs-rebase label Mar 24, 2026

Copilot AI reviewed May 7, 2026

View reviewed changes

tuxerrante approved these changes May 8, 2026

View reviewed changes

Copilot AI reviewed May 8, 2026

View reviewed changes

Copilot AI reviewed May 10, 2026

View reviewed changes

Copilot AI reviewed May 11, 2026

View reviewed changes

geoberle commented May 11, 2026

View reviewed changes

Comment thread hack/run-with-port-forward.sh