Kubectl, kind, and bats should instead be documented as pre-requisites for these steps. This ensures that the Makefile will work on a variety of platforms (Mac, Linux, etc)

• also remove the tag after the job is done

Following are the tasks that need to be completed prior to cutting the v0.9.0 release:

• Rename osmcontroller to osmController in https://github.com/Azure/osm-azure/blob/main/charts/osm-arc/values.yaml as per the change made in the openservicemesh/osm repo:
  https://github.com/openservicemesh/osm/blob/13143a252e4593974ad34a910312370ebe72b64a/charts/osm/values.yaml#L22-L24

• Fix broken links in documentation: #100

This GitHub issue is to convert the pre-install Kubernetes job from shell script to Go code.

Why:

Bash in YAML makes it
a) hard to understand what this does
b) extremely difficult to test

Where:

How:

I propose we

1. create a Go package in this repo - use Go K8s client instead of cURL
2. write tests for it
3. create a new Dockerfile
4. create release pipeline
5. push the image in the appropriate container registries
6. use the new container image instead of Alpine:

   osm-azure/charts/osm-arc/templates/osm-label.yml

   Line 123 in a317fec

   image: {{ .Values.alpine.image.name }}:{{ .Values.alpine.image.tag }}

Since this chart uses OSS osm chart as dependency, and 0.5.0 currently does not have a "webhook prefix" field in values.yaml, this cannot be overwritten. So for now the webhook will just be "osm-webhook-osm," but when 0.5.1 gets released we want to override this field in the osm-arc values.yaml and also change the e2e in test.bats to look for "arc-osm-webhook-osm"

Document that permissive mode is true by default and later needs to be disabled in order to use SMI resources

Move kind, bats, kubectl, helm install commands from Makefile to gh workflow to prevent recipe from trying to install each time these are run locally

The variable name labelnamespaces does not provide enough context around what and why.
I propose we rename labelnamespaces to ignoreNamespaces, which will match the original store of value and most importantly will carry more context.

This needs to be renamed in a few places:

• osm-azure/charts/osm-arc/templates/osm-label.yml

  Line 126 in a317fec

  - name: labelnamespaces

• osm-azure/charts/osm-arc/templates/osm-label.yml

  Lines 138 to 139 in a317fec

  	namespaces=${labelnamespaces}
  	for namespace in ${namespaces}

https://github.com/Azure/osm-azure/search?q=labelnamespaces

The CI uses many tag variables, such as "CHECKOUT_TAG", "UNIQUE_TAG," and "CHART_TAG". These should be renamed to be more intuitive. Comments should also be added to specify the function and provide a better description of these variables.

Ensure that:

1. Contributors that aren't members of OpenServiceMesh project on ADO cannot kick of CI pipeline run unless approved by a project member.
2. Pipeline does not output sensitive information such as subscription ID, passwords, registry name, etc.

Upstream chart will be using Helm instead of OSM CLI to run enforce-single-mesh, thus the validate-single-mesh pre-install hook for osm-arc will no longer be needed.

enableDebugServer should be false for the osm-azure chart so that the endpoint isn't exposed unnecessarily.

If debugging is needed, it can be turned on in the osm config map.

"This collaboration will result in the OSM project proceeding towards project archival with the CNCF as we focus our team resources on the Istio project." https://openservicemesh.io/blog/osm-project-update/

How long will there be support/updates to OSM AKS extension?
Will there be an easy upgrade path to Istio?
Is advised to switch to Istio now?

We want Azure customers to have one place to see all osm related documentation whether that may be azure/arc specific or oss specific. Jumping around repos to figure things out is a pain. It'd be great if we could import the oss docs into this repo perhaps using a git submodule. git submodules also allow us to pin to a specific version of osm so folks don't need to go to the main osm repo and go through another step of checking out the relevant git tag. This is an exploratory issue. I'm not sure if you can just import one directory (docs/) with git submodules so that is one particular thing we'll need to explore too. As part of this issue, we'll also want to note what the experience/process/workflow is for osm-azure maintainers to actually maintain the git submodule in the long term.

• Document differences between components deployed as part of the chart in this repo and the osm repo
• Document default values set by this chart and the chart in the osm repo

https://github.com/openservicemesh/osm/blob/main/charts/osm/templates/osm-deployment.yaml#L60-L66
This will be available as part of osm v0.7.0

References to the following links are broken:

https://github.com/openservicemesh/osm/blob/main/docs/upgrade_guide.md#crd-upgrades (

https://github.com/openservicemesh/osm/blob/main/docs/uninstallation_guide.md (

A list of changes to make during the osm-arc v0.10.0 release process (including RCs) with regard to changes made in the upstream chart:

1. Remove manual crd upgrade step from upgrade-e2e-job.
2. Override value of deployKubeStateMetrics (if merged before v0.10.0)

The following script creates an unnecessary variable namespaces.
It seems to me that we can directly use ${labelnamespaces} in lieu of ${namespaces}

Run helm dep update before linting the osm-arc chart, see example

Update the msi-adapter image to v1.0.6 and update the envoy image to v1.26.7.

Instead of hardcoding the namespace as "arc-osm-system" in test.bats, we should use a RELEASE_NAMESPACE variable.

The arc extension will pass in a set of Azure specific values related to proxy (and potentially other values later on) at the time that a user installs the osm arc extension on their cluster. This happens essentially via a helm install with the osm-arc chart. You can think of the arc team is trying to do as helm install <osm-arc-chart> --set Azure.httpProxy="something". The osm-arc chart installs the osm chart as a dependency( aka child) meaning it can override values of the child chart. The osm chart is where the proxy configuration is exposed via certain values. For example, one of the proxy settings in the osm chart is called OpenServiceMesh.fluentBit.httpProxy. We want to be able to set the value of Azure.httpProxy to OpenServiceMesh.fluentBit.httpProxy at install time.

Currently, there is not a clean solution for this:

• Moving these values both in the open source osm chart and the osm-arc chart to the Global key in the values files is 1) not a convenient solution for either project and doesn't clearly make sense for the oss chart 2) Not a solution that makes sense for the arc team as they plan to add more Azure specific values and don't want to dirty the Global key in arc extension's chart. PoC & further explanation here.
• We could use a Helm's post rendering functionality and kustomize or a custom bash script to overwrite the original templates that get rendered. This is not functionality that the arc team has at the moment and would require the arc team to enable usage of a post-renderer thereby adding an additional tool/dependency to the toolchain. This is also a somewhat brittle solution as it relies on keeping up pretty manually with any changes in the osm chart templates thereby putting extra work on the team. PoC here.

What we really need is something that is referred to in the Helm community as export-values functionality described here. There is also a open PR for the feature in the Helm repo here. It has been open for about a year now, so the next step on our part would be to engage with the Helm community to see how we can move this work along.

#15 (comment)
runtime/default is not supported seccomp profile in OpenShift. Use helm variable for available seccomp profile for specific K8s distro.