-
Notifications
You must be signed in to change notification settings - Fork 345
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable single operator to monitor all namespaces #188
Conversation
Codecov Report
@@ Coverage Diff @@
## master #188 +/- ##
======================================
Coverage 96.7% 96.7%
======================================
Files 32 32
Lines 1639 1639
======================================
Hits 1585 1585
Misses 41 41
Partials 13 13 Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 4 of 4 files at r1.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @objectiser)
a discussion (no related file):
leave the current operator deployment focused on a single namespace and provide documentation about how to change them to watch all namespaces
I think the most common case will be one operator for multiple namespaces. Perhaps not "all", but certainly "multiple".
if there is no way to provide a reference to the namespace in the role_binding.yaml, then maybe we would need a helm chart to install the operator and use {{ .Release.Namespace }}
Not quite sure I understood. The only namespace there is for the service account, stating where to find it. Are you having some specific permission issue?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @jpkrohling)
a discussion (no related file):
Previously, jpkrohling (Juraci Paixão Kröhling) wrote…
leave the current operator deployment focused on a single namespace and provide documentation about how to change them to watch all namespaces
I think the most common case will be one operator for multiple namespaces. Perhaps not "all", but certainly "multiple".
if there is no way to provide a reference to the namespace in the role_binding.yaml, then maybe we would need a helm chart to install the operator and use {{ .Release.Namespace }}
Not quite sure I understood. The only namespace there is for the service account, stating where to find it. Are you having some specific permission issue?
The problem is that the role_binding.yaml
has to hardcode the namespace of the service account - so if a user is installing jaeger-operator from the deployment files in this repo, then they would need to deploy the jaeger-operator in that predefined namespace - or else edit the role_binding.yaml
to specify the actual namespace where they deployed the operator.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: complete! all files reviewed, all discussions resolved
a discussion (no related file):
Previously, objectiser (Gary Brown) wrote…
The problem is that the
role_binding.yaml
has to hardcode the namespace of the service account - so if a user is installing jaeger-operator from the deployment files in this repo, then they would need to deploy the jaeger-operator in that predefined namespace - or else edit therole_binding.yaml
to specify the actual namespace where they deployed the operator.
Right, sorry. Makes sense now. Are these files copied over to the helm chart, or are they reused? I think it would be OK to have this specific file duplicated there, as I don't think it's possible to leave this field out (haven't tested, though).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: complete! all files reviewed, all discussions resolved
a discussion (no related file):
Previously, jpkrohling (Juraci Paixão Kröhling) wrote…
Right, sorry. Makes sense now. Are these files copied over to the helm chart, or are they reused? I think it would be OK to have this specific file duplicated there, as I don't think it's possible to leave this field out (haven't tested, though).
The deployment files are copied when used in the Istio helm chart, so its not a problem there. This is about what we should provide for users who are deploying directly from the files in this repo.
We could add a namespace to all of the files and then users would have to edit them if they wanted to use a different namespace? (e.g. jaeger namespace)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: complete! all files reviewed, all discussions resolved
a discussion (no related file):
Previously, objectiser (Gary Brown) wrote…
The deployment files are copied when used in the Istio helm chart, so its not a problem there. This is about what we should provide for users who are deploying directly from the files in this repo.
We could add a namespace to all of the files and then users would have to edit them if they wanted to use a different namespace? (e.g. jaeger namespace)
You are correct, the namespace must be provided. If the namespace is left out, then the operator can only be deployed to default namespace.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: complete! all files reviewed, all discussions resolved
a discussion (no related file):
Previously, objectiser (Gary Brown) wrote…
You are correct, the namespace must be provided. If the namespace is left out, then the operator can only be deployed to default namespace.
Yes, adding the namespace to everything with a default (observability
) value is my preference, as it reduces the risk of something not working. Most people will be OK in following our basic instructions, few of them would want to deviate. For those cases, it's OK to expect them to customize the YAML files. We just need to make sure to test the alternative and tell them what needs to be done.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: complete! all files reviewed, all discussions resolved
a discussion (no related file):
Previously, jpkrohling (Juraci Paixão Kröhling) wrote…
Yes, adding the namespace to everything with a default (
observability
) value is my preference, as it reduces the risk of something not working. Most people will be OK in following our basic instructions, few of them would want to deviate. For those cases, it's OK to expect them to customize the YAML files. We just need to make sure to test the alternative and tell them what needs to be done.
SGTM - will update files and instructions.
@jpkrohling Should be ready for final review. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 7 of 7 files at r2.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @objectiser)
a discussion (no related file):
Don't we need to change the files from deploy/olm-catalog
as well (you might need a rebase to see that directory)?
Signed-off-by: Gary Brown <[email protected]>
Signed-off-by: Gary Brown <[email protected]>
Signed-off-by: Gary Brown <[email protected]>
@jpkrohling Removed the namespace from the CRD as not necessary - changed to WIP as need to check OLM. |
Signed-off-by: Gary Brown <[email protected]>
@@ -98,19 +148,15 @@ spec: | |||
containers: | |||
- args: | |||
- start | |||
- --platform=openshift |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jpkrohling I ran the command as described here - just wondering if the removal of the --platform=openshift
is right?
cc @awgreene
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Doesn't look correct. OLM is, AFAIK, OpenShift-specific, so, it requires the --platform=openshift
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't think OLM is supposed to be OpenShift specific - question is why it automatically removes this arg, but leaves the start
argument? Maybe it is just using the operator.yaml
.
Might be worth addressing this by checking for Route
or other OpenShift specific resource to determine platform, to avoid separate deploy file?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hello @jpkrohling and @objectiser
OLM and Marketplace will be able to run on vanilla Kubernetes. The Operator-sdk gen will use the operator.yaml
by default. Ideally, there would be a single deployment file called operator.yaml
and checks for the platform would be done within the running operator.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@awgreene Ok thanks.
@jpkrohling So should we just merge this PR and work on detecting the platform automatically in a separate PR?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, LGTM
Resolves #24
This PR demonstrates how a single operator can be used to create Jaeger instances in different namespaces.
For example,
The problem with this approach is that the
role_binding.yaml
has to have thenamespace
hardcoded. Not sure if this can reference the namespace as a parameter, as with the env vars?Options:
role_binding.yaml
, then maybe we would need a helm chart to install the operator and use{{ .Release.Namespace }}
Signed-off-by: Gary Brown [email protected]