From 8bc686bc292745a844140c1de9b0fce0baac0774 Mon Sep 17 00:00:00 2001 From: francostellari Date: Fri, 1 Mar 2024 09:43:24 -0500 Subject: [PATCH 1/2] CP, PCH, statusaddon, docs Signed-off-by: francostellari CP, PCH, statusaddon, docs Signed-off-by: francostellari CP, PCH, statusaddon, docs Signed-off-by: francostellari --- Makefile | 7 +- ...y.kflex.kubestellar.org_controlplanes.yaml | 141 +++++++++ ...kflex.kubestellar.org_postcreatehooks.yaml | 126 +++++++++ chart/templates/controlplanes.yaml | 17 ++ chart/templates/operator.yaml | 267 ------------------ chart/templates/pch/kubestellar.yaml | 197 +++++++++++++ chart/templates/pch/ocm-with-status.yaml | 91 ++++++ chart/templates/pch/ocm.yaml | 36 +++ ...{postgresql-hooks.yaml => postgresql.yaml} | 0 chart/values.yaml | 25 +- config/default/kustomization.yaml | 2 +- docs/users.md | 81 +++++- scripts/create-kind-cluster.sh | 49 ++++ 13 files changed, 763 insertions(+), 276 deletions(-) create mode 100644 chart/crds/tenancy.kflex.kubestellar.org_controlplanes.yaml create mode 100644 chart/crds/tenancy.kflex.kubestellar.org_postcreatehooks.yaml create mode 100644 chart/templates/controlplanes.yaml create mode 100644 chart/templates/pch/kubestellar.yaml create mode 100644 chart/templates/pch/ocm-with-status.yaml create mode 100644 chart/templates/pch/ocm.yaml rename chart/templates/{postgresql-hooks.yaml => postgresql.yaml} (100%) create mode 100644 scripts/create-kind-cluster.sh diff --git a/Makefile b/Makefile index 90b56ce..e6ee6d2 100644 --- a/Makefile +++ b/Makefile @@ -135,7 +135,7 @@ docker-push: ## Push docker image with the manager. docker push ${IMG} .PHONY: ko-build-local-cmupdate -ko-build-local-cmupdate: test +ko-build-local-cmupdate: test ko build --local --push=false -B ./cmd/cmupdate -t ${LATEST_TAG} --platform linux/${ARCH} .PHONY: kind-load-cmupdate-image @@ -144,7 +144,7 @@ kind-load-cmupdate-image: .PHONY: ko-build-push-cmupdate ko-build-push-cmupdate: test ## Build and push container image with ko - KO_DOCKER_REPO=${CONTAINER_REGISTRY} ko build -B ./cmd/cmupdate -t ${LATEST_TAG},latest --platform linux/amd64,linux/arm64 + KO_DOCKER_REPO=${CONTAINER_REGISTRY} ko build -B ./cmd/cmupdate -t ${LATEST_TAG},latest --platform linux/amd64,linux/arm64 # PLATFORMS defines the target platforms for the manager image be build to provide support to multiple # architectures. (i.e. make docker-buildx IMG=myregistry/mypoperator:0.0.1). To use this option you need to: @@ -192,7 +192,8 @@ chart: manifests kustomize $(KUSTOMIZE) build config/default > chart/templates/operator.yaml @cat config/samples/postcreate-hooks/openshift-crds.yaml > /tmp/hooks.yaml @kubectl create secret generic postcreate-hooks --from-file=/tmp/hooks.yaml --dry-run=client --output=yaml > chart/templates/builtin-hooks.yaml - + @mkdir -p chart/crds + @cp config/crd/bases/*.yaml chart/crds/ ##@ Build Dependencies diff --git a/chart/crds/tenancy.kflex.kubestellar.org_controlplanes.yaml b/chart/crds/tenancy.kflex.kubestellar.org_controlplanes.yaml new file mode 100644 index 0000000..8b6efb9 --- /dev/null +++ b/chart/crds/tenancy.kflex.kubestellar.org_controlplanes.yaml @@ -0,0 +1,141 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: controlplanes.tenancy.kflex.kubestellar.org +spec: + group: tenancy.kflex.kubestellar.org + names: + kind: ControlPlane + listKind: ControlPlaneList + plural: controlplanes + shortNames: + - cp + - cps + singular: controlplane + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .spec.type + name: TYPE + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: ControlPlane is the Schema for the controlplanes API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ControlPlaneSpec defines the desired state of ControlPlane + properties: + backend: + enum: + - shared + - dedicated + type: string + postCreateHook: + type: string + postCreateHookVars: + additionalProperties: + type: string + type: object + type: + enum: + - k8s + - ocm + - vcluster + - host + type: string + type: object + status: + description: ControlPlaneStatus defines the observed state of ControlPlane + properties: + conditions: + items: + description: ControlPlaneCondition describes the state of a control + plane at a certain point. + properties: + lastTransitionTime: + format: date-time + type: string + lastUpdateTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - lastTransitionTime + - lastUpdateTime + - message + - reason + - status + - type + type: object + type: array + observedGeneration: + format: int64 + type: integer + postCreateHooks: + additionalProperties: + type: boolean + type: object + secretRef: + description: SecretRef contains a referece to the secret containing + the Kubeconfig for the control plane + properties: + inClusterKey: + description: Required + type: string + key: + description: Required + type: string + name: + description: '`name` is the name of the secret. Required' + type: string + namespace: + description: '`namespace` is the namespace of the secret. Required' + type: string + required: + - inClusterKey + - key + - name + - namespace + type: object + required: + - conditions + - observedGeneration + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/chart/crds/tenancy.kflex.kubestellar.org_postcreatehooks.yaml b/chart/crds/tenancy.kflex.kubestellar.org_postcreatehooks.yaml new file mode 100644 index 0000000..5538fa6 --- /dev/null +++ b/chart/crds/tenancy.kflex.kubestellar.org_postcreatehooks.yaml @@ -0,0 +1,126 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: postcreatehooks.tenancy.kflex.kubestellar.org +spec: + group: tenancy.kflex.kubestellar.org + names: + kind: PostCreateHook + listKind: PostCreateHookList + plural: postcreatehooks + shortNames: + - pch + - pchs + singular: postcreatehook + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .spec.type + name: TYPE + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: PostCreateHook is the Schema for the controlplanes API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PostCreateHookSpec defines the desired state of PostCreateHook + properties: + templates: + items: + description: Manifest represents a resource to be deployed + type: object + x-kubernetes-embedded-resource: true + x-kubernetes-preserve-unknown-fields: true + type: array + type: object + status: + description: PostCreateHookStatus defines the observed state of PostCreateHook + properties: + conditions: + items: + description: ControlPlaneCondition describes the state of a control + plane at a certain point. + properties: + lastTransitionTime: + format: date-time + type: string + lastUpdateTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - lastTransitionTime + - lastUpdateTime + - message + - reason + - status + - type + type: object + type: array + observedGeneration: + format: int64 + type: integer + secretRef: + description: SecretRef contains a referece to the secret containing + the Kubeconfig for the control plane + properties: + inClusterKey: + description: Required + type: string + key: + description: Required + type: string + name: + description: '`name` is the name of the secret. Required' + type: string + namespace: + description: '`namespace` is the namespace of the secret. Required' + type: string + required: + - inClusterKey + - key + - name + - namespace + type: object + required: + - conditions + - observedGeneration + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/chart/templates/controlplanes.yaml b/chart/templates/controlplanes.yaml new file mode 100644 index 0000000..2768105 --- /dev/null +++ b/chart/templates/controlplanes.yaml @@ -0,0 +1,17 @@ +{{- range $name, $opt := .Values.cp }} +--- +apiVersion: tenancy.kflex.kubestellar.org/v1alpha1 +kind: ControlPlane +metadata: + name: {{ $name }} +spec: + backend: shared + {{- if $opt }} + type: {{ $opt.type | default "k8s" }} + {{- if $opt.pch }} + postCreateHook: {{ $opt.pch }} + {{- end }} + {{- else }} + type: "k8s" + {{- end }} +{{- end }} diff --git a/chart/templates/operator.yaml b/chart/templates/operator.yaml index c104299..edc5958 100644 --- a/chart/templates/operator.yaml +++ b/chart/templates/operator.yaml @@ -1,270 +1,3 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null - name: controlplanes.tenancy.kflex.kubestellar.org -spec: - group: tenancy.kflex.kubestellar.org - names: - kind: ControlPlane - listKind: ControlPlaneList - plural: controlplanes - shortNames: - - cp - - cps - singular: controlplane - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Synced')].status - name: SYNCED - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: READY - type: string - - jsonPath: .spec.type - name: TYPE - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: ControlPlane is the Schema for the controlplanes API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ControlPlaneSpec defines the desired state of ControlPlane - properties: - backend: - enum: - - shared - - dedicated - type: string - postCreateHook: - type: string - postCreateHookVars: - additionalProperties: - type: string - type: object - type: - enum: - - k8s - - ocm - - vcluster - - host - type: string - type: object - status: - description: ControlPlaneStatus defines the observed state of ControlPlane - properties: - conditions: - items: - description: ControlPlaneCondition describes the state of a control - plane at a certain point. - properties: - lastTransitionTime: - format: date-time - type: string - lastUpdateTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - lastTransitionTime - - lastUpdateTime - - message - - reason - - status - - type - type: object - type: array - observedGeneration: - format: int64 - type: integer - postCreateHooks: - additionalProperties: - type: boolean - type: object - secretRef: - description: SecretRef contains a referece to the secret containing - the Kubeconfig for the control plane - properties: - inClusterKey: - description: Required - type: string - key: - description: Required - type: string - name: - description: '`name` is the name of the secret. Required' - type: string - namespace: - description: '`namespace` is the namespace of the secret. Required' - type: string - required: - - inClusterKey - - key - - name - - namespace - type: object - required: - - conditions - - observedGeneration - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null - name: postcreatehooks.tenancy.kflex.kubestellar.org -spec: - group: tenancy.kflex.kubestellar.org - names: - kind: PostCreateHook - listKind: PostCreateHookList - plural: postcreatehooks - shortNames: - - pch - - pchs - singular: postcreatehook - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Synced')].status - name: SYNCED - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: READY - type: string - - jsonPath: .spec.type - name: TYPE - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: PostCreateHook is the Schema for the controlplanes API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PostCreateHookSpec defines the desired state of PostCreateHook - properties: - templates: - items: - description: Manifest represents a resource to be deployed - type: object - x-kubernetes-embedded-resource: true - x-kubernetes-preserve-unknown-fields: true - type: array - type: object - status: - description: PostCreateHookStatus defines the observed state of PostCreateHook - properties: - conditions: - items: - description: ControlPlaneCondition describes the state of a control - plane at a certain point. - properties: - lastTransitionTime: - format: date-time - type: string - lastUpdateTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - lastTransitionTime - - lastUpdateTime - - message - - reason - - status - - type - type: object - type: array - observedGeneration: - format: int64 - type: integer - secretRef: - description: SecretRef contains a referece to the secret containing - the Kubeconfig for the control plane - properties: - inClusterKey: - description: Required - type: string - key: - description: Required - type: string - name: - description: '`name` is the name of the secret. Required' - type: string - namespace: - description: '`namespace` is the namespace of the secret. Required' - type: string - required: - - inClusterKey - - key - - name - - namespace - type: object - required: - - conditions - - observedGeneration - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- apiVersion: v1 kind: ServiceAccount metadata: diff --git a/chart/templates/pch/kubestellar.yaml b/chart/templates/pch/kubestellar.yaml new file mode 100644 index 0000000..a0239b2 --- /dev/null +++ b/chart/templates/pch/kubestellar.yaml @@ -0,0 +1,197 @@ +{{- if and .Values.pch .Values.pch.kubestellar }} +--- +apiVersion: tenancy.kflex.kubestellar.org/v1alpha1 +kind: PostCreateHook +metadata: + name: kubestellar + labels: + kflex.kubestellar.io/cptype: wds +spec: + templates: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: "{{"{{.Namespace}}-{{.HookName}}"}}" + rules: + - nonResourceURLs: + - /metrics + verbs: + - get + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - patch + - update + - apiGroups: + - tenancy.kflex.kubestellar.org + resources: + - controlplanes + verbs: + - get + - list + - watch + - apiGroups: + - tenancy.kflex.kubestellar.org + resources: + - controlplanes/status + verbs: + - get + - patch + - update + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - get + - list + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: "{{"{{.Namespace}}-{{.HookName}}"}}" + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: "{{"{{.Namespace}}-{{.HookName}}"}}" + subjects: + - kind: ServiceAccount + name: default + namespace: "{{"{{.Namespace}}"}}" + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: "{{"{{.HookName}}"}}" + rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + - secrets + - services + verbs: + - create + - patch + - update + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - create + - apiGroups: + - "" + resources: + - services + verbs: + - get + - apiGroups: + - apps + resources: + - deployments + verbs: + - get + - create + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - create + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: "{{"{{.HookName}}"}}" + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: "{{"{{.HookName}}"}}" + subjects: + - kind: ServiceAccount + name: default + namespace: "{{"{{.Namespace}}"}}" + - apiVersion: batch/v1 + kind: Job + metadata: + name: "{{"{{.HookName}}"}}" + spec: + template: + spec: + containers: + - name: "{{"{{.HookName}}"}}" + image: quay.io/kubestellar/helm:3.14.0 + imagePullPolicy: IfNotPresent + args: + - upgrade + - --install + - -n + - "{{"{{.Namespace}}"}}" + - kubestellar + - oci://ghcr.io/kubestellar/kubestellar/kubestellar-operator-chart + - --version + - {{.Values.pch.kubestellar.version}} + - --set + - "ControlPlaneName={{.ControlPlaneName}}" + env: + - name: XDG_CACHE_HOME + value: /tmp/helm/.cache + restartPolicy: Never + backoffLimit: 1 +{{- end }} diff --git a/chart/templates/pch/ocm-with-status.yaml b/chart/templates/pch/ocm-with-status.yaml new file mode 100644 index 0000000..2eb1c1b --- /dev/null +++ b/chart/templates/pch/ocm-with-status.yaml @@ -0,0 +1,91 @@ +{{- if and .Values.pch .Values.pch.statusaddon }} +--- +apiVersion: tenancy.kflex.kubestellar.org/v1alpha1 +kind: PostCreateHook +metadata: + name: ocm-with-statusaddon + labels: + kflex.kubestellar.io/cptype: imbs +spec: + templates: + - apiVersion: batch/v1 + kind: Job + metadata: + name: "{{"{{.HookName}}"}}" + spec: + template: + spec: + containers: + - name: "{{"{{.HookName}}"}}" + image: quay.io/kubestellar/clusteradm:{{.Values.pch.ocm.version}} + args: + - init + env: + - name: KUBECONFIG + value: "/etc/kube/config-incluster" + volumeMounts: + - name: kubeconfig + mountPath: "/etc/kube" + readOnly: true + volumes: + - name: kubeconfig + secret: + secretName: vc-vcluster + restartPolicy: Never + backoffLimit: 1 + - apiVersion: batch/v1 + kind: Job + metadata: + name: "{{"{{.HookName}}"}}-statusaddon" + spec: + template: + spec: + initContainers: + - name: "{{"{{.HookName}}"}}-init" + image: quay.io/kubestellar/kubectl:1.27.8 + command: ['sh', '-c'] + args: + - | + echo -n "Waiting for managedclusteraddons resource" + while [ "$(kubectl api-resources | grep managedclusteraddons 2> /dev/null)" == "" ] ; do + echo -n "." + sleep 1 + done + echo -e "\033[0;32m\xE2\x9C\x94\033[0m" + env: + - name: KUBECONFIG + value: "/etc/kube/config-incluster" + volumeMounts: + - name: kubeconfig + mountPath: "/etc/kube" + readOnly: true + containers: + - name: "{{"{{.HookName}}"}}-statusaddon" + image: quay.io/kubestellar/helm:3.14.0 + args: + - upgrade + - --install + - status-addon + - oci://ghcr.io/kubestellar/ocm-status-addon-chart + - --version + - {{.Values.pch.statusaddon.version}} + - --namespace + - open-cluster-management + env: + - name: HELM_CONFIG_HOME + value: "/tmp" + - name: HELM_CACHE_HOME + value: "/tmp" + - name: KUBECONFIG + value: "/etc/kube/config-incluster" + volumeMounts: + - name: kubeconfig + mountPath: "/etc/kube" + readOnly: true + volumes: + - name: kubeconfig + secret: + secretName: vc-vcluster + restartPolicy: Never + backoffLimit: 1 +{{- end }} diff --git a/chart/templates/pch/ocm.yaml b/chart/templates/pch/ocm.yaml new file mode 100644 index 0000000..e5e3c6d --- /dev/null +++ b/chart/templates/pch/ocm.yaml @@ -0,0 +1,36 @@ +{{- if and .Values.pch .Values.pch.ocm }} +--- +apiVersion: tenancy.kflex.kubestellar.org/v1alpha1 +kind: PostCreateHook +metadata: + name: ocm + labels: + kflex.kubestellar.io/cptype: imbs +spec: + templates: + - apiVersion: batch/v1 + kind: Job + metadata: + name: "{{"{{.HookName}}"}}" + spec: + template: + spec: + containers: + - name: "{{"{{.HookName}}"}}" + image: quay.io/kubestellar/clusteradm:{{.Values.pch.ocm.version}} + args: + - init + env: + - name: KUBECONFIG + value: "/etc/kube/config-incluster" + volumeMounts: + - name: kubeconfig + mountPath: "/etc/kube" + readOnly: true + volumes: + - name: kubeconfig + secret: + secretName: vc-vcluster + restartPolicy: Never + backoffLimit: 1 +{{- end }} diff --git a/chart/templates/postgresql-hooks.yaml b/chart/templates/postgresql.yaml similarity index 100% rename from chart/templates/postgresql-hooks.yaml rename to chart/templates/postgresql.yaml diff --git a/chart/values.yaml b/chart/values.yaml index 64f48cc..4bd8852 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -5,4 +5,27 @@ domain: localtest.me externalPort: "9443" isOpenShift: "false" -installPostgreSQL: true \ No newline at end of file + +# Enable/disable the automatic installation of the PostgreSQL dependency +installPostgreSQL: true + +# List the Post Create Hooks to be installed +# Note: hooks must be installed before they can be used by the Control Planes +# pch: +# kubestellar: +# version: "0.20.0-alpha.1" +# ocm: +# version: "0.7.2" +# statusaddon: +# version: "v0.2.0-rc2" + +# List the Control Planes to be created +# Note: hooks must be installed before they can be used by the Control Planes +# cp: +# # Create a KubeStellar IMBS1 control plane +# imbs1: +# type: vcluster +# pch: ocm-with-statusaddon +# # Create a KubeStellar WDS1 control plane +# wds1: +# pch: kubestellar diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index 4b98d04..e930fab 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -15,7 +15,7 @@ namePrefix: kubeflex- # someName: someValue resources: -- ../crd +# - ../crd - ../rbac - ../manager # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in diff --git a/docs/users.md b/docs/users.md index 47d693f..fb244b9 100644 --- a/docs/users.md +++ b/docs/users.md @@ -44,7 +44,7 @@ kflex init --create-kind ## Install KubeFlex on an existing cluster -You can install KubeFlex on an existing cluster with nginx ingress configured for SSL passthru, +You can install KubeFlex on an existing cluster with nginx ingress configured for SSL passthru and port 9443, or on a OpenShift cluster. At this time, we have only tested this option with Kind and OpenShift. ### Installing on kind @@ -56,8 +56,15 @@ Once you have your ingress running, you will need to configure nginx ingress for kubectl edit deployment ingress-nginx-controller -n ingress-nginx ``` -and add `--enable-ssl-passthrough` to the list of args for the container named `controller`. Then you can -run the command to install KubeFlex: +and add `--enable-ssl-passthrough` to the list of args for the container named `controller`. + +Alternatively, you can create a kind cluster suitable for KubeFlex using the following script: + +```shell +curl -sL https://raw.githubusercontent.com/kubestellar/kubeflex/main/scripts/create-kind-cluster.sh | bash +``` + +Then you can run the command to install KubeFlex: ```shell kflex init @@ -106,6 +113,68 @@ helm upgrade --install kubeflex-operator oci://ghcr.io/kubestellar/kubeflex/char --set isOpenShift=true ``` +## Creating Control Planes during helm installation + +KubeFlex helm chart allows a user to automatically create multiple Control Planes during installation. This can be achieved by providing a custom `values.yaml` file or by using additional `--set` arguments on the command line shown in the previous sections. + +The syntax for creating a Custom Control plane is: + +```yaml +cp: + : + type: # [host|k8s|vcluster|ocm] + pch: # [kubestellar|ocm|ocm-with-status] +``` + +Additinal examples of Control Planes are shown as comments inside the [`values.yaml`](#../chart/values.yaml). + +It should also be noted that, if optional Post Create Hooks (PCH) are used by the Control Plane (CP), they should also be defined in the `pch` section, as shown in the following example, where one must specify the desired version of the hook: + +```yaml +pch: + kubestellar: + version: "0.20.0-alpha.1" + ocm: + version: "0.7.2" + statusaddon: + version: "v0.2.0-rc2" +``` + +When creating Control Planes with the helm chart, their kubeconfigs can be obtained from secrets as follows. + +For Control Planes of type `k8s` and name `my-cp1`: + +```shell +export CP_NAME="my-cp1" +echo -n Waiting for secret... +while ! kubectl get secret admin-kubeconfig -n $CP_NAME-system &> /dev/null ; do + echo -n . +done +echo "" +kubectl get secret admin-kubeconfig -n $CP_NAME-system -o jsonpath='{.data.kubeconfig}' | base64 -d > $CP_NAME-kubeconfig +``` + +For Control Planes of type `vcluster` and name `my-cp2`: + +```shell +export CP_NAME="my-cp2" +echo -n Waiting for secret... +while ! kubectl get secret vc-vcluster -n $CP_NAME-system &> /dev/null; do + echo -n . +done +echo "" +kubectl get secret vc-vcluster -n $CP_NAME-system -o jsonpath='{.data.config}' | base64 -d > $CP_NAME-kubeconfig +sed -i "s/my-vcluster/$CP_NAME/g" $CP_NAME-kubeconfig +``` + +Furthermore, kubeconfigs corresponding to multiple Control Planes could be merged into a single kubeconfig as different contexts following the example below for `my-cp1` and `my-cp2`: + +```shell +cp ~/.kube/config ~/.kube/config.bak +KUBECONFIG=~/.kube/config:my-cp1-kubeconfig:my-cp1-kubeconfig kubect config view --flatten > /tmp/config +cp /tmp/config ~/.kube/config +``` + ## Upgrading Kubeflex The KubeFlex CLI can be upgraded with `brew upgrade kubeflex` (for brew installs). For linux @@ -562,6 +631,8 @@ To propagate labels, simply set the labels on the PostCreateHook as shown in the *hello* hook. The labels are then automatically propagated to any newly created control plane where the hook is applied. +If the hook is being delivered using a helm chart, then the hook variables should be escaped, such as `{{"{{.HookName}}"}}`, to prevent helm template expansion. + ### Using the hooks Once you define a new hook, you can just apply it in the KubeFlex hosting cluster: @@ -615,7 +686,7 @@ Currently avilable built-in objects are: ### User-Provided objects In addition to the built-in objects, you can specify your own objects -to inject arbitrary values in the template. These objects are specified using +to inject arbitrary values in the template. These objects are specified using helm-like syntax as well: ```yaml @@ -653,6 +724,8 @@ example: kflex create cp1 -p hello --set version=0.1.0 --set message=hello ``` +If a custom hook variable, `my-var`, is used in a Post Create Hook as `{{.my-var}}` but it is not set in either the Control Plain custom resource definition or by `kflex --set` command, then its value will be set to ``. + ## Initial Context The KubeFlex CLI (kflex) relies on the extensions field in the kubeconfig diff --git a/scripts/create-kind-cluster.sh b/scripts/create-kind-cluster.sh new file mode 100644 index 0000000..5819623 --- /dev/null +++ b/scripts/create-kind-cluster.sh @@ -0,0 +1,49 @@ +#!/usr/bin/env bash + +# Copyright 2023 The KubeStellar Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +echo Creating a Kind cluster with 9443 port mapping... + +kind create cluster --name kubeflex --config - < Date: Tue, 12 Mar 2024 17:53:57 -0400 Subject: [PATCH 2/2] Change nginx patch url Signed-off-by: francostellari Change nginx patch url Signed-off-by: francostellari --- scripts/create-kind-cluster.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/create-kind-cluster.sh b/scripts/create-kind-cluster.sh index 5819623..1f5a1d1 100644 --- a/scripts/create-kind-cluster.sh +++ b/scripts/create-kind-cluster.sh @@ -33,9 +33,9 @@ nodes: protocol: TCP EOF -echo Patching nginx ingress with SSL passthrough... +echo Creating an nginx ingress with SSL passthrough... -kubectl create -f https://raw.githubusercontent.com/kubestellar/kubestellar/main/example/kind-nginx-ingress-with-SSL-passthrough.yaml +kubectl create -f https://raw.githubusercontent.com/kubestellar/kubestellar/v0.14.0/example/kind-nginx-ingress-with-SSL-passthrough.yaml echo Waiting for patching to complete...