-
Notifications
You must be signed in to change notification settings - Fork 40
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This commit adds an operator responsible for managing a deployment/pod in charge of evacuating faulty compute nodes. This operator reacts to changes of: - configmap containing the InstanceHA configuration file - configmap containing the OpenStack clouds.yaml - secret containing the OpenStack admin user password - secret containing the certificate authority bundle certificate This operator allows running multiple copies (enforcing replica=1) of the InstanceHA service, each with its own configuration file and spec variables, potentially allowing it to be deployed in a multi-cloud/multi-region environment. The InstanceHA service can be deployed by: Creating a secret (for example fencing-secret-0) containing something like the following, replacing the value of the uuid key: --- apiVersion: v1 kind: Secret metadata: name: fencing-secret-0 stringData: fencing.yaml: | FencingConfig: compute-0: agent: redfish ipaddr: 192.168.111.9 ipport: 8000 login: admin passwd: password uuid: REPLACEME-0 compute-1: agent: ipmi ipaddr: 192.168.111.10 ipport: 8001 login: admin passwd: password Applying a yaml like the provided example under config/samples: apiVersion: instanceha.openstack.org/v1beta1 kind: InstanceHA metadata: name: instanceha-0 spec: caBundleSecretName: combined-ca-bundle fencingSecret: fencing-secret-0 #networkAttachments: ['internalapi'] #openStackCloud: "default" #openStackConfigMap: "openstack-config" #openStackConfigSecret: "openstack-config-secret" #instanceHAConfigMap: "instanceha-config-0" #instanceHAKdumpPort: "7410" Spec parameters commented out are optional. The operator will create: - configmap "instanceha-0-sh" containing a copy of templates/instanceha/bin/instanceha.py - configmap "instanceha-0-config" containing a copy of templates/instanceha/config/config.yaml - deployment "instanceha-0" - replicaset "instanceha-0-XXX" - pod "instanceha-0-XXX-YYY"
- Loading branch information
Showing
29 changed files
with
2,975 additions
and
188 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,173 @@ | ||
--- | ||
apiVersion: apiextensions.k8s.io/v1 | ||
kind: CustomResourceDefinition | ||
metadata: | ||
annotations: | ||
controller-gen.kubebuilder.io/version: v0.11.1 | ||
creationTimestamp: null | ||
name: instancehas.instanceha.openstack.org | ||
spec: | ||
group: instanceha.openstack.org | ||
names: | ||
kind: InstanceHA | ||
listKind: InstanceHAList | ||
plural: instancehas | ||
singular: instanceha | ||
scope: Namespaced | ||
versions: | ||
- additionalPrinterColumns: | ||
- description: Status | ||
jsonPath: .status.conditions[0].status | ||
name: Status | ||
type: string | ||
- description: Message | ||
jsonPath: .status.conditions[0].message | ||
name: Message | ||
type: string | ||
name: v1beta1 | ||
schema: | ||
openAPIV3Schema: | ||
description: InstanceHA is the Schema for the instancehas API | ||
properties: | ||
apiVersion: | ||
description: 'APIVersion defines the versioned schema of this representation | ||
of an object. Servers should convert recognized schemas to the latest | ||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | ||
type: string | ||
kind: | ||
description: 'Kind is a string value representing the REST resource this | ||
object represents. Servers may infer this from the endpoint the client | ||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | ||
type: string | ||
metadata: | ||
type: object | ||
spec: | ||
description: InstanceHASpec defines the desired state of InstanceHA | ||
properties: | ||
caBundleSecretName: | ||
description: CaBundleSecretName - holding the CA certs in a pre-created | ||
bundle file | ||
type: string | ||
containerImage: | ||
default: quay.io/podified-antelope-centos9/openstack-openstackclient:current-podified | ||
description: ContainerImage for the the InstanceHA container (will | ||
be set to environmental default if empty) | ||
type: string | ||
fencingSecret: | ||
default: fencing-secret | ||
description: FencingSecret is the name of the Secret containing the | ||
fencing details | ||
type: string | ||
instanceHAConfigMap: | ||
default: instanceha-config | ||
description: InstanceHAConfigMap is the name of the ConfigMap containing | ||
the InstanceHA config file | ||
type: string | ||
instanceHAKdumpPort: | ||
default: 7410 | ||
format: int32 | ||
type: integer | ||
networkAttachments: | ||
description: NetworkAttachments is a list of NetworkAttachment resource | ||
names to expose the services to the given network | ||
items: | ||
type: string | ||
type: array | ||
nodeSelector: | ||
additionalProperties: | ||
type: string | ||
description: NodeSelector to target subset of worker nodes running | ||
control plane services (currently only applies to KeystoneAPI and | ||
PlacementAPI) | ||
type: object | ||
openStackCloud: | ||
default: default | ||
description: OpenStackClould is the name of the Cloud to use as per | ||
clouds.yaml (will be set to "default" if empty) | ||
type: string | ||
openStackConfigMap: | ||
default: openstack-config | ||
description: OpenStackConfigMap is the name of the ConfigMap containing | ||
the clouds.yaml | ||
type: string | ||
openStackConfigSecret: | ||
default: openstack-config-secret | ||
description: OpenStackConfigSecret is the name of the Secret containing | ||
the secure.yaml | ||
type: string | ||
required: | ||
- containerImage | ||
- fencingSecret | ||
- instanceHAConfigMap | ||
- instanceHAKdumpPort | ||
- openStackCloud | ||
- openStackConfigMap | ||
- openStackConfigSecret | ||
type: object | ||
status: | ||
description: InstanceHAStatus defines the observed state of InstanceHA | ||
properties: | ||
conditions: | ||
description: Conditions | ||
items: | ||
description: Condition defines an observation of a API resource | ||
operational state. | ||
properties: | ||
lastTransitionTime: | ||
description: Last time the condition transitioned from one status | ||
to another. This should be when the underlying condition changed. | ||
If that is not known, then using the time when the API field | ||
changed is acceptable. | ||
format: date-time | ||
type: string | ||
message: | ||
description: A human readable message indicating details about | ||
the transition. | ||
type: string | ||
reason: | ||
description: The reason for the condition's last transition | ||
in CamelCase. | ||
type: string | ||
severity: | ||
description: Severity provides a classification of Reason code, | ||
so the current situation is immediately understandable and | ||
could act accordingly. It is meant for situations where Status=False | ||
and it should be indicated if it is just informational, warning | ||
(next reconciliation might fix it) or an error (e.g. DB create | ||
issue and no actions to automatically resolve the issue can/should | ||
be done). For conditions where Status=Unknown or Status=True | ||
the Severity should be SeverityNone. | ||
type: string | ||
status: | ||
description: Status of the condition, one of True, False, Unknown. | ||
type: string | ||
type: | ||
description: Type of condition in CamelCase. | ||
type: string | ||
required: | ||
- lastTransitionTime | ||
- status | ||
- type | ||
type: object | ||
type: array | ||
networkAttachments: | ||
additionalProperties: | ||
items: | ||
type: string | ||
type: array | ||
description: NetworkAttachments status of the deployment pods | ||
type: object | ||
observedGeneration: | ||
description: ObservedGeneration - the most recent generation observed | ||
for this object. | ||
format: int64 | ||
type: integer | ||
podName: | ||
description: PodName | ||
type: string | ||
type: object | ||
type: object | ||
served: true | ||
storage: true | ||
subresources: | ||
status: {} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.