Skip to content

Commit

Permalink
Add InstanceHA Operator
Browse files Browse the repository at this point in the history
This commit adds an operator responsible for managing a deployment/pod
in charge of evacuating faulty compute nodes.

This operator reacts to changes of:

- configmap containing the InstanceHA configuration file
- configmap containing the OpenStack clouds.yaml
- secret containing the OpenStack admin user password
- secret containing the certificate authority bundle certificate

This operator allows running multiple copies (enforcing replica=1) of the InstanceHA service,
 each with its own configuration file and spec variables,
potentially allowing it to be deployed in a multi-cloud/multi-region environment.

The InstanceHA service can be deployed by:

Creating a secret (for example fencing-secret-0) containing something like the following,
replacing the value of the uuid key:

---
apiVersion: v1
kind: Secret
metadata:
  name: fencing-secret-0
stringData:
  fencing.yaml: |
    FencingConfig:
      compute-0:
        agent: redfish
        ipaddr: 192.168.111.9
        ipport: 8000
        login: admin
        passwd: password
        uuid: REPLACEME-0
      compute-1:
        agent: ipmi
        ipaddr: 192.168.111.10
        ipport: 8001
        login: admin
        passwd: password

Applying a yaml like the provided example under config/samples:

apiVersion: instanceha.openstack.org/v1beta1
kind: InstanceHA
metadata:
  name: instanceha-0
spec:
  caBundleSecretName: combined-ca-bundle
  fencingSecret: fencing-secret-0
  #networkAttachments: ['internalapi']
  #openStackCloud: "default"
  #openStackConfigMap: "openstack-config"
  #openStackConfigSecret: "openstack-config-secret"
  #instanceHAConfigMap: "instanceha-config-0"
  #instanceHAKdumpPort: "7410"

Spec parameters commented out are optional.

The operator will create:

- configmap "instanceha-0-sh" containing a copy of templates/instanceha/bin/instanceha.py
- configmap "instanceha-0-config" containing a copy of templates/instanceha/config/config.yaml
- deployment "instanceha-0"
- replicaset "instanceha-0-XXX"
- pod "instanceha-0-XXX-YYY"
  • Loading branch information
lmiccini committed Jul 16, 2024
1 parent 6191389 commit c539baa
Show file tree
Hide file tree
Showing 29 changed files with 2,975 additions and 188 deletions.
13 changes: 13 additions & 0 deletions PROJECT
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,19 @@ resources:
defaulting: true
validation: true
webhookVersion: v1
- api:
crdVersion: v1
namespaced: true
controller: true
domain: openstack.org
group: instanceha
kind: InstanceHA
path: github.com/openstack-k8s-operators/infra-operator/apis/instanceha/v1beta1
version: v1beta1
webhooks:
defaulting: true
validation: true
webhookVersion: v1
- api:
crdVersion: v1
namespaced: true
Expand Down
173 changes: 173 additions & 0 deletions apis/bases/instanceha.openstack.org_instancehas.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,173 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: instancehas.instanceha.openstack.org
spec:
group: instanceha.openstack.org
names:
kind: InstanceHA
listKind: InstanceHAList
plural: instancehas
singular: instanceha
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Status
jsonPath: .status.conditions[0].status
name: Status
type: string
- description: Message
jsonPath: .status.conditions[0].message
name: Message
type: string
name: v1beta1
schema:
openAPIV3Schema:
description: InstanceHA is the Schema for the instancehas API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: InstanceHASpec defines the desired state of InstanceHA
properties:
caBundleSecretName:
description: CaBundleSecretName - holding the CA certs in a pre-created
bundle file
type: string
containerImage:
default: quay.io/podified-antelope-centos9/openstack-openstackclient:current-podified
description: ContainerImage for the the InstanceHA container (will
be set to environmental default if empty)
type: string
fencingSecret:
default: fencing-secret
description: FencingSecret is the name of the Secret containing the
fencing details
type: string
instanceHAConfigMap:
default: instanceha-config
description: InstanceHAConfigMap is the name of the ConfigMap containing
the InstanceHA config file
type: string
instanceHAKdumpPort:
default: 7410
format: int32
type: integer
networkAttachments:
description: NetworkAttachments is a list of NetworkAttachment resource
names to expose the services to the given network
items:
type: string
type: array
nodeSelector:
additionalProperties:
type: string
description: NodeSelector to target subset of worker nodes running
control plane services (currently only applies to KeystoneAPI and
PlacementAPI)
type: object
openStackCloud:
default: default
description: OpenStackClould is the name of the Cloud to use as per
clouds.yaml (will be set to "default" if empty)
type: string
openStackConfigMap:
default: openstack-config
description: OpenStackConfigMap is the name of the ConfigMap containing
the clouds.yaml
type: string
openStackConfigSecret:
default: openstack-config-secret
description: OpenStackConfigSecret is the name of the Secret containing
the secure.yaml
type: string
required:
- containerImage
- fencingSecret
- instanceHAConfigMap
- instanceHAKdumpPort
- openStackCloud
- openStackConfigMap
- openStackConfigSecret
type: object
status:
description: InstanceHAStatus defines the observed state of InstanceHA
properties:
conditions:
description: Conditions
items:
description: Condition defines an observation of a API resource
operational state.
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status
to another. This should be when the underlying condition changed.
If that is not known, then using the time when the API field
changed is acceptable.
format: date-time
type: string
message:
description: A human readable message indicating details about
the transition.
type: string
reason:
description: The reason for the condition's last transition
in CamelCase.
type: string
severity:
description: Severity provides a classification of Reason code,
so the current situation is immediately understandable and
could act accordingly. It is meant for situations where Status=False
and it should be indicated if it is just informational, warning
(next reconciliation might fix it) or an error (e.g. DB create
issue and no actions to automatically resolve the issue can/should
be done). For conditions where Status=Unknown or Status=True
the Severity should be SeverityNone.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of condition in CamelCase.
type: string
required:
- lastTransitionTime
- status
- type
type: object
type: array
networkAttachments:
additionalProperties:
items:
type: string
type: array
description: NetworkAttachments status of the deployment pods
type: object
observedGeneration:
description: ObservedGeneration - the most recent generation observed
for this object.
format: int64
type: integer
podName:
description: PodName
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
33 changes: 16 additions & 17 deletions apis/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -19,13 +19,13 @@ require (
github.com/beorn7/perks v1.0.1 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/emicklei/go-restful/v3 v3.11.0 // indirect
github.com/evanphx/json-patch/v5 v5.6.0 // indirect
github.com/fsnotify/fsnotify v1.6.0 // indirect
github.com/go-logr/zapr v1.2.4 // indirect
github.com/go-openapi/jsonpointer v0.20.0 // indirect
github.com/go-openapi/jsonreference v0.20.2 // indirect
github.com/go-openapi/swag v0.22.4 // indirect
github.com/emicklei/go-restful/v3 v3.11.2 // indirect
github.com/evanphx/json-patch/v5 v5.9.0 // indirect
github.com/fsnotify/fsnotify v1.7.0 // indirect
github.com/go-logr/zapr v1.3.0 // indirect
github.com/go-openapi/jsonpointer v0.20.2 // indirect
github.com/go-openapi/jsonreference v0.20.4 // indirect
github.com/go-openapi/swag v0.22.9 // indirect
github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
Expand All @@ -40,36 +40,35 @@ require (
github.com/json-iterator/go v1.1.12 // indirect
github.com/k8snetworkplumbingwg/network-attachment-definition-client v1.4.0 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/openshift/api v3.9.0+incompatible // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/prometheus/client_golang v1.16.0 // indirect
github.com/prometheus/client_model v0.4.0 // indirect
github.com/prometheus/common v0.44.0 // indirect
github.com/prometheus/procfs v0.10.1 // indirect
github.com/prometheus/client_golang v1.18.0 // indirect
github.com/prometheus/client_model v0.5.0 // indirect
github.com/prometheus/common v0.46.0 // indirect
github.com/prometheus/procfs v0.12.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
go.uber.org/multierr v1.11.0 // indirect
go.uber.org/zap v1.27.0 // indirect
golang.org/x/net v0.25.0 // indirect
golang.org/x/oauth2 v0.8.0 // indirect
golang.org/x/oauth2 v0.16.0 // indirect
golang.org/x/sys v0.20.0 // indirect
golang.org/x/term v0.20.0 // indirect
golang.org/x/text v0.15.0 // indirect
golang.org/x/time v0.3.0 // indirect
golang.org/x/time v0.5.0 // indirect
golang.org/x/tools v0.21.0 // indirect
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/appengine v1.6.8 // indirect
google.golang.org/protobuf v1.33.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/apiextensions-apiserver v0.28.11 // indirect
k8s.io/component-base v0.28.11 // indirect
k8s.io/klog/v2 v2.110.1 // indirect
k8s.io/kube-openapi v0.0.0-20230816210353-14e408962443 // indirect
k8s.io/klog/v2 v2.120.1 // indirect
k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
sigs.k8s.io/yaml v1.4.0 // indirect
Expand Down
Loading

0 comments on commit c539baa

Please sign in to comment.