paulbarfuss/agnosticv-operator

AgnosticV Operator

Table of Contents

• Structure of an agnosticv repo
• Merging strategy
• Installation
  • Create the operator
  • Create agnosticV repos
• Troubleshooting

AgnosticV operator is an implementation of agnosticv running in OpenShift / k8s. In short, AgnosticV is vars for the deployer agnosticD.

This is the operator that takes care of updating the Catalog in OpenShift, based on several agnosticV repos.

The output of the operator, the final catalog, is composed of OpenShift resources:

• OpenShift Templates

• AnarchyGovernors

See also the Babylon Project.

Structure of an agnosticv repo

common.yaml

ACCOUNT/
    account.yaml

   CATALOGITEM1/
         common.yaml
         dev.yaml
         test.yaml
         prod.yaml


   CATALOGITEM2/
         common.yaml
         dev.yaml
         test.yaml
         prod.yaml

Example

common.yaml

gpte/
   account.yaml

   OCP4_CLUSTER/
         common.yaml
         dev.yaml
         test.yaml
         prod.yaml


   OCP_CLIENTVM/
         common.yaml
         dev.yaml
         test.yaml
         prod.yaml

In this example above, agnosticv-operator will produce 6 catalog items:

• gpte.ocp4-cluster.dev

• gpte.ocp4-cluster.test

• gpte.ocp4-cluster.prod

• gpte.ocp-clientvm.dev

• gpte.ocp-clientvm.test

• gpte.ocp-clientvm.prod

The files are merged in this order:

1. common.yml

2. ACCOUNT/account.yml

3. ACCOUNT/CATALOG_ITEM/common.yml

4. ACCOUNT/CATALOG_ITEM/STAGE.yml

for example:

1. common.yml

2. gpte/account.yml

3. gpte/OCP4_CLUSTER/common.yml

4. gpte/OCP4_CLUSTER/dev.yml

Merging strategy

The agnosticv-operator uses the default agnosticv implementation: agnosticv CLI written in go.

See the merging strategy here: https://github.com/redhat-cop/agnosticv#merging-strategies

Installation

Create the operator

This Helm chart will take care of most of the things you need:

• serviceaccount/agnosticv-operator

• role.rbac.authorization.k8s.io/agnosticv-operator

• rolebinding.rbac.authorization.k8s.io/agnosticv-operator

• deployment.apps/agnosticv-operator

• clusterrole.authorization.openshift.io/agnosticv-operator

• clusterrolebinding.rbac.authorization.k8s.io/agnosticv-operator-clusterrolebinding

• customresourcedefinition.apiextensions.k8s.io/agnosticvrepos.gpte.redhat.com

• namespaces "agnosticv-operator"

Just run the following:

helm install agnosticv-operator helm/

# or with OpenShift Template
oc process -f https://raw.githubusercontent.com/redhat-gpte-devopsautomation/agnosticv-operator/master/deploy-template.yaml|oc create -f -

Create agnosticV repos

The agnosticv-operator is listening on several agnosticV repos. This is represented by the Custom Resource AgnosticVRepo.

Here is an example for a private github repo.

agnosticv-gpte-private-repo.yaml

apiVersion: gpte.redhat.com/v1
kind: AgnosticVRepo
metadata:
  generation: 1
  name: gpte-agnosticv
  namespace: "agnosticv-operator"
  selfLink: /apis/gpte.redhat.com/v1/namespaces/agnosticv-operator/agnosticvrepos/gpte-agnosticv
spec:
  ref: master
  sshKey: agnosticv-operator-sshkey
  url: git@github.com:redhat-gpe/agnosticv.git
  contextDir: ''
  babylon_anarchy_roles:
  - name: babylon_anarchy_governor
    src: https://github.com/redhat-gpte-devopsautomation/babylon_anarchy_governor.git
    version: main

oc create -f agnosticv-gpte-private-repo.yaml

If you repo is public, then you can use HTTP repo for spec.url and you don’t need the following steps.

Import the SSH private key needed to checkout the private repo

oc create secret generic -n agnosticv-operator agnosticv-operator-sshkey --from-file=id_rsa=/home/ec2-user/.ssh/id_rsa

Troubleshooting

Look at the logs of the operator

[root@clientvm 0 ~]# oc project agnosticv-operator
[root@clientvm 0 ~]# oc get pods
NAME                                  READY   STATUS    RESTARTS   AGE
agnosticv-operator-7d6f867c56-jkwcn   2/2     Running   0          105s
[root@clientvm 0 ~]# oc logs -f agnosticv-operator-7d6f867c56-jkwcn -c ansible