/toolchain-common

CodeReady Toolchain

Primary LanguageGoApache License 2.0Apache-2.0

CodeReady Toolchain

Go Report Card GoDoc Codecov.io

This repo is for controllers, libs, scripts, make files, etc to be shared between host and member operators.

Setting Up and Connecting Host and Member Clusters

In a new terminal, execute the following commands

$ cd $GOPATH/src/github.com/codeready-toolchain/host-operator
$ minishift start --profile host
$ make login-as-admin
$ make create-namespace
$ make deploy-rbac
$ make deploy-crd
$ cd $GOPATH/src/github.com/codeready-toolchain/member-operator
$ minishift start --profile member
$ make login-as-admin
$ make create-namespace
$ make deploy-rbac
$ make deploy-crd
$ make add-member-to-host
$ make add-host-to-member
$ make build
$ make vendor
$ export OPERATOR_NAMESPACE=toolchain-member-operator
$ operator-sdk up local --namespace=toolchain-member-operator --verbose

Now that we are setup, we can add resources and watch the logs on the member-operator! To do so, open a new terminal and run the following commands

$ cd $GOPATH/src/github.com/codeready-toolchain/host-operator
$ minishift profile set host
$ make use-namespace
$ oc apply -f '/path/to/masteruserrecord.yaml'
$ cd $GOPATH/github.com/codeready-toolchain/member-operator
$ minishift profile set member
$ make use-namespace
$ oc apply -f '/path/to/useraccount.yaml'

Example masteruserrecord.yaml:

Note: The targetCluster field must contain the correct member cluster name.

apiVersion: toolchain.dev.openshift.com/v1alpha1
kind: MasterUserRecord
metadata:
  name: example
spec:
  disabled: false
  deprovisioned: false
  userID: 86505192-a386-11e9-ad56-525400ad2b23
  userAccounts:
  - targetCluster: member-192-168-42-61-8443
    syncIndex: 86505a
    spec:
      nsLimit: admin
      userID: 86505192-a386-11e9-ad56-525400ad2b23
      nsTemplateSet:
        tierName: basic
        namespaces:
        - type: ide
          revision: abcdef
        - type: cicd
          revision: abcdef

Example useraccount.yaml:

apiVersion: toolchain.dev.openshift.com/v1alpha1
kind: UserAccount
metadata:
  name: example
spec:
  userID: 86505192-a386-11e9-ad56-525400ad2b23
  disabled: false
  nsLimit: admin
  nsTemplateSet:
    tierName: basic
    namespaces:
    - type: ide
      revision: abcdef
    - type: cicd
      revision: abcdef

Configuring developers.redhat.com Authentication in OpenShift 4 Cluster

Create a secret with Identity Provider credentials:

$ oc apply -f deploy/idp_secret.yaml

Create an Identity Provider:

$ oc apply -f deploy/idp.yaml

Creating User

Create a user, identity and user identity mapping:

$ oc apply -f deploy/user.yaml

Scripts

add-cluster.sh

The CodeReady Toolchain architecture contains two types of clusters host and member. To connect these two clusters together it is necessary to run a script scripts/add-cluster.sh that takes multiple flags like, --type, --member-ns, --host-ns, --single-cluster. However you can see all these options by using ./scripts/add-cluster.sh -h

host and member clusters using host and member profiles on minishift

Make sure that you have started minishift as different profiles. You can use following commands for it.

  • minishift start --profile host

  • minishift start --profile member

Once you have minishift running with above profiles, you can ./add-clusters.sh script with required flags.

Assumption: This script assumes that you have host and member operators running on host and member clusters(in our case clusters are different profiles) in respective namespace with all requires resources like Service Account, (Cluster)Role, (Cluste)RoleBinding, Custom Resource Definition.

Scenario 1: Add Member to Host

./scripts/add-cluster.sh -t member

or

make add-member-to-host

Steps included:

  1. goes to the cluster with member profile i.e. member cluster

  2. takes a secret of the SA (from the member)

  3. takes API endpoint and cluster name of the member cluster from Kube config

  4. goes to host profile

  5. takes cluster name of the host cluster from Kube config

  6. creates a secret with the SA token taken from the member

  7. creates KubeFedCluster CR representing the added member

Note: We have make target available for this i.e. make add-member-to-host in member-operator, host-operator repository

Scenario 2: Add Host to Member

./scripts/add-cluster.sh -t host

or

make add-host-to-member

Steps included:

  1. goes to the cluster with host profile i.e. host cluster

  2. takes a secret of the SA (from the host)

  3. takes API endpoint and cluster name of the host cluster from Kube config

  4. goes to member profile

  5. takes cluster name of the member cluster from Kube config

  6. creates a secret with the SA token taken from the host

  7. creates KubeFedCluster CR representing the added host

Note: We have make target available for this i.e. make add-host-to-member member-operator, host-operator repository

Using a single cluster for both operators host and member

Make sure that you have started minishift. You can use following commands for it.

  • minishift start

Once you have minishift or any openshift cluster running and logged in as admin, you can run ./scripts/add-clusters.sh script with required flags.

Assumption: This script assumes that you have host and member operators running on minishift or any other Openshift cluster in respective namespace with all requires resources like Service Account, (Cluster)Role, (Cluster)RoleBinding, Custom Resource Definition. Scenario 1: Add Member to Host

./scripts/add-cluster.sh -t member -s

Steps included:

  1. takes a secret of the SA (from the toolchain-member-operator namespace)

  2. takes API endpoint and cluster name of the member cluster from Kube config

  3. takes cluster name of the host cluster from Kube config

  4. creates a secret in toolchain-host-operator namespace with the SA token taken from the toolchain-member-operator ns

  5. creates KubeFedCluster in toolchain-host-operator namespace CR representing the added member

Scenario 2: Add Host to Member

./scripts/add-cluster.sh -t host -s

Steps included:

  1. takes a secret of the SA (from the toolchain-host-operator)

  2. takes API endpoint and cluster name of the host cluster from Kube config

  3. takes cluster name of the member cluster from Kube config

  4. creates a secret in toolchain-member-operator namespace with the SA token taken from the toolchain-host-operator ns

  5. creates KubeFedCluster in toolchain-member-operator namespace CR representing the added host

overwriting default namespaces for member-operator and host-operator

If you are running member-operator and host-operator in different namespaces other than default (i.e. not in toolchain-member-operator or toolchain-host-operator), you can do it passing -mn or -hs flags

./scripts/add-cluster.sh --type host --member-ns member-operator-0xdf4 --host-ns host-operator-hj6d7 --single-cluster

While overwriting default namespaces, please do remember to provide member and host namespace. If you are trying to overwrite with single namespace, it’s not supported at this point.