commit 511a4b0850a1c8f39924571e6146347513580267 Author: vrushalisonwani1 Date: Thu Aug 6 11:56:58 2020 -0400 Hostconfig-operator added to treasuremap repo. Added updated CRD, rbac and deployment YAML files. Added README.md file having details about the parent repo. Depends-On: https://review.opendev.org/749237 Change-Id: Idfb861661c6e9a8bd886a87174067fb58cd888d7 diff --git a/manifests/function/hostconfig-operator/README.md b/manifests/function/hostconfig-operator/README.md new file mode 100644 index 0000000..1a93f30 --- /dev/null +++ b/manifests/function/hostconfig-operator/README.md @@ -0,0 +1,20 @@ +# HostConfig-Operator + +The hostconfig operator is used for performing Day2 configurations +on the kubernetes hosts. It is built on ansible-operator. + +The operator uses HostConfig CR object to select the hosts. +The CR object also contains the required configuration details +that needs to be performed on the selected hosts. The host selection +is done by matching the labels given in the CR object +against the labels associated with the kubernetes hosts. + +## Usage and deployment details + +For more information on usage and deployment of the operator +on a stand alone kubernetes please refer below. + +[Overview and Deployment details](https://opendev.org/airship/hostconfig-operator/src/branch/master/docs/Overview.md) + +HostConfig Repo: +[hostconfig-operator](https://opendev.org/airship/hostconfig-operator) diff --git a/manifests/function/hostconfig-operator/deployment.yaml b/manifests/function/hostconfig-operator/deployment.yaml new file mode 100644 index 0000000..33ff5dd --- /dev/null +++ b/manifests/function/hostconfig-operator/deployment.yaml @@ -0,0 +1,67 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: airship-host-config +spec: + replicas: 1 + selector: + matchLabels: + name: airship-host-config + template: + metadata: + labels: + name: airship-host-config + spec: + serviceAccountName: airship-host-config + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - airship-host-config + topologyKey: "kubernetes.io/hostname" + nodeSelector: + node-type: controlplane + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + containers: + - name: airship-host-config + # Replace this with the latest image name + # built in the hostconfig-operator repository + image: "quay.io/airshipit/hostconfig-operator:latest" + imagePullPolicy: "IfNotPresent" + volumeMounts: + - mountPath: /tmp/ansible-operator/runner + name: runner + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: "airship-host-config" + - name: ANSIBLE_FILTER_PLUGINS + value: /opt/ansible/plugins/filter + - name: ANSIBLE_FORKS + value: "100" + - name: ANSIBLE_GATHERING + value: explicit + - name: ANSIBLE_INVENTORY + value: /opt/ansible/inventory + - name: USER + value: "USERNAME" + - name: PASS + value: "PASSWORD" + - name: SECRET_NAMESPACE + value: "default" + volumes: + - name: runner + emptyDir: {} diff --git a/manifests/function/hostconfig-operator/hostconfig.airshipit.org_hostconfigs_crd.yaml b/manifests/function/hostconfig-operator/hostconfig.airshipit.org_hostconfigs_crd.yaml new file mode 100644 index 0000000..94c33c8 --- /dev/null +++ b/manifests/function/hostconfig-operator/hostconfig.airshipit.org_hostconfigs_crd.yaml @@ -0,0 +1,101 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: hostconfigs.hostconfig.airshipit.org +spec: + group: hostconfig.airshipit.org + names: + kind: HostConfig + listKind: HostConfigList + plural: hostconfigs + singular: hostconfig + shortNames: + - hc + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + spec: + description: "HostConfig Spec to perform hostconfig Opertaions." + type: object + properties: + host_groups: + description: "Array of host_groups to select hosts on which to perform host configuration." + type: array + items: + type: object + description: "Node labels to be given as key value pairs. Values can be given as list." + properties: + name: + type: string + description: "Node label key values for host selection." + values: + type: array + description: "Node label values for host selection." + items: + type: string + required: + - name + - values + match_host_groups: + type: boolean + description: "Set to true to perform an AND opertion of all the host_groups specified." + sequential: + type: boolean + description: "Set to true if the host_groups execution needs to happen in sequence." + reexecute: + type: boolean + description: "Set to true if execution needs to happen on the success nodes as well. Is applicable only when atleast one of the node fails. The execution repeats for all the nodes." + stop_on_failure: + type: boolean + description: "Set to true if any one node configuration fails, to stop the execution of the other nodes as well." + max_hosts_parallel: + type: integer + description: "Set to integer number, stating max how many hosts can execute at the same time." + max_failure_percentage: + type: integer + description: "Set the integer percentage value, to state how much max percentage of hosts can fail for every iteration before stoping the execution." + config: + type: object + description: "The configuration details that needs to be performed on the targeted kubernetes nodes." + properties: + ulimit: + description: "An array of ulimit configuration to be performed on the target nodes." + type: array + items: + type: object + properties: + user: + type: string + type: + type: string + item: + type: string + value: + type: string + required: + - user + - value + - type + - item + sysctl: + description: "An array of sysctl configuration to be performed on the target nodes." + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + required: + - name + - value + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/manifests/function/hostconfig-operator/kustomization.yaml b/manifests/function/hostconfig-operator/kustomization.yaml new file mode 100644 index 0000000..7a9b6fc --- /dev/null +++ b/manifests/function/hostconfig-operator/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - hostconfig.airshipit.org_hostconfigs_crd.yaml + - rbac + - deployment.yaml diff --git a/manifests/function/hostconfig-operator/rbac/cluster_role_binding.yaml b/manifests/function/hostconfig-operator/rbac/cluster_role_binding.yaml new file mode 100644 index 0000000..0b1fd7d --- /dev/null +++ b/manifests/function/hostconfig-operator/rbac/cluster_role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: airship-host-config +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: airship-host-config + namespace: default diff --git a/manifests/function/hostconfig-operator/rbac/kustomization.yaml b/manifests/function/hostconfig-operator/rbac/kustomization.yaml new file mode 100644 index 0000000..467ed99 --- /dev/null +++ b/manifests/function/hostconfig-operator/rbac/kustomization.yaml @@ -0,0 +1,5 @@ +resources: + - service_account.yaml + - role.yaml + - role_binding.yaml + - cluster_role_binding.yaml diff --git a/manifests/function/hostconfig-operator/rbac/role.yaml b/manifests/function/hostconfig-operator/rbac/role.yaml new file mode 100644 index 0000000..a197bf3 --- /dev/null +++ b/manifests/function/hostconfig-operator/rbac/role.yaml @@ -0,0 +1,83 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: airship-host-config +rules: +- apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + - services + - services/finalizers + - endpoints + - persistentvolumeclaims + - events + - configmaps + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - apps + resourceNames: + - airship-host-config + resources: + - deployments/finalizers + verbs: + - update +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + - deployments + verbs: + - get +- apiGroups: + - hostconfig.airshipit.org + resources: + - '*' + - inventories + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/manifests/function/hostconfig-operator/rbac/role_binding.yaml b/manifests/function/hostconfig-operator/rbac/role_binding.yaml new file mode 100644 index 0000000..74c6d55 --- /dev/null +++ b/manifests/function/hostconfig-operator/rbac/role_binding.yaml @@ -0,0 +1,11 @@ +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: airship-host-config +subjects: +- kind: ServiceAccount + name: airship-host-config +roleRef: + kind: Role + name: airship-host-config + apiGroup: rbac.authorization.k8s.io diff --git a/manifests/function/hostconfig-operator/rbac/service_account.yaml b/manifests/function/hostconfig-operator/rbac/service_account.yaml new file mode 100644 index 0000000..85c2b54 --- /dev/null +++ b/manifests/function/hostconfig-operator/rbac/service_account.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: airship-host-config