diff --git a/cli/sfconfig/cmd/dev/run.go b/cli/sfconfig/cmd/dev/run.go index 7081a3c7..bd7ab65c 100644 --- a/cli/sfconfig/cmd/dev/run.go +++ b/cli/sfconfig/cmd/dev/run.go @@ -67,11 +67,6 @@ func Run(cmd *cobra.Command) { Cli: cli, } // TODO: only do gerrit when provision demo is on? - EnsureNamespaces(&env) - EnsureMicroshiftWorkarounds(&env) - EnsureCertManager(&env) - // the Prometheus Operator is a dependency of the SF Operator so we must install it regardless of the --with-prometheus flag - EnsurePrometheusOperator(&env) gerrit.EnsureGerrit(&env, sfconfig.FQDN) EnsureGerritAccess(sfconfig.FQDN) if withPrometheus { @@ -189,49 +184,8 @@ func EnsureRepo(sfconfig *config.SFConfig, apiKey string, name string) { utils.RunCmd("git", "-C", path, "reset", "--hard", "origin/master") } -func EnsureNamespaces(env *utils.ENV) { - // TODO: implement natively - utils.EnsureNamespace(env, env.Ns) - utils.RunCmd("kubectl", "config", "set-context", "microshift", "--namespace="+env.Ns) - utils.RunCmd("kubectl", "label", "--overwrite", "ns", env.Ns, "pod-security.kubernetes.io/enforce=privileged") - utils.RunCmd("kubectl", "label", "--overwrite", "ns", env.Ns, "pod-security.kubernetes.io/enforce-version=v1.24") - utils.RunCmd("oc", "adm", "policy", "add-scc-to-user", "privileged", "-z", "default") - - utils.EnsureNamespace(env, "operators") - utils.RunCmd("oc", "adm", "policy", "add-scc-to-user", "privileged", "system:serviceaccount:operators:default") -} - -func EnsureMicroshiftWorkarounds(env *utils.ENV) { - // TODO: migrate from Makefile to here - utils.RunCmd("make", "setup-prometheus-operator-serviceaccount", "OPERATOR_NAMESPACE=operators") -} - func EnsureCRD() { // TODO: implement natively and avoir re-entry fmt.Println("[+] Installing CRD...") utils.RunMake("install") } - -func EnsureCertManager(env *utils.ENV) { - // TODO: implement natively - fmt.Println("[+] Installing Cert-Manager...") - utils.RunMake("install-cert-manager") - // Mitigate the issue - // failed calling webhook "mutate.webhooks.cert-manager.io": failed to call webhook: Post "https://cert-manager-webhook-service.operators.svc:443/mutate?timeout=10s": no endpoints available for service "cert-manager-webhook-service" - fmt.Println("[+] Waiting for Cert-Manager") - for i := 0; i < 10; i++ { - if utils.IsCertManagerRunning(env) { - return - } - time.Sleep(6 * time.Second) - } - panic("cert-manager didn't become ready") -} - -func EnsurePrometheusOperator(env *utils.ENV) { - fmt.Println("[+] Installing prometheus-operator...") - err := sfprometheus.EnsurePrometheusOperator(env) - if err != nil { - panic(fmt.Errorf("could not install prometheus-operator: %s", err)) - } -} diff --git a/cli/sfconfig/cmd/microshift.go b/cli/sfconfig/cmd/microshift.go index d6fd3c76..f8b81e91 100644 --- a/cli/sfconfig/cmd/microshift.go +++ b/cli/sfconfig/cmd/microshift.go @@ -25,18 +25,21 @@ var microshiftCmd = &cobra.Command{ Run: func(cmd *cobra.Command, args []string) { skipLocalSetup, _ := cmd.Flags().GetBool("skip-local-setup") skipDeploy, _ := cmd.Flags().GetBool("skip-deploy") + skipPostInstall, _ := cmd.Flags().GetBool("skip-post-install") ansiblePlaybookOptions := &playbook.AnsiblePlaybookOptions{ Inventory: inventory, } + var err error + // Here we ensure we have the ansible-microshift-role available microshiftRoleSetup := &playbook.AnsiblePlaybookCmd{ Playbooks: []string{"tools/microshift/ansible-microshift-role.yaml"}, Options: ansiblePlaybookOptions, } fmt.Println(microshiftRoleSetup) - err := microshiftRoleSetup.Run(context.TODO()) + err = microshiftRoleSetup.Run(context.TODO()) if err != nil { panic(err) } @@ -48,7 +51,7 @@ var microshiftCmd = &cobra.Command{ Options: ansiblePlaybookOptions, } fmt.Println(localSetup) - err := localSetup.Run(context.TODO()) + err = localSetup.Run(context.TODO()) if err != nil { panic(err) } @@ -56,17 +59,33 @@ var microshiftCmd = &cobra.Command{ // Here we setup the remote microshift machine and we fetch a working kube/config if !skipDeploy { + ansiblePlaybookOptions.ExtraVarsFile = []string{"@tools/microshift/group_vars/all.yaml"} deploy := &playbook.AnsiblePlaybookCmd{ Playbooks: []string{"tools/microshift/deploy-microshift.yaml"}, Options: ansiblePlaybookOptions, } fmt.Println(deploy) - err := deploy.Run(context.TODO()) + err = deploy.Run(context.TODO()) if err != nil { panic(err) } } + + // Prepare namespaces and install required operators + if !skipPostInstall { + ansiblePlaybookOptions.ExtraVarsFile = []string{"@tools/microshift/group_vars/all.yaml"} + postinstall := &playbook.AnsiblePlaybookCmd{ + Playbooks: []string{"tools/microshift/post-install.yaml"}, + Options: ansiblePlaybookOptions, + } + fmt.Println(postinstall) + err = postinstall.Run(context.TODO()) + if err != nil { + panic(err) + } + } + }, } @@ -75,4 +94,5 @@ func init() { microshiftCmd.Flags().StringVarP(&inventory, "inventory", "i", "", "Specify ansible playbook inventory") microshiftCmd.Flags().BoolP("skip-local-setup", "", false, "do not install local requirements") microshiftCmd.Flags().BoolP("skip-deploy", "", false, "do not deploy microshift") + microshiftCmd.Flags().BoolP("skip-post-install", "", false, "do not setup namespaces and install operator dependencies") } diff --git a/tools/microshift/post-install.yaml b/tools/microshift/post-install.yaml new file mode 100644 index 00000000..09f4343c --- /dev/null +++ b/tools/microshift/post-install.yaml @@ -0,0 +1,53 @@ +- hosts: microshift + tasks: + - name: Create namespaces + ansible.builtin.shell: kubectl get namespace {{ item }} || kubectl create namespace {{ item }} + loop: + - operators + - sf + - nodepool + - name: Ensure kubectl context is correct + ansible.builtin.command: kubectl config set-context microshift --namespace=sf + - name: Set sf namespace labels + ansible.builtin.command: kubectl label --overwrite ns sf {{ item }} + loop: + - "pod-security.kubernetes.io/enforce=privileged" + - "pod-security.kubernetes.io/enforce-version=v1.24" + - name: Set privileges on sf namespace + ansible.builtin.command: oc adm policy add-scc-to-user privileged -z default + - name: Set service accounts privileges + ansible.builtin.command: oc adm policy add-scc-to-user privileged system:serviceaccount:{{ item.namespace }}:{{ item.serviceaccount }} + loop: + - namespace: operators + serviceaccount: default + - namespace: operators + serviceaccount: prometheus-operator + # TODO we do this so that this playbook doesn't rely on a local copy of the repo. There may be a better way to do that. + - name: Ensure certmanager operator is installed + block: + - name: Apply certmanager subscription + ansible.builtin.command: kubectl apply -f https://raw.githubusercontent.com/softwarefactory-project/sf-operator/master/olm-deps/cert-manager.yaml + - name: Wait for pod to be ready + ansible.builtin.command: > + kubectl wait --for=condition=Ready --timeout 5s pods + -l app.kubernetes.io/instance=cert-manager -n operators + register: ready_cm + until: + - '"condition met" in ready_cm.stdout' + - ready_cm.rc == 0 + retries: 60 + delay: 5 + - name: Ensure prometheus operator is installed + block: + - name: Apply prometheus-operator subscription + ansible.builtin.command: kubectl apply -f https://raw.githubusercontent.com/softwarefactory-project/sf-operator/master/olm-deps/prometheus/prometheus-subscription.yaml + - name: Wait for pod to be ready + ansible.builtin.command: > + kubectl wait --for=condition=Ready --timeout 5s pods + -l app.kubernetes.io/name=prometheus-operator -n operators + register: ready_po + until: + - '"condition met" in ready_po.stdout' + - ready_po.rc == 0 + retries: 60 + delay: 5 \ No newline at end of file