Skip to content

Commit

Permalink
Move namespace creation, dependent operators installation to playbook
Browse files Browse the repository at this point in the history 
The `sfconfig dev prepare` command is meant to be run multiple times,
however it includes tasks that need to be performed only once, like creating
namespaces and installing the cert-manager and prometheus operators.

Move these tasks into a playbook in tools/microshift and include this
playbook in the current `sfconfig microshift` command (it will be
moved to the new unified CLI later).

Change-Id: I5dd1970391dcab1837359f4c65f1ee9a84127425
  • Loading branch information
@mhuin
mhuin committed Jan 18, 2024
1 parent 52ca0ac commit f42e269
Show file tree
Hide file tree
Showing 3 changed files with 76 additions and 49 deletions.
46 changes: 0 additions & 46 deletions cli/sfconfig/cmd/dev/run.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,11 +67,6 @@ func Run(cmd *cobra.Command) {
Cli: cli,
}
// TODO: only do gerrit when provision demo is on?
EnsureNamespaces(&env)
EnsureMicroshiftWorkarounds(&env)
EnsureCertManager(&env)
// the Prometheus Operator is a dependency of the SF Operator so we must install it regardless of the --with-prometheus flag
EnsurePrometheusOperator(&env)
gerrit.EnsureGerrit(&env, sfconfig.FQDN)
EnsureGerritAccess(sfconfig.FQDN)
if withPrometheus {
Expand Down Expand Up @@ -189,49 +184,8 @@ func EnsureRepo(sfconfig *config.SFConfig, apiKey string, name string) {
utils.RunCmd("git", "-C", path, "reset", "--hard", "origin/master")
}

func EnsureNamespaces(env *utils.ENV) {
// TODO: implement natively
utils.EnsureNamespace(env, env.Ns)
utils.RunCmd("kubectl", "config", "set-context", "microshift", "--namespace="+env.Ns)
utils.RunCmd("kubectl", "label", "--overwrite", "ns", env.Ns, "pod-security.kubernetes.io/enforce=privileged")
utils.RunCmd("kubectl", "label", "--overwrite", "ns", env.Ns, "pod-security.kubernetes.io/enforce-version=v1.24")
utils.RunCmd("oc", "adm", "policy", "add-scc-to-user", "privileged", "-z", "default")

utils.EnsureNamespace(env, "operators")
utils.RunCmd("oc", "adm", "policy", "add-scc-to-user", "privileged", "system:serviceaccount:operators:default")
}

func EnsureMicroshiftWorkarounds(env *utils.ENV) {
// TODO: migrate from Makefile to here
utils.RunCmd("make", "setup-prometheus-operator-serviceaccount", "OPERATOR_NAMESPACE=operators")
}

func EnsureCRD() {
// TODO: implement natively and avoir re-entry
fmt.Println("[+] Installing CRD...")
utils.RunMake("install")
}

func EnsureCertManager(env *utils.ENV) {
// TODO: implement natively
fmt.Println("[+] Installing Cert-Manager...")
utils.RunMake("install-cert-manager")
// Mitigate the issue
// failed calling webhook "mutate.webhooks.cert-manager.io": failed to call webhook: Post "https://cert-manager-webhook-service.operators.svc:443/mutate?timeout=10s": no endpoints available for service "cert-manager-webhook-service"
fmt.Println("[+] Waiting for Cert-Manager")
for i := 0; i < 10; i++ {
if utils.IsCertManagerRunning(env) {
return
}
time.Sleep(6 * time.Second)
}
panic("cert-manager didn't become ready")
}

func EnsurePrometheusOperator(env *utils.ENV) {
fmt.Println("[+] Installing prometheus-operator...")
err := sfprometheus.EnsurePrometheusOperator(env)
if err != nil {
panic(fmt.Errorf("could not install prometheus-operator: %s", err))
}
}
26 changes: 23 additions & 3 deletions cli/sfconfig/cmd/microshift.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,18 +25,21 @@ var microshiftCmd = &cobra.Command{
Run: func(cmd *cobra.Command, args []string) {
skipLocalSetup, _ := cmd.Flags().GetBool("skip-local-setup")
skipDeploy, _ := cmd.Flags().GetBool("skip-deploy")
skipPostInstall, _ := cmd.Flags().GetBool("skip-post-install")

ansiblePlaybookOptions := &playbook.AnsiblePlaybookOptions{
Inventory: inventory,
}

var err error

// Here we ensure we have the ansible-microshift-role available
microshiftRoleSetup := &playbook.AnsiblePlaybookCmd{
Playbooks: []string{"tools/microshift/ansible-microshift-role.yaml"},
Options: ansiblePlaybookOptions,
}
fmt.Println(microshiftRoleSetup)
err := microshiftRoleSetup.Run(context.TODO())
err = microshiftRoleSetup.Run(context.TODO())
if err != nil {
panic(err)
}
Expand All @@ -48,25 +51,41 @@ var microshiftCmd = &cobra.Command{
Options: ansiblePlaybookOptions,
}
fmt.Println(localSetup)
err := localSetup.Run(context.TODO())
err = localSetup.Run(context.TODO())
if err != nil {
panic(err)
}
}

// Here we setup the remote microshift machine and we fetch a working kube/config
if !skipDeploy {

ansiblePlaybookOptions.ExtraVarsFile = []string{"@tools/microshift/group_vars/all.yaml"}
deploy := &playbook.AnsiblePlaybookCmd{
Playbooks: []string{"tools/microshift/deploy-microshift.yaml"},
Options: ansiblePlaybookOptions,
}
fmt.Println(deploy)
err := deploy.Run(context.TODO())
err = deploy.Run(context.TODO())
if err != nil {
panic(err)
}
}

// Prepare namespaces and install required operators
if !skipPostInstall {
ansiblePlaybookOptions.ExtraVarsFile = []string{"@tools/microshift/group_vars/all.yaml"}
postinstall := &playbook.AnsiblePlaybookCmd{
Playbooks: []string{"tools/microshift/post-install.yaml"},
Options: ansiblePlaybookOptions,
}
fmt.Println(postinstall)
err = postinstall.Run(context.TODO())
if err != nil {
panic(err)
}
}

},
}

Expand All @@ -75,4 +94,5 @@ func init() {
microshiftCmd.Flags().StringVarP(&inventory, "inventory", "i", "", "Specify ansible playbook inventory")
microshiftCmd.Flags().BoolP("skip-local-setup", "", false, "do not install local requirements")
microshiftCmd.Flags().BoolP("skip-deploy", "", false, "do not deploy microshift")
microshiftCmd.Flags().BoolP("skip-post-install", "", false, "do not setup namespaces and install operator dependencies")
}
53 changes: 53 additions & 0 deletions tools/microshift/post-install.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
- hosts: microshift
tasks:
- name: Create namespaces
ansible.builtin.shell: kubectl get namespace {{ item }} || kubectl create namespace {{ item }}
loop:
- operators
- sf
- nodepool
- name: Ensure kubectl context is correct
ansible.builtin.command: kubectl config set-context microshift --namespace=sf
- name: Set sf namespace labels
ansible.builtin.command: kubectl label --overwrite ns sf {{ item }}
loop:
- "pod-security.kubernetes.io/enforce=privileged"
- "pod-security.kubernetes.io/enforce-version=v1.24"
- name: Set privileges on sf namespace
ansible.builtin.command: oc adm policy add-scc-to-user privileged -z default
- name: Set service accounts privileges
ansible.builtin.command: oc adm policy add-scc-to-user privileged system:serviceaccount:{{ item.namespace }}:{{ item.serviceaccount }}
loop:
- namespace: operators
serviceaccount: default
- namespace: operators
serviceaccount: prometheus-operator
# TODO we do this so that this playbook doesn't rely on a local copy of the repo. There may be a better way to do that.
- name: Ensure certmanager operator is installed
block:
- name: Apply certmanager subscription
ansible.builtin.command: kubectl apply -f https://raw.githubusercontent.com/softwarefactory-project/sf-operator/master/olm-deps/cert-manager.yaml
- name: Wait for pod to be ready
ansible.builtin.command: >
kubectl wait --for=condition=Ready --timeout 5s pods
-l app.kubernetes.io/instance=cert-manager -n operators
register: ready_cm
until:
- '"condition met" in ready_cm.stdout'
- ready_cm.rc == 0
retries: 60
delay: 5
- name: Ensure prometheus operator is installed
block:
- name: Apply prometheus-operator subscription
ansible.builtin.command: kubectl apply -f https://raw.githubusercontent.com/softwarefactory-project/sf-operator/master/olm-deps/prometheus/prometheus-subscription.yaml
- name: Wait for pod to be ready
ansible.builtin.command: >
kubectl wait --for=condition=Ready --timeout 5s pods
-l app.kubernetes.io/name=prometheus-operator -n operators
register: ready_po
until:
- '"condition met" in ready_po.stdout'
- ready_po.rc == 0
retries: 60
delay: 5

0 comments on commit f42e269

Please sign in to comment.