diff --git a/config/crd/bases/eda.ansible.com_edas.yaml b/config/crd/bases/eda.ansible.com_edas.yaml index ffa9fd01..a7791438 100644 --- a/config/crd/bases/eda.ansible.com_edas.yaml +++ b/config/crd/bases/eda.ansible.com_edas.yaml @@ -2392,6 +2392,7 @@ spec: description: The ingress type to use to reach the deployed instance type: string enum: + - None - none - Ingress - ingress diff --git a/dev/catalogsource.yaml b/dev/catalogsource.yaml new file mode 100644 index 00000000..8277ad1b --- /dev/null +++ b/dev/catalogsource.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: operators.coreos.com/v1alpha1 +kind: CatalogSource +metadata: + name: dev-eda-operator + namespace: partner-eda +spec: + displayName: 'Ansible Dev EDA Operator' + image: "quay.io/ansible/eda-server-operator-catalog:0.0.2" + publisher: 'Ansible EDA Dev Team' + sourceType: grpc diff --git a/dev/eda-cr/eda-k8s-ing.yml b/dev/eda-cr/eda-k8s-ing.yml new file mode 100644 index 00000000..d8bbc143 --- /dev/null +++ b/dev/eda-cr/eda-k8s-ing.yml @@ -0,0 +1,68 @@ +apiVersion: eda.ansible.com/v1alpha1 +kind: EDA +metadata: + name: eda +spec: + automation_server_url: https://awx-awx.apps.aap-dev.ocp4.testing.ansible.com + automation_server_ssl_verify: 'no' + service_type: ClusterIP + ingress_type: Ingress + no_log: false + image_pull_policy: Always + image_pull_secrets: + - redhat-operators-pull-secret + admin_password_secret: custom-admin-password + + # -- Example image overrides + # image: quay.io/ansible/eda-server + # image_version: main + # image_web: quay.io/ansible/eda-ui + # image_web_version: 2.4.300 + # image_web: quay.io/ansible/eda-ui + # image_web_version: latest + # image: quay.io/developer/eda-server + # image_version: dev + + # -- Example extra settings + extra_settings: + - setting: EDA_MAX_RUNNING_ACTIVATIONS + value: '11' + - setting: DEFAULT_PULL_POLICY + value: "Always" + + # CA Bundle + bundle_cacert_secret: my-custom-certs + + # -- Resource Requirements + api: + replicas: 1 + resource_requirements: + requests: {} + ui: + replicas: 1 + resource_requirements: + requests: {} + scheduler: + replicas: 1 + resource_requirements: + requests: {} + default_worker: + replicas: 2 + resource_requirements: + requests: {} + activation_worker: + replicas: 3 + resource_requirements: + requests: {} + + database: + resource_requirements: + requests: + cpu: 50m + memory: 128Mi + # worker: + # replicas: 2 + # resource_requirements: + # requests: + # cpu: 50m + # memory: 128Mi diff --git a/dev/eda-cr/eda-k8s-nodeport-cr.yml b/dev/eda-cr/eda-k8s-nodeport-cr.yml new file mode 100644 index 00000000..9f443ad5 --- /dev/null +++ b/dev/eda-cr/eda-k8s-nodeport-cr.yml @@ -0,0 +1,68 @@ +apiVersion: eda.ansible.com/v1alpha1 +kind: EDA +metadata: + name: eda +spec: + automation_server_url: https://awx-awx.apps.aap-dev.ocp4.testing.ansible.com + automation_server_ssl_verify: 'no' + service_type: NodePort + ingress_type: None + no_log: false + image_pull_policy: Always + image_pull_secrets: + - redhat-operators-pull-secret + admin_password_secret: custom-admin-password + + # -- Example image overrides + # image: quay.io/ansible/eda-server + # image_version: main + # image_web: quay.io/ansible/eda-ui + # image_web_version: 2.4.300 + # image_web: quay.io/ansible/eda-ui + # image_web_version: latest + # image: quay.io/developer/eda-server + # image_version: dev + + # -- Example extra settings + extra_settings: + - setting: EDA_MAX_RUNNING_ACTIVATIONS + value: '11' + - setting: DEFAULT_PULL_POLICY + value: "Always" + + # CA Bundle + bundle_cacert_secret: my-custom-certs + + # -- Resource Requirements + api: + replicas: 1 + resource_requirements: + requests: {} + ui: + replicas: 1 + resource_requirements: + requests: {} + scheduler: + replicas: 1 + resource_requirements: + requests: {} + default_worker: + replicas: 2 + resource_requirements: + requests: {} + activation_worker: + replicas: 3 + resource_requirements: + requests: {} + + database: + resource_requirements: + requests: + cpu: 50m + memory: 128Mi + # worker: + # replicas: 2 + # resource_requirements: + # requests: + # cpu: 50m + # memory: 128Mi diff --git a/dev/eda-cr/eda-openshift-cr.yml b/dev/eda-cr/eda-openshift-cr.yml new file mode 100644 index 00000000..86346783 --- /dev/null +++ b/dev/eda-cr/eda-openshift-cr.yml @@ -0,0 +1,68 @@ +apiVersion: eda.ansible.com/v1alpha1 +kind: EDA +metadata: + name: eda +spec: + automation_server_url: https://awx-awx.apps.aap-dev.ocp4.testing.ansible.com + automation_server_ssl_verify: 'no' + service_type: ClusterIP + ingress_type: Route + no_log: false + image_pull_policy: Always + image_pull_secrets: + - redhat-operators-pull-secret + admin_password_secret: custom-admin-password + + # -- Example image overrides + # image: quay.io/ansible/eda-server + # image_version: main + # image_web: quay.io/ansible/eda-ui + # image_web_version: 2.4.300 + # image_web: quay.io/ansible/eda-ui + # image_web_version: latest + # image: quay.io/developer/eda-server + # image_version: dev + + # -- Example extra settings + extra_settings: + - setting: EDA_MAX_RUNNING_ACTIVATIONS + value: '11' + - setting: DEFAULT_PULL_POLICY + value: "Always" + + # CA Bundle + bundle_cacert_secret: my-custom-certs + + # -- Resource Requirements + api: + replicas: 1 + resource_requirements: + requests: {} + ui: + replicas: 1 + resource_requirements: + requests: {} + scheduler: + replicas: 1 + resource_requirements: + requests: {} + default_worker: + replicas: 2 + resource_requirements: + requests: {} + activation_worker: + replicas: 3 + resource_requirements: + requests: {} + + database: + resource_requirements: + requests: + cpu: 50m + memory: 128Mi + # worker: + # replicas: 2 + # resource_requirements: + # requests: + # cpu: 50m + # memory: 128Mi diff --git a/dev/eda-cr/eda-resource-quota-cr.yml b/dev/eda-cr/eda-resource-quota-cr.yml new file mode 100644 index 00000000..ec8ed935 --- /dev/null +++ b/dev/eda-cr/eda-resource-quota-cr.yml @@ -0,0 +1,54 @@ +apiVersion: eda.ansible.com/v1alpha1 +kind: EDA +metadata: + name: eda-prod +spec: + automation_server_url: https://awx-awx.apps.aap-dev.ocp4.testing.ansible.com + automation_server_ssl_verify: 'no' + service_type: ClusterIP + ingress_type: Route + no_log: false + image_pull_policy: Always + + api: + replicas: 1 + resource_requirements: + requests: + cpu: 50m + memory: 350Mi + ui: + replicas: 1 + resource_requirements: + requests: + cpu: 25m + memory: 64Mi + scheduler: + replicas: 1 + resource_requirements: + requests: + cpu: 50m + memory: 256Mi + database: + resource_requirements: + requests: + cpu: 50m + memory: 128Mi + worker: + replicas: 5 + resource_requirements: + requests: + cpu: 25m + memory: 200Mi + + default_worker: + replicas: 2 + resource_requirements: + requests: + cpu: 25m + memory: 200Mi + activation_worker: + replicas: 5 + resource_requirements: + requests: + cpu: 25m + memory: 150Mi diff --git a/dev/eda-cr/lightweight-eda.yml b/dev/eda-cr/lightweight-eda.yml new file mode 100644 index 00000000..d1f08f73 --- /dev/null +++ b/dev/eda-cr/lightweight-eda.yml @@ -0,0 +1,30 @@ +--- +apiVersion: eda.ansible.com/v1alpha1 +kind: EDA +metadata: + name: eda +spec: + extra_settings: + - setting: GIT_SSL_NO_VERIFY + value: "true" + + api: + replicas: 1 + resource_requirements: + requests: {} + ui: + replicas: 1 + resource_requirements: + requests: {} + schedular: + replicas: 1 + resource_requirements: + requests: {} + default_worker: + replicas: 2 + resource_requirements: + requests: {} + activation_worker: + replicas: 3 + resource_requirements: + requests: {} diff --git a/dev/samples/awx-connection-secret.yml b/dev/samples/awx-connection-secret.yml new file mode 100644 index 00000000..8ef7ad37 --- /dev/null +++ b/dev/samples/awx-connection-secret.yml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: awx-connection-secret +stringData: + url: 'https://example-awx-awx.apps.aap-dev.ocp4.testing.ansible.com' + token: 'redacted-token-value' + ssl_verify: 'no' diff --git a/dev/secrets/admin-password-secret.yml b/dev/secrets/admin-password-secret.yml new file mode 100644 index 00000000..8c8a324a --- /dev/null +++ b/dev/secrets/admin-password-secret.yml @@ -0,0 +1,8 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: custom-admin-password +stringData: + password: password + diff --git a/dev/secrets/custom-db-fields-encryption-secret.yml b/dev/secrets/custom-db-fields-encryption-secret.yml new file mode 100644 index 00000000..b05688a5 --- /dev/null +++ b/dev/secrets/custom-db-fields-encryption-secret.yml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: custom-secret-key +stringData: + secret_key: supersecuresecretkey diff --git a/dev/secrets/custom-pg-secret.yml b/dev/secrets/custom-pg-secret.yml new file mode 100644 index 00000000..97c690ae --- /dev/null +++ b/dev/secrets/custom-pg-secret.yml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: custom-pg-secret +stringData: + database: 'eda' + host: 'ca-postgres' + password: 'test' + port: '5432' + type: 'managed' + username: 'eda' + diff --git a/docs/development.md b/docs/development.md new file mode 100644 index 00000000..c286be34 --- /dev/null +++ b/docs/development.md @@ -0,0 +1,63 @@ +# Development Guide + +There are development scripts and yaml exaples in the (`dev/`)[../dev] directory that, along with the up.sh and down.sh scripts in the root of the repo, can be used to build, deploy and test changes made to the eda-server-operator. + + +## Build and Deploy + + +If you clone the repo, and make sure you are logged in at the CLI with oc and your cluster, you can run: + +``` +export QUAY_USER=username +export NAMESPACE=eda +export TAG=test +./up.sh +``` + +You can add those variables to your .bashrc file so that you can just run `./up.sh` in the future. + +> Note: the first time you run this, it will create quay.io repos on your fork. You will need to either make those public, or create a global pull secret on your Openshift cluster. + +To get the URL, if on **Openshift**, run: + +``` +$ oc get route +``` + +On **k8s with ingress**, run: + +``` +$ kubectl get ing +``` + +On **k8s with nodeport**, run: + +``` +$ kubectl get svc +``` + +The URL is then `http://:` + +> Note: NodePort will only work if you expose that port on your underlying k8s node, or are accessing it from localhost. + +By default, the usename and password will be admin and password if using the `up.sh` script because it pre-creates a custom admin password k8s secret and specifies it on the EDA custom resource spec. Without that, a password would have been generated and stored in a k8s secret named -admin-password. + +## Clean up + + +Same thing for cleanup, just run ./down.sh and it will clean up your namespace on that cluster + + +``` +./down.sh +``` + +## Running CI tests locally + + +``` +make lint +``` + +More tests coming soon... diff --git a/down.sh b/down.sh new file mode 100755 index 00000000..2abc99e9 --- /dev/null +++ b/down.sh @@ -0,0 +1,29 @@ +#!/bin/bash +# EDA Operator down.sh + +# -- Usage +# NAMESPACE=eda ./down.sh + +# -- Variables +NAMESPACE=${NAMESPACE:-eda} +TAG=${TAG:-dev} +QUAY_USER=${QUAY_USER:-developer} +IMG=quay.io/$QUAY_USER/eda-server-operator:$TAG +EDA_CR=${EDA_CR:-eda} + + +# -- Delete Backups +kubectl delete edabackup --all + +# -- Delete Restores +kubectl delete edarestore --all + +# Delete old operator deployment +kubectl delete deployment eda-server-operator-controller-manager + +# Deploy Operator +make undeploy IMG=$IMG NAMESPACE=$NAMESPACE + +# Remove PVCs +kubectl delete pvc postgres-15-$EDA_CR-postgres-15-0 + diff --git a/up.sh b/up.sh new file mode 100755 index 00000000..233641f6 --- /dev/null +++ b/up.sh @@ -0,0 +1,121 @@ +#!/bin/bash +# EDA Operator up.sh + +# -- Usage +# NAMESPACE=eda TAG=dev QUAY_USER=developer ./up.sh + +# -- User Variables +NAMESPACE=${NAMESPACE:-eda} +QUAY_USER=${QUAY_USER:-developer} +TAG=${TAG:-$(git rev-parse --short HEAD)} +DEV_TAG=${DEV_TAG:-dev} +DEV_TAG_PUSH=${DEV_TAG_PUSH:-true} + +# -- Container Build Engine (podman or docker) +ENGINE=${ENGINE:-podman} + +# -- Variables +IMG=quay.io/$QUAY_USER/eda-server-operator +KUBE_APPLY="kubectl apply -n $NAMESPACE -f" + +# -- Wait for existing project to be deleted +# Function to check if the namespace is in terminating state +is_namespace_terminating() { + oc get namespace $NAMESPACE 2>/dev/null | grep -q 'Terminating' + return $? +} + +# Check if the namespace exists and is in terminating state +if kubectl get namespace $NAMESPACE 2>/dev/null; then + echo "Namespace $NAMESPACE exists." + + if is_namespace_terminating; then + echo "Namespace $NAMESPACE is in terminating state. Waiting for it to be fully terminated..." + while is_namespace_terminating; do + sleep 5 + done + echo "Namespace $NAMESPACE has been terminated." + fi +fi + + +# -- Create namespace +kubectl create namespace $NAMESPACE + + +# -- Prepare + +# Set imagePullPolicy to Always +files=( + config/manager/manager.yaml +) +for file in "${files[@]}"; do + if grep -qF 'imagePullPolicy: IfNotPresent' ${file}; then + sed -i -e "s|imagePullPolicy: IfNotPresent|imagePullPolicy: Always|g" ${file}; + fi +done + + +# Delete old operator deployment +oc delete deployment eda-server-operator-controller-manager + +# Create secrets +$KUBE_APPLY dev/secrets/custom-pg-secret.yml +$KUBE_APPLY dev/secrets/custom-db-fields-encryption-secret.yml +$KUBE_APPLY dev/secrets/admin-password-secret.yml + + +# Create Secrets for testing bundle_cacert_secret +kubectl create -n $NAMESPACE secret generic my-custom-certs --from-file=bundle-ca.crt=/etc/pki/tls/cert.pem + + +# -- Login to Quay.io +$ENGINE login quay.io + +if [ $ENGINE = 'podman' ]; then + if [ -f "$XDG_RUNTIME_DIR/containers/auth.json" ] ; then + REGISTRY_AUTH_CONFIG=$XDG_RUNTIME_DIR/containers/auth.json + echo "Found registry auth config: $REGISTRY_AUTH_CONFIG" + elif [ -f $HOME/.config/containers/auth.json ] ; then + REGISTRY_AUTH_CONFIG=$HOME/.config/containers/auth.json + echo "Found registry auth config: $REGISTRY_AUTH_CONFIG" + elif [ -f "/home/$USER/.docker/config.json" ] ; then + REGISTRY_AUTH_CONFIG=/home/$USER/.docker/config.json + echo "Found registry auth config: $REGISTRY_AUTH_CONFIG" + else + echo "No Podman configuration files were found." + fi +fi + +if [ $ENGINE = 'docker' ]; then + if [ -f "/home/$USER/.docker/config.json" ] ; then + REGISTRY_AUTH_CONFIG=/home/$USER/.docker/config.json + echo "Found registry auth config: $REGISTRY_AUTH_CONFIG" + else + echo "No Docker configuration files were found." + fi +fi + + +# -- Build & Push Operator Image +echo "Preparing to build $IMG:$TAG ($IMG:$DEV_TAG) with $ENGINE..." +sleep 3 +make docker-build docker-push IMG=$IMG + +# Tag and Push DEV_TAG Image when DEV_TAG_PUSH is 'True' +if $DEV_TAG_PUSH ; then + $ENGINE tag $IMG:$TAG $IMG:$DEV_TAG + make docker-push IMG=$IMG:$DEV_TAG +fi + +# -- Deploy Operator +make deploy IMG=$IMG NAMESPACE=$NAMESPACE + + +# -- Create CR +# uncomment the CR you want to use +# $KUBE_APPLY dev/eda-cr/eda-openshift-cr.yml +$KUBE_APPLY dev/eda-cr/eda-k8s-ing.yml +# $KUBE_APPLY dev/eda-cr/eda-k8s-nodeport-cr.yml +# $KUBE_APPLY dev/eda-cr/eda-resource-quota-cr.yml +# $KUBE_APPLY dev/eda-cr/lightweight-eda.yml