A Kubernetes Operator based on the Operator SDK for installing and reconciling Integreatly products.
This is a proof of concept/alpha version. Most functionality is present but it is highly likely there are bugs and improvements needed.
Currently the operator installs the following products:
- AMQ Online
- AMQ Streams
- Codeready
- Fuse
- Launcher
- Nexus
- RHSSO (both a cluster instance and a user instance)
- 3scale
- Integreatly solution explorer
- operator-sdk version v0.12.0.
- go version 1.13.4+
- moq
- oc version v3.11+
- Access to an Openshift v4.2.0+ cluster
- A user with administrative privileges in the OpenShift cluster
- AWS account with permissions to create S3 buckets
After installation, the following commands must be run to avoid a known issue related to the Moq package:
go get -u .
go install github.com/matryer/moq
Download the integreatly-operator project:
mkdir -p $GOPATH/src/github.com/integr8ly
cd $GOPATH/src/github.com/integr8ly
git clone https://github.com/integr8ly/integreatly-operator
cd integreatly-operatorSome products require certain credentials to be present in the namespace before installation can proceed:
- RHSSO requires Github OAuth credentials to create a Github Identity Provider for Launcher (see here for creating a Github OAuth app) and Codeready
Note: If this secret isn't created, the integreatly preflight checks will fail
# The project name for the integreatly operator to watch
export NAMESPACE="integreatly-test"
# RHSSO requires Github OAuth credentials to setup a Github identity provider
# for Fabric8 Launcher and Codeready
export GH_CLIENT_ID=<client id>
export GH_CLIENT_SECRET=<client secret>
# Bootstrap the project
make cluster/prepare/local- 3Scale requires SMTP credentials to be able to send mail to users.
Note: If this secret isn't created, the integreatly preflight checks will fail
kubectl apply -f - <<EOF
kind: Secret
apiVersion: v1
metadata:
name: rhmi-smtp-two
labels:
owner: integreatly
stringData:
host: smtp.sendgrid.net
password: <SENDGRID_SUB_USER_API_KEY>
port: "587"
tls: "true"
username: apikey
type: Opaque
EOF- 3scale requires AWS S3 bucket credentials for storage. The bucket should have all public access turned off.
Currently this secret (
threescale-blobstorage-<installation-name>) is created with dummy credentials by the cloud resource operator, in the namespace the integreatly operator is deployed into. In order for this feature to work, these credentials should be replaced:- bucketName: The name of the AWS bucket
- bucketRegion: The AWS region where the bucket has been created
- credentialKeyID: The AWS access key
- credentialSecretKey: The AWS secret key
You can use this command to replace S3 credentials in 3Scale secret:
oc process -f deploy/s3-secret.yaml -p AWS_ACCESS_KEY_ID=<YOURID> -p AWS_SECRET_ACCESS_KEY=<YOURKEY> -p AWS_BUCKET=<YOURBUCKET> -p AWS_REGION=eu-west-1 -p NAMESPACE=<integreatly-operator-namespace> -p NAME=threescale-blobstorage-<installation-name> | oc replace -f -- Backup jobs require AWS S3 bucket credentials for storage. A
backups-s3-credentialsSecret is created the same way as a 3Scale secret described above.
You can use this command to replace S3 credentials in backup secret:
oc process -f deploy/s3-secret.yaml -p AWS_ACCESS_KEY_ID=<YOURID> -p AWS_SECRET_ACCESS_KEY=<YOURKEY> -p AWS_BUCKET=<YOURBUCKET> -p AWS_REGION=eu-west-1 -p NAMESPACE=<integreatly-operator-namespace> | oc replace -f -An Installation custom resource can now be created which will kick of the installation of the integreatly products, once the operator is running:
# Create the installation custom resource definition
oc create -f deploy/crds/installation.crd.yaml
# Create the installation custom resource
oc create -f deploy/crds/examples/installation.cr.yaml
# The operator can now be run locally
make code/runNote: if an operator doesn't find Installation resource, it will create one (Name: integreatly-operator).
In the OpenShift UI, in Projects > integreatly-rhsso > Networking > Routes, select the sso route to open up the SSO login page.
make cluster/prepare/localLog in to RHSSO (see above) and click Identity Providers in the left sidebar. In the Github identity provider, find the Redirect URI and paste this URL into the Homepage URL and Authorization callback URL fields of your Github OAuth app.
Make sure to export the variables above (see local setup), then run:
make cluster/prepareWithin a few minutes, the Integreatly operator should be visible in the OperatorHub (Catalog > OperatorHub). To create a new subscription, click on the Install button, choose to install the operator in the created namespace and keep the approval strategy on automatic.
Once the subscription shows a status of installed, a new Integreatly Installation custom resource can be created which will begin to install the supported products.
In Catalog > Developer Catalog, choose the Integreatly Installation and click create. An example installation CR can be found below:
apiVersion: integreatly.org/v1alpha1
kind: Installation
metadata:
name: example-installation
spec:
type: workshop
namespacePrefix: redhat-rhmi-
selfSignedCerts: true
useClusterStorage: true
smtpSecret: rhmi-smtpTo setup your cluster to have dedicated admins run the ./scripts/setup-htpass-idp.sh script which creates htpasswd identity provider and creates users.
Running unit tests:
make test/unitIf you want to test your changes on a cluster, the easiest solution would be to spin up OSD 4 cluster using OCM CLI:
- Download the CLI tool and add it to your PATH
- Export OCM_TOKEN:
export OCM_TOKEN="<TOKEN_VALUE>" - Create cluster template:
make ocm/cluster.json.
This command will generate ocm/cluster.json file with generated cluster name. This file will be used as a template to create your cluster via OCM CLI.
By default, it will set the expiration timestamp for a cluster for 4 hours, meaning your cluster will be automatically deleted after 4 hours after you generated this template. If you want to change the default timestamp, you can update it in ocm/cluster.json or delete the whole line from the file if you don't want your cluster to be deleted automatically at all.
- Create the cluster:
make ocm/cluster/create.
This command will send a request to Red Hat OpenShift Cluster Manager to spin up your cluster and waits until it's ready. You can see the details of your cluster in ocm/cluster-details.json file
- Once your cluster is ready, OpenShift Console URL will be printed out together with the
kubeadminuser & password. These are also saved toocm/cluster-credentials.jsonfile. Also there will beocm/cluster.kubeconfigfile created that you can use for runningoccommands right away, for example, for listing all projects on your OpenShift cluster:
oc --config ocm/cluster.kubeconfig projects
-
If you want to install the latest released RHMI, you can trigger it by applying an RHMI addon. Run
make ocm/install/rhmi-addonto trigger the installation. Once the installation is completed, the installation CR with RHMI components info will be printed to the console. -
If you want to delete your cluster, run
make ocm/cluster/delete
Update the operator version in the following files:
-
Update version/version.go (
Version = "<version>") -
Update
TAGandPREVIOUS_TAG(the previous version) in the Makefile -
Update the operator image version in deploy/operator.yaml (
image: quay.io/integreatly/integreatly-operator:v<version>) -
Generate a new CSV:
make gen/csvCommit changes and open pull request. When the PR is accepted, create a new release tag:
git tag v<version> && git push upstream v<version>
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent