Ansible Operators voor OpenShift
Wander Boessenkool
Even Voorstellen
Wat zijn Operators?
Nope
Ook niet..
Nog steeds niet…
An Operator is a Kubernetes pattern that is extending the Kubernetes control plane with a custom Controller and Custom Resource Definitions that add additional operational knowledge of an application.
—Jimmy Zelinskie
De k8S API is uitbreidbaar
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: myresource.mygroup.mydomain.com
spec:
group: mygroup.mydomain.com
names:
kind: MyResource
listKind: MyResourceList
plural: myresources
singular: myresource
scope: Namespaced
subresources:
status: {}
version: v1
versions:
- name: v1
served: true
storage: true
Nu kun je resources aanmaken
Maar ze doen nog niks
We hebben een controller nodig.
Watch op je nieuwe resourcetype
Een controller maken
Uitbreiden basis K8SCustom software schrijven- Operator Framework gebruiken
Drie smaakjes operators
Ansible ♥️ K8S
- name: Create k8s object
k8s:
state: present
definition: "{{ lookup('template', 'def.yml.j2') }}"
Installeren operator-sdk
https://github.com/operator-framework/operator-sdk
Aanmaken nieuwe operator
$ operator-sdk new naampje \
--api-version=mygroup.mydomain/version \
--kind=MyResource \
--type=ansible
---
- version: v1
group: mygroup.mydomain
kind: MyResource
role: /opt/ansible/roles/myresource
resource.yml
apiVersion: mygroup.mydomain/v1
kind: MyResource
metadata:
name: example-myresource
spec:
size: 3
foo:
- bar
- baz
Variable mappings
spec uit k8s naar Ansible variabelen
Automagisch CamelCase naar snake_case
Echt voorbeeld
https://gitlab.com/wanderb/cluster-ops-operator
watches.yaml
---
- version: v1
group: resourceprune.cluster-ops.hcs-company.com
kind: Resourceprune
role: /opt/ansible/roles/resourceprune
Ansible role
resourceprune
├─ defaults
│ └─ main.yml
├─ files
├─ handlers
│ └─ main.yml
├─ meta
│ └─ main.yml
├─ README.md
├─ tasks
│ └─ main.yml
├─ templates
│ ├─ cronjob-prune-images.yml.j2
│ ├─ cronjob-prune-resources-builds-cronjob.yml.j2
│ ├─ cronjob-prune-resources-clusterrolebinding.yml.j2
│ ├─ cronjob-prune-resources-deployments-cronjob.yml.j2
│ └─ cronjob-prune-resources-sa.yml.j2
└─ vars
└─ main.yml
defaults/main.yml
image: registry.access.redhat.com/…
image_version: v3.11
builds:
schedule: "5 2 * * *"
keep_complete: 5
keep_failed: 1
keep_younger_than: "60m"
prune_orphans: "true"
deployments:
schedule: "15 2 * * *"
keep_complete: 5
keep_failed: 1
keep_younger_than: "60m"
prune_orphans: "true"
images:
schedule: "5 1 * * *"
keep_tag_revisions: 3
keep_younger_than: "1h0m0s"
tasks/main.yml
- name: Apply Cronjob template
k8s:
state: present
definition: "{{ lookup('template', 'cronjob-prune-' +
item + '.yml.j2') | from_yaml }}"
loop:
- resources-sa
- resources-clusterrolebinding
- resources-builds-cronjob
- resources-deployments-cronjob
- images
templates/cronjob-prune-images.yml.j2
kind: CronJob
apiVersion: batch/v1beta1
metadata:
name: cronjob-prune-images
namespace: "{{ meta.namespace }}"
spec:
schedule: "{{ images.schedule }}"
concurrencyPolicy: Forbid
successfulJobsHistoryLimit: 5
failedJobsHistoryLimit: 1
jobTemplate:
spec:
template:
spec:
containers:
- name: cronjob-prune-images
image: "{{ image }}:{{ image_version }}"
…
Eindresultaat
$ oc get deploy,cronjob,resourceprune -o name
deployment.extensions/cluster-ops-operator
cronjob.batch/cronjob-prune-images
cronjob.batch/cronjob-prune-resources-builds
cronjob.batch/cronjob-prune-resources-deployments
resourceprune.resourceprune.cluster-ops.hcs-company.com/hcs-resourceprune
Meer leren?
https://learn.openshift.com/operatorframework/
Vragen?
Slides staan op https://slides.hcs-company.com
Ansible Operators voor OpenShift Wander Boessenkool