Ansible Operators voor OpenShift

Wander Boessenkool

Even Voorstellen

Wat zijn Operators?

Nope

Ook niet..

Nog steeds niet…

An Operator is a Kubernetes pattern that is extending the Kubernetes control plane with a custom Controller and Custom Resource Definitions that add additional operational knowledge of an application.

—Jimmy Zelinskie

De k8S API is uitbreidbaar

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: myresource.mygroup.mydomain.com
spec:
  group: mygroup.mydomain.com
  names:
    kind: MyResource
    listKind: MyResourceList
    plural: myresources
    singular: myresource
  scope: Namespaced
  subresources:
    status: {}
  version: v1
  versions:
  - name: v1
    served: true
    storage: true

Nu kun je resources aanmaken

Maar ze doen nog niks

We hebben een controller nodig.

Watch op je nieuwe resourcetype

Een controller maken

  • Uitbreiden basis K8S
  • Custom software schrijven
  • Operator Framework gebruiken

Drie smaakjes operators

Operator Capabilities

Ansible ♥️ K8S

- name: Create k8s object
  k8s:
    state: present
    definition: "{{ lookup('template', 'def.yml.j2') }}"

Installeren operator-sdk

https://github.com/operator-framework/operator-sdk

link-qr-code

}

Aanmaken nieuwe operator

$ operator-sdk new naampje \
  --api-version=mygroup.mydomain/version \
  --kind=MyResource \
  --type=ansible

}

watches.yaml

---
- version: v1
  group: mygroup.mydomain
  kind: MyResource
  role: /opt/ansible/roles/myresource

resource.yml

apiVersion: mygroup.mydomain/v1
kind: MyResource
metadata:
  name: example-myresource
spec:
  size: 3
  foo:
  - bar
  - baz

Variable mappings

spec uit k8s naar Ansible variabelen

Automagisch CamelCase naar snake_case

Echt voorbeeld

https://gitlab.com/wanderb/cluster-ops-operator

cluster-ops-qr

watches.yaml

---
- version: v1
  group: resourceprune.cluster-ops.hcs-company.com
  kind: Resourceprune
  role: /opt/ansible/roles/resourceprune

Ansible role

resourceprune
├─ defaults
│  └─ main.yml
├─ files
├─ handlers
│  └─ main.yml
├─ meta
│  └─ main.yml
├─ README.md
├─ tasks
│  └─ main.yml
├─ templates
│  ├─ cronjob-prune-images.yml.j2
│  ├─ cronjob-prune-resources-builds-cronjob.yml.j2
│  ├─ cronjob-prune-resources-clusterrolebinding.yml.j2
│  ├─ cronjob-prune-resources-deployments-cronjob.yml.j2
│  └─ cronjob-prune-resources-sa.yml.j2
└─ vars
   └─ main.yml

defaults/main.yml

image: registry.access.redhat.com/…
image_version: v3.11
builds:  
  schedule: "5 2 * * *"
  keep_complete: 5
  keep_failed: 1
  keep_younger_than: "60m"
  prune_orphans: "true"
deployments:
  schedule: "15 2 * * *"
  keep_complete: 5
  keep_failed: 1
  keep_younger_than: "60m"
  prune_orphans: "true"
images:
  schedule: "5 1 * * *"
  keep_tag_revisions: 3
  keep_younger_than: "1h0m0s"

tasks/main.yml

- name: Apply Cronjob template
  k8s:
    state: present
    definition: "{{ lookup('template', 'cronjob-prune-' +
                 item + '.yml.j2') | from_yaml }}"
  loop:
  - resources-sa
  - resources-clusterrolebinding
  - resources-builds-cronjob
  - resources-deployments-cronjob
  - images

templates/cronjob-prune-images.yml.j2

kind: CronJob
apiVersion: batch/v1beta1
metadata:
  name: cronjob-prune-images
  namespace: "{{ meta.namespace }}"
spec:
  schedule: "{{ images.schedule }}"
  concurrencyPolicy: Forbid
  successfulJobsHistoryLimit: 5
  failedJobsHistoryLimit: 1
  jobTemplate:
    spec:
      template:
        spec:
          containers:
          - name: cronjob-prune-images
            image: "{{ image }}:{{ image_version }}"
            …

Eindresultaat

$ oc get deploy,cronjob,resourceprune -o name
deployment.extensions/cluster-ops-operator
cronjob.batch/cronjob-prune-images
cronjob.batch/cronjob-prune-resources-builds
cronjob.batch/cronjob-prune-resources-deployments
resourceprune.resourceprune.cluster-ops.hcs-company.com/hcs-resourceprune

Meer leren?

https://learn.openshift.com/operatorframework/

learn-qr

Vragen?

Slides staan op https://slides.hcs-company.com

slides-qr