Skip to content

change-metrics/monocle-operator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

117 Commits
api/v1alpha1
api/v1alpha1
 
 
bundle
bundle
 
 
config
config
 
 
controllers
controllers
 
 
hack
hack
 
 
install
install
 
 
playbooks
playbooks
 
 
roles
roles
 
 
zuul.d
zuul.d
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
Dockerfile
Dockerfile
 
 
Makefile
Makefile
 
 
PROJECT
PROJECT
 
 
README.md
README.md
 
 
bundle.Dockerfile
bundle.Dockerfile
 
 
flake.lock
flake.lock
 
 
flake.nix
flake.nix
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

monocle-operator

A k8s/OpenShift operator for Monocle.

Status

The operator is currently in alpha version and should not be used in production.

The status is: Work In Progress.

We use Microshift as development sandbox and for CI.

Thus the operator might have some adherences to OpenShift regarding:

  • The Security Context Contraints

Installation

Vanilla installation

By default the Monocle operator watches all namespaces, but can be scoped to a specified namespace via the WATCH_NAMESPACE environment variable.

To install the CRDs and the operator:

kubectl create -f https://raw.githubusercontent.com/change-metrics/monocle-operator/master/install/crds.yml
kubectl create -f https://raw.githubusercontent.com/change-metrics/monocle-operator/master/install/operator.yml

finally, reclaim a Monocle instance by running the following command:

kubectl create -f https://raw.githubusercontent.com/change-metrics/monocle-operator/master/config/samples/monocle_v1alpha1_monocle-alt.yaml

The role monocle-operator-monocle-editor-role is installed by the operator.yml. This role can be assigned via a RoleBinding to users.

Via OLM

monocle-operator is packaged into an OLM package available on operatorshub.io.

Status

Phase 1 - Basic Install

Automatic application provisioning and config management

tasks:

  • Elastic / API / Crawler deployment support
  • Validate config ConfigMap update
  • Handle secret data update
  • Set Monocle Resource Status
  • Refresh elastic database in Monocle API Resource when ConfigMap is modified
  • Produce and publish the operator container image
  • Document operator deployment

Phase 2 - Seamless Upgrades

Support minor version upgrade

  • [] Enable upgrade test in CI

Phase 3 - Full lifecycle

Application and storage lifecycle (backup and failure recovery)

tasks: TBD

Phase 4 - Deep insights

Metrics, alerts, log processing

tasks: TBD

Phase 5 - Auto-pilot

tasks: TBD

Hack on the operator

Dependencies

The operator code is managed via the Operator SDK. Please follow installation instructions to install the operator-sdk CLI tool.

kubectl and go are required tools.

Optionaly the project provides a flake file for nix users. See flake.nix and run nix develop.

Start the operator in dev mode

Assuming is properly configured ~/.kube/config file simply run:

# Install the CRD
$ make install
# Set the WATCH_NAMESPACE env var
$ export WATCH_NAMESPACE=$(kubectl config view -o jsonpath="{.contexts[?(@.name == '$(kubectl config current-context)')].context.namespace}")
# Start the manager in dev mode
$ go run ./main.go

In another terminal apply the Custom Resource:

$ cp config/samples/monocle_v1alpha1_monocle.yaml monocle-sample.yaml
# Update the monoclePublicFQDN to a FQDN to contact the deployment
# You might need to update the /etc/hosts
$ kubectl apply -f config/samples/monocle_v1alpha1_monocle.yaml
# The reconcile loop should stop shortly and you should see in
# the other terminal:
# 1.676629527659292e+09   INFO    monocle operand reconcile terminated

Access the Monocle Web UI:

$ firefox https://<FQDN>

Edit the Monocle config:

$ kubectl edit cm monocle-sample-api

The Monocle API and Crawler process detect that the config data (exposed via a ConfigMap mounted as a volume) changed and automatically handle the change.

The "janitor update-idents" command is run automatically after the Moncole config update. The Monocle operator starts a Job "update-idents-job" to handle that task.

Edit the Monocle Secrets (mainly used by the crawler process):

$ kubectl edit secret monocle-sample-api

The Monocle controller detects the secret change and force a rollout for the api and crawler deployments.

Elastic volume is persistant so you might want to wipe the Elastic data to start a fresh deployment.

$ kubectl delete pvc monocle-sample-elastic-data-volume-monocle-sample-elastic-0

Run the operator in standalone dev mode

This mode does not require the CRD to be installed on the cluster thus you don't need the cluster-admin right to run the monocle-operator. This mode is for development purpose only.

The following command takes as paramaters a Namespace and a YAML file that describe the Monocle Custom Resource.

go run ./main.go --cr config/sample/monocle_v1alpha1_monocle.yaml --ns monocle

Running with those paramaters triggers the standalone mode which does not start the controller-runtime's Manager but instead uses the controller-runtime's Client. This mode prevents the Reconcile function to look at any Monocle Custom Resource set in any Namespace but only relies on the Custom Resource passed as the YAML file.

This command performs one or more Reconcile calls until the Monocle resources (deployment, statefulset, ...) are detected as ready, then exits.

Most of the code involved to reconcile the state is covered by this mode and it make it useful to facilitate the operator development.

Generate assets

A CI post job build and publish the operator and OLM bundle container images in the quay.io organization.

These commands can be use build assets bases on an alternative IMAGE_TAG_BASE environment variable.

Build and publish the operator image

make container-build
make container-push

Build resources for the vanilla installation

make gen-operator-install

Build the OLM bundle image

make bundle
make bundle-container-build
make bundle-container-push

Deploy the OLM bundle via operator-sdk run bundle

# Create a new namespace
kubectl create ns bundle-catalog-ns
# It seems that a batch job fails if not added to privileged
oc adm policy add-scc-to-user privileged system:serviceaccount:bundle-catalog-ns:default
operator-sdk --verbose run bundle quay.io/change-metrics/monocle-operator-bundle:v0.0.2 \
    --namespace bundle-catalog-ns --security-context-config restricted

The command creates an index based on the opm image, defines a catalogsource resources, defines a subscription to the monocle-operator, then accepts the installplan.

kubectl -n bundle-catalog-ns get calalogsource
kubectl -n bundle-catalog-ns get sub
kubectl -n bundle-catalog-ns get csv
kubectl -n bundle-catalog-ns get all
# The operator should be deployed in that namespace
# Another namespace can be created to request a Monocle instance to the operator

License

Copyright 2023 Monocle developers.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

About

Monocle k8s OpenShift operator

Topics

github kubernetes gitlab openshift metrics operator gerrit kubernetes-operator operator-sdk operator-framework

Resources

Readme
Activity
Custom properties

Stars

2 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages