airship/treasuremap
Code Issues Proposed changes

Hostconfig-operator added to treasuremap repo.

Browse Source 
Added updated CRD, rbac and deployment YAML files. Added README.md
file having details about the parent repo.

Depends-On: https://review.opendev.org/749237

Change-Id: Idfb861661c6e9a8bd886a87174067fb58cd888d7
This commit is contained in:
vrushalisonwani1 2020-08-06 11:56:58 -04:00 committed by Dmitry Ukov
parent 9ebd597cd6
commit 511a4b0850
9 changed files with 309 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
manifests/function/hostconfig-operator/README.md Normal file
View File

@ -0,0 +1,20 @@
# HostConfig-Operator
The hostconfig operator is used for performing Day2 configurations
on the kubernetes hosts. It is built on ansible-operator.
The operator uses HostConfig CR object to select the hosts.
The CR object also contains the required configuration details
that needs to be performed on the selected hosts. The host selection
is done by matching the labels given in the CR object
against the labels associated with the kubernetes hosts.
## Usage and deployment details
For more information on usage and deployment of the operator
on a stand alone kubernetes please refer below.
[Overview and Deployment details](https://opendev.org/airship/hostconfig-operator/src/branch/master/docs/Overview.md)
HostConfig Repo:
[hostconfig-operator](https://opendev.org/airship/hostconfig-operator)

67
manifests/function/hostconfig-operator/deployment.yaml Normal file
View File

@ -0,0 +1,67 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: airship-host-config
spec:
replicas: 1
selector:
matchLabels:
name: airship-host-config
template:
metadata:
labels:
name: airship-host-config
spec:
serviceAccountName: airship-host-config
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: name
operator: In
values:
- airship-host-config
topologyKey: "kubernetes.io/hostname"
nodeSelector:
node-type: controlplane
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
containers:
- name: airship-host-config
# Replace this with the latest image name
# built in the hostconfig-operator repository
image: "quay.io/airshipit/hostconfig-operator:latest"
imagePullPolicy: "IfNotPresent"
volumeMounts:
- mountPath: /tmp/ansible-operator/runner
name: runner
env:
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: "airship-host-config"
- name: ANSIBLE_FILTER_PLUGINS
value: /opt/ansible/plugins/filter
- name: ANSIBLE_FORKS
value: "100"
- name: ANSIBLE_GATHERING
value: explicit
- name: ANSIBLE_INVENTORY
value: /opt/ansible/inventory
- name: USER
value: "USERNAME"
- name: PASS
value: "PASSWORD"
- name: SECRET_NAMESPACE
value: "default"
volumes:
- name: runner
emptyDir: {}

101
manifests/function/hostconfig-operator/hostconfig.airshipit.org_hostconfigs_crd.yaml Normal file
View File

@ -0,0 +1,101 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: hostconfigs.hostconfig.airshipit.org
spec:
group: hostconfig.airshipit.org
names:
kind: HostConfig
listKind: HostConfigList
plural: hostconfigs
singular: hostconfig
shortNames:
- hc
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
properties:
spec:
description: "HostConfig Spec to perform hostconfig Opertaions."
type: object
properties:
host_groups:
description: "Array of host_groups to select hosts on which to perform host configuration."
type: array
items:
type: object
description: "Node labels to be given as key value pairs. Values can be given as list."
properties:
name:
type: string
description: "Node label key values for host selection."
values:
type: array
description: "Node label values for host selection."
items:
type: string
required:
- name
- values
match_host_groups:
type: boolean
description: "Set to true to perform an AND opertion of all the host_groups specified."
sequential:
type: boolean
description: "Set to true if the host_groups execution needs to happen in sequence."
reexecute:
type: boolean
description: "Set to true if execution needs to happen on the success nodes as well. Is applicable only when atleast one of the node fails. The execution repeats for all the nodes."
stop_on_failure:
type: boolean
description: "Set to true if any one node configuration fails, to stop the execution of the other nodes as well."
max_hosts_parallel:
type: integer
description: "Set to integer number, stating max how many hosts can execute at the same time."
max_failure_percentage:
type: integer
description: "Set the integer percentage value, to state how much max percentage of hosts can fail for every iteration before stoping the execution."
config:
type: object
description: "The configuration details that needs to be performed on the targeted kubernetes nodes."
properties:
ulimit:
description: "An array of ulimit configuration to be performed on the target nodes."
type: array
items:
type: object
properties:
user:
type: string
type:
type: string
item:
type: string
value:
type: string
required:
- user
- value
- type
- item
sysctl:
description: "An array of sysctl configuration to be performed on the target nodes."
type: array
items:
type: object
properties:
name:
type: string
value:
type: string
required:
- name
- value
versions:
- name: v1alpha1
served: true
storage: true

6
manifests/function/hostconfig-operator/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- hostconfig.airshipit.org_hostconfigs_crd.yaml
- rbac
- deployment.yaml

12
manifests/function/hostconfig-operator/rbac/cluster_role_binding.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: airship-host-config
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: airship-host-config
namespace: default

5
manifests/function/hostconfig-operator/rbac/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
resources:
- service_account.yaml
- role.yaml
- role_binding.yaml
- cluster_role_binding.yaml

83
manifests/function/hostconfig-operator/rbac/role.yaml Normal file
View File

@ -0,0 +1,83 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
creationTimestamp: null
name: airship-host-config
rules:
- apiGroups:
- ""
resources:
- pods
- pods/exec
- pods/log
- services
- services/finalizers
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- deployments
- daemonsets
- replicasets
- statefulsets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- apps
resourceNames:
- airship-host-config
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- apps
resources:
- replicasets
- deployments
verbs:
- get
- apiGroups:
- hostconfig.airshipit.org
resources:
- '*'
- inventories
verbs:
- create
- delete
- get
- list
- patch
- update
- watch

11
manifests/function/hostconfig-operator/rbac/role_binding.yaml Normal file
View File

@ -0,0 +1,11 @@
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: airship-host-config
subjects:
- kind: ServiceAccount
name: airship-host-config
roleRef:
kind: Role
name: airship-host-config
apiGroup: rbac.authorization.k8s.io

4
manifests/function/hostconfig-operator/rbac/service_account.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: airship-host-config