AgnosticV Operator (MOVED TO Babylon)
AgnosticV operator is an implementation of agnosticv running in OpenShift / k8s. In short, AgnosticV is vars for the deployer agnosticD.
This is the operator that takes care of updating the Catalog in OpenShift, based on several agnosticV repos.
The output of the operator, the final catalog, is composed of OpenShift resources:
-
OpenShift Templates
-
Babylon CatalogItem
-
Poolboy ResourceProvider
See also the Babylon Project.
common.yaml
ACCOUNT/
account.yaml
CATALOGITEM1/
description.adoc (1)
common.yaml
dev.yaml
test.yaml
prod.yaml
CATALOGITEM2/
description.adoc
common.yaml
dev.yaml
test.yaml
prod.yaml
-
Description of the catalog item that will appear in Babylon UI
common.yaml
gpte/
account.yaml
OCP4_CLUSTER/
description.adoc
common.yaml
dev.yaml
test.yaml
prod.yaml
OCP_CLIENTVM/
description.adoc
common.yaml
dev.yaml
test.yaml
prod.yaml
In this example above, agnosticv-operator will produce 6 catalog items:
-
gpte.ocp4-cluster.dev
-
gpte.ocp4-cluster.test
-
gpte.ocp4-cluster.prod
-
gpte.ocp-clientvm.dev
-
gpte.ocp-clientvm.test
-
gpte.ocp-clientvm.prod
The files are merged in this order:
-
common.yml
-
ACCOUNT/account.yml
-
ACCOUNT/CATALOG_ITEM/common.yml
-
ACCOUNT/CATALOG_ITEM/STAGE.yml
for example:
-
common.yml
-
gpte/account.yml
-
gpte/OCP4_CLUSTER/common.yml
-
gpte/OCP4_CLUSTER/dev.yml
The agnosticv-operator uses the default agnosticv implementation: agnosticv CLI written in go.
See the merging strategy here: https://github.com/redhat-cop/agnosticv#merging-strategies
This Helm chart will take care of most of the things you need:
-
serviceaccount/agnosticv-operator
-
role.rbac.authorization.k8s.io/agnosticv-operator
-
rolebinding.rbac.authorization.k8s.io/agnosticv-operator
-
deployment.apps/agnosticv-operator
-
clusterrole.authorization.openshift.io/agnosticv-operator
-
clusterrolebinding.rbac.authorization.k8s.io/agnosticv-operator-clusterrolebinding
-
customresourcedefinition.apiextensions.k8s.io/agnosticvrepos.gpte.redhat.com
-
namespaces "agnosticv-operator"
Just run the following:
helm install agnosticv-operator helm/
# or with OpenShift Template
oc process -f https://raw.githubusercontent.com/redhat-gpte-devopsautomation/agnosticv-operator/main/deploy-template.yaml|oc create -f -The agnosticv-operator is listening on several agnosticV repos. This is represented by the Custom Resource AgnosticVRepo.
Here is an example for a private github repo.
apiVersion: gpte.redhat.com/v1
kind: AgnosticVRepo
metadata:
generation: 1
name: gpte-agnosticv
namespace: "agnosticv-operator"
selfLink: /apis/gpte.redhat.com/v1/namespaces/agnosticv-operator/agnosticvrepos/gpte-agnosticv
spec:
ref: master
sshKey: agnosticv-operator-sshkey
url: git@github.com:rhpds/agnosticv.git
contextDir: ''
babylon_anarchy_roles:
- name: babylon_anarchy_governor
src: https://github.com/redhat-gpte-devopsautomation/babylon_anarchy_governor.git
version: mainoc create -f agnosticv-gpte-private-repo.yamlIf you repo is public, then you can use HTTP repo for spec.url and you don’t need the following steps.
oc create secret generic -n agnosticv-operator agnosticv-operator-sshkey --from-file=id_rsa=/home/ec2-user/.ssh/id_rsa-
spec.custom_dir— Specify the sub-directory for the catalog inside the agnosticV repository. -
spec.catalog_item_list- Process only the specified list of catalog itemsexamplespec: catalog_item_list: - tests/EMPTY_CONFIG/dev.yaml
-
spec.logstash*— See below section 'Report to logstash' -
spec.execution_environment_allow_list_extra- Allow additional execution environmentsexamplespec: execution_environment_allow_list_extra: - image: ^image-registry.apps(-dev|-test)?.open.redhat.com/agnosticd/ee-.*?-v[0-9]+[.][0-9]+[.][0-9]+$ pull: missing - image: ^image-registry.apps(-dev|-test)?.open.redhat.com/agnosticd/ee-.*?-(pr-[0-9]+|latest|dev|test)$ pull: always - name: My custom EE
-
spec.default_execution_environment— When__meta__.ansible_control_planeis set tocontrollerin a catalog item and if__meta__.deployer.execution_environmentis not defined, this setting allows you to override the execution environment. This is useful if you want to build a default based on another variable of the merged vars.examplespec: default_execution_environment: image: image-registry.apps-dev.open.redhat.com/agnosticd/ee-{{ merged_vars.__meta__.deployer.virtualenv | default('ansible2.9-python3.6-2021-11-30') }} private: true
-
Github integration
-
spec.github_token— GitHub access token. -
spec.github_comment_successandspec.github_comment_failure— jinaj2 content of the comments. -
spec.catalog_url— URL of the catalog to pass in GitHub comments.
-
[root@clientvm 0 ~]# oc project agnosticv-operator [root@clientvm 0 ~]# oc get pods NAME READY STATUS RESTARTS AGE agnosticv-operator-7d6f867c56-jkwcn 2/2 Running 0 105s [root@clientvm 0 ~]# oc logs -f agnosticv-operator-7d6f867c56-jkwcn -c ansible
If you have logstash setup, agnosticv-operator can be configured to send reports.
AgnosticV Operator logs are difficult to parse because it’s built with the ansible operator SDK. Those "reports", or notifications if you like, include:
-
agnosticv CLI has stderr
-
catalog item update or creation failed
-
catalog item update or creation succeeded
input {
http {
port => "1102"
ssl => true
ssl_certificate => "/etc/logstash/certs_agv/logstash.crt"
ssl_key => "/etc/logstash/certs_agv/logstash.key"
user => "agnosticv-operator"
password => "CHANGEME"
}
}
output {
if [codename] {
elasticsearch {
hosts => [ "...:9200" ]
manage_template => false
index => [ "agv-%{+yyyy.MM.dd}" ]
user => "logstash_internal"
password => "..."
}
}
}
spec: logstashReport: true logstashUsername: agnosticv-operator logstashPassword: CHANGEME logstashProtocol: https logstashPort: 1102