AgnosticV Operator (MOVED TO Babylon)
AgnosticV operator is an implementation of agnosticv running in OpenShift / k8s. In short, AgnosticV is vars for the deployer agnosticD.
This is the operator that takes care of updating the Catalog in OpenShift, based on several agnosticV repos.
The output of the operator, the final catalog, is composed of OpenShift resources:
-
OpenShift Templates
-
Babylon CatalogItem
-
Poolboy ResourceProvider
See also the Babylon Project.
common.yaml ACCOUNT/ account.yaml CATALOGITEM1/ description.adoc (1) common.yaml dev.yaml test.yaml prod.yaml CATALOGITEM2/ description.adoc common.yaml dev.yaml test.yaml prod.yaml
-
Description of the catalog item that will appear in Babylon UI
common.yaml gpte/ account.yaml OCP4_CLUSTER/ description.adoc common.yaml dev.yaml test.yaml prod.yaml OCP_CLIENTVM/ description.adoc common.yaml dev.yaml test.yaml prod.yaml
In this example above, agnosticv-operator will produce 6 catalog items:
-
gpte.ocp4-cluster.dev
-
gpte.ocp4-cluster.test
-
gpte.ocp4-cluster.prod
-
gpte.ocp-clientvm.dev
-
gpte.ocp-clientvm.test
-
gpte.ocp-clientvm.prod
The files are merged in this order:
-
common.yml
-
ACCOUNT/account.yml
-
ACCOUNT/CATALOG_ITEM/common.yml
-
ACCOUNT/CATALOG_ITEM/STAGE.yml
for example:
-
common.yml
-
gpte/account.yml
-
gpte/OCP4_CLUSTER/common.yml
-
gpte/OCP4_CLUSTER/dev.yml
The agnosticv-operator uses the default agnosticv implementation: agnosticv CLI written in go.
See the merging strategy here: https://github.com/redhat-cop/agnosticv#merging-strategies
This Helm chart will take care of most of the things you need:
-
serviceaccount/agnosticv-operator
-
role.rbac.authorization.k8s.io/agnosticv-operator
-
rolebinding.rbac.authorization.k8s.io/agnosticv-operator
-
deployment.apps/agnosticv-operator
-
clusterrole.authorization.openshift.io/agnosticv-operator
-
clusterrolebinding.rbac.authorization.k8s.io/agnosticv-operator-clusterrolebinding
-
customresourcedefinition.apiextensions.k8s.io/agnosticvrepos.gpte.redhat.com
-
namespaces "agnosticv-operator"
Just run the following:
helm install agnosticv-operator helm/
# or with OpenShift Template
oc process -f https://raw.githubusercontent.com/redhat-gpte-devopsautomation/agnosticv-operator/main/deploy-template.yaml|oc create -f -
The agnosticv-operator is listening on several agnosticV repos. This is represented by the Custom Resource AgnosticVRepo
.
Here is an example for a private github repo.
apiVersion: gpte.redhat.com/v1
kind: AgnosticVRepo
metadata:
generation: 1
name: gpte-agnosticv
namespace: "agnosticv-operator"
selfLink: /apis/gpte.redhat.com/v1/namespaces/agnosticv-operator/agnosticvrepos/gpte-agnosticv
spec:
ref: master
sshKey: agnosticv-operator-sshkey
url: git@github.com:rhpds/agnosticv.git
contextDir: ''
babylon_anarchy_roles:
- name: babylon_anarchy_governor
src: https://github.com/redhat-gpte-devopsautomation/babylon_anarchy_governor.git
version: main
oc create -f agnosticv-gpte-private-repo.yaml
If you repo is public, then you can use HTTP repo for spec.url
and you don’t need the following steps.
oc create secret generic -n agnosticv-operator agnosticv-operator-sshkey --from-file=id_rsa=/home/ec2-user/.ssh/id_rsa
-
spec.custom_dir
— Specify the sub-directory for the catalog inside the agnosticV repository. -
spec.catalog_item_list
- Process only the specified list of catalog itemsexamplespec: catalog_item_list: - tests/EMPTY_CONFIG/dev.yaml
-
spec.logstash*
— See below section 'Report to logstash' -
spec.execution_environment_allow_list_extra
- Allow additional execution environmentsexamplespec: execution_environment_allow_list_extra: - image: ^image-registry.apps(-dev|-test)?.open.redhat.com/agnosticd/ee-.*?-v[0-9]+[.][0-9]+[.][0-9]+$ pull: missing - image: ^image-registry.apps(-dev|-test)?.open.redhat.com/agnosticd/ee-.*?-(pr-[0-9]+|latest|dev|test)$ pull: always - name: My custom EE
-
spec.default_execution_environment
— When__meta__.ansible_control_plane
is set tocontroller
in a catalog item and if__meta__.deployer.execution_environment
is not defined, this setting allows you to override the execution environment. This is useful if you want to build a default based on another variable of the merged vars.examplespec: default_execution_environment: image: image-registry.apps-dev.open.redhat.com/agnosticd/ee-{{ merged_vars.__meta__.deployer.virtualenv | default('ansible2.9-python3.6-2021-11-30') }} private: true
-
Github integration
-
spec.github_token
— GitHub access token. -
spec.github_comment_success
andspec.github_comment_failure
— jinaj2 content of the comments. -
spec.catalog_url
— URL of the catalog to pass in GitHub comments.
-
[root@clientvm 0 ~]# oc project agnosticv-operator [root@clientvm 0 ~]# oc get pods NAME READY STATUS RESTARTS AGE agnosticv-operator-7d6f867c56-jkwcn 2/2 Running 0 105s [root@clientvm 0 ~]# oc logs -f agnosticv-operator-7d6f867c56-jkwcn -c ansible
If you have logstash setup, agnosticv-operator can be configured to send reports.
AgnosticV Operator logs are difficult to parse because it’s built with the ansible operator SDK. Those "reports", or notifications if you like, include:
-
agnosticv CLI has stderr
-
catalog item update or creation failed
-
catalog item update or creation succeeded
input { http { port => "1102" ssl => true ssl_certificate => "/etc/logstash/certs_agv/logstash.crt" ssl_key => "/etc/logstash/certs_agv/logstash.key" user => "agnosticv-operator" password => "CHANGEME" } } output { if [codename] { elasticsearch { hosts => [ "...:9200" ] manage_template => false index => [ "agv-%{+yyyy.MM.dd}" ] user => "logstash_internal" password => "..." } } }
spec: logstashReport: true logstashUsername: agnosticv-operator logstashPassword: CHANGEME logstashProtocol: https logstashPort: 1102