hack: add a development way to run the operator as part of the installer #94
Conversation
openshift-ci-robot
added
size/L
squeed
requested review from
dcbw
and removed request for
danwinship and
knobunc
|
@squeed Is this the way to develop the ovnkube type? I install and by the time I get to log in networking is setup and fixed. Can't change type. |
|
Updated, now with 100% more cleverness. Now we automatically extract the image references. |
INSTALLER-HACKING.md
Outdated
| After destroying your cluster, you should delete your `$CLUSTER_DIR`. If you're using libvirt, you can use `./scripts/maintenance/virsh-cleanup.sh` in the installer repository. | ||
|
|
||
| ### RBAC | ||
| This runs the operator with the `admin` role, so it will have full permissions. When run as the real installer, this will not be the case. So you can't debug RBAC issues here. |
There was a problem hiding this comment.
"when run by the real installer"?
FWIW we're going to have to figure out how to fix this fairly quickly, since part of the OVN work will be making sure we have RBAC set up correctly.
There was a problem hiding this comment.
This only applies to the operator process. Any ovn processes will still go through rbac.
There was a problem hiding this comment.
Also, "run as" -- German prepositions are leaking out again.
| # Patch the CVO to not create the network operator | ||
| echo "Applying overrides to ${CLUSTER_DIR}/manifests/cvo-overrides.yaml" | ||
|
|
||
| kubectl --kubeconfig=hack/null-kubeconfig patch --type=json --local=true -f=${CLUSTER_DIR}/manifests/cvo-overrides.yaml -p "$(cat hack/overrides-patch.yaml)" -o yaml > ${CLUSTER_DIR}/manifests/.cvo-overrides.yaml.new |
There was a problem hiding this comment.
Since we're requiring oc elsewhere, change this to oc for consistency?
There was a problem hiding this comment.
For some reason this doesn't work with oc. I don't remember why.
|
OK, updated. |
Ah, I had meant using the in-tree daemonset.yaml, not the one from the image, which is what you're using I guess? In particular, I was thinking about the fact that for OVN, the operator will also need to have Maybe just add a comment about this to step 3? |
|
Mmm, I was thinking of a different use case. That's starting to sound like actual code ;-). |
|
Wait nevermind, that's really easy and obviously the right thing to do. Hold please. |
This is a stupid way to tell the installer not to run the network operator, and let us run it manually as part of the install process.
|
That makes it infinitely simpler, and you don't need a new |
| # Extract the image references from the release image. | ||
| function build_env() { | ||
| echo "Writing image references to ${CLUSTER_DIR}/env.sh" | ||
| oc --kubeconfig=hack/null-kubeconfig convert --local=true -f manifests/0000_07_cluster-network-operator_03_daemonset.yaml -ojsonpath='{range .spec.template.spec.containers[0].env[?(@.value)]}{.name}{"="}{.value}{"\n"}' > ${CLUSTER_DIR}/env.sh |
There was a problem hiding this comment.
oh. heh. I had assumed you had some reason for extracting the exact version numbers of out of the built image :-)
| export KUBERNETES_SERVICE_HOST=$(oc config view -o jsonpath='{.clusters[0].cluster.server}' | awk -F'[/:]' '{print $4}') | ||
|
|
||
| echo "Waiting for the apiserver to come up and for the network configuration to be rceated." | ||
| echo "You can ignore the error message 'error: the server doesn't have a resource type \"Network\"'" |
There was a problem hiding this comment.
You can ignore the error message 'error: the server doesn't have a resource type "Network"'
The connection to the server danwinship-api.devcluster.openshift.com:6443 was refused - did you specify the right host or port?
Anyway, we can make further tweaks to the instructions later
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: danwinship, squeed The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
1 similar comment
|
/retest Please review the full test history for this PR and help us cut down flakes. |
This is a stupid way to tell the installer not to run the network operator, and let us run it manually as part of the install process.