Refactor docs to address #14, and add a gitops job #15
Conversation
|
|
||
| The simple cluster bootstrapping example shows how cluster administrators might begin managing OpenShift clusters using just `oc apply`. Each resource in this example carries a common label (`example.com/project: simple-bootstrap`) that associates it with this `project`. In doing this, we can manage the full lifecycle of our resources with a single command. | ||
|
|
||
| ``` | ||
| oc apply -Rf simple-bootstrap/ --prune -l example.com/project=simple-bootstrap | ||
| until oc apply -Rf simple-bootstrap/ --prune -l example.com/project=simple-bootstrap; do sleep 2; done |
There was a problem hiding this comment.
Do we want to send stderr to /dev/null?
There was a problem hiding this comment.
if we do that, and the loop gets hung, the user would never see any ouput. I don't think I'm that worried about having the output "clean". Probably better to show everything and explain that errors will be expecte when hitting race conditions
| userconfig.redhatcop.redhat.io/sandboxes created | ||
| ``` | ||
|
|
||
| If we run this a second time, we'll see that it still completes successfully, but notice that the action taken to each file has been changed from `create` to `unchanged` or in some cases `configured`. |
There was a problem hiding this comment.
Given the until loop previously executed, there is a high likelihood users would have already seen unchanged execution
There was a problem hiding this comment.
That's fine. In this section we're just talking about what would happen if you had only run oc apply, not the entire loop
README.md
Outdated
|
|
||
| However, there's one likely hiccup that our workflow needs to be able to handle. The management of operators via the [Operator Lifecycel Manager](https://github.com/operator-framework/operator-lifecycle-manager) creates a race condition. When a `Subscription` and `OperatorGroup` resource gets created, it triggers OLM to fetch details about the operator, and install the relevant `CustomResourceDefinitions`(CRDs). Until the CRDs have been put to the cluster, an attempt to create a matching `CustomResource` will fail, as that resource type doesn't yet exist in the API. | ||
|
|
||
| In our case, we are deploying the [Namespace Configuration Operator](https://github.com/redhat-cop/namespace-configuration-operator), which provides the `UserConfig` resource type. If we try to create both the `OperatorGroup`/`Subscription` to deploy the operator, and the `UserConfig` to invoke it in the same comman, we'll get an error: |
README.md
Outdated
| By running the workflow locally, we've already created a `CronJob` in the `cluster-ops` namespace. In order for it to run, it requires a secret be created pointing it to the repository where the cluster configs live. | ||
|
|
||
| ``` | ||
| oc create secret generic gitops-repo --from-literal=url=https://github.com/redhat-cop/declarative-openshift.git --from-literal=contextDir=simple-bootstrap --from-literal=pruneLabel=example.com/project=simple-bootstrap -n cluster-ops |
There was a problem hiding this comment.
Is there a reason for creating a Secret instead of a ConfigMap?
There was a problem hiding this comment.
so that we are set up to include credentials for private repos in the future.
| if [ -z "$var" ]; then | ||
| echo "Syncing cluster config from $GIT_REPO/$CONTEXT_DIR" | ||
| git clone $GIT_REPO /tmp/repodir | ||
| until oc apply -Rf /tmp/repodir/$CONTEXT_DIR/ --prune -l $PRUNE_LABEL $(cat /tmp/repodir/prune-whitelist.txt); do sleep 2; done |
There was a problem hiding this comment.
Can the API Group for DaemonSet be changed to apps/v1 as extensions/v1beta1 which causes the job to not complete in OCP 4.4
|
@sabre1041 updated. |
| - | | ||
| if [ -z "$var" ]; then | ||
| echo "Syncing cluster config from $GIT_REPO/$CONTEXT_DIR" | ||
| git clone $GIT_REPO /tmp/repodir |
There was a problem hiding this comment.
Can you add a parameter to clone a specific branch?
prune-whitelist.txt
Outdated
| @@ -7,7 +7,7 @@ | |||
| --prune-whitelist core/v1/Service | |||
| --prune-whitelist batch/v1/Job | |||
| --prune-whitelist batch/v1beta1/CronJob | |||
| --prune-whitelist extensions/v1beta1/DaemonSet | |||
| --prune-whitelist apps/v1/DaemonSet | |||
| --prune-whitelist extensions/v1beta1/Deployment | |||
There was a problem hiding this comment.
Deployment: extensions/v1beta1 -> apps/v1
ReplicaSet: extensions/v1beta1 -> apps/v1
untilloop. Resolves Document how to handle CRD/CR race condition #14