Allow to deploy kubemark via cvo with kustomize

ingvagabund · ingvagabund · commit 86d5e880ac92 · 2019-02-28T13:05:47.000+01:00
diff --git a/Makefile b/Makefile
@@ -52,6 +52,7 @@ build-integration: ## Build integration test binary
 	mkdir -p bin
 	$(DOCKER_CMD) go build $(GOGCFLAGS) -o bin/integration github.com/openshift/machine-api-operator/test/integration
 
+.PHONY: test-e2e
 test-e2e: ## Run openshift specific e2e test
 	go test -timeout 60m \
 		-v ./vendor/github.com/openshift/cluster-api-actuator-pkg/pkg/e2e \
@@ -60,6 +61,12 @@ test-e2e: ## Run openshift specific e2e test
 		-ginkgo.v \
 		-args -v 5 -logtostderr true
 
+.PHONY: deploy-kubemark
+deploy-kubemark:
+	kustomize build config | kubectl apply -f -
+	kustomize build | kubectl apply -f -
+	kubectl apply -f config/kubemark-install-config.yaml
+
 .PHONY: test
 test: ## Run tests
 	@echo -e "\033[32mTesting...\033[0m"
diff --git a/README.md b/README.md
@@ -129,6 +129,38 @@ However you can run it in a vanilla Kubernetes cluster by precreating some asset
 - Then you can run it as a [deployment](install/0000_50_machine-api-operator_08_deployment.yaml)
 - You should then be able to deploy a [cluster](test/integration/manifests/cluster.yaml) and a [machineSet](test/integration/manifests/machineset.yaml) object
 
+## Machine API operator with Kubemark over Kubernetes
+
+INFO: For development and testing purposes only
+
+1. Deploy MAO over Kubernetes:
+  ```sh
+   $ kustomize build | kubectl apply -f -
+   ```
+
+2. Deploy [Kubemark actuator](https://github.com/openshift/cluster-api-provider-kubemark) prerequisities:
+   ```sh
+   $ kustomize build config | kubectl apply -f -
+   ```
+
+3. Create `cluster-config-v1` configmap to tell the MAO to deploy `kubemark` provider:
+   ```yaml
+   apiVersion: v1
+   kind: ConfigMap
+   metadata:
+     name: cluster-config-v1
+     namespace: kube-system
+   data:
+     install-config: |-
+       platform:
+         kubemark: {}
+   ```
+
+   The file is already present under `config/kubemark-install-config.yaml` so it's sufficient to run:
+   ```sh
+   $ kubectl apply -f config/kubemark-install-config.yaml
+   ```
+
 ## CI & tests
 
 Run unit test:
diff --git a/config/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml b/config/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml
@@ -0,0 +1,42 @@
+kind: CustomResourceDefinition
+apiVersion: apiextensions.k8s.io/v1beta1
+metadata:
+  name: clusteroperators.config.openshift.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .status.version
+    description: The version the operator is at.
+    name: Version
+    type: string
+  - JSONPath: .status.conditions[?(@.type=="Available")].status
+    description: Whether the operator is running and stable.
+    name: Available
+    type: string
+  - JSONPath: .status.conditions[?(@.type=="Progressing")].status
+    description: Whether the operator is processing changes.
+    name: Progressing
+    type: string
+  - JSONPath: .status.conditions[?(@.type=="Failing")].status
+    description: Whether the operator is failing changes.
+    name: Failing
+    type: string
+  - JSONPath: .status.conditions[?(@.type=="Available")].lastTransitionTime
+    description: The time the operator's Available status last changed.
+    name: Since
+    type: date
+  group: config.openshift.io
+  names:
+    kind: ClusterOperator
+    listKind: ClusterOperatorList
+    plural: clusteroperators
+    singular: clusteroperator
+    shortNames:
+    - co
+  scope: Cluster
+  subresources:
+    status: {}
+  version: v1
+  versions:
+  - name: v1
+    served: true
+    storage: true
diff --git a/config/kubemark-install-config.yaml b/config/kubemark-install-config.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cluster-config-v1
+  namespace: kube-system
+data:
+  install-config: |-
+    platform:
+      kubemark: {}
diff --git a/config/kubemark.yaml b/config/kubemark.yaml
@@ -0,0 +1,80 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: deleteunreadynodes
+  namespace: kube-system
+data:
+  entrypoint.sh: |-
+    #!/bin/bash
+    while true; do
+      echo "Checking NotReady nodes"
+      for node in $(kubectl get nodes -o json | jq '.items[].metadata.name' --raw-output); do
+        echo "Checking node $node"
+
+        taint=$(kubectl get nodes $node -o json | jq '.spec | select(.taints!=null) | .taints[] | select(.key=="kubemark") | select (.!=null) | select(.value=="true")' | wc -l)
+        if [ $taint -eq 0 ]; then
+          echo "Skipping $node, no 'kubemark' taint found"
+          continue
+        fi
+
+        status=$(kubectl get node $node -o json | jq '.status.conditions[] | select(.type=="Ready") | .status' --raw-output)
+        if [ $status != "Unknown" ]; then
+          continue
+        fi
+
+        # Delete node
+        echo "Deleting node $node"
+        kubectl delete node $node
+      done
+      sleep 10s
+    done
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: machineapi-kubemark-controllers
+  namespace: kube-system
+  labels:
+    api: machineapi
+    k8s-app: kubemark
+spec:
+  selector:
+    matchLabels:
+      api: machineapi
+      k8s-app: kubemark
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        api: machineapi
+        k8s-app: kubemark
+    spec:
+      nodeSelector:
+        node-role.kubernetes.io/master: ""
+      tolerations:
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/master
+      - key: CriticalAddonsOnly
+        operator: Exists
+      - effect: NoExecute
+        key: node.alpha.kubernetes.io/notReady
+        operator: Exists
+      - effect: NoExecute
+        key: node.alpha.kubernetes.io/unreachable
+        operator: Exists
+      containers:
+      - name: unready-nodes-gb
+        image: gofed/kubemark-machine-controllers:v1.0
+        command:
+          - /bin/entrypoint.sh
+        volumeMounts:
+        - name: deleteunreadynodes
+          mountPath: /bin/entrypoint.sh
+          readOnly: true
+          subPath: entrypoint.sh
+      volumes:
+      - name: deleteunreadynodes
+        configMap:
+          defaultMode: 0700
+          name: deleteunreadynodes
diff --git a/config/kubemark_rbac.yaml b/config/kubemark_rbac.yaml
@@ -0,0 +1,69 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kubemark-actuator
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kubemark
+  namespace: kubemark-actuator
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: kubemark-actuator-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - nodes/status
+  verbs:
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - services
+  - secrets
+  verbs:
+  - list
+  - watch
+  - get
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - list
+  - watch
+  - get
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - pods/status
+  verbs:
+  - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: kubemark-actuator-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kubemark-actuator-role
+subjects:
+- kind: ServiceAccount
+  name: kubemark
+  namespace: kubemark-actuator
diff --git a/config/kustomization.yaml b/config/kustomization.yaml
@@ -0,0 +1,6 @@
+resources:
+# Install kubemark RBAC rules and namespace so mao can properly deploy kubemark actuator if configured
+# Pulled from https://github.com/openshift/cluster-api-provider-kubemark/blob/master/config/rbac/kubemark_rbac.yaml
+- kubemark_rbac.yaml
+# Pulled from https://github.com/openshift/cluster-api-provider-kubemark/blob/master/config/controllers/kubemark.yaml
+- kubemark.yaml
diff --git a/kustomization.yaml b/kustomization.yaml
@@ -0,0 +1,24 @@
+# Adds namespace to all resources.
+namespace: kube-system
+
+# Each entry in this list must resolve to an existing
+# resource definition in YAML.  These are the resource
+# files that kustomize reads, modifies and emits as a
+# YAML string, with resources separated by document
+# markers ("---").
+resources:
+# Install CVO clusteroperator CRD required by mao (so it can report its status)
+# Pulled from https://github.com/openshift/cluster-version-operator/blob/master/install/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml
+# and updated (delete depricated clusteroperators.operatorstatus.openshift.io CRD)
+- config/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml
+# Install mao namespaces, CRDS and other resources to properly deploy machine API stack
+- install/0000_30_machine-api-operator_00_namespace.yaml
+- install/0000_30_machine-api-operator_01_images.configmap.yaml
+- install/0000_30_machine-api-operator_02_machine.crd.yaml
+- install/0000_30_machine-api-operator_03_machineset.crd.yaml
+- install/0000_30_machine-api-operator_04_machinedeployment.crd.yaml
+- install/0000_30_machine-api-operator_05_cluster.crd.yaml
+- install/0000_30_machine-api-operator_06_machineclass.crd.yaml
+- install/0000_30_machine-api-operator_07_machinehealthcheck.crd.yaml
+- install/0000_30_machine-api-operator_08_rbac.yaml
+- install/0000_30_machine-api-operator_09_deployment.yaml
