* operator/registration: switch to Kubebuilder client
Fixes#239
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator/registration: adapt tests to Kubebuilder client
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* unit-tests: vendor controller-runtime fake client
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: add yaml annotations for correct marshalling
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator/RBAC: add "get" verb to ServiceAccount resources
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: generate rbac
make generate-manifests
make build-rbac
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* Add elementalcli package
Create a separate package to deal with elemental-cli installation.
This brings the elemental-cli functions declared in the config package
to a new package that just parses a map[string]interface argument.
This is a step to enable usage of the elemental-cli functions with the
new elementalv1.Config.Elemental.Install type.
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* register: switch to Kubebuilder api
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* register: add mapstructure annotations for correct marshalling
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* register: reduce complexity of the run function
Make linter happy:
"cyclomatic complexity 16 of func `run` is high (> 15) (gocyclo)"
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* register: drop io/ioutil in favor of os package
io/ioutil is deprecated
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
This commit adds a rate limiter to the ManagedOSVersionChannel controller to prevent
stacking reconcile loops over the same resource in fast rates (doesn't make sense for a
ManagedOSVersionChannel). By default the controller runtime already includes an
equivalent rate limiter, but starts in the range of milliseconds, starting the exponential
rate limiter in the range of seconds is more than enough in this context.
In addition it drops the failures counter in the resource. This counter was supposed to
be used to limit the number attempts to sync in case of failure. This was a bad design,
status should not keep a counter like this as any change in status triggers a new
immediate reconcile loop, hence the counter was reaching the maximum as fast as the
controller runtime was executing reconcile loops without any rate limiter (rate limiter
applies only when there are no changes including status).
For now I think we can just live without the setting any maxium for failures. If we ever
need it I believe it should be coded and tracked within the controller itself, not in each
resource as this prevents the reconcile loop of being idempotent. Alternatively we could
prevent triggering the reconcile loop on status changes, however this prevents
reconciling if any third party (or user from the kubectl client) changes a resource status.
Fixes#257
Part of #240
Signed-off-by: David Cassany <dcassany@suse.com>
This commit adds few changes on the syncer logic:
* Makes use of ManagedOSVersionChannel status reason to track if there
is an on going synchronization rather than polling for the existence of a synchronization pod or not.
* Adds a logic to stop trying to synchronize after 4 consecutive attempts.
If it exceeds the maximum it just programs the next re-sync after the given sync
interval instead of immediately retrying.
* Adds some logging and comments here and there.
Signed-off-by: David Cassany <dcassany@suse.com>
* Implement syncer logic as part of the ManagedOSVersionChannel controller
This commit adds the logic to synchronize managedosversionchannels
within the already existing controller.
* make generate
* make build-manifests
* Update chart
* update e2e tests
Signed-off-by: David Cassany <dcassany@suse.com>
* Update vendor
* Run generation tasks
* Minor fixes in Makefile
* Remove old code
* Add remaning controllers
* Minor e2e tests improvements
* Switch osversionchannel syncer to controll runtime
* Minor fixes in controllers
* Fix unit tests
* Add new package to Dockerfile
* Update dependencies
* Add unit test helpers
* Add new machine registration controller
* Remove old machine registration controller
* Add rbac tag for secrets
* Fix container argument in chart
* Add labels to all created resources
If the ServiceAccount for the newly created MachineRegistration
is already there, ensure it has a link to the newly created Secret
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
It seems that elemental-operator RBAC ClusterRole was too wide.
This change is simplifying it and removing unneeded privileges.
Fixes #https://github.com/rancher/elemental-operator/issues/186
Signed-off-by: Michal Jura <mjura@suse.com>
Signed-off-by: Michal Jura <mjura@suse.com>
These changes are required to facilitate OBS code updates and builds by simply triggering OBS services. This allows updating code and rebuild in OBS based on github events such as on tag, on merge, on push...
Signed-off-by: David Cassany <dcassany@suse.com>
During elemental-operator helm installation, it has to be also added
Elemnetal Administator GlobalRole for Rancher UI users.
Fixes https://github.com/rancher/elemental/issues/332
Signed-off-by: Michal Jura <mjura@suse.com>
Signed-off-by: Michal Jura <mjura@suse.com>
This has to be a known value that we can watch for in the operator, this
doesnt require to be unique per deployment as several processes can
watch the same secret
Signed-off-by: Itxaka <igarcia@suse.com>
Signed-off-by: Itxaka <igarcia@suse.com>
Enables deploying multiple operators replicas.
Changes tests to account and test this
Chart changes:
- Make any fixed names default to the release name. As release name has
to be unique per namespace, this is a good practice instead of
hardcoding whatever name we want. This shouldnt affect anything as
the full chart uses that by default now.
Signed-off-by: Itxaka <igarcia@suse.com>
Signed-off-by: Itxaka <igarcia@suse.com>
Make sure we have a decent description for the --operator-image flag as
that is used down the line by the syncer to run the display command and
gather the results from the version syncer.
Also remove the default value for the flag. It makes no sense to have a
default value if we mark a flag as required, as that value will always
be overwritten by the flag.
Signed-off-by: Itxaka <igarcia@suse.com>
* Generate v3.Setting code
Signed-off-by: Itxaka <igarcia@suse.com>
* Use the rancher cacerts for the registration
Also drops the cacert passing via chart, adds proper permissions to the
settings resource, adds the cache index and checks that indeed we are
returning a cacert on the registration url
Signed-off-by: Itxaka <igarcia@suse.com>
* fix lint
Signed-off-by: Itxaka <igarcia@suse.com>
* Drop manual rancherl-url and get the rancher url automatically
Drop any manual setup of rancher-url and use the settings to get the set
rancher-url
Signed-off-by: Itxaka <igarcia@suse.com>
* Small fix for getRancherCACert
Signed-off-by: Itxaka <igarcia@suse.com>
* Fix test setting the wrong url
Signed-off-by: Itxaka <igarcia@suse.com>
There seems to have some confusion between the namespace of the operator
to run on and the namespaces we want the operator to watch
This restores the sync_namespaces so the operator can watch all
namespaces and sets teh namespace option to be where the operator is
runnig, needed for things like the registration url to be properly
served
Signed-off-by: Itxaka <igarcia@suse.com>
Remove all the mentions to rancheros-operator in tests, imports and
dependencies.
Restore e2e scripts and test targets on makefile
Fix all lint issues
Signed-off-by: Itxaka <igarcia@suse.com>
At the moment is collecting json output from logs for creating API data
and it's not a real controller. This will be fixed in a follow up.
Besides, relying on logging as we are doing it now, even with the
initContainer workaround is not correct as we
do not have guarantee from kubelet to store logs for us, so this is good
only for small amount of data.
Signed-off-by: Ettore Di Giacinto <edigiacinto@suse.com>
There was a mix of ros-operator and rancheros-operator.
This patch fixes it so its always rancheros-operator, even
changing the repos to have the full name so everything matches
Signed-off-by: Itxaka <igarcia@suse.com>
Alexander Demicev