Skip to content

Commit

Permalink
Add galaxy default EE
Browse files Browse the repository at this point in the history
closes pulp#821
  • Loading branch information
git-hyagi committed Dec 7, 2022
1 parent dc1687d commit 42167e6
Show file tree
Hide file tree
Showing 13 changed files with 343 additions and 18 deletions.
2 changes: 1 addition & 1 deletion .ci/scripts/local.sh
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#!/usr/bin/env bash

kustomize build config/local | kubectl apply -f -
kustomize build config/local | kubectl apply --server-side=true -f -
make manifests generate fmt vet CR_KIND=$1 CR_DOMAIN=$2 CR_PLURAL=$3 APP_IMAGE=$4 WEB_IMAGE=$5
if [[ "$CI_TEST" == "true" ]] ; then
make build
Expand Down
1 change: 1 addition & 0 deletions CHANGES/821.feature
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Added a feature to deploy and sync Galaxy execution environments.
4 changes: 2 additions & 2 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -210,7 +210,7 @@ endif

.PHONY: install
install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
$(KUSTOMIZE) build config/crd | kubectl apply -f -
$(KUSTOMIZE) build config/crd | kubectl apply --server-side=true -f -

.PHONY: uninstall
uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
Expand All @@ -224,7 +224,7 @@ local: kustomize ## Run controller in the K8s cluster specified in ~/.kube/confi
deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
$(KUSTOMIZE) build config/default | kubectl apply -f -
$(KUSTOMIZE) build config/default | kubectl apply --server-side=true -f -

.PHONY: undeploy
undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
Expand Down
12 changes: 12 additions & 0 deletions api/v1alpha1/repo_manager_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -305,6 +305,18 @@ type PulpSpec struct {
// +kubebuilder:default:=false
// +operator-sdk:csv:customresourcedefinitions:type=spec,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:hidden"}
TrustedCa bool `json:"mount_trusted_ca,omitempty"`

// Define if the operator should or should not deploy the default Galaxy Execution Environments.
// Default: false
// +kubebuilder:validation:Optional
// +operator-sdk:csv:customresourcedefinitions:type=spec,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:hidden"}
DeployGalaxyEEDefaults bool `json:"deploy_galaxy_ee_defaults,omitempty"`

// Name of the ConfigMap with the list of Galaxy Execution Environments that should be synchronized.
// Default: ee-default-images
// +kubebuilder:validation:Optional
// +operator-sdk:csv:customresourcedefinitions:type=spec,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:hidden"}
GalaxyEEDefaults string `json:"galaxy_ee_defaults,omitempty"`
}

// Api defines desired state of pulpcore-api resources
Expand Down
8 changes: 8 additions & 0 deletions config/crd/bases/repo-manager.pulpproject.org_pulps.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5779,6 +5779,10 @@ spec:
description: 'Secret where the Fernet symmetric encryption key is
stored. Default: <operators''s name>-"-db-fields-encryption"'
type: string
deploy_galaxy_ee_defaults:
description: 'Define if the operator should or should not deploy the
default Galaxy Execution Environments. Default: false'
type: boolean
deployment_type:
default: pulp
description: 'Name of the deployment type. Default: "pulp"'
Expand All @@ -5800,6 +5804,10 @@ spec:
file_storage_storage_class:
description: Storage class to use for the file persistentVolumeClaim
type: string
galaxy_ee_defaults:
description: 'Name of the ConfigMap with the list of Galaxy Execution
Environments that should be synchronized. Default: ee-default-images'
type: string
haproxy_timeout:
description: 'The timeout for HAProxy. Default: "180s"'
type: string
Expand Down
12 changes: 12 additions & 0 deletions config/rbac/role.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,18 @@ rules:
- patch
- update
- watch
- apiGroups:
- batch
resources:
- cronjobs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
Expand Down
2 changes: 2 additions & 0 deletions controllers/repo_manager/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -182,6 +182,8 @@ PulpSpec defines the desired state of Pulp
| image_pull_secrets | Image pull secrets for container images. Default: [] | []string | false |
| sso_secret | Secret where Single Sign-on configuration can be found | string | false |
| mount_trusted_ca | Define if the operator should or should not mount the custom CA certificates added to the cluster via cluster-wide proxy config. Default: false | bool | false |
| deploy_galaxy_ee_defaults | Define if the operator should or should not deploy the default Galaxy Execution Environments. Default: false | bool | false |
| galaxy_ee_defaults | Name of the ConfigMap with the list of Galaxy Execution Environments that should be synchronized. Default: ee-default-images | string | false |

[Back to Custom Resources](#custom-resources)

Expand Down
16 changes: 1 addition & 15 deletions controllers/repo_manager/api.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ import (
"fmt"
"os"
"strconv"
"strings"
"time"

"golang.org/x/text/cases"
Expand All @@ -35,7 +34,6 @@ import (
"k8s.io/apimachinery/pkg/util/intstr"

"github.com/go-logr/logr"
configv1 "github.com/openshift/api/config/v1"
repomanagerv1alpha1 "github.com/pulp/pulp-operator/api/v1alpha1"
"github.com/pulp/pulp-operator/controllers"
ctrl "sigs.k8s.io/controller-runtime"
Expand Down Expand Up @@ -789,19 +787,7 @@ func pulpServerSecret(resources FunctionResources) client.Object {
}

// Handling user facing URLs
rootUrl := "http://" + resources.Pulp.Name + "-web-svc." + resources.Pulp.Namespace + ".svc.cluster.local:24880"
if strings.ToLower(resources.Pulp.Spec.IngressType) == "ingress" {
rootUrl = "https://" + resources.Pulp.Spec.IngressHost
}
if strings.ToLower(resources.Pulp.Spec.IngressType) == "route" {
if len(resources.Pulp.Spec.RouteHost) == 0 {
ingress := &configv1.Ingress{}
resources.RepoManagerReconciler.Get(resources.Context, types.NamespacedName{Name: "cluster"}, ingress)
rootUrl = "https://" + resources.Pulp.Name + "." + ingress.Spec.Domain
} else {
rootUrl = "https://" + resources.Pulp.Spec.RouteHost
}
}
rootUrl := getRootURL(resources)

// default settings.py configuration
var pulp_settings = `DB_ENCRYPTION_KEY = "/etc/pulp/keys/database_fields.symmetric.key"
Expand Down
8 changes: 8 additions & 0 deletions controllers/repo_manager/controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ import (
"golang.org/x/text/cases"
"golang.org/x/text/language"
appsv1 "k8s.io/api/apps/v1"
batchv1 "k8s.io/api/batch/v1"
corev1 "k8s.io/api/core/v1"
netv1 "k8s.io/api/networking/v1"
policy "k8s.io/api/policy/v1"
Expand Down Expand Up @@ -70,6 +71,7 @@ type RepoManagerReconciler struct {
//+kubebuilder:rbac:groups=core,namespace=pulp-operator-system,resources=configmaps;secrets;services;persistentvolumeclaims,verbs=create;update;patch;delete;watch;get;list;
//+kubebuilder:rbac:groups="",namespace=pulp-operator-system,resources=events,verbs=create;patch
//+kubebuilder:rbac:groups=policy,namespace=pulp-operator-system,resources=poddisruptionbudgets,verbs=get;list;create;delete;patch;update;watch
//+kubebuilder:rbac:groups=batch,namespace=pulp-operator-system,resources=cronjobs,verbs=get;list;watch;create;update;patch;delete

// Reconcile is part of the main kubernetes reconciliation loop which aims to
// move the current state of the cluster closer to the desired state.
Expand Down Expand Up @@ -305,6 +307,11 @@ func (r *RepoManagerReconciler) Reconcile(ctx context.Context, req ctrl.Request)
return pulpController, err
}

log.V(1).Info("Running Galaxy EE tasks")
if pulpController, err := galaxyEECronjob(FunctionResources{ctx, pulp, log, r}); needsRequeue(err, pulpController) {
return pulpController, err
}

log.V(1).Info("Running status tasks")
pulpController, err = r.pulpStatus(ctx, pulp, log)
if needsRequeue(err, pulpController) {
Expand Down Expand Up @@ -332,6 +339,7 @@ func (r *RepoManagerReconciler) SetupWithManager(mgr ctrl.Manager) error {
Owns(&corev1.ConfigMap{}).
Owns(&policy.PodDisruptionBudget{}).
Owns(&corev1.ServiceAccount{}).
Owns(&batchv1.CronJob{}, builder.WithPredicates(ignoreCronjobStatus())).
Owns(&netv1.Ingress{})

if IsOpenShift, _ := controllers.IsOpenShift(); IsOpenShift {
Expand Down
170 changes: 170 additions & 0 deletions controllers/repo_manager/galaxy.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,170 @@
package repo_manager

import (
"net/url"

batchv1 "k8s.io/api/batch/v1"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/client"
)

const defaultConfigMapName = "ee-default-images"

// GalaxyResource has the definition and function to provision galaxy objects
type GalaxyResource struct {
Definition ResourceDefinition
Function func(FunctionResources) client.Object
}

// galaxyEECronjob creates the cronjob used to provide default execution environments
func galaxyEECronjob(resources FunctionResources) (ctrl.Result, error) {

// ignore this func if deployment type is pulp
if resources.Pulp.Spec.DeploymentType != "galaxy" {
return ctrl.Result{}, nil
}

// ignore this method if defined to not deploy default images
if !resources.Pulp.Spec.DeployGalaxyEEDefaults {
return ctrl.Result{}, nil
}

// list of galaxy resources that should be provisioned
newResources := []GalaxyResource{
// galaxy configmap
{Definition: ResourceDefinition{Context: resources.Context, Type: &corev1.ConfigMap{}, Name: getConfigMapName(resources), Alias: "", ConditionType: "", Pulp: resources.Pulp}, Function: galaxyEEConfigMap},
// galaxy cronjob
{ResourceDefinition{resources.Context, &batchv1.CronJob{}, resources.Pulp.Name + "-ee-defaults", "", "", resources.Pulp}, galaxyEECronJob},
}

// create resources
for _, resource := range newResources {
requeue, err := resources.RepoManagerReconciler.createPulpResource(resource.Definition, resource.Function)
if err != nil {
return ctrl.Result{}, err
} else if requeue {
return ctrl.Result{Requeue: true}, nil
}
}

return ctrl.Result{}, nil
}

// getConfigMapName returns the name of ConfigMap with the list of EE that should be synchronized
func getConfigMapName(resources FunctionResources) string {
galaxyEEConfigmapName := defaultConfigMapName
if len(resources.Pulp.Spec.GalaxyEEDefaults) > 0 {
galaxyEEConfigmapName = resources.Pulp.Spec.GalaxyEEDefaults
}

return galaxyEEConfigmapName
}

// galaxyEEConfigMap returns a default ConfigMap with the list of default images
// that should be synced
func galaxyEEConfigMap(resources FunctionResources) client.Object {
images := &corev1.ConfigMap{ObjectMeta: metav1.ObjectMeta{
Name: defaultConfigMapName,
Namespace: resources.Namespace,
},
Data: map[string]string{
"images.yaml": `quay.io:
images-by-tag-regex:
fedora/fedora-minimal: ^latest$
fedora/fedora: ^latest$`,
},
}
ctrl.SetControllerReference(resources.Pulp, images, resources.RepoManagerReconciler.Scheme)
return images
}

// galaxyEECronJob returns a CronJob that will be used to trigger a sync of
// EE images from time to time
func galaxyEECronJob(resources FunctionResources) client.Object {

// image used to run the sync
skopeoImage := "quay.io/skopeo/stable"

// galaxy image registry host
rootURL, _ := url.Parse(getRootURL(resources))

successfulHistory := int32(1)
failedHistory := int32(2)

cronJob := &batchv1.CronJob{
ObjectMeta: metav1.ObjectMeta{
Name: resources.Pulp.Name + "-ee-defaults",
Namespace: resources.Pulp.Namespace,
},
Spec: batchv1.CronJobSpec{
Schedule: "*/2 * * * *",
SuccessfulJobsHistoryLimit: &successfulHistory,
FailedJobsHistoryLimit: &failedHistory,
JobTemplate: batchv1.JobTemplateSpec{
ObjectMeta: metav1.ObjectMeta{
Name: resources.Pulp.Name + "-ee-defaults",
Namespace: resources.Pulp.Namespace,
},
Spec: batchv1.JobSpec{
Template: corev1.PodTemplateSpec{
ObjectMeta: metav1.ObjectMeta{
Name: resources.Pulp.Name + "-ee-defaults",
Namespace: resources.Pulp.Namespace,
},
Spec: corev1.PodSpec{
RestartPolicy: corev1.RestartPolicyNever,
Containers: []corev1.Container{{
Name: "skopeo",
Image: skopeoImage,
ImagePullPolicy: corev1.PullAlways,
Env: []corev1.EnvVar{
{Name: "USERNAME", Value: "admin"},
{Name: "PASSWORD",
ValueFrom: &corev1.EnvVarSource{
SecretKeyRef: &corev1.SecretKeySelector{
LocalObjectReference: corev1.LocalObjectReference{
Name: resources.Pulp.Spec.AdminPasswordSecret,
},
Key: "password",
},
},
},
},
Args: []string{
"--debug", "sync", "--dest", "docker", "--src", "yaml", "--retry-times", "3", "--dest-creds", "$(USERNAME):$(PASSWORD)", "--dest-tls-verify=false", "--keep-going", "/images.yaml", rootURL.Host + "/",
},
VolumeMounts: []corev1.VolumeMount{
{
Name: "ee-default-images",
MountPath: "/images.yaml",
SubPath: "images.yaml",
ReadOnly: true,
},
},
}},
Volumes: []corev1.Volume{
{
Name: "ee-default-images",
VolumeSource: corev1.VolumeSource{
ConfigMap: &corev1.ConfigMapVolumeSource{
LocalObjectReference: corev1.LocalObjectReference{
Name: getConfigMapName(resources),
},
Items: []corev1.KeyToPath{
{Key: "images.yaml", Path: "images.yaml"},
},
},
},
},
},
},
},
},
},
},
}
ctrl.SetControllerReference(resources.Pulp, cronJob, resources.RepoManagerReconciler.Scheme)
return cronJob
}
Loading

0 comments on commit 42167e6

Please sign in to comment.