Operator to enable CodeReady Toolchain on OSD clusters
To enable CodeReady Toolchain on any Openshift cluster, we need one time configuration setup which includes following things:
-
Service Account with required roles
-
Create service account
toolchain-sre. -
Create
dsaas-cluster-adminclusterrole. -
Bind
self-provisioneranddsaas-cluster-adminclusterrole totoolchain-sreservice account.
-
-
OAuth Client
-
Create oauthclient with secret and redirect uris and other required parameters
-
-
Cluster Configuration
-
Find routing subdomain.
-
Find cluster name.
-
Find cluster’s public url.
-
-
Update Cluster Management Service with above cluster configuration
-
Get required token from auth service
-
Post cluster configuration with valid token to cluster management service.
-
-
Pre-requisites for
manage.openshift.com-
Create service account
online-registrationinopenshift-infranamespace formanage.openshift.com -
Create cluster role
online-registrationand bind it toonline-registrationservice account.
-
-
(ToDo) Create image-puller Daemonset for che.
As mentioned above operator will update cluster information to the cluster management service, so that it can provision namespaces/projects to required users on this new cluster.
So in short this operator has to create required resources, find required cluster configuration details and update it to cluster management service.
Btw, cluster management service is interested in following information.
{
"name":"us-east-2",
"api-url":"https://api.starter-us-east-2.openshift.com",
"app-dns":"8a09.starter-us-east-2.openshiftapps.com",
"service-account-token":"fX0nH3d68LQ6SK5wBE6QeKJ6X8AZGVQO3dGQZZETakhmgmWAqr2KDFXE65KUwBO69aWoq",
"service-account-username":"dsaas",
"token-provider-id":"f867ac10-5e05-4359-a0c6-b855ece59090",
"auth-client-id":"autheast2",
"auth-client-secret":"autheast2secret",
"auth-client-default-scope":"user:full"
}The following guide is mainly targeted towards a Linux machine.
You need to install:
-
go(>= v1.11) -
git -
mercurial -
make -
operator-sdk(>= v0.4.0)
Run the following command to find out your Go version.
$ go version
You must at least have Go version 1.11.
See Fetch dependencies to see an explanaition on how we deal with dependencies.
This project uses dep as a package manager for Go.
Running the make deps command will install dep in $GOPATH/bin if it’s not already available on your system.
Follow this guide to install operator-sdk
Assuming you have Go installed and configured (have $GOPATH setup) here is
how to build.
Check out the code
$ git clone https://github.com/fabric8-services/toolchain-operator $GOPATH/src/github.com/fabric8-services/toolchain-operator
Like most other projects, this one depends on various other projects that need to be downloaded.
To fetch the dependencies and finally build the project you can type make build in a freshly clone repository of this project.
$ cd $GOPATH/src/github.com/fabric8-services/toolchain-operator $ make build
There is no need to fetch the dependencies, or re-generate code every time you
want to compile. That’s why we offer special make targets for these topics:
This will download all the dependencies for this project inside a directory
called vendor. This way we can ensure that every developer and our CI system
is using the same version.
$ cd $GOPATH/src/github.com/fabric8-services/toolchain-operator $ make deps
For dependency management of go packages we use dep.
The file Gopkg.toml contains all dependencies. If you want to understand the format for this file, look here.
If you want to just build the toolchain operator, run make build.
$ cd $GOPATH/src/github.com/fabric8-services/toolchain-operator $ make build
This removes all downloaded dependencies, all generated code and compiled artifacts.
$ cd $GOPATH/src/github.com/fabric8-services/toolchain-operator $ make clean
Here’s how to run all available tests. All tests will check all Go packages
except those in the vendor/ directory.
Unit tests have the minimum requirement on time and environment setup.
cd $GOPATH/src/github.com/fabric8-services/toolchain-operator
make test-unitTL; DR
make minishift-start
eval $(minishift docker-env)
cd $GOPATH/src/github.com/fabric8-services/toolchain-operator
make test-e2eE2E tests are verifying successful deployment of Toolchain Operator and creation of required resources. End To end tests demand openshift cluster to be up and running.
However you can run minishift which is single node openshift cluster. You can check it using minishift status. If not then start it using make minishift-start target.
After successfully starting minishift, configure your shell to use docker daemon from minishift using eval $(minishift docker-env).
Now it’s time to run E2E tests for toolchain-operator which will create it’s required resources from deploy/test/ on OpenShift use following command:
make test-e2eThis make target is building new docker image $(DOCKER_REPO)/$(IMAGE_NAME):test(e.g. quay.io/openshiftio/toolchain-operator:test) which is used in the operator’s deployment manifests in e2e tests.
Also remember that it uses the system:admin account for creating all required resources from deploy/test directory.
- all
-
To run both, the unit and the end to end tests you can run
$ cd $GOPATH/src/github.com/fabric8-services/toolchain-operator $ make test-all
Follow minishift guide to run operator on minishift
minishift start --cpus 4 --memory 8GB
oc login -u system:adminoc apply -f https://raw.githubusercontent.com/operator-framework/operator-lifecycle-manager/master/deploy/upstream/quickstart/olm.yamlTo ship toolchain-operator from marketplace, we are bundling operator manifests with our own registry, where cluster-admin can create CatalogSource if needed and find our operator in operator catalogs.
We don’t want to ship our operator to every cluster by default, this is why we are not going with default operatorsources which creates catalogsource for Community, RedHat, Certified operator registry.
Make sure that you have logged in as cluster-admin to do following steps.