Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Writing your first Ansible operator for OpenShift

Writing your first Ansible operator for OpenShift

Learn how to implement operators on Red Hat OpenShift without any Go code by using Red Hat Ansible Automation. Explore how operators allow you to manage more than stateless applications on your Red Hat OpenShift platform. Operators allow you to define how to create application-specific clusters (and recover from failure), manage version upgrades, and support backup and restore processes.

In this session, we'll discuss where operators fit into Red Hat OpenShift—then watch as an Ansible-driven operator is written before your eyes.

B5a1b84c06bcad998068fc5557e3c8d9?s=128

Keith Resar

May 09, 2019
Tweet

Transcript

  1. @KeithResar WRITING YOUR FIRST _ANSIBLE OPERATOR_ FOR OPENSHIFT

  2. None
  3. @KeithResar Operators are _application aware Kubernetes objects._ Active throughout the

    application’s lifecycle, they manage instantiation, ongoing state, and destruction.
  4. None
  5. @KeithResar FROM VISION TO _PROBLEM_

  6. @KeithResar _problem:_ _turnkey management of stateless application_ _solution:_ _kubernetes (we

    just saw this)_ _S2I, Helm_
  7. @KeithResar

  8. @KeithResar _build image from_ _source_

  9. @KeithResar _intra-cluster traffic_ _management_

  10. @KeithResar _application runtime_ _configuration_

  11. @KeithResar _external traffic_

  12. @KeithResar

  13. None
  14. @KeithResar _problem:_ _I’m a vendor or I create stateful apps,

    _kubernetes doesn’t know anything about me_
  15. @KeithResar etcd is a _distributed key value store_ that provides

    a reliable way to store data across a cluster of machines. Stand-in for your app
  16. @KeithResar Create and Destroy • Resize • Failover Rolling upgrade

    • Backup and Restore Stand-in for your app
  17. @KeithResar _problem:_ _I’m a vendor or I create stateful apps,

    _kubernetes doesn’t know anything about me_ _solution:_ _create custom resource definitions (CRD)_
  18. @KeithResar --- apiVersion: v1 kind: Service metadata: name: simpleapp spec:

    ports: - name: 8080-tcp port: 8080 protocol: TCP targetPort: 8080 selector: deploymentconfig: simpleapp sessionAffinity: None type: ClusterIP defining a _service_ resource service resources are a built in object type.
  19. @KeithResar --- apiVersion: etcd.database.coreos.com/v1beta2 kind: EtcdCluster metadata: name: example-etcd-cluster spec:

    size: 3 version: "3.2.13" defining an _EtcdCluster_ resource Our custom resource looks pretty similar.
  20. @KeithResar _problem:_ _golang isn’t going to fly_ _solution:_ _skip go,

    succeed with helm charts or ansible_
  21. None
  22. @KeithResar EVERY PROBLEM BRINGS A _SOLUTION_

  23. @KeithResar DS AS API Server Cluster Workload Compare desired state

    with actual state Reconcile process converges to desired state
  24. @KeithResar DS AS API Server 01010001 01010010 10101011 01011001 0101001

    01010001 01010010 10101011 01011001 0101001 Cluster Workload 01010001 01010010 10101011 01011001 0101001 1x simpleapp 2x simpleapp 01010001 01010010 10101011 01011001 0101001
  25. @KeithResar DS AS API Server Cluster Workload Native K8s objects

    like... Pods Services Routes etc.
  26. @KeithResar AS DS _* operator_ watch reconcile action _________ _______________________

    ______ _____________________________
  27. @KeithResar AS DS _Ansible operator_ watch reconcile ansible-runner _________ _______________________

    ______ _____________________________ Ansible playbook or role This is the only component you need to worry about!
  28. @KeithResar kubernetes layer application layer

  29. @KeithResar kubernetes layer ETCD pod ETCD pod Phase I Manage

    native K8s objects application layer
  30. @KeithResar

  31. @KeithResar

  32. @KeithResar

  33. @KeithResar application layer kubernetes layer ETCD pod ETCD pod Phase

    II Manage application objects 01001 etcd data 01001 etcd data
  34. None
  35. @KeithResar A GIFT OF THE _DEMO_ TO YOU

  36. @KeithResar Demo Operator for data service _SimpleDB,_ that manages instantiation

    and version upgrades. RBAC CRD CR DC
  37. @KeithResar Create service account, role, and role binding. Our operator

    uses these to monitor events and reconcile desired and actual states. RBAC CRD CR DC
  38. @KeithResar AS DS _Ansible operator_ watch reconcile ansible-runner _________ _______________________

    ______ _____________________________
  39. @KeithResar RBAC CRD CR DC --- apiVersion: v1 kind: ServiceAccount

    metadata: name: simpledb --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: simpledb rules: ... --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: simpledb subjects: - kind: ServiceAccount name: simpledb roleRef: kind: Role name: simpledb apiGroup: rbac.authorization.k8s.io
  40. @KeithResar Define the custom resource SimpleDB. This extends what Kubernetes

    accepts, but doesn’t actually change any behavior. RBAC CRD CR DC
  41. @KeithResar RBAC CRD CR DC --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition

    metadata: name: simpledbs.example.com spec: group: example.com names: kind: SimpleDB listKind: SimpleDBList plural: simpledbs singular: simpledb scope: Namespaced version: v1alpha1
  42. @KeithResar Define and deploy the Ansible Operator container which executes

    an ansible-runner process. RBAC CRD CR DC
  43. @KeithResar AS DS _Ansible operator_ watch reconcile ansible-runner _________ _______________________

    ______ _____________________________
  44. @KeithResar RBAC CRD CR DC --- apiVersion: apps/v1 kind: Deployment

    metadata: name: simpledb spec: template: spec: serviceAccountName: simpledb containers: - name: simpledb image: hk1232/operator-simpledb-runner:0.1 env: - name: WATCH_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: OPERATOR_NAME value: "simpledb"
  45. @KeithResar RBAC CRD CR DC # Dockerfile FROM quay.io/water-hole/ansible-operator USER

    root RUN yum -y install MySQL-python && \ pip --no-cache-dir install dnspython COPY roles/ ${HOME}/roles/ COPY playbook.yaml ${HOME}/playbook.yaml COPY watches.yaml ${HOME}/watches.yaml
  46. @KeithResar AS DS _Ansible operator_ watch reconcile ansible-runner _________ _______________________

    ______ _____________________________
  47. @KeithResar RBAC CRD CR DC # Dockerfile FROM quay.io/water-hole/ansible-operator USER

    root RUN yum -y install MySQL-python && \ pip --no-cache-dir install dnspython COPY roles/ ${HOME}/roles/ COPY playbook.yaml ${HOME}/playbook.yaml COPY watches.yaml ${HOME}/watches.yaml
  48. @KeithResar RBAC CRD CR DC --- apiVersion: apps/v1 kind: Deployment

    metadata: name: simpledb spec: template: spec: serviceAccountName: simpledb containers: - name: simpledb image: hk1232/operator-simpledb-runner:0.1 env: - name: WATCH_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: OPERATOR_NAME value: "simpledb"
  49. @KeithResar AS DS _Ansible operator_ watch reconcile ansible-runner _________ _______________________

    ______ _____________________________
  50. @KeithResar RBAC CRD CR DC # watches.yml --- - version:

    v1alpha1 group: example.com kind: SimpleDB playbook: /opt/ansible/playbook.yaml
  51. @KeithResar RBAC CRD CR DC # playbook.yml --- - hosts:

    localhost gather_facts: no tasks: - import_role: name: "SimpleDB"
  52. @KeithResar RBAC CRD CR DC # roles/SimpleDB/tasks/main.yml ---

  53. @KeithResar RBAC CRD CR DC # roles/SimpleDB/tasks/main.yml --- # …

    (skip setting some variables)
  54. @KeithResar RBAC CRD CR DC # roles/SimpleDB/tasks/main.yml --- # …

    (skip setting some variables) # If no service defined then run our install playbook # This is idempotent so we could run it regardless - include_tasks: mariadb_install.yml when: mysql_ip == "NXDOMAIN"
  55. @KeithResar RBAC CRD CR DC # roles/SimpleDB/tasks/main.yml --- # …

    (skip setting some variables) # If no service defined then run our install playbook # This is idempotent so we could run it regardless - include_tasks: mariadb_install.yml when: mysql_ip == "NXDOMAIN" # Run our upgrade path if we need to change versions - include_tasks: mariadb_upgrade.yml when: version != version_query.json.version
  56. @KeithResar Define and deploy the Ansible Operator container which executes

    an ansible-runner process. RBAC CRD CR DC
  57. @KeithResar AS DS _Ansible operator_ watch reconcile ansible-runner _________ _______________________

    ______ _____________________________
  58. @KeithResar Instantiate our custom resource object. The operator is listening

    for any SimpleDB events in our namespace. RBAC CRD CR DC
  59. @KeithResar RBAC CRD CR DC --- apiVersion: example.com/v1alpha1 kind: SimpleDB

    metadata: name: simpledb spec: # Add fields here version: 1
  60. @KeithResar AS DS _Ansible operator_ watch reconcile ansible-runner _________ _______________________

    ______ _____________________________ Ansible playbook or role This is the only component you need to worry about!
  61. None
  62. @KeithResar GO FARTHER WITH THESE _RESOURCES_ • Introducing the operator

    framework • water-hole’s ansible-operator repo • ansible-operator-demo repo • Awesome operators in the wild
  63. @KeithResar THANKS