adding 1.73 role for ossmc

kiali · Oct 17, 2023 · 236dd54 · 236dd54
1 parent 611b7f4
commit 236dd54
Show file tree

Hide file tree

Showing 22 changed files with 777 additions and 0 deletions.
diff --git a/manifests/kiali-ossm/manifests/kiali.clusterserviceversion.yaml b/manifests/kiali-ossm/manifests/kiali.clusterserviceversion.yaml
@@ -312,6 +312,10 @@ spec:
                   value: "${KIALI_1_57}"
                 - name: RELATED_IMAGE_kiali_v1_48
                   value: "${KIALI_1_48}"
+                - name: RELATED_IMAGE_ossmconsole_default
+                  value: "${OSSMCONSOLE_1_73}"
+                - name: RELATED_IMAGE_ossmconsole_v1_73
+                  value: "${OSSMCONSOLE_1_73}"
                 ports:
                 - name: http-metrics
                   containerPort: 8080

diff --git a/playbooks/ossmconsole-default-supported-images.yml b/playbooks/ossmconsole-default-supported-images.yml
@@ -1 +1,2 @@
 default: {"imageName": "quay.io/kiali/ossmconsole", "imageVersion": "operator_version"}
+v1.73: {"image_name": "quay.io/kiali/ossmconsole", "image_version": "v1.73"}
diff --git a/roles/v1.73/ossmconsole-deploy/defaults/main.yml b/roles/v1.73/ossmconsole-deploy/defaults/main.yml
@@ -0,0 +1,26 @@
+# Defaults for all user-facing OSSM Console settings.
+#
+# Note that these are under the main dictionary group "ossmconsole_defaults".
+# The actual vars used by the role are found in the vars/ directory.
+# These defaults (the dictionaries under "ossmconsole_defaults") are merged into the vars such that the values
+# below (e.g. deployment) are merged in rather than completely replaced by user-supplied values.
+#
+# If new groups are added to these defaults, you must remember to add the merge code to vars/main.yml.
+
+ossmconsole_defaults:
+  version: "default"
+
+  deployment:
+    imageDigest: ""
+    imageName: ""
+    imagePullPolicy: "IfNotPresent"
+    imagePullSecrets: []
+    imageVersion: ""
+    namespace: ""
+
+  kiali:
+    graph:
+      impl: "pf"
+    serviceName: ""
+    serviceNamespace: ""
+    servicePort: 0
diff --git a/roles/v1.73/ossmconsole-deploy/filter_plugins/stripnone.py b/roles/v1.73/ossmconsole-deploy/filter_plugins/stripnone.py
@@ -0,0 +1,28 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+  'metadata_version': '1.1',
+  'status': ['preview'],
+  'supported_by': 'community'
+}
+
+# Process recursively the given value if it is a dict and remove all keys that have a None value
+def strip_none(value):
+  if isinstance(value, dict):
+    dicts = {}
+    for k,v in value.items():
+      if isinstance(v, dict):
+        dicts[k] = strip_none(v)
+      elif v is not None:
+        dicts[k] = v
+    return dicts
+  else:
+    return value
+
+# ---- Ansible filters ----
+class FilterModule(object):
+  def filters(self):
+    return {
+      'stripnone': strip_none
+    }
diff --git a/roles/v1.73/ossmconsole-deploy/meta/main.yml b/roles/v1.73/ossmconsole-deploy/meta/main.yml
@@ -0,0 +1,2 @@
+collections:
+- kubernetes.core
diff --git a/roles/v1.73/ossmconsole-deploy/tasks/main.yml b/roles/v1.73/ossmconsole-deploy/tasks/main.yml
diff --git a/roles/v1.73/ossmconsole-deploy/tasks/openshift/os-main.yml b/roles/v1.73/ossmconsole-deploy/tasks/openshift/os-main.yml
@@ -0,0 +1,13 @@
+- include_tasks: update-status-progress.yml
+  vars:
+    status_progress_message: "Creating core resources"
+
+- name: Create OSSM Console objects on OpenShift
+  include_tasks: process-resource.yml
+  vars:
+    process_resource_templates:
+    - "templates/openshift/configmap-nginx.yaml"
+    - "templates/openshift/configmap-plugin.yaml"
+    - "templates/openshift/deployment.yaml"
+    - "templates/openshift/service.yaml"
+    - "templates/openshift/consoleplugin.yaml"
diff --git a/roles/v1.73/ossmconsole-deploy/tasks/process-resource.yml b/roles/v1.73/ossmconsole-deploy/tasks/process-resource.yml
@@ -0,0 +1,31 @@
+# process all template names found in process_resource_templates - any empty strings in the list are ignored.
+# This will keep a running tally of all processed resources in "processed_resources_dict".
+- name: "Create Kiali resources from templates"
+  k8s:
+    state: "present"
+    continue_on_error: false
+    template: "{{ process_resource_templates | select() | list }}"
+  register: process_resource_templates_result
+  retries: 6
+  delay: 10
+
+# Store the results of the processed resource so they can be examined later (e.g. to know if something changed or stayed the same)
+- vars:
+    kinds: "{{ process_resource_templates_result.result.results | map(attribute='result.kind') | list }}"
+    names: "{{ process_resource_templates_result.result.results | map(attribute='result.metadata.name') | list }}"
+    changed: "{{ process_resource_templates_result.result.results | map(attribute='changed') | list }}"
+    method: "{{ process_resource_templates_result.result.results | map(attribute='method') | list }}"
+    thedict: "{{ processed_resources_dict | default({}) }}"
+  set_fact:
+    processed_resources_dict: |
+      {% for kind in kinds %}
+      {%   set _ = thedict.update({ (kind + '-' + names[loop.index0]): {'name': names[loop.index0], 'changed': changed[loop.index0], 'method': method[loop.index0]}}) %}
+      {% endfor %}
+      {{ thedict }}
+  when:
+  - process_resource_templates_result is defined
+  - process_resource_templates_result | length > 0
+
+- name: "Resource creation results"
+  debug:
+    msg: "{{ processed_resources_dict }}"
diff --git a/roles/v1.73/ossmconsole-deploy/tasks/update-status-progress.yml b/roles/v1.73/ossmconsole-deploy/tasks/update-status-progress.yml
@@ -0,0 +1,16 @@
+- name: Prepare status progress facts
+  ignore_errors: yes
+  set_fact:
+    status_progress_step: "{{ 1 if status_progress_step is not defined else (status_progress_step|int + 1) }}"
+    status_progress_start: "{{ ('%Y-%m-%d %H:%M:%S' | strftime) if status_progress_start is not defined else (status_progress_start) }}"
+
+- name: Update CR status progress field with any additional status fields
+  ignore_errors: yes
+  vars:
+    duration: "{{ ('%Y-%m-%d %H:%M:%S' | strftime | to_datetime) - (status_progress_start | to_datetime) }}"
+  operator_sdk.util.k8s_status:
+    api_version: "{{ current_cr.apiVersion }}"
+    kind: "{{ current_cr.kind }}"
+    name: "{{ current_cr.metadata.name }}"
+    namespace: "{{ current_cr.metadata.namespace }}"
+    status: "{{ status_vars | default({}) | combine({'progress':{'message': status_progress_step + '. ' + status_progress_message, 'duration': duration }}, recursive=True) }}"
diff --git a/roles/v1.73/ossmconsole-deploy/tasks/update-status.yml b/roles/v1.73/ossmconsole-deploy/tasks/update-status.yml
@@ -0,0 +1,8 @@
+- name: Update CR status field
+  ignore_errors: yes
+  operator_sdk.util.k8s_status:
+    api_version: "{{ current_cr.apiVersion }}"
+    kind: "{{ current_cr.kind }}"
+    name: "{{ current_cr.metadata.name }}"
+    namespace: "{{ current_cr.metadata.namespace }}"
+    status: "{{ status_vars }}"
diff --git a/roles/v1.73/ossmconsole-deploy/templates/openshift/configmap-nginx.yaml b/roles/v1.73/ossmconsole-deploy/templates/openshift/configmap-nginx.yaml
@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nginx-conf
+  namespace: {{ ossmconsole_vars.deployment.namespace }}
+  labels: {{ ossmconsole_resource_metadata_labels }}
+data:
+  nginx.conf: |
+    error_log /dev/stdout;
+    events {}
+    http {
+      access_log         /dev/stdout;
+      include            /etc/nginx/mime.types;
+      default_type       application/octet-stream;
+      keepalive_timeout  65;
+      server {
+        listen              9443 ssl;
+        ssl_certificate     /var/serving-cert/tls.crt;
+        ssl_certificate_key /var/serving-cert/tls.key;
+
+        add_header oauth_token "$http_Authorization";
+
+        location / {
+          root                /usr/share/nginx/html;
+        }
+      }
+    }
diff --git a/roles/v1.73/ossmconsole-deploy/templates/openshift/configmap-plugin.yaml b/roles/v1.73/ossmconsole-deploy/templates/openshift/configmap-plugin.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: plugin-conf
+  namespace: {{ ossmconsole_vars.deployment.namespace }}
+  labels: {{ ossmconsole_resource_metadata_labels }}
+data:
+  plugin-config.json: |
+    {
+      "graph": {
+        "impl": "{{ ossmconsole_vars.kiali.graph.impl }}"
+      }
+    }
diff --git a/roles/v1.73/ossmconsole-deploy/templates/openshift/consoleplugin.yaml b/roles/v1.73/ossmconsole-deploy/templates/openshift/consoleplugin.yaml
@@ -0,0 +1,20 @@
+apiVersion: console.openshift.io/v1alpha1
+kind: ConsolePlugin
+metadata:
+  name: ossmconsole
+  labels: {{ ossmconsole_resource_metadata_labels }}
+spec:
+  displayName: "OpenShift Service Mesh Console"
+  service:
+    name: ossmconsole
+    namespace: {{ ossmconsole_vars.deployment.namespace }}
+    port: 9443
+    basePath: "/"
+  proxy:
+  - type: Service
+    alias: kiali
+    authorize: true
+    service:
+      name: {{ ossmconsole_vars.kiali.serviceName }}
+      namespace: {{ ossmconsole_vars.kiali.serviceNamespace }}
+      port: {{ ossmconsole_vars.kiali.servicePort }}
diff --git a/roles/v1.73/ossmconsole-deploy/templates/openshift/deployment.yaml b/roles/v1.73/ossmconsole-deploy/templates/openshift/deployment.yaml
@@ -0,0 +1,71 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ossmconsole
+  namespace: {{ ossmconsole_vars.deployment.namespace }}
+  labels: {{ ossmconsole_resource_metadata_labels }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: ossmconsole
+      app.kubernetes.io/instance: ossmconsole
+  template:
+    metadata:
+      name: ossmconsole
+      labels: {{ ossmconsole_resource_metadata_labels }}
+      annotations:
+        ossmconsole.kiali.io/last-updated: "{{ deployment_last_updated }}"
+    spec:
+{% if ossmconsole_vars.deployment.imagePullSecrets | default([]) | length > 0 %}
+      imagePullSecrets:
+{% for n in ossmconsole_vars.deployment.imagePullSecrets %}
+      - name: {{ n }}
+{% endfor %}
+{% endif %}
+      containers:
+      - name: ossmconsole
+        image: {{ ossmconsole_vars.deployment.imageName }}{{ '@' + ossmconsole_vars.deployment.imageDigest if ossmconsole_vars.deployment.imageDigest != '' else '' }}:{{ ossmconsole_vars.deployment.imageVersion }}
+        imagePullPolicy: {{ ossmconsole_vars.deployment.imagePullPolicy }}
+        ports:
+        - containerPort: 9443
+          protocol: TCP
+        securityContext:
+          allowPrivilegeEscalation: false
+          privileged: false
+          runAsNonRoot: true
+          capabilities:
+            drop:
+            - ALL
+        volumeMounts:
+        - name: ossmconsole-cert-secret
+          readOnly: true
+          mountPath: /var/serving-cert
+        - name: nginx-conf
+          readOnly: true
+          mountPath: /etc/nginx/nginx.conf
+          subPath: nginx.conf
+        - name: plugin-conf
+          readOnly: true
+          mountPath: /usr/share/nginx/html/plugin-config.json
+          subPath: plugin-config.json
+      volumes:
+      - name: ossmconsole-cert-secret
+        secret:
+          secretName: ossmconsole-cert-secret
+          defaultMode: 420
+      - name: nginx-conf
+        configMap:
+          name: nginx-conf
+          defaultMode: 420
+      - name: plugin-conf
+        configMap:
+          name: plugin-conf
+          defaultMode: 420
+      restartPolicy: Always
+      dnsPolicy: ClusterFirst
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: "25%"
+      maxSurge: "25%"
diff --git a/roles/v1.73/ossmconsole-deploy/templates/openshift/service.yaml b/roles/v1.73/ossmconsole-deploy/templates/openshift/service.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: ossmconsole
+  namespace: {{ ossmconsole_vars.deployment.namespace }}
+  labels: {{ ossmconsole_resource_metadata_labels }}
+  annotations:
+    service.beta.openshift.io/serving-cert-secret-name: ossmconsole-cert-secret
+spec:
+  ports:
+  - name: 9443-tcp
+    protocol: TCP
+    port: 9443
+    targetPort: 9443
+  selector:
+    app.kubernetes.io/name: ossmconsole
+    app.kubernetes.io/instance: ossmconsole
+  type: ClusterIP
+  sessionAffinity: None
diff --git a/roles/v1.73/ossmconsole-deploy/vars/main.yml b/roles/v1.73/ossmconsole-deploy/vars/main.yml
@@ -0,0 +1,30 @@
+# These are the actual variables used by the role. You will notice it is
+# one big dictionary (key="ossmconsole_vars") whose child dictionaries mimic those
+# as defined in defaults/main.yml.
+# The child dictionaries below will have values that are a combination of the default values
+# (as found in defaults/main.yaml) and user-supplied values.
+# Without this magic, a user supplying only one key/value pair in a child dictionary will
+# clear out (make undefined) all the rest of the key/value pairs in that child dictionary.
+# This is not what we want. We want the rest of the dictionary to keep the defaults,
+# thus allowing the user to override only a subset of key/values in a dictionary.
+#
+# I found this trick at https://groups.google.com/forum/#!topic/Ansible-project/pGbRYZyqxZ4
+# I tweeked that solution a little bit because I did not want to require the user to supply
+# everything under a main "ossmconsole_vars" dictionary.
+
+ossmconsole_vars:
+  version: "{{ version | default(ossmconsole_defaults.version) }}"
+
+  deployment: |
+    {%- if deployment is defined and deployment is iterable -%}
+    {{ ossmconsole_defaults.deployment | combine((deployment | stripnone), recursive=True) }}
+    {%- else -%}
+    {{ ossmconsole_defaults.deployment }}
+    {%- endif -%}
+
+  kiali: |
+    {%- if kiali is defined and kiali is iterable -%}
+    {{ ossmconsole_defaults.kiali | combine((kiali | stripnone), recursive=True) }}
+    {%- else -%}
+    {{ ossmconsole_defaults.kiali }}
+    {%- endif -%}
diff --git a/roles/v1.73/ossmconsole-remove/defaults/main.yml b/roles/v1.73/ossmconsole-remove/defaults/main.yml
@@ -0,0 +1,3 @@
+ossmconsole_defaults:
+  deployment:
+    namespace: ""
diff --git a/roles/v1.73/ossmconsole-remove/filter_plugins/stripnone.py b/roles/v1.73/ossmconsole-remove/filter_plugins/stripnone.py
@@ -0,0 +1,28 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+  'metadata_version': '1.1',
+  'status': ['preview'],
+  'supported_by': 'community'
+}
+
+# Process recursively the given value if it is a dict and remove all keys that have a None value
+def strip_none(value):
+  if isinstance(value, dict):
+    dicts = {}
+    for k,v in value.items():
+      if isinstance(v, dict):
+        dicts[k] = strip_none(v)
+      elif v is not None:
+        dicts[k] = v
+    return dicts
+  else:
+    return value
+
+# ---- Ansible filters ----
+class FilterModule(object):
+  def filters(self):
+    return {
+      'stripnone': strip_none
+    }
diff --git a/roles/v1.73/ossmconsole-remove/meta/main.yml b/roles/v1.73/ossmconsole-remove/meta/main.yml
@@ -0,0 +1,2 @@
+collections:
+- kubernetes.core
Original file line number	Diff line number	Diff line change
		@@ -1 +1,2 @@
		default: {"imageName": "quay.io/kiali/ossmconsole", "imageVersion": "operator_version"}
		v1.73: {"image_name": "quay.io/kiali/ossmconsole", "image_version": "v1.73"}