Kubernetes Operator for easy setup and management of Microcks installs (using Ansible undercover 😉)
Latest released version is 1.10.0-fix-1
.
Current development is stopped. Please check new Microcks Operator that is the successor of this project.
- Documentation
- Microcks Community and community meeting
- Join us on Discord, on GitHub Discussions or CNCF Slack #microcks channel
To get involved with our community, please make sure you are familiar with the project's Code of Conduct.
We provide simple shell scripts for quickly installing latest version of Microcks Operator on your OpenShift cluster or local Minikube.
You can use install-latest-on-minikube.sh
script to prepare your cluster with Strimzi installation, SSL passthrough configuration for accessing Kafka cluster, Microcks Operator and full Microcks install in a microcks
namespace.
After having logged in your OpenShift cluster with oc login
, you can use install-latest-on-openshift.sh
script for installation of Microcks Operator and full Microcks install in a microcks
namespace of a prepared cluster (Strimzi operator should have been installed first).
For development or on bare OpenShift and Kubernetes clusters, without Operator Lifecycle Management (OLM).
Start cloning this repos and then, optionally, create a new project:
$ git clone https://github.com/microcks/microcks-ansible-operator.git
$ cd microcks-ansible-operator/
$ kubectl create namespace microcks
Then, from this repository root directory, create the specific CRDS and resources needed for Operator:
$ kubectl create -f deploy/crds/microcks_v1alpha1_microcksinstall_crd.yaml
$ kubectl create -f deploy/service_account.yaml -n microcks
$ kubectl create -f deploy/role.yaml -n microcks
$ kubectl create -f deploy/role_binding.yaml -n microcks
Finally, deploy the operator:
$ kubectl create -f deploy/operator.yaml -n microcks
Wait a minute or two and check everything is running:
$ kubectl get pods -n microcks
NAME READY STATUS RESTARTS AGE
microcks-ansible-operator-f58b97548-qj26l 1/1 Running 0 3m
Now just create a MicrocksInstall
CRD!
Operator Lyfecycle Manager should be installed on your cluster first. Please follow this guideline to know how to proceed.
You can then use the OperatorHub.io catalog of Kubernetes Operators sourced from multiple providers. It offers you an alternative way to install stable versions of Microcks using the Microcks Operator. To install Microcks from OperatorHub.io, locate the Microcks Operator and follow the instructions provided.
As an alternative, raw resources can also be found into the /deploy/olm
directory of this repo. You may want to use the install.sh
script for creating CSV and subscriptions within your target namespace.
Once operator is up and running into your Kubernetes namespace, you just have to create a MicrocksInstall
Custom Resource Definition (CRD). This CRD simply describe the properties of the Microcks installation you want to have in your cluster. A MicrocksInstall
CRD is made of 6 different sections that may be used for describing your setup :
- Global part is mandatory and contain attributes like
name
of your install andversion
of Microcks to use, microcks
part is optional and contain attributes like the number ofreplicas
and the accessurl
if you want some customizations,postman
part is optional for the number ofreplicas
keycloak
part is optional and allows to specify if you want a new install or reuse an existing instance. If not provided, Microcks will install its own Keycloak instance,mongodb
part is optional and allows to specify if you want a new install or reuse an existing instance. If not provided, Microcks will install its own MongoDB instancefeatures
part is optional and allow to enable and configure opt-in features of Microcks.
Here's below a minimalistic MicrocksInstall
CRD that you can use on vanilla Kubernetes cluster with just the information needed to configure Ingresses
. This let all the defaults applies (see below for details).
apiVersion: microcks.github.io/v1alpha1
kind: MicrocksInstall
metadata:
name: my-microcksinstall
spec:
name: my-microcksinstall
version: "1.9.1"
microcks:
url: microcks.192.168.99.100.nip.io
keycloak:
url: keycloak.192.168.99.100.nip.io
privateUrl: http://my-microcksinstall-keycloak.microcks.svc.cluster.local:8080
This form can only be used on OpenShift as vanilla Kubernetes will need more informations to customize
Ingress
resources.
Here's now a complete MicrocksInstall
CRD that I use - for example - on Minikube for testing vanilla Kubernetes support. This one adds the url
attributes that are mandatory on vanilla Kubernetes.
apiVersion: microcks.github.io/v1alpha1
kind: MicrocksInstall
metadata:
name: my-microcksinstall-minikube
spec:
name: my-microcksinstall-minikube
version: "1.9.1"
microcks:
replicas: 1
url: microcks.192.168.99.100.nip.io
ingressSecretRef: my-secret-for-microcks-ingress
postman:
replicas: 2
keycloak:
install: true
persistent: true
volumeSize: 1Gi
url: keycloak.192.168.99.100.nip.io
privateUrl: http://my-microcksinstall-keycloak.microcks.svc.cluster.local:8080
ingressSecretRef: my-secret-for-keycloak-ingress
mongodb:
install: true
uri: mongodb:27017
database: sampledb
secretRef:
secret: mongodb
usernameKey: database-user
passwordKey: database-password
persistent: true
volumeSize: 2Gi
features:
repositoryFilter:
enabled: true
labelKey: app
labelLabel: Application
labelList: app,status
The table below describe all the fields of the MicrocksInstall
CRD, providing informations on what's mandatory and what's optional as well as default values.
Section | Property | Description |
---|---|---|
|
registry |
Optional. The URL of an alternative container registry where to retrive Microcks components image from. If not specified the default quay.io will be used. |
microcks |
replicas |
Optional. The number of replicas for the Microcks main pod. Default is 1 . |
microcks |
url |
Mandatory on Kube, Optional on OpenShift. The URL to use for exposing Ingress . If missing on OpenShift, default URL schema handled by Router is used. |
microcks |
ingressSecretRef |
Optional on Kube, not used on OpenShift. The name of a TLS Secret for securing Ingress . If missing on Kubernetes, self-signed certificate is generated. |
microcks |
ingressAnnotations |
Optional. Some custom annotations to add on Ingress or OpenShift Route . If these annotations are triggering a Certificate generation (for example through https://cert-manager.io/ or https://github.com/redhat-cop/cert-utils-operator), the generateCert property should be set to false for Kube. |
microcks |
generateCert |
Optional on Kube, not used on OpenShift. Whether to generate self-signed certificate or not if no valid ingressSecretRef provided. Default is true |
microcks |
grpcIngressAnnotations |
Optional. Some custom annotations to add on GRPC Ingress . These annotations should not trigger a Certificate generation as operator takes care of generating the GRPC dedicated one. |
microcks |
resources |
Optional. Some resources constraints to apply on Microcks container. This should be expressed using Kubernetes syntax. |
microcks |
env |
Optional. Some environment variables to add on Microcks container. This should be expressed using Kubernetes syntax. |
microcks |
extraProperties |
Optional. Additional application properties loaded into an extra Spring profile. Should follow Sring Boot YAML properties definitions. |
microcks |
customSecretRef |
Optional. Permit to use a secret (for exemple a keystore). Default is false (disabled). |
microcks |
logLevel |
Optional. Allows to tune the verbosity level of logs. Default is INFO You can use DEBUG for more verbosity or WARN for less. |
microcks |
mockInvocationStats |
Optional. Allows to disable invocation stats on mocks. Default is true (enabled). |
microcks |
openshift |
Optional. Allows to tune some OpenShift specific resources. See OpenShift specific tuning below. |
postman |
replicas |
Optional. The number of replicas for the Microcks Postman pod. Default is 1 . |
keycloak |
install |
Optional. Flag for Keycloak installation. Default is true . Set to false if you want to reuse an existing Keycloak instance. |
keycloak |
image |
Optional. The reference of container image used. Operator comes with its default version. |
keycloak |
realm |
Optional. Name of Keycloak realm to use. Should be setup only if install is false and you want to reuse an existing realm. Default is microcks . |
keycloak |
persistent |
Optional. Flag for Keycloak persistence. Default is true . Set to false if you want an ephemeral Keycloak installation. |
keycloak |
volumeSize |
Optional. Size of persistent volume claim for Keycloak. Default is 1Gi . Not used if not persistent install asked. |
keycloak |
storageClassName |
Optional. The cluster storage class to use for persistent volume claim. If not specified, we rely on cluster default storage class. |
keycloak |
postgresImage |
Optional. The reference of container image used. Operator comes with its default version. |
keycloak |
url |
Mandatory on Kube if keycloak.install==false, Optional otherwise. The URL of Keycloak install - indeed just the hostname + port part - if it already exists on the one used for exposing Keycloak Ingress . If missing on OpenShift, default URL schema handled by Router is used. |
keycloak |
privateUrl |
Optional but recommended. A private URL - a full URL here - used by the Microcks component to internally join Keycloak. This is also known as backendUrl in Keycloak doc. When specified, the keycloak.url is used as frontendUrl in Keycloak terms. |
keycloak |
ingressSecretRef |
Optional on Kube, not used on OpenShift. The name of a TLS Secret for securing Ingress . If missing on Kubernetes, self-signed certificate is generated. |
keycloak |
ingressAnnotations |
Optional. Some custom annotations to add on Ingress or OpenShift Route . If these annotations are triggering a Certificate generation (for example through https://cert-manager.io/ or https://github.com/redhat-cop/cert-utils-operator), the generateCert property should be set to false on Kube. |
keycloak |
generateCert |
Optional on Kube, not used on OpenShift. Whether to generate self-signed certificate or not if no valid ingressSecretRef provided. Default is true |
keycloak |
replicas |
Optional. The number of replicas for the Keycloak pod if install is required. Default is 1 . Operator do not manage any other value for now |
keycloak |
resources |
Optional. Some resources constraints to apply on Keycloak pods. This should be expressed using Kubernetes syntax. |
keycloak |
openshift |
Optional. Allows to tune some OpenShift specific resources. See OpenShift specific tuning below. |
mongodb |
install |
Optional. Flag for MongoDB installation. Default is true . Set to false if you want to reuse an existing MongoDB instance. |
mongodb |
image |
Optional. The reference of container image used. Operator comes with its default version. |
mongodb |
uri |
Optional. MongoDB URI in case you're reusing existing MongoDB instance. Mandatory if install is false |
mongodb |
uriParameters |
Optional. Allows you to add parameters to the MongoDB URI connection string. |
mongodb |
database |
Optional. MongoDB database name in case you're reusing existing MongoDB instance. Useful if install is false . Default to sampledb |
mongodb |
secretRef |
Optional. Reference of a Secret containing credentials for connecting a provided MongoDB instance. Mandatory if install is false |
mongodb |
persistent |
Optional. Flag for MongoDB persistence. Default is true . Set to false if you want an ephemeral MongoDB installation. |
mongodb |
volumeSize |
Optional. Size of persistent volume claim for MongoDB. Default is 2Gi . Not used if not persistent install asked. |
mongodb |
storageClassName |
Optional. The cluster storage class to use for persistent volume claim. If not specified, we rely on cluster default storage class. |
mongodb |
replicas |
Optional. The number of replicas for the MongoDB pod if install is required. Default is 1 . Operator do not manage any other value for now |
mongodb |
resources |
Optional. Some resources constraints to apply on MongoDB pods. This should be expressed using Kubernetes syntax. |
features |
repositoryFilter |
Optional. Feature allowing to filter API and services on main page. Must be explicitly enabled . See Organizing repository for more informations |
features |
repositoryTenancy |
Optional. Feature allowing to segment and delegate API and services management according the repositoryFilter master criteria. Must be explicitly enabled . See Organizing repository for more informations |
features |
microcksHub.enabled |
Optional. Feature allowing to directly import mocks coming from hub.microcks.io marketplace. Default is true . See Micorkcs Hub for more information. |
features |
async |
Optional. Feature allowing to activate mocking of Async API on a message broker. Must be explicitly enabled . See this sample for full informations |
features |
async.env |
Optional. Some environment variables to add on async-minion container. This should be expressed using Kubernetes syntax. |
features |
aiCopilot |
Optional. Feature allowing to activate AI Copilot. Must be explicitly enabled . Default is false . |
The openshift
object that you may find within different components properties allow the tuning of some OpenShift specific resources.
Especially, the route
section in this object allows tuning of OpenShift Routes
as described in the API specification if you don't want to rely on the default TLS settings for the OpenShift router/ingress controller. Check Secured routes for explanations on that topic.
Section | Property | Description |
---|---|---|
route |
type |
Optional. Allows to specify the TLS termination type of the Route. Allowed values are reencrypt , passthrough and edge that is the default. |
route |
key |
Optional. Allows to specify the private Key file for TLS. PEM format should be used. |
route |
certificate |
Optional. Allows to specify the certificate for TLS. PEM format should be used. |
route |
caCertificate |
Optional. Allows to specify the CA certificate for TLS. PEM format should be used. |
route |
destinationCACertificate |
Optional. Allows to specify the destination CA certificate for TLS. PEM format should be used. |
Here are below the configuration properties of the AI Copilot feature:
Section | Property | Description |
---|---|---|
features.aiCopilot |
enabled |
Optional. Flag for enabling the feature. Default is false . Set to true to activate. |
features.aiCopilot |
implementation |
Optional. Allow to choose an AI service implementation. Default is openai and its the only supported value at the moment. |
features.aiCopilot.openai |
apiKey |
Madantory when enabled. Put here your OpenAI API key. |
features.aiCopilot.openai |
timeout |
Optional. Allow the customization of the timeout when requesting OpenAI. Default to 20 seconds. |
features.aiCopilot.openai |
model |
Optional. Allow the customization of the OpenAI model to use. Default may vary from one Microcks version to another. |
features.aiCopilot.openai |
maxTokens |
Optional. Allow the customization of the maximum number of tokens that may be exchanged by OpenAI services. Default to 2000 tokens? |
Here are below the configuration properties of the Kafka support features:
Section | Property | Description |
---|---|---|
features.async.kafka |
install |
Optional. Flag for Kafka installation. Default is true and required Strimzi Operator to be setup. Set to false if you want to reuse an existing Kafka instance. |
features.async.kafka |
useStrimziBeta1 |
Optional. Since version 1.3.0 we're using Beta2 version of Strimzi. Default is false . Set this flag to true if you still using older version of Strimzi that provides Beta1 custom resources. |
features.async.kafka |
url |
Optional. The URL of Kafka broker if it already exists or the one used for exposing Kafka Ingress when we install it. In this later case, it should only be the subdomain part (eg: apps.example.com ). |
features.async.kafka |
ingressClassName |
Optional. The ingress class to use for exposing broker to the outer world when installing it. Default is nginx . |
features.async.kafka |
persistent |
Optional. Flag for Kafka persistence. Default is false . Set to true if you want a persistent Kafka installation. |
features.async.kafka |
volumeSize |
Optional. Size of persistent volume claim for Kafka. Default is 2Gi . Not used if not persistent install asked. |
features.async.kafka.schemaRegistry |
url |
Optional. The API URL of a Kafka Schema Registry. Used for Avro based serialization |
features.async.kafka.schemaRegistry |
confluent |
Optional. Flag for indicating that registry is a Confluent one, or using a Confluent compatibility mode. Default to true |
features.async.kafka.schemaRegistry |
username |
Optional. Username for connecting to the specified Schema registry. Default to `` |
features.async.kafka.schemaRegistry |
credentialsSource |
Optional. Source of the credentials for connecting to the specified Schema registry. Default to USER_INFO |
features.async.kafka.authentication |
type |
Optional. The type of authentication for connecting to a pre-existing Kafka broker. Supports SSL or SASL_SSL . Default to none |
features.async.kafka.authentication |
truststoreType |
Optional. For TLS transport, you'll probably need a truststore to hold your cluster certificate. Default to PKCS12 |
features.async.kafka.authentication |
truststoreSecretRef |
Optional. For TLS transport, the reference of a Secret holding truststore and its password. Set secret , storeKey and passwordKey properties |
features.async.kafka.authentication |
keystoreType |
Optional. In case of SSL type, you'll also need a keystore to hold your user private key for mutual TLS authentication. Default to PKCS12 |
features.async.kafka.authentication |
keystoreSecretRef |
Optional. For mutual TLS authentication, the reference of a Secret holding keystore and its password. Set secret , storeKey and passwordKey properties |
features.async.kafka.authentication |
saslMechanism |
Optional. For SASL authentication, you'll have to specify an additional authentication mechanism such as SCRAM-SHA-512 |
features.async.kafka.authentication |
saslJaasConfig |
Optional. For SASL authentication, you'll have to specify a JAAS configuration line with login module, username and password. |
features.async.kafka.authentication |
saslLoginCallbackHandlerClass |
Optional. For SASL authentication, you may want to provide a Login Callback Handler implementations. This implementation may be provided by extending the main and async-minion images and adding your own libs. |
Here are below the configuration properties of the MQTT support features:
Section | Property | Description |
---|---|---|
features.async.mqtt |
url |
Optional. The URL of MQTT broker (eg: my-mqtt-broker.example.com:1883 ). Default is undefined which means that feature is disabled. |
features.async.mqtt |
username |
Optional. The username to use for connecting to secured MQTT broker. Default to microcks . |
features.async.mqtt |
password |
Optional. The password to use for connecting to secured MQTT broker. Default to microcks . |
Here are below the configuration properties of the WebSocket support feature:
Section | Property | Description |
---|---|---|
features.async.ws |
ingressSecretRef |
Optional. The name of a TLS Secret for securing WebSocket Ingress . If missing, self-signed certificate is generated. |
features.async.ws |
ingressAnnotations |
Optional. A map of annotations that will be added to the Ingress or OpenShift Route for Microcks WebSocket mocks. If these annotations are triggering a Certificate generation (for example through https://cert-manager.io/ or https://github.com/redhat-cop/cert-utils-operator), the generateCert property should be set to false on Kube. |
features.async.ws |
generateCert |
Optional. Whether to generate self-signed certificate or not if no valid ingressSecretRef provided. Default is true |
features.async.ws |
openshift |
Optional. Allows to tune some OpenShift specific resources. See OpenShift specific tuning above. |
Here are below the configuration properties of the AMQP 0.9.1 support feature:
Section | Property | Description |
---|---|---|
features.async.amqp |
url |
Optional. The URL of AMQP/RabbitMQ broker (eg: my-amqp-broker.example.com:5672 ). Default is undefined which means that feature is disabled. |
features.async.amqp |
username |
Optional. The username to use for connecting to secured AMQP broker. Default to microcks . |
features.async.amqp |
password |
Optional. The password to use for connecting to secured AMQP broker. Default to microcks . |
Here are below the configuration properties of the NATS support feature:
Section | Property | Description |
---|---|---|
features.async.nats |
url |
Optional. The URL of NATS broker (eg: my-nats-broker.example.com:4222 ). Default is undefined which means that feature is disabled. |
features.async.nats |
username |
Optional. The username to use for connecting to secured NATS broker. Default to microcks . |
features.async.nats |
password |
Optional. The password to use for connecting to secured NATS broker. Default to microcks . |
Here are below the configuration properties of the Google PubSub support feature:
Section | Property | Description |
---|---|---|
features.async.googlepubsub |
project |
Optional. The GCP project id of PubSub (eg: my-gcp-project-347219 ). Default is undefined which means that feature is disabled. |
features.async.googlepubsub |
serviceAccountSecretRef |
Optional. The name of a Generic Secret holding Service Account JSON credentiels. Set secret and fileKey properties. |
Here are below the configuration properties of the Amazon SQS support feature:
Section | Property | Description |
---|---|---|
features.async.sqs |
region |
Optional. The AWS region for connecting SQS service (eg: eu-west-3 ). Default is undefined which means that feature is disabled. |
features.async.sqs |
credentialsType |
Optional. The type of credentials we use for authentication. 2 options here env-variable or profile . Default to env-variable . |
features.async.sqs |
credentialsProfile |
Optional. When using profile authent, name of profile to use for authenticating to SQS. This profile should be present into a credentials file mounted from a Secret (see below). Default to microcks-sqs-admin . |
features.async.sqs |
credentialsSecretRef |
Optional. The name of a Generic Secret holding either environment variables (set secret and accessKeyIdKey , secretAccessKeyKey and optional sessionTokenKey properties) or an AWS credentials file with referenced profile (set secret and fileKey properties). |
features.async.sqs |
endpointOverride |
Optional. The AWS endpoint URI used for API calls. Handy for using SQS via LocalStack. |
Here are below the configuration properties of the Amazon SNS support feature:
Section | Property | Description |
---|---|---|
features.async.sns |
region |
Optional. The AWS region for connecting SNS service (eg: eu-west-3 ). Default is undefined which means that feature is disabled. |
features.async.sns |
credentialsType |
Optional. The type of credentials we use for authentication. 2 options here env-variable or profile . Default to env-variable . |
features.async.sns |
credentialsProfile |
Optional. When using profile authent, name of profile to use for authenticating to SNS. This profile should be present into a credentials file mounted from a Secret (see below). Default to microcks-sns-admin . |
features.async.sns |
credentialsSecretRef |
Optional. The name of a Generic Secret holding either environment variables (set secret and accessKeyIdKey , secretAccessKeyKey and optional sessionTokenKey properties) or an AWS credentials file with referenced profile (set secret and fileKey properties). |
features.async.sns |
endpointOverride |
Optional. The AWS endpoint URI used for API calls. Handy for using SNS via LocalStack. |
Note: Enabling both SQS and SNS features and using
env-variable
credentials type for both, may lead to collision as both clients rely on the same environment variables. So you have to specifycredentialsSecretRef
on only one of those two services and be sure that the access key and secret access key mounted refers to a IAM account having write access to both services.
The /deploy/samples
folder contain sample MicrocksInstall
resource allowing you to check the configuration for different setup options.
-
openshift-minimal.yaml illustrates a simple CR for starting a Microcks installation on OpenShift with most common options
-
minikube-minimal.yaml illustrates a simple CR for starting a Microcks installation on vanilla Kubernetes with most common options
-
openshift-no-mongo.yaml illustrates how to reuse an existing MongoDB database, retrieving the credential for connecting from a pre-existing
Secret
-
minikube-custom-tls.yaml illustrates how to reuse existing
Secrets
to retrieve TLS certificates that will be used to secure the exposedIngresses
-
minikube-annotations.yaml illustrates how to specify annotations that will be placed on exposed
Ingresses
. Such annotations can - for example - trigger some certificates generation using Cert Manager -
openshift-features.yaml illustrates how to enable optional features like repository filtering or asynchronous mocking on an OpenShift cluster
-
minikube-features.yaml illustrates how to enable optional features like repository filtering or asynchronous mocking on a vanilla Kubernetes cluster
-
openshift-features-mqtt.yaml illustrates how to connect a MQTT broker to realize asynchronous mocking and testing of MQTT messages
-
openshift-features-ext-sso.yaml illustrates how to not deploy Keycloak and reuse an existing instance
-
openshift-features-ext-kafka.yaml illustrates how to not deploy a Kafka broker and reuse an existing instance
-
openshift-features-apicurio-registry.yaml illustrates how to configure mocking of Apache Kafka using a schema registry
Obviously, you can combine all of them together to enable any options 😉
You can build the Operator locally using docker build
command from root folder like below:
$ docker build -f build/Dockerfile -t quay.io/microcks/microcks-ansible-operator:latest .
Sending build context to Docker daemon 830kB
Step 1/11 : FROM quay.io/operator-framework/ansible-operator:v0.16.0
---> 19ba5006a265
Step 2/11 : USER root
---> Using cache
---> 02226b2f2469
Step 3/11 : RUN yum clean all && rm -rf /var/cache/yum/* && yum install -y openssl
---> Using cache
---> 66821ee710bf
Step 4/11 : USER 1001
---> Using cache
---> e834d11a5146
Step 5/11 : COPY requirements.yml ${HOME}/requirements.yml
---> Using cache
---> a30f7e13eb23
Step 6/11 : RUN ansible-galaxy collection install -r ${HOME}/requirements.yml && chmod -R ug+rwx ${HOME}/.ansible
---> Using cache
---> f2da6036c197
Step 7/11 : COPY k8s/ ${HOME}/k8s/
---> 7751789e30be
Step 8/11 : COPY roles/ ${HOME}/roles/
---> ae0b2c73e730
Step 9/11 : COPY watches.yaml ${HOME}/watches.yaml
---> 062c84d985c6
Step 10/11 : COPY playbook.yml ${HOME}/playbook.yml
---> a8c0505e65b7
Step 11/11 : COPY ansible.cfg /etc/ansible/ansible.cfg
---> 7de212ab7289
Successfully built 7de212ab7289
Successfully tagged quay.io/microcks/microcks-ansible-operator:latest
This Operator has been developed and tested using operator-sdk v0.16.0
and ansible 2.11.6
$ operator-sdk version
operator-sdk version: "v0.16.0", commit: "55f1446c5f472e7d8e308dcdf36d0d7fc44fc4fd", go version: "go1.14 darwin/amd64"
$ ansible --version
ansible [core 2.11.6]
config file = /Users/lbroudou/Development/github/microcks-ansible-operator/ansible.cfg
configured module search path = ['/Users/lbroudou/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/Cellar/ansible/4.8.0/libexec/lib/python3.10/site-packages/ansible
ansible collection location = /Users/lbroudou/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.10.0 (default, Oct 13 2021, 06:45:00) [Clang 13.0.0 (clang-1300.0.29.3)]
jinja version = 3.0.2
libyaml = True
$ ansible-playbook --version
ansible-playbook [core 2.11.6]
config file = /Users/lbroudou/Development/github/microcks-ansible-operator/ansible.cfg
configured module search path = ['/Users/lbroudou/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/Cellar/ansible/4.8.0/libexec/lib/python3.10/site-packages/ansible
ansible collection location = /Users/lbroudou/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible-playbook
python version = 3.10.0 (default, Oct 13 2021, 06:45:00) [Clang 13.0.0 (clang-1300.0.29.3)]
jinja version = 3.0.2
libyaml = True
Ansible-playbook is convenient for testing of Jinja formatting using the test.yaml
file at the root for this repo. You can quickly check templating results setting the right vars
and debugging the target test
var with following command:
$ ansible-playbook test.yaml -vvv | sed -e 's/\\n/'$'\\\n/g'
Ansible-runner module is required for local execution, connected to local or remote Kubernetes cluster. You can install and set it up with following commands:
$ /usr/local/Cellar/ansible/2.9.1/libexec/bin/pip install ansible-runner-http openshift
[...]
$ ln -s /usr/local/Cellar/ansible/2.9.1/libexec/bin/ansible-runner /usr/local/bin/ansible-runner
$ ansible-runner --version
1.4.5
Once done, local tests are possible using the following command:
$ operator-sdk run --local
INFO[0000] Running the operator locally in namespace microcks.
{"level":"info","ts":1585060926.0604842,"logger":"cmd","msg":"Go Version: go1.14"}
{"level":"info","ts":1585060926.060529,"logger":"cmd","msg":"Go OS/Arch: darwin/amd64"}
{"level":"info","ts":1585060926.060534,"logger":"cmd","msg":"Version of operator-sdk: v0.16.0"}
{"level":"info","ts":1585060926.063453,"logger":"cmd","msg":"Watching single namespace.","Namespace":"microcks"}
{"level":"info","ts":1585060928.423823,"logger":"controller-runtime.metrics","msg":"metrics server is starting to listen","addr":"0.0.0.0:8383"}
{"level":"info","ts":1585060928.424896,"logger":"watches","msg":"Environment variable not set; using default value","envVar":"WORKER_MICROCKSINSTALL_MICROCKS_GITHUB_IO","default":1}
{"level":"info","ts":1585060928.4249249,"logger":"watches","msg":"Environment variable not set; using default value","envVar":"ANSIBLE_VERBOSITY_MICROCKSINSTALL_MICROCKS_GITHUB_IO","default":2}
{"level":"info","ts":1585060928.42496,"logger":"cmd","msg":"Environment variable not set; using default value","Namespace":"microcks","envVar":"ANSIBLE_DEBUG_LOGS","ANSIBLE_DEBUG_LOGS":false}
{"level":"info","ts":1585060928.424971,"logger":"ansible-controller","msg":"Watching resource","Options.Group":"microcks.github.io","Options.Version":"v1alpha1","Options.Kind":"MicrocksInstall"}
{"level":"info","ts":1585060928.4250722,"logger":"leader","msg":"Trying to become the leader."}
{"level":"info","ts":1585060928.425101,"logger":"leader","msg":"Skipping leader election; not running in a cluster."}
{"level":"info","ts":1585060932.8614569,"logger":"metrics","msg":"Skipping metrics Service creation; not running in a cluster."}
{"level":"info","ts":1585060935.078951,"logger":"proxy","msg":"Starting to serve","Address":"127.0.0.1:8888"}
{"level":"info","ts":1585060935.079112,"logger":"controller-runtime.manager","msg":"starting metrics server","path":"/metrics"}
{"level":"info","ts":1585060935.079189,"logger":"controller-runtime.controller","msg":"Starting EventSource","controller":"microcksinstall-controller","source":"kind source: microcks.github.io/v1alpha1, Kind=MicrocksInstall"}
{"level":"info","ts":1585060935.183991,"logger":"controller-runtime.controller","msg":"Starting Controller","controller":"microcksinstall-controller"}
{"level":"info","ts":1585060935.184026,"logger":"controller-runtime.controller","msg":"Starting workers","controller":"microcksinstall-controller","worker count":1}
{"level":"info","ts":1585060938.4777331,"logger":"proxy","msg":"Skipping cache lookup","resource":{"IsResourceRequest":false,"Path":"/version","Verb":"get","APIPrefix":"","APIGroup":"","APIVersion":"","Namespace":"","Resource":"","Subresource":"","Name":"","Parts":null}}
{"level":"info","ts":1585060938.5031219,"logger":"proxy","msg":"Skipping cache lookup","resource":{"IsResourceRequest":false,"Path":"/version/openshift","Verb":"get","APIPrefix":"","APIGroup":"","APIVersion":"","Namespace":"","Resource":"","Subresource":"","Name":"","Parts":null}}
{"level":"info","ts":1585060938.522412,"logger":"proxy","msg":"Skipping cache lookup","resource":{"IsResourceRequest":false,"Path":"/apis","Verb":"get","APIPrefix":"","APIGroup":"","APIVersion":"","Namespace":"","Resource":"","Subresource":"","Name":"","Parts":null}}
{"level":"info","ts":1585060938.5421581,"logger":"proxy","msg":"Skipping cache lookup","resource":{"IsResourceRequest":false,"Path":"/apis","Verb":"get","APIPrefix":"","APIGroup":"","APIVersion":"","Namespace":"","Resource":"","Subresource":"","Name":"","Parts":null}}
{"level":"info","ts":1585060938.587947,"logger":"logging_event_handler","msg":"[playbook task]","name":"microcks","namespace":"microcks","gvk":"microcks.github.io/v1alpha1, Kind=MicrocksInstall","event_type":"playbook_on_task_start","job":"3916589616287113937","EventData.Name":"microcks : Get an existing MongoDB Secret"}
--------------------------- Ansible Task StdOut -------------------------------
TASK [microcks : Get an existing MongoDB Secret] *******************************
task path: /Users/lbroudou/Development/github/microcks-ansible-operator/roles/microcks/tasks/main.yml:12
-------------------------------------------------------------------------------
[...]
We're using the Kuttl tooling for automated end-to-end tests of this operator. Using a running Minikube instance locally (or other flavour), you can just launch following command to run e2e tests:
$ kubectl kuttl test --start-kind=false --manifest-dir=./tests/manifests ./tests/e2e
2022/01/01 20:40:19 running without a 'kuttl-test.yaml' configuration
2022/01/01 20:40:19 kutt-test config testdirs is overridden with args: [ ./tests/e2e ]
=== RUN kuttl
harness.go:457: starting setup
harness.go:248: running tests using configured kubeconfig.
harness.go:285: Successful connection to cluster at: https://192.168.64.11:8443
2022/01/01 20:40:20 Namespace:/microcks created
2022/01/01 20:40:20 CustomResourceDefinition:/microcksinstalls.microcks.github.io updated
2022/01/01 20:40:20 Role:microcks/microcks-ansible-operator created
2022/01/01 20:40:20 ServiceAccount:microcks/microcks-ansible-operator created
2022/01/01 20:40:20 RoleBinding:microcks/microcks-ansible-operator created
2022/01/01 20:40:20 Deployment:microcks/microcks-ansible-operator created
harness.go:353: running tests
harness.go:74: going to run test suite with timeout of 30 seconds for each step
harness.go:365: testsuite: ./tests/e2e has 1 tests
=== RUN kuttl/harness
=== RUN kuttl/harness/basic-crd
=== PAUSE kuttl/harness/basic-crd
=== CONT kuttl/harness/basic-crd
logger.go:42: 20:40:20 | basic-crd | Creating namespace: kuttl-test-saved-robin
logger.go:42: 20:40:20 | basic-crd/0-basic-crd | starting test step 0-basic-crd
logger.go:42: 20:40:20 | basic-crd/0-basic-crd | MicrocksInstall:microcks/microcks created
logger.go:42: 20:40:25 | basic-crd/0-basic-crd | test step completed 0-basic-crd
logger.go:42: 20:40:25 | basic-crd/1- | starting test step 1-
logger.go:42: 20:40:42 | basic-crd/1- | test step completed 1-
logger.go:42: 20:40:42 | basic-crd/2- | starting test step 2-
logger.go:42: 20:40:42 | basic-crd/2- | test step completed 2-
logger.go:42: 20:40:42 | basic-crd/3- | starting test step 3-
logger.go:42: 20:41:11 | basic-crd/3- | test step completed 3-
logger.go:42: 20:41:11 | basic-crd/4- | starting test step 4-
logger.go:42: 20:41:27 | basic-crd/4- | test step completed 4-
Warning: events.k8s.io/v1beta1 Event is deprecated in v1.22+, unavailable in v1.25+
logger.go:42: 20:41:27 | basic-crd | basic-crd events from ns kuttl-test-saved-robin:
logger.go:42: 20:41:27 | basic-crd | Deleting namespace: kuttl-test-saved-robin
=== CONT kuttl
harness.go:399: run tests finished
harness.go:508: cleaning up
harness.go:563: removing temp folder: ""
--- PASS: kuttl (68.14s)
--- PASS: kuttl/harness (0.00s)
--- PASS: kuttl/harness/basic-crd (67.76s)
PASS