search

flant / shell-operator

Shell-operator is a tool for running event-driven scripts in a Kubernetes cluster
https://flant.github.io/shell-operator/
Apache License 2.0
2.43k stars 213 forks source link

[Proposal] Lazy quickstart guide #305

Open mac2000 opened 3 years ago

mac2000 commented 3 years ago

Seems like quickstart is not really so quick, we need to do so many things, especially those about docker registries and so on

Will be so nice to have something like this one:

oper.yml

---
apiVersion: v1
kind: Namespace
metadata:
  name: oper
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: oper
  namespace: oper
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: oper
  namespace: oper
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: oper
  namespace: oper
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: oper
subjects:
- kind: ServiceAccount
  name: oper
  namespace: oper
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: oper
  namespace: oper
data:
  oper.sh: |
    #!/usr/bin/env bash

    if [[ $1 == "--config" ]]
    then
      echo '
      configVersion: v1
      kubernetes:
      - apiVersion: v1
        kind: Pod
        executeHookOnEvent: ["Added"]
      '
    else
      podName=$(jq -r .[0].object.metadata.name $BINDING_CONTEXT_PATH)
      echo "Pod '${podName}' added"
    fi    
---
apiVersion: v1
kind: Pod
metadata:
  name: oper
  namespace: oper
spec:
  serviceAccountName: oper
  volumes:
  - name: oper
    configMap:
      name: oper
      defaultMode: 0755
  containers:
  - name: oper
    image: flant/shell-operator:latest
    imagePullPolicy: IfNotPresent
    volumeMounts:
    - name: oper
      subPath: oper.sh
      mountPath: /hooks/oper.sh

with such an example, all we needed to do is:

kubectl apply -f oper.yml
kubectl -n oper logs oper -f
kubectl delete -f oper.yml
mimmus commented 1 year ago

But is it possible that in 2023 I still have to install shell-operator in this way?

nabokihms commented 1 year ago

@mimmus could you elaborate more? How do you want to deploy your shell operator instances?

mimmus commented 1 year ago

I apologize for the short comment. I'd like to deploy it at least as a Deployment, not as a pod without any control, possibly as a Helm chart, with possibility to specify hooks as values, not embedding them in the Docker image

mac2000 commented 1 year ago

but thats only a blue print, aka no one expects you to deploy it as a pod 🤔

the goal of this example was to have it up and running without bothering of dedicated pipeline to build and host docker image somewhere

you definitely can do it with helm, kustomize, whatever else you want, aka just for inspiration, here is an snippet for terraform:

resource "kubernetes_service_account_v1" "ingress-dns-operator" {
  metadata {
    name      = "ingress-dns-operator"
    namespace = var.namespace
  }
}

resource "kubernetes_cluster_role_binding_v1" "ingress-dns-operator" {
  metadata {
    name = "ingress-dns-operator"
  }
  role_ref {
    api_group = "rbac.authorization.k8s.io"
    kind      = "ClusterRole"
    name      = "cluster-admin"
  }
  subject {
    kind      = "ServiceAccount"
    name      = "ingress-dns-operator"
    namespace = var.namespace
  }
}

resource "kubernetes_config_map_v1" "ingress-dns-operator" {
  metadata {
    name      = "ingress-dns-operator"
    namespace = var.namespace
  }
  data = {
    "hook.sh" = file("vpn.sh")
  }
}

resource "kubernetes_deployment_v1" "ingress-dns-operator" {
  metadata {
    name      = "ingress-dns-operator"
    namespace = var.namespace
    labels = {
      app = "ingress-dns-operator"
    }
  }
  spec {
    revision_history_limit = 1
    selector {
      match_labels = {
        app = "ingress-dns-operator"
      }
    }
    template {
      metadata {
        labels = {
          app = "ingress-dns-operator"
        }
        annotations = {
          "prometheus.io/scrape" = "true"
          "checksum/hook"        = filesha256("vpn.sh")
        }
      }
      spec {
        service_account_name = "ingress-dns-operator"
        node_selector = {
          "kubernetes.io/os" = "linux"
        }
        volume {
          name = "ingress-dns-operator"
          config_map {
            name         = "ingress-dns-operator"
            default_mode = "0755"
          }
        }
        container {
          name              = "ingress-dns-operator"
          image             = "flant/shell-operator:latest"
          image_pull_policy = "IfNotPresent"
          port {
            container_port = 9115
          }
          resources {
            requests = {
              cpu    = "10m"
              memory = "100Mi"
            }
            limits = {
              cpu    = "500m"
              memory = "200Mi"
            }
          }
          volume_mount {
            name       = "ingress-dns-operator"
            mount_path = "/hooks/hook.sh"
            sub_path   = "hook.sh"
          }
        }
      }
    }
  }
}

the idea behind this proposal was to have something that may be copy pasted and deployed immediately, original docs at that time was asking you to build an docker image, then publish it and only then play with actual deployment - aka to many steps for quick start

mimmus commented 1 year ago

OK, thank you, Sorry for bothering

mac2000 commented 1 year ago

Totally fine, you attracking the point it is still not clear/easy enough, probably thats why it is still open and why you have been asked about expected ways you would expect 👍

At the very end, so far it seems that possibilities of how this tool may be used are endless 💪