Open bioinfornatics opened 2 years ago
bioinfornatics
commented
2 years ago currently my main issue come from config/certmanager/subscription.yaml
$ minikube kubectl -- create -f config/certmanager/subscription.yaml
error: resource mapping not found for name: "cert-manager" namespace: "openshift-operators" from "config/certmanager/subscription.yaml": no matches for kind "Subscription" in version "operators.coreos.com/v1alpha1"
ensure CRDs are installed first
frasertweedale
commented
2 years ago @bioinfornatics g'day. FYI this project is dormant. It may resume at a future time.
@avisiedo do you have any pointers about the cert-manager or docs you can point to?
bioinfornatics
commented
2 years ago @frasertweedale good day :-) ok I will try to use a standard deployment for freeipa. Anyway, below some extra command that was needs to do in my side to go further
Subcription kindminikube kubectl -- create -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.21.2/crd.yaml
minikube kubectl -- create -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.21.2/olm.yaml
minikube kubectl -- create -f config/certmanager/subscription.yaml
minikube kubectl -- wait Subscription/cert-manager -n openshift-operators --for=condition=CatalogSourcesUnhealthy=False
minikube kubectl -- create -f config/certmanager/clusterissuer-selfsigned.yamlpodman instead of dockerdiff --git a/Makefile b/Makefile
index b275728..b4db61d 100644
--- a/Makefile
+++ b/Makefile
@@ -51,6 +51,8 @@ else
GOBIN=$(shell go env GOBIN)
endif
+DOCKER ?= docker
+
# Setting SHELL to bash allows bash commands to be executed by recipes.
# This is a requirement for 'setup-envtest.sh' in the test target.
# Options are set to exit when a recipe line exits non-zero or a piped command fails.
@@ -112,11 +114,11 @@ run: manifests generate fmt vet ## Run a controller from your host (it requires
.PHONY: docker-build
docker-build: ## Build docker image with the manager.
- docker build -t ${IMG} .
+ $(DOCKER) build -t ${IMG} .
.PHONY: docker-push
docker-push: ## Push docker image with the manager.
- docker push ${IMG}
+ $(DOCKER) push ${IMG}
##@ Deploymentwhich allow to do make docker-build DOCKER=podman
The same idea to allow the use of kubectl instead of oc will be much appreciated
sudo bash -c '
GO_VERSION=1.18
GO_PRIORITY=11800
GODOC_VERSION="v0.1.11"
DELVE_VERSION="v1.7.1"
GOLINT_VERSION="master"
KUSTOMIZE_VERSION="v3.2.3"
export GOPATH="/opt/gotool/${GO_VERSION}/"
export GOBIN="/opt/gotool/${GO_VERSION}/bin/"
OPERATOR_SDK_VERSION=1.22.1
dnf install -y golang
mkdir -p "${GOBIN}"
curl -Lo${GOBIN}/ansible-operator https://github.com/operator-framework/operator-sdk/releases/download/v${OPERATOR_SDK_VERSION}/ansible-operator_linux_amd64
curl -Lo${GOBIN}/helm-operator https://github.com/operator-framework/operator-sdk/releases/download/v${OPERATOR_SDK_VERSION}/helm-operator_linux_amd64
curl -Lo${GOBIN}/operator-sdk https://github.com/operator-framework/operator-sdk/releases/download/v${OPERATOR_SDK_VERSION}/operator-sdk_linux_amd64
chmod +x /${GOBIN}/*
go install golang.org/x/exp/typeparams@latest && echo "Installed typeparams"
go install golang.org/x/tools/cmd/godoc@${GODOC_VERSION} && echo "Installed godoc"
go install github.com/go-delve/delve/cmd/dlv@${DELVE_VERSION} && echo "Installed dlv"
go install golang.org/x/lint/golint@${GOLINT_VERSION} && echo "Installed golint"
go install sigs.k8s.io/kustomize/kustomize/v3@${KUSTOMIZE_VERSION} && echo "Installed kustomize"
go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.7.0 && echo "Installed controller-gen"
update-alternatives --install /usr/local/bin/dlv gotool ${GOBIN}/dlv ${GO_PRIORITY} \
--slave /usr/local/bin/golint golint ${GOBIN}/golint \
--slave /usr/local/bin/kustomize kustomize ${GOBIN}/kustomize \
--slave /usr/local/bin/controller-gen controller-gen ${GOBIN}/controller-gen \
--slave /usr/local/bin/operator-sdk operator-sdk ${GOBIN}/operator-sdk ${OPERATOR_SDK_PRIORITY} \
--slave /usr/local/bin/ansible-operator ansible-operator ${GOBIN}/ansible-operator \
--slave /usr/local/bin/helm-operator helm-operator ${GOBIN}/helm-operator
'controller-genGO_VERSION=1.18
export GOPATH="/opt/gotool/${GO_VERSION}/"
export GOBIN="/opt/gotool/${GO_VERSION}/bin/"
make build CONTROLLER_GEN=${GOBIN}/controller-genI wish you a good day
avisiedo
commented
2 years ago @bioinfornatics Sorry for the delay, and thank you very much for your issue; the below could simplify olm installation by:
./bin/oprator-sdk olm installA few additional notes:
SecurityContextConstraint (https://docs.openshift.com/container-platform/4.10/authentication/managing-security-context-constraints.html) controller to manage it for instance, so the admission controller for it does not exist (anyway in a future it would be more restricted). OpenShift enables and configure selinux in all the nodes, which provides additional security and isolation for the workloads; just the most immediate that comes to my mind.make bundle-install you could need to use the variable WATCH_NAMESPACE pointing out to the current namespace; this is: make bundle-install WATCH_NAMESPACE="my-freeipa". The same to build all the necessary containers by make docker-build docker-push catalog-build catalog-push bundle-build bundle-push WATCH_NAMESPACE="my-freeipa".FATA[0001] Failed to run bundle: create catalog: error creating catalog source: namespaces "my-freeipa" not found that I have not found the way to solve it (the my-freeipa namespace exists, that is the weird thing).By the way as @frasertweedale said, this project is dormart and It may resume at a future time.
Hope this helps!
batistein
commented
2 years ago @avisiedo why is the project dormart? And wouldn't it be useful to update then the readme? I just came across this operator and would find it awesome if the development would continue!
frasertweedale
commented
2 years ago @batistein the reason is the combination of:
Yes, we should update the README to reflect this :)
bioinfornatics
commented
2 years ago Thanks @avisiedo @batistein @frasertweedale
NeverMore93
commented
1 year ago @bioinfornatics May I ask how you finally realized freeipa on k8s? Could you provide some documentation?
frasertweedale
commented
1 year ago @NeverMore93 we shelved the project. There are blockers in the Kube/OpenShift platform that prevented us running the container in the way we wanted. Never say never (these blockers are gradually being addressed), but since 1 year ago our team is working on other things.
batistein
commented
1 year ago we moved with authentik https://goauthentik.io/
Dear team, Firstly thanks for your amazing works. I am looking for a solution to get
freeipainside akubernetescluster, and it seems that your works fit our needs.So, After a look to the
Readme,./devel/install-local-tools.shand themakefile, it seems that the operator is designed to works with anOpenShiftserver.So here my question is it possible to use this operator on a managed (by a cloud provider)
kubernetescluster ? Thanks for your help.Ideally a
StatefulSets+Operatorsguide would be awesome.I wish you a great day.
Jonathan