search

fusor / archived-ansibleapp-library

A collection of functional AnsibleApps
1 stars 4 forks source link

ansibleapp-<sample-project> needs to be created in advance #6

Open munchee13 opened 7 years ago

munchee13 commented 7 years ago

As referenced in the comments of this issue, it would be great to have the project be a parameter that is passed or at least have the project expect be created at instantiation.

jmontleon commented 7 years ago

parameterizing the namespace is pretty trivial. There's an example of that with the galera-ansibleapp. I think there @eriknelson mentioned that from the broker perspective there is an issue with tracking the uuid, however.

I was until recently using an old cdk environment based on kubernetes 1.2 and I did not have to pre-create projects before running ansibleapp. Using minishift based on kubernetes 1.4 I now do. I have both environments up still so maybe I can get to the bottom of what's different, if not a change in behavior between versions.

eriknelson commented 7 years ago

I was until recently using an old cdk environment based on kubernetes 1.2 and I did not have to pre-create projects before running ansibleapp. Using minishift based on kubernetes 1.4 I now do.

Good to know, explains why @munchee13 saw this crop up in his environment but we didn't have it show up in our dev envs. Thankfully we're moving to a more up to date environment this sprint to keep pace with ongoing upstream development.

Re: the broker, there are no blocking issues per se. It's our responsibility as a broker to accept and stow away an :instance_id from the Service Catalog (the source of truth) so that we're able to reference and perform whatever subsequent requests are made against that instance in the future. Naive example would be an :instance_id -> namespace lookup table so the ansibleapp can be told what namespace to delete on a deprovision at T+1. Obviously it's more complicated in practice, but it illustrates the point what I was trying to articulate during the review.

jmontleon commented 7 years ago

This may be a user permission. On minishift before running oadm policy add-cluster-role-to-user cluster-admin admin, which appears to reflect the much broader permissions the admin user on the cdk has, the project would not be created. After running it it does.

I'm not suggesting that the cluster-admin role be added to users of ansibleapps, of course, but maybe there is something more fine grained that can/needs to me modified in order for this to work properly.