How do I customize installation of packages and apps in OCM ?

[nasirudheen]

Hi ! I have one hub and a managed cluster and I am able to install packages on my managed cluster using subscription to github or helm repos. It is working fine. Now I have these questions,

1) How do I customize the installation of a helm package ? usually we pass parameters as arguments or supply a file with custom values as an argument with -f to the helm execution. How do we do something with ocm ? is there a way to pass arguments or a file with custom values ?

2) When we are using github subscription, is it possible to fetch certain values like secrets or values of environmental variables from the managed k8s cluster first and pass it to the deployment of application(s) ? I could see that Redhat Advanced Cluster Management supports Ansible pre hooks and post hooks as a TP which could probably be used for this. Does ocm have this feature yet? if so, any documentation or pointers in this regard ?

Both the Hub and Managed clusters are running vanilla Kubernetes 1.23.5 cluster deployed on top of Rocky Linux 8.5. Would be glad to provide any further details if that can help you to help me.

Thanks in advance !

[mikeshng]

Is there a way to pass arguments or a file with custom values ?

Yes, please see below for an example. Put all your custom values under values: https://github.com/open-cluster-management-io/multicloud-operators-subscription/blob/main/examples/helmrepo-channel/02-subscription.yaml#L10-L17

supports Ansible pre hooks and post hooks ...

It has the same support for Ansible pre/post hooks and works the same way as ACM. See https://github.com/open-cluster-management-io/multicloud-operators-subscription/tree/main/examples/ansible/appsub for example.

As for documentation, since this part of the integration is bit too specific product integration orientated. We haven't decide if we should present it up front to the community or keep it as a "hidden" feature. For now you can refer to the ACM doc for this part of the integration. It works the same way.

[nasirudheen]

Many thanks indeed for the prompt response and sorry for the delay in replying. I followed your suggestions and got the helm packages installed with custom values passed. Haven't completed the testing of Ansible prehooks and posthooks yet as I am facing some other issues. I am trying to deploy rook based ceph cluster by creating a channel, placement rule and subscription to the rook repository. When it is executing the common.yaml file located in the below URL, the deployment fails. https://raw.githubusercontent.com/rook/rook/master/deploy/examples/common.yaml

The error from the subscription operator is as follows,

 Invalid ClusterRole name 'psp:rook', a lowercase RFC 1123 subdomain must
    consist of lower case alphanumeric characters, '-' or '.', and must start and
    end with an alphanumeric character (e.g. 'example.com', regex used for validation
    is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')/n

The problematic name for the ClusterRole is psp:rook present in the common.yaml file. But when I deploy rook and execute kubectl create -f command manually, it gets deployed properly. Only when OCM is involved, it throws this error. Any suggestion in this regard ? P.S : please let me know if there is any files or information required to help me.

[mikeshng]

This looks like a bug we fixed before. Since you are pointing at a public repo, could you please share your subscription and channel yamls content? Please do redact any sensitive data you might have. Thanks.

FYI @rokej

[nasirudheen]

Thanks again for your support. Appreciate it !

channel,

kind: Channel
metadata:
  name: rook-ceph-ch
  namespace: rook-ceph
  annotations:
          apps.open-cluster-management.io/reconcile-rate: High
spec:
  pathname: 'https://github.com/nasirudheen/rook-deploy.git'
  type: Git

placement rule,

apiVersion: apps.open-cluster-management.io/v1
kind: PlacementRule
metadata:
  name: rook-ceph-pr
  namespace: rook-ceph
spec:
  clusterReplicas: 2 
status:
  decisions:
    - clusterName: XXXXX 

Suscription,

apiVersion: apps.open-cluster-management.io/v1
kind: Subscription
metadata:
  annotations:
    apps.open-cluster-management.io/github-branch: master
    apps.open-cluster-management.io/github-path: rook-basics
  name: rook-ceph-basics-sub
  namespace: rook-ceph
spec:
  channel: rook-ceph/rook-ceph-ch
  placement:
    placementRef:
      kind: PlacementRule
      name: rook-ceph-pr

The problematic part of the yaml file,

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: 'psp:rook'

The name psp:rook is causing the issue.

please let me know if you need any further input from my side to help me. Thanks.

[nasirudheen]

Wanted to add this too, When tried to use the examples for Ansible Prehooks and Posthooks, it was not working as expected and was throws the following error,

E0413 08:13:23.713220 1 mcmhub_controller.go:577] subscription-hub-reconciler/default/ansible-hook "msg"="failed to apply preHook, skip the subscription reconcile" "error"="failed to get job default/prehook-test-1-f2ca00, err: no matches for kind \"AnsibleJob\" in version \"tower.ansible.com/v1alpha1\""

What is missing here ? Thanks.

[mikeshng]

For pure upstream ansible integration, you will need the CRD and deployments from this project https://github.com/ansible/awx-resource-operator/tree/devel/config to get the AnsibleJob CR to work.

[mikeshng]

The problematic name for the ClusterRole is psp:rook present in the common.yaml file. But when I deploy rook and execute kubectl create -f command manually, it gets deployed properly. Only when OCM is involved, it throws this error. Any suggestion in this regard ? P.S : please let me know if there is any files or information required to help me.

This comment's issue regarding resource name has been addressed.