It isn't possible to customize OpenShift installer variables

openshift / cluster-operator

52 stars 35 forks source link

It isn't possible to customize OpenShift installer variables #340

Open jhernand opened 6 years ago

jhernand commented 6 years ago

In the application that we are building we want to give users the possibility to build different kinds of clusters, which are basically defined by sets of OpenShift installer variables. Lets say, for example, that we want to have a kind of cluster that has ansible_service_broker_install set to false. Is there any way to do that without modifying the code of the operator? As far as I can see there is a template hard-coded in the source, but no mechanism to replace it.

jhernand commented 6 years ago

CC: @kbsingh @zgalor @nimrodshn

dgoodwin commented 6 years ago

Is it something you want customers to have choice over? Or do you expect to set this for all clusters?

jhernand commented 6 years ago

We expect the customer to select a kind or flavour of cluster, that we associate with a collection of settings. For example, lets say that we define a regular kind and a _wihout_servicebroker kind. The customer will select one of those, and then we need to apply the corresponding settings.

dgoodwin commented 6 years ago

So for 4.0 this would probably boil down to sets of optional operators to get installed. We'll want to stay in touch on how you want this to work so we can ensure Hive will meet the need.

For 3.x and current CO you could perhaps shoehorn a list of flavors into an annotation on the cluster deployment, modify CO to interpret those and inject sets of ansible variables based on flavor.

aweiteka commented 6 years ago

My non-exhaustive list includes:

override default VPC CIDR block, e.g. 172.31.48.0/20
authentication config (github, google, oidc), includes secrets
EC2 AMI (e.g. ami-12345), instance type (e.g. m5.xlarge), region (e.g. us-east-2)
root user public key(s) for ssh access

cc @dak1n1 @blrm

dgoodwin commented 6 years ago

VPC CIDR block is not exposed in the API yet but it absolutely should be. This is one you should add to AWSClusterSpec and plumb through to the generate.go that makes the Ansible inventory.

Auth config is something that also should be in the ClusterDeployment. We planned to just directly re-use the Origin go auth struct.

AMI, instance type, and region should be controllable from the API today.

Root SSH keys should also be hooked up and working, you store them in a secret and associate it to the cluster deployment, they will be added to the AWS instance as a result.

jhernand commented 6 years ago

The support for customizing the AMI, the region and the SSH keys we are already using via the API, and works well.