search

redhat-cop / namespace-configuration-operator

The namespace-configuration-operator helps keeping configurations related to Users, Groups and Namespaces aligned with one of more policies specified as a CRs
Apache License 2.0
204 stars 55 forks source link

disable userconfig and groupconfig controller when not running in OpenShift #39

Closed ichmachnixichgucknur closed 4 years ago

ichmachnixichgucknur commented 4 years ago

I am using namespace-configuration-operator on K8s (Rancher) and it does a great job. Now, I wanted to update because of huge memory consumption - above 11GB of RAM. So I wanted to test the latest image coming from quay.io and run into errors. Looks to me as if there are Openshift owned attributes missing?!

{"level":"info","ts":1588073119.4583592,"logger":"controller-runtime.controller","msg":"Starting workers","controller":"namespace-config-operator","worker count":1} {"level":"error","ts":1588073119.4582431,"logger":"controller-runtime.source","msg":"if kind is a CRD, it should be installed before calling Start","kind":"User.user.openshift.io","error":"no matches for kind \"User\" in version \"user.openshift.io/v1\"","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\t/home/travis/gopath/pkg/mod/github.com/go-logr/zapr@v0.1.1/zapr.go:128\nsigs.k8s.io/controller-runtime/pkg/source.(*Kind).Start\n\t/home/travis/gopath/pkg/mod/sigs.k8s.io/controller-runtime@v0.5.2/pkg/source/source.go:104\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func1\n\t/home/travis/gopath/pkg/mod/sigs.k8s.io/controller-runtime@v0.5.2/pkg/internal/controller/controller.go:165\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start\n\t/home/travis/gopath/pkg/mod/sigs.k8s.io/controller-runtime@v0.5.2/pkg/internal/controller/controller.go:198\nsigs.k8s.io/controller-runtime/pkg/manager.(*controllerManager).startLeaderElectionRunnables.func1\n\t/home/travis/gopath/pkg/mod/sigs.k8s.io/controller-runtime@v0.5.2/pkg/manager/internal.go:473"} {"level":"info","ts":1588073119.4587507,"logger":"controller-runtime.controller","msg":"Stopping workers","controller":"namespace-config-operator"} {"level":"error","ts":1588073119.4585698,"logger":"cmd","msg":"Manager exited non-zero","error":"no matches for kind \"User\" in version \"user.openshift.io/v1\"","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\t/home/travis/gopath/pkg/mod/github.com/go-logr/zapr@v0.1.1/zapr.go:128\nmain.main\n\t/home/travis/gopath/src/github.com/redhat-cop/namespace-configuration-operator/cmd/manager/main.go:169\nruntime.main\n\t/home/travis/.gimme/versions/go1.13.linux.amd64/src/runtime/proc.go:203"}

Are these errors because of the current development or is only openshift supported in newer versions?

raffaelespazzoli commented 4 years ago

some of the new features will work only in OCP, because kubernetes does not have the corresponding concepts. however I think it would be good to let at least the namespace configuration controller to keep working in kube.

raffaelespazzoli commented 4 years ago

@ichmachnixichgucknur this branch https://github.com/raffaelespazzoli/namespace-configuration-operator/tree/preparing-for-v0.2.0 has the fix to this problem. feel free to test it. I am currently not able to merge this branch yet for problems unrelated to this issue. So I'm just letting you know in case you are in a rush.

ichmachnixichgucknur commented 4 years ago

Sorry for reopening this. I tried 0.2.0 and it does not react on any change on namespaces. It comes up without any error, reads the configured CRs but does not do anything on them. Can I configure a debug mode to get more logging?

raffaelespazzoli commented 4 years ago

you can enable debug with this flag: --zap-level=debug did you convert your CR to the new format?

ichmachnixichgucknur commented 4 years ago

sorry, I did not get that change on the CR format. Now, I updated the CRs but the selector does not work. It just applies to all. Do you have any hint on that?

apiVersion: redhatcop.redhat.io/v1alpha1
kind: NamespaceConfig
metadata:
  name: nsconfig-pod-default
spec:
  selector:
    matchExpressions:
      - {key: meta.example.com/nsconfig-pod-profile, operator: NotIn, values: [medium,large,superlarge]}
      - {key: meta.example.com/namespace-name, operator: Exists}
  templates:
  - objectTemplate: |
      apiVersion: v1
      kind: LimitRange
      metadata:
        name: nsconfig-pod-default
        namespace: {{ .Name }}
      spec:
        limits:
          - type: "Pod"
            max:
              cpu: "1"
              memory: "1Gi"
              ephemeral-storage: "50Mi"
          - type: "Container"
            default:
              ephemeral-storage: "30Mi"
raffaelespazzoli commented 4 years ago

the selector field is called labelSelector not selector. now you can also use an annotationSelector if it's more convenient for you.

ichmachnixichgucknur commented 4 years ago

works - thanks!