101 lines
3.1 KiB
ReStructuredText
101 lines
3.1 KiB
ReStructuredText
Communishift
|
|
============
|
|
|
|
Purpose
|
|
-------
|
|
|
|
Investigate what is needed in order to run a community focused Openshift instance.
|
|
|
|
Identify possible bottlenecks, issues and whatever the CPE team needs to develop new
|
|
components/services for this new Openshift instance.
|
|
|
|
Resources
|
|
---------
|
|
|
|
- https://docs.openshift.com/dedicated/storage/persistent_storage/osd-persistent-storage-aws.html
|
|
- https://docs.openshift.com/container-platform/4.6/applications/quotas/quotas-setting-per-project.html
|
|
|
|
Investigation
|
|
-------------
|
|
|
|
The team discussed the following topics:
|
|
|
|
.. toctree::
|
|
:maxdepth: 1
|
|
|
|
authentication
|
|
resource-quota
|
|
storage
|
|
|
|
Conclusions
|
|
-----------
|
|
|
|
- The cluster can leverage EFS to provision volumes (using the AWS EFS operator from the
|
|
Operator Marketplace) and an extra ansible playbook to automate part of the process;
|
|
- Quotas can be enforced by creating an Openshift operator that watches all user
|
|
namespaces;
|
|
- Authentication groups can be automatically synched between FasJSON and Openshift with
|
|
a new Operator.
|
|
|
|
Proposed Roadmap
|
|
----------------
|
|
|
|
AWS EFS Ansible Playbook
|
|
~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
One needs to provide some AWS info when creating a volume using the EFS operator, sample
|
|
resource bellow:
|
|
|
|
.. code-block::
|
|
|
|
apiVersion: aws-efs.managed.openshift.io/v1alpha1
|
|
kind: SharedVolume
|
|
metadata:
|
|
name: sv1
|
|
namespace: default
|
|
spec:
|
|
accessPointID: fsap-0123456789abcdef
|
|
fileSystemID: fs-0123cdef
|
|
|
|
Both "accessPointID and fileSystemID" are generated by AWS with "accessPointID" being
|
|
generated for every PVC that gets provisioned in the cluster.
|
|
|
|
An ansible playbook comes into play to automate the process of creating an "accessPoint"
|
|
for a namespace whichs should be request in an infra ticket when requesting the creation
|
|
of a new namespace in the cluster.
|
|
|
|
Fedora Cloud Quota Operator
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
An operator can be created to ensure a namespace's resource quota.
|
|
|
|
The operator would watch for namespaces with specific tags/annotations (TBD) and apply
|
|
the required quotas in those namespaces.
|
|
|
|
The quotas themselves are applied by creating a `ResourceQuota` object in the namespace
|
|
is supposed to manage:
|
|
https://docs.openshift.com/container-platform/4.6/applications/quotas/quotas-setting-per-project.html.
|
|
|
|
Fedora FasJSON Sync Operator
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
An operator can be used to ensure FasJSON groups are synched with the cluster groups
|
|
used by Openshift roles.
|
|
|
|
This operator would retrieve a group(s) information every N seconds from FasJSON and
|
|
apply the changes in the cluster, ensuring syncrhonization between the two systems.
|
|
|
|
Food for thought: it would be interesting if FasJSON notifies group changes to
|
|
fedora-messaging.
|
|
|
|
Team and Skills
|
|
---------------
|
|
|
|
A team of three indivduals should be able to deliver the proposed roadmap in ~6 weeks (2
|
|
week sprint, a sprint per component) assuming the following technical skills:
|
|
|
|
- Kubernetes basic concepts/usage; * API or previous operator knowledge is a plus;
|
|
- Ansible basic usage; * AWS API knowledge is a plus.
|
|
|
|
It might be a good opportunity to learn about Kubernetes and Operator/Controller
|
|
development.
|