shell-operator icon indicating copy to clipboard operation
shell-operator copied to clipboard

Published 20 hours ago verified publisher icon flant

[Proposal] Lazy quickstart guide

Open mac2000 opened this issue 4 years ago • 6 comments
trafficstars

Seems like quickstart is not really so quick, we need to do so many things, especially those about docker registries and so on

Will be so nice to have something like this one:

oper.yml

---
apiVersion: v1
kind: Namespace
metadata:
  name: oper
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: oper
  namespace: oper
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: oper
  namespace: oper
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: oper
  namespace: oper
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: oper
subjects:
- kind: ServiceAccount
  name: oper
  namespace: oper
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: oper
  namespace: oper
data:
  oper.sh: |
    #!/usr/bin/env bash

    if [[ $1 == "--config" ]]
    then
      echo '
      configVersion: v1
      kubernetes:
      - apiVersion: v1
        kind: Pod
        executeHookOnEvent: ["Added"]
      '
    else
      podName=$(jq -r .[0].object.metadata.name $BINDING_CONTEXT_PATH)
      echo "Pod '${podName}' added"
    fi    
---
apiVersion: v1
kind: Pod
metadata:
  name: oper
  namespace: oper
spec:
  serviceAccountName: oper
  volumes:
  - name: oper
    configMap:
      name: oper
      defaultMode: 0755
  containers:
  - name: oper
    image: flant/shell-operator:latest
    imagePullPolicy: IfNotPresent
    volumeMounts:
    - name: oper
      subPath: oper.sh
      mountPath: /hooks/oper.sh

with such an example, all we needed to do is:

kubectl apply -f oper.yml
kubectl -n oper logs oper -f
kubectl delete -f oper.yml

mac2000 avatar Jul 03 '21 07:07 mac2000

But is it possible that in 2023 I still have to install shell-operator in this way?

mimmus avatar Oct 23 '23 09:10 mimmus

@mimmus could you elaborate more? How do you want to deploy your shell operator instances?

nabokihms avatar Oct 23 '23 10:10 nabokihms

I apologize for the short comment. I'd like to deploy it at least as a Deployment, not as a pod without any control, possibly as a Helm chart, with possibility to specify hooks as values, not embedding them in the Docker image

mimmus avatar Oct 23 '23 10:10 mimmus

but thats only a blue print, aka no one expects you to deploy it as a pod 🤔

the goal of this example was to have it up and running without bothering of dedicated pipeline to build and host docker image somewhere

you definitely can do it with helm, kustomize, whatever else you want, aka just for inspiration, here is an snippet for terraform:

resource "kubernetes_service_account_v1" "ingress-dns-operator" {
  metadata {
    name      = "ingress-dns-operator"
    namespace = var.namespace
  }
}

resource "kubernetes_cluster_role_binding_v1" "ingress-dns-operator" {
  metadata {
    name = "ingress-dns-operator"
  }
  role_ref {
    api_group = "rbac.authorization.k8s.io"
    kind      = "ClusterRole"
    name      = "cluster-admin"
  }
  subject {
    kind      = "ServiceAccount"
    name      = "ingress-dns-operator"
    namespace = var.namespace
  }
}

resource "kubernetes_config_map_v1" "ingress-dns-operator" {
  metadata {
    name      = "ingress-dns-operator"
    namespace = var.namespace
  }
  data = {
    "hook.sh" = file("vpn.sh")
  }
}

resource "kubernetes_deployment_v1" "ingress-dns-operator" {
  metadata {
    name      = "ingress-dns-operator"
    namespace = var.namespace
    labels = {
      app = "ingress-dns-operator"
    }
  }
  spec {
    revision_history_limit = 1
    selector {
      match_labels = {
        app = "ingress-dns-operator"
      }
    }
    template {
      metadata {
        labels = {
          app = "ingress-dns-operator"
        }
        annotations = {
          "prometheus.io/scrape" = "true"
          "checksum/hook"        = filesha256("vpn.sh")
        }
      }
      spec {
        service_account_name = "ingress-dns-operator"
        node_selector = {
          "kubernetes.io/os" = "linux"
        }
        volume {
          name = "ingress-dns-operator"
          config_map {
            name         = "ingress-dns-operator"
            default_mode = "0755"
          }
        }
        container {
          name              = "ingress-dns-operator"
          image             = "flant/shell-operator:latest"
          image_pull_policy = "IfNotPresent"
          port {
            container_port = 9115
          }
          resources {
            requests = {
              cpu    = "10m"
              memory = "100Mi"
            }
            limits = {
              cpu    = "500m"
              memory = "200Mi"
            }
          }
          volume_mount {
            name       = "ingress-dns-operator"
            mount_path = "/hooks/hook.sh"
            sub_path   = "hook.sh"
          }
        }
      }
    }
  }
}

the idea behind this proposal was to have something that may be copy pasted and deployed immediately, original docs at that time was asking you to build an docker image, then publish it and only then play with actual deployment - aka to many steps for quick start

mac2000 avatar Oct 23 '23 10:10 mac2000

OK, thank you, Sorry for bothering

mimmus avatar Oct 23 '23 11:10 mimmus

Totally fine, you attracking the point it is still not clear/easy enough, probably thats why it is still open and why you have been asked about expected ways you would expect 👍

At the very end, so far it seems that possibilities of how this tool may be used are endless 💪

mac2000 avatar Oct 23 '23 11:10 mac2000