= ocp-workload-user-quota-operator - Enable the User Quota Operator on OCP4
|
|
== Role overview
|
|
* This role enables the User Quota Operator on an OpenShift 4 Cluster. It consists of the following playbooks:
|
** Playbook: link:./tasks/pre_workload.yml[pre_workload.yml] - Sets up an
|
environment for the workload deployment.
|
*** Debug task will print out: `pre_workload Tasks completed successfully.`
|
|
** Playbook: link:./tasks/workload.yml[workload.yml] - Used to enable the User Quota Operator
|
*** Debug task will print out: `workload Tasks completed successfully.`
|
|
** Playbook: link:./tasks/post_workload.yml[post_workload.yml] - Used to
|
configure the workload after deployment
|
*** This role doesn't do anything here
|
*** Debug task will print out: `post_workload Tasks completed successfully.`
|
|
** Playbook: link:./tasks/remove_workload.yml[remove_workload.yml] - Used to
|
delete the workload
|
*** This role removes the user quota operator from OCP 4. It also removes all created cluster resource quotas
|
*** Debug task will print out: `remove_workload Tasks completed successfully.`
|
|
== Review the defaults variable file
|
|
* This file link:./defaults/main.yml[./defaults/main.yml] contains all the variables you need to define to control the deployment of your workload.
|
* The variable *ocp_username* is mandatory to assign the workload to the correct OpenShift user.
|
* A variable *silent=True* can be passed to suppress debug messages.
|
* You can modify any of these default values by adding `-e "variable_name=variable_value"` to the command line
|
|
== UserQuota Custom Resource
|
|
The operator uses a custom resource *UserQuota.gpte.opentlc.com/v1alpha1* to set the quota for all users in the cluster. This object is shaped after the *ClusterResourceQuota*. Everything under *.spec.quota* will be applied to the .spec.quota of the ClusterResourceQuota to be created.
|
|
The operator sets up the UserQuota listed below. It should be called `default` and can be edited after deployment. Any edit will apply the quota to all users within the operator reconciliation period which is set to 5 seconds.
|
|
Deleting the UserQuota object `default` will delete all ClusterResourceQuota objects that have been created because of the existence of the UserQuota object.
|
|
[source,yaml]
|
----
|
apiVersion: gpte.opentlc.com/v1alpha1
|
kind: UserQuota
|
metadata:
|
name: default
|
spec:
|
quota:
|
hard:
|
configmaps: "10"
|
limits.cpu: "10"
|
limits.memory: 20Gi
|
persistentvolumeclaims: "20"
|
pods: "20"
|
requests.cpu: "5"
|
requests.memory: 6Gi
|
requests.storage: 50Gi
|
secrets: "150"
|
services: "30"
|
----
|
|
=== Deploy a Workload with the `ocp-workload` playbook [Mostly for testing]
|
|
----
|
TARGET_HOST="bastion.na311.openshift.opentlc.com"
|
OCP_USERNAME="shacharb-redhat.com"
|
WORKLOAD="ocp-workload-user-quota-operator"
|
GUID=1001
|
|
# a TARGET_HOST is specified in the command line, without using an inventory file
|
ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \
|
-e"ansible_ssh_private_key_file=~/.ssh/keytoyourhost.pem" \
|
-e"ansible_user=ec2-user" \
|
-e"ocp_username=${OCP_USERNAME}" \
|
-e"ocp_workload=${WORKLOAD}" \
|
-e"silent=False" \
|
-e"guid=${GUID}" \
|
-e"ACTION=create"
|
----
|
|
=== To Delete an environment
|
|
----
|
TARGET_HOST="bastion.na311.openshift.opentlc.com"
|
OCP_USERNAME="ankay-redhat.com"
|
WORKLOAD="ocp-workload-user-quota-operator"
|
GUID=1002
|
|
# a TARGET_HOST is specified in the command line, without using an inventory file
|
ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \
|
-e"ansible_ssh_private_key_file=~/.ssh/keytoyourhost.pem" \
|
-e"ansible_user=ec2-user" \
|
-e"ocp_username=${OCP_USERNAME}" \
|
-e"ocp_workload=${WORKLOAD}" \
|
-e"guid=${GUID}" \
|
-e"ACTION=remove"
|
----
|
|
|
== Other related information:
|
|
=== Deploy Workload on OpenShift Cluster from an existing playbook:
|
|
[source,yaml]
|
----
|
- name: Deploy a workload role on a master host
|
hosts: all
|
become: true
|
gather_facts: False
|
tags:
|
- step007
|
roles:
|
- { role: "{{ocp_workload}}", when: 'ocp_workload is defined' }
|
----
|
NOTE: You might want to change `hosts: all` to fit your requirements
|
|
|
=== Set up your Ansible inventory file
|
|
* You can create an Ansible inventory file to define your connection method to your host (Master/Bastion with `oc` command)
|
* You can also use the command line to define the hosts directly if your `ssh` configuration is set to connect to the host correctly
|
* You can also use the command line to use localhost or if your cluster is already authenticated and configured in your `oc` configuration
|
|
.Example inventory file
|
[source, ini]
|
----
|
[gptehosts:vars]
|
ansible_ssh_private_key_file=~/.ssh/keytoyourhost.pem
|
ansible_user=ec2-user
|
|
[gptehosts:children]
|
openshift
|
|
[openshift]
|
bastion.cluster1.openshift.opentlc.com
|
bastion.cluster2.openshift.opentlc.com
|
bastion.cluster3.openshift.opentlc.com
|
bastion.cluster4.openshift.opentlc.com
|
|
[dev]
|
bastion.cluster1.openshift.opentlc.com
|
bastion.cluster2.openshift.opentlc.com
|
|
[prod]
|
bastion.cluster3.openshift.opentlc.com
|
bastion.cluster4.openshift.opentlc.com
|
----
|