| ansible/roles/ocp4-workload-userquota-operator/defaults/main.yml | ●●●●● patch | view | raw | blame | history | |
| ansible/roles/ocp4-workload-userquota-operator/readme.adoc | ●●●●● patch | view | raw | blame | history | |
| ansible/roles/ocp4-workload-userquota-operator/tasks/remove_workload.yml | ●●●●● patch | view | raw | blame | history | |
| ansible/roles/ocp4-workload-userquota-operator/tasks/workload.yml | ●●●●● patch | view | raw | blame | history | |
| ansible/roles/ocp4-workload-userquota-operator/templates/crd.j2 | ●●●●● patch | view | raw | blame | history | |
| ansible/roles/ocp4-workload-userquota-operator/templates/operator.j2 | ●●●●● patch | view | raw | blame | history | |
| ansible/roles/ocp4-workload-userquota-operator/templates/role.j2 | ●●●●● patch | view | raw | blame | history | |
| ansible/roles/ocp4-workload-userquota-operator/templates/user_quota.j2 | ●●●●● patch | view | raw | blame | history |
ansible/roles/ocp4-workload-userquota-operator/defaults/main.yml
@@ -3,5 +3,5 @@ ocp_username: system:admin silent: False _operator_project: userquota-operator _operator_project_display: "User Quota Operator" _operator_project: gpte-userquota-operator _operator_project_display: "GPTE UserQuota Operator" ansible/roles/ocp4-workload-userquota-operator/readme.adoc
@@ -27,6 +27,35 @@ * A variable *silent=True* can be passed to suppress debug messages. * You can modify any of these default values by adding `-e "variable_name=variable_value"` to the command line == UserQuota Custom Resource The operator uses a custom resource *UserQuota.gpte.opentlc.com/v1alpha1* to set the quota for all users in the cluster. This object is shaped after the *ClusterResourceQuota*. Everything under *.spec.quota* will be applied to the .spec.quota of the ClusterResourceQuota to be created. The operator sets up the UserQuota listed below. It should be called `default` and can be edited after deployment. Any edit will apply the quota to all users within the operator reconciliation period which is set to 5 seconds. Deleting the UserQuota object `default` will delete all ClusterResourceQuota objects that have been created because of the existence of the UserQuota object. [source,yaml] ---- apiVersion: gpte.opentlc.com/v1alpha1 kind: UserQuota metadata: name: default spec: quota: hard: configmaps: "10" limits.cpu: "10" limits.memory: 20Gi persistentvolumeclaims: "20" pods: "20" requests.cpu: "5" requests.memory: 6Gi requests.storage: 50Gi secrets: "150" services: "30" ---- === Deploy a Workload with the `ocp-workload` playbook [Mostly for testing] ---- ansible/roles/ocp4-workload-userquota-operator/tasks/remove_workload.yml
@@ -1,16 +1,26 @@ --- # Implement your Workload removal tasks here - name: Remove User Quota Operator Project - name: Delete the UserQuota (which deletes all ClusterResourceQuotas) k8s: state: absent api_version: v1 kind: Namespace name: "{{ _operator_project }}" definition: "{{ lookup('template', './templates/user_quota.j2' ) | from_yaml }}" - name: Remove all Cluster Resource Quotas debug: msg: Investigate if this happens automatically - name: Wait 15 seconds (the Operator reconciles every 5 seconds) wait_for: timeout=15 delegate_to: localhost - name: Delete OpenShift Objects for User Quota Operator k8s: state: absent definition: "{{ lookup('template', item ) | from_yaml }}" loop: - ./templates/operator.j2 - ./templates/role_binding.j2 - ./templates/role.j2 - ./templates/service_account.j2 - ./templates/crd.j2 - ./templates/project.j2 # Leave this as the last task in the playbook. - name: remove_workload tasks complete ansible/roles/ocp4-workload-userquota-operator/tasks/workload.yml
@@ -14,10 +14,12 @@ definition: "{{ lookup('template', item ) | from_yaml }}" loop: - ./templates/project.j2 - ./templates/crd.j2 - ./templates/service_account.j2 - ./templates/role.j2 - ./templates/role_binding.j2 - ./templates/operator.j2 - ./templates/user_quota.j2 # Leave this as the last task in the playbook. - name: workload tasks complete ansible/roles/ocp4-workload-userquota-operator/templates/crd.j2
New file @@ -0,0 +1,19 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: userquota.gpte.opentlc.com spec: group: gpte.opentlc.com names: kind: UserQuota listKind: UserQuotaList plural: userquota singular: userquota scope: Cluster subresources: status: {} version: v1alpha1 versions: - name: v1alpha1 served: true storage: true ansible/roles/ocp4-workload-userquota-operator/templates/operator.j2
@@ -15,9 +15,23 @@ spec: serviceAccountName: userquota-operator containers: - name: userquota-operator image: quay.io/wkulhanek/userquota-operator:v0.0.5 imagePullPolicy: IfNotPresent - name: ansible command: - /usr/local/bin/ao-logs - /tmp/ansible-operator/runner - stdout image: quay.io/wkulhanek/userquota-operator:v0.0.7 imagePullPolicy: Always volumeMounts: - mountPath: /tmp/ansible-operator/runner name: runner readOnly: true - name: operator image: quay.io/wkulhanek/userquota-operator:v0.0.7 imagePullPolicy: Always volumeMounts: - mountPath: /tmp/ansible-operator/runner name: runner env: - name: WATCH_NAMESPACE value: "" @@ -27,3 +41,6 @@ fieldPath: metadata.name - name: OPERATOR_NAME value: "userquota-operator" volumes: - name: runner emptyDir: {} ansible/roles/ocp4-workload-userquota-operator/templates/role.j2
@@ -4,25 +4,6 @@ name: userquota-operator rules: - apiGroups: - "" resources: - configmaps verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - namespaces - pods verbs: - get - apiGroups: - user.openshift.io resources: - users @@ -45,9 +26,50 @@ - update - watch - apiGroups: - "" resources: - pods - configmaps - secrets verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - namespaces verbs: - get - apiGroups: - monitoring.coreos.com resources: - servicemonitors verbs: - get - create - apiGroups: - apps resourceNames: - userquota-operator resources: - deployments/finalizers verbs: - update - apiGroups: - gpte.opentlc.com resources: - userquota - userquota/status verbs: - create - delete - get - list - patch - update - watch ansible/roles/ocp4-workload-userquota-operator/templates/user_quota.j2
New file @@ -0,0 +1,17 @@ apiVersion: gpte.opentlc.com/v1alpha1 kind: UserQuota metadata: name: default spec: quota: hard: configmaps: "10" limits.cpu: "10" limits.memory: 20Gi persistentvolumeclaims: "20" pods: "20" requests.cpu: "5" requests.memory: 6Gi requests.storage: 50Gi secrets: "150" services: "30"
