Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for Multinamespace mode in Ansible operator #2361

Closed
aelbarkani opened this issue Jan 3, 2020 · 8 comments · Fixed by #2522
Closed

Support for Multinamespace mode in Ansible operator #2361

aelbarkani opened this issue Jan 3, 2020 · 8 comments · Fixed by #2522
Assignees
@camilamacedo86
Labels
help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/bug Categorizes issue or PR as related to a bug. language/ansible Issue is related to an Ansible operator project olm-integration Issue relates to the OLM integration

Comments

@aelbarkani
Copy link

Feature Request

Is your feature request related to a problem? Please describe.
It seems that when WATCH_NAMESPACE is defined to multiple namespaces (separated by a comma) in an Ansible operator, the operator interprets it as a single namespace.

Here are the steps I've followed:

  1. I created an operator with operator-sdk using Ansible flavor
  2. I used operator-sdk olm-catalog gen-csv to create the CSV.
  3. I setup a marketplace like indicated in here: https://github.com/operator-framework/operator-marketplace.
  4. I created an OperatorGroup covering two namespaces: ns1 and ns2.
  5. The CSV were copied to the two namespaces specified, and the corresponding roles and role bindings were created.

I expected the operator to watch the two namespaces I indicated in the operator group. However, the operator couldn't watch the two namespaces. In fact, the WATCH_NAMESPACE variable in the operator has been defined to "ns1,ns2", which the operator interprets as a single namespace.

Here is the error I'm getting:
E0103 12:12:47.436673 1 reflector.go:123] pkg/mod/k8s.io/client-go@v0.0.0-20191016111102-bec269661e48/tools/cache/reflector.go:96: Failed to list *unstructured.Unstructured: railsstacks.rails.onehq.com is forbidden: User "system:serviceaccount:marketplace:railsstack-operator" cannot list resource "railsstacks" in API group "rails.onehq.com" in the namespace "ns1,ns2

Describe the solution you'd like
When indicating multiple namespaces in WATCH_NAMESPACE separated by a comma (as injected by the OperatorGroup), the operator should interpret it as multiple namespaces and not as a single namespace.
@camilamacedo86
Copy link
Contributor

Hi @aelbarkani,

Shows that the behaviour faced is what is specified in your catalogue files ( CSV and OperatorGroup). Have you got a look in the steps described here?

@estroz would you like to supplement this one?

@camilamacedo86 camilamacedo86 added olm-integration Issue relates to the OLM integration triage/support Indicates an issue that is a support question. labels Jan 6, 2020
@aelbarkani
Copy link
Author

Hi @camilamacedo86. Yes, I've followed the steps described there. I've set the Multinamespace field to true in InstallModes (in the CSV). And indicated several namespaces in the targetNamespaces of the OperatorGroup:

targetNamespaces:
- ns1
- ns2

OLM seems to be working fine. In my opinion it's rather an issue in operator-sdk. I've checked the documentation I've found this sentence here:
https://github.com/operator-framework/operator-sdk/blob/master/doc/user/olm-catalog/generating-a-csv.md
spec.installModes: what mode of installation namespacing OLM should use. Currently all but MultiNamespace are supported by SDK Operators

Maybe related to these issues and PRs ?
#767
#1388
#2010

@camilamacedo86
Copy link
Contributor

Hi @aelbarkani,

I checked it better and saw the error faced"system:serviceaccount:marketplace:railsstack-operator" cannot list resource "railsstacks" in API group "rails.onehq.com" in the namespace "ns1,ns2.

I understand that the OLM/CSV is not supported yet for Ansible operators. @estroz could you please double-check it as well? Also, do you think that any way we should keep it open in order to try to fix this scenario or close since is not supported yet?

@estroz
Copy link
Member

estroz commented Jan 17, 2020

@aelbarkani @camilamacedo86 is correct, gen-csv does not support Ansible operator projects yet. However I'm not sure that relates to your problem. This seems more like a bug report than a feature request. Can you post a comment in this issue with the bug report issue template filled out? Thanks.

@estroz estroz removed their assignment Jan 29, 2020
@aelbarkani
Copy link
Author

Bug Report

What did you do?
It seems that when WATCH_NAMESPACE is defined to multiple namespaces (separated by a comma) in an Ansible operator, the operator interprets it as a single namespace.

Here are the steps I've followed:

  • I created an operator with operator-sdk using Ansible flavor
  • I used operator-sdk generate csv to create the CSV.
  • I setup a marketplace like indicated in here: https://github.com/operator-framework/operator-marketplace.
  • I created an OperatorGroup covering two namespaces: ns1 and ns2.
  • The CSV were copied to the two namespaces specified, and the corresponding roles and role bindings were created.

What did you expect to see?
I expected the operator to watch the two namespaces I indicated in the operator group.

What did you see instead? Under which circumstances?

The operator couldn't watch the two namespaces. In fact, the WATCH_NAMESPACE variable in the operator has been defined to "ns1,ns2", which the operator interprets as a single namespace.
Here is the error I'm getting:

E0103 12:12:47.436673 1 reflector.go:123] pkg/mod/k8s.io/client-go@v0.0.0-20191016111102-bec269661e48/tools/cache/reflector.go:96: Failed to list *unstructured.Unstructured: railsstacks.rails.onehq.com is forbidden: User "system:serviceaccount:marketplace:railsstack-operator" cannot list resource "railsstacks" in API group "rails.onehq.com" in the namespace "ns1,ns2"

Environment

  • operator-sdk version:

0.15.1

  • go version:

1.13.6

  • Kubernetes version information:

Client Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.2", GitCommit:"59603c6e503c87169aea6106f57b9f242f64df89", GitTreeState:"clean", BuildDate:"2020-01-21T22:17:28Z", GoVersion:"go1.13.5", Compiler:"gc", Platform:"linux/amd64"} Server Version: version.Info{Major:"1", Minor:"13+", GitVersion:"v1.13.12-gke.16", GitCommit:"d40fd337c7a73c3720b57f23b8d1f21f1b2df7ca", GitTreeState:"clean", BuildDate:"2019-11-25T19:40:16Z", GoVersion:"go1.12.11b4", Compiler:"gc", Platform:"linux/amd64"}

  • Kubernetes cluster kind: GKE

  • Are you writing your operator in ansible, helm, or go?
    Ansible

Possible Solution

Additional context
Add any other context about the problem here.

@aelbarkani
Copy link
Author

@estroz I just added a comment with the bug report. I tested with the last version of operator sdk: 0.15.1

@camilamacedo86 camilamacedo86 added language/ansible Issue is related to an Ansible operator project kind/bug Categorizes issue or PR as related to a bug. triage/support Indicates an issue that is a support question. and removed triage/support Indicates an issue that is a support question. kind/bug Categorizes issue or PR as related to a bug. labels Feb 2, 2020
@camilamacedo86
Copy link
Contributor

camilamacedo86 commented Feb 2, 2020
edited
Loading

@estroz I am flagging it as a bug as part of "unable to setup ansible operators with OLM when they are using multiple namespaces". Please, feel free to review.

Shows the problem is here. Also, we could check the helm impl for it which may can be facing the same.

HI @aelbarkani,
Would like to collab with a PR to solve it? PS.: To test it locally you can build a new ansible dev image using the make targets and use it in your project.

@camilamacedo86 camilamacedo86 added help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/bug Categorizes issue or PR as related to a bug. and removed triage/support Indicates an issue that is a support question. labels Feb 2, 2020
@camilamacedo86 camilamacedo86 removed their assignment Feb 2, 2020
@aelbarkani
Copy link
Author

@camilamacedo86 sorry never coded in golang :(

@camilamacedo86 camilamacedo86 self-assigned this Feb 9, 2020
@camilamacedo86 camilamacedo86 mentioned this issue Feb 9, 2020
Merged
camilamacedo86 added a commit that referenced this issue Feb 18, 2020
@camilamacedo86
Scaffold code in cmd/manager/main.go for Go operators and add logic…
9ed25ae 
… to Ansible/Helm operators to handle [multinamespace caching] (#2522)

**Motivation for the change:**

- Integration with OLM: See that OLM allows and config the MultiNamespace via the option  `targetNamespaces` via the OperatorGroup. We are also in the olm commands setting these values in the WATCH-NAMESPACE EnvVar. 

- Address the requirements requested in tasks such as #2494, #2078, (which are a very common scenario in the channels: I as an operator dev, would like to deploy the operator in the nsA and WATCH the resources in the nsB and do not all cluster ), 

Closes #2361
@camilamacedo86 camilamacedo86 mentioned this issue Jun 22, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@camilamacedo86 camilamacedo86

Labels
help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/bug Categorizes issue or PR as related to a bug. language/ansible Issue is related to an Ansible operator project olm-integration Issue relates to the OLM integration
Projects
None yet
Milestone
No milestone
3 participants
@camilamacedo86 @estroz @aelbarkani