FLPATH-1074:cluster-onboarding #28
Conversation
RichardW98
force-pushed
the
cluster-onboarding
branch
3 times, most recently
from
7851a6a
to
fb281fb
Compare
| import java.util.Map; | ||
|
|
||
| @ApplicationScoped | ||
| public class ClusterOnboarding { |
There was a problem hiding this comment.
Can this be replaced with openapi and not have any custom java code?
There was a problem hiding this comment.
I think we can hardly do it, the main reason is bcs the bearer token for the 2nd cluster is dynamic and fetched from a secret in 1st cluster
There was a problem hiding this comment.
I did some research on dynamic value for the auth token of openapi spec but failed.
There was a problem hiding this comment.
maybe @dmartinol knows more
There was a problem hiding this comment.
In general, @masayag is right asking to exclude the Java code, as it will break the working assumptions of the CI pipeline that requires to have a flat layout. I'm wondering why we can't get the Token in the workflow input and create the onboarded resources using the kube.yaml API like the escalation workflow. What's the difference here?
There was a problem hiding this comment.
I don't think we can set the bearerToken from WF input to the property(quarkus.openapi-generator.kube_yaml.auth.BearerToken.bearer-token) in application.properties?
There was a problem hiding this comment.
Thanks for clarifying the use case. Then, unless the SonataFlow team has a different advice, the only alternative I can see is to move these functions (read the secret and deploy on the external cluster) to a separate Java REST service that the workflow can orchestrate using OpenAPI.
There was a problem hiding this comment.
Thank you! Separate Java service is a good idea
There was a problem hiding this comment.
if you folllow this approach, instead of hardcoding the manifests in the Java code, you can load them from YAML files and, to allow further customization, mount them from a ConfigMap. Just my (last) 2eurocents
There was a problem hiding this comment.
yes, that's the benefit of knative functions ~
There was a problem hiding this comment.
Would it be useful to create a personal notification with the details of the namespace to the user?
There was a problem hiding this comment.
sure! Notification service should be integrated
There was a problem hiding this comment.
+1; the end states should send a notification for completion/error as in the UI the workflow will be marked as successfully completed so receiving a notification stating the output result would be nice
There was a problem hiding this comment.
is the specs available from an URL? If we can avoid to put the openAPI spec file to our workflow but instead point to it directly to its source it could be nice.
Like we did for mta and m2k workflows for the notifications specs
There was a problem hiding this comment.
we can hardly do it
the openapi endpoint for the kubernetes is dynamic as it has a random hash appended at the end
There was a problem hiding this comment.
also the openapi endpoint in ocp and vanila are different
| token: .secret.data.token | ||
| cacert: .secret.data["ca.crt"] | ||
| stateDataFilter: | ||
| output: "del(.secret)" |
RichardW98
force-pushed
the
cluster-onboarding
branch
from
fb281fb
to
a5244c7
Compare
|
callback events is used here for communication between func and workflow. It's hard to rewrite the func to a workflow with openapi spec as Kogito doesn't support one time run-to-complete mode for now |
RichardW98
force-pushed
the
cluster-onboarding
branch
from
a5244c7
to
799964a
Compare
RichardW98
force-pushed
the
cluster-onboarding
branch
from
799964a
to
25d3cc1
Compare
|
@masayag @gabriel-farache please take a look at the latest changes |
| @@ -0,0 +1,4 @@ | |||
| # Cluster Onboarding workflow | |||
| As a user I would like to onboard to my k8s/ocp cluster by creating a namesapce | |||
| # Cluster Onboarding workflow | ||
| As a user I would like to onboard to my k8s/ocp cluster by creating a namesapce | ||
|
|
||
| We can create set of secrets with kubeconfigs in the same namespace where the workflow is deployed and use workflow parameter with the secret name to connect to the right cluster. |
There was a problem hiding this comment.
@anludke let's include in this file the steps to test it.
issue: https://issues.redhat.com/browse/FLPATH-1074
flow: