Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow server to control ansible pods #174

Merged
merged 4 commits into from
Jul 5, 2017
Merged

Allow server to control ansible pods #174

merged 4 commits into from
Jul 5, 2017

Conversation

carbonin
Copy link
Member

This PR adds a new service account for the manageiq application pod which is intended to have edit and view roles for the namespace the project is running in.

This will allow the app pod itself to scale other pods within the project up and down.

The plan is to use this ability to only scale the ansible pod when it is needed (when the role is enabled).

@carbonin carbonin requested review from bdunne and fbladilo June 30, 2017 21:42
@carbonin carbonin mentioned this pull request Jun 30, 2017
Merged
bdunne
bdunne requested changes Jul 3, 2017
View reviewed changes
Copy link
Member

@bdunne bdunne left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 Overall looks great

templates/miq-template.yaml
@@ -149,6 +153,11 @@ objects:
mountPath: "/persistent"
env:
-
name: MY_POD_NAMESPACE
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you need this in the other template as well.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

carbonin added 4 commits July 5, 2017 09:16
@carbonin
Add MY_POD_NAMESPACE environment variable
6c9133b 
This utilizes the OpenShift "Downward API"
ref: https://docs.openshift.org/latest/dev_guide/downward_api.html#dapi-values-using-environment-variables
@carbonin
Add a new service account for the orchestrator
5a8e8a0 
This account will be given the view and edit role for the namespace
to allow it to scale the ansible pod when the role is enabled or
disabled.
@carbonin
Start the ansible pods at 0 replicas
adb2566 
We will scale the pod up to 1 when the role is activated
@carbonin
Edit the README to add the correct roles and scc to the new user
cd296dd 
We use a new user (service account) so that only pods which need
API access to the project can get it.
For now this will be just the manageiq app pod which will use
the API (and the service account token) to scale up or down
the ansible pod.
@carbonin carbonin force-pushed the allow_server_to_control_ansible_pods branch from 266eecf to cd296dd Compare July 5, 2017 13:16
@miq-bot
Copy link
Member

miq-bot commented Jul 5, 2017

Checked commits carbonin/manageiq-pods@6c9133b~...cd296dd with ruby 2.2.6, rubocop 0.47.1, and haml-lint 0.20.0
0 files checked, 0 offenses detected
Everything looks fine. 🍪

bdunne
bdunne approved these changes Jul 5, 2017
View reviewed changes
Copy link
Member

@bdunne bdunne left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@bdunne bdunne merged commit b4d2a41 into ManageIQ:master Jul 5, 2017
@carbonin carbonin deleted the allow_server_to_control_ansible_pods branch October 13, 2017 19:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bdunne bdunne bdunne approved these changes

@fbladilo fbladilo Awaiting requested review from fbladilo

Assignees

@bdunne bdunne

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@carbonin @miq-bot @bdunne