Skip to content

New Kubernetes Operator for easy setup and management of Microcks entities

License

Notifications You must be signed in to change notification settings

microcks/microcks-operator

Microcks Operator

Kubernetes Operator for easy setup and management of Microcks installs and other entities (using Quarkus undercover 😉)

This Operator is meant to replace the existing microcks-ansible-operator that is kinda hard to maintain and to evolve.

GitHub Workflow Status Container License Project Chat Artifact HUB CNCF Landscape

Build Status

Latest release version is 0.0.1.

The current development version is 0.0.2-SNAPSHOT.

GitHub Workflow Status

Fossa license and security scans

FOSSA Status FOSSA Status FOSSA Status

OpenSSF best practices on Microcks core

CII Best Practices OpenSSF Scorecard

Community

To get involved with our community, please make sure you are familiar with the project's Code of Conduct.

Installation

Assuming you're connected to a Kubernetes cluster as an administrator, you must start installing the CRD in your cluster:

kubectl apply -f deploy/crd/microckses.microcks.io-v1.yml
kubectl apply -f deploy/crd/apisources.microcks.io-v1.yml
kubectl apply -f deploy/crd/secretsources.microcks.io-v1.yml

Then you can install the operator itself in a dedicated namespace -let's say microcks- using:

kubectl create namespace microcks
kubectl apply -f deploy/operator-jvm.yaml -n microcks

Usage

Once operator is installed, you can create a new Microcks Custom Resource (CR) to get a working instance of Microcks.

In below example, we're creating a new Microcks CR named microcks that will install Microcks 1.10.0. You need to customize the two url fields to match your environment with DNS names that will be mapped to the Microcks and Keycloak ingresses.

cat <<EOF | kubectl apply -f -
apiVersion: microcks.io/v1alpha1
kind: Microcks
metadata:
  name: microcks
spec:
  version: 1.10.0
  microcks:
    url: microcks.m.minikube.local
  keycloak:
    url: keycloak.m.minikube.local
EOF

For comprehensive documentation and examples of Microcks CR, please refer to the Microcks CR documentation.

Microcks Operator also provide the APISource and SecretSource CRs to manage the content of a Microcks instance. Thanks to those CR, you can easily define load pre-existing API definitions and connection secrets into an operator-managed Microcks instance.

For example, you can create a new APISource CR named tests-artifacts that will load 4 artifacts into the microcks instance and create an addition Hello Soep Service importer:

cat <<EOF | kubectl apply -f -
apiVersion: microcks.io/v1alpha1
kind: APISource
metadata:
  name: tests-artifacts
  annotations:
    microcks.io/instance: microcks
spec:
  artifacts:
    - url: https://raw.githubusercontent.com/microcks/microcks/master/samples/APIPastry-openapi.yaml
      mainArtifact: true
    - url: https://raw.githubusercontent.com/microcks/microcks/master/samples/hello-v1.proto
      mainArtifact: true
    - url: https://raw.githubusercontent.com/microcks/microcks/master/samples/HelloService.metadata.yml
      mainArtifact: false
    - url: https://raw.githubusercontent.com/microcks/microcks/master/samples/HelloService.postman.json
      mainArtifact: false
  importers:
    - name: Hello Soap Service
      mainArtifact: true
      active: false
      repository:
        url: https://raw.githubusercontent.com/microcks/microcks/master/samples/HelloService-soapui-project.xml
      labels:
        domain: authentication
        status: GA
        team: Team A
EOF

For comprehensive documentation and examples of APISource CR, please refer to the APISource CR documentation.

A Microcks instance may also need some secrets to be able to connect or to authenticate to external services like repositories or messaging brokers. The SecretSource CR is here to help you define those secrets and have them loaded into the Microcks instance.

For example, you can create a new SecretSource CR named tests-secrets that will load 2 secrets into the microcks instance. The first one is a simple secret with username, password, token and CA certificate. The second one is a secret that will be loaded from a Kubernetes secret named microcks-keycloak-admin and will use the username and password keys from this secret:

cat <<EOF | kubectl apply -f -
apiVersion: microcks.io/v1alpha1
kind: SecretSource
metadata:
  name: tests-secrets
  annotations:
    microcks.io/instance: microcks
spec:
  secrets:
    - name: my-secret
      description: My secret description
      username: my-username
      password: my-password
      token: my-token
      tokenHeader: my-token-header
      caCertPem: |
        ----BEGIN CERTIFICATE-----
        SGVsbG8gZXZlcnlvbmUgYW5kIHdlbGNvbWUgdG8gTWljcm9ja3Mh
        ----END CERTIFICATE-----
    - name: my-secret-2
      description: My secret description 2
      valuesFrom:
        secretRef: microcks-keycloak-admin
        usernameKey: username
        passwordKey: password
EOF

For comprehensive documentation and examples of SecretSource CR, please refer to the SecretSource CR documentation.

How to build it?

The operator is made of 2 modules:

  • api contains the model for manipulating Custom Resources elements using Java,
  • operator contains the Kubernetes controller implementing the remediation logic. It is implemented in Quarkus.

Api module

Simply execute:

mvn clean install

Operator module

Produce a native container image with the name elements specified within the pom.xml:

mvn package -Pnative -Dquarkus.native.container-build=true -Dquarkus.container-image.build=true

Local development

Be sure to be connected to a Kubernetes cluster first with a context set to a default namespace.

For Microcks CR

In this situation, you'll be able to use Quarkus iterative development loop. From the operator/ folder, launch:

mvn quarkus:dev

The operator will generate and then install/update the latest version of the CRD and wait for reconciliation loop to be triggered.

From the deploy/ folder, create a new sample CRD using:

kubectl apply -f samples/microcks-microcks.io-v1alpha1.yml

You shall see the operator starting the reconciliation with a log like:

2024-07-31 14:12:18,732 INFO  [io.git.mic.ope.MicrocksReconciler] (ReconcilerExecutor-microcksreconciler-391) Starting reconcile operation for 'microcks'
[...]
2024-07-31 14:12:48,615 INFO  [io.git.mic.ope.MicrocksReconciler] (ReconcilerExecutor-microcksreconciler-716) Keycloak reconciliation triggered an update? false
2024-07-31 14:12:48,618 INFO  [io.git.mic.ope.MicrocksReconciler] (ReconcilerExecutor-microcksreconciler-716) Mongo reconciliation triggered an update?: false
2024-07-31 14:12:48,621 INFO  [io.git.mic.ope.MicrocksReconciler] (ReconcilerExecutor-microcksreconciler-716) Microcks reconciliation triggered an update?: false
2024-07-31 14:12:48,623 INFO  [io.git.mic.ope.MicrocksReconciler] (ReconcilerExecutor-microcksreconciler-716) Postman reconciliation triggered an update?: false
2024-07-31 14:12:48,627 INFO  [io.git.mic.ope.MicrocksReconciler] (ReconcilerExecutor-microcksreconciler-716) Async reconciliation triggered an update?: false
2024-07-31 14:12:48,627 INFO  [io.git.mic.ope.MicrocksReconciler] (ReconcilerExecutor-microcksreconciler-716) Finishing reconcile operation for 'microcks'
2024-07-31 14:12:48,628 INFO  [io.git.mic.ope.MicrocksReconciler] (ReconcilerExecutor-microcksreconciler-716) Returning a noUpdate control. =============================
 

For APISource & SecretSource CR

In this situation, you won't be able to run the operator in local Quarkus process as the controllers for these CRs use internal Kubernetes network names to interact with Microcks instance.

The Operator must then be deployed in your local Kubernetes cluster. You can use the deploy/operator-dev-jvm.yaml file to do so.

Then you can create the needed sample CRs using:

kubectl apply -f samples/apisource-microcks.io-v1alpha1-tests.yml
kubectl apply -f samples/secretsource-microcks.io-v1alpha1-tests.yml

You can check the reconciliation status of those CRs using:

kc get apisources/tests-artifacts -o yaml
kc get secretsources/tests-secrets -o yaml

When iterating on the operator code, you can rebuild the operator container image and then apply the new version using:

kc scale --replicas=0 deployment/microcks-operator
mvn clean package && docker build -f src/main/docker/Dockerfile.jvm -t quay.io/lbroudoux/microcks-operator:jvm-latest . && docker push quay.io/lbroudoux/microcks-operator:jvm-latest
kc scale --replicas=1 deployment/microcks-operator

Local tests