Skip to content

Instantly share code, notes, and snippets.

@alexcpn

alexcpn/operator from helm.md

Last active January 16, 2020 04:14
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save alexcpn/cd56155a32e1bab4450407755435db8a to your computer and use it in GitHub Desktop.
Save alexcpn/cd56155a32e1bab4450407755435db8a to your computer and use it in GitHub Desktop.
Download ZIP
How to create a Helm based Operator
Raw
operator from helm.md

Doc - https://github.com/operator-framework/operator-sdk/blob/master/doc/helm/user-guide.md

Chart https://hub.helm.sh/charts/bitnami/cassandra/3.4.3

operator-sdk new cassandra-helm-operator --type=helm --helm-chart=cassandra --helm-chart-repo=https://charts.bitnami.com/bitnami --verbose

Deploy CRD

kubectl --insecure-skip-tls-verify --kubeconfig ~/keys/ee1-kubeconfig.config create -f deploy/crds/charts.helm.k8s.io_cassandras_crd.yaml customresourcedefinition.apiextensions.k8s.io/cassandras.charts.helm.k8s.io created

Build Opertor

~/coding/k8s/cassandra-helm-operator$ operator-sdk build alexcpn/test-cassandra-operator:v0.0.1

~/coding/k8s/cassandra-helm-operator$ sed -i 's|REPLACE_IMAGE|alexcpn/test-cassandra-operator:v0.0.1|g' deploy/operator.yaml

As per doc

alex@drone-OMEN:~/coding/k8s/cassandra-helm-operator$ kubectl  --insecure-skip-tls-verify  --kubeconfig ~/keys/ee1-kubeconfig.config create -f deploy/service_account.yaml 
serviceaccount/cassandra-helm-operator created
alex@drone-OMEN:~/coding/k8s/cassandra-helm-operator$ kubectl  --insecure-skip-tls-verify  --kubeconfig ~/keys/ee1-kubeconfig.config create -f deploy/role.yaml 
role.rbac.authorization.k8s.io/cassandra-helm-operator created
alex@drone-OMEN:~/coding/k8s/cassandra-helm-operator$ kubectl  --insecure-skip-tls-verify  --kubeconfig ~/keys/ee1-kubeconfig.config create -f deploy/role_binding.yaml 
rolebinding.rbac.authorization.k8s.io/cassandra-helm-operator created
alex@drone-OMEN:~/coding/k8s/cassandra-helm-operator$ kubectl  --insecure-skip-tls-verify  --kubeconfig ~/keys/ee1-kubeconfig.config create -f deploy/operator.yaml 
deployment.apps/cassandra-helm-operator created
alex@drone-OMEN:~/coding/k8s/cassandra-helm-operator$ kubectl  --insecure-skip-tls-verify  --kubeconfig ~/keys/ee1-kubeconfig.config get deployment

NAME                      READY   UP-TO-DATE   AVAILABLE   AGE
cassandra-helm-operator   1/1     1            1           1

kubectl --insecure-skip-tls-verify --kubeconfig ~/keys/ee1-kubeconfig.config apply -f deploy/crds/charts.helm.k8s.io_v1alpha1_cassandra_cr.yaml cassandra.charts.helm.k8s.io/example-cassandra created

Error

{"level":"error","ts":1578915836.236557,"logger":"helm.controller","msg":"Release failed","namespace":"default","name":"example-cassandra","apiVersion":"charts.helm.k8s.io/v1alpha1","kind":"Cassandra","release":"example-cassandra","error":"failed to install release: rendered manifests contain a resource that already exists. Unable to continue with install: could not get information about the resource: poddisruptionbudgets.policy \"example-cassandra-headless\" is forbidden: User \"system:serviceaccount:default:cassandra-helm-operator\" cannot get resource \"poddisruptionbudgets\" in API group \"policy\" in the namespace \"default\"","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\tpkg/mod/github.com/go-logr/zapr@v0.1.1/zapr.go:128\ngithub.com/operator-framework/operator-sdk/pkg/helm/controller.HelmOperatorReconciler.Reconcile\n\tsrc/github.com/operator-framework/operator-sdk/pkg/helm/controller/reconcile.go:194\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\tpkg/mod/sigs.k8s.io/controller-runtime@v0.4.0/pkg/internal/controller/controller.go:256\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\tpkg/mod/sigs.k8s.io/controller-runtime@v0.4.0/pkg/internal/controller/controller.go:232\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker\n\tpkg/mod/sigs.k8s.io/controller-runtime@v0.4.0/pkg/internal/controller/controller.go:211\nk8s.io/apimachinery/pkg/util/wait.JitterUntil.func1\n\tpkg/mod/k8s.io/apimachinery@v0.0.0-20191004115801-a2eda9f80ab8/pkg/util/wait/wait.go:152\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\tpkg/mod/k8s.io/apimachinery@v0.0.0-20191004115801-a2eda9f80ab8/pkg/util/wait/wait.go:153\nk8s.io/apimachinery/pkg/util/wait.Until\n\tpkg/mod/k8s.io/apimachinery@v0.0.0-20191004115801-a2eda9f80ab8/pkg/util/wait/wait.go:88"}

--> poddisruptionbudgets.policy

https://www.oreilly.com/library/view/kubernetes-security/9781492039075/ch04.html

: User \"system:serviceaccount:default:cassandra-helm-operator\" cannot get resource \"poddisruptionbudgets\" in API group \"policy\" in the namespace \"default\"","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\tpkg/mod/

 kubectl  --insecure-skip-tls-verify  --kubeconfig ~/keys/ee1-kubeconfig.config auth can-i get poddisruptionbudgets.policy --as=system:serviceaccount:default:cassandra-helm-operator
no

alex@drone-OMEN:~/coding/k8s/cassandra-helm-operator$ kubectl  --insecure-skip-tls-verify  --kubeconfig ~/keys/ee1-kubeconfig.config apply -f deploy/role.yaml 
role.rbac.authorization.k8s.io/cassandra-helm-operator configured
alex@drone-OMEN:~/coding/k8s/cassandra-helm-operator$ kubectl  --insecure-skip-tls-verify  --kubeconfig ~/keys/ee1-kubeconfig.config auth can-i get poddisruptionbudgets.policy --as=system:serviceaccount:default:cassandra-helm-operator
yes

Redpeploy CR after that and thats that

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment