Skip to content

Commit

Permalink
remove maistra related things (#723)
Browse files Browse the repository at this point in the history 
part of kiali/kiali#6816
  • Loading branch information
@jmazzitelli
jmazzitelli authored Nov 16, 2023
1 parent 8fad9d2 commit efd21f8
Show file tree
Hide file tree
Showing 7 changed files with 13 additions and 332 deletions.
2 changes: 1 addition & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ endif
## validate: Checks the latest version of the OLM bundle metadata for correctness.
validate: .ensure-operator-sdk-exists
@printf "==========\nValidating kiali-ossm metadata\n==========\n"
@mkdir -p ${OUTDIR}/kiali-ossm && rm -rf ${OUTDIR}/kiali-ossm/* && cp -R ./manifests/kiali-ossm ${OUTDIR} && cat ./manifests/kiali-ossm/manifests/kiali.clusterserviceversion.yaml | KIALI_OPERATOR_VERSION="2.0.0" KIALI_OLD_OPERATOR_VERSION="1.0.0" KIALI_OPERATOR_REGISTRY="registry-proxy.engineering.redhat.com/rh-osbs/openshift-service-mesh-kiali-operator:2.0.0" KIALI_1_57="registry-proxy.engineering.redhat.com/rh-osbs/openshift-service-mesh-kiali-rhel8:1.57.0-1" KIALI_1_48="registry-proxy.engineering.redhat.com/rh-osbs/openshift-service-mesh-kiali-rhel8:1.48.2-2" KIALI_1_36="registry-proxy.engineering.redhat.com/rh-osbs/openshift-service-mesh-kiali-rhel8:1.36.12-1" KIALI_1_24="registry-proxy.engineering.redhat.com/rh-osbs/openshift-service-mesh-kiali-rhel8:1.24.16-1" CREATED_AT="2021-01-01T00:00:00Z" envsubst > ${OUTDIR}/kiali-ossm/manifests/kiali.clusterserviceversion.yaml && ${OP_SDK} bundle validate --verbose ${OUTDIR}/kiali-ossm
@mkdir -p ${OUTDIR}/kiali-ossm && rm -rf ${OUTDIR}/kiali-ossm/* && cp -R ./manifests/kiali-ossm ${OUTDIR} && cat ./manifests/kiali-ossm/manifests/kiali.clusterserviceversion.yaml | KIALI_OPERATOR_VERSION="2.0.0" KIALI_OLD_OPERATOR_VERSION="1.0.0" KIALI_OPERATOR_REGISTRY="registry-proxy.engineering.redhat.com/rh-osbs/openshift-service-mesh-kiali-operator:2.0.0" CREATED_AT="2021-01-01T00:00:00Z" envsubst > ${OUTDIR}/kiali-ossm/manifests/kiali.clusterserviceversion.yaml && ${OP_SDK} bundle validate --verbose ${OUTDIR}/kiali-ossm
@printf "==========\nValidating the latest version of kiali-community metadata\n==========\n"
@for d in $$(ls -1d manifests/kiali-community/* | sort -V | grep -v ci.yaml | tail -n 1); do ${OP_SDK} bundle --verbose validate $$d; done
@printf "==========\nValidating the latest version of kiali-upstream metadata\n==========\n"
Expand Down
2 changes: 1 addition & 1 deletion crd-docs/crd/kiali.io_kialis.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -917,7 +917,7 @@ spec:
description: "The external URL that will be used to generate links to Jaeger. It must be accessible to clients external to the cluster (e.g: a browser) in order to generate valid links. If the tracing service is deployed with a QUERY_BASE_PATH set, set this URL like https://<hostname>/<QUERY_BASE_PATH>. For example, https://tracing-service:8080/jaeger"
type: string
use_grpc:
description: "Set to true in order to enable GRPC connections between Kiali and Jaeger which will speed up the queries. In some setups you might not be able to use GRPC (e.g. if Jaeger is behind some reverse proxy that doesn't support it). If not specified, this will defalt to 'false' if deployed within a Maistra/OSSM+OpenShift environment, 'true' otherwise."
description: "Set to true in order to enable GRPC connections between Kiali and Jaeger which will speed up the queries. In some setups you might not be able to use GRPC (e.g. if Jaeger is behind some reverse proxy that doesn't support it). If not specified, this will defalt to 'true'."
type: boolean
whitelist_istio_system:
description: "Kiali will get the traces of these services found in the Istio control plane namespace."
Expand Down
308 changes: 1 addition & 307 deletions manifests/README.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,310 +8,4 @@ These contain the OpenShift Lifecycle Manager manifest files for the several dif
=== Testing

To test these manifests, follow the directions at:

* link:https://docs.openshift.com/container-platform/4.1/applications/operators/olm-adding-operators-to-cluster.html#olm-installing-operator-from-operatorhub-using-cli_olm-adding-operators-to-a-cluster[OpenShift docs page]
* link:https://github.com/operator-framework/community-operators/blob/master/docs/testing-operators.md#testing-operator-deployment-on-openshift[Operator framework testing page].

If on OKD or OCP, these quick instructions summarize what you have to do. This assumes you have a quay.io account and your current working directory is this parent directory of the manifests. Optionally, you can have `operator-courier` installed.

==== Disable other operator sources

Kiali operator is published in the community and so will appear by default in the OpenShift Catalog. Kiali is also available in OCP installations via the `redhat-operators` OperatorSource. You will need to disable all of the OperatorSources that provide published Kiali operators, otherwise they will conflict with the Kiali operator you are testing.

Starting in OpenShift 4.2, you disable the sources through the OperatorHub "cluster" resource:

```
oc patch operatorhub cluster -n openshift-marketplace -p '{"spec":{"disableAllDefaultSources": true}}' --type=merge
```

You can disable individual sources via:

```
cat <<EOF | oc apply -f -
apiVersion: config.openshift.io/v1
kind: OperatorHub
metadata:
name: cluster
namespace: openshift-marketplace
spec:
disableAllDefaultSources: false
sources: [
{
name: "certified-operators",
disabled: true
},
{
name: "community-operators",
disabled: true
},
{
name: "redhat-operators",
disabled: true
}
]
EOF
```

==== Get your quay.io username and quay.io token

Set the environment variables `QUAY_USERNAME` and `QUAY_TOKEN`. These will be used in subsequent steps. Your quay.io token will look something like this: `basic abcdef123456abcdef==`.

You can set both of these by running the following command:

```
echo -n 'Your quay.io username: ' \
&& read QUAY_USERNAME \
&& echo -n 'Your quay.io password: ' \
&& export QUAY_TOKEN=$(curl --silent -H "Content-Type: application/json" -XPOST https://quay.io/cnr/api/v1/users/login -d '{"user":{"username":"'"${QUAY_USERNAME}"'","password":"'"$(read -s PW && echo -n $PW)"'"}}' | sed -E 's/.*\"(basic .*)\".*/\1/')
```

An alternative to getting your token is through the use of the link:https://raw.githubusercontent.com/operator-framework/operator-courier/master/scripts/get-quay-token[get-quay-token] script provided by operator-courier and store the returned token in the `QUAY_TOKEN` environment variable.

==== Push the Kiali operator manifest bundle to Quay.io

First define what manifest bundles you want to push to your Quay.io app registry:

```
OPERATOR_DIR=kiali-community/ # other manifests here are: kiali-upstream/ and kiali-ossm/
PACKAGE_NAME=kiali # use kiali-ossm if pushing the OCP manifest found in directory kiali-ossm/
PACKAGE_VERSION=1.0.0 # unrelated to operator version, but set this to the highest operator version
```

If the bundles are already uploaded to the RedHat app repository and you want to use those,
you do not have to do this next step. But if you plan on building your own images of the operator and want to use those,
then you have to push them to your Quay.io image repository (e.g. `quay.io/${QUAY_USERNAME}/kiali-operator`).
If this is the case, you need to point the manifests to your own image repository:

```
for csv in $(ls ${OPERATOR_DIR}/*/kiali.v*.yaml); do sed -i "s|mage: .\+-operator:|mage: quay.io/${QUAY_USERNAME}/kiali-operator:|g" ${csv}; done
```

Now upload the manifest bundles to your Quay.io app registry:

```
curl --silent -H "Content-Type: application/json" -H "Authorization: ${QUAY_TOKEN}" -XPOST "https://quay.io/cnr/api/v1/packages/${QUAY_USERNAME}/${PACKAGE_NAME}" -d '{"release":"'"${PACKAGE_VERSION}"'","media_type":"helm","blob":"'"$(tar cz ${OPERATOR_DIR} | base64 -w 0 | iconv -t utf-8)"'"}'
```

An alternative to that above curl command is to use `operator-courier`:

```
operator-courier push "$OPERATOR_DIR" "$QUAY_USERNAME" "$PACKAGE_NAME" "$PACKAGE_VERSION" "$QUAY_TOKEN"
```

Once this step has been completed, you should see your operator manifest bundle listed in your account's `Applications` tab.
If the application has a lock icon, it means your application is private and only you can see it or access it.
You can click through to the application and its Settings tab and select to make the application public. If you do not, you will
need to tell your OperatorSource what your Quay.io token is - the "Create OperatorSource" step below will tell you how to do that.

===== Push the other Service Mesh manifest bundles to Quay.io

Because we disabled/removed the redhat-operators earlier, you will probably want to publish your own copy of the Service Mesh manifest bundles (Service Mesh, Jaeger, ElasticSearch). Run the script code below to do this. Note that this requires link:https://stedolan.github.io/jq/download/[jq] to be installed.
You do not need to do this if you plan on installing Service Mesh or Istio through some other mechanism other than OLM.

```
export RH_PACKAGE_NAMESPACE="redhat-operators"
for op in elasticsearch-operator jaeger-product servicemeshoperator
do
export op
OP_RELEASE="$(curl --silent -H "Authorization: ${QUAY_TOKEN}" "https://quay.io/cnr/api/v1/packages?namespace=${RH_PACKAGE_NAMESPACE}" | jq '.[] | select(.name == $ENV.RH_PACKAGE_NAMESPACE + "/" + $ENV.op) | .default' -r)"
OP_DIGEST="$(curl --silent -H "Authorization: ${QUAY_TOKEN}" "https://quay.io/cnr/api/v1/packages/${RH_PACKAGE_NAMESPACE}/${op}/${OP_RELEASE}" | jq '.[0].content.digest' -r)"
OP_MANIFEST_TARBALL="/tmp/${RH_PACKAGE_NAMESPACE}-${op}-${OP_RELEASE}.tar.gz"
echo -n "Retrieving ${OP_MANIFEST_TARBALL} ... "
curl --silent -H "Authorization: ${QUAY_TOKEN}" "https://quay.io/cnr/api/v1/packages/${RH_PACKAGE_NAMESPACE}/${op}/blobs/sha256/${OP_DIGEST}" -o "$OP_MANIFEST_TARBALL"
echo "Done."
echo -n "Uploading ${OP_MANIFEST_TARBALL} ... "
curl --silent -H "Content-Type: application/json" -H "Authorization: ${QUAY_TOKEN}" -XPOST "https://quay.io/cnr/api/v1/packages/${QUAY_USERNAME}/${op}" -d '{"release":"'"${OP_RELEASE}"'","media_type":"helm","blob":"'"$(cat ${OP_MANIFEST_TARBALL} | base64 -w 0 | iconv -t utf-8)"'"}'
done
```

Once done, your Quay.io account will have its own copies of the Service Mesh operator manifests in your account's `Applications` tab.
The first time you do this, the applications will have a lock icon indicating your applications are private and only you can see them or access them.
You can click through to the applications and their Settings tabs and select to make the applications public. If you do not, you will
need to tell your OperatorSource what your Quay.io token is - the "Create OperatorSource" step below will tell you how to do that.

==== Create OperatorSource

If your applications were made public, tell OpenShift where your operator manifest bundles are via this OperatorSource:

```
cat <<EOF | oc apply -f -
apiVersion: operators.coreos.com/v1
kind: OperatorSource
metadata:
name: ${QUAY_USERNAME}-operators
namespace: openshift-marketplace
spec:
type: appregistry
endpoint: https://quay.io/cnr
registryNamespace: ${QUAY_USERNAME}
displayName: "${QUAY_USERNAME}'s Operators"
publisher: "${QUAY_USERNAME}"
EOF
```

If you left your applications private, then you must create a secret containing your Quay.io token and assign that secret to
the OperatorSource so OpenShift can authenticate with Quay.io:

```
cat <<EOF | oc apply -f -
---
apiVersion: v1
kind: Secret
metadata:
name: ${QUAY_USERNAME}-operators-secret
namespace: openshift-marketplace
type: Opaque
stringData:
token: "${QUAY_TOKEN}"
---
apiVersion: operators.coreos.com/v1
kind: OperatorSource
metadata:
name: ${QUAY_USERNAME}-operators
namespace: openshift-marketplace
spec:
type: appregistry
endpoint: https://quay.io/cnr
registryNamespace: ${QUAY_USERNAME}
displayName: "${QUAY_USERNAME}'s Operators"
publisher: "${QUAY_USERNAME}"
authorizationToken:
secretName: ${QUAY_USERNAME}-operators-secret
EOF
```

==== Verify the OperatorSource was processed correctly

```
oc get operatorsource ${QUAY_USERNAME}-operators -n openshift-marketplace
```

_At this point, the operator is ready to be installed. You can do so using the OpenShift UI or follow the rest of the instructions here to do it manually via 'oc' commands._

==== Set environment variable to declare where the operator will be deployed

```
KIALI_OPERATOR_NAMESPACE="openshift-operators"
```

==== Create OperatorGroup

Here's some docs on link:https://github.com/operator-framework/operator-lifecycle-manager/blob/master/doc/design/operatorgroups.md[OperatorGroup] resources.

You do not need to do this if you are putting the operator in `openshift-operators`. In that case, the operator will be considered with an InstallMode of AllNamespaces and will watch all namespaces for a Kiali CR.

If you want the operator to watch its own namespace (InstallMode of OwnNamespace), then create an OperatorGroup in the namespace where the operator is to be installed (i.e. in the namespace where the Subscription will be) and set the targetNamespace as the same namespace where the operator is to be installed. Note that targetNamespace is the namespace that will be watched by the operator and can be different from the namespace where the OperatorGroup is (this would be InstallMode of SingleNamespace).

```
cat <<EOF | oc apply -f -
apiVersion: operators.coreos.com/v1alpha2
kind: OperatorGroup
metadata:
name: kiali
namespace: ${KIALI_OPERATOR_NAMESPACE}
spec:
targetNamespaces:
- ${KIALI_OPERATOR_NAMESPACE}
EOF
```

==== Create Subscription to the Kiali operator

Create a Subscription to the version of the Kiali operator you want installed/upgraded.
The namespace where the Subscription is created is the namespace where the operator is installed.

If you plan on installing Service Mesh, you can skip this step since the Service Mesh operator
will install the Kiali operator automatically since Kiali is a dependency of Service Mesh.

```
KIALI_VERSION=1.0.0
cat <<EOF | oc apply -f -
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: kiali
namespace: ${KIALI_OPERATOR_NAMESPACE}
spec:
channel: stable
installPlanApproval: Automatic
name: ${PACKAGE_NAME}
source: ${QUAY_USERNAME}-operators
sourceNamespace: openshift-marketplace
startingCSV: kiali-operator.v${KIALI_VERSION}
EOF
```

==== Create Subscription to the Service Mesh operator

To install Service Mesh and its other components:

```
cat <<EOF | oc apply -f -
---
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: servicemeshoperator
namespace: ${KIALI_OPERATOR_NAMESPACE}
spec:
channel: '1.0'
installPlanApproval: Automatic
name: servicemeshoperator
source: ${QUAY_USERNAME}-operators
sourceNamespace: openshift-marketplace
EOF
```

==== Define where you want the control plane

```
CONTROL_PLANE_NAMESPACE="istio-system"
oc create namespace ${CONTROL_PLANE_NAMESPACE}
```

==== Create Service Mesh CR

If you want to install Service Mesh, run one of these commands to create the necessary CR.

* If you want Kiali enabled (which will create and manage the Kiali CR under the covers):

```
oc create -n ${CONTROL_PLANE_NAMESPACE} -f https://raw.githubusercontent.com/Maistra/istio-operator/maistra-1.0/deploy/examples/maistra_v1_servicemeshcontrolplane_cr_full.yaml
```

* If you want Kiali disabled (which will require you to create and manage the Kiali CR):

```
oc create -n ${CONTROL_PLANE_NAMESPACE} -f https://raw.githubusercontent.com/Maistra/istio-operator/maistra-1.0/deploy/examples/maistra_v1_servicemeshcontrolplane_cr_minimal.yaml
```

==== Create Kiali CR

If you are using Service Mesh, it will manage the Kiali CR for you. If you disabled Kiali within Service Mesh (or if you
are using upstream Istio that is not managing the Kiali CR), then you need to create one to install Kiali:

```
cat <<EOF | oc apply -f -
apiVersion: kiali.io/v1alpha1
kind: Kiali
metadata:
name: kiali
namespace: ${KIALI_OPERATOR_NAMESPACE}
annotations:
ansible.sdk.operatorframework.io/verbosity: "1"
spec:
deployment:
logger:
log_level: "debug"
namespace: ${CONTROL_PLANE_NAMESPACE}
EOF
```

==== Upgrade Operator

To upgrade to a new operator, upload a new manifest bundle (with a new package version and new CSV) to quay.io. At this point, you can wait for OLM to refresh (which happens once an hour) or `oc edit` or `oc patch` the OperatorSource and delete its status block, which should immediate force a rescan of quay. You can remove the status block using `oc patch` like this:

```
oc patch operatorsource ${QUAY_USERNAME}-operators -n openshift-marketplace -p '[{"op":"replace","path":"/status","value":{}}]' --type json
```
To test these manifests, use the `make olm-operator-create` target in the kiali/kiali repo. There are some environment variables you can set to control which manifest to use - see the `make/Makefile.olm.mk` file in the kiali/kiali repo.
2 changes: 1 addition & 1 deletion manifests/kiali-ossm/manifests/kiali.clusterserviceversion.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ spec:
icon:
- base64data: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDIyLjAuMSwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IkxheWVyXzEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4IgoJIHZpZXdCb3g9IjAgMCAxMjgwIDEyODAiIHN0eWxlPSJlbmFibGUtYmFja2dyb3VuZDpuZXcgMCAwIDEyODAgMTI4MDsiIHhtbDpzcGFjZT0icHJlc2VydmUiPgo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPgoJLnN0MHtmaWxsOiMwMTMxNDQ7fQoJLnN0MXtmaWxsOiMwMDkzREQ7fQo8L3N0eWxlPgo8Zz4KCTxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik04MTAuOSwxODAuOWMtMjUzLjYsMC00NTkuMSwyMDUuNS00NTkuMSw0NTkuMXMyMDUuNSw0NTkuMSw0NTkuMSw0NTkuMVMxMjcwLDg5My42LDEyNzAsNjQwCgkJUzEwNjQuNSwxODAuOSw4MTAuOSwxODAuOXogTTgxMC45LDEwMjkuMmMtMjE1LDAtMzg5LjItMTc0LjMtMzg5LjItMzg5LjJjMC0yMTUsMTc0LjMtMzg5LjIsMzg5LjItMzg5LjJTMTIwMC4xLDQyNSwxMjAwLjEsNjQwCgkJUzEwMjUuOSwxMDI5LjIsODEwLjksMTAyOS4yeiIvPgoJPHBhdGggY2xhc3M9InN0MSIgZD0iTTY1My4zLDI4NGMtMTM2LjQsNjAuNS0yMzEuNiwxOTcuMS0yMzEuNiwzNTZjMCwxNTguOCw5NS4yLDI5NS41LDIzMS42LDM1NmM5OC40LTg3LjEsMTYwLjQtMjE0LjMsMTYwLjQtMzU2CgkJQzgxMy43LDQ5OC4zLDc1MS42LDM3MS4xLDY1My4zLDI4NHoiLz4KCTxwYXRoIGNsYXNzPSJzdDEiIGQ9Ik0zNTEuOCw2NDBjMC0xMDkuOCwzOC42LTIxMC41LDEwMi44LTI4OS41Yy0zOS42LTE4LjItODMuNi0yOC4zLTEzMC0yOC4zQzE1MC45LDMyMi4yLDEwLDQ2NC41LDEwLDY0MAoJCXMxNDAuOSwzMTcuOCwzMTQuNiwzMTcuOGM0Ni4zLDAsOTAuNC0xMC4xLDEzMC0yOC4zQzM5MC4zLDg1MC41LDM1MS44LDc0OS44LDM1MS44LDY0MHoiLz4KPC9nPgo8L3N2Zz4K
mediatype: image/svg+xml
keywords: ['service-mesh', 'observability', 'monitoring', 'maistra', 'istio']
keywords: ['service-mesh', 'observability', 'monitoring', 'istio']
maintainers:
- name: Kiali Developers Google Group
email: [email protected]
Expand Down
Loading

0 comments on commit efd21f8

Please sign in to comment.