oc-monitord/README.md

# oc-monitor

## Deploy in k8s (dev)

While a registry with all of the OC docker images has not been set-up we can export this image to k3s ctr

> docker save oc-monitord:latest | sudo k3s ctr images import -

Then in the pod manifest for oc-monitord use : 

```
image: docker.io/library/oc-monitord
imagePullPolicy: Never
```

Not doing so will end up in the pod having a `ErrorImagePull`

## Allow argo to create services

In order for monitord to expose **open cloud services** on the node, we need to give him permission to create **k8s services**.

For that we can update the RBAC configuration for a role already created by argo : 

### Manually edit the rbac authorization 

> kubectl edit roles.rbac.authorization.k8s.io -n argo argo-role

In rules add a new entry : 

```
- apiGroups:
  - ""
  resources:  
  - services
    verbs:                                                                                                                                                          
    - get
    - create
```

### Patch the rbac authorization with a one liner 

> kubectl patch role argo-role -n argo --type='json' -p='[{"op": "add", "path": "/rules/-", "value": {"apiGroups": [""], "resources": ["services"], "verbs": ["get","create"]}}]'

### Check wether the modification is effective 

> kubectl auth can-i create services --as=system:serviceaccount:argo:argo -n argo

This command **must return "yes"**


# Notes features/admiralty-docker

- When executing monitord as a container we need to change any url with "localhost" to the container's host IP. 

  We can : 
  - declare a new parameter 'HOST_IP'
  - decide that no peer can have "http://localhost" as its url and use an attribute from the peer object or isMyself() from oc-lib if a peer is the current host.


## TODO

- [ ] Allow the front to known on which IP the service are reachable
  - currently doing it by using `kubectl get nodes -o wide`


### Adding ingress handling to support reverse proxing

- Test wether ingress-nginx is running or not
  - Do something if not found : stop running and send error log OR start installation
-
-												Initial commit

											
										
										
											2024-07-04 08:39:43 +02:00
+								# oc-monitor
-												launch oc-monitor locally or in a container

											
										
										
											2024-07-25 18:48:25 +02:00
+								## Deploy in k8s (dev)
 								While a registry with all of the OC docker images has not been set-up we can export this image to k3s ctr
-												Minimize code + docker + monitord naming

											
										
										
											2024-08-19 11:43:40 +02:00
+								> docker save oc-monitord:latest | sudo k3s ctr images import -
-												launch oc-monitor locally or in a container

											
										
										
											2024-07-25 18:48:25 +02:00
-												Minimize code + docker + monitord naming

											
										
										
											2024-08-19 11:43:40 +02:00
+								Then in the pod manifest for oc-monitord use :
-												launch oc-monitor locally or in a container

											
										
										
											2024-07-25 18:48:25 +02:00
 								```
-												Minimize code + docker + monitord naming

											
										
										
											2024-08-19 11:43:40 +02:00
+								image: docker.io/library/oc-monitord
-												launch oc-monitor locally or in a container

											
										
										
											2024-07-25 18:48:25 +02:00
+								imagePullPolicy: Never
 								```
-												Dev documentation

											
										
										
											2024-07-26 10:30:26 +02:00
+								Not doing so will end up in the pod having a `ErrorImagePull`
-												Create and update a k8s service for each processing with expose model

											
										
										
											2024-09-03 14:24:03 +02:00
+								## Allow argo to create services
 								In order for monitord to expose **open cloud services** on the node, we need to give him permission to create **k8s services**.
 								For that we can update the RBAC configuration for a role already created by argo :
 								### Manually edit the rbac authorization
 								> kubectl edit roles.rbac.authorization.k8s.io -n argo argo-role
 								In rules add a new entry :
 								```
 								- apiGroups:
 								  - ""
 								  resources:
 								  - services
 								    verbs:
 								    - get
 								    - create
 								```
 								### Patch the rbac authorization with a one liner
 								> kubectl patch role argo-role -n argo --type='json' -p='[{"op": "add", "path": "/rules/-", "value": {"apiGroups": [""], "resources": ["services"], "verbs": ["get","create"]}}]'
 								### Check wether the modification is effective
 								> kubectl auth can-i create services --as=system:serviceaccount:argo:argo -n argo
 								This command **must return "yes"**
-												Adapted some of the steps of the executeInside()'s method to work with the updated Admiralty environment, using execution id as namespace, serviceAccount naming convention and adding the serviceAccount in the workflow's YAML. Logging not working yet.

											
										
										
											2025-04-14 18:20:49 +02:00
+								# Notes features/admiralty-docker
 								- When executing monitord as a container we need to change any url with "localhost" to the container's host IP.
 								  We can :
 								  - declare a new parameter 'HOST_IP'
 								  - decide that no peer can have "http://localhost" as its url and use an attribute from the peer object or isMyself() from oc-lib if a peer is the current host.
-												How to set uo + TODO

											
										
										
											2024-09-03 15:56:16 +02:00
+								## TODO
-												Create and update a k8s service for each processing with expose model

											
										
										
											2024-09-03 14:24:03 +02:00
-												How to set uo + TODO

											
										
										
											2024-09-03 15:56:16 +02:00
+								- [ ] Allow the front to known on which IP the service are reachable
-												Added ingress todo

											
										
										
											2024-09-03 17:46:36 +02:00
+								  - currently doing it by using `kubectl get nodes -o wide`
 								### Adding ingress handling to support reverse proxing
 								- Test wether ingress-nginx is running or not
 								  - Do something if not found : stop running and send error log OR start installation
 								-