core/oc-monitord
6
0
Fork 0
Code Issues 3 Pull Requests Packages Projects Releases Wiki Activity

updated README

Browse Source
This commit is contained in:
pb 2025-05-15 17:29:33 +02:00
parent 03675d09ae
commit 483f747754
3 changed files with 20 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
README.md
View File

@ -3,53 +3,24 @@
DO : DO :
make build make build
## Deploy in k8s (dev) ## Summary
While a registry with all of the OC docker images has not been set-up we can export this image to k3s ctr oc-monitord is a daemon which can be run :
- as a binary
- as a container
> docker save oc-monitord:latest | sudo k3s ctr images import - It is used to perform several actions regarding the execution of an Open Cloud workflow :
- generating a YAML file that can be interpreted by **Argo Workflow** to create and execute pods in a kubernetes environment
Then in the pod manifest for oc-monitord use : - setting up the different resources needed to execute a workflow over several peers/kubernetes nodes with **Admiralty** : token, secrets, targets and sources
- creating the workflow and logging the output from
``` - Argo watch, which gives informations about the workflow in general (phase, number of steps executed, status...)
image: docker.io/library/oc-monitord - Pods : which are the logs generated by the pods
imagePullPolicy: Never
```
Not doing so will end up in the pod having a `ErrorImagePull`
## Allow argo to create services
In order for monitord to expose **open cloud services** on the node, we need to give him permission to create **k8s services**.
For that we can update the RBAC configuration for a role already created by argo :
### Manually edit the rbac authorization
> kubectl edit roles.rbac.authorization.k8s.io -n argo argo-role
In rules add a new entry :
```
- apiGroups:
- ""
resources:
- services
verbs:
- get
- create
```
### Patch the rbac authorization with a one liner
> kubectl patch role argo-role -n argo --type='json' -p='[{"op": "add", "path": "/rules/-", "value": {"apiGroups": [""], "resources": ["services"], "verbs": ["get","create"]}}]'
### Check wether the modification is effective
> kubectl auth can-i create services --as=system:serviceaccount:argo:argo -n argo
This command **must return "yes"**
To execute, the daemon needs several options :
- **-u** :
- **-m** :
- **-d** :
- **-e** :
# Notes features/admiralty-docker # Notes features/admiralty-docker
@ -60,13 +31,15 @@ This command **must return "yes"**
- decide that no peer can have "http://localhost" as its url and use an attribute from the peer object or isMyself() from oc-lib if a peer is the current host. - decide that no peer can have "http://localhost" as its url and use an attribute from the peer object or isMyself() from oc-lib if a peer is the current host.
## TODO ## TODO
- [ ] Allow the front to known on which IP the service are reachable - [ ] Allow the front to known on which IP the service are reachable
- currently doing it by using `kubectl get nodes -o wide` - currently doing it by using `kubectl get nodes -o wide`
- [ ] Implement writing and reading from S3 bucket/MinIO when a data resource is linked to a compute resource.
### Adding ingress handling to support reverse proxing
### Adding ingress handling to support reverse proxing
- Test wether ingress-nginx is running or not - Test wether ingress-nginx is running or not
- Do something if not found : stop running and send error log OR start installation - Do something if not found : stop running and send error log OR start installation

BIN
docs/admiralty_naming_multi_peer.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 71 KiB

BIN
docs/admiralty_setup_schema.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 91 KiB