Deploy Eclipse Che into your OpenShift project using an APB.
-
Persistent Volumes
-
Kubernetes Service Catalog and Ansible Service Broker
## minishift with OpenShift 3.10 export MINISHIFT_ENABLE_EXPERIMENTAL=y && \ minishift config set iso-url centos && \ minishift start --memory=8gb --cpus=4 --disk-size=50g \ --network-nameserver 8.8.8.8 \ --openshift-version 3.10.0-rc.0 \ --extra-clusterup-flags "--enable=service-catalog,router,registry,web-console,persistent-volumes,rhel-imagestreams,automation-service-broker"
-
⚠️ ASB default configuration should be changed or Eclipse Che deployment will fail:- openshift sandbox_role must be set to
admin
(default isedit
) to create the correctRoleBindings
forche
ServiceAccount - dockerhub registry tag must be set to
canary
(default islatest
) to get the most recent build of the APB
# Edit ASB configuration oc edit cm/broker-config -n openshift-automation-service-broker --as system:admin # Rollout ASB to take config changes oc rollout latest dc/openshift-automation-service-broker -n openshift-automation-service-broker --as system:admin # Trigger APBs reload from the registries (see below for more details about the APB CLI) apb bootstrap
- openshift sandbox_role must be set to
- TLS
- Ephemeral storage
- Troubleshooting Che deployment:
# Use the following command to retrieve the provisioning logs oc get po --all-namespaces --as system:admin | grep eclipse-che-apb-prov | grep Running | awk '{print "oc logs --as system:admin -f -n "$1" "$2}' | bash - # It may be useful to look at ASB logs oc logs -f dc/openshift-automation-service-broker -n openshift-automation-service-broker --as system:admin # Or look at the provisioning pods oc get po --all-namespaces --as system:admin | grep eclipse-che-apb-prov
- Uninstall (deprovisioning) Che:
# Trigger serviceinstance deprovisioning oc get serviceinstance -n eclipse-che-apb | grep apb | awk '{ print $1 }' | xargs oc delete -n eclipse-che-apb serviceinstance # Follow the deprovisioning logs oc get po --all-namespaces --as system:admin | grep eclipse-che-apb-dep | grep Running | awk '{print "oc logs --as system:admin -f -n "$1" "$2}' | bash -
Using APB CLI
-
Install
apb
# Download and install the APB CLI bash script APB_URL=https://raw.githubusercontent.com/ansibleplaybookbundle/ansible-playbook-bundle/master/scripts/apb-docker-run.sh curl -sSL "${APB_URL}" > /usr/local/bin/apb && chmod +x /usr/local/bin/apb # The OpenShift user that will run the APB CLI should have enough privileges OS_USER=developer oc adm policy add-cluster-role-to-user cluster-admin "${OS_USER}" # On minishift, for apb CLI to work properly: eval $(minishift docker-env)
-
Build and push the APB to the local registry
⚠️ When using minishift a Docker deamon should run on the host as well as the one in the minishift VM. For example on OSX, Docker for Mac and minishift should be both running when executingapb
commands.git clone git@github.com:ansibleplaybookbundle/eclipse-che-apb.git cd eclipse-che-apb apb list # optional apb build apb push
To filter out APBs except local ones change the ASB config.
This is the fastest way to test the APB using the CLI:
- Setup the registry and the seviceaccount
# setup minishift export APB_NAME=eclipse-che-apb export OC_USER=`oc whoami` OC_PASS=`oc whoami -t` export REGISTRY=`oc get svc/docker-registry -n default --as system:admin --template '{{.spec.clusterIP}}:{{index .spec.ports 0 "port"}}'` oc new-project $APB_NAME docker login -u ${OC_USER} -p ${OC_PASS} ${REGISTRY} oc create sa apb oc adm policy add-role-to-user admin -z apb
- Build and push the APB image
docker build -t $APB_NAME . docker tag "${APB_NAME}" "${REGISTRY}/${APB_NAME}/${APB_NAME}" docker push "${REGISTRY}/${APB_NAME}/${APB_NAME}"
- Test the local image
oc run "${APB_NAME}-test" -it --restart='Never' --image "${REGISTRY}/${APB_NAME}/${APB_NAME}" --env "OPENSHIFT_TOKEN=${OC_PASS}" --env "OPENSHIFT_TARGET=https://kubernetes.default.svc" --env "POD_NAME=${APB_NAME}-test" --env "POD_NAMESPACE=${APB_NAME}" --overrides='{"apiVersion":"v1","spec":{"serviceAccountName":"apb"}}' -- test -e namespace=${APB_NAME}
- Deprovision
oc run "${APB_NAME}-dep" -it --restart='Never' --image "${REGISTRY}/${APB_NAME}/${APB_NAME}" --env "OPENSHIFT_TOKEN=${OC_PASS}" --env "OPENSHIFT_TARGET=https://kubernetes.default.svc" --env "POD_NAME=${APB_NAME}-dep" --env "POD_NAMESPACE=${APB_NAME}" --overrides='{"apiVersion":"v1","spec":{"serviceAccountName":"apb"}}' -- deprovision -e namespace=${APB_NAME}
- Cleanup
oc delete all -l app=che oc delete all -l app=keycloak oc rsh dc/postgresql-9.6-prod bash -c "dropdb dbche" && \ oc rsh dc/postgresql-9.6-prod bash -c "dropdb keycloak" && \ oc delete all --all && \ oc delete secret postgres && \ oc delete cm che && \ oc delete rolebinding che-admin && \ oc delete serviceaccount che
- Ansible Playbook Bundle - Getting Started
- Ansible Service Broker (ASB)
- APB CLI
- Ansible Kubernetes Module (depracated but it's still what we are using)
- Ansilbe k8s module
- Kubernetes Service Catalog
- Blog Post on APB development and testing