A Kubernetes operator to create and manage applications and control the lifecycle of applications.
This operator provides a Makefile to run all the usual development tasks. If you simply run make without any arguments, you'll get a list of available "targets".
To build the operator binary run:
make build
To test the code:
make test
To build the docker image of the operator one can run:
make docker-build
This will make a docker image called controller:latest which might or might not be what you want. To override the name of the image build, specify it in the IMG environment variable, e.g.:
IMG=quay.io/user/hasoperator:next make docker-build
To push the image to an image repository one can use:
make docker-push
The image being pushed can again be modified using the environment variable:
IMG=quay.io/user/hasoperator:next make docker-push
The following section outlines the steps to deploy HAS on a physical Kubernetes cluster.
- Install
OpenShift GitOpsfrom the in-cluster Operator Marketplace. oc -n openshift-gitops apply -f https://raw.githubusercontent.com/redhat-appstudio/infra-deployments/main/argo-cd-apps/base/build.yaml
As a user, upon creation of Component, Tekton resources would be created by the controller.
To use auto generated image repository for the Component's image add image.redhat.com/generate: "true" annotation to the Component.
If you wish to get 'working' PipelineRuns with user provided image repository, create an image pull secret and link it to the pipeline Service Account in the Component's namespace (in both secrets and imagePullSecrets sections).
See Kubernetes docs for more information on how to create Secrets containing registry credentials.
Before deploying the operator, you must ensure that a secret, has-github-token, exists in the namespace where HAS will be deployed. This secret must contain a key, tokens, whose value points to a comma separated list, without spaces, of key-value pairs of token names and tokens, delimited by a colon.
For example, on OpenShift:
Or via command-line:
application-service % kubectl create secret generic has-github-token --from-literal=tokens=token1:ghp_faketoken,token2:ghp_anothertoken,token3:ghp_thirdtokenAny token that is used here must have the following permissions set:
repodelete_repo
In addition to this, each GitHub token must be associated with an account that has write access to the GitHub organization you plan on using with HAS (see next section).
HAS requires SPI to be set up in order to work with private git repositories.
See private-git-repos.md for information on setting up HAS and SPI for use with private git repositories.
Once a secret has been created, simply run the following commands to deploy HAS:
make install
make deploy
By default, HAS will use the redhat-appstudio-appdata org for the creation of GitOps repositories. If you wish to use your own account, or a different GitHub org, setting GITHUB_ORG=<org> before deploying will ensure that an alternate location is used.
For example:
GITHUB_ORG=fake-organization make deploy would deploy HAS configured to use github.com/fake-organization.
By default, the production devfile registry URL will be used for ComponentDetectionQuery. If you wish to use a different devfile registry, setting DEVFILE_REGISTRY_URL=<devfile registry url> before deploying will ensure that an alternate devfile registry is used.
For example:
DEVFILE_REGISTRY_URL=https://myregistry make deploy would deploy HAS configured to use https://myregistry.
Webhooks require self-signed certificates to validate the resources. To disable webhooks during local dev and testing, export ENABLE_WEBHOOKS=false
- HAS Project information page
- Every Prow job executed by the CI system generates an artifacts directory containing information about that execution and its results. This document describes the contents of this directory and how they can be used to investigate the steps by the job.
- For more information on the GitOps resource generation, please refer to the gitops-generation documentation
Please see our CONTRIBUTING for more information.