Allow Kubernetes Agent to be registered as a worker #655
Conversation
APErebus
changed the title
|
|
||
| ### Required | ||
|
|
||
| - `environments` (List of String) A list of environment IDs this Kubernetes agent can deploy to. |
There was a problem hiding this comment.
These are fields for the agent as deployment target. I think you may need to regenerate the docs
There was a problem hiding this comment.
yup - needs new docs.
| Default: false, | ||
| Type: schema.TypeBool, | ||
| }, | ||
| "worker_pool_ids": { |
There was a problem hiding this comment.
This is missing a description
|
|
||
| return map[string]*schema.Schema{ | ||
| "communication_styles": getQueryCommunicationStyles(), | ||
| "workers": { |
There was a problem hiding this comment.
Why is there a list of workers in the schema for a worker?
There was a problem hiding this comment.
This follows the same pattern we use in other schemas (eg schema_worker_pool) - the other fields represent filters you can specify when searching for worker pools - the workers object is the computed response of what was found in the search.
| Type: schema.TypeList, | ||
| } | ||
|
|
||
| delete(WorkerDataSchema, "communication_styles") |
There was a problem hiding this comment.
Curious why these fields need to be deleted from the worker data schema
There was a problem hiding this comment.
This is again somewhat of a copy-paste.
But - while you can search for workers via comms-style - that doesn't work for a kubernetes_agent_workers it just has no meaning - so there's no need to ask for it.
Why do we remove the workers? THAT is a different question and I need to investigate that :)
I suspect its because we've removed "workers" and replaced it with "kubernetes_agent_workers" insetad.
| "id": getIDSchema(), | ||
| "space_id": getSpaceIDSchema(), | ||
| "name": getNameSchema(true), | ||
| "communication_mode": { |
There was a problem hiding this comment.
Nit: Can we just exclude this field until there is support for more than one communication mode? We are going to have to come back and edit the description once that happens anyway
There was a problem hiding this comment.
In an attempt to keep it aligned with the k8s_deployment_target, I was going to leave it here.
integration_test.go
Outdated
| t.Fatalf("Space must have two workers (both KubernetesTentacles), instead found %v", resources.Items) | ||
| } | ||
|
|
||
| optionalAgentName := "minimum-agent" |
There was a problem hiding this comment.
minimalAgent_ is a better variable name since the other agent has the name "agent-with-optionals" and it can be confusing
| @@ -0,0 +1,17 @@ | |||
| resource "octopusdeploy_kubernetes_agent_worker" "agent_with_minimum" { | |||
| name = "minimum-agent" | |||
| worker_pool_ids = [octopusdeploy_static_worker_pool.workerpool_docker.id] | |||
There was a problem hiding this comment.
Perhaps it's overkill, but it would be nice to set more than one worker pool here and assert that the created worker has all the right worker pool ids associated with it.
I do also acknowledge the fact that these integration tests are more or less a sanity check to see if it all 'compiles and runs', and not meant to be an exhaustive check of all the field mappings..
integration_test.go
Outdated
| @@ -3848,3 +3848,64 @@ func TestTentacleCertificateResource(t *testing.T) { | |||
| return nil | |||
| }) | |||
| } | |||
|
|
|||
| func TestKubernetesAgentWorkerResource(t *testing.T) { | |||
There was a problem hiding this comment.
I think you'd want a test for the agent as worker data_source too. Have a look at the other integration tests that have a part two to them (e.g. 2-projectgroup and 2a-projectgroupds). The part two is for testing the data_source.
There was a problem hiding this comment.
Do we have docs in other places that give examples on how to use this terraform provider in conjunction with the helm provider to actually create the kubernetes agent/worker?
There was a problem hiding this comment.
no - not yet - we'll make docs along the lines of those used for the deployment-target docs
| Computed: true, | ||
| Description: "A list of kubernetes agent workers that match the filter(s).", | ||
| Elem: &schema.Resource{Schema: dataSchema}, | ||
| Optional: true, |
There was a problem hiding this comment.
There was a recent issue around deferring the reads for datasources. This only applies to the return list, TLDR is that optional should be false here.
There's more details on this PR
|
|
||
| communicationsMode := kubernetesAgent.Get("communication_mode").(string) | ||
| upgradeLocked := kubernetesAgent.Get("upgrade_locked").(bool) | ||
| var endpoint machines.IEndpoint = machines.NewKubernetesTentacleEndpoint(uri, thumbprint, upgradeLocked, communicationsMode, "") |
There was a problem hiding this comment.
I know very little about the Kubernetes agent, should the namespace be set here?
There was a problem hiding this comment.
The defaultNamespace is only applicable to the Kubernetes agent when it is operating as a deployment target. It defines the Kubernetes namespace to which applications get deployed.
In this case the Kubernetes agent is operating as a worker which means that it does not have this concept. The namespace that the worker itself resides in is defined separately using the namespace of the Helm installation.
| ### Required | ||
|
|
||
| - `name` (String) The name of this resource. | ||
| - `thumbprint` (String) The thumbprint of the Kubernetes agent's certificate used by server to verify the identity of the agent. This is the same thumbprint that was used when installing the agent. |
There was a problem hiding this comment.
Most other targets have thumbprint as optional. This is probably required for the agent vs other targets but just want to raise it to double check this is correct.
There was a problem hiding this comment.
It is required here because of the way the Kubernetes agent is installed as a polling Tentacle. Normally the agent sends its own thumbprint to Octopus server during installation where it registers itself as a target/worker. However, in the case of Terraform the resource in Octopus server is being created first so the exact thumbprint must be known ahead of time.
There was a problem hiding this comment.
LGTM, a couple of minor comments. I'm not too familiar with the agent so the actual shape of the resource/datasource. It would be good to get another review from someone who is more familiar with the SDK side of things but from what I can tell it all looks 👌 other than the few minor comments.
There was a problem hiding this comment.
Nice! Do note we will be moving this to the new terraform framework in the near future, therefore behaviour may change slightly. 🤷
As this change was in progress before the migration work for framework started let's merge it and we will target all future changes for framework. 🚀
This change is similar to work conducted when registering the k8s agent as a deployment target.
I.e. this change simply allows for a worker to be created in an OctopusDpeloy instance - it is not responsible for the actual helm installation.
THis change means that a worker-object can be created and initialized in an Octopus instance, and the values (certificate/name etc) can then be reused during the helm installation process (which is performed by the helm's TF provider).
When the helm install is performed, the installed worker sees that the required object in Ocotpus already exists, and does not register a second time.
This change means that the worker object, which represents the installed helm agent - is accessible from within the TF script if it requires further modification (enable/disable etc).