A Kubernetes operator to create and manage applications and control the lifecycle of applications.
This operator provides a Makefile
to run all the usual development tasks. If you simply run make
without any arguments, you'll get a list of available "targets".
To build the operator binary run:
make build
To test the code:
make test
Note: In order for the controller tests to run, follow the instructions for installing the Pact tools
To build the docker image of the operator one can run:
make docker-build
This will make a docker image called controller:latest
which might or might not be what you want. To override the name of the image build, specify it in the IMG
environment variable, e.g.:
IMG=quay.io/user/hasoperator:next make docker-build
To push the image to an image repository one can use:
make docker-push
The image being pushed can again be modified using the environment variable:
IMG=quay.io/user/hasoperator:next make docker-push
The Pact tests in the controller package require pact tooling to be installed and on your path. Follow these instructions to do so:
- Change directory to an appropriate folder (e.g.
/usr/local
) - Run
curl -fsSL https://raw.githubusercontent.com/pact-foundation/pact-ruby-standalone/master/install.sh | bash
- Add the pact tools' bin folder (e.g.
/usr/local/pact/bin
) to your path to your shell PATH. Ensure all binary files within thebin/
folder has executable permissions - Run
go install github.com/pact-foundation/pact-go@v1
to install thepact-go
tool - Run
pact-go install
to validate that all of the necessary Pact tools are installed
The following section outlines the steps to deploy HAS on a physical Kubernetes cluster.
- Install
OpenShift GitOps
from the in-cluster Operator Marketplace. oc -n openshift-gitops apply -f https://raw.githubusercontent.com/redhat-appstudio/infra-deployments/main/argo-cd-apps/base/build.yaml
As a user, upon creation of Component, Tekton resources would be created by the controller.
To use auto generated image repository for the Component's image add image.redhat.com/generate: "true"
annotation to the Component.
If you wish to get 'working' PipelineRuns with user provided image repository, create an image pull secret and link it to the pipeline
Service Account in the Component's namespace (in both secrets
and imagePullSecrets
sections).
See Kubernetes docs for more information on how to create Secrets
containing registry credentials.
Before deploying the operator, you must ensure that a secret, has-github-token
, exists in the namespace where HAS will be deployed. This secret must contain a key, tokens
, whose value points to a comma separated list, without spaces, of key-value pairs of token names and tokens, delimited by a colon.
For example, on OpenShift:
Or via command-line:
application-service % kubectl create secret generic has-github-token --from-literal=tokens=token1:ghp_faketoken,token2:ghp_anothertoken,token3:ghp_thirdtoken
Any token that is used here must have the following permissions set:
repo
delete_repo
In addition to this, each GitHub token must be associated with an account that has write access to the GitHub organization you plan on using with HAS (see next section).
HAS requires SPI to be set up in order to work with private git repositories.
See private-git-repos.md for information on setting up HAS and SPI for use with private git repositories.
Once a secret has been created, simply run the following commands to deploy HAS:
make install
make deploy
By default, HAS will use the redhat-appstudio-appdata
org for the creation of GitOps repositories. If you wish to use your own account, or a different GitHub org, setting GITHUB_ORG=<org>
before deploying will ensure that an alternate location is used.
For example:
GITHUB_ORG=fake-organization make deploy
would deploy HAS configured to use github.com/fake-organization.
By default, the production devfile registry URL will be used for ComponentDetectionQuery
. If you wish to use a different devfile registry, setting DEVFILE_REGISTRY_URL=<devfile registry url>
before deploying will ensure that an alternate devfile registry is used.
For example:
DEVFILE_REGISTRY_URL=https://myregistry make deploy
would deploy HAS configured to use https://myregistry.
Webhooks require self-signed certificates to validate the resources. To disable webhooks during local dev and testing, export ENABLE_WEBHOOKS=false
- HAS Project information page
- Every Prow job executed by the CI system generates an artifacts directory containing information about that execution and its results. This document describes the contents of this directory and how they can be used to investigate the steps by the job.
- For more information on the GitOps resource generation, please refer to the gitops-generation documentation
- Contract testing using a Pact framework is part of unit tests. Follow this documentation to learn more.
Please see our CONTRIBUTING for more information.