Events Service
This project provides a service that gives access to events generated by the OCM services.
Building Locally
Cloning
There is nothing special about cloning the source. But it is good to have an additional directory level to put files that are specific for this project but that you don’t want to commit to the source code repository. For example, instead of cloning the source in the /projects/ocm-events-mgmt directory clone it in /projects/ocm-events-mgmt/repository:
$ mkdir -p /projects/ocm-events-mgmt $ cd /projects/ocm-events-mgmt $ git clone [email protected]:service/ocm-events-mgmt.git repository
You can then put files like .envrc and my_config.yaml (see the sections below) in /projects/ocm-events-mgmt without worring about accidentally commiting them to repository, or accidentally removing them with make clean or git clean.
Installing Go
In order to make sure that you use the same version of Go that is used in the production environments it is recommended to install the binary release available in the Go downloads page. For example, to install version 1.16.8 in the same location used in the Jenkins environment, run the following commands as root:
# version=1.16.8
# curl -Lo /tmp/tarball https://golang.org/dl/go${version}.linux-amd64.tar.gz
# mkdir /usr/local/go${version}
# cd /usr/local/go${version}
# tar --strip-components 1 -xf /tmp/tarball
# rm -f /tmp/tarball
That will install the go binary in the /usr/local/go1.16.8 directory, so you will have to explicitly add it to the PATH environment variable:
export PATH="/usr/local/go1.16.8/bin:${PATH}"
Remember to add that to your .bashrc file (or similar) so that it will be done for all sessions and not just the current one.
Alternatively, if you are going to be using multiple versions of Go in the same machine, it is very convenient to use the direnv tool to have different environment variables for different directories. Install the direnv package and follow the instructions in the direnv manual page to configure it. Then create an .envrc file in your project directory with the following content:
export GOROOT="/usr/local/go1.16.8"
PATH_add "${GOROOT}/bin"
That will automatically prepare your environment to use that specific version of Go when you enter into the project directory.
If you are using an additional directory level as suggested in cloning section, then it is also good to have a GOPATH specific for the project, so you can have different versions of dependencies for different projects, and clean them without affecting other projects. Change your .envrc file so that it looks like this:
export GOROOT="/usr/local/go1.16.8"
export GOPATH="${PWD}/go"
PATH_add "${GOROOT}/bin"
PATH_add "${GOPATH}/bin"
That will put your dependencies, only for this project, in /projects/ocm-events-mgmt/go.
The version of Go used in the Jenkins environments is currently 1.16.8, try to use that in your local environment as well.
Building
To build the project run the make command.
To build the container image run the make image command.
Running Locally
Running the Service
To run the server use the server command with the same configuration file that you created to run the init command (see the previous section):
./events-mgmt server ~/my_config.yml
To verify that the server is working use the curl command:
$ curl http://localhost:8000/api/events_mgmt/v1/clusters | jq
That should return a 401 response like this, because it needs authentication:
{
"kind": "Error",
"id": "401",
"href": "/api/events_mgmt/v1/errors/401",
"code": "CLUSTERS-MGMT-401",
"reason": "Request doesn't contain the 'Authorization' header"
}
To use authentication use the ocm tool:
$ ocm login --token=... --url=http://localhost:8000 $ ocm get /api/events_mgmt/v1/clusters
That should return a 200 response with a body like this:
{
"kind": "ClusterList",
"page": 0,
"size": 0,
"total": 0,
"items": []
}
Deploying to a crc cluster
The recommended development environment for this project is a crc cluster. The versions supported are CRC 1.6 or higher and OpenShift 4.3 or higher. To install it follow the instructions available here.
The first time that you do this you will also need to configure your podman command so that it accepts the connections to the insecure internal registry of the cluster. For recent versions of podman make sure that you have the following in the /etc/containers/registries.conf file:
[[registry]]
location = 'default-route-openshift-image-registry.apps-crc.testing'
insecure = true
|
Note
|
Older versions of mixing sysregistry v1/v2 is not supported Then use the following configuration: [registries.insecure]
registries = ['default-route-openshift-image-registry.apps-crc.testing']
|
Once you have your crc cluster up and running log-in with the kubeadmin user:
$ oc login \
--username kubeadmin \
--password ... \
--insecure-skip-tls-verify=true \
https://api.crc.testing:6443The crc start command will print the password of the kubeadmin user. If you forgot you can find it by running crc console --credentials.
$ crc console --credentials -o json | jq -r .clusterConfig.adminCredentials.password |
oc login \
--username kubeadmin \
--insecure-skip-tls-verify=true \
https://api.crc.testing:6443Once you are logged-in to the crc cluster you will also have to log-in to its internal registry, as otherwise you will not be able to push images. To do so use the following command:
$ oc whoami --show-token |
podman login \
--username kubeadmin \
--password-stdin \
default-route-openshift-image-registry.apps-crc.testingThen the deploy target inside the Makefile can be used to build the binaries, build the images, push them to the internal registry of the cluster and deploy the service to the ocm-${USER} namespace.
To do that it is mandatory to use the client_id and client_secret Make variables. That variables should contain the credentials of the service account that the service will use to identify itself to other services, in particular to the authorization service. The credentials for client_id and client_secret are available in Vault for each environment. The account corresponding to that token needs to have the ClusterService role.
Once you have the client_id and client_secret you can deploy the application like this:
$ make client_id=... client_secret=... deploy
$ oc get pods -n ocm-$USER
NAME READY STATUS RESTARTS AGE
events-mgmt-f6b84bd96-ng2sh 1/1 Running 0 8m35sTo undeploy the application use the undeploy target:
$ make undeployThe deployment of the application also creates a route that you can use to access the API of the service:
$ oc get route events-mgmt
NAME HOST/PORT ...
events-mgmt events-mgmt.apps-crc.testing ...For example, to use the ocm command line tool (available here) you can do the following:
$ # Log-in to the API:
$ ocm login \
--token=... \
--url=https://events-mgmt.apps-crc.testing \
--insecure
$ # Get the list of events:
$ ocm get /api/events_mgmt/v1/events
