A Kubernetes operator for Kubernetes built with Operator SDK and Ansible for deploying and maintaining the lifecycle of your Ansible AI Connect application.
- Ansible AI Connect Operator
This operator is meant to provide a more Kubernetes-native installation method for Ansible AI Connect via an AnsibleAIConnect Custom Resource Definition (CRD). In the future, this operator will grow to be able to maintain the full life-cycle of an Ansible AI Connect deployment. Currently, it can handle fresh installs and upgrades.
Please visit our contributing guide which has details about how to set up your development environment.
- Install the kubernetes-based cluster of your choice:
Before you begin, you need to have a k8s cluster up. If you don't already have a k8s cluster, you can use minikube to start a lightweight k8s cluster locally by following these minikube test cluster docs.
Once you have a running Kubernetes cluster, you can deploy Ansible AI Connect Operator into your cluster using Kustomize. Since kubectl version 1.14 kustomize functionality is built-in (otherwise, follow the instructions here to install the latest version of Kustomize: https://kubectl.docs.kubernetes.io/installation/kustomize/)
Note
If you want to do a single-command install with no modifications, please see these docs here.
First, create a file called kustomization.yaml with the following content:
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- config/default
# Set the operator name, if necessary, and the new tag to be installed.
images:
- name: quay.io/ansible/ansible-ai-connect-operator
newTag: 0.0.1
# Specify a custom namespace in which to install AnsibleAIConnect
namespace: ansibleaiconnectYou can use kustomize directly to dynamically modify things like the operator deployment at deploy time. For more info, see the kustomize install docs.
Install the manifests by running this:
$ kubectl apply -k .Check that your operator pod is running, this may take about a minute.
$ kubectl get podsFull instructions for using an OpenShift ROSA cluster are here.
Full instructions for using a minikube cluster are here.
Go here
For information on how to upgrade, please see the upgrading document.
Ansible AI Connect can be configured to use an existing database. Here is an example
AnsibleAIConnect can be configured to use existing Secret's for both the auth_config_secret_name, model_config_secret_name, and chatbot_config_secret_name configuration. Here is an example
You can take advantage of the Operator Lifecycle Manager to deploy the operator. Here is an example
There are three variables that are customizable for the admin user account creation.
| Name | Description | Default |
|---|---|---|
admin_user |
Name of the admin user | admin |
admin_email |
email address of the admin user | [email protected] |
admin_password_secret |
Secret that contains the admin user password | Empty string |
⚠️ admin_password_secretmust be a Kubernetes secret and not your text clear password.
If admin_password_secret is not provided, the operator will look for a secret named <resourcename>-admin-password for the admin password. If it is not present, the operator will generate a password and create a Secret from it named <resourcename>-admin-password.
To retrieve the admin password, run kubectl get secret <resourcename>-admin-password -o jsonpath="{.data.password}" | base64 --decode ; echo
The secret should be formatted as follows:
---
apiVersion: v1
kind: Secret
metadata:
name: <resourcename>-admin-password
namespace: <target namespace>
stringData:
password: mysuperlongpasswordThis encryption key is used to encrypt sensitive data in the database.
| Name | Description | Default |
|---|---|---|
db_fields_encryption_secret |
Secret that contains the symmetric key for encryption | Generated |
⚠️ db_fields_encryption_secretmust be a Kubernetes secret and not your text clear secret value.
If db_fields_encryption_secret is not provided, the operator will look for a secret named <resourcename>-db-fields-encryption-secret for the encryption key. If it is not present, the operator will generate a secret value and create a Secret containing it named <resourcename>-db-fields-encryption-secret. It is important to not delete this secret as it will be needed for upgrades and if the pods get scaled down at any point. If you are using a GitOps flow, you will want to pass a secret key secret and not depend on the generated one.
The secret should be formatted as follows:
---
apiVersion: v1
kind: Secret
metadata:
name: custom-aiconnect-db-encryption-secret
namespace: <target namespace>
stringData:
secret_key: supersecuresecretkeyThen specify the name of the k8s secret on the AnsibleAIConnect spec:
---
spec:
...
db_fields_encryption_secret: custom-aiconnect-db-encryption-secretMaintainers of this repo need to carry out releases, triage issues, etc. There are docs for those types of administrative tasks in the docs/maintainer/ directory.
To release the AnsibleAIConnect Operator, see these docs: