You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Right now the only way to check if the kubernets cluster/credentials that the kubernetes work type is configured to use are correctly configured/the cluster is reachable is to actually submit work, e.g. launch a pod.
In AWX, which uses the receptor kubernetes work type as the way ContainerGroups connect and launch work on k8s/ocp, this translates to the only way to test a ContainerGroup is to actually launch a job. If we had this type of check, we could implement a "Test Connection" or periodic health check for the ContainerGroup
I'm not sure if the best way is to add options to https://github.com/ansible/receptor/blob/devel/docs/source/k8s.rst#runtime-params and have the kubernetes work type simply do something other than launch a pod (e.g. run equivalent of kubectl auth can-i --list or kubectl cluster-info) that can be called on command to check if the config is good/a work submit ought to work.
Another possible option I can imagine is defining some kind of "kubernetes-peer" like "tcp-peer" https://github.com/ansible/receptor/blob/devel/docs/source/connecting_nodes.rst#connecting-nodes where we specify a named "kubernetes-peer" with specified authmethod like in the kubernetes work type. Then we can "ping" this peer and perhaps that "ping" action will provide the desired "check if I can actually reach this cluster and what permissions I have"
Ideally, I'd like to also know things about the capacity of the k8s/ocp cluster, but that can come as an additional feature request later.
The text was updated successfully, but these errors were encountered:
kdelee
changed the title
Add connection, permisison check to kuberenetes work type
Add connection, permisison check to kubernetes work type
Jan 7, 2022
Right now the only way to check if the kubernets cluster/credentials that the kubernetes work type is configured to use are correctly configured/the cluster is reachable is to actually submit work, e.g. launch a pod.
In AWX, which uses the receptor kubernetes work type as the way ContainerGroups connect and launch work on k8s/ocp, this translates to the only way to test a ContainerGroup is to actually launch a job. If we had this type of check, we could implement a "Test Connection" or periodic health check for the ContainerGroup
I'm not sure if the best way is to add options to https://github.com/ansible/receptor/blob/devel/docs/source/k8s.rst#runtime-params and have the kubernetes work type simply do something other than launch a pod (e.g. run equivalent of
kubectl auth can-i --list
orkubectl cluster-info
) that can be called on command to check if the config is good/a work submit ought to work.Another possible option I can imagine is defining some kind of "kubernetes-peer" like "tcp-peer" https://github.com/ansible/receptor/blob/devel/docs/source/connecting_nodes.rst#connecting-nodes where we specify a named "kubernetes-peer" with specified
authmethod
like in the kubernetes work type. Then we can "ping" this peer and perhaps that "ping" action will provide the desired "check if I can actually reach this cluster and what permissions I have"Ideally, I'd like to also know things about the capacity of the k8s/ocp cluster, but that can come as an additional feature request later.
The text was updated successfully, but these errors were encountered: