Introducing Ironic Operator
In this blog post, I would like to introduce a new project I've been working on recently as a background task. Ironic Operator is, as the name suggests, a Kubernetes operator that runs and manages Ironic. I would like it to replace the existing Kustomize YAMLs and bash scripts in Metal3 for a secure and streamlined operating experience.
I'm also going to share some facts I've learned about Kubernetes and express some (potentially unpopular) opinions about its design and the ecosystem. If you've always wanted to know what I think about TLS - read on for sure!
If you're not familiar with Metal3 or its relationship with Ironic, check my introduction to Metal3 first.
Why so difficult?
Ironic is a complex piece of software. This is necessarily so both because real hardware is hard and because Ironic has non-trivial networking interactions. While Metal3 has made using Ironic very accessible (even when at the cost of a reduced feature set), installing the project remains a daunting task.
Metal3 provides ironic-image - a container image for Ironic and its required services, which simplifies the task somewhat. But it is heavily based on Bash scripts and environment variables and thus is pretty fragile. Make a single mistake in the authentication configuration and oops! Your bare-metal management service is running without any authentication whatsoever. Such issues can and should be fixed, but that often involves even more scripting and even more environment variables that have to be provided correctly. There must be a better path.
Ironic Operator
And, as you may expect, Kubernetes has a solution. Or, as it's common in the Kubernetes world, a recommendation. Enter operators. Operators are Kubernetes controllers that manage deployment of software on Kubernetes. You create a resource that describes the software - the operator creates deployments, services, daemon sets and other low-level stuff. Nice, isn't it?
This is why ironic-operator was born. It encapsulates all the complexity around running a service for bare-metal provisioning over the network behind a couple of well documented custom resources.
Current design
This section describes how Ironic Operator is currently designed. If you come across this blog post a few years (or even months) after it was written, avoid using it as a reference guide - the things might and most likely have changed. Even at the time of writing, this section is not comprehensive: I'm purposedly omitting a few details here.
Custom resources
Deployed services
Unsolved problems
Lessons learned
Death by a thousand of helloworlds
Chekhov once wrote "Brevity is the sister of talent". In the colloquial Russian, we tend to phrase it "brev is sist of tal" to emphasize the point (and for the fun of it).