Documentation for version: v0.2.0
Workload can be deployed to devices after they are registered with the
cluster. EdgeWorkload can be deployed only on edge devices in the same
namespace.
Note
When both methods are used in one EdgeWorkload, this one takes precedence over the selector-based one.
EdgeWorkload can be deployed on one chosen device by specifying its name in spec.device property.
For example, for EdgeDevice 242e48d0-286b-4170-9b97-95502066e6ae, following property should be set in EdgeWorkload yaml:
spec:
...
device: 242e48d0-286b-4170-9b97-95502066e6ae
...
EdgeWorkload can be installed on multiple devices using label selectors.
To deploy your workload using this method:
1) Label chosen EdgeDevice objects;
For example:
oc label edgedevice 242e48d0-286b-4170-9b97-95502066e6ae dc=emea
2) Select dc=emea label in the EdgeWorkload specification:
spec:
deviceSelector:
matchLabels:
dc: emea
or
spec:
deviceSelector:
matchExpressions:
- key: dc
operator: In
values: [emea]
The second approach can be used for matching multiple values of one label. For example:
spec:
deviceSelector:
matchExpressions:
- key: dc
operator: In
values: [emea, apac]
3) Create the EdgeWorkload in the cluster:
kubectl apply -f your-workload.yaml
To check statuses of all workloads deployed to an edge device:
kubectl get edgedevice <edge device name> -ojsonpath="{range .status.workloads[*]}{.name}{':\t'}{.phase}{'\n'}{end}"
To list all devices having chosen workload deployed:
oc get edgedevice -l workload/<workload-name>="true"
EdgeDevice is labeled with workload/<workload-name>="true" when EdgeWorkload is added to it.
Container images used by EdgeWorkloads may be hosted in private, protected
repositories requiring clients to present correct credentials. Users can provide
said credentials to Flotta operator as a Secret referred to by an
EdgeWorkload.
Secret should contain correct docker auth file under the .dockerconfigjson key:
apiVersion: v1
kind: Secret
metadata:
name: pull-secret
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: ewoJImF1dGhzIjogewoJCSJxdWF5LmlvIjogewoJCQkiYXV0aCI6ICJabTl2SUdKaGNpQm1iMjhnWW1GeUNnPT0iCgkJfQoJfQp9Cg==
where .dockerconfigjson is a base64 encoded Docker auth file JSON:
{
"auths": {
"quay.io": {
"auth": "Zm9vIGJhciBmb28gYmFyCg=="
}
}
}
The above JSON can be taken from file created by running podman login, docker
login or similar.
Secret created above must be placed in the same namespace as EdgeWorkload
using it.
Reference to the above Secret in an EdgeWorkload spec:
spec:
imageRegistries:
secretRef:
name: pull-secret
Auto update containers according to their auto-update policy.
Auto-update looks up containers with a specified io.containers.autoupdate
label. This label is set by the flotta-operator. Flotta-operator looks up
labels on EdgeWorkloads CR prefixed by podman/ string. If such label is
found it’s propageted to the podman pod and containers.
If the label is present and set to registry, Podman reaches out to the corresponding registry to check if the image has been updated. The label image is an alternative to registry maintained for backwards compatibility. An image is considered updated if the digest in the local storage is different than the one of the remote image. If an image must be updated, Podman pulls it down and restarts the systemd unit executing the container.
If ImageRegistries.AuthFileSecret is defined, Podman reaches out to the
corresponding authfile when pulling images.
Edgedevice start the podman-auto-update.timer which is responsible for
executing the podman-auto-update.service. This unit is triggered daily.
To create a Edgeworkload with auto-update feature enabled define following label:
apiVersion: management.project-flotta.io/v1alpha1
kind: EdgeWorkload
metadata:
name: nginx
labels:
podman/io.containers.autoupdate: registry
spec:
deviceSelector:
matchLabels:
device: local
type: pod
pod:
spec:
containers:
- name: nginx
image: quay.io/bitnami/nginx:1.20
To change the verbosity of the logger, the user can update the value of the LOG_LEVEL field.
Admitted values are: debug, info, warn, error, dpanic, panic, and fatal.
Refer to zapcore docs for details on each log level.
For example:
kubectl patch cm -n flotta flotta-manager-config \
--type merge \
--patch '{"data":{"LOG_LEVEL": "debug"}}'
In case of:
LOG_LEVEL field and manually restart the operator.