Adds support to deploy cyborg controlplane services#1102
Open
amoralej wants to merge 7 commits into
Open
Conversation
Using operator-sdk command: operator-sdk create api --group cyborg --version v1beta1 --kind Cyborg --resource --controller operator-sdk create api --group cyborg --version v1beta1 --kind CyborgAPI --resource --controller operator-sdk create api --group cyborg --version v1beta1 --kind CyborgConductor --resource --controller Signed-off-by: Alfredo Moralejo <amoralej@redhat.com>
Define CRD specs for Cyborg, CyborgAPI and CyborgConductor resources: - Add CyborgSpec with DB, RabbitMQ, Keystone and TLS configuration - Add CyborgAPISpec and CyborgConductorSpec with configSecret, replicas, resources, nodeSelector and TLS fields - Implement defaulting and validation webhooks for all three CRDs - Register CRDs in the operator scheme - Update CRD YAML manifests and CSV for OLM Reconcile and configuration logic will be created in next commits. Assisted-By: Claude Signed-off-by: Alfredo Moralejo <amoralej@redhat.com>
Add full reconcile logic for the Cyborg CR: - Manage RBAC resources (ServiceAccount, Role, RoleBinding) - Validate input password secret and RabbitMQ TransportURL secret - Create MariaDB database and run DB sync job via a batch Job - Register Cyborg service in Keystone - Create a sub-level secret aggregating DB credentials, transport URL and service password to be consumed by CyborgAPI and CyborgConductor - Track readiness via structured conditions on CyborgStatus - Add functional tests covering the full reconcile flow Assisted-By: Claude Signed-off-by: Alfredo Moralejo <amoralej@redhat.com>
Add full reconcile logic for the CyborgConductor CR: - Validate input from the config secret created by the Cyborg controller - Generate conductor config from templates (00-default.conf) - Create a StatefulSet to run cyborg-conductor pods - Track readiness (ReadyCount, conditions, hash, topology) - Expose IsReady and topology helpers on CyborgConductor type - Update CyborgConductorStatus with structured conditions and hash - Extend Cyborg controller to propagate conductor and check readiness upwards - Add functional tests for the conductor reconcile loop Assisted-By: Claude Signed-off-by: Alfredo Moralejo <amoralej@redhat.com>
Add full reconcile logic for the CyborgAPI CR: - Validate input from config secret provided by the Cyborg controller - Render WSGI/httpd and cyborg-api configuration templates - Create a StatefulSet for cyborg-api pods with TLS support - Register Keystone endpoints (public and internal) for the API - Track readiness (ReadyCount, conditions, hash, topology) - Expose IsReady and topology helpers on CyborgAPI type - Extend Cyborg controller to create CyborgAPI and check readiness upwards - Add functional tests covering the full API reconcile flow Assisted-By: Claude Signed-off-by: Alfredo Moralejo <amoralej@redhat.com>
Add an end-to-end kuttl test suite for the Cyborg operator: - Cleanup step to delete any pre-existing Cyborg CR before the test - Deploy step creating a full Cyborg CR (cyborg-kuttl) - Assert step verifying all conditions are True on Cyborg, CyborgAPI, CyborgConductor and MariaDBDatabase CRs - Error step covering missing-dependency failure scenarios - Register cyborg container images (api, conductor, agent) as default RELATED_IMAGE env vars in the manager deployment - Enable ENABLE_CYBORG=true in the CI webhook deploy script Assisted-By: Claude Signed-off-by: Alfredo Moralejo <amoralej@redhat.com>
Similar to for CyborgAPI and CyborgConductor and other OpenStack CRDs. Signed-off-by: Alfredo Moralejo <amoralej@redhat.com>
Contributor
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: amoralej The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/3a20fb346aa44e9d80abc0ba1ff8cdf5 ✔️ openstack-meta-content-provider SUCCESS in 2h 58m 29s |
Author
|
check-rdo |
cescgina
reviewed
May 4, 2026
| labels: | ||
| app.kubernetes.io/name: nova-operator | ||
| app.kubernetes.io/managed-by: kustomize | ||
| name: cyborg-cyborg-admin-role |
Contributor
There was a problem hiding this comment.
the existing roles for nova do not repeat the service name, e.g nova_admin_role, novaconductor_admin_role. If possible I think it would be good to use the same pattern for the cyborg roles
cescgina
reviewed
May 4, 2026
| // ensureTopology - when a Topology CR is referenced, remove the | ||
| // finalizer from a previous referenced Topology (if any), and retrieve the | ||
| // newly referenced topology object | ||
| func ensureTopology( |
Contributor
There was a problem hiding this comment.
this function seems to be an exact duplicate of
. This might be a question more for the nova-operator maintainers, but is there a way to reuse code between the controllers of different services?
cescgina
reviewed
May 4, 2026
| {{ end }} | ||
| auth_url = {{ .KeystoneAuthURL }} | ||
| interface = internal | ||
| {{ if (index . "Region") }}region_name = {{ index . "Region" }}{{ end }} |
Contributor
There was a problem hiding this comment.
nit: for readability, I think it would be better to have this condition in three lines like the one below
cescgina
reviewed
May 4, 2026
| } | ||
|
|
||
| // GetSampleTopologySpec - An opinionated Topology Spec sample used to | ||
| // test Nova components. It returns both the user input representation |
cescgina
reviewed
May 4, 2026
| # --- Sub-level secret (cyborg-kuttl) content --- | ||
| # transport_url must be a RabbitMQ URL created from the TransportURL CR | ||
| - script: | | ||
| oc get secret cyborg-kuttl -n nova-kuttl-default \ |
Contributor
There was a problem hiding this comment.
it would be best to use the $NAMESPACE variable instead of hardcoding the namespace value
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add support for OpenStack Cyborg (accelerator lifecycle management service) in nova-operator, introducing three new CRDs and their controllers.
oc get cyborg/cyborgapi/cyborgconductor.Assisted-By: Claude
Jira: OSPRH-27674