Skip to content

dywongcloud/rusternetes-openshift

Repository files navigation

Rusternetes OpenShift compatibility layer and console

This package is a buildable OpenShift-style compatibility layer for dylanwongtencent/rusternetes. It now includes a runnable console module, a seeded mock OpenShift environment, Kubernetes core API compatibility endpoints, OpenShift API primitives, OAuth-style login, local telemetry, and CRDs/manifests for Rusternetes integration.

What is included

  • No-dependency Rust HTTP server implementing OAuth discovery, token issue, bearer authentication, user identity, /api/v1, /apis/..., console APIs, telemetry APIs, and object persistence.
  • PatternFly-based OpenShift-style console SPA at /console/, with Administrator and Developer perspectives, OpenShift masthead/sidebar layout, OperatorHub, Installed Operators, Operator details, and UIPlugin management.
  • Mock environment enabled by default, seeded with realistic namespaces/projects, nodes, pods, deployments, services, routes, secrets, service accounts, RBAC, builds, imagestreams, events, OperatorHub packages, installed Operators, UIPlugins, monitoring objects, Tekton, Knative, and console configuration objects.
  • Console operations for list/create/view/edit/update/patch/delete/delete collection/export/filter/YAML apply/scale/status/logs/events/exec/attach/port-forward/token/build-start/build-clone/rollback/mock-reset/telemetry.
  • CRDs that let Rusternetes expose OpenShift primitives through its CRD fallback API server.
  • Bootstrap objects for Projects, OAuthClients, SecurityContextConstraints, Authentication/OAuth config objects, ClusterVersion, ClusterOperators, and console resources.
  • Example manifests for Route, BuildConfig, DeploymentConfig, and ProjectRequest.

Console functionality

The console is no longer only a themed shell. It is a dependency-free SPA that talks directly to the compatibility API server using the same bearer token as oc-style requests.

Console area Supported functionality
Authentication Username/password login against /oauth/token, token persistence, logout, current user read from /apis/user.openshift.io/v1/users/~
Project / namespace management Namespace selector, Project and Namespace CRUD, ProjectRequest creation, mock reset, cross-resource search
Workloads Pods, Deployments, DeploymentConfigs, ReplicaSets, StatefulSets, DaemonSets, Jobs, CronJobs; view/edit/delete/scale/status/logs/events/exec/rollback/start actions where applicable
Networking Services, Routes, Ingresses, NetworkPolicies, Endpoints, EndpointSlices; create/edit/delete/status/export/filter
Storage PVCs, PVs, StorageClasses
Config and security Secrets, ConfigMaps, ServiceAccounts, TokenRequest, Roles, RoleBindings, ClusterRoles, ClusterRoleBindings, SCCs, Users, Groups, OAuth clients/tokens
Builds and images BuildConfigs, Builds, build instantiate, build clone, build logs, ImageStreams, ImageStreamTags, Images, Templates
Operators and extensions OperatorHub, PackageManifests, CatalogSources, OperatorGroups, Subscriptions, InstallPlans, ClusterServiceVersions, Operator details tabs, UIPlugins, Console plugins/notifications/quick starts/CLI downloads/log links
Observe and telemetry Events, HPA, PDB, PodMonitors, Probes, PrometheusRules, ServiceMonitors, AlertmanagerConfigs, MonitoringStacks, local telemetry summary, local telemetry event stream, telemetry enable/disable
Developer perspective Topology view, +Add deploy form, project workloads, builds, pipelines, serverless, YAML editor, terminal command builder
API explorer Discovers /api/v1 and /apis resources and adds generic browser entries for discovered resources not hardcoded in the UI

Compatibility target

The server exposes both Kubernetes core APIs and OpenShift API groups:

API group Resources included
core/v1 via /api/v1 namespaces, nodes, pods, pods/log, pods/exec, pods/attach, pods/portforward, pods/eviction, services, serviceaccounts, serviceaccounts/token, secrets, configmaps, events, endpoints, persistentvolumeclaims, persistentvolumes, resourcequotas, limitranges
apps/v1 deployments, deployments/scale, replicasets, statefulsets, daemonsets
batch/v1 jobs, cronjobs
networking.k8s.io/v1 ingresses, networkpolicies
discovery.k8s.io/v1 endpointslices
storage.k8s.io/v1 storageclasses
rbac.authorization.k8s.io/v1 roles, rolebindings, clusterroles, clusterrolebindings
autoscaling/v1 horizontalpodautoscalers
policy/v1 poddisruptionbudgets
apiextensions.k8s.io/v1 customresourcedefinitions
route.openshift.io/v1 routes, routes/status
build.openshift.io/v1 buildconfigs, buildconfigs/instantiate, buildconfigs/instantiatebinary, builds, builds/log, builds/clone
apps.openshift.io/v1 deploymentconfigs, deploymentconfigs/status, deploymentconfigs/scale, deploymentconfigs/rollback, deploymentconfigs/instantiate
image.openshift.io/v1 imagestreams, imagestreamtags, images
template.openshift.io/v1 templates
project.openshift.io/v1 projects, projectrequests
security.openshift.io/v1 securitycontextconstraints
oauth.openshift.io/v1 oauthclients, oauthaccesstokens, oauthauthorizetokens, useroauthaccesstokens
user.openshift.io/v1 users, groups, identities, users/~
config.openshift.io/v1 authentications, oauths, ingresses, clusterversions, clusteroperators, consoles
operator.openshift.io/v1 ingresscontrollers
operators.coreos.com/v1 and operators.coreos.com/v1alpha1 operatorgroups, catalogsources, subscriptions, installplans, clusterserviceversions
packages.operators.coreos.com/v1 packagemanifests
monitoring.coreos.com/v1 and monitoring.coreos.com/v1alpha1 podmonitors, probes, prometheusrules, servicemonitors, alertmanagerconfigs
monitoring.rhobs/v1alpha1 monitoringstacks
observability.openshift.io/v1alpha1 uiplugins
tekton.dev/v1 pipelines, pipelineruns
serving.knative.dev/v1 services
console.openshift.io/v1 consoles, consoleplugins, consolenotifications, consolequickstarts, consoleclidownloads, consoleexternalloglinks

The CRDs preserve unknown fields so canonical OpenShift YAML can round-trip through Rusternetes even when a field is not interpreted by this compatibility server.

Build and run locally

cargo check
cargo run -p rusternetes-openshift-compat -- \
  --bind 127.0.0.1:8443 \
  --issuer http://127.0.0.1:8443 \
  --mock

Open the console:

http://127.0.0.1:8443/console/

Default development login:

kubeadmin / kubeadmin

Override it with:

export OPENSHIFT_ADMIN_USER=admin
export OPENSHIFT_ADMIN_PASSWORD='change-me'

Mock mode is enabled by default. Disable it with:

cargo run -p rusternetes-openshift-compat -- --no-mock
# or
OPENSHIFT_COMPAT_MOCK=false ./scripts/dev-run.sh

Smoke test

./scripts/smoke-test.sh

The smoke test verifies health, PatternFly console asset serving, OAuth password grant, users/~, Kubernetes /api/v1 discovery, namespaces, pods, Operator CSVs, UIPlugins, pod logs, pod exec, attach, port-forward, service account token request, deployment scaling, route create/status, build instantiate, console summary, telemetry write/read, and mock-environment status.

Use with Rusternetes

Rusternetes already has CRD handling and serves a web console from the API server. Apply the CRDs and bootstrap objects to expose OpenShift resource primitives through Rusternetes:

export KUBECONFIG=~/.kube/rusternetes-config
./scripts/install-crds.sh
kubectl api-resources | grep openshift.io
kubectl apply -f manifests/examples/route.yaml
kubectl get routes.route.openshift.io -n default

Copy the console overlay into a cloned Rusternetes checkout:

./scripts/copy-console-overlay.sh /path/to/rusternetes

For the standalone OAuth/console server, run:

./scripts/dev-run.sh

Docker/Podman

podman build -t rusternetes-openshift-compat:local -f Containerfile .
podman run --rm -p 8443:8443 \
  -e OPENSHIFT_ADMIN_PASSWORD=kubeadmin \
  -e OPENSHIFT_COMPAT_MOCK=true \
  rusternetes-openshift-compat:local \
  --bind 0.0.0.0:8443 --issuer http://127.0.0.1:8443

Important notes

This is working code and the included smoke test passes in this package. It is not a Red Hat OpenShift distribution and has not been certified against OpenShift conformance, payload, CVO, OAuth, router, build-controller, image-registry, monitoring, telemetry, Insights, or SCC admission test suites. The package provides broad OpenShift-compatible API shapes, a functional console, and mock/test fixtures; production-grade parity still requires Rusternetes or additional controllers/operators to reconcile the real cluster behavior behind those APIs.

rusternetes-openshift

About

an openshift compatiability layer for rusternetes + OpenShift Console implementation

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors