Skip to content

Understack Workflows

Understack Workflows is a collection of code, scripts, container definitions centered around Argo Workflows and Argo Events to drive automated operations based on events and other triggers in the system.

Tools/Applications Used

Argo Events

Argo Events is a Kubernetes-native event-driven automation framework. We can use Argo Events to trigger automations processes from any of the internal Understack and external sources.

Kubernetes Resources

Due to the scoping of resources into different namespaces in the deployment it is also split into multiple namespaces.

The resources here are grouped together by function.

eventbus
Argo Events uses an event bus to enqueue messages to process.
eventsources
These define how Argo Events will receive or consume messages, transform them into cloud events, and post them on the eventbus.
serviceaccounts
Kubernetes Service Accounts that workflows will run as.
sensors
Defines how events are processed on the eventbus and the triggers, like workflow execution, happens as a result. Sensors define what rules an event must match to cause a trigger to occur.
secrets
Defines secrets needed by sensors or workflows.
workflowtemplates
Defines the workflows that are provided to be executed in the system.

workflows/openstack

This is where Kubernetes manifests are stored for interacting with resources in the openstack namespace.

The resources managed here are:

  1. A RabbitMQ user named argo on the OpenStack RabbitMQ cluster, which has permissions to listen for notifications from OpenStack components. At this time it is listening to keystone and ironic only.

  2. External Secrets Secret Store to allow access the following secrets:

    • an OpenStack user our workflows can use
    • a Nautobot token our workflows can use

  3. An Argo Events Event Bus to push the received notifications into.

  4. A Kubernetes Service account sensor-submit-workflow which allows an Argo Events Trigger from a Sensor to read look up Argo Workflows Workflow Templates and use them to execute a Workflow.
  5. An Argo Events Sensors and Triggers that execute workflows.

workflows/argo-events

This is where Kubernetes manifests are stored for the actual workflow templates.

  1. A webhook for a Nautobot Webhook to submit events to Argo Workflows.
  2. An Argo Events Event Bus to push the received notifications into.
  3. A Kubernetes Service account sensor-submit-workflow which allows an Argo Events Trigger from a Sensor to read look up Argo Workflows Workflow Templates and use them to execute a Workflow.
  4. A Kubernetes Role Binding allowing the sensor-submit-workflow Service Account access it needs to run Workflows.
  5. An Argo Events Sensors and Triggers that execute workflows.
  6. Workflow Templates

Containers and Source Code

There are a number of containers built and used which are defined under the containers top level path.

python/understack-workflows

The code that is installed into the ironic-nautobot-client container which is used for many of the workflows lives here.