diff --git a/README.md b/README.md index ab087aee6..f2e44924f 100644 --- a/README.md +++ b/README.md @@ -8,4 +8,3 @@ Documentation [https://ibm-mas.github.io/gitops/](https://ibm-mas.github.io/gitops/) [https://github.com/ibm-mas/gitops-demo/tree/002](https://github.com/ibm-mas/gitops-demo/tree/002) - diff --git a/cluster-applications/000-efs-csi-driver/Chart.yaml b/cluster-applications/000-efs-csi-driver/Chart.yaml new file mode 100644 index 000000000..81302dec2 --- /dev/null +++ b/cluster-applications/000-efs-csi-driver/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: efs-csi-driver +description: Configures AWS EFS CSI Driver +type: application +version: 1.0.0 + +dependencies: +- name: junitreporter + version: 1.0.0 + repository: "file://../../sub-charts/junitreporter/" + condition: junitreporter.devops_mongo_uri != "" \ No newline at end of file diff --git a/cluster-applications/000-efs-csi-driver/README.md b/cluster-applications/000-efs-csi-driver/README.md new file mode 100644 index 000000000..214541673 --- /dev/null +++ b/cluster-applications/000-efs-csi-driver/README.md @@ -0,0 +1,3 @@ +EFS CSI Driver +=============================================================================== + diff --git a/cluster-applications/000-efs-csi-driver/templates/aws-efs-cloud-credentials.yaml b/cluster-applications/000-efs-csi-driver/templates/aws-efs-cloud-credentials.yaml new file mode 100644 index 000000000..2b69c119d --- /dev/null +++ b/cluster-applications/000-efs-csi-driver/templates/aws-efs-cloud-credentials.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Secret +metadata: + name: aws-efs-cloud-credentials + namespace: openshift-cluster-csi-drivers + annotations: + cloudcredential.openshift.io/secret-sync: "true" +type: Opaque +stringData: + credentials: | + [default] + role_arn = {{ .Values.role_arn }} + web_identity_token_file = /var/run/secrets/openshift/serviceaccount/token diff --git a/cluster-applications/000-efs-csi-driver/templates/efs-csi-driver.yml b/cluster-applications/000-efs-csi-driver/templates/efs-csi-driver.yml new file mode 100644 index 000000000..da48423fa --- /dev/null +++ b/cluster-applications/000-efs-csi-driver/templates/efs-csi-driver.yml @@ -0,0 +1,6 @@ +apiVersion: operator.openshift.io/v1 +kind: ClusterCSIDriver +metadata: + name: efs.csi.aws.com +spec: + managementState: Managed diff --git a/cluster-applications/000-efs-csi-driver/templates/efs-csi-subscription.yml b/cluster-applications/000-efs-csi-driver/templates/efs-csi-subscription.yml new file mode 100644 index 000000000..e1af25912 --- /dev/null +++ b/cluster-applications/000-efs-csi-driver/templates/efs-csi-subscription.yml @@ -0,0 +1,14 @@ +--- +apiVersion: operators.coreos.com/v1alpha1 +kind: Subscription +metadata: + labels: + operators.coreos.com/aws-efs-csi-driver-operator.openshift-cluster-csi-drivers: "" + name: aws-efs-csi-driver-operator + namespace: openshift-cluster-csi-drivers +spec: + channel: "{{ .Values.channel }}" + installPlanApproval: Automatic + name: aws-efs-csi-driver-operator + source: "{{ .Values.catalog_source }}" + sourceNamespace: "{{ .Values.catalog_source_namespace }}" diff --git a/cluster-applications/000-efs-csi-driver/templates/operator-group.yml b/cluster-applications/000-efs-csi-driver/templates/operator-group.yml new file mode 100644 index 000000000..d042a5088 --- /dev/null +++ b/cluster-applications/000-efs-csi-driver/templates/operator-group.yml @@ -0,0 +1,6 @@ +--- +apiVersion: operators.coreos.com/v1 +kind: OperatorGroup +metadata: + name: openshift-cluster-csi-drivers-operator-group + namespace: openshift-cluster-csi-drivers diff --git a/cluster-applications/000-efs-csi-driver/values.yaml b/cluster-applications/000-efs-csi-driver/values.yaml new file mode 100644 index 000000000..ed97d539c --- /dev/null +++ b/cluster-applications/000-efs-csi-driver/values.yaml @@ -0,0 +1 @@ +--- diff --git a/cluster-applications/000-image-mirroring/Chart.yaml b/cluster-applications/000-image-mirroring/Chart.yaml new file mode 100644 index 000000000..44b760917 --- /dev/null +++ b/cluster-applications/000-image-mirroring/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: image-mirroring +description: Establishes resources necessary to support image mirroring via an ImageDigestMirrorSet +type: application +version: 1.0.0 + +dependencies: +- name: junitreporter + version: 1.0.0 + repository: "file://../../sub-charts/junitreporter/" + condition: junitreporter.devops_mongo_uri != "" \ No newline at end of file diff --git a/cluster-applications/000-image-mirroring/README.md b/cluster-applications/000-image-mirroring/README.md new file mode 100644 index 000000000..d6b2945cf --- /dev/null +++ b/cluster-applications/000-image-mirroring/README.md @@ -0,0 +1,7 @@ +MAS Image Mirroring +=============================================================================== + +Establishes resources necessary to support image mirroring via an ImageDigestMirrorSet: + +- `ecr-token-rotator` CronJob that rotates the ECR login token and injects it into the global pull-secret. +- `mas-ecr` `ImageDigestMirrorSet that redirects all image pulls fromn icr.io and cp.icr.io to ECR \ No newline at end of file diff --git a/cluster-applications/000-image-mirroring/templates/01-aws_Secret.yaml b/cluster-applications/000-image-mirroring/templates/01-aws_Secret.yaml new file mode 100644 index 000000000..53d2dea9c --- /dev/null +++ b/cluster-applications/000-image-mirroring/templates/01-aws_Secret.yaml @@ -0,0 +1,17 @@ +--- +kind: Secret +apiVersion: v1 +metadata: + name: aws + annotations: + argocd.argoproj.io/sync-wave: "00" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +stringData: + aws_access_key_id: {{ .Values.aws_access_key_id }} + aws_secret_access_key: {{ .Values.aws_secret_access_key }} + aws_default_region: {{ .Values.region_id }} +type: Opaque + diff --git a/cluster-applications/000-image-mirroring/templates/04-ecr-token-updater_CronJob.yaml b/cluster-applications/000-image-mirroring/templates/04-ecr-token-updater_CronJob.yaml new file mode 100644 index 000000000..91f6f64d5 --- /dev/null +++ b/cluster-applications/000-image-mirroring/templates/04-ecr-token-updater_CronJob.yaml @@ -0,0 +1,136 @@ +{{- if not (empty .Values.ecr_host) }} + +{{- $_cli_image_digest := "sha256:1b88f88a1a719d006ea1f4b8dcfd1c2625fa7ecc529c3267e7b4b6afaa1c8da0" }} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ecr-token-updater-role + annotations: + argocd.argoproj.io/sync-wave: "02" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - update + - patch + +--- +# Service account that is authorized to read k8s secrets (needed by the job) +kind: ServiceAccount +apiVersion: v1 +metadata: + name: "ecr-token-updater-sa" + annotations: + argocd.argoproj.io/sync-wave: "02" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} + + +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ecr-token-updater-rolebinding + annotations: + argocd.argoproj.io/sync-wave: "03" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +subjects: + - kind: ServiceAccount + name: ecr-token-updater-sa +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ecr-token-updater-role + + +--- +kind: CronJob +apiVersion: batch/v1 +metadata: + name: "ecr-token-updater" + annotations: + argocd.argoproj.io/sync-wave: "05" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +spec: + schedule: '0 */11 * * *' + suspend: false + concurrencyPolicy: Forbid + jobTemplate: + spec: + template: + metadata: +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 12 }} +{{- end }} + spec: + restartPolicy: OnFailure + serviceAccountName: "ecr-token-updater-sa" + containers: + - name: "ecr-token-updater" + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} + imagePullPolicy: IfNotPresent + env: + - name: REGION_ID + value: {{ .Values.region_id }} + - name: ECR_HOST + value: {{ .Values.ecr_host }} + - name: AWS_REGION + valueFrom: + secretKeyRef: + name: aws + key: aws_default_region + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: aws + key: aws_access_key_id + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: aws + key: aws_secret_access_key + command: + - /bin/sh + - -c + - | + set -euo pipefail + + echo "- Get ECR Token" + ECR_TOKEN=$(aws ecr get-login-password --region ${REGION_ID}) + ECR_AUTH="AWS:${ECR_TOKEN}" + ECR_AUTH_B64=$(echo "${ECR_AUTH}" | base64 -w0 ) + + echo "- Update .dockerconfigjson" + # Get the current pull-secret and update .dockerconfigjson with the ECR auth + UPDATED_DOCKERCONFIGJSON=$( + oc get secret pull-secret \ + -n openshift-config \ + -o json | \ + jq -r '.data[".dockerconfigjson"]' | \ + base64 -d | \ + jq '.auths["'${ECR_HOST}'"] = {"auth": "'${ECR_AUTH_B64}'"}' + ) + + echo "- Update pull-secret" + oc set data secret/pull-secret \ + -n openshift-config \ + .dockerconfigjson="${UPDATED_DOCKERCONFIGJSON}" +{{- end }} diff --git a/cluster-applications/000-image-mirroring/templates/04-mas_ImageDigestMirrorSet.yaml b/cluster-applications/000-image-mirroring/templates/04-mas_ImageDigestMirrorSet.yaml new file mode 100644 index 000000000..46891916f --- /dev/null +++ b/cluster-applications/000-image-mirroring/templates/04-mas_ImageDigestMirrorSet.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: config.openshift.io/v1 +kind: ImageDigestMirrorSet +metadata: + name: mas-ecr +spec: + imageDigestMirrors: + - mirrorSourcePolicy: NeverContactSource + mirrors: + - "{{ .Values.ecr_host }}/{{ .Values.repo_path_prefix }}" + source: icr.io + - mirrorSourcePolicy: NeverContactSource + mirrors: + - "{{ .Values.ecr_host }}/{{ .Values.repo_path_prefix }}" + source: cp.icr.io +{{- if .Values.additional_image_digest_sources }} +{{- range $i, $value := .Values.additional_image_digest_sources }} + - mirrors: + - "{{ $.Values.ecr_host }}/{{ $.Values.repo_path_prefix }}" + - "{{ $.Values.ecr_host }}/{{ $.Values.repo_path_prefix }}/cp" + source: {{ $value }} +{{- end }} +{{- end }} + \ No newline at end of file diff --git a/cluster-applications/000-image-mirroring/templates/04-mas_ImageTagMirrorSet.yaml b/cluster-applications/000-image-mirroring/templates/04-mas_ImageTagMirrorSet.yaml new file mode 100644 index 000000000..90bf917f6 --- /dev/null +++ b/cluster-applications/000-image-mirroring/templates/04-mas_ImageTagMirrorSet.yaml @@ -0,0 +1,15 @@ +{{- if .Values.additional_image_tag_sources }} +--- +apiVersion: config.openshift.io/v1 +kind: ImageTagMirrorSet +metadata: + name: mas-ecr-dev +spec: + imageTagMirrors: + {{- range $i, $value := .Values.additional_image_tag_sources }} + - mirrors: + - "{{ $.Values.ecr_host }}/{{ $.Values.repo_path_prefix }}" + - "{{ $.Values.ecr_host }}/{{ $.Values.repo_path_prefix }}/cp" + source: "{{ $value }}" + {{- end }} +{{- end }} \ No newline at end of file diff --git a/cluster-applications/000-image-mirroring/values.yaml b/cluster-applications/000-image-mirroring/values.yaml new file mode 100644 index 000000000..c035d86ad --- /dev/null +++ b/cluster-applications/000-image-mirroring/values.yaml @@ -0,0 +1,23 @@ +--- +# Non-expiring IAM credentials for user with policy +# { +# Sid = "ECR" +# Effect = "Allow" +# Action = [ +# "ecr:GetAuthorizationToken", +# "ecr:BatchGetImage", +# "ecr:GetDownloadUrlForLayer" +# ] +# Resource = [ +# "*" +# ] +# } + +# aws_access_key_id: +# aws_secret_access_key + + +# ecr_host: xxxxxx.dkr.ecr.us-gov-east-1.amazonaws.com +# repo_path_prefix: "250731" +# additional_image_digest_sources: ["somehost.com/repo"] +# additional_image_tag_sources: ["somehost.com/repo"] diff --git a/cluster-applications/000-job-cleaner/templates/04-jobcleaner_CronJob.yaml b/cluster-applications/000-job-cleaner/templates/04-jobcleaner_CronJob.yaml index 7d1f31287..34d520057 100644 --- a/cluster-applications/000-job-cleaner/templates/04-jobcleaner_CronJob.yaml +++ b/cluster-applications/000-job-cleaner/templates/04-jobcleaner_CronJob.yaml @@ -90,7 +90,7 @@ spec: spec: containers: - name: "mas-saas-job-cleaner" - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent command: - /bin/sh diff --git a/cluster-applications/010-redhat-cert-manager/templates/02-cert-manager_Subscription.yaml b/cluster-applications/010-redhat-cert-manager/templates/02-cert-manager_Subscription.yaml index 61275498b..733e197b7 100644 --- a/cluster-applications/010-redhat-cert-manager/templates/02-cert-manager_Subscription.yaml +++ b/cluster-applications/010-redhat-cert-manager/templates/02-cert-manager_Subscription.yaml @@ -17,6 +17,4 @@ spec: installPlanApproval: {{ .Values.redhat_cert_manager_install_plan | default "Automatic" | quote }} name: openshift-cert-manager-operator source: redhat-operators - sourceNamespace: openshift-marketplace - - + sourceNamespace: openshift-marketplace \ No newline at end of file diff --git a/cluster-applications/010-redhat-cert-manager/templates/04-postsync-update-sm_Job.yaml b/cluster-applications/010-redhat-cert-manager/templates/04-postsync-update-sm_Job.yaml index 69ddb40cf..6e78d91e5 100644 --- a/cluster-applications/010-redhat-cert-manager/templates/04-postsync-update-sm_Job.yaml +++ b/cluster-applications/010-redhat-cert-manager/templates/04-postsync-update-sm_Job.yaml @@ -178,7 +178,7 @@ spec: spec: containers: - name: run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/cluster-applications/020-ibm-dro/templates/06-marketplaceconfig_Marketplaceconfig.yaml b/cluster-applications/020-ibm-dro/templates/06-marketplaceconfig_Marketplaceconfig.yaml index 1949ffac1..ff87d47e4 100644 --- a/cluster-applications/020-ibm-dro/templates/06-marketplaceconfig_Marketplaceconfig.yaml +++ b/cluster-applications/020-ibm-dro/templates/06-marketplaceconfig_Marketplaceconfig.yaml @@ -11,5 +11,6 @@ metadata: {{ .Values.custom_labels | toYaml | indent 4 }} {{- end }} spec: + installIBMCatalogSource: false license: - accept: true \ No newline at end of file + accept: true diff --git a/cluster-applications/020-ibm-dro/templates/08-postsync-update-sm_Job.yaml b/cluster-applications/020-ibm-dro/templates/08-postsync-update-sm_Job.yaml index 1db192a28..1d192b446 100644 --- a/cluster-applications/020-ibm-dro/templates/08-postsync-update-sm_Job.yaml +++ b/cluster-applications/020-ibm-dro/templates/08-postsync-update-sm_Job.yaml @@ -160,7 +160,7 @@ spec: spec: containers: - name: run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/cluster-applications/021-ibm-dro-cleanup/templates/postdelete-MarketplaceConfigs.yaml b/cluster-applications/021-ibm-dro-cleanup/templates/postdelete-MarketplaceConfigs.yaml index fc8814aaa..9cd78ba61 100644 --- a/cluster-applications/021-ibm-dro-cleanup/templates/postdelete-MarketplaceConfigs.yaml +++ b/cluster-applications/021-ibm-dro-cleanup/templates/postdelete-MarketplaceConfigs.yaml @@ -38,7 +38,7 @@ spec: - name: run # TODO: use a dedicated image with a smaller footprint for this sort of thing? # Just using cli for now since it has all the deps we need to talk with AWS SM - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/cluster-applications/030-ibm-cis-cert-manager/templates/00-3-ibm-cis-webhook_deployment.yml b/cluster-applications/030-ibm-cis-cert-manager/templates/00-3-ibm-cis-webhook_deployment.yml index d188c4f45..7e8c284d0 100644 --- a/cluster-applications/030-ibm-cis-cert-manager/templates/00-3-ibm-cis-webhook_deployment.yml +++ b/cluster-applications/030-ibm-cis-cert-manager/templates/00-3-ibm-cis-webhook_deployment.yml @@ -1,7 +1,7 @@ {{- if eq .Values.dns_provider "cis" }} {{ $cis_apiservice_group_name := "acme.cis.ibm.com" }} -{{ $cis_webhook_image_repository := "quay.io/ibmmas/cert-manager-webhook-ibm-cis" }} +{{ $cis_webhook_image_repository := .Values.cis_webhook_image_repo | default "quay.io/ibmmas/cert-manager-webhook-ibm-cis" }} {{ $cis_webhook_image_tag := "1.0.0" }} {{ $cis_webhook_image_pullpolicy := "Always" }} {{ $cis_webhook_service_type := "ClusterIP" }} diff --git a/cluster-applications/041-cis-compliance-cleanup/templates/postdelete-ProfileBundles.yaml b/cluster-applications/041-cis-compliance-cleanup/templates/postdelete-ProfileBundles.yaml index ceafddaf6..b57285ff6 100644 --- a/cluster-applications/041-cis-compliance-cleanup/templates/postdelete-ProfileBundles.yaml +++ b/cluster-applications/041-cis-compliance-cleanup/templates/postdelete-ProfileBundles.yaml @@ -41,7 +41,7 @@ spec: - name: run # TODO: use a dedicated image with a smaller footprint for this sort of thing? # Just using cli for now since it has all the deps we need to talk with AWS SM - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/cluster-applications/055-instana-agent-operator/templates/08-CronJob.yaml b/cluster-applications/055-instana-agent-operator/templates/08-CronJob.yaml index 3851b1ecc..a14e8039f 100644 --- a/cluster-applications/055-instana-agent-operator/templates/08-CronJob.yaml +++ b/cluster-applications/055-instana-agent-operator/templates/08-CronJob.yaml @@ -49,7 +49,7 @@ spec: # Additionally, it writes the DB2 certificate to a persistent volume. initContainers: - name: update-agent-cr - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent volumeMounts: - name: instana-db2-jks diff --git a/cluster-applications/060-custom-sa/templates/04-postsync-update-sm_Job.yaml b/cluster-applications/060-custom-sa/templates/04-postsync-update-sm_Job.yaml index 25a918edb..fb7a98fd6 100644 --- a/cluster-applications/060-custom-sa/templates/04-postsync-update-sm_Job.yaml +++ b/cluster-applications/060-custom-sa/templates/04-postsync-update-sm_Job.yaml @@ -82,7 +82,7 @@ spec: spec: containers: - name: run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/cluster-applications/200-cluster-promotion/templates/02-cluster-verify_Job.yaml b/cluster-applications/200-cluster-promotion/templates/02-cluster-verify_Job.yaml index 739f41fb7..f954d3541 100644 --- a/cluster-applications/200-cluster-promotion/templates/02-cluster-verify_Job.yaml +++ b/cluster-applications/200-cluster-promotion/templates/02-cluster-verify_Job.yaml @@ -113,7 +113,7 @@ spec: spec: containers: - name: cluster-verify - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent env: - name: ACCOUNT_ID diff --git a/cluster-applications/200-cluster-promotion/templates/03-cluster-promoter_Job.yaml b/cluster-applications/200-cluster-promotion/templates/03-cluster-promoter_Job.yaml index 1904d619f..283823b79 100644 --- a/cluster-applications/200-cluster-promotion/templates/03-cluster-promoter_Job.yaml +++ b/cluster-applications/200-cluster-promotion/templates/03-cluster-promoter_Job.yaml @@ -80,7 +80,7 @@ spec: spec: containers: - name: cluster-promoter - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent env: - name: ACCOUNT_ID diff --git a/cluster-applications/300-mas-provisioner/templates/02-create_Secret.yaml b/cluster-applications/300-mas-provisioner/templates/02-create_Secret.yaml index d751097be..804762e0e 100644 --- a/cluster-applications/300-mas-provisioner/templates/02-create_Secret.yaml +++ b/cluster-applications/300-mas-provisioner/templates/02-create_Secret.yaml @@ -93,3 +93,21 @@ type: Opaque stringData: key: {{ .Values.pd_key }} {{- end }} + +{{- if not (empty .Values.git_root_ca) }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: git-ca + namespace: "{{ .Values.provisioner_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "04" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +type: Opaque +data: + ca.crt: {{ .Values.git_root_ca }} +{{- end }} \ No newline at end of file diff --git a/cluster-applications/300-mas-provisioner/templates/04-Deployment.yaml b/cluster-applications/300-mas-provisioner/templates/04-Deployment.yaml index 68b20006d..ae7b6bc05 100644 --- a/cluster-applications/300-mas-provisioner/templates/04-Deployment.yaml +++ b/cluster-applications/300-mas-provisioner/templates/04-Deployment.yaml @@ -85,6 +85,10 @@ spec: - name: GIT_ROOTCACERT_PATH value: /opt/automation/mas-provisioner/git/ca.crt {{- end }} + {{- if not (empty .Values.git_root_ca) }} + - name: GIT_ROOTCACERT_PATH + value: /opt/automation/mas-provisioner/git-ca/ca.crt + {{- end }} resources: limits: cpu: 200m @@ -140,6 +144,11 @@ spec: readOnly: true mountPath: /opt/automation/mas-provisioner/ocm {{- end }} + {{- if not (empty .Values.git_root_ca) }} + - name: git-ca + readOnly: true + mountPath: /opt/automation/mas-provisioner/git-ca + {{- end }} serviceAccountName: mas-provisioner-sa imagePullSecrets: - name: ibm-entitlement @@ -182,4 +191,10 @@ spec: secret: secretName: ocm-api-secret {{- end }} + {{- if not (empty .Values.git_root_ca) }} + - name: git-ca + secret: + secretName: git-ca + defaultMode: 420 + {{- end }} terminationGracePeriodSeconds: 60 \ No newline at end of file diff --git a/docs/accountrootmanifest.md b/docs/accountrootmanifest.md index 51ded78ac..8a085904f 100644 --- a/docs/accountrootmanifest.md +++ b/docs/accountrootmanifest.md @@ -46,6 +46,8 @@ spec: auto_delete: + disable_docdb_instance_user_management: + @@ -107,3 +109,7 @@ Since the **Cluster** and **Instance** root applications are generated by an App !!! warning To mitigate risk of accident deletions / downtime in production systems, we strongly recommend that `auto_delete: true` is used in development environments only. +### disable_docdb_instance_user_management +Defaults to `false`. + +If `true`, the `aws-docdb-add-user` and `aws-docdb-remove-user` Jobs in the `syncjobs` ArgoCD application will not be run. This is to accommodate environments that manage DocDB MAS instance users via some external mechanism. \ No newline at end of file diff --git a/instance-applications/010-ibm-sync-jobs/templates/00-aws-docdb-add-user_Job.yaml b/instance-applications/010-ibm-sync-jobs/templates/00-aws-docdb-add-user_Job.yaml index cec45914c..658fd134f 100644 --- a/instance-applications/010-ibm-sync-jobs/templates/00-aws-docdb-add-user_Job.yaml +++ b/instance-applications/010-ibm-sync-jobs/templates/00-aws-docdb-add-user_Job.yaml @@ -1,3 +1,5 @@ +{{- if not .Values.disable_docdb_instance_user_management }} + {{- if not (empty .Values.docdb) }} {{- /* @@ -89,7 +91,7 @@ spec: spec: containers: - name: aws-docdb-process-user - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent env: @@ -218,3 +220,4 @@ spec: serviceAccountName: aws-docdb-user-job backoffLimit: 4 {{- end }} +{{- end }} diff --git a/instance-applications/010-ibm-sync-jobs/templates/01-ibm-mas_suite_certs_Job.yaml b/instance-applications/010-ibm-sync-jobs/templates/01-ibm-mas_suite_certs_Job.yaml index 538a09761..808c7a510 100644 --- a/instance-applications/010-ibm-sync-jobs/templates/01-ibm-mas_suite_certs_Job.yaml +++ b/instance-applications/010-ibm-sync-jobs/templates/01-ibm-mas_suite_certs_Job.yaml @@ -82,7 +82,7 @@ spec: spec: containers: - name: suite-certs-role-run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent env: diff --git a/instance-applications/010-ibm-sync-jobs/templates/01-ibm-mas_suite_dns_Job.yaml b/instance-applications/010-ibm-sync-jobs/templates/01-ibm-mas_suite_dns_Job.yaml index 6337d34b2..34cc3e9f0 100644 --- a/instance-applications/010-ibm-sync-jobs/templates/01-ibm-mas_suite_dns_Job.yaml +++ b/instance-applications/010-ibm-sync-jobs/templates/01-ibm-mas_suite_dns_Job.yaml @@ -82,7 +82,7 @@ spec: spec: containers: - name: suite-dns-role-run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent env: diff --git a/instance-applications/010-ibm-sync-jobs/templates/PostDelete-aws-docdb-remove-user_Job.yaml b/instance-applications/010-ibm-sync-jobs/templates/PostDelete-aws-docdb-remove-user_Job.yaml index 33ae41929..d07a9e601 100644 --- a/instance-applications/010-ibm-sync-jobs/templates/PostDelete-aws-docdb-remove-user_Job.yaml +++ b/instance-applications/010-ibm-sync-jobs/templates/PostDelete-aws-docdb-remove-user_Job.yaml @@ -1,3 +1,5 @@ +{{- if not .Values.disable_docdb_instance_user_management }} + {{- if not (empty .Values.docdb) }} --- @@ -32,7 +34,7 @@ spec: spec: containers: - name: aws-docdb-process-user - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent env: @@ -197,3 +199,4 @@ spec: serviceAccountName: aws-docdb-user-job backoffLimit: 4 {{- end }} +{{- end }} \ No newline at end of file diff --git a/instance-applications/100-ibm-sls/templates/06-ibm-sls_LicenseService.yaml b/instance-applications/100-ibm-sls/templates/06-ibm-sls_LicenseService.yaml index 10e3775bb..c62f55adb 100644 --- a/instance-applications/100-ibm-sls/templates/06-ibm-sls_LicenseService.yaml +++ b/instance-applications/100-ibm-sls/templates/06-ibm-sls_LicenseService.yaml @@ -24,3 +24,6 @@ spec: {{- if .Values.icr_cp_open }} registry: "{{ .Values.icr_cp_open }}" {{ end }} +{{- if .Values.internal_certificate_authority }} + internalCertificateAuthority: "{{ .Values.internal_certificate_authority }}" +{{- end }} diff --git a/instance-applications/100-ibm-sls/templates/07-postsync-update-sm_Job.yaml b/instance-applications/100-ibm-sls/templates/07-postsync-update-sm_Job.yaml index 5029c63c7..fa2302f28 100644 --- a/instance-applications/100-ibm-sls/templates/07-postsync-update-sm_Job.yaml +++ b/instance-applications/100-ibm-sls/templates/07-postsync-update-sm_Job.yaml @@ -191,7 +191,7 @@ spec: spec: containers: - name: run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/101-ibm-sync-jobs-cp4d/templates/02-ibm-cp4d-presync.yaml b/instance-applications/101-ibm-sync-jobs-cp4d/templates/02-ibm-cp4d-presync.yaml index efc16dc55..65a50f215 100644 --- a/instance-applications/101-ibm-sync-jobs-cp4d/templates/02-ibm-cp4d-presync.yaml +++ b/instance-applications/101-ibm-sync-jobs-cp4d/templates/02-ibm-cp4d-presync.yaml @@ -143,7 +143,7 @@ spec: spec: containers: - name: run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/110-ibm-cp4d-operators/templates/04-ibm-cp4d_prereqs_ops.yaml b/instance-applications/110-ibm-cp4d-operators/templates/04-ibm-cp4d_prereqs_ops.yaml index c6a0183cf..c055ff0bd 100644 --- a/instance-applications/110-ibm-cp4d-operators/templates/04-ibm-cp4d_prereqs_ops.yaml +++ b/instance-applications/110-ibm-cp4d-operators/templates/04-ibm-cp4d_prereqs_ops.yaml @@ -146,7 +146,7 @@ spec: spec: containers: - name: run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/110-ibm-cp4d-operators/templates/04-ibm-cp4d_upg_cleanup.yaml b/instance-applications/110-ibm-cp4d-operators/templates/04-ibm-cp4d_upg_cleanup.yaml index 679efa8f2..2d24ff4b9 100644 --- a/instance-applications/110-ibm-cp4d-operators/templates/04-ibm-cp4d_upg_cleanup.yaml +++ b/instance-applications/110-ibm-cp4d-operators/templates/04-ibm-cp4d_upg_cleanup.yaml @@ -84,7 +84,7 @@ spec: spec: containers: - name: run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/110-ibm-cp4d/templates/03-ibm-cp4d-mcs_patch_sa.yaml b/instance-applications/110-ibm-cp4d/templates/03-ibm-cp4d-mcs_patch_sa.yaml index 1f080aab2..26fd35bf8 100644 --- a/instance-applications/110-ibm-cp4d/templates/03-ibm-cp4d-mcs_patch_sa.yaml +++ b/instance-applications/110-ibm-cp4d/templates/03-ibm-cp4d-mcs_patch_sa.yaml @@ -85,7 +85,7 @@ spec: spec: containers: - name: run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/110-ibm-cp4d/templates/07-ibm-cp4d_patch_zenservice.yaml b/instance-applications/110-ibm-cp4d/templates/07-ibm-cp4d_patch_zenservice.yaml index 0d839e03b..8af509a49 100644 --- a/instance-applications/110-ibm-cp4d/templates/07-ibm-cp4d_patch_zenservice.yaml +++ b/instance-applications/110-ibm-cp4d/templates/07-ibm-cp4d_patch_zenservice.yaml @@ -80,7 +80,7 @@ spec: spec: containers: - name: run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/110-ibm-cp4d/templates/08-ibm-cp4d-post-verify.yaml b/instance-applications/110-ibm-cp4d/templates/08-ibm-cp4d-post-verify.yaml index 036e93e36..6b5989750 100644 --- a/instance-applications/110-ibm-cp4d/templates/08-ibm-cp4d-post-verify.yaml +++ b/instance-applications/110-ibm-cp4d/templates/08-ibm-cp4d-post-verify.yaml @@ -78,7 +78,7 @@ spec: spec: containers: - name: run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/110-ibm-cp4d/templates/09-ibm-cp4d_services_base.yaml b/instance-applications/110-ibm-cp4d/templates/09-ibm-cp4d_services_base.yaml index 5756cc836..ac262fd17 100644 --- a/instance-applications/110-ibm-cp4d/templates/09-ibm-cp4d_services_base.yaml +++ b/instance-applications/110-ibm-cp4d/templates/09-ibm-cp4d_services_base.yaml @@ -79,7 +79,7 @@ spec: spec: containers: - name: run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/120-ibm-db2u-database/README.md b/instance-applications/120-ibm-db2u-database/README.md index 4b43f749d..d9486073d 100644 --- a/instance-applications/120-ibm-db2u-database/README.md +++ b/instance-applications/120-ibm-db2u-database/README.md @@ -4,4 +4,4 @@ Create a Db2u database for a MAS app. Contains a presync hook (`00-presync-await-crd_Job.yaml`) that ensures we wait for the db2uclusters CRD to be installed before attempting to sync. -Contains a job that runs last (`05-postsync-setup-db2_Job.yaml`). This registers the `${ACCOUNT_ID}/${CLUSTER_ID}/${MAS_INSTANCE_ID}/db2/${DB2_INSTANCE_NAME}/config` secret in the **Secrets Vault** used to share some information that is generated at runtime with other ArgoCD Applications. This job also performs some special configuration steps that are required if the Db2u database is intended for use by the Manage MAS Application. \ No newline at end of file +Contains a job that runs last (`05-postsync-setup-db2_Job.yaml`). This registers the `${ACCOUNT_ID}/${CLUSTER_ID}/${MAS_INSTANCE_ID}/db2/${DB2_INSTANCE_NAME}/config` secret in the **Secrets Vault** used to share some information that is generated at runtime with other ArgoCD Applications. This job also performs some special configuration steps that are required if the Db2u database is intended for use by the Manage MAS Application. diff --git a/instance-applications/120-ibm-db2u-database/templates/00-presync-await-crd_Job.yaml b/instance-applications/120-ibm-db2u-database/templates/00-presync-await-crd_Job.yaml index cbb555ed8..739730ba5 100644 --- a/instance-applications/120-ibm-db2u-database/templates/00-presync-await-crd_Job.yaml +++ b/instance-applications/120-ibm-db2u-database/templates/00-presync-await-crd_Job.yaml @@ -85,7 +85,7 @@ spec: spec: containers: - name: run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/120-ibm-db2u-database/templates/04-db2u-Backup_Cron.yaml b/instance-applications/120-ibm-db2u-database/templates/04-db2u-Backup_Cron.yaml index 1ddb8cbd1..a39692d8e 100644 --- a/instance-applications/120-ibm-db2u-database/templates/04-db2u-Backup_Cron.yaml +++ b/instance-applications/120-ibm-db2u-database/templates/04-db2u-Backup_Cron.yaml @@ -27,7 +27,7 @@ spec: spec: containers: - name: "db2-backup-job-v1-{{ .Values.db2_instance_name }}" - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} command: - oc - rsh diff --git a/instance-applications/120-ibm-db2u-database/templates/07-postsync-setup-db2_Job.yaml b/instance-applications/120-ibm-db2u-database/templates/07-postsync-setup-db2_Job.yaml index 85b5c7ce6..8276c78e2 100644 --- a/instance-applications/120-ibm-db2u-database/templates/07-postsync-setup-db2_Job.yaml +++ b/instance-applications/120-ibm-db2u-database/templates/07-postsync-setup-db2_Job.yaml @@ -76,7 +76,9 @@ data: {{- if .Values.db2_backup_bucket_name }} db2_backup_bucket_access_key: {{ .Values.db2_backup_bucket_access_key | b64enc }} db2_backup_bucket_secret_key: {{ .Values.db2_backup_bucket_secret_key | b64enc }} +{{- if .Values.db2_backup_icd_auth_key }} icd_auth_key: {{ .Values.db2_backup_icd_auth_key | b64enc }} +{{- end }} {{- end }} type: Opaque @@ -186,7 +188,7 @@ spec: spec: containers: - name: run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/120-ibm-db2u-database/templates/10-postsync-setup-hadr.yaml b/instance-applications/120-ibm-db2u-database/templates/10-postsync-setup-hadr.yaml index 23e557eba..db1f85a18 100644 --- a/instance-applications/120-ibm-db2u-database/templates/10-postsync-setup-hadr.yaml +++ b/instance-applications/120-ibm-db2u-database/templates/10-postsync-setup-hadr.yaml @@ -161,7 +161,7 @@ spec: serviceAccountName: "postsync-hadr-sa-{{ .Values.db2_instance_name }}" containers: - name: run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/120-ibm-spark/templates/02-ibm-spark-control-plane.yaml b/instance-applications/120-ibm-spark/templates/02-ibm-spark-control-plane.yaml index d38dfc3e4..98878d567 100644 --- a/instance-applications/120-ibm-spark/templates/02-ibm-spark-control-plane.yaml +++ b/instance-applications/120-ibm-spark/templates/02-ibm-spark-control-plane.yaml @@ -131,7 +131,7 @@ spec: spec: containers: - name: run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/120-ibm-spss/templates/02-ibm-spss-post-verify.yaml b/instance-applications/120-ibm-spss/templates/02-ibm-spss-post-verify.yaml index ba2eb0dfa..569af6e50 100644 --- a/instance-applications/120-ibm-spss/templates/02-ibm-spss-post-verify.yaml +++ b/instance-applications/120-ibm-spss/templates/02-ibm-spss-post-verify.yaml @@ -167,7 +167,7 @@ spec: spec: containers: - name: run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/120-ibm-wsl/templates/02-ibm-wsl-post-verify.yaml b/instance-applications/120-ibm-wsl/templates/02-ibm-wsl-post-verify.yaml index 0558e6cc0..ce1a4995e 100644 --- a/instance-applications/120-ibm-wsl/templates/02-ibm-wsl-post-verify.yaml +++ b/instance-applications/120-ibm-wsl/templates/02-ibm-wsl-post-verify.yaml @@ -151,7 +151,7 @@ spec: spec: containers: - name: run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/130-ibm-jdbc-config/templates/00-presync-create-db2-user_Job.yaml b/instance-applications/130-ibm-jdbc-config/templates/00-presync-create-db2-user_Job.yaml index b514b91b4..d46b41509 100644 --- a/instance-applications/130-ibm-jdbc-config/templates/00-presync-create-db2-user_Job.yaml +++ b/instance-applications/130-ibm-jdbc-config/templates/00-presync-create-db2-user_Job.yaml @@ -170,7 +170,7 @@ spec: - name: run # TODO: use a dedicated image with a smaller footprint for this sort of thing? # Just using cli for now since it has all the deps we need to talk with AWS SM - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/130-ibm-jdbc-config/templates/postdelete-delete-cr.yaml b/instance-applications/130-ibm-jdbc-config/templates/postdelete-delete-cr.yaml index a8f7ef354..10758504b 100644 --- a/instance-applications/130-ibm-jdbc-config/templates/postdelete-delete-cr.yaml +++ b/instance-applications/130-ibm-jdbc-config/templates/postdelete-delete-cr.yaml @@ -45,7 +45,7 @@ spec: spec: containers: - name: run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/130-ibm-jdbc-config/templates/postdelete-delete-db2-user_Job.yaml b/instance-applications/130-ibm-jdbc-config/templates/postdelete-delete-db2-user_Job.yaml index 46658ad0a..d51abf0dd 100644 --- a/instance-applications/130-ibm-jdbc-config/templates/postdelete-delete-db2-user_Job.yaml +++ b/instance-applications/130-ibm-jdbc-config/templates/postdelete-delete-db2-user_Job.yaml @@ -35,7 +35,7 @@ spec: spec: containers: - name: run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/130-ibm-kafka-config/templates/postdelete-delete-cr.yaml b/instance-applications/130-ibm-kafka-config/templates/postdelete-delete-cr.yaml index d4867ec6a..d23c62781 100644 --- a/instance-applications/130-ibm-kafka-config/templates/postdelete-delete-cr.yaml +++ b/instance-applications/130-ibm-kafka-config/templates/postdelete-delete-cr.yaml @@ -46,7 +46,7 @@ spec: - name: run # TODO: use a dedicated image with a smaller footprint for this sort of thing? # Just using cli for now since it has all the deps we need to talk with AWS SM - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/130-ibm-mas-bas-config/templates/postdelete-delete-cr.yaml b/instance-applications/130-ibm-mas-bas-config/templates/postdelete-delete-cr.yaml index 9b6e46b3c..68e3f40f1 100644 --- a/instance-applications/130-ibm-mas-bas-config/templates/postdelete-delete-cr.yaml +++ b/instance-applications/130-ibm-mas-bas-config/templates/postdelete-delete-cr.yaml @@ -47,7 +47,7 @@ spec: - name: run # TODO: use a dedicated image with a smaller footprint for this sort of thing? # Just using cli for now since it has all the deps we need to talk with AWS SM - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/130-ibm-mas-idp-config/templates/postdelete-delete-cr.yaml b/instance-applications/130-ibm-mas-idp-config/templates/postdelete-delete-cr.yaml index 9b6e46b3c..68e3f40f1 100644 --- a/instance-applications/130-ibm-mas-idp-config/templates/postdelete-delete-cr.yaml +++ b/instance-applications/130-ibm-mas-idp-config/templates/postdelete-delete-cr.yaml @@ -47,7 +47,7 @@ spec: - name: run # TODO: use a dedicated image with a smaller footprint for this sort of thing? # Just using cli for now since it has all the deps we need to talk with AWS SM - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/130-ibm-mas-mongo-config/templates/postdelete-delete-cr.yaml b/instance-applications/130-ibm-mas-mongo-config/templates/postdelete-delete-cr.yaml index eba172f4c..f85ace183 100644 --- a/instance-applications/130-ibm-mas-mongo-config/templates/postdelete-delete-cr.yaml +++ b/instance-applications/130-ibm-mas-mongo-config/templates/postdelete-delete-cr.yaml @@ -47,7 +47,7 @@ spec: - name: run # TODO: use a dedicated image with a smaller footprint for this sort of thing? # Just using cli for now since it has all the deps we need to talk with AWS SM - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/130-ibm-mas-sls-config/templates/postdelete-delete-cr.yaml b/instance-applications/130-ibm-mas-sls-config/templates/postdelete-delete-cr.yaml index 9b6e46b3c..68e3f40f1 100644 --- a/instance-applications/130-ibm-mas-sls-config/templates/postdelete-delete-cr.yaml +++ b/instance-applications/130-ibm-mas-sls-config/templates/postdelete-delete-cr.yaml @@ -47,7 +47,7 @@ spec: - name: run # TODO: use a dedicated image with a smaller footprint for this sort of thing? # Just using cli for now since it has all the deps we need to talk with AWS SM - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/130-ibm-mas-smtp-config/templates/postdelete-delete-cr.yaml b/instance-applications/130-ibm-mas-smtp-config/templates/postdelete-delete-cr.yaml index 9b6e46b3c..68e3f40f1 100644 --- a/instance-applications/130-ibm-mas-smtp-config/templates/postdelete-delete-cr.yaml +++ b/instance-applications/130-ibm-mas-smtp-config/templates/postdelete-delete-cr.yaml @@ -47,7 +47,7 @@ spec: - name: run # TODO: use a dedicated image with a smaller footprint for this sort of thing? # Just using cli for now since it has all the deps we need to talk with AWS SM - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/130-ibm-mas-suite/templates/04-ibm-mas_Suite.yaml b/instance-applications/130-ibm-mas-suite/templates/04-ibm-mas_Suite.yaml index e23cf7815..8586fb699 100644 --- a/instance-applications/130-ibm-mas-suite/templates/04-ibm-mas_Suite.yaml +++ b/instance-applications/130-ibm-mas-suite/templates/04-ibm-mas_Suite.yaml @@ -50,3 +50,6 @@ spec: {{- if .Values.suite_spec_additional_properties }} {{ .Values.suite_spec_additional_properties | toYaml | indent 2 }} {{- end }} +{{- if .Values.internal_certificate_authority }} + internalCertificateAuthority: "{{ .Values.internal_certificate_authority }}" +{{- end }} \ No newline at end of file diff --git a/instance-applications/130-ibm-mas-suite/templates/05-postsync-add-label_Job.yaml b/instance-applications/130-ibm-mas-suite/templates/05-postsync-add-label_Job.yaml index 425a21341..e1e0d877f 100644 --- a/instance-applications/130-ibm-mas-suite/templates/05-postsync-add-label_Job.yaml +++ b/instance-applications/130-ibm-mas-suite/templates/05-postsync-add-label_Job.yaml @@ -168,7 +168,7 @@ spec: spec: containers: - name: run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/130-ibm-mas-suite/templates/06-postsync-configtool-oidc.yaml b/instance-applications/130-ibm-mas-suite/templates/06-postsync-configtool-oidc.yaml index 2162f5b99..d1f40bba9 100644 --- a/instance-applications/130-ibm-mas-suite/templates/06-postsync-configtool-oidc.yaml +++ b/instance-applications/130-ibm-mas-suite/templates/06-postsync-configtool-oidc.yaml @@ -164,7 +164,7 @@ spec: spec: containers: - name: run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/130-ibm-mas-suite/templates/07-postsync-set_welcome_messsage_Job.yaml b/instance-applications/130-ibm-mas-suite/templates/07-postsync-set_welcome_messsage_Job.yaml new file mode 100644 index 000000000..ff3868c65 --- /dev/null +++ b/instance-applications/130-ibm-mas-suite/templates/07-postsync-set_welcome_messsage_Job.yaml @@ -0,0 +1,313 @@ +{{- if .Values.welcome_message }} + +{{- /* +Meaningful prefix for the job resource name. Must be under 52 chars in length to leave room for the 11 chars reserved for '-' and $_job_hash. +*/}} +{{- $_job_name_prefix := "set-welcome-message" }} + +{{- /* +Use the build/bin/set-cli-image-digest.sh script to update this value across all charts. +Included in $_job_hash (see below). +*/}} +{{- $_cli_image_digest := "sha256:1b88f88a1a719d006ea1f4b8dcfd1c2625fa7ecc529c3267e7b4b6afaa1c8da0" }} + +{{- /* +A dict of values that influence the behaviour of the job in some way. +Any changes to values in this dict will trigger a rerun of the job. +Since jobs must be idemopotent, it's generally safe to pass in values here that are not +strictly necessary (i.e. including some values that don't actually influence job behaviour). +We may want to refine this further though for jobs that can take a long time to complete. +Included in $_job_hash (see below). +*/}} +{{- $_job_config_values := omit .Values "junitreporter" }} + +{{- /* +Increment this value whenever you make a change to an immutable field of the Job resource. +E.g. passing in a new environment variable. +Included in $_job_hash (see below). +*/}} +{{- $_job_version := "v3" }} + +{{- /* +10 char hash appended to the job name taking into account $_job_config_values, $_job_version and $_cli_image_digest +This is to ensure ArgoCD will create a new job resource intead of attempting (and failing) to update an +immutable field of any existing Job resource. +*/}} +{{- $_job_hash := print ($_job_config_values | toYaml) $_cli_image_digest $_job_version | adler32sum }} + +{{- $_job_name := join "-" (list $_job_name_prefix $_job_hash )}} + +{{- /* +Set as the value for the mas.ibm.com/job-cleanup-group label on the Job resource. + +When the auto_delete flag is not set on the root application, a CronJob in the cluster uses this label +to identify old Job resources that should be pruned on behalf of ArgoCD. + +Any Job resources in the same namespace that have the mas.ibm.com/job-cleanup-group with this value +will be considered to belong to the same cleanup group. All but the most recent (i.e. with the latest "creation_timestamp") +Jobs will be automatically deleted. + +$_job_cleanup_group can usually just be based on $_job_name_prefix. There are some special cases +where multiple Jobs are created in our templates using a Helm loop. In those cases, additional descriminators +must be added to $_job_cleanup_group. + +By convention, we sha1sum this value to guarantee we never exceed the 63 char limit regardless of which discriminators +are required here. + +*/}} +{{- $_job_cleanup_group := cat $_job_name_prefix | sha1sum }} + +{{ $ns := printf "mas-%s-core" .Values.instance_id }} +{{ $np_name := printf "%s-np" $_job_name_prefix }} +{{ $role_name := printf "%s-r" $_job_name_prefix }} +{{ $sa_name := printf "%s-sa" $_job_name_prefix }} +{{ $rb_name := printf "%s-rb-core" $_job_name_prefix }} +{{ $job_label := printf "%s-l" $_job_name_prefix }} + +{{ $cm_name := printf "%s-state" $_job_name_prefix}} +{{ $internalapi_tls_secret_name := printf "%s-internalapi-cert-internal" .Values.instance_id}} + + +--- +# Permit outbound communication by the Job pods +# (Needed to communicate internalapi) +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ $np_name }} + namespace: {{ $ns }} + annotations: + argocd.argoproj.io/sync-wave: "144" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +spec: + podSelector: + matchLabels: + app: {{ $job_label }} + egress: + - {} + policyTypes: + - Egress + + +--- +kind: ServiceAccount +apiVersion: v1 +metadata: + name: {{ $sa_name }} + namespace: {{ $ns }} + annotations: + argocd.argoproj.io/sync-wave: "144" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} + + + +--- +# Job needs to be able to create and read a configmap to hold state about its +# execution status +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ $role_name }} + namespace: {{ $ns }} + annotations: + argocd.argoproj.io/sync-wave: "144" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +rules: + - verbs: + - get + - create + - patch + apiGroups: + - "" + resources: + - configmaps + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ $rb_name }} + namespace: {{ $ns }} + annotations: + argocd.argoproj.io/sync-wave: "145" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +subjects: + - kind: ServiceAccount + name: {{ $sa_name }} + namespace: {{ $ns }} +roleRef: + kind: Role + name: {{ $role_name }} + apiGroup: rbac.authorization.k8s.io + + +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ $_job_name }} + namespace: {{ $ns }} + annotations: + argocd.argoproj.io/sync-wave: "146" + labels: + mas.ibm.com/job-cleanup-group: {{ $_job_cleanup_group }} +{{- if .Values.custom_labels }} +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +spec: + parallelism: 1 + completions: 1 + backoffLimit: 4 + + template: + metadata: + labels: + app: {{ $job_label }} +{{- if .Values.custom_labels }} +{{ .Values.custom_labels | toYaml | indent 8 }} +{{- end }} + spec: + restartPolicy: Never + serviceAccountName: "{{ $sa_name }}" + volumes: + - name: "tls" + secret: + secretName: "{{ $internalapi_tls_secret_name }}" + defaultMode: 420 + optional: false + + containers: + - name: {{ $_job_name_prefix }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} + imagePullPolicy: IfNotPresent + + env: + - name: MAS_INSTANCE_ID + value: "{{ .Values.instance_id }}" + + - name: WELCOME_MESSAGE + value: "{{ .Values.welcome_message }}" + + - name: STATE_CONFIGMAP_NAME + value: "{{ $cm_name }}" + + - name: MAS_CORE_NAMESPACE + value: "{{ $ns }}" + + volumeMounts: + - name: "tls" + mountPath: /etc/mas/tls + + command: + - /bin/sh + - -c + - | + INTERNAL_API_URL="https://internalapi.mas-${MAS_INSTANCE_ID}-core.svc:443" + WELCOME_MESSAGES_API_URL="${INTERNAL_API_URL}/v1/messages/welcome" + CA_FILE="/etc/mas/tls/ca.crt" + CERT_FILE="/etc/mas/tls/tls.crt" + KEY_FILE="/etc/mas/tls/tls.key" + + echo "MAS Welcome Message Setup" + echo "===============================" + echo "" + + echo "This Job will ensure that the MAS welcome message (i.e. that shown at the bottom of the login screen)" + echo "is set to the value defined in gitops configuration." + echo "The welcome message will only be updated if one of the following are true:" + echo " - This Job has never been run before (i.e. after the Suite is installed for the first time)" + echo " - The welcome message defined in the gitops configuration has changed since the last time this Job ran" + echo "If the welcome message is changed via the MAS UI/API, this Job will NOT revert the change - this is intentional." + echo "" + + # Escape any characters that may interfere with JSON + WELCOME_MESSAGE_ESCAPED=$(echo ${WELCOME_MESSAGE} | jq -Ra .) + + echo "Fetch Welcome Message last set by this Job from ConfigMap ${STATE_CONFIGMAP_NAME}" + echo "------------------------------------------------" + LAST_APPLIED_WELCOME_MESSAGE_ESCAPED=$(oc get configmap ${STATE_CONFIGMAP_NAME} -ojsonpath='{.data.last-applied}' -n "${MAS_CORE_NAMESPACE}") + rc=$? + LAST_APPLIED_WELCOME_MESSAGE_ESCAPED='"'${LAST_APPLIED_WELCOME_MESSAGE_ESCAPED}'"' + + if [[ "$rc" != 0 ]]; then + echo "ConfigMap ${STATE_CONFIGMAP_NAME} was not found, Job has never been run, so proceed ..." + elif [[ "${WELCOME_MESSAGE_ESCAPED}" != "${LAST_APPLIED_WELCOME_MESSAGE_ESCAPED}" ]]; then + echo "Gitops configuration contains a different welcome message than that last applied by this Job, so proceed ... " + else + echo "Gitops configuration and the welcome message last applied by this Job are the same, so abort ..." + exit 0 + fi + echo "" + + + echo "Setting MAS Welcome Message" + echo "---------------------------" + + + PAYLOAD_FILE="payload.json" + echo '{"message": '${WELCOME_MESSAGE_ESCAPED}'}' > ${PAYLOAD_FILE} + + curl -X PUT "${WELCOME_MESSAGES_API_URL}" \ + -f \ + --cert "${CERT_FILE}" \ + --key "${KEY_FILE}" \ + --cacert "${CA_FILE}" \ + -H 'Content-Type: application/json' \ + -d @${PAYLOAD_FILE} + + rc=$? + + echo "" + echo "Result" + echo "---------------------------" + + if [[ "$rc" == "0" ]]; then + # establish the state configmap + echo "Successfully set welcome message" + echo "" + + + echo "Updating ConfigMap ${STATE_CONFIGMAP_NAME}" + echo "---------------------------" + + CONFIGMAP_YAML_FILE="configmap.yaml" + + echo ' + apiVersion: v1 + kind: ConfigMap + metadata: + name: '${STATE_CONFIGMAP_NAME}' + namespace: '${MAS_CORE_NAMESPACE}' + data: + last-applied: '${WELCOME_MESSAGE_ESCAPED} > ${CONFIGMAP_YAML_FILE} + + oc apply -f ${CONFIGMAP_YAML_FILE} + cm_rc=$? + + if [[ "${cm_rc}" != "0" ]]; then + echo "" + echo "Failed to update ConfigMap ${STATE_CONFIGMAP_NAME} (rc ${cm_rc})" + echo "Failing Job execution; this needs to be rectified otherwise the Job may revert future changes" + echo "made to the Welcome message by the customer via the MAS UI/API." + exit $cm_rc + fi + + else + echo "Failed with to set Welcome Message (rc $rc)" + fi + + exit $rc + +{{- end }} diff --git a/instance-applications/130-ibm-objectstorage-config/templates/postdelete-delete-cr.yaml b/instance-applications/130-ibm-objectstorage-config/templates/postdelete-delete-cr.yaml index 9b6e46b3c..68e3f40f1 100644 --- a/instance-applications/130-ibm-objectstorage-config/templates/postdelete-delete-cr.yaml +++ b/instance-applications/130-ibm-objectstorage-config/templates/postdelete-delete-cr.yaml @@ -47,7 +47,7 @@ spec: - name: run # TODO: use a dedicated image with a smaller footprint for this sort of thing? # Just using cli for now since it has all the deps we need to talk with AWS SM - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/220-ibm-mas-workspace/templates/05-postsync-add-label_Job.yaml b/instance-applications/220-ibm-mas-workspace/templates/05-postsync-add-label_Job.yaml index 812706591..7fe6ac408 100644 --- a/instance-applications/220-ibm-mas-workspace/templates/05-postsync-add-label_Job.yaml +++ b/instance-applications/220-ibm-mas-workspace/templates/05-postsync-add-label_Job.yaml @@ -127,7 +127,7 @@ spec: spec: containers: - name: run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/500-540-ibm-mas-suite-app-install/templates/00-presync-add-mvi-scc_Job.yaml b/instance-applications/500-540-ibm-mas-suite-app-install/templates/00-presync-add-mvi-scc_Job.yaml index b30416b72..4570e708d 100644 --- a/instance-applications/500-540-ibm-mas-suite-app-install/templates/00-presync-add-mvi-scc_Job.yaml +++ b/instance-applications/500-540-ibm-mas-suite-app-install/templates/00-presync-add-mvi-scc_Job.yaml @@ -105,7 +105,7 @@ spec: spec: containers: - name: run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/500-540-ibm-mas-suite-app-install/templates/05-ibm-mas_Suite_App_Install.yaml b/instance-applications/500-540-ibm-mas-suite-app-install/templates/05-ibm-mas_Suite_App_Install.yaml index d7c7a9f70..1acda18f6 100644 --- a/instance-applications/500-540-ibm-mas-suite-app-install/templates/05-ibm-mas_Suite_App_Install.yaml +++ b/instance-applications/500-540-ibm-mas-suite-app-install/templates/05-ibm-mas_Suite_App_Install.yaml @@ -15,4 +15,3 @@ metadata: {{- end }} spec: {{ .Values.mas_app_spec | toYaml | indent 2 }} - diff --git a/instance-applications/500-540-ibm-mas-suite-app-install/templates/06-postsync-add-mvi-scc_Job.yaml b/instance-applications/500-540-ibm-mas-suite-app-install/templates/06-postsync-add-mvi-scc_Job.yaml index 71eedef16..eeb8c5823 100644 --- a/instance-applications/500-540-ibm-mas-suite-app-install/templates/06-postsync-add-mvi-scc_Job.yaml +++ b/instance-applications/500-540-ibm-mas-suite-app-install/templates/06-postsync-add-mvi-scc_Job.yaml @@ -105,7 +105,7 @@ spec: spec: containers: - name: run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/510-550-ibm-mas-suite-app-config/templates/00-StorageClasses.yaml b/instance-applications/510-550-ibm-mas-suite-app-config/templates/00-StorageClasses.yaml new file mode 100644 index 000000000..26c722ccc --- /dev/null +++ b/instance-applications/510-550-ibm-mas-suite-app-config/templates/00-StorageClasses.yaml @@ -0,0 +1,22 @@ +{{- /* +When inside the range loop below, make sure you prefix any references to chart values NOT under .Values.storage_class_definitions with $. +For example: {{ $.Values.account.id }} (instead of {{ .Values.account.id }} ) +*/}} + +{{- range $key, $value := .Values.storage_class_definitions }} +--- +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: {{ $key }} + annotations: + argocd.argoproj.io/sync-wave: "00" +{{- if $.Values.custom_labels }} + labels: +{{ $.Values.custom_labels | toYaml | indent 4 }} +{{- end }} +provisioner: {{ $value.provisioner }} +parameters: {{ $value.parameters | toYaml | nindent 14 }} +reclaimPolicy: Retain +volumeBindingMode: Immediate +{{- end }} \ No newline at end of file diff --git a/instance-applications/510-550-ibm-mas-suite-app-config/templates/02-ibm-manage-update_Job.yaml b/instance-applications/510-550-ibm-mas-suite-app-config/templates/02-ibm-manage-update_Job.yaml index eaa1be913..b7c456e4e 100644 --- a/instance-applications/510-550-ibm-mas-suite-app-config/templates/02-ibm-manage-update_Job.yaml +++ b/instance-applications/510-550-ibm-mas-suite-app-config/templates/02-ibm-manage-update_Job.yaml @@ -129,7 +129,7 @@ spec: spec: containers: - name: run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/510-550-ibm-mas-suite-app-config/templates/04-postsync-add-label_Job.yaml b/instance-applications/510-550-ibm-mas-suite-app-config/templates/04-postsync-add-label_Job.yaml index 1024312a3..e7cbbac9a 100644 --- a/instance-applications/510-550-ibm-mas-suite-app-config/templates/04-postsync-add-label_Job.yaml +++ b/instance-applications/510-550-ibm-mas-suite-app-config/templates/04-postsync-add-label_Job.yaml @@ -139,7 +139,7 @@ spec: spec: containers: - name: run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/510-550-ibm-mas-suite-app-config/templates/04-postsync-manage-sanity.yaml b/instance-applications/510-550-ibm-mas-suite-app-config/templates/04-postsync-manage-sanity.yaml index 7f8216c5b..ab6df0c70 100644 --- a/instance-applications/510-550-ibm-mas-suite-app-config/templates/04-postsync-manage-sanity.yaml +++ b/instance-applications/510-550-ibm-mas-suite-app-config/templates/04-postsync-manage-sanity.yaml @@ -379,7 +379,7 @@ data: chain_file.write(manage_route_certificate.encode()) if manage_route_caCertificate: - chain_file.write(manage_route_certificate.encode()) + chain_file.write(manage_route_caCertificate.encode()) if manage_route_destinationCACertificate: chain_file.write(manage_route_destinationCACertificate.encode()) @@ -1385,7 +1385,7 @@ spec: imagePullSecrets: [] containers: - name: run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/510-550-ibm-mas-suite-app-config/templates/04-postsync-manage-verify.yaml b/instance-applications/510-550-ibm-mas-suite-app-config/templates/04-postsync-manage-verify.yaml index 91858a60f..ec3ab8aaa 100644 --- a/instance-applications/510-550-ibm-mas-suite-app-config/templates/04-postsync-manage-verify.yaml +++ b/instance-applications/510-550-ibm-mas-suite-app-config/templates/04-postsync-manage-verify.yaml @@ -442,7 +442,7 @@ spec: imagePullSecrets: [] containers: - name: run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/510-550-ibm-mas-suite-app-config/templates/04-postsync-maximoit-sanity.yaml b/instance-applications/510-550-ibm-mas-suite-app-config/templates/04-postsync-maximoit-sanity.yaml index 80b816caa..46766618d 100644 --- a/instance-applications/510-550-ibm-mas-suite-app-config/templates/04-postsync-maximoit-sanity.yaml +++ b/instance-applications/510-550-ibm-mas-suite-app-config/templates/04-postsync-maximoit-sanity.yaml @@ -1845,7 +1845,7 @@ spec: imagePullSecrets: [] containers: - name: run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/510-550-ibm-mas-suite-app-config/templates/04-postsync-maximoit-verify.yaml b/instance-applications/510-550-ibm-mas-suite-app-config/templates/04-postsync-maximoit-verify.yaml index 3a04b6076..d53ba345f 100644 --- a/instance-applications/510-550-ibm-mas-suite-app-config/templates/04-postsync-maximoit-verify.yaml +++ b/instance-applications/510-550-ibm-mas-suite-app-config/templates/04-postsync-maximoit-verify.yaml @@ -444,7 +444,7 @@ spec: imagePullSecrets: [] containers: - name: run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/510-550-ibm-mas-suite-app-config/templates/04-postsync-mvi-sanity.yaml b/instance-applications/510-550-ibm-mas-suite-app-config/templates/04-postsync-mvi-sanity.yaml index 7da90eece..93b48b179 100644 --- a/instance-applications/510-550-ibm-mas-suite-app-config/templates/04-postsync-mvi-sanity.yaml +++ b/instance-applications/510-550-ibm-mas-suite-app-config/templates/04-postsync-mvi-sanity.yaml @@ -542,7 +542,7 @@ spec: imagePullSecrets: [] containers: - name: run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/510-550-ibm-mas-suite-app-config/templates/04-postsync-mvi-verify.yaml b/instance-applications/510-550-ibm-mas-suite-app-config/templates/04-postsync-mvi-verify.yaml index a5e5ef61f..f89404024 100644 --- a/instance-applications/510-550-ibm-mas-suite-app-config/templates/04-postsync-mvi-verify.yaml +++ b/instance-applications/510-550-ibm-mas-suite-app-config/templates/04-postsync-mvi-verify.yaml @@ -493,7 +493,7 @@ spec: imagePullSecrets: [] containers: - name: run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/510-550-ibm-mas-suite-app-config/templates/700-702-postsync-db2-manage.yaml b/instance-applications/510-550-ibm-mas-suite-app-config/templates/700-702-postsync-db2-manage.yaml index 7eecb700c..82f789940 100644 --- a/instance-applications/510-550-ibm-mas-suite-app-config/templates/700-702-postsync-db2-manage.yaml +++ b/instance-applications/510-550-ibm-mas-suite-app-config/templates/700-702-postsync-db2-manage.yaml @@ -226,7 +226,7 @@ spec: spec: containers: - name: run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ $.Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/instance-applications/600-ibm-post-sync-jobs/templates/001-ibm-create-initial-users.yaml b/instance-applications/600-ibm-post-sync-jobs/templates/001-ibm-create-initial-users.yaml index 270cf8f23..f12cce82b 100644 --- a/instance-applications/600-ibm-post-sync-jobs/templates/001-ibm-create-initial-users.yaml +++ b/instance-applications/600-ibm-post-sync-jobs/templates/001-ibm-create-initial-users.yaml @@ -255,7 +255,7 @@ spec: spec: containers: - name: {{ $_job_name_prefix }} - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent env: diff --git a/root-applications/ibm-mas-account-root/templates/000-cluster-appset.yaml b/root-applications/ibm-mas-account-root/templates/000-cluster-appset.yaml index ad98b38c0..a15a55fe7 100644 --- a/root-applications/ibm-mas-account-root/templates/000-cluster-appset.yaml +++ b/root-applications/ibm-mas-account-root/templates/000-cluster-appset.yaml @@ -102,6 +102,16 @@ spec: revision: "{{ .Values.generator.revision }}" files: - path: "{{ .Values.account.id }}/*/mas-provisioner.yaml" + - git: + repoURL: "{{ .Values.generator.repo_url }}" + revision: "{{ .Values.generator.revision }}" + files: + - path: "{{ .Values.account.id }}/*/image-mirroring.yaml" + - git: + repoURL: "{{ .Values.generator.repo_url }}" + revision: "{{ .Values.generator.revision }}" + files: + - path: "{{ .Values.account.id }}/*/efs-csi-driver.yaml" syncPolicy: applicationsSync: "{{- if .Values.auto_delete }}sync{{- else }}create-update{{- end }}" template: @@ -150,6 +160,9 @@ spec: value: "{{ .Values.auto_delete }}" - name: override_dns_cis_flags_to_false value: "{{ .Values.override_dns_cis_flags_to_false }}" + + - name: disable_docdb_instance_user_management + value: "{{ .Values.disable_docdb_instance_user_management }}" destination: server: 'https://kubernetes.default.svc' namespace: {{ .Values.argo.namespace }} diff --git a/root-applications/ibm-mas-cluster-root/templates/000-efs-csi-driver.yaml b/root-applications/ibm-mas-cluster-root/templates/000-efs-csi-driver.yaml new file mode 100644 index 000000000..5b77f51b5 --- /dev/null +++ b/root-applications/ibm-mas-cluster-root/templates/000-efs-csi-driver.yaml @@ -0,0 +1,74 @@ +{{- if not (empty .Values.efs_csi_driver) }} + +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: efs-csi-driver.{{ .Values.cluster.id }} + namespace: {{ .Values.argo.namespace }} + labels: + environment: '{{ .Values.account.id }}' + region: '{{ .Values.region.id }}' + cluster: '{{ .Values.cluster.id }}' + annotations: + argocd.argoproj.io/sync-wave: "000" + healthCheckTimeout: "1800" + {{- if and .Values.notifications .Values.notifications.slack_channel_id }} + notifications.argoproj.io/subscribe.on-sync-failed.workspace1: {{ .Values.notifications.slack_channel_id }} + notifications.argoproj.io/subscribe.on-sync-succeeded.workspace1: {{ .Values.notifications.slack_channel_id }} + {{- end }} + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + ignoreDifferences: + - group: '*' + kind: ServiceAccount + jsonPointers: + - /imagePullSecrets + project: "{{ .Values.argo.projects.apps }}" + destination: + server: {{ .Values.cluster.url }} + namespace: openshift-config + source: + repoURL: "{{ .Values.source.repo_url }}" + path: cluster-applications/000-efs-csi-driver + targetRevision: "{{ .Values.source.revision }}" + plugin: + name: {{ .Values.avp.name }} + env: + - name: {{ .Values.avp.values_varname }} + value: | + + channel: {{ .Values.efs_csi_driver.channel }} + catalog_source: {{ .Values.efs_csi_driver.catalog_source }} + catalog_source_namespace: {{ .Values.efs_csi_driver.catalog_source_namespace }} + role_arn: {{ .Values.efs_csi_driver.role_arn }} + + junitreporter: + reporter_name: "efs-csi-driver" + cluster_id: "{{ .Values.cluster.id }}" + devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" + devops_build_number: "{{ .Values.devops.build_number }}" + gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} + {{- if .Values.custom_labels }} + custom_labels: {{ .Values.custom_labels | toYaml | nindent 14 }} + {{- end }} + - name: ARGOCD_APP_NAME + value: efscsidriverapp + {{- if not (empty .Values.avp.secret) }} + - name: AVP_SECRET + value: {{ .Values.avp.secret }} + {{- end }} + syncPolicy: + automated: + {{- if .Values.auto_delete }} + prune: true + {{- end }} + selfHeal: true + retry: + limit: 20 + syncOptions: + - CreateNamespace=true + - RespectIgnoreDifferences=true +{{- end }} diff --git a/root-applications/ibm-mas-cluster-root/templates/000-ibm-operator-catalog-app.yaml b/root-applications/ibm-mas-cluster-root/templates/000-ibm-operator-catalog-app.yaml index 806b3f2f4..af43e51cb 100644 --- a/root-applications/ibm-mas-cluster-root/templates/000-ibm-operator-catalog-app.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/000-ibm-operator-catalog-app.yaml @@ -47,6 +47,7 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} {{- if .Values.custom_labels }} custom_labels: {{ .Values.custom_labels | toYaml | nindent 14 }} {{- end }} diff --git a/root-applications/ibm-mas-cluster-root/templates/000-image-mirroring.yaml b/root-applications/ibm-mas-cluster-root/templates/000-image-mirroring.yaml new file mode 100644 index 000000000..80bef5ab1 --- /dev/null +++ b/root-applications/ibm-mas-cluster-root/templates/000-image-mirroring.yaml @@ -0,0 +1,80 @@ +{{- if not (empty .Values.image_mirroring) }} + +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: image-mirroring.{{ .Values.cluster.id }} + namespace: {{ .Values.argo.namespace }} + labels: + environment: '{{ .Values.account.id }}' + region: '{{ .Values.region.id }}' + cluster: '{{ .Values.cluster.id }}' + annotations: + argocd.argoproj.io/sync-wave: "000" + healthCheckTimeout: "1800" + {{- if and .Values.notifications .Values.notifications.slack_channel_id }} + notifications.argoproj.io/subscribe.on-sync-failed.workspace1: {{ .Values.notifications.slack_channel_id }} + notifications.argoproj.io/subscribe.on-sync-succeeded.workspace1: {{ .Values.notifications.slack_channel_id }} + {{- end }} + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + ignoreDifferences: + - group: '*' + kind: ServiceAccount + jsonPointers: + - /imagePullSecrets + project: "{{ .Values.argo.projects.apps }}" + destination: + server: {{ .Values.cluster.url }} + namespace: openshift-config + source: + repoURL: "{{ .Values.source.repo_url }}" + path: cluster-applications/000-image-mirroring + targetRevision: "{{ .Values.source.revision }}" + plugin: + name: {{ .Values.avp.name }} + env: + - name: {{ .Values.avp.values_varname }} + value: | + region_id: {{ .Values.region.id }} + ecr_host: {{ .Values.image_mirroring.ecr_host }} + repo_path_prefix: {{ .Values.image_mirroring.repo_path_prefix }} + cli_image_repo: {{ .Values.cli_image_repo }} + + aws_access_key_id: "{{ .Values.image_mirroring.aws_access_key_id }}" + aws_secret_access_key: "{{ .Values.image_mirroring.aws_secret_access_key }}" + aws_region: "{{ .Values.region.id }}" + + additional_image_tag_sources: {{ .Values.image_mirroring.additional_image_tag_sources }} + additional_image_digest_sources: {{ .Values.image_mirroring.additional_image_digest_sources }} + + junitreporter: + reporter_name: "image-mirroring" + cluster_id: "{{ .Values.cluster.id }}" + devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" + devops_build_number: "{{ .Values.devops.build_number }}" + gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} + {{- if .Values.custom_labels }} + custom_labels: {{ .Values.custom_labels | toYaml | nindent 14 }} + {{- end }} + - name: ARGOCD_APP_NAME + value: imsagemirroringapp + {{- if not (empty .Values.avp.secret) }} + - name: AVP_SECRET + value: {{ .Values.avp.secret }} + {{- end }} + syncPolicy: + automated: + {{- if .Values.auto_delete }} + prune: true + {{- end }} + selfHeal: true + retry: + limit: 20 + syncOptions: + - CreateNamespace=true + - RespectIgnoreDifferences=true +{{- end }} diff --git a/root-applications/ibm-mas-cluster-root/templates/000-job-cleaner.yaml b/root-applications/ibm-mas-cluster-root/templates/000-job-cleaner.yaml index e6b041f88..6eaa1571f 100644 --- a/root-applications/ibm-mas-cluster-root/templates/000-job-cleaner.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/000-job-cleaner.yaml @@ -37,12 +37,14 @@ spec: env: - name: {{ .Values.avp.values_varname }} value: | + cli_image_repo: {{ .Values.cli_image_repo }} junitreporter: reporter_name: "job-cleaner" cluster_id: "{{ .Values.cluster.id }}" devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} {{- if .Values.custom_labels }} custom_labels: {{ .Values.custom_labels | toYaml | nindent 14 }} {{- end }} diff --git a/root-applications/ibm-mas-cluster-root/templates/010-ibm-redhat-cert-manager-app.yaml b/root-applications/ibm-mas-cluster-root/templates/010-ibm-redhat-cert-manager-app.yaml index dc405e7e7..7a227d2e7 100644 --- a/root-applications/ibm-mas-cluster-root/templates/010-ibm-redhat-cert-manager-app.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/010-ibm-redhat-cert-manager-app.yaml @@ -42,12 +42,14 @@ spec: channel: "{{ .Values.redhat_cert_manager.channel }}" run_sync_hooks: {{ .Values.redhat_cert_manager.run_sync_hooks }} redhat_cert_manager_install_plan: "{{ .Values.redhat_cert_manager.redhat_cert_manager_install_plan }}" + cli_image_repo: {{ .Values.cli_image_repo }} junitreporter: reporter_name: "redhat-cert-manager" cluster_id: "{{ .Values.cluster.id }}" devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} {{- if .Values.custom_labels }} custom_labels: {{ .Values.custom_labels | toYaml | nindent 14 }} {{- end }} diff --git a/root-applications/ibm-mas-cluster-root/templates/020-ibm-dro-app.yaml b/root-applications/ibm-mas-cluster-root/templates/020-ibm-dro-app.yaml index c9080cc6f..fefce35dc 100644 --- a/root-applications/ibm-mas-cluster-root/templates/020-ibm-dro-app.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/020-ibm-dro-app.yaml @@ -50,12 +50,14 @@ spec: dro_cmm_setup: "{{ .Values.ibm_dro.dro_cmm_setup }}" dro_install_plan: "{{ .Values.ibm_dro.dro_install_plan }}" imo_install_plan: "{{ .Values.ibm_dro.imo_install_plan }}" + cli_image_repo: {{ .Values.cli_image_repo }} junitreporter: reporter_name: "ibm-dro" cluster_id: "{{ .Values.cluster.id }}" devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} {{- if .Values.ibm_dro.dro_cmm_setup }} dro_cmm: auth_apikey: "{{ .Values.ibm_dro.dro_cmm.auth_apikey }}" diff --git a/root-applications/ibm-mas-cluster-root/templates/021-ibm-dro-cleanup.yaml b/root-applications/ibm-mas-cluster-root/templates/021-ibm-dro-cleanup.yaml index f6c0d1ba1..6498308cb 100644 --- a/root-applications/ibm-mas-cluster-root/templates/021-ibm-dro-cleanup.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/021-ibm-dro-cleanup.yaml @@ -36,12 +36,14 @@ spec: - name: {{ .Values.avp.values_varname }} value: | dro_namespace: "{{ .Values.ibm_dro.dro_namespace }}" + cli_image_repo: {{ .Values.cli_image_repo }} junitreporter: reporter_name: "ibm-dro-cleanup" cluster_id: "{{ .Values.cluster.id }}" devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} {{- if .Values.custom_labels }} custom_labels: {{ .Values.custom_labels | toYaml | nindent 14 }} {{- end }} diff --git a/root-applications/ibm-mas-cluster-root/templates/030-ibm-cis-cert-manager.yaml b/root-applications/ibm-mas-cluster-root/templates/030-ibm-cis-cert-manager.yaml index 5fc53f990..bd2363ce4 100644 --- a/root-applications/ibm-mas-cluster-root/templates/030-ibm-cis-cert-manager.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/030-ibm-cis-cert-manager.yaml @@ -34,7 +34,7 @@ spec: - name: {{ .Values.avp.values_varname }} value: | argo_namespace: "{{ .Values.argo.namespace }}" - + cis_webhook_image_repo: "{{ .Values.ibm_cis_cert_manager.cis_webhook_image_repo }}" {{- if .Values.custom_labels }} custom_labels: {{ .Values.custom_labels | toYaml | nindent 14 }} {{- end }} @@ -44,6 +44,7 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} dns_provider: "{{ .Values.ibm_cis_cert_manager.dns_provider }}" ocp_cluster_domain: "{{ .Values.ibm_cis_cert_manager.ocp_cluster_domain }}" cis_apikey: "{{ .Values.ibm_cis_cert_manager.cis_apikey }}" diff --git a/root-applications/ibm-mas-cluster-root/templates/040-cis-compliance-app.yaml b/root-applications/ibm-mas-cluster-root/templates/040-cis-compliance-app.yaml index 86aea2894..2fc399724 100644 --- a/root-applications/ibm-mas-cluster-root/templates/040-cis-compliance-app.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/040-cis-compliance-app.yaml @@ -41,6 +41,7 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} {{- if .Values.custom_labels }} custom_labels: {{ .Values.custom_labels | toYaml | nindent 14 }} {{- end }} diff --git a/root-applications/ibm-mas-cluster-root/templates/041-cis-compliance-cleanup.yaml b/root-applications/ibm-mas-cluster-root/templates/041-cis-compliance-cleanup.yaml index c666234db..b437b72af 100644 --- a/root-applications/ibm-mas-cluster-root/templates/041-cis-compliance-cleanup.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/041-cis-compliance-cleanup.yaml @@ -36,12 +36,14 @@ spec: - name: {{ .Values.avp.values_varname }} value: | argo_namespace: "{{ .Values.argo.namespace }}" + cli_image_repo: {{ .Values.cli_image_repo }} junitreporter: reporter_name: "cis-compliance-cleanup" cluster_id: "{{ .Values.cluster.id }}" devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} {{- if .Values.custom_labels }} custom_labels: {{ .Values.custom_labels | toYaml | nindent 14 }} {{- end }} diff --git a/root-applications/ibm-mas-cluster-root/templates/050-nfd-operator-app.yaml b/root-applications/ibm-mas-cluster-root/templates/050-nfd-operator-app.yaml index 443fff2cf..a955b3422 100644 --- a/root-applications/ibm-mas-cluster-root/templates/050-nfd-operator-app.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/050-nfd-operator-app.yaml @@ -44,6 +44,7 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} {{- if .Values.custom_labels }} custom_labels: {{ .Values.custom_labels | toYaml | nindent 14 }} {{- end }} diff --git a/root-applications/ibm-mas-cluster-root/templates/051-nvidia-gpu-operator-app.yaml b/root-applications/ibm-mas-cluster-root/templates/051-nvidia-gpu-operator-app.yaml index dcd95f4ac..6dfd75dce 100644 --- a/root-applications/ibm-mas-cluster-root/templates/051-nvidia-gpu-operator-app.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/051-nvidia-gpu-operator-app.yaml @@ -44,6 +44,7 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} {{- if .Values.custom_labels }} custom_labels: {{ .Values.custom_labels | toYaml | nindent 14 }} {{- end }} diff --git a/root-applications/ibm-mas-cluster-root/templates/052-group-sync-operator-app.yaml b/root-applications/ibm-mas-cluster-root/templates/052-group-sync-operator-app.yaml index e8832ac5b..370dcff1d 100644 --- a/root-applications/ibm-mas-cluster-root/templates/052-group-sync-operator-app.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/052-group-sync-operator-app.yaml @@ -43,6 +43,7 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} {{- if .Values.custom_labels }} custom_labels: {{ .Values.custom_labels | toYaml | nindent 14 }} {{- end }} diff --git a/root-applications/ibm-mas-cluster-root/templates/053-falcon-operator-app.yaml b/root-applications/ibm-mas-cluster-root/templates/053-falcon-operator-app.yaml index 42086cfd8..28c9161c3 100644 --- a/root-applications/ibm-mas-cluster-root/templates/053-falcon-operator-app.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/053-falcon-operator-app.yaml @@ -42,6 +42,7 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} {{- if .Values.custom_labels }} custom_labels: {{ .Values.custom_labels | toYaml | nindent 14 }} {{- end }} diff --git a/root-applications/ibm-mas-cluster-root/templates/054-cluster-logging-operator-app.yaml b/root-applications/ibm-mas-cluster-root/templates/054-cluster-logging-operator-app.yaml index a10e4d983..657f2586a 100644 --- a/root-applications/ibm-mas-cluster-root/templates/054-cluster-logging-operator-app.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/054-cluster-logging-operator-app.yaml @@ -50,6 +50,7 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} {{- if .Values.custom_labels }} custom_labels: {{ .Values.custom_labels | toYaml | nindent 14 }} {{- end }} diff --git a/root-applications/ibm-mas-cluster-root/templates/055-instana-agent-operator-app.yaml b/root-applications/ibm-mas-cluster-root/templates/055-instana-agent-operator-app.yaml index 28e31ac67..04f83318f 100644 --- a/root-applications/ibm-mas-cluster-root/templates/055-instana-agent-operator-app.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/055-instana-agent-operator-app.yaml @@ -47,12 +47,14 @@ spec: instana_agent_operator_endpoint_port: "{{ .Values.instana_agent_operator.endpoint_port }}" instana_agent_operator_jks_storage_class: "{{ .Values.instana_agent_operator.jks_storage_class }}" instana_agent_operator_env: {{ .Values.instana_agent_operator.env | toYaml | nindent 14 }} + cli_image_repo: {{ .Values.cli_image_repo }} junitreporter: reporter_name: "instana-agent-operator" cluster_id: "{{ .Values.cluster.id }}" devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} {{- if .Values.custom_labels }} custom_labels: {{ .Values.custom_labels | toYaml | nindent 14 }} {{- end }} diff --git a/root-applications/ibm-mas-cluster-root/templates/060-custom-sa.yaml b/root-applications/ibm-mas-cluster-root/templates/060-custom-sa.yaml index e4894f30f..08260025a 100644 --- a/root-applications/ibm-mas-cluster-root/templates/060-custom-sa.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/060-custom-sa.yaml @@ -39,6 +39,7 @@ spec: sm_aws_access_key_id: "{{ .Values.sm.aws_access_key_id }}" sm_aws_secret_access_key: "{{ .Values.sm.aws_secret_access_key }}" custom_sa_namespace: "{{ .Values.custom_sa.custom_sa_namespace }}" + cli_image_repo: {{ .Values.cli_image_repo }} {{- if .Values.custom_sa.custom_sa_details }} custom_sa_details: {{ .Values.custom_sa.custom_sa_details | toYaml | nindent 14 }} {{- end }} @@ -48,6 +49,7 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} {{- if .Values.custom_labels }} custom_labels: {{ .Values.custom_labels | toYaml | nindent 14 }} {{- end }} diff --git a/root-applications/ibm-mas-cluster-root/templates/061-ibm-rbac-app.yaml b/root-applications/ibm-mas-cluster-root/templates/061-ibm-rbac-app.yaml index de1acd28c..e47ec877e 100644 --- a/root-applications/ibm-mas-cluster-root/templates/061-ibm-rbac-app.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/061-ibm-rbac-app.yaml @@ -39,6 +39,7 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} {{- if .Values.custom_labels }} custom_labels: {{ .Values.custom_labels | toYaml | nindent 14 }} {{- end }} diff --git a/root-applications/ibm-mas-cluster-root/templates/099-instance-appset.yaml b/root-applications/ibm-mas-cluster-root/templates/099-instance-appset.yaml index 01ad5604a..5f985a8b5 100644 --- a/root-applications/ibm-mas-cluster-root/templates/099-instance-appset.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/099-instance-appset.yaml @@ -208,6 +208,9 @@ spec: value: "{{ .Values.devops.build_number }}" - name: override_dns_cis_flags_to_false value: "{{ .Values.override_dns_cis_flags_to_false }}" + + - name: disable_docdb_instance_user_management + value: "{{ .Values.disable_docdb_instance_user_management }}" - name: cluster_nonshared value: "{{ .Values.cluster.nonshared }}" destination: diff --git a/root-applications/ibm-mas-cluster-root/templates/200-cluster-promotion-app.yaml b/root-applications/ibm-mas-cluster-root/templates/200-cluster-promotion-app.yaml index 377778ce3..e3183cb4e 100644 --- a/root-applications/ibm-mas-cluster-root/templates/200-cluster-promotion-app.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/200-cluster-promotion-app.yaml @@ -37,6 +37,7 @@ spec: region_id: "{{ .Values.region.id }}" cluster_id: "{{ .Values.cluster.id }}" argo_namespace: "{{ .Values.argo.namespace }}" + cli_image_repo: {{ .Values.cli_image_repo }} {{- if .Values.promotion }} github_pat: "{{ .Values.promotion.github_pat }}" target_github_host: "{{ .Values.promotion.target_github_host }}" @@ -57,6 +58,7 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} {{- if .Values.custom_labels }} custom_labels: {{ .Values.custom_labels | toYaml | nindent 14 }} {{- end }} diff --git a/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml b/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml index 96fbd2927..d752a90b0 100644 --- a/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml @@ -62,6 +62,7 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} {{- if .Values.custom_labels }} custom_labels: {{ .Values.custom_labels | toYaml | nindent 14 }} {{- end }} diff --git a/root-applications/ibm-mas-instance-root/templates/000-ibm-sync-resources.yaml b/root-applications/ibm-mas-instance-root/templates/000-ibm-sync-resources.yaml index 2b91fefb7..a2f1505a4 100644 --- a/root-applications/ibm-mas-instance-root/templates/000-ibm-sync-resources.yaml +++ b/root-applications/ibm-mas-instance-root/templates/000-ibm-sync-resources.yaml @@ -90,6 +90,7 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} {{- if .Values.custom_labels }} custom_labels: {{ .Values.custom_labels | toYaml | nindent 14 }} diff --git a/root-applications/ibm-mas-instance-root/templates/010-ibm-sync-jobs.yaml b/root-applications/ibm-mas-instance-root/templates/010-ibm-sync-jobs.yaml index 1824fe9cf..9baecdb46 100644 --- a/root-applications/ibm-mas-instance-root/templates/010-ibm-sync-jobs.yaml +++ b/root-applications/ibm-mas-instance-root/templates/010-ibm-sync-jobs.yaml @@ -42,6 +42,7 @@ spec: region_id: "{{ .Values.region.id }}" cluster_id: "{{ .Values.cluster.id }}" instance_id: "{{ .Values.instance.id }}" + cli_image_repo: {{ .Values.cli_image_repo }} sm_aws_access_key_id: "{{ .Values.sm.aws_access_key_id }}" sm_aws_secret_access_key: "{{ .Values.sm.aws_secret_access_key }}" sm_aws_region: "{{ .Values.region.id }}" @@ -55,6 +56,8 @@ spec: {{- end }} {{- end }} + disable_docdb_instance_user_management: {{ .Values.disable_docdb_instance_user_management | default false }} + {{- if not (empty .Values.ibm_mas_suite) }} mas_manual_cert_mgmt: {{ .Values.ibm_mas_suite.mas_manual_cert_mgmt }} @@ -125,6 +128,7 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} mas_wipe_mongo_data: {{ .Values.mas_wipe_mongo_data }} diff --git a/root-applications/ibm-mas-instance-root/templates/100-ibm-sls-app.yaml b/root-applications/ibm-mas-instance-root/templates/100-ibm-sls-app.yaml index 38ad0963b..1289c22ea 100644 --- a/root-applications/ibm-mas-instance-root/templates/100-ibm-sls-app.yaml +++ b/root-applications/ibm-mas-instance-root/templates/100-ibm-sls-app.yaml @@ -50,6 +50,7 @@ spec: region_id: "{{ .Values.region.id }}" cluster_id: "{{ .Values.cluster.id }}" instance_id: "{{ .Values.instance.id }}" + cli_image_repo: {{ .Values.cli_image_repo }} argo_namespace: "{{ .Values.argo.namespace }}" sm_aws_access_key_id: "{{ .Values.sm.aws_access_key_id }}" sm_aws_secret_access_key: "{{ .Values.sm.aws_secret_access_key }}" @@ -73,6 +74,10 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} + {{- if .Values.ibm_sls.internal_certificate_authority }} + internal_certificate_authority: "{{ .Values.ibm_sls.internal_certificate_authority }}" + {{- end }} - name: ARGOCD_APP_NAME value: slsapp {{- if not (empty .Values.avp.secret) }} diff --git a/root-applications/ibm-mas-instance-root/templates/101-ibm-sync-jobs-cp4d.yaml b/root-applications/ibm-mas-instance-root/templates/101-ibm-sync-jobs-cp4d.yaml index 1352040ac..bf4035b10 100644 --- a/root-applications/ibm-mas-instance-root/templates/101-ibm-sync-jobs-cp4d.yaml +++ b/root-applications/ibm-mas-instance-root/templates/101-ibm-sync-jobs-cp4d.yaml @@ -43,6 +43,7 @@ spec: region_id: "{{ .Values.region.id }}" cluster_id: "{{ .Values.cluster.id }}" instance_id: "{{ .Values.instance.id }}" + cli_image_repo: {{ .Values.cli_image_repo }} sm_aws_access_key_id: "{{ .Values.sm.aws_access_key_id }}" sm_aws_secret_access_key: "{{ .Values.sm.aws_secret_access_key }}" sm_aws_region: "{{ .Values.region.id }}" @@ -60,6 +61,7 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} mas_wipe_mongo_data: {{ .Values.mas_wipe_mongo_data }} diff --git a/root-applications/ibm-mas-instance-root/templates/110-ibm-cp4d-app.yaml b/root-applications/ibm-mas-instance-root/templates/110-ibm-cp4d-app.yaml index 0143a564a..6b73d8536 100644 --- a/root-applications/ibm-mas-instance-root/templates/110-ibm-cp4d-app.yaml +++ b/root-applications/ibm-mas-instance-root/templates/110-ibm-cp4d-app.yaml @@ -44,6 +44,7 @@ spec: value: | argo_namespace: "{{ .Values.argo.namespace }}" instance_id: "{{ .Values.instance.id }}" + cli_image_repo: {{ .Values.cli_image_repo }} ibm_entitlement_key: "{{ .Values.ibm_cp4d.ibm_entitlement_key }}" cpd_operators_namespace: "{{ .Values.ibm_cp4d.cpd_operators_namespace }}" cpd_instance_namespace: "{{ .Values.ibm_cp4d.cpd_instance_namespace }}" @@ -97,6 +98,7 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} - name: ARGOCD_APP_NAME value: cp4dapp {{- if not (empty .Values.avp.secret) }} diff --git a/root-applications/ibm-mas-instance-root/templates/110-ibm-cp4d-operator-app.yaml b/root-applications/ibm-mas-instance-root/templates/110-ibm-cp4d-operator-app.yaml index fce2f14e6..3f4953651 100644 --- a/root-applications/ibm-mas-instance-root/templates/110-ibm-cp4d-operator-app.yaml +++ b/root-applications/ibm-mas-instance-root/templates/110-ibm-cp4d-operator-app.yaml @@ -35,6 +35,7 @@ spec: value: | argo_namespace: "{{ .Values.argo.namespace }}" instance_id: "{{ .Values.instance.id }}" + cli_image_repo: {{ .Values.cli_image_repo }} ibm_entitlement_key: "{{ .Values.ibm_cp4d.ibm_entitlement_key }}" cpd_operators_namespace: "{{ .Values.ibm_cp4d.cpd_operators_namespace }}" cpd_instance_namespace: "{{ .Values.ibm_cp4d.cpd_instance_namespace }}" @@ -90,6 +91,7 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} - name: ARGOCD_APP_NAME value: cp4doperatorapp {{- if not (empty .Values.avp.secret) }} diff --git a/root-applications/ibm-mas-instance-root/templates/110-ibm-cs-control-app.yaml b/root-applications/ibm-mas-instance-root/templates/110-ibm-cs-control-app.yaml index adc53cff5..2e94779fc 100644 --- a/root-applications/ibm-mas-instance-root/templates/110-ibm-cs-control-app.yaml +++ b/root-applications/ibm-mas-instance-root/templates/110-ibm-cs-control-app.yaml @@ -94,6 +94,7 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} - name: ARGOCD_APP_NAME value: cscontrolapp {{- if not (empty .Values.avp.secret) }} diff --git a/root-applications/ibm-mas-instance-root/templates/110-ibm-db2u-app.yaml b/root-applications/ibm-mas-instance-root/templates/110-ibm-db2u-app.yaml index 76df61072..4c956bded 100644 --- a/root-applications/ibm-mas-instance-root/templates/110-ibm-db2u-app.yaml +++ b/root-applications/ibm-mas-instance-root/templates/110-ibm-db2u-app.yaml @@ -36,6 +36,7 @@ spec: value: | argo_namespace: "{{ .Values.argo.namespace }}" db2_namespace: "{{ .Values.ibm_db2u.db2_namespace }}" + cli_image_repo: {{ .Values.cli_image_repo }} ibm_entitlement_key: "{{ .Values.ibm_db2u.ibm_entitlement_key }}" db2_channel: "{{ .Values.ibm_db2u.db2_channel }}" db2_install_plan: "{{ .Values.ibm_db2u.db2_install_plan }}" @@ -49,6 +50,7 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} - name: ARGOCD_APP_NAME value: db2uapp {{- if not (empty .Values.avp.secret) }} diff --git a/root-applications/ibm-mas-instance-root/templates/120-db2-databases-app.yaml b/root-applications/ibm-mas-instance-root/templates/120-db2-databases-app.yaml index 4c782ed41..575b5f433 100644 --- a/root-applications/ibm-mas-instance-root/templates/120-db2-databases-app.yaml +++ b/root-applications/ibm-mas-instance-root/templates/120-db2-databases-app.yaml @@ -61,6 +61,7 @@ spec: devops_mongo_uri: "{{ $.Values.devops.mongo_uri }}" devops_build_number: "{{ $.Values.devops.build_number }}" gitops_version: "{{ $.Values.source.revision }}" + cli_image_repo: {{ $.Values.cli_image_repo }} {{ $value | toYaml | nindent 12 }} - name: ARGOCD_APP_NAME value: "db2dbapp-{{ $value.db2_instance_name | replace (cat "db2wh-" $.Values.instance.id "-" | replace " " "") "" }}" diff --git a/root-applications/ibm-mas-instance-root/templates/120-ibm-spark-app.yaml b/root-applications/ibm-mas-instance-root/templates/120-ibm-spark-app.yaml index deabd39ee..5dc77bafb 100644 --- a/root-applications/ibm-mas-instance-root/templates/120-ibm-spark-app.yaml +++ b/root-applications/ibm-mas-instance-root/templates/120-ibm-spark-app.yaml @@ -39,6 +39,7 @@ spec: - name: {{ .Values.avp.values_varname }} value: | instance_id: "{{ .Values.instance.id }}" + cli_image_repo: {{ .Values.cli_image_repo }} ccs_version: "{{ .Values.ibm_spark.ccs_version }}" cpd_instance_namespace: "{{ .Values.ibm_cp4d.cpd_instance_namespace }}" cpd_operators_namespace: "{{ .Values.ibm_cp4d.cpd_operators_namespace }}" @@ -58,6 +59,7 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} - name: ARGOCD_APP_NAME value: cpdsparkapp {{- if not (empty .Values.avp.secret) }} diff --git a/root-applications/ibm-mas-instance-root/templates/120-ibm-spss-app.yaml b/root-applications/ibm-mas-instance-root/templates/120-ibm-spss-app.yaml index f6f105d8c..0a8a94369 100644 --- a/root-applications/ibm-mas-instance-root/templates/120-ibm-spss-app.yaml +++ b/root-applications/ibm-mas-instance-root/templates/120-ibm-spss-app.yaml @@ -61,6 +61,7 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} - name: ARGOCD_APP_NAME value: cpdspssapp {{- if not (empty .Values.avp.secret) }} diff --git a/root-applications/ibm-mas-instance-root/templates/120-ibm-wml-app.yaml b/root-applications/ibm-mas-instance-root/templates/120-ibm-wml-app.yaml index 5fc02dc9e..4111d7617 100644 --- a/root-applications/ibm-mas-instance-root/templates/120-ibm-wml-app.yaml +++ b/root-applications/ibm-mas-instance-root/templates/120-ibm-wml-app.yaml @@ -58,6 +58,7 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} - name: ARGOCD_APP_NAME value: cpdwmlapp {{- if not (empty .Values.avp.secret) }} diff --git a/root-applications/ibm-mas-instance-root/templates/120-ibm-wsl-app.yaml b/root-applications/ibm-mas-instance-root/templates/120-ibm-wsl-app.yaml index 1934812d2..f5efba1ff 100644 --- a/root-applications/ibm-mas-instance-root/templates/120-ibm-wsl-app.yaml +++ b/root-applications/ibm-mas-instance-root/templates/120-ibm-wsl-app.yaml @@ -38,6 +38,7 @@ spec: region_id: "{{ .Values.region.id }}" cluster_id: "{{ .Values.cluster.id }}" instance_id: "{{ .Values.instance.id }}" + cli_image_repo: {{ .Values.cli_image_repo }} sm_aws_access_key_id: "{{ .Values.sm.aws_access_key_id }}" sm_aws_secret_access_key: "{{ .Values.sm.aws_secret_access_key }}" cpd_operators_namespace: "{{ .Values.ibm_cp4d.cpd_operators_namespace }}" @@ -61,6 +62,7 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} - name: ARGOCD_APP_NAME value: cpdwslapp {{- if not (empty .Values.avp.secret) }} diff --git a/root-applications/ibm-mas-instance-root/templates/130-ibm-mas-suite-app.yaml b/root-applications/ibm-mas-instance-root/templates/130-ibm-mas-suite-app.yaml index 5c3d1c963..27be6e5d2 100644 --- a/root-applications/ibm-mas-instance-root/templates/130-ibm-mas-suite-app.yaml +++ b/root-applications/ibm-mas-instance-root/templates/130-ibm-mas-suite-app.yaml @@ -57,6 +57,7 @@ spec: dns_provider: "{{ .Values.ibm_mas_suite.dns_provider }}" icr_cp: "{{ .Values.ibm_mas_suite.icr_cp }}" icr_cp_open: "{{ .Values.ibm_mas_suite.icr_cp_open }}" + cli_image_repo: {{ .Values.cli_image_repo }} {{- if .Values.ibm_mas_suite.mas_annotations }} mas_annotations: {{ .Values.ibm_mas_suite.mas_annotations | toYaml | nindent 14 }} @@ -125,11 +126,20 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} {{- if .Values.ibm_mas_suite.oidc }} oidc: {{ .Values.ibm_mas_suite.oidc | toYaml | nindent 14 }} {{- end }} + {{- if .Values.ibm_mas_suite.internal_certificate_authority }} + internal_certificate_authority: "{{ .Values.ibm_mas_suite.internal_certificate_authority }}" + {{- end }} + + {{- if .Values.ibm_mas_suite.welcome_message }} + welcome_message: | + {{ .Values.ibm_mas_suite.welcome_message | nindent 14 }} + {{- end }} - name: ARGOCD_APP_NAME value: suiteapp {{- if not (empty .Values.avp.secret) }} diff --git a/root-applications/ibm-mas-instance-root/templates/130-ibm-mas-suite-configs-app.yaml b/root-applications/ibm-mas-instance-root/templates/130-ibm-mas-suite-configs-app.yaml index 91108ef49..70915139b 100644 --- a/root-applications/ibm-mas-instance-root/templates/130-ibm-mas-suite-configs-app.yaml +++ b/root-applications/ibm-mas-instance-root/templates/130-ibm-mas-suite-configs-app.yaml @@ -48,6 +48,7 @@ spec: region_id: "{{ $.Values.region.id }}" cluster_id: "{{ $.Values.cluster.id }}" instance_id: "{{ $.Values.instance.id }}" + cli_image_repo: {{ $.Values.cli_image_repo }} sm_aws_access_key_id: "{{ $.Values.sm.aws_access_key_id }}" sm_aws_secret_access_key: "{{ $.Values.sm.aws_secret_access_key }}" {{- if $.Values.custom_labels }} @@ -61,6 +62,7 @@ spec: devops_mongo_uri: "{{ $.Values.devops.mongo_uri }}" devops_build_number: "{{ $.Values.devops.build_number }}" gitops_version: "{{ $.Values.source.revision }}" + cli_image_repo: {{ $.Values.cli_image_repo }} - name: ARGOCD_APP_NAME value: {{ $value.mas_config_name }} {{- if not (empty $.Values.avp.secret) }} diff --git a/root-applications/ibm-mas-instance-root/templates/200-ibm-mas-workspaces.yaml b/root-applications/ibm-mas-instance-root/templates/200-ibm-mas-workspaces.yaml index 782b3502d..f51bb7f91 100644 --- a/root-applications/ibm-mas-instance-root/templates/200-ibm-mas-workspaces.yaml +++ b/root-applications/ibm-mas-instance-root/templates/200-ibm-mas-workspaces.yaml @@ -39,6 +39,7 @@ spec: - name: {{ $.Values.avp.values_varname }} value: | instance_id: "{{ $.Values.instance.id }}" + cli_image_repo: {{ $.Values.cli_image_repo }} mas_workspace_id: "{{ $value.mas_workspace_id }}" mas_workspace_name: "{{ $value.mas_workspace_name }}" {{- if $.Values.custom_labels }} @@ -51,6 +52,7 @@ spec: devops_mongo_uri: "{{ $.Values.devops.mongo_uri }}" devops_build_number: "{{ $.Values.devops.build_number }}" gitops_version: "{{ $.Values.source.revision }}" + cli_image_repo: {{ $.Values.cli_image_repo }} - name: ARGOCD_APP_NAME value: "workspaceapp-{{ $value.mas_workspace_id }}" {{- if not (empty $.Values.avp.secret) }} diff --git a/root-applications/ibm-mas-instance-root/templates/500-ibm-mas-masapp-manage-install.yaml b/root-applications/ibm-mas-instance-root/templates/500-ibm-mas-masapp-manage-install.yaml index 15d269c21..0c7838f16 100644 --- a/root-applications/ibm-mas-instance-root/templates/500-ibm-mas-masapp-manage-install.yaml +++ b/root-applications/ibm-mas-instance-root/templates/500-ibm-mas-masapp-manage-install.yaml @@ -35,6 +35,7 @@ spec: - name: {{ .Values.avp.values_varname }} value: | instance_id: "{{ .Values.instance.id }}" + cli_image_repo: {{ .Values.cli_image_repo }} argo_namespace: "{{ .Values.argo.namespace }}" mas_app_api_version: "{{ .Values.ibm_suite_app_manage_install.mas_app_api_version }}" mas_app_kind: "{{ .Values.ibm_suite_app_manage_install.mas_app_kind }}" @@ -60,6 +61,9 @@ spec: {{- if .Values.custom_labels }} custom_labels: {{ .Values.custom_labels | toYaml | nindent 14 }} {{- end }} + {{- if .Values.ibm_suite_app_manage_install.storage_class_definitions }} + storage_class_definitions: {{ .Values.ibm_suite_app_manage_install.storage_class_definitions | toYaml | nindent 14 }} + {{- end }} junitreporter: reporter_name: "app-install-manage-{{ .Values.instance.id }}" cluster_id: "{{ .Values.cluster.id }}" @@ -67,6 +71,7 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} - name: ARGOCD_APP_NAME value: "manage-install" {{- if not (empty .Values.avp.secret) }} diff --git a/root-applications/ibm-mas-instance-root/templates/510-550-ibm-mas-masapp-configs.yaml b/root-applications/ibm-mas-instance-root/templates/510-550-ibm-mas-masapp-configs.yaml index 3f5fb8176..63c34977d 100644 --- a/root-applications/ibm-mas-instance-root/templates/510-550-ibm-mas-masapp-configs.yaml +++ b/root-applications/ibm-mas-instance-root/templates/510-550-ibm-mas-masapp-configs.yaml @@ -56,6 +56,7 @@ spec: - name: {{ $.Values.avp.values_varname }} value: | instance_id: "{{ $.Values.instance.id }}" + cli_image_repo: {{ $.Values.cli_image_repo }} mas_catalog_version: "{{ $.Values.mas_catalog_version }}" mas_app_id: "{{ $value.mas_app_id }}" mas_workspace_id: "{{ $value.mas_workspace_id }}" @@ -121,6 +122,7 @@ spec: devops_mongo_uri: "{{ $.Values.devops.mongo_uri }}" devops_build_number: "{{ $.Values.devops.build_number }}" gitops_version: "{{ $.Values.source.revision }}" + cli_image_repo: {{ $.Values.cli_image_repo }} {{- if (eq $value.mas_app_id "manage") }} {{- if not (empty $.Values.ibm_db2u_databases) }} @@ -135,6 +137,10 @@ spec: {{- end }} {{- end }} + {{- if $value.storage_class_definitions }} + storage_class_definitions: {{ $value.storage_class_definitions | toYaml | nindent 14 }} + {{- end }} + - name: ARGOCD_APP_NAME value: "ma-cfg-{{ $value.mas_app_id }}" {{- if not (empty $.Values.avp.secret) }} diff --git a/root-applications/ibm-mas-instance-root/templates/510-ibm-mas-masapp-assist-install.yaml b/root-applications/ibm-mas-instance-root/templates/510-ibm-mas-masapp-assist-install.yaml index 4ade9b82f..7fb549799 100644 --- a/root-applications/ibm-mas-instance-root/templates/510-ibm-mas-masapp-assist-install.yaml +++ b/root-applications/ibm-mas-instance-root/templates/510-ibm-mas-masapp-assist-install.yaml @@ -35,6 +35,7 @@ spec: - name: {{ .Values.avp.values_varname }} value: | instance_id: "{{ .Values.instance.id }}" + cli_image_repo: {{ .Values.cli_image_repo }} argo_namespace: "{{ .Values.argo.namespace }}" mas_app_api_version: "{{ .Values.ibm_suite_app_assist_install.mas_app_api_version }}" mas_app_kind: "{{ .Values.ibm_suite_app_assist_install.mas_app_kind }}" @@ -66,6 +67,7 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} mas_app_spec: {{ .Values.ibm_suite_app_assist_install.mas_app_spec | toYaml | nindent 14 }} - name: ARGOCD_APP_NAME value: "assist-install" diff --git a/root-applications/ibm-mas-instance-root/templates/510-ibm-mas-masapp-facilities-install.yaml b/root-applications/ibm-mas-instance-root/templates/510-ibm-mas-masapp-facilities-install.yaml index 7245e3eb8..732fdea03 100644 --- a/root-applications/ibm-mas-instance-root/templates/510-ibm-mas-masapp-facilities-install.yaml +++ b/root-applications/ibm-mas-instance-root/templates/510-ibm-mas-masapp-facilities-install.yaml @@ -35,6 +35,7 @@ spec: - name: {{ .Values.avp.values_varname }} value: | instance_id: "{{ .Values.instance.id }}" + cli_image_repo: {{ .Values.cli_image_repo }} argo_namespace: "{{ .Values.argo.namespace }}" mas_app_api_version: "{{ .Values.ibm_suite_app_facilities_install.mas_app_api_version }}" mas_app_kind: "{{ .Values.ibm_suite_app_facilities_install.mas_app_kind }}" @@ -59,6 +60,9 @@ spec: {{- if .Values.custom_labels }} custom_labels: {{ .Values.custom_labels | toYaml | nindent 14 }} {{- end }} + {{- if .Values.ibm_suite_app_facilities_install.storage_class_definitions }} + storage_class_definitions: {{ .Values.ibm_suite_app_facilities_install.storage_class_definitions | toYaml | nindent 14 }} + {{- end }} junitreporter: reporter_name: "app-install-facilities-{{ .Values.instance.id }}" cluster_id: "{{ .Values.cluster.id }}" @@ -66,6 +70,7 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} mas_app_spec: {{ .Values.ibm_suite_app_facilities_install.mas_app_spec | toYaml | nindent 14 }} - name: ARGOCD_APP_NAME value: "facilities-install" diff --git a/root-applications/ibm-mas-instance-root/templates/510-ibm-mas-masapp-iot-install.yaml b/root-applications/ibm-mas-instance-root/templates/510-ibm-mas-masapp-iot-install.yaml index 18ff56ec5..251ff511d 100644 --- a/root-applications/ibm-mas-instance-root/templates/510-ibm-mas-masapp-iot-install.yaml +++ b/root-applications/ibm-mas-instance-root/templates/510-ibm-mas-masapp-iot-install.yaml @@ -35,6 +35,7 @@ spec: - name: {{ .Values.avp.values_varname }} value: | instance_id: "{{ .Values.instance.id }}" + cli_image_repo: {{ .Values.cli_image_repo }} argo_namespace: "{{ .Values.argo.namespace }}" mas_app_api_version: "{{ .Values.ibm_suite_app_iot_install.mas_app_api_version }}" mas_app_kind: "{{ .Values.ibm_suite_app_iot_install.mas_app_kind }}" @@ -67,6 +68,7 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} - name: ARGOCD_APP_NAME value: "iot-install" {{- if not (empty .Values.avp.secret) }} diff --git a/root-applications/ibm-mas-instance-root/templates/510-ibm-mas-masapp-visualinspection-install.yaml b/root-applications/ibm-mas-instance-root/templates/510-ibm-mas-masapp-visualinspection-install.yaml index 134f11597..d31379d8d 100644 --- a/root-applications/ibm-mas-instance-root/templates/510-ibm-mas-masapp-visualinspection-install.yaml +++ b/root-applications/ibm-mas-instance-root/templates/510-ibm-mas-masapp-visualinspection-install.yaml @@ -35,6 +35,7 @@ spec: - name: {{ .Values.avp.values_varname }} value: | instance_id: "{{ .Values.instance.id }}" + cli_image_repo: {{ .Values.cli_image_repo }} argo_namespace: "{{ .Values.argo.namespace }}" mas_app_api_version: "{{ .Values.ibm_suite_app_visualinspection_install.mas_app_api_version }}" mas_app_kind: "{{ .Values.ibm_suite_app_visualinspection_install.mas_app_kind }}" @@ -71,6 +72,7 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} - name: ARGOCD_APP_NAME value: "visualinspection-install" {{- if not (empty .Values.avp.secret) }} diff --git a/root-applications/ibm-mas-instance-root/templates/520-ibm-mas-masapp-health-install.yaml b/root-applications/ibm-mas-instance-root/templates/520-ibm-mas-masapp-health-install.yaml index a0112afb0..daa898506 100644 --- a/root-applications/ibm-mas-instance-root/templates/520-ibm-mas-masapp-health-install.yaml +++ b/root-applications/ibm-mas-instance-root/templates/520-ibm-mas-masapp-health-install.yaml @@ -35,6 +35,7 @@ spec: - name: {{ .Values.avp.values_varname }} value: | instance_id: "{{ .Values.instance.id }}" + cli_image_repo: {{ .Values.cli_image_repo }} argo_namespace: "{{ .Values.argo.namespace }}" mas_app_api_version: "{{ .Values.ibm_suite_app_health_install.mas_app_api_version }}" mas_app_kind: "{{ .Values.ibm_suite_app_health_install.mas_app_kind }}" @@ -67,6 +68,7 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} - name: ARGOCD_APP_NAME value: "health-install" {{- if not (empty .Values.avp.secret) }} diff --git a/root-applications/ibm-mas-instance-root/templates/520-ibm-mas-masapp-monitor-install.yaml b/root-applications/ibm-mas-instance-root/templates/520-ibm-mas-masapp-monitor-install.yaml index ae8e8278a..3cbff518c 100644 --- a/root-applications/ibm-mas-instance-root/templates/520-ibm-mas-masapp-monitor-install.yaml +++ b/root-applications/ibm-mas-instance-root/templates/520-ibm-mas-masapp-monitor-install.yaml @@ -35,6 +35,7 @@ spec: - name: {{ .Values.avp.values_varname }} value: | instance_id: "{{ .Values.instance.id }}" + cli_image_repo: {{ .Values.cli_image_repo }} argo_namespace: "{{ .Values.argo.namespace }}" mas_app_api_version: "{{ .Values.ibm_suite_app_monitor_install.mas_app_api_version }}" mas_app_kind: "{{ .Values.ibm_suite_app_monitor_install.mas_app_kind }}" @@ -67,6 +68,7 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} - name: ARGOCD_APP_NAME value: "monitor-install" {{- if not (empty .Values.avp.secret) }} diff --git a/root-applications/ibm-mas-instance-root/templates/520-ibm-mas-masapp-optimizer-install.yaml b/root-applications/ibm-mas-instance-root/templates/520-ibm-mas-masapp-optimizer-install.yaml index e36f53b54..40e26f035 100644 --- a/root-applications/ibm-mas-instance-root/templates/520-ibm-mas-masapp-optimizer-install.yaml +++ b/root-applications/ibm-mas-instance-root/templates/520-ibm-mas-masapp-optimizer-install.yaml @@ -36,6 +36,7 @@ spec: value: | instance_id: "{{ .Values.instance.id }}" argo_namespace: "{{ .Values.argo.namespace }}" + cli_image_repo: {{ .Values.cli_image_repo }} mas_app_api_version: "{{ .Values.ibm_suite_app_optimizer_install.mas_app_api_version }}" mas_app_kind: "{{ .Values.ibm_suite_app_optimizer_install.mas_app_kind }}" mas_app_namespace: "{{ .Values.ibm_suite_app_optimizer_install.mas_app_namespace }}" @@ -67,6 +68,7 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} - name: ARGOCD_APP_NAME value: "optimizer-install" {{- if not (empty .Values.avp.secret) }} diff --git a/root-applications/ibm-mas-instance-root/templates/540-ibm-mas-masapp-predict-install.yaml b/root-applications/ibm-mas-instance-root/templates/540-ibm-mas-masapp-predict-install.yaml index 4b2ceffa3..73679e2c1 100644 --- a/root-applications/ibm-mas-instance-root/templates/540-ibm-mas-masapp-predict-install.yaml +++ b/root-applications/ibm-mas-instance-root/templates/540-ibm-mas-masapp-predict-install.yaml @@ -33,8 +33,9 @@ spec: name: {{ .Values.avp.name }} env: - name: {{ .Values.avp.values_varname }} - value: | + value: | instance_id: "{{ .Values.instance.id }}" + cli_image_repo: {{ .Values.cli_image_repo }} argo_namespace: "{{ .Values.argo.namespace }}" mas_app_api_version: "{{ .Values.ibm_suite_app_predict_install.mas_app_api_version }}" mas_app_kind: "{{ .Values.ibm_suite_app_predict_install.mas_app_kind }}" @@ -67,6 +68,7 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} - name: ARGOCD_APP_NAME value: "predict-install" {{- if not (empty .Values.avp.secret) }} diff --git a/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml b/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml index e674ec1a8..0ebe136be 100644 --- a/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml +++ b/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml @@ -60,6 +60,7 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} - name: ARGOCD_APP_NAME value: addons-{{ .Values.cluster.id }}-{{ .Values.instance.id }} diff --git a/root-applications/ibm-mas-instance-root/templates/600-ibm-post-sync-jobs.yaml b/root-applications/ibm-mas-instance-root/templates/600-ibm-post-sync-jobs.yaml index 8eb11f9d3..e61ec77ca 100644 --- a/root-applications/ibm-mas-instance-root/templates/600-ibm-post-sync-jobs.yaml +++ b/root-applications/ibm-mas-instance-root/templates/600-ibm-post-sync-jobs.yaml @@ -48,6 +48,7 @@ spec: region_id: "{{ .Values.region.id }}" cluster_id: "{{ .Values.cluster.id }}" instance_id: "{{ .Values.instance.id }}" + cli_image_repo: {{ .Values.cli_image_repo }} sm_aws_access_key_id: "{{ .Values.sm.aws_access_key_id }}" sm_aws_secret_access_key: "{{ .Values.sm.aws_secret_access_key }}" @@ -71,6 +72,7 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} - name: ARGOCD_APP_NAME diff --git a/root-applications/ibm-mas-sls-root/templates/100-ibm-sls-app.yaml b/root-applications/ibm-mas-sls-root/templates/100-ibm-sls-app.yaml index a155ebe30..39e36fef7 100644 --- a/root-applications/ibm-mas-sls-root/templates/100-ibm-sls-app.yaml +++ b/root-applications/ibm-mas-sls-root/templates/100-ibm-sls-app.yaml @@ -66,6 +66,9 @@ spec: devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" devops_build_number: "{{ .Values.devops.build_number }}" gitops_version: "{{ .Values.source.revision }}" + {{- if .Values.ibm_sls_standalone.internal_certificate_authority }} + internal_certificate_authority: "{{ .Values.ibm_sls_standalone.internal_certificate_authority }}" + {{- end }} - name: ARGOCD_APP_NAME value: slsapp {{- if not (empty .Values.avp.secret) }} diff --git a/sls-applications/100-ibm-sls/templates/06-ibm-sls_LicenseService.yaml b/sls-applications/100-ibm-sls/templates/06-ibm-sls_LicenseService.yaml index 062565e98..2e039cc85 100644 --- a/sls-applications/100-ibm-sls/templates/06-ibm-sls_LicenseService.yaml +++ b/sls-applications/100-ibm-sls/templates/06-ibm-sls_LicenseService.yaml @@ -25,3 +25,6 @@ spec: {{- if .Values.icr_cp_open }} registry: "{{ .Values.icr_cp_open }}" {{ end }} +{{- if .Values.internal_certificate_authority }} + internalCertificateAuthority: "{{ .Values.internal_certificate_authority }}" +{{- end }} diff --git a/sub-charts/junitreporter/templates/00-presync-report-starter.yaml b/sub-charts/junitreporter/templates/00-presync-report-starter.yaml index 9cca4e689..841ee4292 100644 --- a/sub-charts/junitreporter/templates/00-presync-report-starter.yaml +++ b/sub-charts/junitreporter/templates/00-presync-report-starter.yaml @@ -127,7 +127,7 @@ spec: spec: containers: - name: run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: diff --git a/sub-charts/junitreporter/templates/10-postsync-report-starter.yaml b/sub-charts/junitreporter/templates/10-postsync-report-starter.yaml index 09535495d..7b07d259b 100644 --- a/sub-charts/junitreporter/templates/10-postsync-report-starter.yaml +++ b/sub-charts/junitreporter/templates/10-postsync-report-starter.yaml @@ -127,7 +127,7 @@ spec: spec: containers: - name: run - image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent resources: limits: