From 62fb3370feeee5acc4ac7bd7434c3b03f12357c2 Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Tue, 12 Sep 2023 12:18:06 +0200 Subject: [PATCH 1/6] Introduce a validate-cluster target in the install target The validate-cluster target will be in charge of doing some sanity check on the cluster. Initially we just check the connection to the cluster and that at least one storageclass is available to the cluster. Tested as follows: 1) Cluster with a storageclass (LVM in my case) $ make validate-cluster Checking cluster: cluster-info: OK storageclass: OK 2) Cluster without a storageclass: $ make validate-cluster Checking cluster: cluster-info: OK storageclass: None Found make: *** [Makefile:99: validate-cluster] Error 1 --- Makefile | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 2b3400fd3..6fc5fbe6a 100644 --- a/Makefile +++ b/Makefile @@ -45,7 +45,7 @@ show: ## show the starting template without installing it helm template common/operator-install/ --name-template $(NAME) $(HELM_OPTS) .PHONY: operator-deploy -operator-deploy operator-upgrade: validate-prereq validate-origin ## runs helm install +operator-deploy operator-upgrade: validate-prereq validate-origin validate-cluster ## runs helm install @set -e -o pipefail # Retry five times because the CRD might not be fully installed yet for i in {1..5}; do \ @@ -90,6 +90,19 @@ validate-origin: ## verify the git origin is available echo "Running inside a container: Skipping git ssh checks";\ fi +.PHONY: validate-cluster +validate-cluster: ## Do some cluster validations before installing + @echo "Checking cluster:" + @echo -n " cluster-info: " + @oc cluster-info >/dev/null && echo "OK" || (echo "Error"; exit 1) + @echo -n " storageclass: " + @if [ `oc get storageclass -o go-template='{{printf "%d\n" (len .items)}}'` -eq 0 ]; then\ + echo "None Found"; exit 1;\ + else\ + echo "OK";\ + fi + + .PHONY: validate-schema validate-schema: ## validates values files against schema in common/clustergroup $(eval VAL_PARAMS := $(shell for i in ./values-*.yaml; do echo -n "$${i} "; done)) From 01718b090634a8b67457db36e8fd5d8321c434cd Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Tue, 19 Sep 2023 10:34:48 +0200 Subject: [PATCH 2/6] Increase the wait for the internal registry --- ansible/roles/iib_ci/tasks/setup-internal-registry.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/iib_ci/tasks/setup-internal-registry.yml b/ansible/roles/iib_ci/tasks/setup-internal-registry.yml index 4e31928fb..e45def74a 100644 --- a/ansible/roles/iib_ci/tasks/setup-internal-registry.yml +++ b/ansible/roles/iib_ci/tasks/setup-internal-registry.yml @@ -34,7 +34,7 @@ oc registry info --public=true register: registry_route_raw retries: 20 - delay: 10 + delay: 20 until: - registry_route_raw is not failed - registry_route_raw.stdout | length > 0 From a7873c660592b6aca52e23c6630841564cd08529 Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Tue, 19 Sep 2023 10:35:00 +0200 Subject: [PATCH 3/6] Add a note about SNOs and internal registries --- ansible/roles/iib_ci/README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ansible/roles/iib_ci/README.md b/ansible/roles/iib_ci/README.md index 1d8b447ef..9f421e8f9 100644 --- a/ansible/roles/iib_ci/README.md +++ b/ansible/roles/iib_ci/README.md @@ -26,6 +26,13 @@ make load-iib # This will install the pattern using the gitops operator from the IIB ``` +***NOTE:*** When using an SNO without shared storage in a non-production environment, the enablement of the internal registry will fail. You need to run the following to enable it: + +```sh +oc patch configs.imageregistry.operator.openshift.io cluster --type merge --patch '{"spec":{"managementState":"Managed"}}' +oc patch configs.imageregistry.operator.openshift.io cluster --type merge --patch '{"spec":{"storage":{"emptyDir":{}}}}' +``` + Then in case of the `openshift-gitops-operator` we would install with: ```sh From 5bdd554e7be4759f7e8afa4281c327168d41c599 Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Tue, 19 Sep 2023 11:46:25 +0200 Subject: [PATCH 4/6] Move from resourceCustomization to resourceHealthcheck Our resourceCustomization is currently giving the following warning: Warning DeprecationNotice 27m ResourceCustomizations is deprecated, please use the new formats `ResourceHealthChecks`, `ResourceIgnoreDifferences`, and `Resource Actions` instead. This actually becomes a problem with gitops-1.10 because it dropped support for v1alpha versions of argoCD (it upgrades them automatically to v1beta). So the cluster-wide argo app which is in charge of creating the namespaced argoCD instance will always be OutOfSync as it will never be able to set the `resourceCustomization` field. Move to resourceHealthcheck which is the new supported way. This is also backwards compatible with gitops-1.8. Tested as follows: 1. Deployed 4.13 with gitops-1.10 and observed the multicloud-gitops-hub being OutOfSync 2. Applied this patch and observed it going to green and sync correctly 3. Tested this on gitops-1.8.5 on 4.13 and deployed MCG correctly with all apps becoming green everywhere. Fixes: https://github.com/validatedpatterns/common/issues/367 --- clustergroup/templates/plumbing/argocd.yaml | 37 +++++++++++---------- 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/clustergroup/templates/plumbing/argocd.yaml b/clustergroup/templates/plumbing/argocd.yaml index 846436449..de83b53c4 100644 --- a/clustergroup/templates/plumbing/argocd.yaml +++ b/clustergroup/templates/plumbing/argocd.yaml @@ -14,26 +14,27 @@ metadata: spec: # Adding health checks to argocd to prevent pvc resources # that aren't bound state from blocking deployments - resourceCustomizations: | - PersistentVolumeClaim: - health.lua: | - hs = {} - if obj.status ~= nil then - if obj.status.phase ~= nil then - if obj.status.phase == "Pending" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - elseif obj.status.phase == "Bound" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - end + resourceHealthChecks: + - kind: PersistentVolumeClaim + check: | + hs = {} + if obj.status ~= nil then + if obj.status.phase ~= nil then + if obj.status.phase == "Pending" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs + elseif obj.status.phase == "Bound" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs end end - hs.status = "Progressing" - hs.message = "Waiting for PVC" - return hs + end + hs.status = "Progressing" + hs.message = "Waiting for PVC" + return hs + applicationInstanceLabelKey: argocd.argoproj.io/instance # Not the greatest way to pass git/quay info to sub-applications, but it will do until # we can support helmChart with kustomize From fe84601ebb358a8bb0b5ff59574121eea58eb28e Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Tue, 19 Sep 2023 13:28:39 +0200 Subject: [PATCH 5/6] Fix up common/ tests --- ...roup-industrial-edge-factory.expected.yaml | 37 ++++++++++--------- ...tergroup-industrial-edge-hub.expected.yaml | 37 ++++++++++--------- ...rgroup-medical-diagnosis-hub.expected.yaml | 37 ++++++++++--------- tests/clustergroup-naked.expected.yaml | 37 ++++++++++--------- tests/clustergroup-normal.expected.yaml | 37 ++++++++++--------- 5 files changed, 95 insertions(+), 90 deletions(-) diff --git a/tests/clustergroup-industrial-edge-factory.expected.yaml b/tests/clustergroup-industrial-edge-factory.expected.yaml index 4986e2b53..6ff3a8481 100644 --- a/tests/clustergroup-industrial-edge-factory.expected.yaml +++ b/tests/clustergroup-industrial-edge-factory.expected.yaml @@ -452,26 +452,27 @@ metadata: spec: # Adding health checks to argocd to prevent pvc resources # that aren't bound state from blocking deployments - resourceCustomizations: | - PersistentVolumeClaim: - health.lua: | - hs = {} - if obj.status ~= nil then - if obj.status.phase ~= nil then - if obj.status.phase == "Pending" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - elseif obj.status.phase == "Bound" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - end + resourceHealthChecks: + - kind: PersistentVolumeClaim + check: | + hs = {} + if obj.status ~= nil then + if obj.status.phase ~= nil then + if obj.status.phase == "Pending" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs + elseif obj.status.phase == "Bound" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs end end - hs.status = "Progressing" - hs.message = "Waiting for PVC" - return hs + end + hs.status = "Progressing" + hs.message = "Waiting for PVC" + return hs + applicationInstanceLabelKey: argocd.argoproj.io/instance # Not the greatest way to pass git/quay info to sub-applications, but it will do until # we can support helmChart with kustomize diff --git a/tests/clustergroup-industrial-edge-hub.expected.yaml b/tests/clustergroup-industrial-edge-hub.expected.yaml index e48f2ed80..3f5207ab6 100644 --- a/tests/clustergroup-industrial-edge-hub.expected.yaml +++ b/tests/clustergroup-industrial-edge-hub.expected.yaml @@ -1097,26 +1097,27 @@ metadata: spec: # Adding health checks to argocd to prevent pvc resources # that aren't bound state from blocking deployments - resourceCustomizations: | - PersistentVolumeClaim: - health.lua: | - hs = {} - if obj.status ~= nil then - if obj.status.phase ~= nil then - if obj.status.phase == "Pending" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - elseif obj.status.phase == "Bound" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - end + resourceHealthChecks: + - kind: PersistentVolumeClaim + check: | + hs = {} + if obj.status ~= nil then + if obj.status.phase ~= nil then + if obj.status.phase == "Pending" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs + elseif obj.status.phase == "Bound" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs end end - hs.status = "Progressing" - hs.message = "Waiting for PVC" - return hs + end + hs.status = "Progressing" + hs.message = "Waiting for PVC" + return hs + applicationInstanceLabelKey: argocd.argoproj.io/instance # Not the greatest way to pass git/quay info to sub-applications, but it will do until # we can support helmChart with kustomize diff --git a/tests/clustergroup-medical-diagnosis-hub.expected.yaml b/tests/clustergroup-medical-diagnosis-hub.expected.yaml index 0ff5754f3..4ffbd77da 100644 --- a/tests/clustergroup-medical-diagnosis-hub.expected.yaml +++ b/tests/clustergroup-medical-diagnosis-hub.expected.yaml @@ -1282,26 +1282,27 @@ metadata: spec: # Adding health checks to argocd to prevent pvc resources # that aren't bound state from blocking deployments - resourceCustomizations: | - PersistentVolumeClaim: - health.lua: | - hs = {} - if obj.status ~= nil then - if obj.status.phase ~= nil then - if obj.status.phase == "Pending" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - elseif obj.status.phase == "Bound" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - end + resourceHealthChecks: + - kind: PersistentVolumeClaim + check: | + hs = {} + if obj.status ~= nil then + if obj.status.phase ~= nil then + if obj.status.phase == "Pending" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs + elseif obj.status.phase == "Bound" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs end end - hs.status = "Progressing" - hs.message = "Waiting for PVC" - return hs + end + hs.status = "Progressing" + hs.message = "Waiting for PVC" + return hs + applicationInstanceLabelKey: argocd.argoproj.io/instance # Not the greatest way to pass git/quay info to sub-applications, but it will do until # we can support helmChart with kustomize diff --git a/tests/clustergroup-naked.expected.yaml b/tests/clustergroup-naked.expected.yaml index 9499eb5d1..7f167c748 100644 --- a/tests/clustergroup-naked.expected.yaml +++ b/tests/clustergroup-naked.expected.yaml @@ -270,26 +270,27 @@ metadata: spec: # Adding health checks to argocd to prevent pvc resources # that aren't bound state from blocking deployments - resourceCustomizations: | - PersistentVolumeClaim: - health.lua: | - hs = {} - if obj.status ~= nil then - if obj.status.phase ~= nil then - if obj.status.phase == "Pending" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - elseif obj.status.phase == "Bound" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - end + resourceHealthChecks: + - kind: PersistentVolumeClaim + check: | + hs = {} + if obj.status ~= nil then + if obj.status.phase ~= nil then + if obj.status.phase == "Pending" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs + elseif obj.status.phase == "Bound" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs end end - hs.status = "Progressing" - hs.message = "Waiting for PVC" - return hs + end + hs.status = "Progressing" + hs.message = "Waiting for PVC" + return hs + applicationInstanceLabelKey: argocd.argoproj.io/instance # Not the greatest way to pass git/quay info to sub-applications, but it will do until # we can support helmChart with kustomize diff --git a/tests/clustergroup-normal.expected.yaml b/tests/clustergroup-normal.expected.yaml index 8c12d1b30..4767db6c7 100644 --- a/tests/clustergroup-normal.expected.yaml +++ b/tests/clustergroup-normal.expected.yaml @@ -877,26 +877,27 @@ metadata: spec: # Adding health checks to argocd to prevent pvc resources # that aren't bound state from blocking deployments - resourceCustomizations: | - PersistentVolumeClaim: - health.lua: | - hs = {} - if obj.status ~= nil then - if obj.status.phase ~= nil then - if obj.status.phase == "Pending" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - elseif obj.status.phase == "Bound" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - end + resourceHealthChecks: + - kind: PersistentVolumeClaim + check: | + hs = {} + if obj.status ~= nil then + if obj.status.phase ~= nil then + if obj.status.phase == "Pending" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs + elseif obj.status.phase == "Bound" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs end end - hs.status = "Progressing" - hs.message = "Waiting for PVC" - return hs + end + hs.status = "Progressing" + hs.message = "Waiting for PVC" + return hs + applicationInstanceLabelKey: argocd.argoproj.io/instance # Not the greatest way to pass git/quay info to sub-applications, but it will do until # we can support helmChart with kustomize From ac3bde6aa3435dbbdffa0086e1916c797465b53a Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Tue, 19 Sep 2023 14:34:27 +0200 Subject: [PATCH 6/6] Update tests in common/ after rebase --- ...roup-industrial-edge-factory.expected.yaml | 37 ++++++++++--------- ...tergroup-industrial-edge-hub.expected.yaml | 37 ++++++++++--------- ...rgroup-medical-diagnosis-hub.expected.yaml | 37 ++++++++++--------- tests/common-clustergroup-naked.expected.yaml | 37 ++++++++++--------- .../common-clustergroup-normal.expected.yaml | 37 ++++++++++--------- 5 files changed, 95 insertions(+), 90 deletions(-) diff --git a/tests/common-clustergroup-industrial-edge-factory.expected.yaml b/tests/common-clustergroup-industrial-edge-factory.expected.yaml index a3bccdff8..3cc9378d4 100644 --- a/tests/common-clustergroup-industrial-edge-factory.expected.yaml +++ b/tests/common-clustergroup-industrial-edge-factory.expected.yaml @@ -447,26 +447,27 @@ metadata: spec: # Adding health checks to argocd to prevent pvc resources # that aren't bound state from blocking deployments - resourceCustomizations: | - PersistentVolumeClaim: - health.lua: | - hs = {} - if obj.status ~= nil then - if obj.status.phase ~= nil then - if obj.status.phase == "Pending" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - elseif obj.status.phase == "Bound" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - end + resourceHealthChecks: + - kind: PersistentVolumeClaim + check: | + hs = {} + if obj.status ~= nil then + if obj.status.phase ~= nil then + if obj.status.phase == "Pending" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs + elseif obj.status.phase == "Bound" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs end end - hs.status = "Progressing" - hs.message = "Waiting for PVC" - return hs + end + hs.status = "Progressing" + hs.message = "Waiting for PVC" + return hs + applicationInstanceLabelKey: argocd.argoproj.io/instance # Not the greatest way to pass git/quay info to sub-applications, but it will do until # we can support helmChart with kustomize diff --git a/tests/common-clustergroup-industrial-edge-hub.expected.yaml b/tests/common-clustergroup-industrial-edge-hub.expected.yaml index f63cee199..88b060890 100644 --- a/tests/common-clustergroup-industrial-edge-hub.expected.yaml +++ b/tests/common-clustergroup-industrial-edge-hub.expected.yaml @@ -1092,26 +1092,27 @@ metadata: spec: # Adding health checks to argocd to prevent pvc resources # that aren't bound state from blocking deployments - resourceCustomizations: | - PersistentVolumeClaim: - health.lua: | - hs = {} - if obj.status ~= nil then - if obj.status.phase ~= nil then - if obj.status.phase == "Pending" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - elseif obj.status.phase == "Bound" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - end + resourceHealthChecks: + - kind: PersistentVolumeClaim + check: | + hs = {} + if obj.status ~= nil then + if obj.status.phase ~= nil then + if obj.status.phase == "Pending" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs + elseif obj.status.phase == "Bound" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs end end - hs.status = "Progressing" - hs.message = "Waiting for PVC" - return hs + end + hs.status = "Progressing" + hs.message = "Waiting for PVC" + return hs + applicationInstanceLabelKey: argocd.argoproj.io/instance # Not the greatest way to pass git/quay info to sub-applications, but it will do until # we can support helmChart with kustomize diff --git a/tests/common-clustergroup-medical-diagnosis-hub.expected.yaml b/tests/common-clustergroup-medical-diagnosis-hub.expected.yaml index cda05c881..afb9615fc 100644 --- a/tests/common-clustergroup-medical-diagnosis-hub.expected.yaml +++ b/tests/common-clustergroup-medical-diagnosis-hub.expected.yaml @@ -1277,26 +1277,27 @@ metadata: spec: # Adding health checks to argocd to prevent pvc resources # that aren't bound state from blocking deployments - resourceCustomizations: | - PersistentVolumeClaim: - health.lua: | - hs = {} - if obj.status ~= nil then - if obj.status.phase ~= nil then - if obj.status.phase == "Pending" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - elseif obj.status.phase == "Bound" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - end + resourceHealthChecks: + - kind: PersistentVolumeClaim + check: | + hs = {} + if obj.status ~= nil then + if obj.status.phase ~= nil then + if obj.status.phase == "Pending" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs + elseif obj.status.phase == "Bound" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs end end - hs.status = "Progressing" - hs.message = "Waiting for PVC" - return hs + end + hs.status = "Progressing" + hs.message = "Waiting for PVC" + return hs + applicationInstanceLabelKey: argocd.argoproj.io/instance # Not the greatest way to pass git/quay info to sub-applications, but it will do until # we can support helmChart with kustomize diff --git a/tests/common-clustergroup-naked.expected.yaml b/tests/common-clustergroup-naked.expected.yaml index 9499eb5d1..7f167c748 100644 --- a/tests/common-clustergroup-naked.expected.yaml +++ b/tests/common-clustergroup-naked.expected.yaml @@ -270,26 +270,27 @@ metadata: spec: # Adding health checks to argocd to prevent pvc resources # that aren't bound state from blocking deployments - resourceCustomizations: | - PersistentVolumeClaim: - health.lua: | - hs = {} - if obj.status ~= nil then - if obj.status.phase ~= nil then - if obj.status.phase == "Pending" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - elseif obj.status.phase == "Bound" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - end + resourceHealthChecks: + - kind: PersistentVolumeClaim + check: | + hs = {} + if obj.status ~= nil then + if obj.status.phase ~= nil then + if obj.status.phase == "Pending" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs + elseif obj.status.phase == "Bound" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs end end - hs.status = "Progressing" - hs.message = "Waiting for PVC" - return hs + end + hs.status = "Progressing" + hs.message = "Waiting for PVC" + return hs + applicationInstanceLabelKey: argocd.argoproj.io/instance # Not the greatest way to pass git/quay info to sub-applications, but it will do until # we can support helmChart with kustomize diff --git a/tests/common-clustergroup-normal.expected.yaml b/tests/common-clustergroup-normal.expected.yaml index 9e50f3291..c1e0d8762 100644 --- a/tests/common-clustergroup-normal.expected.yaml +++ b/tests/common-clustergroup-normal.expected.yaml @@ -872,26 +872,27 @@ metadata: spec: # Adding health checks to argocd to prevent pvc resources # that aren't bound state from blocking deployments - resourceCustomizations: | - PersistentVolumeClaim: - health.lua: | - hs = {} - if obj.status ~= nil then - if obj.status.phase ~= nil then - if obj.status.phase == "Pending" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - elseif obj.status.phase == "Bound" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - end + resourceHealthChecks: + - kind: PersistentVolumeClaim + check: | + hs = {} + if obj.status ~= nil then + if obj.status.phase ~= nil then + if obj.status.phase == "Pending" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs + elseif obj.status.phase == "Bound" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs end end - hs.status = "Progressing" - hs.message = "Waiting for PVC" - return hs + end + hs.status = "Progressing" + hs.message = "Waiting for PVC" + return hs + applicationInstanceLabelKey: argocd.argoproj.io/instance # Not the greatest way to pass git/quay info to sub-applications, but it will do until # we can support helmChart with kustomize