Skip to content

Common #100

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
day0hero merged 16 commits into from
Jul 31, 2023
Merged

Common #100

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
4c05974
Add some comments to make if/else and loops clearer
mbaldessari Jul 24, 2023
36d679a
Merge pull request #332 from mbaldessari/comments
mbaldessari Jul 24, 2023
dd3cdcb
Add some more comments in applications.yaml
mbaldessari Jul 27, 2023
5f33f33
Add a default for options applicationRetryLimit
mbaldessari Jul 27, 2023
91f3ef0
Split out values files to a helper for the acm chart
mbaldessari Jul 27, 2023
17697e5
Fix up tests
mbaldessari Jul 27, 2023
3bd8487
Merge pull request #333 from mbaldessari/cleanup
mbaldessari Jul 27, 2023
669ff92
Fix sa/namespace mixup in vault_spokes_init
stocky37 Jul 28, 2023
d7994cb
Merge pull request #334 from stocky37/fix-vault-unseal-ansible
mbaldessari Jul 30, 2023
5cb41a3
Update local patch
mbaldessari Jul 31, 2023
9d2df97
Update ESO to 0.8.5
mbaldessari Jul 31, 2023
e720991
Tweak ESO UBI images
mbaldessari Jul 31, 2023
15363f6
Merge pull request #335 from mbaldessari/fix-eso
mbaldessari Jul 31, 2023
226dd33
Removed previous version of common to convert to subtree from https:/…
day0hero Jul 31, 2023
8e1080c
Add 'common/' from commit '15363f63ee72034ce5165401386ab1572b08aff0'
day0hero Jul 31, 2023
4855341
make test
day0hero Jul 31, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions common/acm/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
{{/*
Default always defined valueFiles to be included when pushing the cluster wide argo application via acm
*/}}
{{- define "acm.app.policies.valuefiles" -}}
- "/values-global.yaml"
- "/values-{{ .name }}.yaml"
- '/values-{{ `{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}` }}.yaml'
- '/values-{{ `{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}` }}-{{ `{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}` }}.yaml'
- '/values-{{ `{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}` }}-{{ .name }}.yaml'
# We cannot use $.Values.global.clusterVersion because that gets resolved to the
# hub's cluster version, whereas we want to include the spoke cluster version
- '/values-{{ `{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}` }}-{{ .name }}.yaml'
{{- end }} {{- /*acm.app.policies.valuefiles */}}
9 changes: 1 addition & 8 deletions common/acm/templates/policies/application-policies.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,14 +43,7 @@ spec:
helm:
ignoreMissingValueFiles: true
valueFiles:
- "/values-global.yaml"
- "/values-{{ .name }}.yaml"
- '/values-{{ `{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}` }}.yaml'
- '/values-{{ `{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}` }}-{{ `{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}` }}.yaml'
- '/values-{{ `{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}` }}-{{ .name }}.yaml'
# We cannot use $.Values.global.clusterVersion because that gets resolved to the
# hub's cluster version, whereas we want to include the spoke cluster version
- '/values-{{ `{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}` }}-{{ .name }}.yaml'
{{- include "acm.app.policies.valuefiles" . | nindent 24 }}
{{- range $valueFile := .extraValueFiles }}
- {{ $valueFile | quote }}
{{- end }}
Expand Down
3 changes: 2 additions & 1 deletion common/acm/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@ global:
pattern: none
repoURL: none
targetRevision: main

options:
applicationRetryLimit: 20

clusterGroup:
subscriptions:
Expand Down
4 changes: 2 additions & 2 deletions common/ansible/roles/vault_utils/tasks/vault_spokes_init.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -182,8 +182,8 @@
pod: "{{ vault_pod }}"
command: >
vault write auth/"{{ item.value['vault_path'] }}"/role/"{{ item.value['vault_path'] }}"-role
bound_service_account_names="{{ external_secrets_ns }}"
bound_service_account_namespaces="{{ external_secrets_sa }}"
bound_service_account_names="{{ external_secrets_sa }}"
bound_service_account_namespaces="{{ external_secrets_ns }}"
policies="default,{{ vault_global_policy }}-secret,{{ item.value['vault_path'] }}-secret" ttl="{{ vault_spoke_ttl }}"
loop: "{{ clusters_info | dict2items }}"
when:
Expand Down
22 changes: 11 additions & 11 deletions common/clustergroup/templates/plumbing/applications.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -134,7 +134,7 @@ spec:
chart: {{ .chart }}
{{- else }}
path: {{ .path }}
{{- end }}
{{- end }}{{- /* if .chart */}}
{{- if .plugin }}
plugin: {{ .plugin | toPrettyJson }}
{{- else if not .kustomize }}
Expand Down Expand Up @@ -178,18 +178,18 @@ spec:
{{- range .overrides }}
- name: {{ .name }}
value: {{ .value | quote }}
{{- if .forceString }}
{{- if .forceString }}
forceString: true
{{- end }}
{{- end }}
{{- end }}
{{- end }}{{- /* range .overrides */}}
{{- if .fileParameters }}
fileParameters:
{{- range .fileParameters }}
- name: {{ .name }}
path: {{ .path }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}{{- /* range .fileParameters */}}
{{- end }}{{- /* if .fileParameters */}}
{{- end }}{{- /* if .plugin */}}
{{- if .ignoreDifferences }}
ignoreDifferences: {{ .ignoreDifferences | toPrettyJson }}
{{- end }}
Expand All @@ -200,8 +200,8 @@ spec:
automated: {}
retry:
limit: {{ default 20 $.Values.global.applicationRetryLimit }}
{{- end }}
{{- end }}{{- /* .syncPolicy */}}
---
{{- end }}
{{- end }}
{{- end }}
{{- end }}{{- /* if or (.generators) (.generatorFile) (.useGeneratorValues) (.destinationServer) (.destinationNamespace) */}}
{{- end }}{{- /* range .Values.clusterGroup.applications */}}
{{- end }}{{- /* if not (eq .Values.enabled "core") */}}
2 changes: 1 addition & 1 deletion common/golang-external-secrets/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,6 @@ name: golang-external-secrets
version: 0.0.1
dependencies:
- name: external-secrets
version: "0.8.3"
version: "0.8.5"
repository: "https://charts.external-secrets.io"
#"https://external-secrets.github.io/kubernetes-external-secrets"
Binary file removed common/golang-external-secrets/charts/external-secrets-0.8.3.tgz
View file
Open in desktop
Binary file not shown.
Binary file added common/golang-external-secrets/charts/external-secrets-0.8.5.tgz
View file
Open in desktop
Binary file not shown.
42 changes: 30 additions & 12 deletions common/golang-external-secrets/local-patches/0001-runasuser-comment-out.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,30 +1,48 @@
diff --color -urN external-secrets.orig/values.yaml external-secrets/values.yaml
--- external-secrets.orig/values.yaml 2023-05-22 12:42:54.000000000 +0200
+++ external-secrets/values.yaml 2023-05-22 16:20:02.748621794 +0200
@@ -117,7 +117,7 @@
diff -up external-secrets/values.yaml.orig external-secrets/values.yaml
--- external-secrets/values.yaml.orig 2023-07-31 15:12:18.815909938 +0200
+++ external-secrets/values.yaml 2023-07-31 15:32:59.905360226 +0200
@@ -117,9 +117,11 @@ securityContext:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
- runAsUser: 1000
- seccompProfile:
- type: RuntimeDefault
+ # runAsUser: 1000
seccompProfile:
type: RuntimeDefault
+ # Uncomment this once 4.10 is out of scope
+ # seccompProfile:
+ # type: RuntimeDefault
+ seccompProfile: null

@@ -331,7 +331,7 @@
resources: {}
# requests:
@@ -331,9 +333,11 @@ webhook:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
- runAsUser: 1000
- seccompProfile:
- type: RuntimeDefault
+ # runAsUser: 1000
seccompProfile:
type: RuntimeDefault
+ seccompProfile: null
+ # Uncomment this once 4.10 is out of scope
+ # seccompProfile:
+ # type: RuntimeDefault

@@ -453,7 +453,7 @@
resources: {}
# requests:
@@ -453,9 +457,11 @@ certController:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
- runAsUser: 1000
- seccompProfile:
- type: RuntimeDefault
+ # runAsUser: 1000
seccompProfile:
type: RuntimeDefault
+ seccompProfile: null
+ # Uncomment this once 4.10 is out of scope
+ # seccompProfile:
+ # type: RuntimeDefault

resources: {}
# requests:
6 changes: 3 additions & 3 deletions common/golang-external-secrets/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,10 @@ clusterGroup:

external-secrets:
image:
tag: v0.8.3-ubi
tag: v0.8.5-ubi
webhook:
image:
tag: v0.8.3-ubi
tag: v0.8.5-ubi
certController:
image:
tag: v0.8.3-ubi
tag: v0.8.5-ubi
16 changes: 8 additions & 8 deletions common/tests/acm-industrial-edge-hub.expected.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -206,14 +206,14 @@ spec:
helm:
ignoreMissingValueFiles: true
valueFiles:
- "/values-global.yaml"
- "/values-factory.yaml"
- '/values-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}.yaml'
- '/values-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}-{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}.yaml'
- '/values-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}-factory.yaml'
# We cannot use $.Values.global.clusterVersion because that gets resolved to the
# hub's cluster version, whereas we want to include the spoke cluster version
- '/values-{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}-factory.yaml'
- "/values-global.yaml"
- "/values-factory.yaml"
- '/values-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}.yaml'
- '/values-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}-{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}.yaml'
- '/values-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}-factory.yaml'
# We cannot use $.Values.global.clusterVersion because that gets resolved to the
# hub's cluster version, whereas we want to include the spoke cluster version
- '/values-{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}-factory.yaml'
parameters:
- name: global.repoURL
value: $ARGOCD_APP_SOURCE_REPO_URL
Expand Down
16 changes: 8 additions & 8 deletions common/tests/acm-medical-diagnosis-hub.expected.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -197,14 +197,14 @@ spec:
helm:
ignoreMissingValueFiles: true
valueFiles:
- "/values-global.yaml"
- "/values-region-one.yaml"
- '/values-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}.yaml'
- '/values-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}-{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}.yaml'
- '/values-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}-region-one.yaml'
# We cannot use $.Values.global.clusterVersion because that gets resolved to the
# hub's cluster version, whereas we want to include the spoke cluster version
- '/values-{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}-region-one.yaml'
- "/values-global.yaml"
- "/values-region-one.yaml"
- '/values-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}.yaml'
- '/values-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}-{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}.yaml'
- '/values-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}-region-one.yaml'
# We cannot use $.Values.global.clusterVersion because that gets resolved to the
# hub's cluster version, whereas we want to include the spoke cluster version
- '/values-{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}-region-one.yaml'
parameters:
- name: global.repoURL
value: $ARGOCD_APP_SOURCE_REPO_URL
Expand Down
32 changes: 16 additions & 16 deletions common/tests/acm-normal.expected.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -600,14 +600,14 @@ spec:
helm:
ignoreMissingValueFiles: true
valueFiles:
- "/values-global.yaml"
- "/values-acm-edge.yaml"
- '/values-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}.yaml'
- '/values-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}-{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}.yaml'
- '/values-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}-acm-edge.yaml'
# We cannot use $.Values.global.clusterVersion because that gets resolved to the
# hub's cluster version, whereas we want to include the spoke cluster version
- '/values-{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}-acm-edge.yaml'
- "/values-global.yaml"
- "/values-acm-edge.yaml"
- '/values-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}.yaml'
- '/values-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}-{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}.yaml'
- '/values-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}-acm-edge.yaml'
# We cannot use $.Values.global.clusterVersion because that gets resolved to the
# hub's cluster version, whereas we want to include the spoke cluster version
- '/values-{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}-acm-edge.yaml'
parameters:
- name: global.repoURL
value: $ARGOCD_APP_SOURCE_REPO_URL
Expand Down Expand Up @@ -694,14 +694,14 @@ spec:
helm:
ignoreMissingValueFiles: true
valueFiles:
- "/values-global.yaml"
- "/values-acm-provision-edge.yaml"
- '/values-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}.yaml'
- '/values-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}-{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}.yaml'
- '/values-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}-acm-provision-edge.yaml'
# We cannot use $.Values.global.clusterVersion because that gets resolved to the
# hub's cluster version, whereas we want to include the spoke cluster version
- '/values-{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}-acm-provision-edge.yaml'
- "/values-global.yaml"
- "/values-acm-provision-edge.yaml"
- '/values-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}.yaml'
- '/values-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}-{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}.yaml'
- '/values-{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}-acm-provision-edge.yaml'
# We cannot use $.Values.global.clusterVersion because that gets resolved to the
# hub's cluster version, whereas we want to include the spoke cluster version
- '/values-{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}-acm-provision-edge.yaml'
parameters:
- name: global.repoURL
value: $ARGOCD_APP_SOURCE_REPO_URL
Expand Down
Loading