From ec756f431e02677b7634b65c936d0b8f0e1ef6ab Mon Sep 17 00:00:00 2001 From: ipbabble Date: Fri, 8 Jul 2022 17:16:37 -0600 Subject: [PATCH] updated ocm so that it works --- .../hub/opp/templates/policy-ocm-observability.yaml | 12 +++++++----- charts/hub/opp/templates/policyset-managed.yaml | 3 ++- charts/hub/opp/values.yaml | 6 +++--- tests/hub-opp-naked.expected.yaml | 13 ++++++++----- tests/hub-opp-normal.expected.yaml | 13 ++++++++----- values-global.yaml | 2 +- values-secret.yaml.template | 5 +++++ 7 files changed, 34 insertions(+), 20 deletions(-) diff --git a/charts/hub/opp/templates/policy-ocm-observability.yaml b/charts/hub/opp/templates/policy-ocm-observability.yaml index b9a5624f..cfcd7154 100644 --- a/charts/hub/opp/templates/policy-ocm-observability.yaml +++ b/charts/hub/opp/templates/policy-ocm-observability.yaml @@ -19,6 +19,8 @@ spec: kind: ConfigurationPolicy metadata: name: policy-ocm-observability + annotations: + argocd.argoproj.io/compare-options: IgnoreExtraneous spec: object-templates: - complianceType: musthave @@ -32,12 +34,12 @@ spec: thanos.yaml: | type: s3 config: - bucket: {{ (lookup "objectbucket.io/v1alpha1" "ObjectBucket" "" "quay-registry-quay-datastore").BUCKET_NAME }} - endpoint: {{ (lookup "objectbucket.io/v1alpha1" "ObjectBucket" "" "quay-registry-quay-datastore").BUCKET_HOST }} + bucket: '{{ `{{ (lookup "objectbucket.io/v1alpha1" "ObjectBucket" "" "obc-quay-enterprise-quay-registry-quay-datastore").spec.endpoint.bucketName }}` }}' + endpoint: '{{ `{{ (lookup "objectbucket.io/v1alpha1" "ObjectBucket" "" "obc-quay-enterprise-quay-registry-quay-datastore").spec.endpoint.bucketHost }}` }}' insecure: true - access_key: {{ .Values.ocm.accessKey }} - secret_key: {{ .Values.ocm.secretKey }} - type: Opaque + access_key: '{{ `{{ (lookup "v1" "Secret" "openshift-storage" "noobaa-admin").data.AWS_ACCESS_KEY_ID }}` }}' + secret_key: '{{ `{{ (lookup "v1" "Secret" "openshift-storage" "noobaa-admin").data.AWS_SECRET_ACCESS_KEY }}` }}' + type: Opaque - complianceType: musthave objectDefinition: apiVersion: observability.open-cluster-management.io/v1beta2 diff --git a/charts/hub/opp/templates/policyset-managed.yaml b/charts/hub/opp/templates/policyset-managed.yaml index 2572e0d9..a10b43c5 100644 --- a/charts/hub/opp/templates/policyset-managed.yaml +++ b/charts/hub/opp/templates/policyset-managed.yaml @@ -11,4 +11,5 @@ spec: them to work well together. This policy set if focued on the components that install to every managed cluster. policies: - - policy-acs-secured-status \ No newline at end of file + - policy-acs-secured-status + - policy-ocm-observability \ No newline at end of file diff --git a/charts/hub/opp/values.yaml b/charts/hub/opp/values.yaml index f2789dd9..2a45c7a9 100644 --- a/charts/hub/opp/values.yaml +++ b/charts/hub/opp/values.yaml @@ -1,6 +1,6 @@ # No Values -ocm: - accessKey: '{{ `{{ fromSecret "openshift-storage" "noobaa-admin" "AWS_ACCESS_KEY_ID" }}` }}' - secretKey: '{{ `{{ fromSecret "openshift-storage" "noobaa-admin" "AWS_SECRET_ACCESS_KEY" }}` }}' +# Need to use fromSecret for these keys. problems ith json output. +## accessKey: '{{ `{{ fromSecret "openshift-storage" "noobaa-admin" "AWS_ACCESS_KEY_ID" }}` }}' +## secretKey: '{{ `{{ fromSecret "openshift-storage" "noobaa-admin" "AWS_SECRET_ACCESS_KEY" }}` }}' \ No newline at end of file diff --git a/tests/hub-opp-naked.expected.yaml b/tests/hub-opp-naked.expected.yaml index 2a392829..e56ef965 100644 --- a/tests/hub-opp-naked.expected.yaml +++ b/tests/hub-opp-naked.expected.yaml @@ -104,6 +104,8 @@ spec: kind: ConfigurationPolicy metadata: name: policy-ocm-observability + annotations: + argocd.argoproj.io/compare-options: IgnoreExtraneous spec: object-templates: - complianceType: musthave @@ -117,12 +119,12 @@ spec: thanos.yaml: | type: s3 config: - bucket: - endpoint: + bucket: '{{ (lookup "objectbucket.io/v1alpha1" "ObjectBucket" "" "obc-quay-enterprise-quay-registry-quay-datastore").spec.endpoint.bucketName }}' + endpoint: '{{ (lookup "objectbucket.io/v1alpha1" "ObjectBucket" "" "obc-quay-enterprise-quay-registry-quay-datastore").spec.endpoint.bucketHost }}' insecure: true - access_key: {{ `{{ fromSecret "openshift-storage" "noobaa-admin" "AWS_ACCESS_KEY_ID" }}` }} - secret_key: {{ `{{ fromSecret "openshift-storage" "noobaa-admin" "AWS_SECRET_ACCESS_KEY" }}` }} - type: Opaque + access_key: '{{ (lookup "v1" "Secret" "openshift-storage" "noobaa-admin").data.AWS_ACCESS_KEY_ID }}' + secret_key: '{{ (lookup "v1" "Secret" "openshift-storage" "noobaa-admin").data.AWS_SECRET_ACCESS_KEY }}' + type: Opaque - complianceType: musthave objectDefinition: apiVersion: observability.open-cluster-management.io/v1beta2 @@ -173,3 +175,4 @@ spec: to every managed cluster. policies: - policy-acs-secured-status + - policy-ocm-observability diff --git a/tests/hub-opp-normal.expected.yaml b/tests/hub-opp-normal.expected.yaml index 2a392829..e56ef965 100644 --- a/tests/hub-opp-normal.expected.yaml +++ b/tests/hub-opp-normal.expected.yaml @@ -104,6 +104,8 @@ spec: kind: ConfigurationPolicy metadata: name: policy-ocm-observability + annotations: + argocd.argoproj.io/compare-options: IgnoreExtraneous spec: object-templates: - complianceType: musthave @@ -117,12 +119,12 @@ spec: thanos.yaml: | type: s3 config: - bucket: - endpoint: + bucket: '{{ (lookup "objectbucket.io/v1alpha1" "ObjectBucket" "" "obc-quay-enterprise-quay-registry-quay-datastore").spec.endpoint.bucketName }}' + endpoint: '{{ (lookup "objectbucket.io/v1alpha1" "ObjectBucket" "" "obc-quay-enterprise-quay-registry-quay-datastore").spec.endpoint.bucketHost }}' insecure: true - access_key: {{ `{{ fromSecret "openshift-storage" "noobaa-admin" "AWS_ACCESS_KEY_ID" }}` }} - secret_key: {{ `{{ fromSecret "openshift-storage" "noobaa-admin" "AWS_SECRET_ACCESS_KEY" }}` }} - type: Opaque + access_key: '{{ (lookup "v1" "Secret" "openshift-storage" "noobaa-admin").data.AWS_ACCESS_KEY_ID }}' + secret_key: '{{ (lookup "v1" "Secret" "openshift-storage" "noobaa-admin").data.AWS_SECRET_ACCESS_KEY }}' + type: Opaque - complianceType: musthave objectDefinition: apiVersion: observability.open-cluster-management.io/v1beta2 @@ -173,3 +175,4 @@ spec: to every managed cluster. policies: - policy-acs-secured-status + - policy-ocm-observability diff --git a/values-global.yaml b/values-global.yaml index 96e19bf5..a78a3ad7 100644 --- a/values-global.yaml +++ b/values-global.yaml @@ -34,7 +34,7 @@ global: devel: appURL: https://github.com/ipbabble/chat-client.git image: quay.io/ipbabble/chat-client:latest - npmbase: quay.io/ipbabble/ubi-npm:latest + npmbase: quay.io/hybridcloudpatterns/ubi-npm:latest main: clusterGroupName: hub diff --git a/values-secret.yaml.template b/values-secret.yaml.template index 4c5236f5..8282edef 100644 --- a/values-secret.yaml.template +++ b/values-secret.yaml.template @@ -11,3 +11,8 @@ secrets: username: USERNAME password: 'encoded password in single quotes' +# This is NOT for Quay.io. This is for the installed Quay registry. + quay: + account: QUAYADMINNAME + password: QUAYPASSWORD + email: quayadmin@example.com