Skip to content

Commit

Permalink
feat: Add acm back into deployment
Browse files Browse the repository at this point in the history 
Signed-off-by: Chris Butler <[email protected]>
  • Loading branch information
@butler54
butler54 committed May 17, 2024
1 parent 38d01a6 commit 5c90f56
Show file tree
Hide file tree
Showing 12 changed files with 218 additions and 25 deletions.
2 changes: 1 addition & 1 deletion common/acm/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,4 +10,4 @@ Default always defined valueFiles to be included when pushing the cluster wide a
# We cannot use $.Values.global.clusterVersion because that gets resolved to the
# hub's cluster version, whereas we want to include the spoke cluster version
- '/values-{{ `{{ printf "%d.%d" ((semver (index (lookup "config.openshift.io/v1" "ClusterVersion" "" "version").status.history 0).version).Major) ((semver (index (lookup "config.openshift.io/v1" "ClusterVersion" "" "version").status.history 0).version).Minor) }}` }}.yaml'
{{- end }} {{- /*acm.app.policies.valuefiles */}}
{{- end }} {{- /*acm.app.policies.valuefiles */}}
10 changes: 6 additions & 4 deletions common/acm/templates/multiclusterhub.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,13 @@
{{- $channel := "" }}
{{- if .Values.acm.mce_operator.channel }}
{{- $channel = printf ",\"channel\": \"%s\"" .Values.acm.mce_operator.channel }}
{{- end }}
apiVersion: operator.open-cluster-management.io/v1
kind: MultiClusterHub
metadata:
name: multiclusterhub
namespace: open-cluster-management
annotations:
argocd.argoproj.io/sync-wave: "-1"
{{- if kindIs "map" .Values.clusterGroup.subscriptions }}
installer.open-cluster-management.io/mce-subscription-spec: '{"source": "{{ default "redhat-operators" .Values.clusterGroup.subscriptions.acm.source }}" }'
{{- end }}
spec: {}
installer.open-cluster-management.io/mce-subscription-spec: '{"source": "{{ default "redhat-operators" .Values.acm.mce_operator.source }}" {{- $channel }} }'
spec: {}
3 changes: 1 addition & 2 deletions common/acm/templates/policies/acm-hub-ca-policy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,5 +67,4 @@ spec:
operator: NotIn
values:
- 'true'
{{ end }}

{{ end }}
16 changes: 7 additions & 9 deletions common/acm/templates/policies/application-policies.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
# TODO: Also create a GitOpsCluster.apps.open-cluster-management.io
{{- $hasInitContainerCapability := and (.Values.global.experimentalCapabilities) (has "initcontainers" (splitList "," .Values.global.experimentalCapabilities)) }}
{{- range .Values.clusterGroup.managedClusterGroups }}
{{- $group := . }}
{{- if not .hostedArgoSites }}
Expand Down Expand Up @@ -43,18 +44,15 @@ spec:
helm:
ignoreMissingValueFiles: true
valueFiles:
{{- include "acm.app.policies.valuefiles" . | nindent 24 }}
{{- range $valueFile := $.Values.global.extraValueFiles }}
- {{ $valueFile | quote }}
{{- end }}
{{- include "acm.app.policies.valuefiles" . | nindent 22 }}
{{- range $valueFile := .extraValueFiles }}
- {{ $valueFile | quote }}
{{- end }}
parameters:
- name: global.repoURL
value: $ARGOCD_APP_SOURCE_REPO_URL
value: {{ $.Values.global.repoURL }}
- name: global.targetRevision
value: $ARGOCD_APP_SOURCE_TARGET_REVISION
value: {{ $.Values.global.targetRevision }}
- name: global.namespace
value: $ARGOCD_APP_NAMESPACE
- name: global.pattern
Expand All @@ -63,10 +61,8 @@ spec:
value: {{ $.Values.global.hubClusterDomain }}
- name: global.localClusterDomain
value: '{{ `{{ (lookup "config.openshift.io/v1" "Ingress" "" "cluster").spec.domain }}` }}'
# Requires ACM 2.6 or higher
- name: global.clusterDomain
value: '{{ `{{ (lookup "config.openshift.io/v1" "Ingress" "" "cluster").spec.domain | replace "apps." "" }}` }}'
# Requires ACM 2.6 or higher (I could not come up with something less terrible to get maj.min)
- name: global.clusterVersion
value: '{{ `{{ printf "%d.%d" ((semver (index (lookup "config.openshift.io/v1" "ClusterVersion" "" "version").status.history 0).version).Major) ((semver (index (lookup "config.openshift.io/v1" "ClusterVersion" "" "version").status.history 0).version).Minor) }}` }}'
- name: global.localClusterName
Expand All @@ -75,6 +71,8 @@ spec:
value: {{ $.Values.global.clusterPlatform }}
- name: clusterGroup.name
value: {{ $group.name }}
- name: global.experimentalCapabilities
value: {{ $.Values.global.experimentalCapabilities }}
{{- range .helmOverrides }}
- name: {{ .name }}
value: {{ .value | quote }}
Expand Down Expand Up @@ -149,4 +147,4 @@ spec:
{{- end }}
---
{{- end }}
{{- end }}
{{- end }}
176 changes: 174 additions & 2 deletions common/acm/templates/policies/ocp-gitops-policy.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- $hasInitContainerCapability := and (.Values.global.experimentalCapabilities) (has "initcontainers" (splitList "," .Values.global.experimentalCapabilities)) }}
apiVersion: policy.open-cluster-management.io/v1
kind: Policy
metadata:
Expand All @@ -24,6 +25,15 @@ spec:
include:
- default
object-templates:
- complianceType: mustonlyhave
objectDefinition:
kind: ConfigMap
apiVersion: v1
metadata:
name: trusted-ca-bundle
namespace: openshift-gitops
labels:
config.openshift.io/inject-trusted-cabundle: 'true'
- complianceType: mustonlyhave
objectDefinition:
# This is an auto-generated file. DO NOT EDIT
Expand All @@ -35,7 +45,7 @@ spec:
labels:
operators.coreos.com/openshift-gitops-operator.openshift-operators: ''
spec:
channel: {{ default "gitops-1.11" .Values.main.gitops.channel }}
channel: {{ default "gitops-1.12" .Values.main.gitops.channel }}
installPlanApproval: Automatic
name: openshift-gitops-operator
source: redhat-operators
Expand All @@ -44,6 +54,168 @@ spec:
env:
- name: ARGOCD_CLUSTER_CONFIG_NAMESPACES
value: "*"
{{- if $hasInitContainerCapability }}
- complianceType: mustonlyhave
objectDefinition:
apiVersion: argoproj.io/v1beta1
kind: ArgoCD
metadata:
name: openshift-gitops
namespace: openshift-gitops
spec:
applicationSet:
resources:
limits:
cpu: "2"
memory: 1Gi
requests:
cpu: 250m
memory: 512Mi
webhookServer:
ingress:
enabled: false
route:
enabled: false
controller:
processors: {}
resources:
limits:
cpu: "2"
memory: 2Gi
requests:
cpu: 250m
memory: 1Gi
sharding: {}
grafana:
enabled: false
ingress:
enabled: false
resources:
limits:
cpu: 500m
memory: 256Mi
requests:
cpu: 250m
memory: 128Mi
route:
enabled: false
ha:
enabled: false
resources:
limits:
cpu: 500m
memory: 256Mi
requests:
cpu: 250m
memory: 128Mi
initialSSHKnownHosts: {}
monitoring:
enabled: false
notifications:
enabled: false
prometheus:
enabled: false
ingress:
enabled: false
route:
enabled: false
rbac:
defaultPolicy: ""
policy: |-
g, system:cluster-admins, role:admin
g, cluster-admins, role:admin
scopes: '[groups]'
redis:
resources:
limits:
cpu: 500m
memory: 256Mi
requests:
cpu: 250m
memory: 128Mi
repo:
initContainers:
- command:
- bash
- -c
- cat /var/run/kube-root-ca/ca.crt /var/run/trusted-ca/ca-bundle.crt > /tmp/ca-bundles/ca-bundle.crt
|| true
image: registry.redhat.io/ubi9/ubi-minimal:latest
name: fetch-ca
resources: {}
volumeMounts:
- mountPath: /var/run/kube-root-ca
name: kube-root-ca
- mountPath: /var/run/trusted-ca
name: trusted-ca-bundle
- mountPath: /tmp/ca-bundles
name: ca-bundles
resources:
limits:
cpu: "1"
memory: 1Gi
requests:
cpu: 250m
memory: 256Mi
volumeMounts:
- mountPath: /etc/pki/tls/certs
name: ca-bundles
volumes:
- configMap:
name: kube-root-ca.crt
name: kube-root-ca
- configMap:
name: trusted-ca-bundle
optional: true
name: trusted-ca-bundle
- emptyDir: {}
name: ca-bundles
resourceExclusions: |-
- apiGroups:
- tekton.dev
clusters:
- '*'
kinds:
- TaskRun
- PipelineRun
server:
autoscale:
enabled: false
grpc:
ingress:
enabled: false
ingress:
enabled: false
resources:
limits:
cpu: 500m
memory: 256Mi
requests:
cpu: 125m
memory: 128Mi
route:
enabled: true
{{- if and (.Values.global.argocdServer) (.Values.global.argocdServer.route) (.Values.global.argocdServer.route.tls) }}
tls:
insecureEdgeTerminationPolicy: {{ default "Redirect" .Values.global.argocdServer.route.tls.insecureEdgeTerminationPolicy }}
termination: {{ default "reencrypt" .Values.global.argocdServer.route.tls.termination }}
{{- end }}
service:
type: ""
sso:
dex:
openShiftOAuth: true
resources:
limits:
cpu: 500m
memory: 256Mi
requests:
cpu: 250m
memory: 128Mi
provider: dex
tls:
ca: {}
{{- end }}{{/* if hasInitContainerCapability */}}
---
apiVersion: policy.open-cluster-management.io/v1
kind: PlacementBinding
Expand Down Expand Up @@ -79,4 +251,4 @@ spec:
- key: local-cluster
operator: NotIn
values:
- 'true'
- 'true'
2 changes: 1 addition & 1 deletion common/acm/templates/policies/private-repo-policies.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -158,4 +158,4 @@ spec:
- 'true'
{{- end }}{{- /* if not .hostedArgoSites */}}
{{- end }}{{- /* range .Values.clusterGroup.managedClusterGroups */}}
{{- end }}{{- /* if $.Values.global.privateRepo */}}
{{- end }}{{- /* if $.Values.global.privateRepo */}}
2 changes: 1 addition & 1 deletion common/acm/templates/provision/_install-config.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,4 +63,4 @@ platform:
{{- toYaml .platform | nindent 2 }}
pullSecret: "" # skip, hive will inject based on it's secrets
sshKey: "" # skip, hive will inject based on it's secrets
{{- end -}}
{{- end -}}
2 changes: 1 addition & 1 deletion common/acm/templates/provision/clusterpool.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,4 +92,4 @@ spec:
{{- end }}{{- /* range .range clusters */}}
{{- end }}{{- /* range .clusterPools */}}
{{- end }}{{- /* if .clusterPools) */}}
{{- end }}{{- /* range .Values.clusterGroup.managedClusterGroups */}}
{{- end }}{{- /* range .Values.clusterGroup.managedClusterGroups */}}
2 changes: 1 addition & 1 deletion common/acm/templates/provision/secrets-azure.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,4 +81,4 @@ spec:
---
{{- end }}
{{- end }}
{{- end }}
{{- end }}
2 changes: 1 addition & 1 deletion common/acm/templates/provision/secrets-common.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,4 +58,4 @@ spec:
{{ "{{ .sshPrivateKey | toString }}" }}
---
{{- end }}
{{- end }}
{{- end }}
11 changes: 10 additions & 1 deletion common/acm/values.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
main:
gitops:
channel: "gitops-1.11"
channel: "gitops-1.12"

global:
extraValueFiles: []
Expand Down Expand Up @@ -30,6 +30,15 @@ clusterGroup:
# - name: clusterGroup
# value: region-one

acm:
# Just used for IIB testing, drives the source and channel for the MCE
# subscription triggered by ACM
mce_operator:
source: redhat-operators
channel: null



secretStore:
name: vault-backend
kind: ClusterSecretStore
15 changes: 14 additions & 1 deletion values-hub.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,10 @@ clusterGroup:
- redis
#- rhdh-operator
subscriptions:
acm:
name: advanced-cluster-management
namespace: open-cluster-management
channel: release-2.10
rhoai:
name: rhods-operator
# Fast is required for 2.9.0
Expand Down Expand Up @@ -87,7 +91,16 @@ clusterGroup:
# - '/overrides/values-{{ $.Values.global.hubClusterDomain }}.yaml'
# - '/overrides/values-{{ $.Values.global.localClusterDomain }}.yaml'
applications:

acm:
name: acm
namespace: open-cluster-management
project: hub
path: common/acm
ignoreDifferences:
- group: internal.open-cluster-management.io
kind: ManagedClusterInfo
jsonPointers:
- /spec/loggingCA
vault:
name: vault
namespace: vault
Expand Down

0 comments on commit 5c90f56

Please sign in to comment.