Merge pull request #106 from mhjacks/update_main

Update common to latest common/main for templated value files

common/Changes.md

@@ -1,5 +1,9 @@
 # Changes
 
+## Sep 25, 2023
+
+* Upgraded ESO to v0.9.5
+
 ## Aug 17, 2023
 
 * Introduced support for multisource applications via .chart + .chartVersion

common/Makefile

@@ -44,21 +44,13 @@ help: ## This help message
 show: ## show the starting template without installing it
 	helm template common/operator-install/ --name-template $(NAME) $(HELM_OPTS)
 
-# Only call helm install if the CRD is missing. If it already exists just
-# push the templated files.
-# The reason we have two helm template calls in the else branch is to avoid
-# warnings when the chart gets applied the first time, but the resources were
-# created first via the VP operator's UI
 .PHONY: operator-deploy
-operator-deploy operator-upgrade: validate-prereq validate-origin ## runs helm install
-	@set -e; if ! oc get crds patterns.gitops.hybrid-cloud-patterns.io >/dev/null 2>&1; then \
-	  echo "Running helm:"; \
-	  helm upgrade --install $(NAME) common/operator-install/ $(HELM_OPTS); \
-	else \
-	  echo "Reapplying helm chart:"; \
-	  helm template --name-template $(NAME) common/operator-install/ $(HELM_OPTS) | oc apply set-last-applied --create-annotation -f-; \
-	  helm template --name-template $(NAME) common/operator-install/ $(HELM_OPTS) | oc apply -f-; \
-	fi
+operator-deploy operator-upgrade: validate-prereq validate-origin validate-cluster ## runs helm install
+	@set -e -o pipefail
+	# Retry five times because the CRD might not be fully installed yet
+	for i in {1..5}; do \
+		helm template --include-crds --name-template $(NAME) common/operator-install/ $(HELM_OPTS) | oc apply -f- && break || sleep 10; \
+	done
 
 .PHONY: uninstall
 uninstall: ## runs helm uninstall
@@ -98,6 +90,19 @@ validate-origin: ## verify the git origin is available
 		echo "Running inside a container: Skipping git ssh checks";\
 	fi
 
+.PHONY: validate-cluster
+validate-cluster: ## Do some cluster validations before installing
+	@echo "Checking cluster:"
+	@echo -n "  cluster-info: "
+	@oc cluster-info >/dev/null && echo "OK" || (echo "Error"; exit 1)
+	@echo -n "  storageclass: "
+	@if [ `oc get storageclass -o go-template='{{printf "%d\n" (len .items)}}'` -eq 0 ]; then\
+		echo "None Found"; exit 1;\
+	else\
+		echo "OK";\
+	fi
+
+
 .PHONY: validate-schema
 validate-schema: ## validates values files against schema in common/clustergroup
 	$(eval VAL_PARAMS := $(shell for i in ./values-*.yaml; do echo -n "$${i} "; done))
@@ -117,14 +122,46 @@ validate-prereq: ## verify pre-requisites
 	@if ! ansible-galaxy collection list | grep kubernetes.core > /dev/null 2>&1; then echo "Not found"; exit 1; fi
 	@echo "OK"
 
+.PHONY: argo-healthcheck
+argo-healthcheck: ## Checks if all argo applications are synced
+	@echo "Checking argo applications"
+	$(eval APPS := $(shell oc get applications -A -o jsonpath='{range .items[*]}{@.metadata.namespace}{","}{@.metadata.name}{"\n"}{end}'))
+	@NOTOK=0; \
+	for i in $(APPS); do\
+		n=`echo "$${i}" | cut -f1 -d,`;\
+		a=`echo "$${i}" | cut -f2 -d,`;\
+		STATUS=`oc get -n "$${n}" application/"$${a}" -o jsonpath='{.status.sync.status}'`;\
+		if [[ $$STATUS != "Synced" ]]; then\
+			NOTOK=$$(( $${NOTOK} + 1));\
+		fi;\
+		HEALTH=`oc get -n "$${n}" application/"$${a}" -o jsonpath='{.status.health.status}'`;\
+		if [[ $$HEALTH != "Healthy" ]]; then\
+			NOTOK=$$(( $${NOTOK} + 1));\
+		fi;\
+		echo "$${n} $${a} -> Sync: $${STATUS} - Health: $${HEALTH}";\
+	done;\
+	if [ $${NOTOK} -gt 0 ]; then\
+	    echo "Some applications are not synced or are unhealthy";\
+	    exit 1;\
+	fi
+
+
 ##@ Test and Linters Tasks
 
 CHARTS=$(shell find . -type f -iname 'Chart.yaml' -exec dirname "{}"  \; | grep -v examples | sed -e 's/.\///')
 # Section related to tests and linting
-TEST_OPTS= -f values-global.yaml --set global.repoURL="https://github.com/pattern-clone/mypattern" \
-	--set main.git.repoURL="https://github.com/pattern-clone/mypattern" --set main.git.revision=main --set global.pattern="mypattern" \
-	--set global.namespace="pattern-namespace" --set global.hubClusterDomain=apps.hub.example.com --set global.localClusterDomain=apps.region.example.com --set global.clusterDomain=region.example.com\
-	--set "clusterGroup.imperative.jobs[0].name"="test" --set "clusterGroup.imperative.jobs[0].playbook"="ansible/test.yml"
+TEST_OPTS= -f values-global.yaml \
+	--set global.repoURL="https://github.com/pattern-clone/mypattern" \
+	--set main.git.repoURL="https://github.com/pattern-clone/mypattern" \
+	--set main.git.revision=main --set global.pattern="mypattern" \
+	--set global.namespace="pattern-namespace" \
+	--set global.hubClusterDomain=apps.hub.example.com \
+	--set global.localClusterDomain=apps.region.example.com \
+	--set global.clusterDomain=region.example.com \
+	--set global.clusterVersion="4.12" \
+	--set global.clusterPlatform=aws \
+	--set "clusterGroup.imperative.jobs[0].name"="test" \
+	--set "clusterGroup.imperative.jobs[0].playbook"="ansible/test.yml"
 PATTERN_OPTS=-f common/examples/values-example.yaml
 EXECUTABLES=git helm oc ansible
 

common/ansible/roles/iib_ci/README.md

@@ -26,6 +26,13 @@ make load-iib
 # This will install the pattern using the gitops operator from the IIB
 ```
 
+***NOTE:*** When using an SNO without shared storage in a non-production environment, the enablement of the internal registry will fail. You need to run the following to enable it:
+
+```sh
+oc patch configs.imageregistry.operator.openshift.io cluster --type merge --patch '{"spec":{"managementState":"Managed"}}'
+oc patch configs.imageregistry.operator.openshift.io cluster --type merge --patch '{"spec":{"storage":{"emptyDir":{}}}}'
+```
+
 Then in case of the `openshift-gitops-operator` we would install with:
 
 ```sh

common/ansible/roles/iib_ci/tasks/setup-internal-registry.yml

@@ -34,7 +34,7 @@
     oc registry info --public=true
   register: registry_route_raw
   retries: 20
-  delay: 10
+  delay: 20
   until:
     - registry_route_raw is not failed
     - registry_route_raw.stdout | length > 0

common/clustergroup/Chart.yaml

@@ -3,4 +3,4 @@ description: A Helm chart to create per-clustergroup ArgoCD applications and any
 keywords:
 - pattern
 name: clustergroup
-version: 0.0.2
+version: 0.0.4

common/clustergroup/templates/imperative/job.yaml

@@ -1,6 +1,6 @@
 {{- if not (eq .Values.enabled "plumbing") }}
 {{/* Define this if needed (jobs defined */}}
-{{- if (gt (len $.Values.clusterGroup.imperative.jobs) 0) -}}
+{{- if (and $.Values.clusterGroup.imperative (gt (len $.Values.clusterGroup.imperative.jobs) 0)) -}}
 ---
 apiVersion: batch/v1
 kind: CronJob
@@ -66,4 +66,4 @@ spec:
               name: {{ $.Values.clusterGroup.imperative.valuesConfigMap }}-{{ $.Values.clusterGroup.name }}
           restartPolicy: Never
 {{- end }}
-{{- end }}
+{{- end }}

common/clustergroup/templates/plumbing/applications.yaml

@@ -59,8 +59,11 @@ spec:
           ignoreMissingValueFiles: true
           valueFiles:
           {{- include "clustergroup.app.globalvalues.valuefiles" $ | nindent 12 }}
-        {{- range .extraValueFiles }}
-            - {{ . | quote }}
+        {{- range $valueFile := $.Values.clusterGroup.sharedValueFiles }}
+            - {{ tpl $valueFile $ | quote }}
+        {{- end }}
+        {{- range $valueFile := .extraValueFiles }}
+            - {{ tpl $valueFile $ | quote }}
         {{- end }}
         {{- if .useGeneratorValues }}
           values: |-
@@ -121,6 +124,8 @@ kind: Application
 metadata:
   name: {{ .name }}
   namespace: {{ $namespace }}
+  labels:
+    validatedpatterns.io/pattern: {{ $.Values.global.pattern }}
   finalizers:
   - resources-finalizer.argocd.argoproj.io/foreground
 spec:
@@ -145,8 +150,11 @@ spec:
         ignoreMissingValueFiles: true
         valueFiles:
         {{- include "clustergroup.app.globalvalues.prefixedvaluefiles" $ | nindent 8 }}
+        {{- range $valueFile := $.Values.clusterGroup.sharedValueFiles }}
+        - {{ tpl $valueFile $ | quote }}
+        {{- end }}
         {{- range $valueFile := .extraValueFiles }}
-        - {{ $valueFile | quote }}
+        - {{ tpl $valueFile $ | quote }}
         {{- end }}
         parameters:
           {{- include "clustergroup.app.globalvalues.helmparameters" $ | nindent 8 }}
@@ -209,8 +217,11 @@ spec:
       ignoreMissingValueFiles: true
       valueFiles:
       {{- include "clustergroup.app.globalvalues.valuefiles" $ | nindent 6 }}
+      {{- range $valueFile := $.Values.clusterGroup.sharedValueFiles }}
+      - {{ tpl $valueFile $ | quote }}
+      {{- end }}
       {{- range $valueFile := .extraValueFiles }}
-      - {{ $valueFile | quote }}
+      - {{ tpl $valueFile $ | quote }}
       {{- end }}
       parameters:
         {{- include "clustergroup.app.globalvalues.helmparameters" $ | nindent 8 }}

common/clustergroup/templates/plumbing/argocd.yaml

@@ -14,26 +14,27 @@ metadata:
 spec:
 # Adding health checks to argocd to prevent pvc resources
 # that aren't bound state from blocking deployments
-  resourceCustomizations: |
-    PersistentVolumeClaim:
-      health.lua: |
-        hs = {}
-        if obj.status ~= nil then
-          if obj.status.phase ~= nil then
-            if obj.status.phase == "Pending" then
-              hs.status = "Healthy"
-              hs.message = obj.status.phase
-              return hs
-            elseif obj.status.phase == "Bound" then
-              hs.status = "Healthy"
-              hs.message = obj.status.phase
-              return hs
-            end
+  resourceHealthChecks:
+  - kind: PersistentVolumeClaim
+    check: |
+      hs = {}
+      if obj.status ~= nil then
+        if obj.status.phase ~= nil then
+          if obj.status.phase == "Pending" then
+            hs.status = "Healthy"
+            hs.message = obj.status.phase
+            return hs
+          elseif obj.status.phase == "Bound" then
+            hs.status = "Healthy"
+            hs.message = obj.status.phase
+            return hs
           end
         end
-        hs.status = "Progressing"
-        hs.message = "Waiting for PVC"
-        return hs
+      end
+      hs.status = "Progressing"
+      hs.message = "Waiting for PVC"
+      return hs
+
   applicationInstanceLabelKey: argocd.argoproj.io/instance
   # Not the greatest way to pass git/quay info to sub-applications, but it will do until
   # we can support helmChart with kustomize

common/clustergroup/values.schema.json

@@ -234,6 +234,10 @@
           "type": "boolean",
           "description": "If set to true the values is used to identify whether this is the hub cluster or an edge/spoke cluster configuration."
         },
+        "sharedValueFiles": {
+            "type": "array",
+            "description": "Templated value file paths."
+	},
         "namespaces": {
           "type": "array",
           "description": "This is the array of namespaces that the VP framework will create.  In addition, operator groups will also be created for each namespace.",

common/clustergroup/values.yaml

@@ -8,13 +8,15 @@ global:
     installPlanApproval: Automatic
     applicationRetryLimit: 20
 
+
 enabled: "all"
 
 # Note that sometimes changing helm values might require a hard refresh (https://github.com/helm/helm/issues/3486)
 clusterGroup:
   name: example
   isHubCluster: true
   targetCluster: in-cluster
+  sharedValueFiles: []
 
   imperative:
     jobs: []

common/examples/values-example.yaml

@@ -11,6 +11,9 @@ clusterGroup:
   name: example
   #insecureUnsealVaultInsideCluster: false
   isHubCluster: true
+  sharedValueFiles:
+  - /values/{{ .Values.global.clusterPlatform }}.yaml
+  - /values/{{ .Values.global.clusterVersion }}.yaml
 
   namespaces:
   - open-cluster-management:
@@ -63,6 +66,8 @@ clusterGroup:
       namespace: application-ci
       project: datacenter
       path: charts/datacenter/pipelines
+      extraValueFiles:
+      - /values/{{ .Values.global.clusterVersion }}/{{ .Values.global.clusterPlatform }}.yaml
 
   imperative:
     namespace: imperative

common/golang-external-secrets/Chart.yaml

@@ -3,9 +3,9 @@ description: A Helm chart to configure the golang-based external-secrets.
 keywords:
 - pattern
 name: golang-external-secrets
-version: 0.0.2
+version: 0.0.3
 dependencies:
   - name: external-secrets
-    version: "0.9.4"
+    version: "0.9.5"
     repository: "https://charts.external-secrets.io"
     #"https://external-secrets.github.io/kubernetes-external-secrets"

common/golang-external-secrets/values.yaml

@@ -11,10 +11,10 @@ clusterGroup:
 
 external-secrets:
   image:
-    tag: v0.9.4-ubi
+    tag: v0.9.5-ubi
   webhook:
     image:
-      tag: v0.9.4-ubi
+      tag: v0.9.5-ubi
   certController:
     image:
-      tag: v0.9.4-ubi
+      tag: v0.9.5-ubi

common/scripts/pattern-util.sh

@@ -27,7 +27,7 @@ fi
 
 # Do not quote the ${KUBECONF_ENV} below, otherwise we will pass '' to podman
 # which will be confused
-podman run -it --rm \
+podman run -it --rm --pull=newer \
 	--security-opt label=disable \
 	-e EXTRA_HELM_OPTS \
 	-e KUBECONFIG \

common/tests/acm-industrial-edge-hub.expected.yaml

@@ -234,7 +234,7 @@ spec:
                       - name: global.clusterVersion
                         value: '{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}'
                       - name: global.clusterPlatform
-                        value: 
+                        value: aws
                       - name: clusterGroup.name
                         value: factory
                       - name: clusterGroup.isHubCluster

common/tests/acm-medical-diagnosis-hub.expected.yaml

@@ -225,7 +225,7 @@ spec:
                       - name: global.clusterVersion
                         value: '{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}'
                       - name: global.clusterPlatform
-                        value: 
+                        value: aws
                       - name: clusterGroup.name
                         value: region-one
                       - name: clusterGroup.isHubCluster

common/tests/acm-normal.expected.yaml

@@ -628,7 +628,7 @@ spec:
                       - name: global.clusterVersion
                         value: '{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}'
                       - name: global.clusterPlatform
-                        value: 
+                        value: aws
                       - name: clusterGroup.name
                         value: acm-edge
                       - name: clusterGroup.isHubCluster
@@ -722,7 +722,7 @@ spec:
                       - name: global.clusterVersion
                         value: '{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}'
                       - name: global.clusterPlatform
-                        value: 
+                        value: aws
                       - name: clusterGroup.name
                         value: acm-provision-edge
                       - name: clusterGroup.isHubCluster