common automatic update #119
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
mbaldessari
commented
May 30, 2024
mbaldessari
commented
- New global scope argocdServer section for values-global.yaml
- Improve readme for ACM IIB
- Drop gitopsspec from pattern's CR
- Allow customizing the VP operator subscription
- Add retries when checking oc version
- Add an imperative-admin-sa service account
- Switch to registry.redhat.io for the initContainer image
- Update for ACM chart to application-policies.yaml
- Add extraParameters to values.schema.json
- Update ESO to 0.9.18
- Update vault to 1.16.2
- Feat: Followup to definition of extraParameters under the main section of a values file.
- Use golang-external-secrets for the acm hub-ca bits
- Only do the acm hub ca policy when vault is the backend
- Force rolebindings as early as possible
- Added new section for to configure the ArgoCD server to support tls
argocdServer:
route:
tls:
insecureEdgeTerminationPolicy: Redirect
termination: reencrypt
- Default for ArgoCD is to create route with the following:
route: enabled
tls:
insecureEdgeTerminationPolicy: Redirect
termination: passthrough
For more information please refer to https://issues.redhat.com/browse/GITOPS-3918.
- Changed default value for termination
Improve readme for ACM IIB
New global scope argocdServer section for values-global.yaml
We drive this from the patterns-operator-config configmap these days, which makes more sense (it is a clusterwide setting and not really a per pattern one).
Tested with:
❯ helm template operator-install --show-only templates/subscription.yaml --set main.patternsOperator.installPlanApproval=Manual
---
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: patterns-operator
namespace: openshift-operators
labels:
operators.coreos.com/patterns-operator.openshift-operators: ""
spec:
channel: fast
installPlanApproval: Manual
name: patterns-operator
source: community-operators
sourceNamespace: openshift-marketplace
❯ helm template operator-install --show-only templates/subscription.yaml --set main.patternsOperator.installPlanApproval=Manual --set main.patternsOperator.startingCSV=1.2.3
---
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: patterns-operator
namespace: openshift-operators
labels:
operators.coreos.com/patterns-operator.openshift-operators: ""
spec:
channel: fast
installPlanApproval: Manual
name: patterns-operator
source: community-operators
sourceNamespace: openshift-marketplace
startingCSV: 1.2.3
Drop gitopsspec from pattern's CR
Allow customizing the VP operator subscription
Add retries when checking oc version
Add an imperative-admin-sa service account
This makes the registry url more consistent with what we already use (e.g. in the imperative templates)
Switch to registry.redhat.io for the initContainer image
- If statement was checking for .Values.global.extraValueFiles.
- We now checking at the .extraValueFiles in the managedClusterGroups section.
managedClusterGroups:
aro-prod:
name: innovation
acmlabels:
- name: clusterGroup
value: innovation
extraValueFiles:
- '/overrides/values-common-capabilities.yaml'
helmOverrides:
- name: clusterGroup.isHubCluster
value: "false"
Update for ACM chart to application-policies.yaml
- Problem Statement
The current **clustergroup** schema does not allow the definition of **extraParameters** under the **main** section of a values file.
- Caveat
The user defined variables in the **extraParameters** section would only be applied if the user deploys the pattern via the command, using `./pattern.sh make install` or `./pattern.sh make operator-deploy` and not via the OpenShift Validated Patterns Operator UI.
- Fix Description
Add the **extraParameters** to the definition of **Main.properties** in the values.schema.json:
"extraParameters": {
"type": "array",
"description": "Pass in extra Helm parameters to all ArgoCD Applications and the framework."
},
- This will allow users to define extra parameters that will be added by the framework to the ArgoCD applications it creates.
- For more information see validatedpatterns/common#510
Add extraParameters to values.schema.json
Update ESO to 0.9.18
…n of a values file. - The operator adds these extraParameters to the extraParametersNested section as key/value pairs in the Cluster Wide ArgoCD Application created by the Validated Patterns operator. - This update will add the user defined extra parameters on the ArgoCD Applications on the Spoke Clusters. efinition of extraParameters under the main
We'd like to make the imperative namespace optional, so let's use the golang-external-secrets one, which is probably more correct anyways since the acm hub ca is tied to ESO anyways.
The acm hub ca is needed for ESO on spokes to connect to the vault on the hub, there is no need for this when vault is not used, so let's drop it in that case
Feat: Followup to definition of extraParameters under the main section of a values file.
Updates to acm-hub-ca
Update vault to 1.16.2
This is important because in some situations (we've observed this on the clusterwide argo instance on spokes) the permissions are not there yet when argo tries to create service accounts for the imperative SAs. This means that the very first sync works up to the service account creation which then fails due to lacking RBACs. This triggers a gitops issue where selfheal never retries because the previous run failed and so the app is in a stuck loop forever Co-Authored-By: Jonny Rickard <jrickard@redhat.com> Closes: GITOPS-4677
Force rolebindings as early as possible
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.