Merge remote-tracking branch 'upstream/main'

redhat-hac-qe · Oct 24, 2024 · 8052c6b · 8052c6b
2 parents fabdb30 + f248608
commit 8052c6b
Show file tree

Hide file tree

Showing 7 changed files with 67 additions and 16 deletions.
diff --git a/argo-cd-apps/base/member/infra-deployments/kubearchive/kubearchive.yaml b/argo-cd-apps/base/member/infra-deployments/kubearchive/kubearchive.yaml
@@ -35,7 +35,7 @@ spec:
           prune: true
           selfHeal: true
         syncOptions:
-        - CreateNamespace=true
+          - CreateNamespace=true
         retry:
           limit: 50
           backoff:

diff --git a/components/kubearchive/base/alternative-service.yaml b/components/kubearchive/base/alternative-service.yaml
@@ -0,0 +1,13 @@
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: product-kubearchive-sink
+  namespace: kubearchive
+spec:
+  selector:
+    app: kubearchive-sink
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080
diff --git a/components/kubearchive/base/kustomization.yaml b/components/kubearchive/base/kustomization.yaml
@@ -2,13 +2,21 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- https://github.com/kubearchive/kubearchive/releases/download/v0.1.0/kubearchive.yaml?timeout=90
+- https://github.com/kubearchive/kubearchive/releases/download/v0.3.0/kubearchive.yaml?timeout=90
 - rbac.yaml
+# This alternative service is needed because the operator creates the
+# ApiServerSource pointing to <namespace>-sink, and here namespace is
+# product-kubearchive, so product-kubearchive-sink. However the service
+# is created as kubearchive-sink and the ApiServerSource does not find it.
+# The symptom is the following event:
+# Failed to update status for "product-kubearchive-a13e": ApiServerSource.sources.knative.dev
+#   "product-kubearchive-a13e" is invalid: namespaces: Invalid value: "null": namespaces in body
+#    must be of type array: "null"
+- alternative-service.yaml
 
 # ROSA does not support namespaces starting with `kube`
 namespace: product-kubearchive
 
-
 patches:
 # These patches changes some resources that point directly to
 # the 'kubearchive' namespace in their function.
@@ -17,6 +25,7 @@ patches:
     kind: RoleBinding
     metadata:
       name: kubearchive-operator-leader-election
+      namespace: kubearchive
     subjects:
     - kind: ServiceAccount
       name: kubearchive-operator
@@ -78,22 +87,38 @@ patches:
     kind: Service
     metadata:
       name: kubearchive-api-server
+      namespace: kubearchive
       annotations:
         service.beta.openshift.io/serving-cert-secret-name: kubearchive-api-server-tls
 - patch: |-
     apiVersion: v1
     kind: Service
     metadata:
       name: kubearchive-operator-webhooks
+      namespace: kubearchive
       annotations:
         service.beta.openshift.io/serving-cert-secret-name: kubearchive-operator-tls
-
+- patch: |-
+    apiVersion: admissionregistration.k8s.io/v1
+    kind: MutatingWebhookConfiguration
+    metadata:
+      name: kubearchive-mutating-webhook-configuration
+      annotations:
+        service.beta.openshift.io/inject-cabundle: "true"
+- patch: |-
+    apiVersion: admissionregistration.k8s.io/v1
+    kind: ValidatingWebhookConfiguration
+    metadata:
+      name: kubearchive-validating-webhook-configuration
+      annotations:
+        service.beta.openshift.io/inject-cabundle: "true"
 # These patches solve Kube Linter problems
 - patch: |-
     apiVersion: apps/v1
     kind: Deployment
     metadata:
       name: kubearchive-api-server
+      namespace: kubearchive
     spec:
       template:
         spec:
@@ -114,6 +139,7 @@ patches:
     kind: Deployment
     metadata:
       name: kubearchive-operator
+      namespace: kubearchive
     spec:
       template:
         spec:
@@ -133,6 +159,7 @@ patches:
     kind: Deployment
     metadata:
       name: kubearchive-sink
+      namespace: kubearchive
     spec:
       template:
         spec:
@@ -156,27 +183,32 @@ patches:
     kind: Certificate
     metadata:
       name: "kubearchive-api-server-certificate"
+      namespace: kubearchive
 - patch: |-
     $patch: delete
     apiVersion: cert-manager.io/v1
     kind: Certificate
     metadata:
       name: "kubearchive-ca"
+      namespace: kubearchive
 - patch: |-
     $patch: delete
     apiVersion: cert-manager.io/v1
     kind: Issuer
     metadata:
       name: "kubearchive-ca"
+      namespace: kubearchive
 - patch: |-
     $patch: delete
     apiVersion: cert-manager.io/v1
     kind: Issuer
     metadata:
       name: "kubearchive"
+      namespace: kubearchive
 - patch: |-
     $patch: delete
     apiVersion: cert-manager.io/v1
     kind: Certificate
     metadata:
       name: "kubearchive-operator-certificate"
+      namespace: kubearchive
diff --git a/components/kubearchive/development/kustomization.yaml b/components/kubearchive/development/kustomization.yaml
@@ -7,11 +7,14 @@ resources:
 secretGenerator:
 - behavior: merge
   literals:
-  - POSTGRES_DB=kubearchive
-  - POSTGRES_USER=kubearchive
-  - POSTGRES_URL=postgresql.kubearchive.svc.cluster.local
-  - POSTGRES_PASSWORD=password  # notsecret
+  - DATABASE_KIND=postgresql
+  - DATABASE_PORT=5432
+  - DATABASE_DB=kubearchive
+  - DATABASE_USER=kubearchive
+  - DATABASE_URL=postgresql.product-kubearchive.svc.cluster.local
+  - DATABASE_PASSWORD=password  # notsecret
   name: kubearchive-database-credentials
+  namespace: kubearchive
   type: Opaque
 
 commonAnnotations:

diff --git a/components/kubearchive/staging/database-secret.yaml b/components/kubearchive/staging/database-secret.yaml
@@ -19,8 +19,9 @@ spec:
     name: kubearchive-database-credentials
     template:
       data:
-        POSTGRES_PORT: "5432"
-        POSTGRES_URL: '{{ index . "db.host" }}'
-        POSTGRES_PASSWORD: '{{ index . "db.password" }}'
-        POSTGRES_USER: '{{ index . "db.user" }}'
-        POSTGRES_DB: '{{ index . "db.name" }}'
+        DATABASE_KIND: postgresql
+        DATABASE_PORT: "5432"
+        DATABASE_URL: '{{ index . "db.host" }}'
+        DATABASE_PASSWORD: '{{ index . "db.password" }}'
+        DATABASE_USER: '{{ index . "db.user" }}'
+        DATABASE_DB: '{{ index . "db.name" }}'
diff --git a/components/mintmaker/OWNERS b/components/mintmaker/OWNERS
@@ -6,10 +6,12 @@ approvers:
 - scoheb
 - staticf0x
 - querti
+- FernandesMF
 
 reviewers:
 - gnaponie
 - qixiang
 - scoheb
 - staticf0x
 - querti
+- FernandesMF
diff --git a/components/mintmaker/production/base/kustomization.yaml b/components/mintmaker/production/base/kustomization.yaml
@@ -3,15 +3,15 @@ kind: Kustomization
 resources:
   - ../../base
   - ../../base/external-secrets
-  - https://github.com/konflux-ci/mintmaker/config/default?ref=1d8bfa6981ee3ab0f11f4f433ea7a5bc63c958f9
-  - https://github.com/konflux-ci/mintmaker/config/renovate?ref=1d8bfa6981ee3ab0f11f4f433ea7a5bc63c958f9
+  - https://github.com/konflux-ci/mintmaker/config/default?ref=74cbd1816e7a6e333c3d0f1088bc1af1eb8b5844
+  - https://github.com/konflux-ci/mintmaker/config/renovate?ref=74cbd1816e7a6e333c3d0f1088bc1af1eb8b5844
 
 namespace: mintmaker
 
 images:
   - name: quay.io/konflux-ci/mintmaker
     newName: quay.io/konflux-ci/mintmaker
-    newTag: 834533c353e170c5ab13e4e1634f33a9837042b1
+    newTag: 74cbd1816e7a6e333c3d0f1088bc1af1eb8b5844
 
 commonAnnotations:
   argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true