Merge pull request #90 from hybrid-cloud-patterns/update-common

Update common
validatedpatterns · Aug 1, 2023 · a246609 · a246609
2 parents 057001f + 3444d34
commit a246609
Show file tree

Hide file tree

Showing 26 changed files with 105 additions and 426 deletions.
diff --git a/common/Makefile b/common/Makefile
@@ -67,6 +67,9 @@ load-iib: ## CI target to install Index Image Bundles
  for IIB in $(shell echo $(INDEX_IMAGES) | tr ',' '\n'); do \
  INDEX_IMAGE="$${IIB}" ansible-playbook common/ansible/playbooks/iib-ci/iib-ci.yaml; \
  done; \
+ else \
+ echo "No INDEX_IMAGES defined. Bailing out"; \
+ exit 1; \
  fi
 
 

diff --git a/common/golang-external-secrets/charts/external-secrets-0.8.3.tgz b/common/golang-external-secrets/charts/external-secrets-0.8.3.tgz
diff --git a/common/hashicorp-vault/Chart.yaml b/common/hashicorp-vault/Chart.yaml
@@ -6,5 +6,5 @@ name: hashicorp-vault
 version: 0.0.1
 dependencies:
  - name: vault
- version: "0.24.1"
+ version: "0.25.0"
  repository: "https://helm.releases.hashicorp.com"
diff --git a/common/hashicorp-vault/charts/vault-0.24.1.tgz b/common/hashicorp-vault/charts/vault-0.24.1.tgz
diff --git a/common/hashicorp-vault/charts/vault-0.25.0.tgz b/common/hashicorp-vault/charts/vault-0.25.0.tgz
diff --git a/common/hashicorp-vault/values.yaml b/common/hashicorp-vault/values.yaml
@@ -49,4 +49,4 @@ vault:
  termination: "reencrypt"
  image:
  repository: "registry.connect.redhat.com/hashicorp/vault"
- tag: "1.13.1-ubi"
+ tag: "1.14.0-ubi"
diff --git a/common/tests/golang-external-secrets-industrial-edge-factory.expected.yaml b/common/tests/golang-external-secrets-industrial-edge-factory.expected.yaml
@@ -8140,25 +8140,6 @@ rules:
  - "update"
  - "patch"
 ---
-# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-role.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: view-pods
- namespace: vault
- annotations:
- argocd.argoproj.io/hook: PreSync
- argocd.argoproj.io/sync-wave: "-15"
-rules:
- - apiGroups:
- - ""
- resources:
- - pods
- verbs:
- - get
- - list
- - watch
----
 # Source: golang-external-secrets/charts/external-secrets/templates/rbac.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -8180,25 +8161,6 @@ subjects:
  name: golang-external-secrets
  namespace: "default"
 ---
-# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-rolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: view-pods-rb
- namespace: vault
- annotations:
- argocd.argoproj.io/hook: PreSync
- argocd.argoproj.io/sync-wave: "-15"
-subjects:
-- kind: ServiceAccount
- name: vault
- namespace: vault
- apiGroup: ""
-roleRef:
- kind: Role
- name: view-pods
- apiGroup: rbac.authorization.k8s.io
----
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-service.yaml
 apiVersion: v1
 kind: Service

diff --git a/common/tests/golang-external-secrets-industrial-edge-hub.expected.yaml b/common/tests/golang-external-secrets-industrial-edge-hub.expected.yaml
@@ -8140,25 +8140,6 @@ rules:
  - "update"
  - "patch"
 ---
-# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-role.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: view-pods
- namespace: vault
- annotations:
- argocd.argoproj.io/hook: PreSync
- argocd.argoproj.io/sync-wave: "-15"
-rules:
- - apiGroups:
- - ""
- resources:
- - pods
- verbs:
- - get
- - list
- - watch
----
 # Source: golang-external-secrets/charts/external-secrets/templates/rbac.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -8180,25 +8161,6 @@ subjects:
  name: golang-external-secrets
  namespace: "default"
 ---
-# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-rolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: view-pods-rb
- namespace: vault
- annotations:
- argocd.argoproj.io/hook: PreSync
- argocd.argoproj.io/sync-wave: "-15"
-subjects:
-- kind: ServiceAccount
- name: vault
- namespace: vault
- apiGroup: ""
-roleRef:
- kind: Role
- name: view-pods
- apiGroup: rbac.authorization.k8s.io
----
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-service.yaml
 apiVersion: v1
 kind: Service
@@ -8396,32 +8358,6 @@ spec:
  secret:
  secretName: golang-external-secrets-webhook
 ---
-# Source: golang-external-secrets/templates/golang-external-secrets-hub-presync.yaml
-apiVersion: batch/v1
-kind: Job
-metadata:
- annotations:
- argocd.argoproj.io/hook: PreSync
- name: job-wait-for-vault
- # By placing the job in the vault namespace we can avoid dealing with RBACs
- namespace: vault
-spec:
- template:
- spec:
- containers:
- - image: image-registry.openshift-image-registry.svc:5000/openshift/cli:latest
- command:
- - /bin/bash
- - -c
- - |
- oc wait --for=condition=Ready=true pods -n vault vault-0 --timeout=900s
- name: wait-for-healthy-vault
- dnsPolicy: ClusterFirst
- restartPolicy: Never
- serviceAccount: vault
- serviceAccountName: vault
- terminationGracePeriodSeconds: 60
----
 # Source: golang-external-secrets/templates/golang-external-secrets-hub-secretstore.yaml
 apiVersion: external-secrets.io/v1beta1
 kind: ClusterSecretStore

diff --git a/common/tests/golang-external-secrets-medical-diagnosis-hub.expected.yaml b/common/tests/golang-external-secrets-medical-diagnosis-hub.expected.yaml
@@ -8140,25 +8140,6 @@ rules:
  - "update"
  - "patch"
 ---
-# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-role.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: view-pods
- namespace: vault
- annotations:
- argocd.argoproj.io/hook: PreSync
- argocd.argoproj.io/sync-wave: "-15"
-rules:
- - apiGroups:
- - ""
- resources:
- - pods
- verbs:
- - get
- - list
- - watch
----
 # Source: golang-external-secrets/charts/external-secrets/templates/rbac.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -8180,25 +8161,6 @@ subjects:
  name: golang-external-secrets
  namespace: "default"
 ---
-# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-rolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: view-pods-rb
- namespace: vault
- annotations:
- argocd.argoproj.io/hook: PreSync
- argocd.argoproj.io/sync-wave: "-15"
-subjects:
-- kind: ServiceAccount
- name: vault
- namespace: vault
- apiGroup: ""
-roleRef:
- kind: Role
- name: view-pods
- apiGroup: rbac.authorization.k8s.io
----
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-service.yaml
 apiVersion: v1
 kind: Service
@@ -8396,32 +8358,6 @@ spec:
  secret:
  secretName: golang-external-secrets-webhook
 ---
-# Source: golang-external-secrets/templates/golang-external-secrets-hub-presync.yaml
-apiVersion: batch/v1
-kind: Job
-metadata:
- annotations:
- argocd.argoproj.io/hook: PreSync
- name: job-wait-for-vault
- # By placing the job in the vault namespace we can avoid dealing with RBACs
- namespace: vault
-spec:
- template:
- spec:
- containers:
- - image: image-registry.openshift-image-registry.svc:5000/openshift/cli:latest
- command:
- - /bin/bash
- - -c
- - |
- oc wait --for=condition=Ready=true pods -n vault vault-0 --timeout=900s
- name: wait-for-healthy-vault
- dnsPolicy: ClusterFirst
- restartPolicy: Never
- serviceAccount: vault
- serviceAccountName: vault
- terminationGracePeriodSeconds: 60
----
 # Source: golang-external-secrets/templates/golang-external-secrets-hub-secretstore.yaml
 apiVersion: external-secrets.io/v1beta1
 kind: ClusterSecretStore

diff --git a/common/tests/golang-external-secrets-naked.expected.yaml b/common/tests/golang-external-secrets-naked.expected.yaml
@@ -8140,25 +8140,6 @@ rules:
  - "update"
  - "patch"
 ---
-# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-role.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: view-pods
- namespace: vault
- annotations:
- argocd.argoproj.io/hook: PreSync
- argocd.argoproj.io/sync-wave: "-15"
-rules:
- - apiGroups:
- - ""
- resources:
- - pods
- verbs:
- - get
- - list
- - watch
----
 # Source: golang-external-secrets/charts/external-secrets/templates/rbac.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -8180,25 +8161,6 @@ subjects:
  name: golang-external-secrets
  namespace: "default"
 ---
-# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-rolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: view-pods-rb
- namespace: vault
- annotations:
- argocd.argoproj.io/hook: PreSync
- argocd.argoproj.io/sync-wave: "-15"
-subjects:
-- kind: ServiceAccount
- name: vault
- namespace: vault
- apiGroup: ""
-roleRef:
- kind: Role
- name: view-pods
- apiGroup: rbac.authorization.k8s.io
----
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-service.yaml
 apiVersion: v1
 kind: Service
@@ -8396,32 +8358,6 @@ spec:
  secret:
  secretName: golang-external-secrets-webhook
 ---
-# Source: golang-external-secrets/templates/golang-external-secrets-hub-presync.yaml
-apiVersion: batch/v1
-kind: Job
-metadata:
- annotations:
- argocd.argoproj.io/hook: PreSync
- name: job-wait-for-vault
- # By placing the job in the vault namespace we can avoid dealing with RBACs
- namespace: vault
-spec:
- template:
- spec:
- containers:
- - image: image-registry.openshift-image-registry.svc:5000/openshift/cli:latest
- command:
- - /bin/bash
- - -c
- - |
- oc wait --for=condition=Ready=true pods -n vault vault-0 --timeout=900s
- name: wait-for-healthy-vault
- dnsPolicy: ClusterFirst
- restartPolicy: Never
- serviceAccount: vault
- serviceAccountName: vault
- terminationGracePeriodSeconds: 60
----
 # Source: golang-external-secrets/templates/golang-external-secrets-hub-secretstore.yaml
 apiVersion: external-secrets.io/v1beta1
 kind: ClusterSecretStore