diff --git a/charts/all/medical-diagnosis/xray-init/templates/objectstore-user/cm-wait-for-objectstore.yaml b/charts/all/medical-diagnosis/xray-init/templates/objectstore-user/cm-wait-for-objectstore.yaml new file mode 100644 index 00000000..bfdf14b3 --- /dev/null +++ b/charts/all/medical-diagnosis/xray-init/templates/objectstore-user/cm-wait-for-objectstore.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: wait-for-objectstore + namespace: {{ .Values.global.xraylab.namespace }} + annotations: + argocd.argoproj.io/sync-wave: "-1" +data: + wait-for-objectstore.sh: | + #!/bin/bash + # Get ODF version + ODFMINV=$(oc get subs -n openshift-storage odf-operator -o jsonpath='{.status.currentCSV}' | cut -d '.' -f3 ) + if [[ ${ODFMINV} -lt 13 ]] + then + oc wait --for=jsonpath='{.status.phase}'=Connected cephobjectstore/ocs-storagecluster-cephobjectstore -n openshift-storage --timeout=100s + else + oc wait --for=jsonpath='{.status.phase}'=Ready cephobjectstore/ocs-storagecluster-cephobjectstore -n openshift-storage --timeout=100s + fi \ No newline at end of file diff --git a/charts/all/medical-diagnosis/xray-init/templates/objectstore-user/job-cephobjstore-wait.yaml b/charts/all/medical-diagnosis/xray-init/templates/objectstore-user/job-cephobjstore-wait.yaml index 4b33c53c..41c33ea4 100644 --- a/charts/all/medical-diagnosis/xray-init/templates/objectstore-user/job-cephobjstore-wait.yaml +++ b/charts/all/medical-diagnosis/xray-init/templates/objectstore-user/job-cephobjstore-wait.yaml @@ -15,8 +15,17 @@ spec: - /bin/bash - -c - | - oc wait --for=jsonpath='{.status.phase}'=Connected cephobjectstore/ocs-storagecluster-cephobjectstore -n openshift-storage --timeout=900s + '/tmp/wait-for-objectstore.sh' name: wait-odf-cephobjectstore-complete + volumeMounts: + - mountPath: /tmp/wait-for-objectstore.sh + name: wait-for-objectstore + subPath: wait-for-objectstore.sh + volumes: + - name: wait-for-objectstore + configMap: + name: wait-for-objectstore + defaultMode: 0755 dnsPolicy: ClusterFirst restartPolicy: Never serviceAccount: {{ .Values.global.xraylab.namespace }}-sa diff --git a/charts/all/medical-diagnosis/xray-init/values.yaml b/charts/all/medical-diagnosis/xray-init/values.yaml index 818debfd..79488893 100644 --- a/charts/all/medical-diagnosis/xray-init/values.yaml +++ b/charts/all/medical-diagnosis/xray-init/values.yaml @@ -54,6 +54,20 @@ rbac: - "get" - "list" - "watch" + - name: view-odf-subs + createRole: true + apiGroups: + - "operators.coreos.com" + scope: + cluster: true + namespace: "" + resources: + - subs + - subscriptions + verbs: + - "get" + - "list" + - "watch" - name: view-odf-objectstoreusers createRole: true apiGroups: @@ -133,6 +147,19 @@ rbac: roleRef: kind: Role name: create-pattern-secret + - name: view-odf-subs-rb + createBinding: true + scope: + cluster: true + namespace: "" + subjects: + kind: ServiceAccount + name: xraylab-1-sa + namespace: xraylab-1 + apiGroup: "" + roleRef: + kind: ClusterRole + name: view-odf-subs - name: view-odf-storageclusters createBinding: true scope: @@ -184,4 +211,4 @@ rbac: apiGroup: "" roleRef: kind: Role - name: view-pattern-jobs \ No newline at end of file + name: view-pattern-jobs diff --git a/common/tests/golang-external-secrets-industrial-edge-factory.expected.yaml b/common/tests/golang-external-secrets-industrial-edge-factory.expected.yaml index c1a23515..22b23f0d 100644 --- a/common/tests/golang-external-secrets-industrial-edge-factory.expected.yaml +++ b/common/tests/golang-external-secrets-industrial-edge-factory.expected.yaml @@ -8140,6 +8140,25 @@ rules: - "update" - "patch" --- +# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: view-pods + namespace: vault + annotations: + argocd.argoproj.io/hook: PreSync + argocd.argoproj.io/sync-wave: "-15" +rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +--- # Source: golang-external-secrets/charts/external-secrets/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -8161,6 +8180,25 @@ subjects: name: golang-external-secrets namespace: "default" --- +# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: view-pods-rb + namespace: vault + annotations: + argocd.argoproj.io/hook: PreSync + argocd.argoproj.io/sync-wave: "-15" +subjects: +- kind: ServiceAccount + name: vault + namespace: vault + apiGroup: "" +roleRef: + kind: Role + name: view-pods + apiGroup: rbac.authorization.k8s.io +--- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-service.yaml apiVersion: v1 kind: Service diff --git a/common/tests/golang-external-secrets-industrial-edge-hub.expected.yaml b/common/tests/golang-external-secrets-industrial-edge-hub.expected.yaml index 7ae2a78f..2de0030f 100644 --- a/common/tests/golang-external-secrets-industrial-edge-hub.expected.yaml +++ b/common/tests/golang-external-secrets-industrial-edge-hub.expected.yaml @@ -8140,6 +8140,25 @@ rules: - "update" - "patch" --- +# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: view-pods + namespace: vault + annotations: + argocd.argoproj.io/hook: PreSync + argocd.argoproj.io/sync-wave: "-15" +rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +--- # Source: golang-external-secrets/charts/external-secrets/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -8161,6 +8180,25 @@ subjects: name: golang-external-secrets namespace: "default" --- +# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: view-pods-rb + namespace: vault + annotations: + argocd.argoproj.io/hook: PreSync + argocd.argoproj.io/sync-wave: "-15" +subjects: +- kind: ServiceAccount + name: vault + namespace: vault + apiGroup: "" +roleRef: + kind: Role + name: view-pods + apiGroup: rbac.authorization.k8s.io +--- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-service.yaml apiVersion: v1 kind: Service @@ -8364,6 +8402,32 @@ spec: secret: secretName: golang-external-secrets-webhook --- +# Source: golang-external-secrets/templates/golang-external-secrets-hub-presync.yaml +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + argocd.argoproj.io/hook: PreSync + name: job-wait-for-vault + # By placing the job in the vault namespace we can avoid dealing with RBACs + namespace: vault +spec: + template: + spec: + containers: + - image: image-registry.openshift-image-registry.svc:5000/openshift/cli:latest + command: + - /bin/bash + - -c + - | + oc wait --for=condition=Ready=true pods -n vault vault-0 --timeout=900s + name: wait-for-healthy-vault + dnsPolicy: ClusterFirst + restartPolicy: Never + serviceAccount: vault + serviceAccountName: vault + terminationGracePeriodSeconds: 60 +--- # Source: golang-external-secrets/templates/golang-external-secrets-hub-secretstore.yaml apiVersion: external-secrets.io/v1beta1 kind: ClusterSecretStore diff --git a/common/tests/golang-external-secrets-medical-diagnosis-hub.expected.yaml b/common/tests/golang-external-secrets-medical-diagnosis-hub.expected.yaml index 7ae2a78f..2de0030f 100644 --- a/common/tests/golang-external-secrets-medical-diagnosis-hub.expected.yaml +++ b/common/tests/golang-external-secrets-medical-diagnosis-hub.expected.yaml @@ -8140,6 +8140,25 @@ rules: - "update" - "patch" --- +# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: view-pods + namespace: vault + annotations: + argocd.argoproj.io/hook: PreSync + argocd.argoproj.io/sync-wave: "-15" +rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +--- # Source: golang-external-secrets/charts/external-secrets/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -8161,6 +8180,25 @@ subjects: name: golang-external-secrets namespace: "default" --- +# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: view-pods-rb + namespace: vault + annotations: + argocd.argoproj.io/hook: PreSync + argocd.argoproj.io/sync-wave: "-15" +subjects: +- kind: ServiceAccount + name: vault + namespace: vault + apiGroup: "" +roleRef: + kind: Role + name: view-pods + apiGroup: rbac.authorization.k8s.io +--- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-service.yaml apiVersion: v1 kind: Service @@ -8364,6 +8402,32 @@ spec: secret: secretName: golang-external-secrets-webhook --- +# Source: golang-external-secrets/templates/golang-external-secrets-hub-presync.yaml +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + argocd.argoproj.io/hook: PreSync + name: job-wait-for-vault + # By placing the job in the vault namespace we can avoid dealing with RBACs + namespace: vault +spec: + template: + spec: + containers: + - image: image-registry.openshift-image-registry.svc:5000/openshift/cli:latest + command: + - /bin/bash + - -c + - | + oc wait --for=condition=Ready=true pods -n vault vault-0 --timeout=900s + name: wait-for-healthy-vault + dnsPolicy: ClusterFirst + restartPolicy: Never + serviceAccount: vault + serviceAccountName: vault + terminationGracePeriodSeconds: 60 +--- # Source: golang-external-secrets/templates/golang-external-secrets-hub-secretstore.yaml apiVersion: external-secrets.io/v1beta1 kind: ClusterSecretStore diff --git a/common/tests/golang-external-secrets-naked.expected.yaml b/common/tests/golang-external-secrets-naked.expected.yaml index 518bda17..bf906863 100644 --- a/common/tests/golang-external-secrets-naked.expected.yaml +++ b/common/tests/golang-external-secrets-naked.expected.yaml @@ -8140,6 +8140,25 @@ rules: - "update" - "patch" --- +# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: view-pods + namespace: vault + annotations: + argocd.argoproj.io/hook: PreSync + argocd.argoproj.io/sync-wave: "-15" +rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +--- # Source: golang-external-secrets/charts/external-secrets/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -8161,6 +8180,25 @@ subjects: name: golang-external-secrets namespace: "default" --- +# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: view-pods-rb + namespace: vault + annotations: + argocd.argoproj.io/hook: PreSync + argocd.argoproj.io/sync-wave: "-15" +subjects: +- kind: ServiceAccount + name: vault + namespace: vault + apiGroup: "" +roleRef: + kind: Role + name: view-pods + apiGroup: rbac.authorization.k8s.io +--- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-service.yaml apiVersion: v1 kind: Service @@ -8364,6 +8402,32 @@ spec: secret: secretName: golang-external-secrets-webhook --- +# Source: golang-external-secrets/templates/golang-external-secrets-hub-presync.yaml +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + argocd.argoproj.io/hook: PreSync + name: job-wait-for-vault + # By placing the job in the vault namespace we can avoid dealing with RBACs + namespace: vault +spec: + template: + spec: + containers: + - image: image-registry.openshift-image-registry.svc:5000/openshift/cli:latest + command: + - /bin/bash + - -c + - | + oc wait --for=condition=Ready=true pods -n vault vault-0 --timeout=900s + name: wait-for-healthy-vault + dnsPolicy: ClusterFirst + restartPolicy: Never + serviceAccount: vault + serviceAccountName: vault + terminationGracePeriodSeconds: 60 +--- # Source: golang-external-secrets/templates/golang-external-secrets-hub-secretstore.yaml apiVersion: external-secrets.io/v1beta1 kind: ClusterSecretStore diff --git a/common/tests/golang-external-secrets-normal.expected.yaml b/common/tests/golang-external-secrets-normal.expected.yaml index 7ae2a78f..2de0030f 100644 --- a/common/tests/golang-external-secrets-normal.expected.yaml +++ b/common/tests/golang-external-secrets-normal.expected.yaml @@ -8140,6 +8140,25 @@ rules: - "update" - "patch" --- +# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: view-pods + namespace: vault + annotations: + argocd.argoproj.io/hook: PreSync + argocd.argoproj.io/sync-wave: "-15" +rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +--- # Source: golang-external-secrets/charts/external-secrets/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -8161,6 +8180,25 @@ subjects: name: golang-external-secrets namespace: "default" --- +# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: view-pods-rb + namespace: vault + annotations: + argocd.argoproj.io/hook: PreSync + argocd.argoproj.io/sync-wave: "-15" +subjects: +- kind: ServiceAccount + name: vault + namespace: vault + apiGroup: "" +roleRef: + kind: Role + name: view-pods + apiGroup: rbac.authorization.k8s.io +--- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-service.yaml apiVersion: v1 kind: Service @@ -8364,6 +8402,32 @@ spec: secret: secretName: golang-external-secrets-webhook --- +# Source: golang-external-secrets/templates/golang-external-secrets-hub-presync.yaml +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + argocd.argoproj.io/hook: PreSync + name: job-wait-for-vault + # By placing the job in the vault namespace we can avoid dealing with RBACs + namespace: vault +spec: + template: + spec: + containers: + - image: image-registry.openshift-image-registry.svc:5000/openshift/cli:latest + command: + - /bin/bash + - -c + - | + oc wait --for=condition=Ready=true pods -n vault vault-0 --timeout=900s + name: wait-for-healthy-vault + dnsPolicy: ClusterFirst + restartPolicy: Never + serviceAccount: vault + serviceAccountName: vault + terminationGracePeriodSeconds: 60 +--- # Source: golang-external-secrets/templates/golang-external-secrets-hub-secretstore.yaml apiVersion: external-secrets.io/v1beta1 kind: ClusterSecretStore diff --git a/tests/all-medical-diagnosis-xray-init-industrial-edge-factory.expected.yaml b/tests/all-medical-diagnosis-xray-init-industrial-edge-factory.expected.yaml index b8cd50c3..d2f3f21a 100644 --- a/tests/all-medical-diagnosis-xray-init-industrial-edge-factory.expected.yaml +++ b/tests/all-medical-diagnosis-xray-init-industrial-edge-factory.expected.yaml @@ -12,6 +12,26 @@ data: #!/bin/bash oc create secret generic s3-secret-bck -n xraylab-1 --from-literal=AWS_ACCESS_KEY_ID=$(oc extract -n openshift-storage secret/rook-ceph-object-user-ocs-storagecluster-cephobjectstore-xraylab-1 --keys=AccessKey --to=-) --from-literal=AWS_SECRET_ACCESS_KEY=$(oc extract -n openshift-storage secret/rook-ceph-object-user-ocs-storagecluster-cephobjectstore-xraylab-1 --keys=SecretKey --to=-) --- +# Source: xray-init/templates/objectstore-user/cm-wait-for-objectstore.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: wait-for-objectstore + namespace: xraylab-1 + annotations: + argocd.argoproj.io/sync-wave: "-1" +data: + wait-for-objectstore.sh: | + #!/bin/bash + # Get ODF version + ODFMINV=$(oc get subs -n openshift-storage odf-operator -o jsonpath='{.status.currentCSV}' | cut -d '.' -f3 ) + if [[ ${ODFMINV} -lt 13 ]] + then + oc wait --for=jsonpath='{.status.phase}'=Connected cephobjectstore/ocs-storagecluster-cephobjectstore -n openshift-storage --timeout=100s + else + oc wait --for=jsonpath='{.status.phase}'=Ready cephobjectstore/ocs-storagecluster-cephobjectstore -n openshift-storage --timeout=100s + fi +--- # Source: xray-init/templates/s3-bucket-init/cm-s3-bucket-init.yaml kind: ConfigMap apiVersion: v1 @@ -134,6 +154,25 @@ rules: # Source: xray-init/templates/rbac/role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole +metadata: + name: view-odf-subs + annotations: + argocd.argoproj.io/hook: PreSync + argocd.argoproj.io/sync-wave: "-15" +rules: + - apiGroups: + - operators.coreos.com + resources: + - subs + - subscriptions + verbs: + - get + - list + - watch +--- +# Source: xray-init/templates/rbac/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole metadata: name: view-odf-objectstoreusers annotations: @@ -188,6 +227,24 @@ roleRef: # Source: xray-init/templates/rbac/rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding +metadata: + name: view-odf-subs-rb + annotations: + argocd.argoproj.io/hook: PreSync + argocd.argoproj.io/sync-wave: "-15" +subjects: +- kind: ServiceAccount + name: xraylab-1-sa + namespace: xraylab-1 + apiGroup: "" +roleRef: + kind: ClusterRole + name: view-odf-subs + apiGroup: rbac.authorization.k8s.io +--- +# Source: xray-init/templates/rbac/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding metadata: name: view-odf-storageclusters annotations: @@ -406,8 +463,17 @@ spec: - /bin/bash - -c - | - oc wait --for=jsonpath='{.status.phase}'=Connected cephobjectstore/ocs-storagecluster-cephobjectstore -n openshift-storage --timeout=900s + '/tmp/wait-for-objectstore.sh' name: wait-odf-cephobjectstore-complete + volumeMounts: + - mountPath: /tmp/wait-for-objectstore.sh + name: wait-for-objectstore + subPath: wait-for-objectstore.sh + volumes: + - name: wait-for-objectstore + configMap: + name: wait-for-objectstore + defaultMode: 0755 dnsPolicy: ClusterFirst restartPolicy: Never serviceAccount: xraylab-1-sa diff --git a/tests/all-medical-diagnosis-xray-init-industrial-edge-hub.expected.yaml b/tests/all-medical-diagnosis-xray-init-industrial-edge-hub.expected.yaml index b8cd50c3..d2f3f21a 100644 --- a/tests/all-medical-diagnosis-xray-init-industrial-edge-hub.expected.yaml +++ b/tests/all-medical-diagnosis-xray-init-industrial-edge-hub.expected.yaml @@ -12,6 +12,26 @@ data: #!/bin/bash oc create secret generic s3-secret-bck -n xraylab-1 --from-literal=AWS_ACCESS_KEY_ID=$(oc extract -n openshift-storage secret/rook-ceph-object-user-ocs-storagecluster-cephobjectstore-xraylab-1 --keys=AccessKey --to=-) --from-literal=AWS_SECRET_ACCESS_KEY=$(oc extract -n openshift-storage secret/rook-ceph-object-user-ocs-storagecluster-cephobjectstore-xraylab-1 --keys=SecretKey --to=-) --- +# Source: xray-init/templates/objectstore-user/cm-wait-for-objectstore.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: wait-for-objectstore + namespace: xraylab-1 + annotations: + argocd.argoproj.io/sync-wave: "-1" +data: + wait-for-objectstore.sh: | + #!/bin/bash + # Get ODF version + ODFMINV=$(oc get subs -n openshift-storage odf-operator -o jsonpath='{.status.currentCSV}' | cut -d '.' -f3 ) + if [[ ${ODFMINV} -lt 13 ]] + then + oc wait --for=jsonpath='{.status.phase}'=Connected cephobjectstore/ocs-storagecluster-cephobjectstore -n openshift-storage --timeout=100s + else + oc wait --for=jsonpath='{.status.phase}'=Ready cephobjectstore/ocs-storagecluster-cephobjectstore -n openshift-storage --timeout=100s + fi +--- # Source: xray-init/templates/s3-bucket-init/cm-s3-bucket-init.yaml kind: ConfigMap apiVersion: v1 @@ -134,6 +154,25 @@ rules: # Source: xray-init/templates/rbac/role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole +metadata: + name: view-odf-subs + annotations: + argocd.argoproj.io/hook: PreSync + argocd.argoproj.io/sync-wave: "-15" +rules: + - apiGroups: + - operators.coreos.com + resources: + - subs + - subscriptions + verbs: + - get + - list + - watch +--- +# Source: xray-init/templates/rbac/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole metadata: name: view-odf-objectstoreusers annotations: @@ -188,6 +227,24 @@ roleRef: # Source: xray-init/templates/rbac/rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding +metadata: + name: view-odf-subs-rb + annotations: + argocd.argoproj.io/hook: PreSync + argocd.argoproj.io/sync-wave: "-15" +subjects: +- kind: ServiceAccount + name: xraylab-1-sa + namespace: xraylab-1 + apiGroup: "" +roleRef: + kind: ClusterRole + name: view-odf-subs + apiGroup: rbac.authorization.k8s.io +--- +# Source: xray-init/templates/rbac/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding metadata: name: view-odf-storageclusters annotations: @@ -406,8 +463,17 @@ spec: - /bin/bash - -c - | - oc wait --for=jsonpath='{.status.phase}'=Connected cephobjectstore/ocs-storagecluster-cephobjectstore -n openshift-storage --timeout=900s + '/tmp/wait-for-objectstore.sh' name: wait-odf-cephobjectstore-complete + volumeMounts: + - mountPath: /tmp/wait-for-objectstore.sh + name: wait-for-objectstore + subPath: wait-for-objectstore.sh + volumes: + - name: wait-for-objectstore + configMap: + name: wait-for-objectstore + defaultMode: 0755 dnsPolicy: ClusterFirst restartPolicy: Never serviceAccount: xraylab-1-sa diff --git a/tests/all-medical-diagnosis-xray-init-medical-diagnosis-hub.expected.yaml b/tests/all-medical-diagnosis-xray-init-medical-diagnosis-hub.expected.yaml index b8cd50c3..d2f3f21a 100644 --- a/tests/all-medical-diagnosis-xray-init-medical-diagnosis-hub.expected.yaml +++ b/tests/all-medical-diagnosis-xray-init-medical-diagnosis-hub.expected.yaml @@ -12,6 +12,26 @@ data: #!/bin/bash oc create secret generic s3-secret-bck -n xraylab-1 --from-literal=AWS_ACCESS_KEY_ID=$(oc extract -n openshift-storage secret/rook-ceph-object-user-ocs-storagecluster-cephobjectstore-xraylab-1 --keys=AccessKey --to=-) --from-literal=AWS_SECRET_ACCESS_KEY=$(oc extract -n openshift-storage secret/rook-ceph-object-user-ocs-storagecluster-cephobjectstore-xraylab-1 --keys=SecretKey --to=-) --- +# Source: xray-init/templates/objectstore-user/cm-wait-for-objectstore.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: wait-for-objectstore + namespace: xraylab-1 + annotations: + argocd.argoproj.io/sync-wave: "-1" +data: + wait-for-objectstore.sh: | + #!/bin/bash + # Get ODF version + ODFMINV=$(oc get subs -n openshift-storage odf-operator -o jsonpath='{.status.currentCSV}' | cut -d '.' -f3 ) + if [[ ${ODFMINV} -lt 13 ]] + then + oc wait --for=jsonpath='{.status.phase}'=Connected cephobjectstore/ocs-storagecluster-cephobjectstore -n openshift-storage --timeout=100s + else + oc wait --for=jsonpath='{.status.phase}'=Ready cephobjectstore/ocs-storagecluster-cephobjectstore -n openshift-storage --timeout=100s + fi +--- # Source: xray-init/templates/s3-bucket-init/cm-s3-bucket-init.yaml kind: ConfigMap apiVersion: v1 @@ -134,6 +154,25 @@ rules: # Source: xray-init/templates/rbac/role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole +metadata: + name: view-odf-subs + annotations: + argocd.argoproj.io/hook: PreSync + argocd.argoproj.io/sync-wave: "-15" +rules: + - apiGroups: + - operators.coreos.com + resources: + - subs + - subscriptions + verbs: + - get + - list + - watch +--- +# Source: xray-init/templates/rbac/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole metadata: name: view-odf-objectstoreusers annotations: @@ -188,6 +227,24 @@ roleRef: # Source: xray-init/templates/rbac/rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding +metadata: + name: view-odf-subs-rb + annotations: + argocd.argoproj.io/hook: PreSync + argocd.argoproj.io/sync-wave: "-15" +subjects: +- kind: ServiceAccount + name: xraylab-1-sa + namespace: xraylab-1 + apiGroup: "" +roleRef: + kind: ClusterRole + name: view-odf-subs + apiGroup: rbac.authorization.k8s.io +--- +# Source: xray-init/templates/rbac/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding metadata: name: view-odf-storageclusters annotations: @@ -406,8 +463,17 @@ spec: - /bin/bash - -c - | - oc wait --for=jsonpath='{.status.phase}'=Connected cephobjectstore/ocs-storagecluster-cephobjectstore -n openshift-storage --timeout=900s + '/tmp/wait-for-objectstore.sh' name: wait-odf-cephobjectstore-complete + volumeMounts: + - mountPath: /tmp/wait-for-objectstore.sh + name: wait-for-objectstore + subPath: wait-for-objectstore.sh + volumes: + - name: wait-for-objectstore + configMap: + name: wait-for-objectstore + defaultMode: 0755 dnsPolicy: ClusterFirst restartPolicy: Never serviceAccount: xraylab-1-sa diff --git a/tests/all-medical-diagnosis-xray-init-naked.expected.yaml b/tests/all-medical-diagnosis-xray-init-naked.expected.yaml index 8e5e54f7..255c04b3 100644 --- a/tests/all-medical-diagnosis-xray-init-naked.expected.yaml +++ b/tests/all-medical-diagnosis-xray-init-naked.expected.yaml @@ -12,6 +12,26 @@ data: #!/bin/bash oc create secret generic s3-secret-bck -n xraylab-1 --from-literal=AWS_ACCESS_KEY_ID=$(oc extract -n openshift-storage secret/rook-ceph-object-user-ocs-storagecluster-cephobjectstore-xraylab-1 --keys=AccessKey --to=-) --from-literal=AWS_SECRET_ACCESS_KEY=$(oc extract -n openshift-storage secret/rook-ceph-object-user-ocs-storagecluster-cephobjectstore-xraylab-1 --keys=SecretKey --to=-) --- +# Source: xray-init/templates/objectstore-user/cm-wait-for-objectstore.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: wait-for-objectstore + namespace: xraylab-1 + annotations: + argocd.argoproj.io/sync-wave: "-1" +data: + wait-for-objectstore.sh: | + #!/bin/bash + # Get ODF version + ODFMINV=$(oc get subs -n openshift-storage odf-operator -o jsonpath='{.status.currentCSV}' | cut -d '.' -f3 ) + if [[ ${ODFMINV} -lt 13 ]] + then + oc wait --for=jsonpath='{.status.phase}'=Connected cephobjectstore/ocs-storagecluster-cephobjectstore -n openshift-storage --timeout=100s + else + oc wait --for=jsonpath='{.status.phase}'=Ready cephobjectstore/ocs-storagecluster-cephobjectstore -n openshift-storage --timeout=100s + fi +--- # Source: xray-init/templates/s3-bucket-init/cm-s3-bucket-init.yaml kind: ConfigMap apiVersion: v1 @@ -134,6 +154,25 @@ rules: # Source: xray-init/templates/rbac/role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole +metadata: + name: view-odf-subs + annotations: + argocd.argoproj.io/hook: PreSync + argocd.argoproj.io/sync-wave: "-15" +rules: + - apiGroups: + - operators.coreos.com + resources: + - subs + - subscriptions + verbs: + - get + - list + - watch +--- +# Source: xray-init/templates/rbac/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole metadata: name: view-odf-objectstoreusers annotations: @@ -188,6 +227,24 @@ roleRef: # Source: xray-init/templates/rbac/rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding +metadata: + name: view-odf-subs-rb + annotations: + argocd.argoproj.io/hook: PreSync + argocd.argoproj.io/sync-wave: "-15" +subjects: +- kind: ServiceAccount + name: xraylab-1-sa + namespace: xraylab-1 + apiGroup: "" +roleRef: + kind: ClusterRole + name: view-odf-subs + apiGroup: rbac.authorization.k8s.io +--- +# Source: xray-init/templates/rbac/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding metadata: name: view-odf-storageclusters annotations: @@ -406,8 +463,17 @@ spec: - /bin/bash - -c - | - oc wait --for=jsonpath='{.status.phase}'=Connected cephobjectstore/ocs-storagecluster-cephobjectstore -n openshift-storage --timeout=900s + '/tmp/wait-for-objectstore.sh' name: wait-odf-cephobjectstore-complete + volumeMounts: + - mountPath: /tmp/wait-for-objectstore.sh + name: wait-for-objectstore + subPath: wait-for-objectstore.sh + volumes: + - name: wait-for-objectstore + configMap: + name: wait-for-objectstore + defaultMode: 0755 dnsPolicy: ClusterFirst restartPolicy: Never serviceAccount: xraylab-1-sa diff --git a/tests/all-medical-diagnosis-xray-init-normal.expected.yaml b/tests/all-medical-diagnosis-xray-init-normal.expected.yaml index b8cd50c3..d2f3f21a 100644 --- a/tests/all-medical-diagnosis-xray-init-normal.expected.yaml +++ b/tests/all-medical-diagnosis-xray-init-normal.expected.yaml @@ -12,6 +12,26 @@ data: #!/bin/bash oc create secret generic s3-secret-bck -n xraylab-1 --from-literal=AWS_ACCESS_KEY_ID=$(oc extract -n openshift-storage secret/rook-ceph-object-user-ocs-storagecluster-cephobjectstore-xraylab-1 --keys=AccessKey --to=-) --from-literal=AWS_SECRET_ACCESS_KEY=$(oc extract -n openshift-storage secret/rook-ceph-object-user-ocs-storagecluster-cephobjectstore-xraylab-1 --keys=SecretKey --to=-) --- +# Source: xray-init/templates/objectstore-user/cm-wait-for-objectstore.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: wait-for-objectstore + namespace: xraylab-1 + annotations: + argocd.argoproj.io/sync-wave: "-1" +data: + wait-for-objectstore.sh: | + #!/bin/bash + # Get ODF version + ODFMINV=$(oc get subs -n openshift-storage odf-operator -o jsonpath='{.status.currentCSV}' | cut -d '.' -f3 ) + if [[ ${ODFMINV} -lt 13 ]] + then + oc wait --for=jsonpath='{.status.phase}'=Connected cephobjectstore/ocs-storagecluster-cephobjectstore -n openshift-storage --timeout=100s + else + oc wait --for=jsonpath='{.status.phase}'=Ready cephobjectstore/ocs-storagecluster-cephobjectstore -n openshift-storage --timeout=100s + fi +--- # Source: xray-init/templates/s3-bucket-init/cm-s3-bucket-init.yaml kind: ConfigMap apiVersion: v1 @@ -134,6 +154,25 @@ rules: # Source: xray-init/templates/rbac/role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole +metadata: + name: view-odf-subs + annotations: + argocd.argoproj.io/hook: PreSync + argocd.argoproj.io/sync-wave: "-15" +rules: + - apiGroups: + - operators.coreos.com + resources: + - subs + - subscriptions + verbs: + - get + - list + - watch +--- +# Source: xray-init/templates/rbac/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole metadata: name: view-odf-objectstoreusers annotations: @@ -188,6 +227,24 @@ roleRef: # Source: xray-init/templates/rbac/rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding +metadata: + name: view-odf-subs-rb + annotations: + argocd.argoproj.io/hook: PreSync + argocd.argoproj.io/sync-wave: "-15" +subjects: +- kind: ServiceAccount + name: xraylab-1-sa + namespace: xraylab-1 + apiGroup: "" +roleRef: + kind: ClusterRole + name: view-odf-subs + apiGroup: rbac.authorization.k8s.io +--- +# Source: xray-init/templates/rbac/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding metadata: name: view-odf-storageclusters annotations: @@ -406,8 +463,17 @@ spec: - /bin/bash - -c - | - oc wait --for=jsonpath='{.status.phase}'=Connected cephobjectstore/ocs-storagecluster-cephobjectstore -n openshift-storage --timeout=900s + '/tmp/wait-for-objectstore.sh' name: wait-odf-cephobjectstore-complete + volumeMounts: + - mountPath: /tmp/wait-for-objectstore.sh + name: wait-for-objectstore + subPath: wait-for-objectstore.sh + volumes: + - name: wait-for-objectstore + configMap: + name: wait-for-objectstore + defaultMode: 0755 dnsPolicy: ClusterFirst restartPolicy: Never serviceAccount: xraylab-1-sa