common automatic update #101
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
mbaldessari
commented
Jan 15, 2024
mbaldessari
commented
- Preview a chart based on the current k8s cluster
- Handle explcit value files
- Add ability to read overrides
- Clean up tests after 7cda9c4
- Add preview-all and remove some spurious stdout output
- All prototype preview-all and silence some output
- Avoid nonhubCluster + hubCluster naming for ESO
- Update for new configmanagement plugin feature
- Remove obsolete comment and update tests
- Update schema
- Require plugin.yaml
- Add tmpdir to sidecar mounts
- True up to test code
- Use nindent as appropriate
- Remove stray files
- Plugin config is plugin.yaml
- Remove now-obsolete kustomize-renderer example
- Allow pluginArgs to be set and add schema
- Remove redundancy
- Revert "Remove now-obsolete kustomize-renderer example"
- Remove legacy configManagementPlugins support
- Add configManagementPlugins to tests for industrial edge
- Clustergroup 0.0.5
- Small whitespace test
- Stop referencing remote actions via @main. Use a specific commit
- Updated ESO to v0.9.9
- Updated vault-helm to v0.27.0
- Prevent ArgoCD from writing ESO CRs to clusters that need full support
- Fix whitespaces
- Release clustergroup v0.8.0
- Document preview limitations
- Add support for private repos
- Amend tests
- Check for rc attribute to exist
- Upgrade default imperative image
- Release clustergroup v0.8.1
- Update pattern operator CRD
- Update CRD from the operator
- Bump actions/setup-python from 4 to 5
- Release clustergroup v0.8.2
- Update CRD from the operator
- Small clarification in IIB
- Switch imageDigestMirrors to AllowContactingSource
- Upgrade ESO to v0.9.10
- Add initial support for deploying private repos via CLI directly
- Add support for private repo deployments via CLI
- Fix placement of tokenSecret material
- Fix placement of tokenSecret material in the right section
- Upgrade ESO to v0.9.11
- Make the container to run with the UID and GID of the user running pattern.sh
- Error out nicely if podman is not present
- Account for podman versions older than 4.3.0
- Update tests after common rebase
As mentioned in https://github.com/validatedpatterns/common/pull/391/files#r1391948610 prefer naming that is not related to to the "hub" concept, which hopefuly will disappear one day in the future.
Avoid nonhubCluster + hubCluster naming for ESO
This reverts commit 34a17d3.
Update ConfigManagementPlugins handling
Clustergroup 0.0.5
Small whitespace test
Reason is that even though we've updated workflows in helm-chart, the charts seem to still reference the an old commit: validatedpatterns/helm-charts/.github/workflows/helmlint.yml@refs/tags/main (ee7ec78f30b8f72463633b781527dfa186d3e980)
…ons/actions/setup-python-5 Bump actions/setup-python from 4 to 5
Private repo support
Release clustergroup v0.8.2
Update CRD from the operator
Small clarification in IIB
Currently when we load a preview operator via the IIB mechanism we redirect all images making up the operator bundle to the cluster-internal registry. This is all fine and well, except these redirects (done via an ImageDigestMirrorSet) are based on image names without any specific hashes. (This is because OCP won't allow you to specify hashes). The problem arises when there is a prerelease operator which includes an image that is used by the other non-prerelease operators. So if AAP prerelease uses the image "registry.redhat.io/public/redis-6" we redirect all these redis 6 images towards the internal registry. But if another operator needs the redis-6 image with a hash that is not the exact same that is used by AAP prerelease, it will be unable to find it on the internal registry because we never uploaded it. This is an example error: 2023-12-13 07:18:06,216 INFO Warning Failed 64m (x6 over 66m) kubelet Error: ImagePullBackOff 2023-12-13 07:18:06,216 INFO Normal BackOff 83s (x286 over 66m) kubelet Back-off pulling image "registry.redhat.io/rhel8/redis-6@sha256:edbd40185ed8c20ee61ebdf9f2e1e1d7594598fceff963b4dee3201472d6deda" And this is a relevant /etc/containers/registries.conf : [[registry]] prefix = "" location = "registry.redhat.io/rhel8/redis-6" blocked = true [[registry.mirror]] location = "default-route-openshift-image-registry.apps.mcg-hub.blueprints.rhecoeng.com/openshift-marketplace/redis-6" insecure = true pull-from-mirror = "digest-only" If we change the `mirrorSourcePolicy` from `NeverContactSource` to `AllowContactingSource` we actually avoid this problem entirely. OCP will try to pull the images from both the internal registry and the original source and use the one it was able to find. Tested both on AAP and Gitops prerelease and both deployed correctly which was not the case before.
Switch imageDigestMirrors to AllowContactingSource
Upgrade ESO to v0.9.10
Tested with:
export EXTRA_HELM_OPTS="--set main.tokenSecret=private-repo --set main.tokenSecretNamespace=openshift-operators"
./pattern.sh make install
Note that this is currently only working with https URLs because we have
logic in the Makefile to rewrite ssh-based git URLs into https ones.
Add initial support for deploying private repos via CLI directly
A normal non-private deployment:
./pattern.sh make show
helm template common/operator-install/ --name-template multicloud-gitops -f values-global.yaml --set main.git.repoURL="https://github.com/mbaldessari/multicloud-gitops.git" --set main.git.revision=private-repo-cli
...
apiVersion: gitops.hybrid-cloud-patterns.io/v1alpha1
kind: Pattern
metadata:
name: multicloud-gitops
namespace: openshift-operators
spec:
clusterGroupName: hub
gitSpec:
targetRepo: https://github.com/mbaldessari/multicloud-gitops.git
targetRevision: private-repo-cli
gitOpsSpec:
operatorChannel: gitops-1.8
operatorSource: redhat-operators
multiSourceConfig:
enabled: true
When we set the TOKEN_SECRET AND TOKEN_NAMESPACE env variables:
./pattern.sh make TOKEN_SECRET=foo TOKEN_NAMESPACE=bar show
helm template common/operator-install/ --name-template multicloud-gitops -f values-global.yaml --set main.tokenSecret=foo --set main.tokenSecretNamespace=bar --set main.git.repoURL="git@github.com:mbaldessari/multicloud-gitops.git" --set main.git.revision=private-repo-cli
...
apiVersion: gitops.hybrid-cloud-patterns.io/v1alpha1
kind: Pattern
metadata:
name: multicloud-gitops
namespace: openshift-operators
spec:
clusterGroupName: hub
gitSpec:
targetRepo: git@github.com:mbaldessari/multicloud-gitops.git
targetRevision: private-repo-cli
gitOpsSpec:
operatorChannel: gitops-1.8
operatorSource: redhat-operators
multiSourceConfig:
enabled: true
tokenSecret: foo
tokenSecretNamespace: bar
In the latter case we do not rewrite the URL as it might an ssh-based
one.
Add support for private repo deployments via CLI
Fix placement of tokenSecret material
Fix placement of tokenSecret material in the right section
Upgrade ESO to v0.9.11
…ttern.sh This allows us to drop the /root bind mount and it will also show any errors related to paths in the proper folder. E.g. any permission problem of KUBECONFIG files won't be shown as /root/kubeconfig (inside the container) but as the proper path inside the /home folder. Tested on F38, F39, RHEL8.9 and RHEL9.2
If podman is not installed we get the following unfriendly output: [michele@rhel1]~/multicloud-gitops% ./pattern.sh ./pattern.sh: line 10: podman: command not found ./pattern.sh: line 10: podman: command not found ./pattern.sh: line 32: podman: command not found Let's bail out and have a generic function to check for that in case we need to add other requirements
Fixes and cleanups
The addition of --userns keep-id:uid=...,gid=... is supported only on podman versions >= 4.3.0 [1] If we have an older version, let's just keep the same logic as before. [1] https://github.com/containers/podman/blob/main/troubleshooting.md#39-podman-run-fails-with-error-unrecognized-namespace-mode-keep-iduid1000gid1000-passed
Account for podman versions older than 4.3.0
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.