Reset common #117
Merged
Reset common #117
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
mbaldessari
commented
Sep 5, 2024
mbaldessari
commented
- feat: add support for hive clusterdeployments creating spokes
- test: regenerated tests after clusterdeployment commit
- test: updated test-cased and regeneated expectations
- chore: added annotations controling gitops and fail for missing meta for clusterdeployments
- chore: removed managedclusterset spec
- New global scope argocdServer section for values-global.yaml
- Improve readme for ACM IIB
- Drop gitopsspec from pattern's CR
- Allow customizing the VP operator subscription
- Add retries when checking oc version
- Add an imperative-admin-sa service account
- Added support to label/annotate nodes
- Added support to enable user workloads in control plane nodes
- Added full support for the scheduler
- Simplified PR for auto approve install plans
- Switch to registry.redhat.io for the initContainer image
- Update for ACM chart to application-policies.yaml
- Add extraParameters to values.schema.json
- Update ESO to 0.9.18
- Update vault to 1.16.2
- Feat: Followup to definition of extraParameters under the main section of a values file.
- Use golang-external-secrets for the acm hub-ca bits
- Only do the acm hub ca policy when vault is the backend
- fix: when using clusterdeployments, secrets should exist in the cluster-namespace
- Force rolebindings as early as possible
- bug: Invalid OperatorGroup generated when ommitting targetNamespaces
- Fix CI issue
- Actually use adminServiceAccountName for the auto approve job
- Make sure that the if condition on chart split is not always true
- Bump super-linter from 5 to 6
- Drop some validations for now
- Add some debugging to the chart split action
- Use a specific git version when running git subtree split
- Release clustergroup v0.8.6
- Add a sudo to apt-get command
- Add some READMEs in the individual charts
- Fix super-linter issues and upgrade local super-linter target
- Skip unreachable spokes when setting up vault
- Add no_log to spokes initialization task
- Drop initContainers variable and make it the default
- Update tests after dropping initContainers
- Release clustergroup v0.8.7
- Upgrade ESO to v0.9.19
- Update helm version in CI to 3.14.0
- Drop imperative.initcontainers.gitinit
- Have unseal work whenever we specifiy HEAD
- make resourceExclusion configurable
- Update tests after upgrading resourceExclusions tweak
- Make resourcehealthchecks configurable
- Update tests after upgrading resourceHealthChecks change
- Do not quote $BRANCH variable
- Fix initcontainer race on spokes
- Release clustergroup v0.8.8
- configure annotation based resource tracking
- Drop imperative.volumes and imperative.volumemounts
- Properly quote vault kv command
- Make HUB work when spokes point to in hub cluster gitea
- update tests
- ACM chart version 0.0.2
- golang-external-secrets chart version 0.0.4
- hashicorp-vault chart version 0.0.2
- Implement multi-source
- Add tests for proper multisource support on spokes
- Release clustergroup v0.8.9
- Fix multisource indent error
- Release clustergroup v0.8.10
- Release acm v0.0.3
- Fix missing chart field
- Release acm v0.0.4
- Update chart versions
- Update vault-helm to v0.28.1 and vault to 1.17.2
- Update ESO to 0.9.20
- Release new hashicorp-vault and golang-external-secrets charts
- Add Ansible playbook
- Put the playbook in a more normal location for us
- Exclude new playbook
- Allow for choice in where file is written
- Fix pki bind mount when using podman machine
- Allow originRepo to be set via make install and main.git parameters
- resolves jira: mbp-252 fixes #21 rag-llm-gitops
- Fix vars that were erroneously dropped
- Allow more flexibility with multiSourceConfig schema
- Inject VALUES_SECRET env var
- Add helmRepoUrl variable
- Update letsencrypt to v0.1.1
- Allow overriding gitops source on spokes
- Update acm chart to v0.1.1
- Update clustergroup chart to 0.8.11
- Extend the schema for disconnected
- Update clustergroup chart to 0.8.12
- Update super-linter to v7
- Fix action path
- Fix action path v2
- Upgrade ESO to v0.10.0
- Upgrade vault to 1.17.3
- Update hashicorp-vault to 0.1.2
- Update golang-external-secrets to 0.1.2
- Switch to gitops-1.13
- Add a pushsecrets policy and vault path for ESO syncing
- Fix PyInk warnings
- Removed previous version of common to convert to subtree from https://github.com/validatedpatterns/common.git main
- Update tests after common rebase
Co-authored-by: Alejandro Villegas <alex.ansi.c@gmail.com> Signed-off-by: Tomer Figenblat <tfigenbl@redhat.com>
Co-authored-by: Alejandro Villegas <alex.ansi.c@gmail.com> Signed-off-by: Tomer Figenblat <tfigenbl@redhat.com>
Co-authored-by: Alejandro Villegas <alex.ansi.c@gmail.com> Signed-off-by: Tomer Figenblat <tfigenbl@redhat.com>
…for clusterdeployments Signed-off-by: Tomer Figenblat <tfigenbl@redhat.com>
Signed-off-by: Tomer Figenblat <tfigenbl@redhat.com>
- Added new section for to configure the ArgoCD server to support tls
argocdServer:
route:
tls:
insecureEdgeTerminationPolicy: Redirect
termination: reencrypt
- Default for ArgoCD is to create route with the following:
route: enabled
tls:
insecureEdgeTerminationPolicy: Redirect
termination: passthrough
For more information please refer to https://issues.redhat.com/browse/GITOPS-3918.
- Changed default value for termination
Improve readme for ACM IIB
New global scope argocdServer section for values-global.yaml
We drive this from the patterns-operator-config configmap these days, which makes more sense (it is a clusterwide setting and not really a per pattern one).
Tested with:
❯ helm template operator-install --show-only templates/subscription.yaml --set main.patternsOperator.installPlanApproval=Manual
---
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: patterns-operator
namespace: openshift-operators
labels:
operators.coreos.com/patterns-operator.openshift-operators: ""
spec:
channel: fast
installPlanApproval: Manual
name: patterns-operator
source: community-operators
sourceNamespace: openshift-marketplace
❯ helm template operator-install --show-only templates/subscription.yaml --set main.patternsOperator.installPlanApproval=Manual --set main.patternsOperator.startingCSV=1.2.3
---
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: patterns-operator
namespace: openshift-operators
labels:
operators.coreos.com/patterns-operator.openshift-operators: ""
spec:
channel: fast
installPlanApproval: Manual
name: patterns-operator
source: community-operators
sourceNamespace: openshift-marketplace
startingCSV: 1.2.3
Drop gitopsspec from pattern's CR
Allow customizing the VP operator subscription
Add retries when checking oc version
Add an imperative-admin-sa service account
This makes the registry url more consistent with what we already use (e.g. in the imperative templates)
Switch to registry.redhat.io for the initContainer image
- If statement was checking for .Values.global.extraValueFiles.
- We now checking at the .extraValueFiles in the managedClusterGroups section.
managedClusterGroups:
aro-prod:
name: innovation
acmlabels:
- name: clusterGroup
value: innovation
extraValueFiles:
- '/overrides/values-common-capabilities.yaml'
helmOverrides:
- name: clusterGroup.isHubCluster
value: "false"
Update for ACM chart to application-policies.yaml
- Problem Statement
The current **clustergroup** schema does not allow the definition of **extraParameters** under the **main** section of a values file.
- Caveat
The user defined variables in the **extraParameters** section would only be applied if the user deploys the pattern via the command, using `./pattern.sh make install` or `./pattern.sh make operator-deploy` and not via the OpenShift Validated Patterns Operator UI.
- Fix Description
Add the **extraParameters** to the definition of **Main.properties** in the values.schema.json:
"extraParameters": {
"type": "array",
"description": "Pass in extra Helm parameters to all ArgoCD Applications and the framework."
},
- This will allow users to define extra parameters that will be added by the framework to the ArgoCD applications it creates.
- For more information see validatedpatterns/common#510
Add extraParameters to values.schema.json
Update ESO to 0.9.18
Update letsencrypt to v0.1.1
This is needed on spokes when installing in a disconnected environment
A couple of small updated and new releases
Extend the schema for disconnected
Update clustergroup chart to 0.8.12
Update super-linter to v7
Upgrade ESO to v0.10.0
Upgrade vault to 1.17.3
Release new hashicorp-vault and golang-external-secrets charts
It is supported all the way back to OCP 4.12 Tested on sno hub + spoke successfully
Switch to gitops-1.13
See the README for more details, but TLDR: you can use
`secret/pushsecrets` to push secrets from any node to the vault.
This secret can then be retrieved from either a different namespace
or a different cluster node.
Tested this with a pushsecret as follows:
```
apiVersion: external-secrets.io/v1alpha1
kind: PushSecret
metadata:
name: pushsecret
namespace: hello-world
spec:
data:
- conversionStrategy: None
match:
remoteRef:
property: baz
remoteKey: pushsecrets/testme
secretKey: bar
deletionPolicy: Delete
refreshInterval: 10s
secretStoreRefs:
- kind: ClusterSecretStore
name: vault-backend
selector:
secret:
name: existing-secret
updatePolicy: Replace
```
The above takes the property called `baz` of an existing secret called `existing-secret` in
the `hello-world` namespace and pushes it to the `secret/pushsecrets/testme` vault path.
Suggested-By: Chris Butler <chbutler@redhat.com>
Closes: MBP-641
Add a pushsecrets policy and vault path for ESO syncing
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.