Update Common

common/acm/templates/_helpers.tpl

@@ -0,0 +1,13 @@
+{{/*
+Default always defined valueFiles to be included when pushing the cluster wide argo application via acm
+*/}}
+{{- define "acm.app.policies.valuefiles" -}}
+- "/values-global.yaml"
+- "/values-{{ .name }}.yaml"
+- '/values-{{ `{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}` }}.yaml'
+- '/values-{{ `{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}` }}-{{ `{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}` }}.yaml'
+- '/values-{{ `{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}` }}-{{ .name }}.yaml'
+# We cannot use $.Values.global.clusterVersion because that gets resolved to the
+# hub's cluster version, whereas we want to include the spoke cluster version
+- '/values-{{ `{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}` }}-{{ .name }}.yaml'
+{{- end }} {{- /*acm.app.policies.valuefiles */}}

common/acm/templates/policies/application-policies.yaml

@@ -43,14 +43,7 @@ spec:
  helm:
  ignoreMissingValueFiles: true
  valueFiles:
- - "/values-global.yaml"
- - "/values-{{ .name }}.yaml"
- - '/values-{{ `{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}` }}.yaml'
- - '/values-{{ `{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}` }}-{{ `{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}` }}.yaml'
- - '/values-{{ `{{ (lookup "config.openshift.io/v1" "Infrastructure" "" "cluster").spec.platformSpec.type }}` }}-{{ .name }}.yaml'
- # We cannot use $.Values.global.clusterVersion because that gets resolved to the
- # hub's cluster version, whereas we want to include the spoke cluster version
- - '/values-{{ `{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}` }}-{{ .name }}.yaml'
+ {{- include "acm.app.policies.valuefiles" . | nindent 24 }}
  {{- range $valueFile := .extraValueFiles }}
  - {{ $valueFile | quote }}
  {{- end }}

common/acm/templates/provision/_install-config.tpl

@@ -24,7 +24,10 @@ controlPlane:
  name: controlPlane
  {{- if .controlPlane }}
  replicas: {{ default 3 .controlPlane.count }}
- platform: {{- .controlPlane.platform | toPrettyJson }}
+ {{- if .controlPlane.platform }}
+ platform:
+ {{- toYaml .controlPlane.platform | nindent 4 }}
+ {{- end }}
  {{- else }}
  replicas: 3
  platform:
@@ -36,8 +39,11 @@ compute:
  architecture: amd64
  name: 'worker'
  {{- if .workers }}
- replicas: {{ default 3 .workers.count }}
- platform: {{- .workers.platform | toPrettyJson }}
+ replicas: {{ default 0 .workers.count }}
+ {{- if .workers.platform }}
+ platform:
+ {{- toYaml .workers.platform | nindent 4 }}
+ {{- end }}
  {{- else }}
  replicas: 3
  platform:
@@ -50,10 +56,11 @@ networking:
  hostPrefix: 23
  machineNetwork:
  - cidr: 10.0.0.0/16
- networkType: OpenShiftSDN
+ networkType: OVNKubernetes
  serviceNetwork:
  - 172.30.0.0/16
-platform: {{ .platform | toPrettyJson }}
+platform:
+{{- toYaml .platform | nindent 2 }}
 pullSecret: "" # skip, hive will inject based on it's secrets
 sshKey: "" # skip, hive will inject based on it's secrets
-{{- end -}}
+{{- end -}}

common/acm/templates/provision/clusterpool.yaml

@@ -19,6 +19,7 @@ spec:
 
 {{- $cloud := "None" }}
 {{- $region := "None" }}
+{{- $numClusters := 0 }}
 
 {{- if .platform.aws }}
 {{- $cloud = "aws" }}
@@ -28,6 +29,10 @@ spec:
 {{- $region = .platform.azure.region }}
 {{- end }}
 
+{{- if .clusters }}
+{{- $numClusters = len .clusters }}
+{{- end }}
+
 apiVersion: hive.openshift.io/v1
 kind: ClusterPool
 metadata:
@@ -44,14 +49,14 @@ spec:
  {{- if .size }}
  size: {{ .size }}
  {{- else }}
- size: {{ len .clusters }}
+ size: {{ $numClusters }}
  {{- end }}
- runningCount: {{ len .clusters }}
+ runningCount: {{ $numClusters }}
  baseDomain: {{ .baseDomain }}
  installConfigSecretTemplateRef:
  name: {{ $poolName }}-install-config 
  imageSetRef:
- name: img{{ .openshiftVersion }}-x86-64-appsub
+ name: img{{ .openshiftVersion }}-multi-appsub
  pullSecretRef:
  name: {{ $poolName }}-pull-secret
  skipMachinePools: true # Disable MachinePool as using custom install-config
@@ -65,13 +70,13 @@ spec:
 apiVersion: hive.openshift.io/v1
 kind: ClusterClaim
 metadata:
- name: '{{ . }}-{{ $group.name }}'
+ name: '{{ lower . }}-{{ lower $group.name }}'
  annotations:
  argocd.argoproj.io/sync-wave: "20"
  argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
  cluster.open-cluster-management.io/createmanagedcluster: "true"
  labels:
- clusterClaimName: {{ . }}-{{ $group.name }}
+ clusterClaimName: {{ lower . }}-{{ lower $group.name }}
  {{- if (not $group.acmlabels) }}
  clusterGroup: {{ $group.name }}
  {{- else if eq (len $group.acmlabels) 0 }}
@@ -82,7 +87,7 @@ metadata:
  {{- end }}
  {{- end }}
 spec:
- clusterPoolName: {{ $pool.name }}
+ clusterPoolName: {{ $poolName }}
 ---
 {{- end }}{{- /* range .range clusters */}}
 {{- end }}{{- /* range .clusterPools */}}

common/acm/values.yaml

@@ -6,7 +6,8 @@ global:
  pattern: none
  repoURL: none
  targetRevision: main
-
+ options:
+ applicationRetryLimit: 20
 
 clusterGroup:
  subscriptions:

common/ansible/roles/vault_utils/tasks/push_secrets.yaml

@@ -80,9 +80,12 @@
  register: encrypted
  failed_when: (encrypted.rc not in [0, 1])
 
+# When HOME is set we replace it with '~' in this debug message
+# because when run from inside the container the HOME is /pattern-home
+# which is confusing for users
 - name: Is found values secret file encrypted
  ansible.builtin.debug:
- msg: "Using {{ found_file }} to parse secrets"
+ msg: "Using {{ (lookup('env', 'HOME') | length > 0) | ternary(found_file | regex_replace('^' + lookup('env', 'HOME'), '~'), found_file) }} to parse secrets"
 
 - name: Set encryption bool fact
  no_log: true

common/ansible/roles/vault_utils/tasks/vault_spokes_init.yaml

@@ -182,8 +182,8 @@
  pod: "{{ vault_pod }}"
  command: >
  vault write auth/"{{ item.value['vault_path'] }}"/role/"{{ item.value['vault_path'] }}"-role
- bound_service_account_names="{{ external_secrets_ns }}"
- bound_service_account_namespaces="{{ external_secrets_sa }}"
+ bound_service_account_names="{{ external_secrets_sa }}"
+ bound_service_account_namespaces="{{ external_secrets_ns }}"
  policies="default,{{ vault_global_policy }}-secret,{{ item.value['vault_path'] }}-secret" ttl="{{ vault_spoke_ttl }}"
  loop: "{{ clusters_info | dict2items }}"
  when:

common/clustergroup/Chart.yaml

@@ -2,5 +2,5 @@ apiVersion: v2
 description: A Helm chart to create per-clustergroup ArgoCD applications and any required namespaces or subscriptions
 keywords:
 - pattern
-name: pattern-clustergroup
+name: clustergroup
 version: 0.0.1

common/clustergroup/templates/_helpers.tpl

@@ -0,0 +1,42 @@
+{{/*
+Default always defined top-level variables for helm charts
+*/}}
+{{- define "clustergroup.app.globalvalues.helmparameters" -}}
+- name: global.repoURL
+ value: $ARGOCD_APP_SOURCE_REPO_URL
+- name: global.targetRevision
+ value: $ARGOCD_APP_SOURCE_TARGET_REVISION
+- name: global.namespace
+ value: $ARGOCD_APP_NAMESPACE
+- name: global.pattern
+ value: {{ $.Values.global.pattern }}
+- name: global.clusterDomain
+ value: {{ $.Values.global.clusterDomain }}
+- name: global.clusterVersion
+ value: "{{ $.Values.global.clusterVersion }}"
+- name: global.clusterPlatform
+ value: "{{ $.Values.global.clusterPlatform }}"
+- name: global.hubClusterDomain
+ value: {{ $.Values.global.hubClusterDomain }}
+- name: global.localClusterDomain
+ value: {{ coalesce $.Values.global.localClusterDomain $.Values.global.hubClusterDomain }}
+{{- end }} {{/* clustergroup.globalvaluesparameters */}}
+
+
+{{/*
+Default always defined valueFiles to be included in Applications
+*/}}
+{{- define "clustergroup.app.globalvalues.valuefiles" -}}
+- "/values-global.yaml"
+- "/values-{{ $.Values.clusterGroup.name }}.yaml"
+{{- if $.Values.global.clusterPlatform }}
+- "/values-{{ $.Values.global.clusterPlatform }}.yaml"
+ {{- if $.Values.global.clusterVersion }}
+- "/values-{{ $.Values.global.clusterPlatform }}-{{ $.Values.global.clusterVersion }}.yaml"
+ {{- end }}
+- "/values-{{ $.Values.global.clusterPlatform }}-{{ $.Values.clusterGroup.name }}.yaml"
+{{- end }}
+{{- if $.Values.global.clusterVersion }}
+- "/values-{{ $.Values.global.clusterVersion }}-{{ $.Values.clusterGroup.name }}.yaml"
+{{- end }}
+{{- end }} {{/* clustergroup.app.globalvalues.valuefiles */}}

common/clustergroup/templates/plumbing/applications.yaml

@@ -57,10 +57,7 @@ spec:
  helm:
  ignoreMissingValueFiles: true
  valueFiles:
- - "values.yaml"
- {{- if $.Values.global.clusterVersion }}
- - "/values-{{ $.Values.global.clusterVersion }}-{{ $.Values.clusterGroup.name }}.yaml"
- {{- end }}
+ {{- include "clustergroup.app.globalvalues.valuefiles" $ | nindent 12 }}
  {{- range .extraValueFiles }}
  - {{ . | quote }}
  {{- end }}
@@ -69,24 +66,13 @@ spec:
  {{ `{{ values }}` }}
  {{- end }}
  parameters:
- - name: global.clusterDomain
- value: {{ $.Values.global.clusterDomain }}
- - name: global.clusterVersion
- value: "{{ $.Values.global.clusterVersion }}"
- - name: global.clusterPlatform
- value: "{{ $.Values.global.clusterPlatform }}"
- - name: global.hubClusterDomain
- value: {{ $.Values.global.hubClusterDomain }}
- - name: global.localClusterDomain
- value: {{ coalesce $.Values.global.localClusterDomain $.Values.global.hubClusterDomain }}
+ {{- include "clustergroup.app.globalvalues.helmparameters" $ | nindent 12 }}
  - name: global.repoURL
  value: {{ $.Values.global.repoURL }}
  - name: global.targetRevision
  value: {{ $.Values.global.targetRevision }}
  - name: global.namespace
  value: {{ $.Values.global.namespace }}
- - name: global.pattern
- value: {{ $.Values.global.pattern }}
  - name: clusterGroup.name
  value: {{ .Values.clusterGroup.name }}
  {{- range .extraHubClusterDomainFields }}
@@ -148,48 +134,19 @@ spec:
  chart: {{ .chart }}
  {{- else }}
  path: {{ .path }}
- {{- end }}
+ {{- end }}{{- /* if .chart */}}
  {{- if .plugin }}
  plugin: {{ .plugin | toPrettyJson }}
  {{- else if not .kustomize }}
  helm:
  ignoreMissingValueFiles: true
  valueFiles:
- - "/values-global.yaml"
- - "/values-{{ $.Values.clusterGroup.name }}.yaml"
- {{- if $.Values.global.clusterPlatform }}
- - "/values-{{ $.Values.global.clusterPlatform }}.yaml"
- {{- if $.Values.global.clusterVersion }}
- - "/values-{{ $.Values.global.clusterPlatform }}-{{ $.Values.global.clusterVersion }}.yaml"
- {{- end }}
- - "/values-{{ $.Values.global.clusterPlatform }}-{{ $.Values.clusterGroup.name }}.yaml"
- {{- end }}
- {{- if $.Values.global.clusterVersion }}
- - "/values-{{ $.Values.global.clusterVersion }}-{{ $.Values.clusterGroup.name }}.yaml"
- {{- end }}
+ {{- include "clustergroup.app.globalvalues.valuefiles" $ | nindent 6 }}
  {{- range $valueFile := .extraValueFiles }}
  - {{ $valueFile | quote }}
  {{- end }}
- # Watch the progress of https://issues.redhat.com/browse/GITOPS-891 and update accordingly
  parameters:
- - name: global.repoURL
- value: $ARGOCD_APP_SOURCE_REPO_URL
- - name: global.targetRevision
- value: $ARGOCD_APP_SOURCE_TARGET_REVISION
- - name: global.namespace
- value: $ARGOCD_APP_NAMESPACE
- - name: global.pattern
- value: {{ $.Values.global.pattern }}
- - name: global.clusterDomain
- value: {{ $.Values.global.clusterDomain }}
- - name: global.clusterVersion
- value: "{{ $.Values.global.clusterVersion }}"
- - name: global.clusterPlatform
- value: "{{ $.Values.global.clusterPlatform }}"
- - name: global.hubClusterDomain
- value: {{ $.Values.global.hubClusterDomain }}
- - name: global.localClusterDomain
- value: {{ coalesce $.Values.global.localClusterDomain $.Values.global.hubClusterDomain }}
+ {{- include "clustergroup.app.globalvalues.helmparameters" $ | nindent 8 }}
  {{- range .extraHubClusterDomainFields }}
  - name: {{ . }}
  value: {{ $.Values.global.hubClusterDomain }}
@@ -221,18 +178,18 @@ spec:
  {{- range .overrides }}
  - name: {{ .name }}
  value: {{ .value | quote }}
- {{- if .forceString }}
+  {{- if .forceString }}
  forceString: true
- {{- end }}
- {{- end }}
+  {{- end }}
+ {{- end }}{{- /* range .overrides */}}
  {{- if .fileParameters }}
  fileParameters:
  {{- range .fileParameters }}
  - name: {{ .name }}
  path: {{ .path }}
- {{- end }}
- {{- end }}
- {{- end }}
+ {{- end }}{{- /* range .fileParameters */}}
+ {{- end }}{{- /* if .fileParameters */}}
+ {{- end }}{{- /* if .plugin */}}
  {{- if .ignoreDifferences }}
  ignoreDifferences: {{ .ignoreDifferences | toPrettyJson }}
  {{- end }}
@@ -243,9 +200,8 @@ spec:
  automated: {}
  retry:
  limit: {{ default 20 $.Values.global.applicationRetryLimit }}
- # selfHeal: true
- {{- end }}
+ {{- end }}{{- /* .syncPolicy */}}
 ---
-{{- end }}
-{{- end }}
-{{- end }}
+{{- end }}{{- /* if or (.generators) (.generatorFile) (.useGeneratorValues) (.destinationServer) (.destinationNamespace) */}}
+{{- end }}{{- /* range .Values.clusterGroup.applications */}}
+{{- end }}{{- /* if not (eq .Values.enabled "core") */}}

common/examples/values-example.yaml

@@ -104,11 +104,16 @@ clusterGroup:
  name: aws-ap
  openshiftVersion: 4.10.18
  baseDomain: blueprints.rhecoeng.com
+ controlPlane:
+ count: 1
+ platform:
+ aws:
+ type: m5.xlarge
+ workers:
+ count: 0
  platform:
  aws:
  region: ap-southeast-2
- clusters:
- - one
  exampleAzurePool:
  name: azure-us
  openshiftVersion: 4.10.18
@@ -118,7 +123,7 @@ clusterGroup:
  baseDomainResourceGroupName: dojo-dns-zones
  region: eastus
  clusters:
- - two
+ - Two
  - three
  acmlabels:
  - name: clusterGroup

common/golang-external-secrets/Chart.yaml

@@ -6,6 +6,6 @@ name: golang-external-secrets
 version: 0.0.1
 dependencies:
  - name: external-secrets
- version: "0.8.3"
+ version: "0.8.5"
  repository: "https://charts.external-secrets.io"
  #"https://external-secrets.github.io/kubernetes-external-secrets"