diff --git a/cluster-applications/030-ibm-cis-cert-manager/Chart.yaml b/cluster-applications/020-ibm-cis-cert-manager/Chart.yaml similarity index 100% rename from cluster-applications/030-ibm-cis-cert-manager/Chart.yaml rename to cluster-applications/020-ibm-cis-cert-manager/Chart.yaml diff --git a/cluster-applications/030-ibm-cis-cert-manager/README.md b/cluster-applications/020-ibm-cis-cert-manager/README.md similarity index 100% rename from cluster-applications/030-ibm-cis-cert-manager/README.md rename to cluster-applications/020-ibm-cis-cert-manager/README.md diff --git a/cluster-applications/030-ibm-cis-cert-manager/templates/00-1-ibm-cis-webhook_rbac.yml b/cluster-applications/020-ibm-cis-cert-manager/templates/00-1-ibm-cis-webhook_rbac.yml similarity index 93% rename from cluster-applications/030-ibm-cis-cert-manager/templates/00-1-ibm-cis-webhook_rbac.yml rename to cluster-applications/020-ibm-cis-cert-manager/templates/00-1-ibm-cis-webhook_rbac.yml index 545965f7b..0820db6f6 100644 --- a/cluster-applications/030-ibm-cis-cert-manager/templates/00-1-ibm-cis-webhook_rbac.yml +++ b/cluster-applications/020-ibm-cis-cert-manager/templates/00-1-ibm-cis-webhook_rbac.yml @@ -10,7 +10,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - argocd.argoproj.io/sync-wave: "030" + argocd.argoproj.io/sync-wave: "020" name: "cert-manager-webhook-ibm-cis" namespace: "{{ $cert_manager_namespace }}" labels: @@ -27,7 +27,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: - argocd.argoproj.io/sync-wave: "031" + argocd.argoproj.io/sync-wave: "021" namespace: "{{ $cert_manager_namespace }}" name: "cert-manager-webhook-ibm-cis" labels: @@ -51,7 +51,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: annotations: - argocd.argoproj.io/sync-wave: "030" + argocd.argoproj.io/sync-wave: "020" name: "cert-manager-webhook-ibm-cis" namespace: "{{ $cert_manager_namespace }}" labels: @@ -75,7 +75,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: - argocd.argoproj.io/sync-wave: "031" + argocd.argoproj.io/sync-wave: "021" name: "cert-manager-webhook-ibm-cis:webhook-authentication-reader" namespace: kube-system labels: @@ -100,7 +100,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - argocd.argoproj.io/sync-wave: "031" + argocd.argoproj.io/sync-wave: "021" name: "cert-manager-webhook-ibm-cis:auth-delegator" labels: app: "cert-manager-webhook-ibm-cis" @@ -123,7 +123,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - argocd.argoproj.io/sync-wave: "030" + argocd.argoproj.io/sync-wave: "020" name: "cert-manager-webhook-ibm-cis:domain-solver" labels: app: "cert-manager-webhook-ibm-cis" @@ -143,7 +143,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - argocd.argoproj.io/sync-wave: "031" + argocd.argoproj.io/sync-wave: "021" name: "cert-manager-webhook-ibm-cis:domain-solver" labels: app: "cert-manager-webhook-ibm-cis" @@ -165,7 +165,7 @@ kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: annotations: - argocd.argoproj.io/sync-wave: "031" + argocd.argoproj.io/sync-wave: "021" labels: app: "cert-manager-webhook-ibm-cis" name: 'system:openshift:scc:anyuid' diff --git a/cluster-applications/030-ibm-cis-cert-manager/templates/00-2-ibm-cis-webhook_pki.yml b/cluster-applications/020-ibm-cis-cert-manager/templates/00-2-ibm-cis-webhook_pki.yml similarity index 93% rename from cluster-applications/030-ibm-cis-cert-manager/templates/00-2-ibm-cis-webhook_pki.yml rename to cluster-applications/020-ibm-cis-cert-manager/templates/00-2-ibm-cis-webhook_pki.yml index 8ee21112e..dde3fbc4f 100644 --- a/cluster-applications/030-ibm-cis-cert-manager/templates/00-2-ibm-cis-webhook_pki.yml +++ b/cluster-applications/020-ibm-cis-cert-manager/templates/00-2-ibm-cis-webhook_pki.yml @@ -9,7 +9,7 @@ apiVersion: cert-manager.io/v1 kind: Issuer metadata: annotations: - argocd.argoproj.io/sync-wave: "032" + argocd.argoproj.io/sync-wave: "022" name: "cert-manager-webhook-ibm-cis-self-signed-issuer" namespace: "{{ $cert_manager_namespace }}" labels: @@ -26,7 +26,7 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: annotations: - argocd.argoproj.io/sync-wave: "033" + argocd.argoproj.io/sync-wave: "023" name: "cert-manager-webhook-ibm-cis-root-ca-certificate" namespace: "{{ $cert_manager_namespace }}" labels: @@ -48,7 +48,7 @@ apiVersion: cert-manager.io/v1 kind: Issuer metadata: annotations: - argocd.argoproj.io/sync-wave: "033" + argocd.argoproj.io/sync-wave: "023" name: "cert-manager-webhook-ibm-cis-root-ca-issuer" namespace: "{{ $cert_manager_namespace }}" labels: @@ -66,7 +66,7 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: annotations: - argocd.argoproj.io/sync-wave: "034" + argocd.argoproj.io/sync-wave: "024" name: "cert-manager-webhook-ibm-cis-serving-cert" namespace: "{{ $cert_manager_namespace }}" labels: diff --git a/cluster-applications/030-ibm-cis-cert-manager/templates/00-3-ibm-cis-webhook_deployment.yml b/cluster-applications/020-ibm-cis-cert-manager/templates/00-3-ibm-cis-webhook_deployment.yml similarity index 98% rename from cluster-applications/030-ibm-cis-cert-manager/templates/00-3-ibm-cis-webhook_deployment.yml rename to cluster-applications/020-ibm-cis-cert-manager/templates/00-3-ibm-cis-webhook_deployment.yml index 7e8c284d0..008acf952 100644 --- a/cluster-applications/030-ibm-cis-cert-manager/templates/00-3-ibm-cis-webhook_deployment.yml +++ b/cluster-applications/020-ibm-cis-cert-manager/templates/00-3-ibm-cis-webhook_deployment.yml @@ -13,7 +13,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - argocd.argoproj.io/sync-wave: "035" + argocd.argoproj.io/sync-wave: "025" name: "cert-manager-webhook-ibm-cis" namespace: "{{ $cert_manager_namespace }}" labels: diff --git a/cluster-applications/030-ibm-cis-cert-manager/templates/00-4-ibm-cis-webhook_apiservice.yml b/cluster-applications/020-ibm-cis-cert-manager/templates/00-4-ibm-cis-webhook_apiservice.yml similarity index 95% rename from cluster-applications/030-ibm-cis-cert-manager/templates/00-4-ibm-cis-webhook_apiservice.yml rename to cluster-applications/020-ibm-cis-cert-manager/templates/00-4-ibm-cis-webhook_apiservice.yml index dffb8229a..a7e103c03 100644 --- a/cluster-applications/030-ibm-cis-cert-manager/templates/00-4-ibm-cis-webhook_apiservice.yml +++ b/cluster-applications/020-ibm-cis-cert-manager/templates/00-4-ibm-cis-webhook_apiservice.yml @@ -8,7 +8,7 @@ apiVersion: apiregistration.k8s.io/v1 kind: APIService metadata: annotations: - argocd.argoproj.io/sync-wave: "036" + argocd.argoproj.io/sync-wave: "026" cert-manager.io/inject-ca-from: "{{ $cert_manager_namespace }}/cert-manager-webhook-ibm-cis-serving-cert" name: "v1alpha1.{{ $cis_apiservice_group_name }}" namespace: "{{ $cert_manager_namespace }}" diff --git a/cluster-applications/030-ibm-cis-cert-manager/templates/00-5-ibm-cis-webhook_service.yml b/cluster-applications/020-ibm-cis-cert-manager/templates/00-5-ibm-cis-webhook_service.yml similarity index 94% rename from cluster-applications/030-ibm-cis-cert-manager/templates/00-5-ibm-cis-webhook_service.yml rename to cluster-applications/020-ibm-cis-cert-manager/templates/00-5-ibm-cis-webhook_service.yml index 7e43cf362..e0f025d9f 100644 --- a/cluster-applications/030-ibm-cis-cert-manager/templates/00-5-ibm-cis-webhook_service.yml +++ b/cluster-applications/020-ibm-cis-cert-manager/templates/00-5-ibm-cis-webhook_service.yml @@ -9,7 +9,7 @@ apiVersion: v1 kind: Service metadata: annotations: - argocd.argoproj.io/sync-wave: "036" + argocd.argoproj.io/sync-wave: "026" name: "cert-manager-webhook-ibm-cis" namespace: "{{ $cert_manager_namespace }}" labels: diff --git a/cluster-applications/030-ibm-cis-cert-manager/templates/00-6-ibm-cis-webhook_cis-apikey-secret.yml b/cluster-applications/020-ibm-cis-cert-manager/templates/00-6-ibm-cis-webhook_cis-apikey-secret.yml similarity index 90% rename from cluster-applications/030-ibm-cis-cert-manager/templates/00-6-ibm-cis-webhook_cis-apikey-secret.yml rename to cluster-applications/020-ibm-cis-cert-manager/templates/00-6-ibm-cis-webhook_cis-apikey-secret.yml index 17a7b6f71..c2b21e7b8 100644 --- a/cluster-applications/030-ibm-cis-cert-manager/templates/00-6-ibm-cis-webhook_cis-apikey-secret.yml +++ b/cluster-applications/020-ibm-cis-cert-manager/templates/00-6-ibm-cis-webhook_cis-apikey-secret.yml @@ -7,7 +7,7 @@ apiVersion: v1 kind: Secret metadata: annotations: - argocd.argoproj.io/sync-wave: "030" + argocd.argoproj.io/sync-wave: "020" name: cis-api-key namespace: "{{ $cert_manager_namespace }}" {{- if .Values.custom_labels }} diff --git a/cluster-applications/030-ibm-cis-cert-manager/templates/00-7-ibm-cis-webhook_cis-proxy-route.yml b/cluster-applications/020-ibm-cis-cert-manager/templates/00-7-ibm-cis-webhook_cis-proxy-route.yml similarity index 94% rename from cluster-applications/030-ibm-cis-cert-manager/templates/00-7-ibm-cis-webhook_cis-proxy-route.yml rename to cluster-applications/020-ibm-cis-cert-manager/templates/00-7-ibm-cis-webhook_cis-proxy-route.yml index d5ab2b31f..d8e3dc02a 100644 --- a/cluster-applications/030-ibm-cis-cert-manager/templates/00-7-ibm-cis-webhook_cis-proxy-route.yml +++ b/cluster-applications/020-ibm-cis-cert-manager/templates/00-7-ibm-cis-webhook_cis-proxy-route.yml @@ -8,7 +8,7 @@ kind: Route apiVersion: route.openshift.io/v1 metadata: annotations: - argocd.argoproj.io/sync-wave: "038" + argocd.argoproj.io/sync-wave: "028" name: cis-proxy-route namespace: "{{ $cert_manager_namespace }}" {{- if .Values.custom_labels }} diff --git a/cluster-applications/030-ibm-cis-cert-manager/templates/00-8-ibm-cis-webhook_cis-ingress-controller.yaml b/cluster-applications/020-ibm-cis-cert-manager/templates/00-8-ibm-cis-webhook_cis-ingress-controller.yaml similarity index 100% rename from cluster-applications/030-ibm-cis-cert-manager/templates/00-8-ibm-cis-webhook_cis-ingress-controller.yaml rename to cluster-applications/020-ibm-cis-cert-manager/templates/00-8-ibm-cis-webhook_cis-ingress-controller.yaml diff --git a/cluster-applications/030-ibm-cis-cert-manager/templates/00-placeholder_ConfigMap.yaml b/cluster-applications/020-ibm-cis-cert-manager/templates/00-placeholder_ConfigMap.yaml similarity index 100% rename from cluster-applications/030-ibm-cis-cert-manager/templates/00-placeholder_ConfigMap.yaml rename to cluster-applications/020-ibm-cis-cert-manager/templates/00-placeholder_ConfigMap.yaml diff --git a/cluster-applications/021-ibm-dro-cleanup/values.yaml b/cluster-applications/020-ibm-cis-cert-manager/values.yaml similarity index 100% rename from cluster-applications/021-ibm-dro-cleanup/values.yaml rename to cluster-applications/020-ibm-cis-cert-manager/values.yaml diff --git a/cluster-applications/020-ibm-dro/Chart.yaml b/cluster-applications/030-ibm-dro/Chart.yaml similarity index 100% rename from cluster-applications/020-ibm-dro/Chart.yaml rename to cluster-applications/030-ibm-dro/Chart.yaml diff --git a/cluster-applications/020-ibm-dro/README.md b/cluster-applications/030-ibm-dro/README.md similarity index 100% rename from cluster-applications/020-ibm-dro/README.md rename to cluster-applications/030-ibm-dro/README.md diff --git a/cluster-applications/020-ibm-dro/templates/01-dro_OperatorGroup.yaml b/cluster-applications/030-ibm-dro/templates/01-dro_OperatorGroup.yaml similarity index 88% rename from cluster-applications/020-ibm-dro/templates/01-dro_OperatorGroup.yaml rename to cluster-applications/030-ibm-dro/templates/01-dro_OperatorGroup.yaml index a2ee7d2ff..4f1efcedc 100644 --- a/cluster-applications/020-ibm-dro/templates/01-dro_OperatorGroup.yaml +++ b/cluster-applications/030-ibm-dro/templates/01-dro_OperatorGroup.yaml @@ -5,7 +5,7 @@ metadata: name: ibm-mas-operator-group namespace: "{{ .Values.dro_namespace }}" annotations: - argocd.argoproj.io/sync-wave: "021" + argocd.argoproj.io/sync-wave: "031" {{- if .Values.custom_labels }} labels: {{ .Values.custom_labels | toYaml | indent 4 }} diff --git a/cluster-applications/020-ibm-dro/templates/02-dro-pull_Secret.yaml b/cluster-applications/030-ibm-dro/templates/02-dro-pull_Secret.yaml similarity index 88% rename from cluster-applications/020-ibm-dro/templates/02-dro-pull_Secret.yaml rename to cluster-applications/030-ibm-dro/templates/02-dro-pull_Secret.yaml index 7224a0b75..5be7c1297 100644 --- a/cluster-applications/020-ibm-dro/templates/02-dro-pull_Secret.yaml +++ b/cluster-applications/030-ibm-dro/templates/02-dro-pull_Secret.yaml @@ -5,7 +5,7 @@ metadata: name: redhat-marketplace-pull-secret namespace: "{{ .Values.dro_namespace }}" annotations: - argocd.argoproj.io/sync-wave: "021" + argocd.argoproj.io/sync-wave: "031" {{- if .Values.custom_labels }} labels: {{ .Values.custom_labels | toYaml | indent 4 }} diff --git a/cluster-applications/020-ibm-dro/templates/03-imo_Subscription.yaml b/cluster-applications/030-ibm-dro/templates/03-imo_Subscription.yaml similarity index 92% rename from cluster-applications/020-ibm-dro/templates/03-imo_Subscription.yaml rename to cluster-applications/030-ibm-dro/templates/03-imo_Subscription.yaml index 02930c513..6a2ae7daa 100644 --- a/cluster-applications/020-ibm-dro/templates/03-imo_Subscription.yaml +++ b/cluster-applications/030-ibm-dro/templates/03-imo_Subscription.yaml @@ -5,7 +5,7 @@ metadata: name: ibm-metrics-operator namespace: "{{ .Values.dro_namespace }}" annotations: - argocd.argoproj.io/sync-wave: "022" + argocd.argoproj.io/sync-wave: "032" labels: app.kubernetes.io/name: imo {{- if .Values.custom_labels }} diff --git a/cluster-applications/020-ibm-dro/templates/04-dro_Subscription.yaml b/cluster-applications/030-ibm-dro/templates/04-dro_Subscription.yaml similarity index 92% rename from cluster-applications/020-ibm-dro/templates/04-dro_Subscription.yaml rename to cluster-applications/030-ibm-dro/templates/04-dro_Subscription.yaml index fea6b95d3..995962617 100644 --- a/cluster-applications/020-ibm-dro/templates/04-dro_Subscription.yaml +++ b/cluster-applications/030-ibm-dro/templates/04-dro_Subscription.yaml @@ -5,7 +5,7 @@ metadata: name: ibm-data-reporter-operator namespace: "{{ .Values.dro_namespace }}" annotations: - argocd.argoproj.io/sync-wave: "022" + argocd.argoproj.io/sync-wave: "032" labels: app.kubernetes.io/name: dro {{- if .Values.custom_labels }} diff --git a/cluster-applications/020-ibm-dro/templates/06-marketplaceconfig_Marketplaceconfig.yaml b/cluster-applications/030-ibm-dro/templates/06-marketplaceconfig_Marketplaceconfig.yaml similarity index 90% rename from cluster-applications/020-ibm-dro/templates/06-marketplaceconfig_Marketplaceconfig.yaml rename to cluster-applications/030-ibm-dro/templates/06-marketplaceconfig_Marketplaceconfig.yaml index ff87d47e4..f83bec37a 100644 --- a/cluster-applications/020-ibm-dro/templates/06-marketplaceconfig_Marketplaceconfig.yaml +++ b/cluster-applications/030-ibm-dro/templates/06-marketplaceconfig_Marketplaceconfig.yaml @@ -4,7 +4,7 @@ metadata: name: marketplaceconfig namespace: "{{ .Values.dro_namespace }}" annotations: - argocd.argoproj.io/sync-wave: "024" + argocd.argoproj.io/sync-wave: "034" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true {{- if .Values.custom_labels }} labels: diff --git a/cluster-applications/020-ibm-dro/templates/07-dro-api-token_Secret.yaml b/cluster-applications/030-ibm-dro/templates/07-dro-api-token_Secret.yaml similarity index 100% rename from cluster-applications/020-ibm-dro/templates/07-dro-api-token_Secret.yaml rename to cluster-applications/030-ibm-dro/templates/07-dro-api-token_Secret.yaml diff --git a/cluster-applications/020-ibm-dro/templates/07-dro_rbac.yaml b/cluster-applications/030-ibm-dro/templates/07-dro_rbac.yaml similarity index 95% rename from cluster-applications/020-ibm-dro/templates/07-dro_rbac.yaml rename to cluster-applications/030-ibm-dro/templates/07-dro_rbac.yaml index d1f1352fb..31924511a 100644 --- a/cluster-applications/020-ibm-dro/templates/07-dro_rbac.yaml +++ b/cluster-applications/030-ibm-dro/templates/07-dro_rbac.yaml @@ -6,7 +6,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: metric-state-view-binding annotations: - argocd.argoproj.io/sync-wave: "025" + argocd.argoproj.io/sync-wave: "035" {{- if .Values.custom_labels }} labels: {{ .Values.custom_labels | toYaml | indent 4 }} @@ -34,7 +34,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: reporter-cluster-monitoring-binding annotations: - argocd.argoproj.io/sync-wave: "025" + argocd.argoproj.io/sync-wave: "035" {{- if .Values.custom_labels }} labels: {{ .Values.custom_labels | toYaml | indent 4 }} @@ -62,7 +62,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: manager-cluster-monitoring-binding annotations: - argocd.argoproj.io/sync-wave: "025" + argocd.argoproj.io/sync-wave: "035" {{- if .Values.custom_labels }} labels: {{ .Values.custom_labels | toYaml | indent 4 }} diff --git a/cluster-applications/020-ibm-dro/templates/08-postsync-update-sm_Job.yaml b/cluster-applications/030-ibm-dro/templates/08-postsync-update-sm_Job.yaml similarity index 85% rename from cluster-applications/020-ibm-dro/templates/08-postsync-update-sm_Job.yaml rename to cluster-applications/030-ibm-dro/templates/08-postsync-update-sm_Job.yaml index d7dc26b62..9e85e0f1a 100644 --- a/cluster-applications/020-ibm-dro/templates/08-postsync-update-sm_Job.yaml +++ b/cluster-applications/030-ibm-dro/templates/08-postsync-update-sm_Job.yaml @@ -26,7 +26,7 @@ Increment this value whenever you make a change to an immutable field of the Job E.g. passing in a new environment variable. Included in $_job_hash (see below). */}} -{{- $_job_version := "v3" }} +{{- $_job_version := "v4" }} {{- /* 10 char hash appended to the job name taking into account $_job_config_values, $_job_version and $_cli_image_digest @@ -102,7 +102,7 @@ metadata: name: {{ $role_name }} namespace: {{ $ns }} annotations: - argocd.argoproj.io/sync-wave: "026" + argocd.argoproj.io/sync-wave: "036" {{- if .Values.custom_labels }} labels: {{ .Values.custom_labels | toYaml | indent 4 }} @@ -112,8 +112,10 @@ rules: - get apiGroups: - route.openshift.io + - cert-manager.io resources: - routes + - certificates --- @@ -123,7 +125,7 @@ metadata: name: {{ $rb_name }} namespace: {{ $ns }} annotations: - argocd.argoproj.io/sync-wave: "027" + argocd.argoproj.io/sync-wave: "037" {{- if .Values.custom_labels }} labels: {{ .Values.custom_labels | toYaml | indent 4 }} @@ -144,7 +146,7 @@ metadata: name: {{ $_job_name }} namespace: {{ $ns }} annotations: - argocd.argoproj.io/sync-wave: "028" + argocd.argoproj.io/sync-wave: "038" labels: mas.ibm.com/job-cleanup-group: {{ $_job_cleanup_group }} {{- if .Values.custom_labels }} @@ -181,11 +183,15 @@ spec: # Hard-coded for now: - name: AVP_TYPE value: "aws" + - name: DRO_PUBLIC_DOMAIN + value: {{ .Values.dro_public_domain }} volumeMounts: - name: aws mountPath: /etc/mas/creds/aws - name: ibm-data-reporter-operator-api-token mountPath: /etc/mas/creds/ibm-data-reporter-operator-api-token + - name: dro-tls-secret + mountPath: /etc/mas/creds/dro-tls-secret command: - /bin/sh - -c @@ -252,6 +258,25 @@ spec: exit 1 fi + if [[ -n "${DRO_PUBLIC_DOMAIN}" ]]; then + wait_for_resource "certificate" "dro-client-certificate" "${DRO_NAMESPACE}" + export DRO_CLIENT_TLS_CA_CRT=$(cat /etc/mas/creds/dro-tls-secret/ca.crt | base64 -w0) + if [[ -z "${DRO_CLIENT_TLS_CA_CRT}" ]]; then + echo "Failed to fetch ca.crt" + exit 1 + fi + export DRO_CLIENT_TLS_TLS_CRT=$(cat /etc/mas/creds/dro-tls-secret/tls.crt | base64 -w0) + if [[ -z "${DRO_CLIENT_TLS_TLS_CRT}" ]]; then + echo "Failed to fetch tls.crt" + exit 1 + fi + export DRO_CLIENT_TLS_TLS_KEY=$(cat /etc/mas/creds/dro-tls-secret/tls.key | base64 -w0) + if [[ -z "${DRO_CLIENT_TLS_TLS_KEY}" ]]; then + echo "Failed to fetch tls.key" + exit 1 + fi + fi + # aws configure set aws_access_key_id $SM_AWS_ACCESS_KEY_ID # aws configure set aws_secret_access_key $SM_AWS_SECRET_ACCESS_KEY @@ -263,7 +288,7 @@ spec: # aws secretsmanager create-secret --name ${SECRET_NAME} --secret-string "${SECRET_VALUE}" SECRET_NAME_DRO=${ACCOUNT_ID}/${CLUSTER_ID}/dro TAGS="[{\"Key\": \"source\", \"Value\": \"postsync-ibm-dro-update-sm-job\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]" - sm_update_secret $SECRET_NAME_DRO "{\"dro_api_token\": \"$DRO_API_TOKEN\", \"dro_url\": \"$DRO_URL\" }" "${TAGS}" + sm_update_secret $SECRET_NAME_DRO "{\"dro_api_token\": \"$DRO_API_TOKEN\", \"dro_url\": \"$DRO_URL\", \"dro_client_tls_ca_crt_b64\": \"$DRO_CLIENT_TLS_CA_CRT\", \"dro_client_tls_tls_crt_b64\": \"$DRO_CLIENT_TLS_TLS_CRT\", \"dro_client_tls_tls_key_b64\": \"$DRO_CLIENT_TLS_TLS_KEY\" }" "${TAGS}" restartPolicy: Never @@ -282,6 +307,11 @@ spec: secretName: ibm-data-reporter-operator-api-token defaultMode: 420 optional: false + - name: dro-tls-secret + secret: + secretName: dro-tls-secret + defaultMode: 420 + optional: false backoffLimit: 4 {{- end }} diff --git a/cluster-applications/020-ibm-dro/templates/09-dro-cmm_Secret.yaml b/cluster-applications/030-ibm-dro/templates/09-dro-cmm_Secret.yaml similarity index 84% rename from cluster-applications/020-ibm-dro/templates/09-dro-cmm_Secret.yaml rename to cluster-applications/030-ibm-dro/templates/09-dro-cmm_Secret.yaml index e11b9cf54..b76f5196e 100644 --- a/cluster-applications/020-ibm-dro/templates/09-dro-cmm_Secret.yaml +++ b/cluster-applications/030-ibm-dro/templates/09-dro-cmm_Secret.yaml @@ -7,7 +7,7 @@ metadata: name: dest-header-map-secret namespace: "{{ .Values.dro_namespace }}" annotations: - argocd.argoproj.io/sync-wave: "029" + argocd.argoproj.io/sync-wave: "039" type: Opaque stringData: accept: application/json @@ -18,7 +18,7 @@ metadata: name: auth-header-map-secret namespace: "{{ .Values.dro_namespace }}" annotations: - argocd.argoproj.io/sync-wave: "029" + argocd.argoproj.io/sync-wave: "039" type: Opaque stringData: accept: application/json @@ -30,7 +30,7 @@ metadata: name: auth-body-data-secret namespace: "{{ .Values.dro_namespace }}" annotations: - argocd.argoproj.io/sync-wave: "029" + argocd.argoproj.io/sync-wave: "039" type: Opaque stringData: bodydata: | diff --git a/cluster-applications/020-ibm-dro/templates/10-dro-cmm_ConfigMap.yaml b/cluster-applications/030-ibm-dro/templates/10-dro-cmm_ConfigMap.yaml similarity index 96% rename from cluster-applications/020-ibm-dro/templates/10-dro-cmm_ConfigMap.yaml rename to cluster-applications/030-ibm-dro/templates/10-dro-cmm_ConfigMap.yaml index e64ce8a9c..b6fefd3f2 100644 --- a/cluster-applications/020-ibm-dro/templates/10-dro-cmm_ConfigMap.yaml +++ b/cluster-applications/030-ibm-dro/templates/10-dro-cmm_ConfigMap.yaml @@ -7,7 +7,7 @@ metadata: name: kazaam-configmap namespace: "{{ .Values.dro_namespace }}" annotations: - argocd.argoproj.io/sync-wave: "029" + argocd.argoproj.io/sync-wave: "039" data: kazaam.json: | [ diff --git a/cluster-applications/020-ibm-dro/templates/11-dro-cmm_DataReporterConfig.yaml b/cluster-applications/030-ibm-dro/templates/11-dro-cmm_DataReporterConfig.yaml similarity index 97% rename from cluster-applications/020-ibm-dro/templates/11-dro-cmm_DataReporterConfig.yaml rename to cluster-applications/030-ibm-dro/templates/11-dro-cmm_DataReporterConfig.yaml index 6bde3c541..da27296f8 100644 --- a/cluster-applications/020-ibm-dro/templates/11-dro-cmm_DataReporterConfig.yaml +++ b/cluster-applications/030-ibm-dro/templates/11-dro-cmm_DataReporterConfig.yaml @@ -7,7 +7,7 @@ metadata: name: datareporterconfig namespace: "{{ .Values.dro_namespace }}" annotations: - argocd.argoproj.io/sync-wave: "030" + argocd.argoproj.io/sync-wave: "040" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true spec: confirmDelivery: false diff --git a/cluster-applications/030-ibm-dro/templates/12-0-dro-cluster-issuer-staging.yaml b/cluster-applications/030-ibm-dro/templates/12-0-dro-cluster-issuer-staging.yaml new file mode 100644 index 000000000..b3482b837 --- /dev/null +++ b/cluster-applications/030-ibm-dro/templates/12-0-dro-cluster-issuer-staging.yaml @@ -0,0 +1,36 @@ +{{- if (eq .Values.dns_provider "cis") }} + +{{ $cis_apiservice_group_name := "acme.cis.ibm.com" }} +{{ $cis_stg_issuer_name := printf "%s-cis-le-stg" .Values.cluster_id }} + +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + annotations: + argocd.argoproj.io/sync-wave: "138" + name: "{{ $cis_stg_issuer_name }}" + namespace: "{{ .Values.dro_namespace }}" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +spec: + acme: + preferredChain: '' + privateKeySecretRef: + name: cis-letsencrypt-staging-account-key + server: 'https://acme-staging-v02.api.letsencrypt.org/directory' + solvers: + - dns01: + webhook: + config: + apiKeySecretRef: + key: key + name: cis-api-key + crn: >- + {{ .Values.cis_crn }} + groupName: {{ $cis_apiservice_group_name }} + solverName: cis + +{{- end }} \ No newline at end of file diff --git a/cluster-applications/030-ibm-dro/templates/12-1-dro-cluster-issuer-prod.yaml b/cluster-applications/030-ibm-dro/templates/12-1-dro-cluster-issuer-prod.yaml new file mode 100644 index 000000000..901cd4196 --- /dev/null +++ b/cluster-applications/030-ibm-dro/templates/12-1-dro-cluster-issuer-prod.yaml @@ -0,0 +1,35 @@ +{{- if (eq .Values.dns_provider "cis") }} + +{{ $cis_apiservice_group_name := "acme.cis.ibm.com" }} +{{ $cis_prod_issuer_name := printf "%s-cis-le-prod" .Values.cluster_id }} +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + annotations: + argocd.argoproj.io/sync-wave: "138" + name: "{{ $cis_prod_issuer_name }}" + namespace: "{{ .Values.dro_namespace }}" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +spec: + acme: + preferredChain: '' + privateKeySecretRef: + name: cis-letsencrypt-production-account-key + server: 'https://acme-v02.api.letsencrypt.org/directory' + solvers: + - dns01: + webhook: + config: + apiKeySecretRef: + key: key + name: cis-api-key + crn: >- + {{ .Values.cis_crn }} + groupName: {{ $cis_apiservice_group_name }} + solverName: cis + +{{- end }} \ No newline at end of file diff --git a/cluster-applications/030-ibm-dro/templates/13-dro-certificate.yaml b/cluster-applications/030-ibm-dro/templates/13-dro-certificate.yaml new file mode 100644 index 000000000..74b84ad1b --- /dev/null +++ b/cluster-applications/030-ibm-dro/templates/13-dro-certificate.yaml @@ -0,0 +1,20 @@ +{{- if (eq .Values.dns_provider "cis") }} +{{- if .Values.dro_public_domain }} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + annotations: + argocd.argoproj.io/sync-wave: "139" + name: dro-tls-cert + namespace: "{{ .Values.dro_namespace }}" +spec: + secretName: dro-tls-secret + issuerRef: + name: letsencrypt-staging + kind: ClusterIssuer + commonName: dro-{{ .Values.cluster_id }} + privateKey: + rotationPolicy: Always +{{- end }} +{{- end }} \ No newline at end of file diff --git a/cluster-applications/020-ibm-dro/templates/postdelete-MarketplaceConfigs-resources.yaml b/cluster-applications/030-ibm-dro/templates/postdelete-MarketplaceConfigs-resources.yaml similarity index 100% rename from cluster-applications/020-ibm-dro/templates/postdelete-MarketplaceConfigs-resources.yaml rename to cluster-applications/030-ibm-dro/templates/postdelete-MarketplaceConfigs-resources.yaml diff --git a/cluster-applications/020-ibm-dro/values.yaml b/cluster-applications/030-ibm-dro/values.yaml similarity index 100% rename from cluster-applications/020-ibm-dro/values.yaml rename to cluster-applications/030-ibm-dro/values.yaml diff --git a/cluster-applications/031-ibm-dro-public/Chart.yaml b/cluster-applications/031-ibm-dro-public/Chart.yaml new file mode 100644 index 000000000..85258c32b --- /dev/null +++ b/cluster-applications/031-ibm-dro-public/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: ibm-dro-public +description: IBM DRO (Public) +type: application +version: 1.0.0 + +dependencies: +- name: junitreporter + version: 1.0.0 + repository: "file://../../sub-charts/junitreporter/" + condition: junitreporter.devops_mongo_uri != "" \ No newline at end of file diff --git a/cluster-applications/031-ibm-dro-public/templates/01-dro-public-route.yaml b/cluster-applications/031-ibm-dro-public/templates/01-dro-public-route.yaml new file mode 100644 index 000000000..ab980fdb8 --- /dev/null +++ b/cluster-applications/031-ibm-dro-public/templates/01-dro-public-route.yaml @@ -0,0 +1,29 @@ +{{- if (eq .Values.dns_provider "cis") }} +{{- if .Values.dro_public_domain }} +--- +kind: Route +apiVersion: route.openshift.io/v1 +metadata: + name: ibm-data-reporter-public-route + namespace: "{{ .Values.dro_namespace }}" + labels: + type: external + +spec: + host: "dro.{{ .Values.cluster_id }}.{{ .Values.dro_public_domain }}" + to: + kind: Service + name: ibm-data-reporter-operator-controller-manager-metrics-service + weight: 100 + port: + targetPort: 8443 + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + certificate: |- + {{ .Values.dro_tls_certificate }} + key: |- + {{ .Values.dro_tls_key }} + wildcardPolicy: None +{{- end }} +{{- end }} \ No newline at end of file diff --git a/cluster-applications/031-ibm-dro-public/values.yaml b/cluster-applications/031-ibm-dro-public/values.yaml new file mode 100644 index 000000000..e69de29bb diff --git a/cluster-applications/021-ibm-dro-cleanup/Chart.yaml b/cluster-applications/032-ibm-dro-cleanup/Chart.yaml similarity index 100% rename from cluster-applications/021-ibm-dro-cleanup/Chart.yaml rename to cluster-applications/032-ibm-dro-cleanup/Chart.yaml diff --git a/cluster-applications/021-ibm-dro-cleanup/README.md b/cluster-applications/032-ibm-dro-cleanup/README.md similarity index 100% rename from cluster-applications/021-ibm-dro-cleanup/README.md rename to cluster-applications/032-ibm-dro-cleanup/README.md diff --git a/cluster-applications/021-ibm-dro-cleanup/templates/00-placeholder_ConfigMap.yaml b/cluster-applications/032-ibm-dro-cleanup/templates/00-placeholder_ConfigMap.yaml similarity index 100% rename from cluster-applications/021-ibm-dro-cleanup/templates/00-placeholder_ConfigMap.yaml rename to cluster-applications/032-ibm-dro-cleanup/templates/00-placeholder_ConfigMap.yaml diff --git a/cluster-applications/021-ibm-dro-cleanup/templates/postdelete-MarketplaceConfigs.yaml b/cluster-applications/032-ibm-dro-cleanup/templates/postdelete-MarketplaceConfigs.yaml similarity index 100% rename from cluster-applications/021-ibm-dro-cleanup/templates/postdelete-MarketplaceConfigs.yaml rename to cluster-applications/032-ibm-dro-cleanup/templates/postdelete-MarketplaceConfigs.yaml diff --git a/cluster-applications/030-ibm-cis-cert-manager/values.yaml b/cluster-applications/032-ibm-dro-cleanup/values.yaml similarity index 100% rename from cluster-applications/030-ibm-cis-cert-manager/values.yaml rename to cluster-applications/032-ibm-dro-cleanup/values.yaml diff --git a/root-applications/ibm-mas-cluster-root/templates/030-ibm-cis-cert-manager.yaml b/root-applications/ibm-mas-cluster-root/templates/020-ibm-cis-cert-manager.yaml similarity index 96% rename from root-applications/ibm-mas-cluster-root/templates/030-ibm-cis-cert-manager.yaml rename to root-applications/ibm-mas-cluster-root/templates/020-ibm-cis-cert-manager.yaml index bd2363ce4..dca96215d 100644 --- a/root-applications/ibm-mas-cluster-root/templates/030-ibm-cis-cert-manager.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/020-ibm-cis-cert-manager.yaml @@ -11,7 +11,7 @@ metadata: region: '{{ .Values.region.id }}' cluster: '{{ .Values.cluster.id }}' annotations: - argocd.argoproj.io/sync-wave: "030" + argocd.argoproj.io/sync-wave: "020" healthCheckTimeout: "1800" {{- if and .Values.notifications .Values.notifications.slack_channel_id }} notifications.argoproj.io/subscribe.on-sync-failed.workspace1: {{ .Values.notifications.slack_channel_id }} @@ -26,7 +26,7 @@ spec: namespace: default source: repoURL: "{{ .Values.source.repo_url }}" - path: cluster-applications/030-ibm-cis-cert-manager + path: cluster-applications/020-ibm-cis-cert-manager targetRevision: "{{ .Values.source.revision }}" plugin: name: {{ .Values.avp.name }} diff --git a/root-applications/ibm-mas-cluster-root/templates/020-ibm-dro-app.yaml b/root-applications/ibm-mas-cluster-root/templates/030-ibm-dro-app.yaml similarity index 88% rename from root-applications/ibm-mas-cluster-root/templates/020-ibm-dro-app.yaml rename to root-applications/ibm-mas-cluster-root/templates/030-ibm-dro-app.yaml index 18410b928..90da3158f 100644 --- a/root-applications/ibm-mas-cluster-root/templates/020-ibm-dro-app.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/030-ibm-dro-app.yaml @@ -11,7 +11,7 @@ metadata: region: '{{ .Values.region.id }}' cluster: '{{ .Values.cluster.id }}' annotations: - argocd.argoproj.io/sync-wave: "020" + argocd.argoproj.io/sync-wave: "030" healthCheckTimeout: "1800" {{- if and .Values.notifications .Values.notifications.slack_channel_id }} notifications.argoproj.io/subscribe.on-sync-failed.workspace1: {{ .Values.notifications.slack_channel_id }} @@ -31,7 +31,7 @@ spec: namespace: "{{ .Values.ibm_dro.dro_namespace }}" source: repoURL: "{{ .Values.source.repo_url }}" - path: cluster-applications/020-ibm-dro + path: cluster-applications/030-ibm-dro targetRevision: "{{ .Values.source.revision }}" plugin: name: {{ .Values.avp.name }} @@ -49,6 +49,11 @@ spec: ibm_entitlement_key: "{{ .Values.ibm_dro.ibm_entitlement_key }}" dro_cmm_setup: "{{ .Values.ibm_dro.dro_cmm_setup }}" dro_install_plan: "{{ .Values.ibm_dro.dro_install_plan }}" + dro_public_domain: "{{ .Values.ibm_dro.dro_public_domain }}" + dns_provider: "{{ .Values.ibm_cis_cert_manager.dns_provider }}" + ocp_cluster_domain: "{{ .Values.ibm_cis_cert_manager.ocp_cluster_domain }}" + cis_apikey: "{{ .Values.ibm_cis_cert_manager.cis_apikey }}" + cis_crn: "{{ .Values.ibm_dro.cis_crn }}" imo_install_plan: "{{ .Values.ibm_dro.imo_install_plan }}" cli_image_repo: {{ .Values.cli_image_repo }} junitreporter: diff --git a/root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-public.yaml b/root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-public.yaml new file mode 100644 index 000000000..502d3f44a --- /dev/null +++ b/root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-public.yaml @@ -0,0 +1,73 @@ +{{- if not (empty .Values.ibm_dro) }} +--- +# IBM Maximo Operator Catalog +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: ibm-dro-public.{{ .Values.cluster.id }} + namespace: {{ .Values.argo.namespace }} + labels: + environment: '{{ .Values.account.id }}' + region: '{{ .Values.region.id }}' + cluster: '{{ .Values.cluster.id }}' + annotations: + argocd.argoproj.io/sync-wave: "031" + healthCheckTimeout: "1800" + {{- if and .Values.notifications .Values.notifications.slack_channel_id }} + notifications.argoproj.io/subscribe.on-sync-failed.workspace1: {{ .Values.notifications.slack_channel_id }} + notifications.argoproj.io/subscribe.on-sync-succeeded.workspace1: {{ .Values.notifications.slack_channel_id }} + {{- end }} + finalizers: + - resources-finalizer.argocd.argoproj.io + - post-delete-finalizer.argocd.argoproj.io + - post-delete-finalizer.argocd.argoproj.io/cleanup +spec: + project: "{{ .Values.argo.projects.apps }}" + destination: + server: {{ .Values.cluster.url }} + namespace: default + source: + repoURL: "{{ .Values.source.repo_url }}" + path: cluster-applications/031-ibm-dro-public + targetRevision: "{{ .Values.source.revision }}" + plugin: + name: {{ .Values.avp.name }} + env: + - name: {{ .Values.avp.values_varname }} + value: | + cluster_id: "{{ .Values.cluster.id }}" + dro_namespace: "{{ .Values.ibm_dro.dro_namespace }}" + cli_image_repo: {{ .Values.cli_image_repo }} + dro_public_domain: "{{ .Values.ibm_dro.dro_public_domain }}" + dns_provider: "{{ .Values.ibm_cis_cert_manager.dns_provider }}" + dro_tls_certificate: "{{ .Values.ibm_dro.tls_certificate }}" + dro_tls_key: "{{ .Values.ibm_dro.tls_key }}" + junitreporter: + reporter_name: "ibm-dro-cleanup" + cluster_id: "{{ .Values.cluster.id }}" + devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" + devops_build_number: "{{ .Values.devops.build_number }}" + gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} + {{- if .Values.custom_labels }} + custom_labels: {{ .Values.custom_labels | toYaml | nindent 14 }} + {{- end }} + - name: ARGOCD_APP_NAME + value: ibmdrocleanup + {{- if not (empty .Values.avp.secret) }} + - name: AVP_SECRET + value: {{ .Values.avp.secret }} + {{- end }} + syncPolicy: + automated: + {{- if .Values.auto_delete }} + prune: true + {{- end }} + selfHeal: true + retry: + limit: 20 + syncOptions: + - CreateNamespace=false + - RespectIgnoreDifferences=true + - Validate=false +{{- end }} \ No newline at end of file diff --git a/root-applications/ibm-mas-cluster-root/templates/021-ibm-dro-cleanup.yaml b/root-applications/ibm-mas-cluster-root/templates/032-ibm-dro-cleanup.yaml similarity index 96% rename from root-applications/ibm-mas-cluster-root/templates/021-ibm-dro-cleanup.yaml rename to root-applications/ibm-mas-cluster-root/templates/032-ibm-dro-cleanup.yaml index 6498308cb..4712324f8 100644 --- a/root-applications/ibm-mas-cluster-root/templates/021-ibm-dro-cleanup.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/032-ibm-dro-cleanup.yaml @@ -11,7 +11,7 @@ metadata: region: '{{ .Values.region.id }}' cluster: '{{ .Values.cluster.id }}' annotations: - argocd.argoproj.io/sync-wave: "021" + argocd.argoproj.io/sync-wave: "032" healthCheckTimeout: "1800" {{- if and .Values.notifications .Values.notifications.slack_channel_id }} notifications.argoproj.io/subscribe.on-sync-failed.workspace1: {{ .Values.notifications.slack_channel_id }} @@ -28,7 +28,7 @@ spec: namespace: default source: repoURL: "{{ .Values.source.repo_url }}" - path: cluster-applications/021-ibm-dro-cleanup + path: cluster-applications/032-ibm-dro-cleanup targetRevision: "{{ .Values.source.revision }}" plugin: name: {{ .Values.avp.name }}