diff --git a/.gitignore b/.gitignore index cce0ff2..579a913 100644 --- a/.gitignore +++ b/.gitignore @@ -1,28 +1,175 @@ -# Compiled class file -*.class +# custom excludes +data/ +scratch/ +dictionary.dic -# Log file +# swap files +*~ +.*~ +*.swp +.*.swp +*.swo + +# bfg - because we never commit large data or passwords to git +..bfg-report/ + +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +share/python-wheels/ +*.egg-info/ +.installed.cfg +*.egg +MANIFEST + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.nox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +*.py,cover +.hypothesis/ +.pytest_cache/ +cover/ + +# Translations +*.mo +*.pot + +# Django stuff: *.log +local_settings.py +db.sqlite3 +db.sqlite3-journal + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +.pybuilder/ +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# IPython +profile_default/ +ipython_config.py + +# pyenv +# For a library or package, you might want to ignore these files since the code is +# intended to run in multiple environments; otherwise, check them in: +# .python-version + +# pipenv +# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. +# However, in case of collaboration, if having platform-specific dependencies or dependencies +# having no cross-platform support, pipenv may install dependencies that don't work, or not +# install all needed dependencies. +#Pipfile.lock + +# poetry +# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control. +# This is especially recommended for binary packages to ensure reproducibility, and is more +# commonly ignored for libraries. +# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control +#poetry.lock + +# pdm +# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control. +#pdm.lock +# pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it +# in version control. +# https://pdm.fming.dev/#use-with-ide +.pdm.toml + +# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm +__pypackages__/ + +# Celery stuff +celerybeat-schedule +celerybeat.pid + +# SageMath parsed files +*.sage.py + +# Environments +.env +.venv +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site -# BlueJ files -*.ctxt +# mypy +.mypy_cache/ +.dmypy.json +dmypy.json -# Mobile Tools for Java (J2ME) -.mtj.tmp/ +# Pyre type checker +.pyre/ -# Package Files # -*.jar -*.war -*.nar -*.ear -*.zip -*.tar.gz -*.rar +# pytype static type analyzer +.pytype/ -# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml -hs_err_pid* +# Cython debug symbols +cython_debug/ -*.ignored/ -*.ignore -bootstrap-scripts/htpasswd-users -.vscode/ \ No newline at end of file +# PyCharm +# JetBrains specific template is maintained in a separate JetBrains.gitignore that can +# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore +# and can be added to the global gitignore or merged into this file. For a more nuclear +# option (not recommended) you can uncomment the following to ignore the entire idea folder. +.idea/ diff --git a/README.md b/README.md index c7c5dca..f40dcbb 100644 --- a/README.md +++ b/README.md @@ -5,93 +5,98 @@ This project repo contains a set of ArgoCD manifests and a set of Ansible Playbo It uses the ArgoCD **App of Apps pattern** to pre-install and configure a set of Openshift Operators to support Developer Workflows. The following components should be provisioned by ArgoCD in your cluster: - * **Cert Manager** - * **Container Security Operator** - * **Openshift Devspaces** - * **Git Webhook Operator** - * **Gilab** - * **Hashicorp Vault** - * **Vault Config Operator** - * **Kubernetes Image Puller Operator** - * **Openshift Pipelines** - * **Patch Operator** - * **...** (this list keeps growing as I need to add new components to my demos) - -# First things first -If you got a "naked cluster" with just the `kubeadmin` system user. You can start by enabling the `htpasswd` auth provider and creating the `admin` user by using the `bootstrap-scripts/enable-htpasswd-users.sh`. + +* **Cert Manager** +* **Container Security Operator** +* **Openshift Devspaces** +* **Git Webhook Operator** +* **Gilab** +* **Hashicorp Vault** +* **Vault Config Operator** +* **Kubernetes Image Puller Operator** +* **Openshift Pipelines** +* **Patch Operator** +* **...** (this list keeps growing as I need to add new components to my demos) + +## First things first + +If you got a "naked cluster" with just the `kubeadmin` system user. You can start by enabling the `htpasswd` auth provider and creating the `admin` user by using the `scripts/enable-htpasswd-users.sh`. This script will create the `admin` user as `cluster-admin` and 5 other regular (non-admin) users. -# Openshift GitOps installation and cluster bootstrap +## Openshift GitOps installation and cluster bootstrap + You can choose to install **Openshift GitOps** Operator manually from the Operator Hub using the Openshift Console (Administrator Perspective) or you can 1. Authenticate as a `cluster-admin` on your cluster and execute ```shell - ./bootstrap-scripts/cluster-boostrap.sh + ./scripts/cluster-boostrap.sh ``` This script will: - * install Openshift GitOps (ArgoCD) - * apply the ArgoCD root app - * kickoff the cluster bootstrap - + +* Install Openshift GitOps (ArgoCD) operator +* Configure OpenShift GitOps (ArgoCD) instance +* Bootstrap the ArgoCD app of app + After applying this manifest go to the ArgoCD web console and watch the provisioning. > **IMPORTANT**: It will take a while to have all components provisioned and in healthy state. The provisioning happens in "waves". You may have to refresh od sync come apps in case they remain in unhealthy state. ![ArgoCD Root App tree](./docs/images/ArgoCD-root-app-tree.png) -# Enabling Github oAuth provider +## Enabling Github oAuth provider + I use this repo to bootstrap an Openshift Cluster to showcase Openshift Dev Tooling and Developer workflows on top of Openshift Platform. -For this I like to integrate Openshift and Openshift DevSpaces with Github. +For this I like to integrate Openshift and Openshift DevSpaces with Github. -To enable github users to authenticate on Openshift and DevSpaces using their Github accounts you need to configure Github oAuth. +To enable github users to authenticate on Openshift and DevSpaces using their Github accounts you need to configure Github oAuth. ## Enabling Github users (developers) to access Openshift - * Go to https://github.com/account/organizations/new?plan=free and create a new Github Personal Org" - * Fill the fields with: - * Organization Account Name: 'my-openshift-dev-team' - * Contact email: 'your email address' - * Check 'My personal account' for the Organization type +* Go to https://github.com/account/organizations/new?plan=free and create a new Github Personal Org" +* Fill the fields with: + * Organization Account Name: 'my-openshift-dev-team' + * Contact email: 'your email address' + * Check 'My personal account' for the Organization type -![](./docs/images/new-gb-personal-org.png) +![image](./docs/images/new-gb-personal-org.png) > **IMPORTANT:** After creating your Personal Org, make sure you add members to it (including yourself) > Go to https://github.com/orgs/your-org-name/people and invite/add members -![](./docs/images/gb-org-members.png) +![image](./docs/images/gb-org-members.png) - * Now go to https://github.com/settings/applications/new and create a new GitHub app - * Fill the fields with: - * Application Name: `Red Hat Openshift oAuth provider` - * Homepage URL: `https://console-openshift-console.apps.cluster-domain.com/` - * Authorization callback URL: `https://oauth-openshift.apps.cluster-domain.com/oauth2callback/github` +* Now go to https://github.com/settings/applications/new and create a new GitHub app +* Fill the fields with: + * Application Name: `Red Hat Openshift oAuth provider` + * Homepage URL: `https://console-openshift-console.apps.cluster-domain.com/` + * Authorization callback URL: `https://oauth-openshift.apps.cluster-domain.com/oauth2callback/github` > **IMPORTANT:** Remember to copy the Client Id and the Client Secret values -![](./docs/images/new-gb-ocp-oauth-app.png) +![image](./docs/images/new-gb-ocp-oauth-app.png) ## Configuring Github oAuth for DevSpaces - * Now go to https://github.com/settings/applications/new and create another GitHub app (now for DevSpaces) - * Fill the fields with: - * Application Name: `Openshift DevSpaces oAuth provider` - * Homepage URL: `https://devspaces.apps.cluster-domain.com/` - * Authorization callback URL: `https://devspaces.apps.cluster-domain.com/api/oauth/callback` +* Now go to https://github.com/settings/applications/new and create another GitHub app (now for DevSpaces) +* Fill the fields with: + * Application Name: `Openshift DevSpaces oAuth provider` + * Homepage URL: `https://devspaces.apps.cluster-domain.com/` + * Authorization callback URL: `https://devspaces.apps.cluster-domain.com/api/oauth/callback` > **IMPORTANT:** Remember to copy the Client Id and the Client Secret values -![](./docs/images/new-gb-devspaces-oauth-app.png) +![image](./docs/images/new-gb-devspaces-oauth-app.png) ## Applying the Github oAuth configuration to your Openshift cluster -With the Github Org and oAuth Apps properly created, now is time to apply the required configuration in your cluster. +With the Github Org and oAuth Apps properly created, now is time to apply the required configuration in your cluster. -**To make things easy I created a script to guide you in this configuration. Just execute the `bootstrap-scripts/setup-github-oauth.sh` and follow the instructions.** +**To make things easy I created a script to guide you in this configuration. Just execute the `scripts/setup-github-oauth.sh` and follow the instructions.** -> **NOTE:** After you create the github secrets the Patch Operator will catch the secret `ocp-github-app-credentials` (should be present in the `openshift-config` namespaces) and automatically configure the Cluster oAuth resource for you. +> **NOTE:** After you create the github secrets the Patch Operator will catch the secret `ocp-github-app-credentials` (should be present in the `openshift-config` namespaces) and automatically configure the Cluster oAuth resource for you. In a couple of seconds you should be able to access the cluster using Github as an Identity Provider. -![](./docs/images/gb-oauth-openshift-console.png) +![image](./docs/images/gb-oauth-openshift-console.png) diff --git a/argo-applications/Chart.yaml b/argo-applications/Chart.yaml deleted file mode 100644 index 5f33a83..0000000 --- a/argo-applications/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v2 -name: argo-applications -description: A Helm chart for Kubernetes - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "1.16.0" diff --git a/argo-applications/templates/_helpers.tpl b/argo-applications/templates/_helpers.tpl deleted file mode 100644 index 89b19ff..0000000 --- a/argo-applications/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "argo-applications.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "argo-applications.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "argo-applications.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "argo-applications.labels" -}} -helm.sh/chart: {{ include "argo-applications.chart" . }} -{{ include "argo-applications.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "argo-applications.selectorLabels" -}} -app.kubernetes.io/name: {{ include "argo-applications.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "argo-applications.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "argo-applications.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/argo-applications/templates/vault-config-operator.yaml b/argo-applications/templates/vault-config-operator.yaml deleted file mode 100644 index 22db019..0000000 --- a/argo-applications/templates/vault-config-operator.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: vault-config-operator - namespace: openshift-gitops - labels: - {{- include "argo-applications.labels" . | nindent 4 }} - finalizers: - - resources-finalizer.argocd.argoproj.io - annotations: - argocd.argoproj.io/sync-wave: "10" -spec: - project: default - source: - repoURL: {{ .Values.gitRepo.URL }} - targetRevision: {{ .Values.gitRepo.targetRevision }} - path: operators/hashicorp-vault/kustomize/overlays/vault-config-operator - directory: - recurse: false - destination: - server: https://kubernetes.default.svc - namespace: vault-config-operator - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - Validate=false - - SkipDryRunOnMissingResource=true - - CreateNamespace=false - - RespectIgnoreDifferences=true - - ApplyOutOfSyncOnly=true - retry: - limit: 5 - backoff: - duration: 5s # the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h") - factor: 2 # a factor to multiply the base duration after each failed retry - maxDuration: 10m # the maximum amount of time allowed for the backoff strategy - diff --git a/argo-applications/templates/vault-config.yaml b/argo-applications/templates/vault-config.yaml deleted file mode 100644 index 01f0abe..0000000 --- a/argo-applications/templates/vault-config.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: vault-config - namespace: openshift-gitops - labels: - {{- include "argo-applications.labels" . | nindent 4 }} - finalizers: - - resources-finalizer.argocd.argoproj.io - annotations: - argocd.argoproj.io/sync-wave: "15" -spec: - project: default - source: - repoURL: {{ .Values.gitRepo.URL }} - targetRevision: {{ .Values.gitRepo.targetRevision }} - path: operators/hashicorp-vault/kustomize/overlays/vault-config - directory: - recurse: false - destination: - server: https://kubernetes.default.svc - namespace: vault - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - Validate=false - - SkipDryRunOnMissingResource=true - - CreateNamespace=false - - RespectIgnoreDifferences=true - - ApplyOutOfSyncOnly=true - retry: - limit: 5 - backoff: - duration: 5s # the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h") - factor: 2 # a factor to multiply the base duration after each failed retry - maxDuration: 10m # the maximum amount of time allowed for the backoff strategy - diff --git a/argo-applications/templates/vault.yaml b/argo-applications/templates/vault.yaml deleted file mode 100644 index 8a548db..0000000 --- a/argo-applications/templates/vault.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: vault - namespace: openshift-gitops - labels: - {{- include "argo-applications.labels" . | nindent 4 }} - finalizers: - - resources-finalizer.argocd.argoproj.io - annotations: - argocd.argoproj.io/sync-wave: "5" -spec: - project: default - source: - repoURL: {{ .Values.gitRepo.URL }} - targetRevision: {{ .Values.gitRepo.targetRevision }} - path: operators/hashicorp-vault/kustomize/overlays/vault - directory: - recurse: false - destination: - server: https://kubernetes.default.svc - namespace: vault - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - Validate=false - - SkipDryRunOnMissingResource=true - - CreateNamespace=false - - RespectIgnoreDifferences=true - - ApplyOutOfSyncOnly=true - retry: - limit: 5 - backoff: - duration: 5s # the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h") - factor: 2 # a factor to multiply the base duration after each failed retry - maxDuration: 10m # the maximum amount of time allowed for the backoff strategy - ignoreDifferences: - - group: apps - kind: StatefulSet - name: vault - jsonPointers: - - /spec/template/spec - - group: admissionregistration.k8s.io - kind: MutatingWebhookConfiguration - name: vault-agent-injector-cfg - jsonPointers: - - /webhooks/0/clientConfig/caBundle - - group: console.openshift.io - kind: ConsoleLink - jsonPointers: - - /spec/href \ No newline at end of file diff --git a/argo-applications/values.yaml b/argo-applications/values.yaml deleted file mode 100644 index 8d90cb7..0000000 --- a/argo-applications/values.yaml +++ /dev/null @@ -1,17 +0,0 @@ -gitRepo: - URL: dummy - targetRevision: HEAD -baseDomain: dummy -git: - organization: redhat-na-ssa -gitlab: - install: false -rhsso: - install: false -certmanager: - install: false -helm: - charts: - gitlab: - repoURL: https://github.com/redhat-gpte-devopsautomation/agnosticg - targetRevision: HEAD diff --git a/components/.gitignore b/components/.gitignore new file mode 100644 index 0000000..c001bd3 --- /dev/null +++ b/components/.gitignore @@ -0,0 +1 @@ +!instance/ \ No newline at end of file diff --git a/root-app/app-of-apps.yaml b/components/argocd/apps/overlays/dev-hub-demo/app-of-apps.yaml similarity index 83% rename from root-app/app-of-apps.yaml rename to components/argocd/apps/overlays/dev-hub-demo/app-of-apps.yaml index 4327b85..d55bbce 100644 --- a/root-app/app-of-apps.yaml +++ b/components/argocd/apps/overlays/dev-hub-demo/app-of-apps.yaml @@ -1,7 +1,7 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: root-application + name: app-of-apps namespace: openshift-gitops # Add a this finalizer ONLY if you want these to cascade delete. finalizers: @@ -13,17 +13,8 @@ spec: # Source of the application manifests source: repoURL: https://github.com/redhat-na-ssa/redhat-developer-hub-gitops-bootstrap.git - targetRevision: HEAD - path: argo-applications - helm: - values: | - gitRepo: - URL: https://github.com/redhat-na-ssa/redhat-developer-hub-gitops-bootstrap.git - targetRevision: HEAD - git: - organization: redhat-na-ssa - directory: - recurse: false + targetRevision: peer-review + path: components/argocd/apps/overlays/dev-hub-demo # Destination cluster and namespace to deploy the application destination: server: https://kubernetes.default.svc diff --git a/argo-applications/templates/openshift-config.yaml b/components/argocd/apps/overlays/dev-hub-demo/config-cluster.yaml similarity index 78% rename from argo-applications/templates/openshift-config.yaml rename to components/argocd/apps/overlays/dev-hub-demo/config-cluster.yaml index 5b76648..fd3530d 100644 --- a/argo-applications/templates/openshift-config.yaml +++ b/components/argocd/apps/overlays/dev-hub-demo/config-cluster.yaml @@ -1,10 +1,8 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: openshift-config + name: config-cluster namespace: openshift-gitops - labels: - {{- include "argo-applications.labels" . | nindent 4 }} finalizers: - resources-finalizer.argocd.argoproj.io annotations: @@ -12,12 +10,9 @@ metadata: spec: project: default source: - repoURL: {{ .Values.gitRepo.URL }} - targetRevision: {{ .Values.gitRepo.targetRevision }} - path: cluster-configs/openshift-config - helm: - values: | - base_domain: {{ .Values.baseDomain }} + repoURL: https://github.com/redhat-na-ssa/redhat-developer-hub-gitops-bootstrap.git + targetRevision: peer-review + path: components/configs/cluster/openshift-config destination: server: https://kubernetes.default.svc namespace: openshift-config diff --git a/components/argocd/apps/overlays/dev-hub-demo/config-devspaces.yaml b/components/argocd/apps/overlays/dev-hub-demo/config-devspaces.yaml new file mode 100644 index 0000000..4a5c986 --- /dev/null +++ b/components/argocd/apps/overlays/dev-hub-demo/config-devspaces.yaml @@ -0,0 +1,44 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: config-devspaces + namespace: openshift-gitops + finalizers: + - resources-finalizer.argocd.argoproj.io + annotations: + argocd.argoproj.io/sync-wave: "20" +spec: + project: default + source: + repoURL: https://github.com/redhat-na-ssa/redhat-developer-hub-gitops-bootstrap.git + targetRevision: peer-review + path: components/operators/devspaces/instance/overlays/timeout-12m + destination: + server: https://kubernetes.default.svc + namespace: openshift-operators + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - Validate=false + - SkipDryRunOnMissingResource=true + - CreateNamespace=false + - RespectIgnoreDifferences=true + - ApplyOutOfSyncOnly=true + - ServerSideApply=true + retry: + limit: 5 + backoff: + duration: 5s # the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h") + factor: 2 # a factor to multiply the base duration after each failed retry + maxDuration: 10m # the maximum amount of time allowed for the backoff strategy + ignoreDifferences: + - group: org.eclipse.che + kind: CheCluster + name: devspaces + jsonPointers: + - /spec + - kind: DevWorkspaceOperatorConfig + jsonPointers: + - /metadata/labels diff --git a/vault-bootstrap-apps/vault-config.yaml b/components/argocd/apps/overlays/dev-hub-demo/config-vault-config.yaml similarity index 86% rename from vault-bootstrap-apps/vault-config.yaml rename to components/argocd/apps/overlays/dev-hub-demo/config-vault-config.yaml index 4b2200e..1b8206f 100644 --- a/vault-bootstrap-apps/vault-config.yaml +++ b/components/argocd/apps/overlays/dev-hub-demo/config-vault-config.yaml @@ -1,7 +1,7 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: vault-config + name: config-vault-config namespace: openshift-gitops finalizers: - resources-finalizer.argocd.argoproj.io @@ -11,10 +11,8 @@ spec: project: default source: repoURL: https://github.com/redhat-na-ssa/redhat-developer-hub-gitops-bootstrap.git - targetRevision: HEAD - path: operators/hashicorp-vault/kustomize/overlays/vault-config - directory: - recurse: false + targetRevision: peer-review + path: components/operators/hashicorp-vault/kustomize/overlays/vault-config destination: server: https://kubernetes.default.svc namespace: vault diff --git a/vault-bootstrap-apps/vault.yaml b/components/argocd/apps/overlays/dev-hub-demo/config-vault.yaml similarity index 89% rename from vault-bootstrap-apps/vault.yaml rename to components/argocd/apps/overlays/dev-hub-demo/config-vault.yaml index 7be7510..99e7950 100644 --- a/vault-bootstrap-apps/vault.yaml +++ b/components/argocd/apps/overlays/dev-hub-demo/config-vault.yaml @@ -1,7 +1,7 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: vault + name: config-vault namespace: openshift-gitops finalizers: - resources-finalizer.argocd.argoproj.io @@ -11,10 +11,10 @@ spec: project: default source: repoURL: https://github.com/redhat-na-ssa/redhat-developer-hub-gitops-bootstrap.git - targetRevision: HEAD - path: operators/hashicorp-vault/kustomize/overlays/vault - directory: - recurse: false + targetRevision: peer-review + path: components/operators/hashicorp-vault/kustomize/overlays/vault + # directory: + # recurse: false destination: server: https://kubernetes.default.svc namespace: vault diff --git a/components/argocd/apps/overlays/dev-hub-demo/kustomization.yaml b/components/argocd/apps/overlays/dev-hub-demo/kustomization.yaml new file mode 100644 index 0000000..66787c5 --- /dev/null +++ b/components/argocd/apps/overlays/dev-hub-demo/kustomization.yaml @@ -0,0 +1,20 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +commonLabels: + demo: redhat-developer-hub-gitops + +resources: + - app-of-apps.yaml + - config-cluster.yaml + - config-vault-config.yaml + - config-vault.yaml + - config-devspaces.yaml + - operator-cert-manager.yaml + - operator-devspaces.yaml + - operator-git-webhook.yaml + - operator-gitlab.yaml + - operator-image-puller.yaml + - operator-openshift-pipelines.yaml + - operator-patch-operator.yaml + - operator-vault-config.yaml diff --git a/argo-applications/templates/cert-manager.yaml b/components/argocd/apps/overlays/dev-hub-demo/operator-cert-manager.yaml similarity index 64% rename from argo-applications/templates/cert-manager.yaml rename to components/argocd/apps/overlays/dev-hub-demo/operator-cert-manager.yaml index 2e63e1c..85959cb 100644 --- a/argo-applications/templates/cert-manager.yaml +++ b/components/argocd/apps/overlays/dev-hub-demo/operator-cert-manager.yaml @@ -1,11 +1,8 @@ -{{- if .Values.certmanager.install }} apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: cert-manager + name: operator-cert-manager namespace: openshift-gitops - labels: - {{- include "argo-applications.labels" . | nindent 4 }} finalizers: - resources-finalizer.argocd.argoproj.io annotations: @@ -13,17 +10,12 @@ metadata: spec: project: default source: - repoURL: {{ .Values.gitRepo.URL }} - #repoURL: https://github.com/redhat-cop/gitops-catalog - targetRevision: {{ .Values.gitRepo.targetRevision }} - path: operators/cert-manager - #path: cert-manager-operator/operator/base #operators/cert-manager - directory: - include: operator.yaml + repoURL: https://github.com/redhat-na-ssa/redhat-developer-hub-gitops-bootstrap.git + targetRevision: peer-review + path: components/operators/openshift-cert-manager-operator/operator/overlays/stable-v1 destination: server: https://kubernetes.default.svc - # namespace: cert-manager-operator - namespace: openshift-operators + namespace: cert-manager-operator syncPolicy: automated: {} syncOptions: @@ -43,4 +35,3 @@ spec: managedFieldsManagers: - olm - kube-apiserver -{{- end}} \ No newline at end of file diff --git a/argo-applications/templates/devspaces.yaml b/components/argocd/apps/overlays/dev-hub-demo/operator-devspaces.yaml similarity index 82% rename from argo-applications/templates/devspaces.yaml rename to components/argocd/apps/overlays/dev-hub-demo/operator-devspaces.yaml index 8871918..ba27088 100644 --- a/argo-applications/templates/devspaces.yaml +++ b/components/argocd/apps/overlays/dev-hub-demo/operator-devspaces.yaml @@ -1,10 +1,8 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: devspaces-instance + name: operator-devspaces namespace: openshift-gitops - labels: - {{- include "argo-applications.labels" . | nindent 4 }} finalizers: - resources-finalizer.argocd.argoproj.io annotations: @@ -12,9 +10,9 @@ metadata: spec: project: default source: - repoURL: {{ .Values.gitRepo.URL }} - targetRevision: {{ .Values.gitRepo.targetRevision }} - path: operators/devspaces + repoURL: https://github.com/redhat-na-ssa/redhat-developer-hub-gitops-bootstrap.git + targetRevision: peer-review + path: components/operators/devspaces/operator/overlays/stable destination: server: https://kubernetes.default.svc namespace: openshift-operators diff --git a/argo-applications/templates/git-webhook.yaml b/components/argocd/apps/overlays/dev-hub-demo/operator-git-webhook.yaml similarity index 82% rename from argo-applications/templates/git-webhook.yaml rename to components/argocd/apps/overlays/dev-hub-demo/operator-git-webhook.yaml index 6057d3a..2367acf 100644 --- a/argo-applications/templates/git-webhook.yaml +++ b/components/argocd/apps/overlays/dev-hub-demo/operator-git-webhook.yaml @@ -1,10 +1,8 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: git-webhook + name: operator-git-webhook namespace: openshift-gitops - labels: - {{- include "argo-applications.labels" . | nindent 4 }} finalizers: - resources-finalizer.argocd.argoproj.io annotations: @@ -12,9 +10,9 @@ metadata: spec: project: default source: - repoURL: {{ .Values.gitRepo.URL }} - targetRevision: {{ .Values.gitRepo.targetRevision }} - path: operators/git-webhook/kustomize + repoURL: https://github.com/redhat-na-ssa/redhat-developer-hub-gitops-bootstrap.git + targetRevision: peer-review + path: components/operators/git-webhook/kustomize destination: server: https://kubernetes.default.svc namespace: gitwebhook-operator diff --git a/argo-applications/templates/gitlab.yaml b/components/argocd/apps/overlays/dev-hub-demo/operator-gitlab.yaml similarity index 77% rename from argo-applications/templates/gitlab.yaml rename to components/argocd/apps/overlays/dev-hub-demo/operator-gitlab.yaml index 10dc292..6ad946c 100644 --- a/argo-applications/templates/gitlab.yaml +++ b/components/argocd/apps/overlays/dev-hub-demo/operator-gitlab.yaml @@ -1,11 +1,8 @@ -{{- if .Values.gitlab.install }} apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: gitlab + name: operator-gitlab namespace: openshift-gitops - labels: - {{- include "argo-applications.labels" . | nindent 4 }} finalizers: - resources-finalizer.argocd.argoproj.io annotations: @@ -13,9 +10,9 @@ metadata: spec: project: default source: - repoURL: {{ .Values.gitRepo.URL }} - targetRevision: {{ .Values.gitRepo.targetRevision }} - path: operators/gitlab/kustomize + repoURL: https://github.com/redhat-na-ssa/redhat-developer-hub-gitops-bootstrap.git + targetRevision: peer-review + path: components/operators/gitlab-operator-kubernetes/operator/overlays/stable destination: server: https://kubernetes.default.svc namespace: gitlab-system @@ -28,7 +25,7 @@ spec: - SkipDryRunOnMissingResource=true - CreateNamespace=true - RespectIgnoreDifferences=true - - ApplyOutOfSyncOnly=false + - ApplyOutOfSyncOnly=false retry: limit: 10 backoff: @@ -42,4 +39,3 @@ spec: # namespace: gitlab-system jsonPointers: - /spec/chart/values/global/hosts/domain -{{- end}} \ No newline at end of file diff --git a/argo-applications/templates/kubernetes-image-puller-operator.yaml b/components/argocd/apps/overlays/dev-hub-demo/operator-image-puller.yaml similarity index 75% rename from argo-applications/templates/kubernetes-image-puller-operator.yaml rename to components/argocd/apps/overlays/dev-hub-demo/operator-image-puller.yaml index 76f9178..8e0cbca 100644 --- a/argo-applications/templates/kubernetes-image-puller-operator.yaml +++ b/components/argocd/apps/overlays/dev-hub-demo/operator-image-puller.yaml @@ -1,10 +1,8 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: kubernetes-image-puller-operator + name: operator-image-puller namespace: openshift-gitops - labels: - {{- include "argo-applications.labels" . | nindent 4 }} finalizers: - resources-finalizer.argocd.argoproj.io annotations: @@ -12,11 +10,9 @@ metadata: spec: project: default source: - repoURL: {{ .Values.gitRepo.URL }} - targetRevision: {{ .Values.gitRepo.targetRevision }} - path: operators/image-puller - directory: - include: operator.yaml + repoURL: https://github.com/redhat-na-ssa/redhat-developer-hub-gitops-bootstrap.git + targetRevision: peer-review + path: components/operators/kubernetes-imagepuller-operator/operator/overlays/stable destination: server: https://kubernetes.default.svc namespace: openshift-operators diff --git a/argo-applications/templates/openshift-pipelines.yaml b/components/argocd/apps/overlays/dev-hub-demo/operator-openshift-pipelines.yaml similarity index 74% rename from argo-applications/templates/openshift-pipelines.yaml rename to components/argocd/apps/overlays/dev-hub-demo/operator-openshift-pipelines.yaml index ac632dc..7e4b219 100644 --- a/argo-applications/templates/openshift-pipelines.yaml +++ b/components/argocd/apps/overlays/dev-hub-demo/operator-openshift-pipelines.yaml @@ -1,10 +1,8 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: openshift-pipelines + name: operator-openshift-pipelines namespace: openshift-gitops - labels: - {{- include "argo-applications.labels" . | nindent 4 }} finalizers: - resources-finalizer.argocd.argoproj.io annotations: @@ -12,11 +10,9 @@ metadata: spec: project: default source: - repoURL: {{ .Values.gitRepo.URL }} - targetRevision: {{ .Values.gitRepo.targetRevision }} - path: operators/openshift-pipelines - directory: - include: operator.yaml + repoURL: https://github.com/redhat-na-ssa/redhat-developer-hub-gitops-bootstrap.git + targetRevision: peer-review + path: components/operators/openshift-pipelines-operator-rh/operator/overlays/latest destination: server: https://kubernetes.default.svc namespace: openshift-operators @@ -34,4 +30,4 @@ spec: backoff: duration: 5s # the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h") factor: 2 # a factor to multiply the base duration after each failed retry - maxDuration: 10m # the maximum amount of time allowed for the backoff strategy \ No newline at end of file + maxDuration: 10m # the maximum amount of time allowed for the backoff strategy diff --git a/argo-applications/templates/patch-operator.yaml b/components/argocd/apps/overlays/dev-hub-demo/operator-patch-operator.yaml similarity index 74% rename from argo-applications/templates/patch-operator.yaml rename to components/argocd/apps/overlays/dev-hub-demo/operator-patch-operator.yaml index fe72c72..72c2cb9 100644 --- a/argo-applications/templates/patch-operator.yaml +++ b/components/argocd/apps/overlays/dev-hub-demo/operator-patch-operator.yaml @@ -1,10 +1,8 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: patch-operator + name: operator-patch-operator namespace: openshift-gitops - labels: - {{- include "argo-applications.labels" . | nindent 4 }} finalizers: - resources-finalizer.argocd.argoproj.io annotations: @@ -12,11 +10,11 @@ metadata: spec: project: default source: - repoURL: {{ .Values.gitRepo.URL }} - targetRevision: {{ .Values.gitRepo.targetRevision }} - path: operators/patch-operator - directory: - include: operator.yaml + repoURL: https://github.com/redhat-na-ssa/redhat-developer-hub-gitops-bootstrap.git + targetRevision: peer-review + path: components/operators/patch-operator/operator/overlays/alpha + # directory: + # include: operator.yaml destination: server: https://kubernetes.default.svc namespace: patch-operator @@ -34,4 +32,4 @@ spec: backoff: duration: 5s # the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h") factor: 2 # a factor to multiply the base duration after each failed retry - maxDuration: 10m # the maximum amount of time allowed for the backoff strategy \ No newline at end of file + maxDuration: 10m # the maximum amount of time allowed for the backoff strategy diff --git a/vault-bootstrap-apps/vault-config-operator.yaml b/components/argocd/apps/overlays/dev-hub-demo/operator-vault-config.yaml similarity index 85% rename from vault-bootstrap-apps/vault-config-operator.yaml rename to components/argocd/apps/overlays/dev-hub-demo/operator-vault-config.yaml index 847b1e9..8d999b8 100644 --- a/vault-bootstrap-apps/vault-config-operator.yaml +++ b/components/argocd/apps/overlays/dev-hub-demo/operator-vault-config.yaml @@ -1,7 +1,7 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: vault-config-operator + name: operator-vault-config namespace: openshift-gitops finalizers: - resources-finalizer.argocd.argoproj.io @@ -11,10 +11,8 @@ spec: project: default source: repoURL: https://github.com/redhat-na-ssa/redhat-developer-hub-gitops-bootstrap.git - targetRevision: HEAD - path: operators/hashicorp-vault/kustomize/overlays/vault-config-operator - directory: - recurse: false + targetRevision: peer-review + path: components/overlays/vault-config-operator destination: server: https://kubernetes.default.svc namespace: vault-config-operator diff --git a/components/configs/cluster/openshift-config/all.yaml b/components/configs/cluster/openshift-config/all.yaml new file mode 100644 index 0000000..c7129ea --- /dev/null +++ b/components/configs/cluster/openshift-config/all.yaml @@ -0,0 +1,338 @@ +--- +# Source: openshift-config/templates/patch-operator-mutatingwebhook-sa-rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + creationTimestamp: null + name: mutatingwebhook-patcher + namespace: patch-operator + labels: + app.kubernetes.io/name: openshift-config +--- +# Source: openshift-config/templates/default-service-account-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: default-service-account-secret + annotations: + kubernetes.io/service-account.name: "default" + labels: + app.kubernetes.io/name: openshift-config +type: kubernetes.io/service-account-token +--- +# Source: openshift-config/templates/service-account-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: default-service-account + namespace: openshift-config + annotations: + kubernetes.io/service-account.name: default +type: kubernetes.io/service-account-token +--- +# Source: openshift-config/templates/user-workload-monitoring-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: cluster-monitoring-config + namespace: openshift-monitoring + labels: + app.kubernetes.io/name: openshift-config +data: + config.yaml: | + enableUserWorkload: true +--- +# Source: openshift-config/templates/patch-operator-mutatingwebhook-sa-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: openshift-config + name: mutatingwebhookconfiguration-patcher +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "admissionregistration.k8s.io" + resources: + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - patch + - update +--- +# Source: openshift-config/templates/patch-operator-mutatingwebhook-sa-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: openshift-config + name: mutatingwebhookconfiguration-patcher +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: mutatingwebhookconfiguration-patcher +subjects: +- kind: ServiceAccount + name: mutatingwebhook-patcher + namespace: patch-operator +--- +# Source: openshift-config/templates/rbac.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: 'openshift-config-default-cluster-admin' + labels: + app.kubernetes.io/name: openshift-config +subjects: + - kind: ServiceAccount + name: default + # .Release.Namespace will render the namespace where the application being installed by helm. + namespace: sandbox +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: 'cluster-admin' +--- +# Source: openshift-config/templates/build-configs.yaml +apiVersion: config.openshift.io/v1 +kind: Build +metadata: + annotations: + release.openshift.io/create-only: "true" + name: cluster + labels: + app.kubernetes.io/name: openshift-config +spec: + buildDefaults: + resources: + requests: + cpu: 200m + memory: 500Mi +--- +# Source: openshift-config/templates/patch-operator-mutatingwebhook.yaml +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: patch-operator-inject + labels: + app.kubernetes.io/name: openshift-config +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: patch-operator-controller-manager-service + namespace: patch-operator + path: /inject + caBundle: Cg== + failurePolicy: Fail + name: patch-operator-inject.redhatcop.redhat.io + rules: [] + # - apiGroups: + # - "dbaas.redhat.com" + # apiVersions: + # - v1alpha1 + # operations: + # - CREATE + # resources: + # - dbaasconnections + sideEffects: None +--- +# Source: openshift-config/templates/olmconfig-patch.yaml +apiVersion: operators.coreos.com/v1 +kind: OLMConfig +metadata: + annotations: + argocd.argoproj.io/sync-options: ServerSideApply=true + name: cluster +spec: + features: + disableCopiedCSVs: true +--- +# Source: openshift-config/templates/patches.yaml +# Documentation reference: https://github.com/redhat-cop/patch-operator +apiVersion: redhatcop.redhat.io/v1alpha1 +kind: Patch +metadata: + name: config-patches + namespace: openshift-config + labels: + app.kubernetes.io/name: openshift-config +spec: + serviceAccountRef: + name: default + patches: + # pull-secret-service-account-patch: + # targetObjectRef: + # apiVersion: v1 + # kind: ServiceAccount + # name: default + # sourceObjectRefs: + # - apiVersion: v1 + # kind: Namespace + # name: '{{ .metadata.namespace }}' + # patchTemplate: | + # imagePullSecrets: + # {{- if and (and (hasKey (index . 1).metadata.labels "app") (not (eq ((index . 1).metadata.labels.environment | toString) "build"))) (not (has (dict "name" "quay-pull-secret") (index . 0).imagePullSecrets)) }} + # {{ append (index . 0).imagePullSecrets (dict "name" "quay-pull-secret") | toYaml | indent 2 }} + # {{- else }} + # {{ (index . 0).imagePullSecrets | toYaml | indent 2 }} + # {{- end }} + # patchType: application/merge-patch+json + # push-secret-pipeline-service-account-patch: + # targetObjectRef: + # apiVersion: v1 + # kind: ServiceAccount + # name: pipeline + # sourceObjectRefs: + # - apiVersion: v1 + # kind: Namespace + # name: '{{ .metadata.namespace }}' + # patchTemplate: | + # imagePullSecrets: + # {{- if and (and (hasKey (index . 1).metadata.labels "app") (eq ((index . 1).metadata.labels.environment | toString) "build")) (not (has (dict "name" "quay-push-secret") (index . 0).imagePullSecrets)) }} + # {{ append (index . 0).imagePullSecrets (dict "name" "quay-push-secret") | toYaml | indent 2 }} + # {{- else }} + # {{ (index . 0).imagePullSecrets | toYaml | indent 2 }} + # {{- end }} + # patchType: application/merge-patch+json + # gitlab-host-domain: + # targetObjectRef: + # apiVersion: apps.gitlab.com/v1beta1 + # kind: GitLab + # name: gitlab + # # these are the objects that will be watched and become part of the parameters of the patch template. + # sourceObjectRefs: + # - apiVersion: config.openshift.io/v1 + # kind: Ingress + # name: cluster + # patchTemplate: | + # {{- $clusterDomain:= (index . 1).spec.domain -}} + # spec: + # chart: + # values: + # global: + # hosts: + # domain: gitlab-gitlab-system.{{ $clusterDomain }} + # patchType: application/merge-patch+json + vault-console-link: + targetObjectRef: + apiVersion: console.openshift.io/v1 + kind: ConsoleLink + name: vault-link + # these are the objects that will be watched and become part of the parameters of the patch template. + sourceObjectRefs: + - apiVersion: config.openshift.io/v1 + kind: Ingress + name: cluster + patchTemplate: | + {{- $clusterDomain:= (index . 1).spec.domain -}} + spec: + href: https://vault-vault.{{ $clusterDomain }} + patchType: application/merge-patch+json + vault-route: + targetObjectRef: + apiVersion: route.openshift.io/v1 + kind: Route + name: vault + # these are the objects that will be watched and become part of the parameters of the patch template. + sourceObjectRefs: + - apiVersion: config.openshift.io/v1 + kind: Ingress + name: cluster + patchTemplate: | + {{- $clusterDomain:= (index . 1).spec.domain -}} + spec: + host: vault-vault.{{ $clusterDomain }} + patchType: application/merge-patch+json + github-ocp-oauth-provider: + targetObjectRef: + apiVersion: config.openshift.io/v1 + kind: OAuth + name: cluster + # these are the objects that will be watched and become part of the parameters of the patch template. + sourceObjectRefs: + - apiVersion: v1 + kind: Secret + name: ocp-github-app-credentials + namespace: openshift-config + # This is the the template that will be evaluated. + # The result must be a valid patch compatible with the requested type and expressed in yaml for readability. + # The parameters passed to the template are the target object and then the all of the source object. + # So if you want to refer to the target object in the template you can use this expression (index . 0). + # Higher indexes refer to the sourceObjectRef array. + # The template is expressed in golang template notation and supports the same functions as helm template. + # --- + # - Golang text template syntax: https://pkg.go.dev/text/template + # --- + patchTemplate: | + {{- $demoIdp:= dict "name" "github" "mappingMethod" "claim" "type" "GitHub" "github" (dict "teams" (list) "clientID" ((index . 1).data.client_id | b64dec) "clientSecret" (dict "name" "ocp-github-app-credentials") "organizations" (list ((index . 1).data.orgs | b64dec)) ) -}} + spec: + identityProviders: + {{- if (not (has $demoIdp (index . 0).spec.identityProviders)) }} + {{ append (index . 0).spec.identityProviders $demoIdp | toYaml | indent 4 }} + {{- else }} + {{ (index . 0).spec.identityProviders | toYaml | indent 4 }} + {{- end }} + # is the type of the json patch. The possible values are: + # application/json-patch+json, + # application/merge-patch+json and + # application/strategic-merge-patch+json. + #If this annotation is omitted it defaults to strategic merge. + patchType: application/merge-patch+json + # argocd-admin-user-secret-for-tekton: + # targetObjectRef: + # apiVersion: v1 + # kind: Secret + # name: argocd-env-secret + # sourceObjectRefs: + # - apiVersion: v1 + # kind: Secret + # namespace: '{{ .metadata.namespace }}' + # name: tenant-gitops-cluster + # patchTemplate: | + # data: + # ARGOCD_USERNAME: {{ "admin" | b64enc }} + # ARGOCD_PASSWORD: {{ (index (index . 1).data "admin.password") }} + # patchType: application/merge-patch+json + # user-workload-grafana-app-patch: + # targetObjectRef: + # apiVersion: argoproj.io/v1alpha1 + # kind: Application + # namespace: openshift-gitops + # name: user-workload-grafana + # sourceObjectRefs: + # - apiVersion: v1 + # kind: Secret + # namespace: openshift-config + # name: default-service-account + # patchTemplate: | + # spec: + # source: + # helm: + # values: | + # userworkload: + # prometheus: + # bearertoken: {{ (index . 1).data.token | toString | b64dec }} + # patchType: application/merge-patch+json + patch-operator-mutatingwebhookconfigurations: + targetObjectRef: + apiVersion: admissionregistration.k8s.io/v1 + kind: MutatingWebhookConfiguration + name: patch-operator-inject + patchTemplate: '[{"op": "replace", "path": "/webhooks/0/clientConfig/caBundle", "value":"{{ (index (index . 1).data "olmCAKey") }}"}]' + patchType: application/json-patch+json + sourceObjectRefs: + - apiVersion: v1 + kind: Secret + name: patch-operator-controller-manager-service-cert + namespace: patch-operator diff --git a/cluster-configs/openshift-config/Chart.yaml b/components/configs/cluster/openshift-config/helm/Chart.yaml similarity index 100% rename from cluster-configs/openshift-config/Chart.yaml rename to components/configs/cluster/openshift-config/helm/Chart.yaml diff --git a/cluster-configs/openshift-config/templates/_helpers.tpl b/components/configs/cluster/openshift-config/helm/templates/_helpers.tpl similarity index 100% rename from cluster-configs/openshift-config/templates/_helpers.tpl rename to components/configs/cluster/openshift-config/helm/templates/_helpers.tpl diff --git a/cluster-configs/openshift-config/templates/build-configs.yaml b/components/configs/cluster/openshift-config/helm/templates/build-configs.yaml similarity index 100% rename from cluster-configs/openshift-config/templates/build-configs.yaml rename to components/configs/cluster/openshift-config/helm/templates/build-configs.yaml diff --git a/cluster-configs/openshift-config/templates/default-service-account-secret.yaml b/components/configs/cluster/openshift-config/helm/templates/default-service-account-secret.yaml similarity index 100% rename from cluster-configs/openshift-config/templates/default-service-account-secret.yaml rename to components/configs/cluster/openshift-config/helm/templates/default-service-account-secret.yaml diff --git a/cluster-configs/openshift-config/templates/olmconfig-patch.yaml b/components/configs/cluster/openshift-config/helm/templates/olmconfig-patch.yaml similarity index 100% rename from cluster-configs/openshift-config/templates/olmconfig-patch.yaml rename to components/configs/cluster/openshift-config/helm/templates/olmconfig-patch.yaml diff --git a/cluster-configs/openshift-config/templates/patch-operator-mutatingwebhook-sa-rbac.yaml b/components/configs/cluster/openshift-config/helm/templates/patch-operator-mutatingwebhook-sa-rbac.yaml similarity index 100% rename from cluster-configs/openshift-config/templates/patch-operator-mutatingwebhook-sa-rbac.yaml rename to components/configs/cluster/openshift-config/helm/templates/patch-operator-mutatingwebhook-sa-rbac.yaml diff --git a/cluster-configs/openshift-config/templates/patch-operator-mutatingwebhook.yaml b/components/configs/cluster/openshift-config/helm/templates/patch-operator-mutatingwebhook.yaml similarity index 100% rename from cluster-configs/openshift-config/templates/patch-operator-mutatingwebhook.yaml rename to components/configs/cluster/openshift-config/helm/templates/patch-operator-mutatingwebhook.yaml diff --git a/cluster-configs/openshift-config/templates/patches.yaml b/components/configs/cluster/openshift-config/helm/templates/patches.yaml similarity index 100% rename from cluster-configs/openshift-config/templates/patches.yaml rename to components/configs/cluster/openshift-config/helm/templates/patches.yaml diff --git a/cluster-configs/openshift-config/templates/rbac.yaml b/components/configs/cluster/openshift-config/helm/templates/rbac.yaml similarity index 100% rename from cluster-configs/openshift-config/templates/rbac.yaml rename to components/configs/cluster/openshift-config/helm/templates/rbac.yaml diff --git a/cluster-configs/openshift-config/templates/service-account-secret.yaml b/components/configs/cluster/openshift-config/helm/templates/service-account-secret.yaml similarity index 100% rename from cluster-configs/openshift-config/templates/service-account-secret.yaml rename to components/configs/cluster/openshift-config/helm/templates/service-account-secret.yaml diff --git a/cluster-configs/openshift-config/templates/user-workload-monitoring-configmap.yaml b/components/configs/cluster/openshift-config/helm/templates/user-workload-monitoring-configmap.yaml similarity index 100% rename from cluster-configs/openshift-config/templates/user-workload-monitoring-configmap.yaml rename to components/configs/cluster/openshift-config/helm/templates/user-workload-monitoring-configmap.yaml diff --git a/operators/hashicorp-vault/kustomize/bases/vault/kustomization.yaml b/components/configs/cluster/openshift-config/kustomization.yaml similarity index 56% rename from operators/hashicorp-vault/kustomize/bases/vault/kustomization.yaml rename to components/configs/cluster/openshift-config/kustomization.yaml index 9c86253..65c6310 100644 --- a/operators/hashicorp-vault/kustomize/bases/vault/kustomization.yaml +++ b/components/configs/cluster/openshift-config/kustomization.yaml @@ -2,6 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ./namespace.yaml - - ./link.yaml - - ./role-binding.yaml + - all.yaml diff --git a/cluster-configs/openshift-config/values.yaml b/components/configs/cluster/openshift-config/values.yaml similarity index 100% rename from cluster-configs/openshift-config/values.yaml rename to components/configs/cluster/openshift-config/values.yaml diff --git a/components/operators/devspaces/instance/overlays/timeout-12m/kustomization.yaml b/components/operators/devspaces/instance/overlays/timeout-12m/kustomization.yaml new file mode 100644 index 0000000..8878cd2 --- /dev/null +++ b/components/operators/devspaces/instance/overlays/timeout-12m/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - https://github.com/codekow/demo-ai-gitops-catalog/components/operators/devspaces/instance/overlays/timeout-12m?ref=v0.03 diff --git a/components/operators/devspaces/operator/overlays/stable/kustomization.yaml b/components/operators/devspaces/operator/overlays/stable/kustomization.yaml new file mode 100644 index 0000000..49cb334 --- /dev/null +++ b/components/operators/devspaces/operator/overlays/stable/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - https://github.com/codekow/demo-ai-gitops-catalog/components/operators/devspaces/operator/overlays/stable?ref=v0.03 diff --git a/operators/git-webhook/kustomize/kustomization.yaml b/components/operators/git-webhook/kustomize/kustomization.yaml similarity index 51% rename from operators/git-webhook/kustomize/kustomization.yaml rename to components/operators/git-webhook/kustomize/kustomization.yaml index 9ea30dc..9e2da54 100644 --- a/operators/git-webhook/kustomize/kustomization.yaml +++ b/components/operators/git-webhook/kustomize/kustomization.yaml @@ -1,6 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ./namespace.yaml - - ./operator-group.yaml - - ./subscription.yaml \ No newline at end of file + - namespace.yaml + - operator-group.yaml + - subscription.yaml \ No newline at end of file diff --git a/operators/git-webhook/kustomize/namespace.yaml b/components/operators/git-webhook/kustomize/namespace.yaml similarity index 100% rename from operators/git-webhook/kustomize/namespace.yaml rename to components/operators/git-webhook/kustomize/namespace.yaml diff --git a/operators/git-webhook/kustomize/operator-group.yaml b/components/operators/git-webhook/kustomize/operator-group.yaml similarity index 100% rename from operators/git-webhook/kustomize/operator-group.yaml rename to components/operators/git-webhook/kustomize/operator-group.yaml diff --git a/operators/git-webhook/kustomize/subscription.yaml b/components/operators/git-webhook/kustomize/subscription.yaml similarity index 100% rename from operators/git-webhook/kustomize/subscription.yaml rename to components/operators/git-webhook/kustomize/subscription.yaml diff --git a/components/operators/gitlab-operator-kubernetes/INFO.md b/components/operators/gitlab-operator-kubernetes/INFO.md new file mode 100644 index 0000000..01215c0 --- /dev/null +++ b/components/operators/gitlab-operator-kubernetes/INFO.md @@ -0,0 +1,38 @@ +# gitlab-operator-kubernetes + +# Overview + +The GitLab operator is responsible for managing the full lifecycle of GitLab instances in your Kubernetes or Openshift container platforms. + +[Documentation](https://docs.gitlab.com/charts/installation/operator.html) + +The operator, while new and still actively being developed, aims to: +- ease installation and configuration of GitLab instances +- offer seamless upgrades from version to version + +## GitLab + +GitLab is a complete open-source DevOps platform, delivered as a single application, fundamentally changing the way Development, Security, and Ops teams collaborate and build software. From idea to production, GitLab helps teams improve cycle time from weeks to minutes, reduce development process costs and decrease time to market while increasing developer productivity. + +Built on Open Source, GitLab delivers new innovations and features on the same day of every month by leveraging contributions from a passionate, global community of thousands of developers and millions of users. Over 100,000 of the worldโ€™s most demanding organizations trust GitLab to deliver great software at new speeds. + +If you would like to enable advanced DevOps capabilities and activate enterprise features such as security, risk, and compliance capabilities, please contact our sales team to purchase an enterprise license. + +# Prerequisites + +Please visit [Prerequisites](https://docs.gitlab.com/charts/installation/operator.html#prerequisites) section of GitLab Operator Documentation. + +## IngressClass + +Cluster-wide `IngressClass` should be created prior to Operator setup, as OLM does not currently support this object type: + +```yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + # Ensure this value matches `spec.chart.values.global.ingress.class` + # in the GitLab CR on the next step. + name: gitlab-nginx +spec: + controller: k8s.io/ingress-nginx +``` diff --git a/components/operators/gitlab-operator-kubernetes/README.md b/components/operators/gitlab-operator-kubernetes/README.md new file mode 100644 index 0000000..d468269 --- /dev/null +++ b/components/operators/gitlab-operator-kubernetes/README.md @@ -0,0 +1,33 @@ +# GitLab + +Install GitLab. + +Do not use the `base` directory directly, as you will need to patch the `channel` based on the version of OpenShift you are using, or the version of the operator you want to use. + +The current *overlays* available are for the following channels: + +* [stable](operator/overlays/stable) +* [unstable](operator/overlays/unstable) + +## Usage + +If you have cloned the `gitops-catalog` repository, you can install GitLab based on the overlay of your choice by running from the root (`gitops-catalog`) directory. + +``` +oc apply -k gitlab-operator-kubernetes/operator/overlays/ +``` + +Or, without cloning: + +``` +oc apply -k https://github.com/redhat-cop/gitops-catalog/gitlab-operator-kubernetes/operator/overlays/ +``` + +As part of a different overlay in your own GitOps repo: + +``` +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - https://github.com/redhat-cop/gitops-catalog/gitlab-operator-kubernetes/operator/overlays/?ref=main +``` diff --git a/operators/gitlab/kustomize/gitlab-instance.yaml b/components/operators/gitlab-operator-kubernetes/instance/base/instance.yaml similarity index 96% rename from operators/gitlab/kustomize/gitlab-instance.yaml rename to components/operators/gitlab-operator-kubernetes/instance/base/instance.yaml index 4d5f1ea..53a397c 100644 --- a/operators/gitlab/kustomize/gitlab-instance.yaml +++ b/components/operators/gitlab-operator-kubernetes/instance/base/instance.yaml @@ -5,7 +5,7 @@ metadata: namespace: gitlab-system spec: chart: - version: 7.5.1 + version: 7.6.0 values: certmanager-issuer: email: rafaelcba@gmail.com diff --git a/components/operators/gitlab-operator-kubernetes/instance/base/kustomization.yaml b/components/operators/gitlab-operator-kubernetes/instance/base/kustomization.yaml new file mode 100644 index 0000000..9b3a766 --- /dev/null +++ b/components/operators/gitlab-operator-kubernetes/instance/base/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - instance.yaml diff --git a/components/operators/gitlab-operator-kubernetes/instance/overlays/default/kustomization.yaml b/components/operators/gitlab-operator-kubernetes/instance/overlays/default/kustomization.yaml new file mode 100644 index 0000000..774a422 --- /dev/null +++ b/components/operators/gitlab-operator-kubernetes/instance/overlays/default/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../base diff --git a/components/operators/gitlab-operator-kubernetes/operator/base/kustomization.yaml b/components/operators/gitlab-operator-kubernetes/operator/base/kustomization.yaml new file mode 100644 index 0000000..1e66bd5 --- /dev/null +++ b/components/operators/gitlab-operator-kubernetes/operator/base/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - namespace.yaml + - operator-group.yaml + - subscription.yaml diff --git a/components/operators/gitlab-operator-kubernetes/operator/base/namespace.yaml b/components/operators/gitlab-operator-kubernetes/operator/base/namespace.yaml new file mode 100644 index 0000000..1df25f4 --- /dev/null +++ b/components/operators/gitlab-operator-kubernetes/operator/base/namespace.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + openshift.io/display-name: "GitLab" + labels: + openshift.io/cluster-monitoring: 'true' + name: gitlab-system diff --git a/operators/gitlab/kustomize/operator-group.yaml b/components/operators/gitlab-operator-kubernetes/operator/base/operator-group.yaml similarity index 53% rename from operators/gitlab/kustomize/operator-group.yaml rename to components/operators/gitlab-operator-kubernetes/operator/base/operator-group.yaml index cd3618b..cd9285c 100644 --- a/operators/gitlab/kustomize/operator-group.yaml +++ b/components/operators/gitlab-operator-kubernetes/operator/base/operator-group.yaml @@ -1,10 +1,9 @@ apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: - annotations: - argocd.argoproj.io/sync-wave: "0" - name: gitlab-og + name: gitlab-operator-kubernetes + namespace: gitlab-system spec: targetNamespaces: - gitlab-system - upgradeStrategy: Default + \ No newline at end of file diff --git a/operators/image-puller/operator.yaml b/components/operators/gitlab-operator-kubernetes/operator/base/subscription.yaml similarity index 53% rename from operators/image-puller/operator.yaml rename to components/operators/gitlab-operator-kubernetes/operator/base/subscription.yaml index 418dd21..d84da4b 100644 --- a/operators/image-puller/operator.yaml +++ b/components/operators/gitlab-operator-kubernetes/operator/base/subscription.yaml @@ -1,11 +1,11 @@ apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: - name: kubernetes-imagepuller-operator + name: gitlab-operator-kubernetes + namespace: gitlab-system spec: - # channel: stable + channel: patch-me-see-overlays-dir installPlanApproval: Automatic - name: kubernetes-imagepuller-operator + name: gitlab-operator-kubernetes source: community-operators sourceNamespace: openshift-marketplace - # startingCSV: kubernetes-imagepuller-operator.v1.0.4 diff --git a/components/operators/gitlab-operator-kubernetes/operator/overlays/stable/kustomization.yaml b/components/operators/gitlab-operator-kubernetes/operator/overlays/stable/kustomization.yaml new file mode 100644 index 0000000..265223a --- /dev/null +++ b/components/operators/gitlab-operator-kubernetes/operator/overlays/stable/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../base + +patches: + - target: + kind: Subscription + name: gitlab-operator-kubernetes + path: patch-channel.yaml diff --git a/components/operators/gitlab-operator-kubernetes/operator/overlays/stable/patch-channel.yaml b/components/operators/gitlab-operator-kubernetes/operator/overlays/stable/patch-channel.yaml new file mode 100644 index 0000000..6642eb1 --- /dev/null +++ b/components/operators/gitlab-operator-kubernetes/operator/overlays/stable/patch-channel.yaml @@ -0,0 +1,3 @@ +- op: replace + path: /spec/channel + value: stable diff --git a/components/operators/gitlab-operator-kubernetes/operator/overlays/unstable/kustomization.yaml b/components/operators/gitlab-operator-kubernetes/operator/overlays/unstable/kustomization.yaml new file mode 100644 index 0000000..265223a --- /dev/null +++ b/components/operators/gitlab-operator-kubernetes/operator/overlays/unstable/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../base + +patches: + - target: + kind: Subscription + name: gitlab-operator-kubernetes + path: patch-channel.yaml diff --git a/components/operators/gitlab-operator-kubernetes/operator/overlays/unstable/patch-channel.yaml b/components/operators/gitlab-operator-kubernetes/operator/overlays/unstable/patch-channel.yaml new file mode 100644 index 0000000..3350433 --- /dev/null +++ b/components/operators/gitlab-operator-kubernetes/operator/overlays/unstable/patch-channel.yaml @@ -0,0 +1,3 @@ +- op: replace + path: /spec/channel + value: unstable diff --git a/operators/hashicorp-vault/kustomize/bases/vault-config-operator/kustomization.yaml b/components/operators/hashicorp-vault/kustomize/bases/vault-config-operator/kustomization.yaml similarity index 54% rename from operators/hashicorp-vault/kustomize/bases/vault-config-operator/kustomization.yaml rename to components/operators/hashicorp-vault/kustomize/bases/vault-config-operator/kustomization.yaml index 7e3f3f5..4e7e1d0 100644 --- a/operators/hashicorp-vault/kustomize/bases/vault-config-operator/kustomization.yaml +++ b/components/operators/hashicorp-vault/kustomize/bases/vault-config-operator/kustomization.yaml @@ -2,6 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ./subscription.yaml - - ./namespace.yaml - - ./operator.yaml + - subscription.yaml + - namespace.yaml + - operator.yaml diff --git a/operators/hashicorp-vault/kustomize/bases/vault-config-operator/namespace.yaml b/components/operators/hashicorp-vault/kustomize/bases/vault-config-operator/namespace.yaml similarity index 100% rename from operators/hashicorp-vault/kustomize/bases/vault-config-operator/namespace.yaml rename to components/operators/hashicorp-vault/kustomize/bases/vault-config-operator/namespace.yaml diff --git a/operators/hashicorp-vault/kustomize/bases/vault-config-operator/operator.yaml b/components/operators/hashicorp-vault/kustomize/bases/vault-config-operator/operator.yaml similarity index 100% rename from operators/hashicorp-vault/kustomize/bases/vault-config-operator/operator.yaml rename to components/operators/hashicorp-vault/kustomize/bases/vault-config-operator/operator.yaml diff --git a/operators/hashicorp-vault/kustomize/bases/vault-config-operator/subscription.yaml b/components/operators/hashicorp-vault/kustomize/bases/vault-config-operator/subscription.yaml similarity index 100% rename from operators/hashicorp-vault/kustomize/bases/vault-config-operator/subscription.yaml rename to components/operators/hashicorp-vault/kustomize/bases/vault-config-operator/subscription.yaml diff --git a/components/operators/hashicorp-vault/kustomize/bases/vault-config/kustomization.yaml b/components/operators/hashicorp-vault/kustomize/bases/vault-config/kustomization.yaml new file mode 100644 index 0000000..7dfed84 --- /dev/null +++ b/components/operators/hashicorp-vault/kustomize/bases/vault-config/kustomization.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: vault-admin +resources: + - namespace.yaml + - secret-engines/ + # - kube-auth-engine-config.yaml + # - kube-auth-engine-mount.yaml diff --git a/operators/hashicorp-vault/kustomize/bases/vault-config/namespace.yaml b/components/operators/hashicorp-vault/kustomize/bases/vault-config/namespace.yaml similarity index 100% rename from operators/hashicorp-vault/kustomize/bases/vault-config/namespace.yaml rename to components/operators/hashicorp-vault/kustomize/bases/vault-config/namespace.yaml diff --git a/components/operators/hashicorp-vault/kustomize/bases/vault-config/secret-engines/kustomization.yaml b/components/operators/hashicorp-vault/kustomize/bases/vault-config/secret-engines/kustomization.yaml new file mode 100644 index 0000000..3ad4648 --- /dev/null +++ b/components/operators/hashicorp-vault/kustomize/bases/vault-config/secret-engines/kustomization.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: vault-admin +resources: + #- vault-kv-secret-engine-mount.yml + - vault-git-secret-engine-mount.yml + - vault-quay-secret-engine-mount.yml + - vault-github-secret-engine-config.yml + - vault-github-secret-engine-role.yml + - vault-quay-secret-engine-config.yml + - vault-quay-secret-engine-role.yml + - vault-git-webhook-password-policy.yml \ No newline at end of file diff --git a/operators/hashicorp-vault/kustomize/bases/vault-config/secret-engines/vault-git-secret-engine-mount.yml b/components/operators/hashicorp-vault/kustomize/bases/vault-config/secret-engines/vault-git-secret-engine-mount.yml similarity index 100% rename from operators/hashicorp-vault/kustomize/bases/vault-config/secret-engines/vault-git-secret-engine-mount.yml rename to components/operators/hashicorp-vault/kustomize/bases/vault-config/secret-engines/vault-git-secret-engine-mount.yml diff --git a/operators/hashicorp-vault/kustomize/bases/vault-config/secret-engines/vault-git-webhook-password-policy.yml b/components/operators/hashicorp-vault/kustomize/bases/vault-config/secret-engines/vault-git-webhook-password-policy.yml similarity index 100% rename from operators/hashicorp-vault/kustomize/bases/vault-config/secret-engines/vault-git-webhook-password-policy.yml rename to components/operators/hashicorp-vault/kustomize/bases/vault-config/secret-engines/vault-git-webhook-password-policy.yml diff --git a/operators/hashicorp-vault/kustomize/bases/vault-config/secret-engines/vault-github-secret-engine-config.yml b/components/operators/hashicorp-vault/kustomize/bases/vault-config/secret-engines/vault-github-secret-engine-config.yml similarity index 100% rename from operators/hashicorp-vault/kustomize/bases/vault-config/secret-engines/vault-github-secret-engine-config.yml rename to components/operators/hashicorp-vault/kustomize/bases/vault-config/secret-engines/vault-github-secret-engine-config.yml diff --git a/operators/hashicorp-vault/kustomize/bases/vault-config/secret-engines/vault-github-secret-engine-role.yml b/components/operators/hashicorp-vault/kustomize/bases/vault-config/secret-engines/vault-github-secret-engine-role.yml similarity index 100% rename from operators/hashicorp-vault/kustomize/bases/vault-config/secret-engines/vault-github-secret-engine-role.yml rename to components/operators/hashicorp-vault/kustomize/bases/vault-config/secret-engines/vault-github-secret-engine-role.yml diff --git a/operators/hashicorp-vault/kustomize/bases/vault-config/secret-engines/vault-quay-secret-engine-config.yml b/components/operators/hashicorp-vault/kustomize/bases/vault-config/secret-engines/vault-quay-secret-engine-config.yml similarity index 100% rename from operators/hashicorp-vault/kustomize/bases/vault-config/secret-engines/vault-quay-secret-engine-config.yml rename to components/operators/hashicorp-vault/kustomize/bases/vault-config/secret-engines/vault-quay-secret-engine-config.yml diff --git a/operators/hashicorp-vault/kustomize/bases/vault-config/secret-engines/vault-quay-secret-engine-mount.yml b/components/operators/hashicorp-vault/kustomize/bases/vault-config/secret-engines/vault-quay-secret-engine-mount.yml similarity index 100% rename from operators/hashicorp-vault/kustomize/bases/vault-config/secret-engines/vault-quay-secret-engine-mount.yml rename to components/operators/hashicorp-vault/kustomize/bases/vault-config/secret-engines/vault-quay-secret-engine-mount.yml diff --git a/operators/hashicorp-vault/kustomize/bases/vault-config/secret-engines/vault-quay-secret-engine-role.yml b/components/operators/hashicorp-vault/kustomize/bases/vault-config/secret-engines/vault-quay-secret-engine-role.yml similarity index 100% rename from operators/hashicorp-vault/kustomize/bases/vault-config/secret-engines/vault-quay-secret-engine-role.yml rename to components/operators/hashicorp-vault/kustomize/bases/vault-config/secret-engines/vault-quay-secret-engine-role.yml diff --git a/components/operators/hashicorp-vault/kustomize/bases/vault/kustomization.yaml b/components/operators/hashicorp-vault/kustomize/bases/vault/kustomization.yaml new file mode 100644 index 0000000..2007e15 --- /dev/null +++ b/components/operators/hashicorp-vault/kustomize/bases/vault/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - namespace.yaml + - link.yaml + - role-binding.yaml diff --git a/operators/hashicorp-vault/kustomize/bases/vault/link.yaml b/components/operators/hashicorp-vault/kustomize/bases/vault/link.yaml similarity index 100% rename from operators/hashicorp-vault/kustomize/bases/vault/link.yaml rename to components/operators/hashicorp-vault/kustomize/bases/vault/link.yaml diff --git a/operators/hashicorp-vault/kustomize/bases/vault/namespace.yaml b/components/operators/hashicorp-vault/kustomize/bases/vault/namespace.yaml similarity index 100% rename from operators/hashicorp-vault/kustomize/bases/vault/namespace.yaml rename to components/operators/hashicorp-vault/kustomize/bases/vault/namespace.yaml diff --git a/operators/hashicorp-vault/kustomize/bases/vault/role-binding.yaml b/components/operators/hashicorp-vault/kustomize/bases/vault/role-binding.yaml similarity index 100% rename from operators/hashicorp-vault/kustomize/bases/vault/role-binding.yaml rename to components/operators/hashicorp-vault/kustomize/bases/vault/role-binding.yaml diff --git a/operators/hashicorp-vault/kustomize/overlays/vault-config-operator/kustomization.yaml b/components/operators/hashicorp-vault/kustomize/overlays/vault-config-operator/kustomization.yaml similarity index 100% rename from operators/hashicorp-vault/kustomize/overlays/vault-config-operator/kustomization.yaml rename to components/operators/hashicorp-vault/kustomize/overlays/vault-config-operator/kustomization.yaml diff --git a/operators/hashicorp-vault/kustomize/overlays/vault-config/kustomization.yaml b/components/operators/hashicorp-vault/kustomize/overlays/vault-config/kustomization.yaml similarity index 100% rename from operators/hashicorp-vault/kustomize/overlays/vault-config/kustomization.yaml rename to components/operators/hashicorp-vault/kustomize/overlays/vault-config/kustomization.yaml diff --git a/operators/hashicorp-vault/kustomize/overlays/vault/kustomization.yaml b/components/operators/hashicorp-vault/kustomize/overlays/vault/kustomization.yaml similarity index 100% rename from operators/hashicorp-vault/kustomize/overlays/vault/kustomization.yaml rename to components/operators/hashicorp-vault/kustomize/overlays/vault/kustomization.yaml diff --git a/components/operators/kubernetes-imagepuller-operator/operator/overlays/stable/kustomization.yaml b/components/operators/kubernetes-imagepuller-operator/operator/overlays/stable/kustomization.yaml new file mode 100644 index 0000000..62bae1d --- /dev/null +++ b/components/operators/kubernetes-imagepuller-operator/operator/overlays/stable/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - https://github.com/codekow/demo-ai-gitops-catalog/components/operators/kubernetes-imagepuller-operator/operator/overlays/stable?ref=v0.03 diff --git a/components/operators/openshift-cert-manager-operator/operator/overlays/stable-v1/kustomization.yaml b/components/operators/openshift-cert-manager-operator/operator/overlays/stable-v1/kustomization.yaml new file mode 100644 index 0000000..c3b0369 --- /dev/null +++ b/components/operators/openshift-cert-manager-operator/operator/overlays/stable-v1/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - https://github.com/codekow/demo-ai-gitops-catalog/components/operators/openshift-cert-manager-operator/operator/overlays/stable-v1?ref=v0.03 diff --git a/components/operators/openshift-gitops-operator/instance/overlays/default/kustomization.yaml b/components/operators/openshift-gitops-operator/instance/overlays/default/kustomization.yaml new file mode 100644 index 0000000..ba69076 --- /dev/null +++ b/components/operators/openshift-gitops-operator/instance/overlays/default/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - https://github.com/codekow/demo-ai-gitops-catalog/components/operators/openshift-gitops-operator/instance/overlays/default?ref=v0.03 diff --git a/components/operators/openshift-gitops-operator/operator/overlays/stable/kustomization.yaml b/components/operators/openshift-gitops-operator/operator/overlays/stable/kustomization.yaml new file mode 100644 index 0000000..4b62f3c --- /dev/null +++ b/components/operators/openshift-gitops-operator/operator/overlays/stable/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - https://github.com/codekow/demo-ai-gitops-catalog/components/operators/openshift-gitops-operator/operator/overlays/stable?ref=v0.03 diff --git a/components/operators/openshift-pipelines-operator-rh/operator/overlays/latest/kustomization.yaml b/components/operators/openshift-pipelines-operator-rh/operator/overlays/latest/kustomization.yaml new file mode 100644 index 0000000..11ecf93 --- /dev/null +++ b/components/operators/openshift-pipelines-operator-rh/operator/overlays/latest/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - https://github.com/codekow/demo-ai-gitops-catalog/components/operators/openshift-pipelines-operator-rh/operator/overlays/latest?ref=v0.03 diff --git a/components/operators/patch-operator/operator/overlays/alpha/kustomization.yaml b/components/operators/patch-operator/operator/overlays/alpha/kustomization.yaml new file mode 100644 index 0000000..a11ec6d --- /dev/null +++ b/components/operators/patch-operator/operator/overlays/alpha/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - https://github.com/codekow/demo-ai-gitops-catalog/components/operators/patch-operator/operator/overlays/alpha?ref=v0.03 diff --git a/operators/rhsso/Chart.yaml b/components/operators/rhsso/Chart.yaml similarity index 100% rename from operators/rhsso/Chart.yaml rename to components/operators/rhsso/Chart.yaml diff --git a/operators/rhsso/templates/k-backstage.yaml b/components/operators/rhsso/templates/k-backstage.yaml similarity index 100% rename from operators/rhsso/templates/k-backstage.yaml rename to components/operators/rhsso/templates/k-backstage.yaml diff --git a/operators/rhsso/templates/kc-backstage.yaml b/components/operators/rhsso/templates/kc-backstage.yaml similarity index 100% rename from operators/rhsso/templates/kc-backstage.yaml rename to components/operators/rhsso/templates/kc-backstage.yaml diff --git a/operators/rhsso/templates/kr-backstage.yaml b/components/operators/rhsso/templates/kr-backstage.yaml similarity index 100% rename from operators/rhsso/templates/kr-backstage.yaml rename to components/operators/rhsso/templates/kr-backstage.yaml diff --git a/operators/rhsso/templates/og-rhsso.yaml b/components/operators/rhsso/templates/og-rhsso.yaml similarity index 100% rename from operators/rhsso/templates/og-rhsso.yaml rename to components/operators/rhsso/templates/og-rhsso.yaml diff --git a/operators/rhsso/templates/sub-rhsso.yaml b/components/operators/rhsso/templates/sub-rhsso.yaml similarity index 100% rename from operators/rhsso/templates/sub-rhsso.yaml rename to components/operators/rhsso/templates/sub-rhsso.yaml diff --git a/operators/rhsso/values.yaml b/components/operators/rhsso/values.yaml similarity index 100% rename from operators/rhsso/values.yaml rename to components/operators/rhsso/values.yaml diff --git a/components/operators/vault-config-operator/INFO.md b/components/operators/vault-config-operator/INFO.md new file mode 100644 index 0000000..6dbc85b --- /dev/null +++ b/components/operators/vault-config-operator/INFO.md @@ -0,0 +1,16 @@ +# vault-config-operator + +This operator helps set up Vault Configurations. The main intent is to do so such that subsequently pods can consume the secrets made available. +There are two main principles through all of the capabilities of this operator: + +1. high-fidelity API. The CRD exposed by this operator reflect field by field the Vault APIs. This is because we don't want to make any assumption on the kinds of configuration workflow that user will set up. That being said the Vault API is very extensive and we are starting with enough API coverage to support, we think, some simple and very common configuration workflows. +2. attention to security (after all we are integrating with a security tool). To prevent credential leaks we give no permissions to the operator itself against Vault. All APIs exposed by this operator contains enough information to authenticate to Vault using a local service account (local to the namespace where the API exist). In other word for a namespace user to be abel to successfully configure Vault, a service account in that namespace must have been previously given the needed Vault permissions. + +Currently this operator supports the following CRDs: + +1. [Policy](https://github.com/redhat-cop/vault-config-operator#policy) Configures Vault [Policies](https://www.vaultproject.io/docs/concepts/policies) +2. [KubernetesAuthEngineRole](https://github.com/redhat-cop/vault-config-operator#KubernetesAuthEngineRole) Configures a Vault [Kubernetes Authentication](https://www.vaultproject.io/docs/auth/kubernetes) Role +3. [SecretEngineMount](https://github.com/redhat-cop/vault-config-operator#SecretEngineMount) Configures a Mount point for a [SecretEngine](https://www.vaultproject.io/docs/secrets) +4. [DatabaseSecretEngineConfig](https://github.com/redhat-cop/vault-config-operator#DatabaseSecretEngineConfig) Configures a [Database Secret Engine](https://www.vaultproject.io/docs/secrets/databases) Connection +5. [DatabaseSecretEngineRole](https://github.com/redhat-cop/vault-config-operator#DatabaseSecretEngineRole) Configures a [Database Secret Engine](https://www.vaultproject.io/docs/secrets/databases) Role +6. [RandomSecret](https://github.com/redhat-cop/vault-config-operator#RandomSecret) Creates a random secret in a vault [kv Secret Engine](https://www.vaultproject.io/docs/secrets/kv) with one password field generated using a [PasswordPolicy](https://www.vaultproject.io/docs/concepts/password-policies)vault-config-operator diff --git a/components/operators/vault-config-operator/README.md b/components/operators/vault-config-operator/README.md new file mode 100644 index 0000000..7418ab0 --- /dev/null +++ b/components/operators/vault-config-operator/README.md @@ -0,0 +1,32 @@ +# Vault Config Operator + +Install Vault Config Operator. + +Do not use the `base` directory directly, as you will need to patch the `channel` based on the version of OpenShift you are using, or the version of the operator you want to use. + +The current *overlays* available are for the following channels: + +* [alpha](operator/overlays/alpha) + +## Usage + +If you have cloned the `gitops-catalog` repository, you can install Vault Config Operator based on the overlay of your choice by running from the root (`gitops-catalog`) directory. + +``` +oc apply -k vault-config-operator/operator/overlays/ +``` + +Or, without cloning: + +``` +oc apply -k https://github.com/redhat-cop/gitops-catalog/vault-config-operator/operator/overlays/ +``` + +As part of a different overlay in your own GitOps repo: + +``` +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - https://github.com/redhat-cop/gitops-catalog/vault-config-operator/operator/overlays/?ref=main +``` diff --git a/components/operators/vault-config-operator/operator/base/kustomization.yaml b/components/operators/vault-config-operator/operator/base/kustomization.yaml new file mode 100644 index 0000000..1e66bd5 --- /dev/null +++ b/components/operators/vault-config-operator/operator/base/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - namespace.yaml + - operator-group.yaml + - subscription.yaml diff --git a/components/operators/vault-config-operator/operator/base/namespace.yaml b/components/operators/vault-config-operator/operator/base/namespace.yaml new file mode 100644 index 0000000..fe039c0 --- /dev/null +++ b/components/operators/vault-config-operator/operator/base/namespace.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + openshift.io/display-name: "Vault Config Operator" + labels: + openshift.io/cluster-monitoring: 'true' + name: vault-config-operator diff --git a/components/operators/vault-config-operator/operator/base/operator-group.yaml b/components/operators/vault-config-operator/operator/base/operator-group.yaml new file mode 100644 index 0000000..77b9146 --- /dev/null +++ b/components/operators/vault-config-operator/operator/base/operator-group.yaml @@ -0,0 +1,5 @@ +apiVersion: operators.coreos.com/v1 +kind: OperatorGroup +metadata: + name: vault-config-operator + namespace: vault-config-operator diff --git a/components/operators/vault-config-operator/operator/base/subscription.yaml b/components/operators/vault-config-operator/operator/base/subscription.yaml new file mode 100644 index 0000000..7b8899c --- /dev/null +++ b/components/operators/vault-config-operator/operator/base/subscription.yaml @@ -0,0 +1,11 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: Subscription +metadata: + name: vault-config-operator + namespace: vault-config-operator +spec: + channel: patch-me-see-overlays-dir + installPlanApproval: Automatic + name: vault-config-operator + source: community-operators + sourceNamespace: openshift-marketplace diff --git a/components/operators/vault-config-operator/operator/overlays/alpha/kustomization.yaml b/components/operators/vault-config-operator/operator/overlays/alpha/kustomization.yaml new file mode 100644 index 0000000..9750bd9 --- /dev/null +++ b/components/operators/vault-config-operator/operator/overlays/alpha/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../base + +patches: + - target: + kind: Subscription + name: vault-config-operator + path: patch-channel.yaml diff --git a/components/operators/vault-config-operator/operator/overlays/alpha/patch-channel.yaml b/components/operators/vault-config-operator/operator/overlays/alpha/patch-channel.yaml new file mode 100644 index 0000000..22afbce --- /dev/null +++ b/components/operators/vault-config-operator/operator/overlays/alpha/patch-channel.yaml @@ -0,0 +1,3 @@ +- op: replace + path: /spec/channel + value: alpha diff --git a/components/overlays/demo/kustomization.yaml b/components/overlays/demo/kustomization.yaml new file mode 100644 index 0000000..e2f42a8 --- /dev/null +++ b/components/overlays/demo/kustomization.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../configs/cluster/openshift-config + # - ../../operators/devspaces/instance/overlays/timeout-12m + # - ../../operators/devspaces/operator/overlays/stable + # - ../../operators/git-webhook/kustomize + # - ../../operators/gitlab-operator-kubernetes/operator/overlays/stable + # - ../../operators/hashicorp-vault/kustomize/overlays/vault + # - ../../operators/hashicorp-vault/kustomize/overlays/vault-config + # - ../../operators/kubernetes-imagepuller-operator/operator/overlays/stable + # - ../../operators/openshift-cert-manager-operator/operator/overlays/stable-v1 + # - ../../operators/openshift-pipelines-operator-rh/operator/overlays/latest + # - ../../operators/patch-operator/operator/overlays/alpha + # - ../../overlays/vault-config-operator diff --git a/openshift-gitops-install/argocd.yaml b/components/overlays/openshift-gitops-instance/argocd.yaml similarity index 97% rename from openshift-gitops-install/argocd.yaml rename to components/overlays/openshift-gitops-instance/argocd.yaml index 458da80..4a988b1 100644 --- a/openshift-gitops-install/argocd.yaml +++ b/components/overlays/openshift-gitops-instance/argocd.yaml @@ -49,7 +49,10 @@ spec: memory: 512Mi rbac: defaultPolicy: 'role:admin' - policy: 'g, system:cluster-admins, role:admin' + policy: | + g, gitops-admins, role:admin + g, system:cluster-admins, role:admin + g, cluster-admins, role:admin scopes: '[groups]' repo: resources: diff --git a/components/overlays/openshift-gitops-instance/exclude-argocd-alpha.yaml b/components/overlays/openshift-gitops-instance/exclude-argocd-alpha.yaml new file mode 100644 index 0000000..6534f4b --- /dev/null +++ b/components/overlays/openshift-gitops-instance/exclude-argocd-alpha.yaml @@ -0,0 +1,5 @@ +$patch: delete +apiVersion: argoproj.io/v1alpha1 +kind: ArgoCD +metadata: + name: openshift-gitops diff --git a/components/overlays/openshift-gitops-instance/kustomization.yaml b/components/overlays/openshift-gitops-instance/kustomization.yaml new file mode 100644 index 0000000..3afe8fa --- /dev/null +++ b/components/overlays/openshift-gitops-instance/kustomization.yaml @@ -0,0 +1,20 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: openshift-gitops + +resources: + - ../../operators/openshift-gitops-operator/instance/overlays/default + - argocd.yaml + +patches: + - target: + kind: Group + name: gitops-admins + patch: |- + - op: replace + path: /users + value: + - admin + - opentlc-mgr + - path: exclude-argocd-alpha.yaml diff --git a/components/overlays/vault-config-operator/kustomization.yaml b/components/overlays/vault-config-operator/kustomization.yaml new file mode 100644 index 0000000..7d35255 --- /dev/null +++ b/components/overlays/vault-config-operator/kustomization.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../operators/vault-config-operator/operator/overlays/alpha + +patches: + - patch: |- + - op: replace + path: /spec/config + value: + env: + - name: VAULT_ADDR + value: https://vault.vault.svc:8200 + - name: VAULT_SKIP_VERIFY + value: "true" + target: + kind: Subscription diff --git a/openshift-gitops-install/operator.yaml b/openshift-gitops-install/operator.yaml deleted file mode 100644 index f1645cf..0000000 --- a/openshift-gitops-install/operator.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: operators.coreos.com/v1alpha1 -kind: Subscription -metadata: - name: openshift-gitops-operator - namespace: openshift-operators -spec: - # channel: stable - installPlanApproval: Automatic - name: openshift-gitops-operator - source: redhat-operators - sourceNamespace: openshift-marketplace - config: - env: - - name: DISABLE_DEFAULT_ARGOCD_INSTANCE - value: "false" \ No newline at end of file diff --git a/openshift-gitops-install/rbac.yaml b/openshift-gitops-install/rbac.yaml deleted file mode 100644 index 4a456d9..0000000 --- a/openshift-gitops-install/rbac.yaml +++ /dev/null @@ -1,18 +0,0 @@ -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openshift-gitops-cluster-admin -subjects: - - kind: ServiceAccount - name: openshift-gitops-argocd-application-controller - namespace: openshift-gitops - - kind: ServiceAccount - name: openshift-gitops-applicationset-controller - namespace: openshift-gitops - - kind: ServiceAccount - name: openshift-gitops-argocd-server - namespace: openshift-gitops -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin \ No newline at end of file diff --git a/operators/cert-manager/operator.yaml b/operators/cert-manager/operator.yaml deleted file mode 100644 index b39c9a2..0000000 --- a/operators/cert-manager/operator.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: operators.coreos.com/v1alpha1 -kind: Subscription -metadata: - # name: openshift-cert-manager-operator - # namespace: cert-manager-operator - name: cert-manager - namespace: openshift-operators -spec: - # channel: stable-v1 - # installPlanApproval: Automatic - # name: openshift-cert-manager-operator - # source: redhat-operators - # sourceNamespace: openshift-marketplace - # startingCSV: cert-manager-operator.v1.12.0 - channel: stable - installPlanApproval: Automatic - name: cert-manager - source: community-operators - sourceNamespace: openshift-marketplace - startingCSV: cert-manager.v1.13.1 \ No newline at end of file diff --git a/operators/devspaces/Chart.yaml b/operators/devspaces/Chart.yaml deleted file mode 100644 index a4fb610..0000000 --- a/operators/devspaces/Chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v2 -name: devspaces -description: Deploys DevSpaces -type: application -version: 0.0.1 diff --git a/operators/devspaces/templates/instance.yaml b/operators/devspaces/templates/instance.yaml deleted file mode 100644 index ec03e3b..0000000 --- a/operators/devspaces/templates/instance.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: org.eclipse.che/v2 -kind: CheCluster -metadata: - name: devspaces - namespace: openshift-devspaces - annotations: - argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true -spec: - devEnvironments: - startTimeoutSeconds: 600 #timeout for the Workspace creation - containerBuildConfiguration: - openShiftSecurityContextConstraint: container-build - defaultEditor: che-incubator/che-code/insiders - defaultNamespace: - template: -devspaces - secondsOfInactivityBeforeIdling: -1 - secondsOfRunBeforeIdling: -1 - maxNumberOfWorkspacesPerUser: 5 - maxNumberOfRunningWorkspacesPerUser: 5 - storage: - pvcStrategy: per-workspace - perWorkspaceStrategyPvcConfig: - claimSize: 10Gi - storageClass: 'gp3-csi' - components: - pluginRegistry: - openVSXURL: 'https://open-vsx.org' - cheServer: - debug: false - logLevel: INFO - dashboard: {} - devWorkspace: - runningLimit: '5' - devfileRegistry: {} - # deployment: - # containers: - # - image: 'quay.io/rafaeltuelho/che-devfile-registry:test' - # name: custom-devfile-registry - imagePuller: - enable: true - # cachingCPULimit: 250m - # cachingMemoryLimit: 100Mi - # spec: - # images: >- - # universal-developer-image-ubi8-latest=quay.io/redhat_na_ssa/universal-developer-image:ubi8-latest - metrics: - enable: true - containerRegistry: {} - networking: - auth: - gateway: - configLabels: - app: che - component: che-gateway-config diff --git a/operators/devspaces/templates/namespace.yaml b/operators/devspaces/templates/namespace.yaml deleted file mode 100644 index 678abde..0000000 --- a/operators/devspaces/templates/namespace.yaml +++ /dev/null @@ -1,11 +0,0 @@ -kind: Namespace -apiVersion: v1 -metadata: - name: openshift-devspaces - labels: - kubernetes.io/metadata.name: openshift-devspaces - annotations: - "helm.sh/hook-weight": "-5" -spec: - finalizers: - - kubernetes diff --git a/operators/devspaces/templates/operator.yaml b/operators/devspaces/templates/operator.yaml deleted file mode 100644 index 2ade537..0000000 --- a/operators/devspaces/templates/operator.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: operators.coreos.com/v1alpha1 -kind: Subscription -metadata: - name: devspaces - namespace: openshift-operators - annotations: - "helm.sh/hook-weight": "-5" -spec: - # channel: stable - installPlanApproval: Automatic - name: devspaces - source: redhat-operators - sourceNamespace: openshift-marketplace diff --git a/operators/devspaces/values.yaml b/operators/devspaces/values.yaml deleted file mode 100644 index 19020c0..0000000 --- a/operators/devspaces/values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -oauth: - clientId: '' - clientSecret: '' - provider: '' \ No newline at end of file diff --git a/operators/gitlab/kustomize/kustomization.yaml b/operators/gitlab/kustomize/kustomization.yaml deleted file mode 100644 index 111e60e..0000000 --- a/operators/gitlab/kustomize/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./namespace.yaml - - ./operator-group.yaml - - ./subscription.yaml - - ./gitlab-instance.yaml \ No newline at end of file diff --git a/operators/gitlab/kustomize/namespace.yaml b/operators/gitlab/kustomize/namespace.yaml deleted file mode 100644 index ac4ebfe..0000000 --- a/operators/gitlab/kustomize/namespace.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: gitlab-system - annotations: - argocd.argoproj.io/sync-options: Delete=false - labels: - argocd.argoproj.io/managed-by: openshift-gitops \ No newline at end of file diff --git a/operators/gitlab/kustomize/subscription.yaml b/operators/gitlab/kustomize/subscription.yaml deleted file mode 100644 index 9ad315f..0000000 --- a/operators/gitlab/kustomize/subscription.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: operators.coreos.com/v1alpha1 -kind: Subscription -metadata: - name: gitlab-operator-kubernetes - namespace: gitlab-system - annotations: - argocd.argoproj.io/sync-wave: "0" -spec: - channel: stable - installPlanApproval: Automatic - name: gitlab-operator-kubernetes - # source: community-operators - source: certified-operators - sourceNamespace: openshift-marketplace - # startingCSV: gitlab-operator-kubernetes.v0.19.0 - startingCSV: gitlab-operator-kubernetes.v0.25.1 \ No newline at end of file diff --git a/operators/hashicorp-vault/kustomize/bases/vault-config/kustomization.yaml b/operators/hashicorp-vault/kustomize/bases/vault-config/kustomization.yaml deleted file mode 100644 index 53816b7..0000000 --- a/operators/hashicorp-vault/kustomize/bases/vault-config/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: vault-admin -resources: - - ./namespace.yaml - - ./secret-engines/ - # - ./kube-auth-engine-config.yaml - # - ./kube-auth-engine-mount.yaml diff --git a/operators/hashicorp-vault/kustomize/bases/vault-config/secret-engines/kustomization.yaml b/operators/hashicorp-vault/kustomize/bases/vault-config/secret-engines/kustomization.yaml deleted file mode 100644 index 27b0251..0000000 --- a/operators/hashicorp-vault/kustomize/bases/vault-config/secret-engines/kustomization.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: vault-admin -resources: - #- ./vault-kv-secret-engine-mount.yml - - ./vault-git-secret-engine-mount.yml - - ./vault-quay-secret-engine-mount.yml - - ./vault-github-secret-engine-config.yml - - ./vault-github-secret-engine-role.yml - - ./vault-quay-secret-engine-config.yml - - ./vault-quay-secret-engine-role.yml - - ./vault-git-webhook-password-policy.yml \ No newline at end of file diff --git a/operators/openshift-pipelines/operator.yaml b/operators/openshift-pipelines/operator.yaml deleted file mode 100644 index 06a4992..0000000 --- a/operators/openshift-pipelines/operator.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: operators.coreos.com/v1alpha1 -kind: Subscription -metadata: - name: openshift-pipelines-operator-rh - namespace: openshift-operators -spec: - # channel: latest - installPlanApproval: Automatic - name: openshift-pipelines-operator-rh - source: redhat-operators - sourceNamespace: openshift-marketplace diff --git a/operators/patch-operator/operator.yaml b/operators/patch-operator/operator.yaml deleted file mode 100644 index f06ac48..0000000 --- a/operators/patch-operator/operator.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: operators.coreos.com/v1alpha1 -kind: Subscription -metadata: - name: patch-operator - namespace: patch-operator -spec: - # channel: alpha - installPlanApproval: Automatic - name: patch-operator - source: community-operators - sourceNamespace: openshift-marketplace - config: - resources: - limits: - memory: 2000Mi - requests: - cpu: 100m - memory: 500Mi ---- -apiVersion: operators.coreos.com/v1 -kind: OperatorGroup -metadata: - name: patch-operator - namespace: patch-operator -spec: - targetNamespaces: [] \ No newline at end of file diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..eca6ab8 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,3 @@ +yamllint +pyspelling +awscli \ No newline at end of file diff --git a/bootstrap-scripts/cluster-boostrap.sh b/scripts/cluster-boostrap.sh similarity index 69% rename from bootstrap-scripts/cluster-boostrap.sh rename to scripts/cluster-boostrap.sh index dacf3fe..692b4ef 100755 --- a/bootstrap-scripts/cluster-boostrap.sh +++ b/scripts/cluster-boostrap.sh @@ -36,31 +36,27 @@ oc whoami echo echo "Install Openshift Gitops (ArgoCD) Operator" -oc apply -f $SCRIPT_RELATIVE_DIR_PATH/../openshift-gitops-install/operator.yaml +oc apply -k $SCRIPT_RELATIVE_DIR_PATH/../components/operators/openshift-gitops-operator/operator/overlays/stable echo echo "wait until the Gitops operators is ready..." #sleep 30 -wait_and_retry 10 10 "oc wait pods -n openshift-operators -l control-plane=controller-manager --for condition=Ready" +wait_and_retry 10 10 "oc wait pods -n openshift-operators -l control-plane=gitops-operator --for condition=Ready" echo echo "now create an argocd instance" -oc apply -f $SCRIPT_RELATIVE_DIR_PATH/../openshift-gitops-install/argocd.yaml +oc apply -k $SCRIPT_RELATIVE_DIR_PATH/../components/overlays/openshift-gitops-instance echo echo "wait (5s) until the ArgoCD instance is ready..." # sleep 5 wait_and_retry 6 10 "oc get argocd -n openshift-gitops" -echo -echo "apply additional ClusterRoleBindings to ArgoCD Controller Service Accounts" -oc apply -f $SCRIPT_RELATIVE_DIR_PATH/../openshift-gitops-install/rbac.yaml - echo echo "bootstrapping the components though Openshift GitOps (ArgoCD)..." -oc apply -f $SCRIPT_RELATIVE_DIR_PATH/../root-app/app-of-apps.yaml +oc apply -k $SCRIPT_RELATIVE_DIR_PATH/../components/argocd/apps/overlays/dev-hub-demo -argocdurl=$(oc get route openshift-gitops-server --ignore-not-found=true -n "openshift-gitops" -o jsonpath="{'https://'}{.status.ingress[0].host}") +ARGOCD_URL=$(oc get route openshift-gitops-server --ignore-not-found=true -n "openshift-gitops" -o jsonpath="{'https://'}{.status.ingress[0].host}") echo -echo "you can now access Openshift Gitops though: $argocdurl" \ No newline at end of file +echo "you can now access Openshift Gitops though: $ARGOCD_URL" \ No newline at end of file diff --git a/bootstrap-scripts/enable-htpasswd-users.sh b/scripts/enable-htpasswd-users.sh similarity index 60% rename from bootstrap-scripts/enable-htpasswd-users.sh rename to scripts/enable-htpasswd-users.sh index 1b21a18..f1d30c1 100755 --- a/bootstrap-scripts/enable-htpasswd-users.sh +++ b/scripts/enable-htpasswd-users.sh @@ -1,27 +1,41 @@ -#!/bin/sh +#!/bin/bash clear -readonly SCRIPT_RELATIVE_DIR_PATH=$(dirname -- "${BASH_SOURCE}") +SCRIPT_RELATIVE_DIR_PATH=$(dirname -- "${BASH_SOURCE}") +SCRATCH="${SCRIPT_RELATIVE_DIR_PATH}"/../scratch + +mkdir -p "${SCRATCH}" #echo " This script is located at: $( dirname -- "${BASH_SOURCE}" ) " #echo " This script is located at: $( dirname -- "$(readlink -f "${BASH_SOURCE}")" ) " -oc whoami -[[ $? -gt 0 ]] && echo "๐Ÿ’€ make sure you are logged in your Cluster with an cluster-admin user first! oc login..." && exit 1 +# oc whoami +# [[ $? -gt 0 ]] && echo "๐Ÿ’€ make sure you are logged in your Cluster with an cluster-admin user first! oc login..." && exit 1 + +create_htpasswd(){ + USERNAME=${1:-admin} + PASSWORD=${2:-openshift} + + touch "${SCRATCH}"/htpasswd-users + htpasswd -B -b "${SCRATCH}"/htpasswd-users "${USERNAME}" "${PASSWORD}" +} echo echo "creating admin and other 5 regular users..." #switch to this if you wanna a random pwd for the admin user! #readonly RANDOM_ADMIN_PWD=$(LC_ALL=C tr -dc 'A-Za-z0-9!"#$%&'\''()*+,-./:;<=>?@[\]^_`{|}~'