From 604ba0b424d06dda361471fb21700455333f17ea Mon Sep 17 00:00:00 2001 From: Martin Jackson Date: Wed, 5 Mar 2025 10:25:26 -0600 Subject: [PATCH 1/4] Port to modular framework and prep v2 --- Changes.md | 7 +- Makefile | 6 - ansible/ansible_get_credentials.yml | 4 +- ansible/configure_aap.yml | 94 -------- ansible/get_controller_values_overrides.yml | 22 -- ansible/imperative_configure_aap.yml | 12 - ansible/odf_fix_dataimportcrons.yml | 138 ++++++++++++ ansible/parse_secrets_from_k8s.yml | 80 ------- charts/hub/aap-config/Chart.yaml | 6 - .../templates/aap-configascode-cm.yaml | 9 - .../templates/secret-aap-manifest.yaml | 16 -- charts/hub/aap-config/values.yaml | 10 - .../ansible-automation-platform/Chart.yaml | 7 - .../templates/.keep | 0 .../templates/argocd-clusterbindingrole.yaml | 20 -- .../templates/automationcontroller.yaml | 17 -- .../templates/console-link.yaml | 12 - .../templates/rbac.yaml | 14 -- .../ansible-automation-platform/values.yaml | 3 - charts/hub/cnv/Chart.yaml | 5 - charts/hub/cnv/templates/_helpers.tpl | 0 charts/hub/cnv/templates/hyperconverged.yaml | 42 ---- charts/hub/cnv/values.yaml | 7 - charts/hub/edge-gitops-vms/Chart.yaml | 6 - .../templates/job-waitForMetalNode.yaml | 34 --- .../edge-gitops-vms/templates/rbac/role.yaml | 39 ---- .../templates/rbac/rolebinding.yaml | 29 --- .../templates/rbac/serviceAccount.yaml | 9 - .../templates/virtual-machines.yaml | 176 --------------- charts/hub/edge-gitops-vms/values.yaml | 76 ------- charts/hub/portworx/Chart.yaml | 6 - charts/hub/portworx/templates/_helpers.tpl | 78 ------- .../aws-prereqs/px-aws-prereqs-cm.yaml | 207 ------------------ .../aws-prereqs/px-aws-prereqs-job.yaml | 36 --- .../templates/aws-prereqs/rbac/role.yaml | 14 -- .../aws-prereqs/rbac/rolebinding.yaml | 19 -- .../aws-prereqs/rbac/serviceAccount.yaml | 11 - .../templates/portworx-storagecluster.yaml | 118 ---------- .../templates/storageclass/portworx-rwx.yaml | 15 -- .../storageclass/rbac/clusterrole.yaml | 11 - .../storageclass/rbac/clusterrolebinding.yaml | 16 -- .../templates/storageclass/rbac/role-ns.yaml | 12 - .../storageclass/rbac/rolebinding-ns.yaml | 16 -- .../storageclass/rbac/serviceAccount.yaml | 8 - .../templates/storageclass/wait-for-pxe.yaml | 42 ---- charts/hub/portworx/values.yaml | 52 ----- overrides/values-aap-config-aeg.yaml | 4 + overrides/values-egv-4.12.yaml | 1 - overrides/values-egv-4.13.yaml | 3 - values-hub.yaml | 28 +-- values-portworx.yaml | 50 ----- values-secret.yaml.template | 19 +- 52 files changed, 175 insertions(+), 1491 deletions(-) delete mode 100644 ansible/configure_aap.yml delete mode 100644 ansible/get_controller_values_overrides.yml delete mode 100644 ansible/imperative_configure_aap.yml create mode 100644 ansible/odf_fix_dataimportcrons.yml delete mode 100644 ansible/parse_secrets_from_k8s.yml delete mode 100644 charts/hub/aap-config/Chart.yaml delete mode 100644 charts/hub/aap-config/templates/aap-configascode-cm.yaml delete mode 100644 charts/hub/aap-config/templates/secret-aap-manifest.yaml delete mode 100644 charts/hub/aap-config/values.yaml delete mode 100644 charts/hub/ansible-automation-platform/Chart.yaml delete mode 100644 charts/hub/ansible-automation-platform/templates/.keep delete mode 100644 charts/hub/ansible-automation-platform/templates/argocd-clusterbindingrole.yaml delete mode 100644 charts/hub/ansible-automation-platform/templates/automationcontroller.yaml delete mode 100644 charts/hub/ansible-automation-platform/templates/console-link.yaml delete mode 100644 charts/hub/ansible-automation-platform/templates/rbac.yaml delete mode 100644 charts/hub/ansible-automation-platform/values.yaml delete mode 100644 charts/hub/cnv/Chart.yaml delete mode 100644 charts/hub/cnv/templates/_helpers.tpl delete mode 100644 charts/hub/cnv/templates/hyperconverged.yaml delete mode 100644 charts/hub/cnv/values.yaml delete mode 100644 charts/hub/edge-gitops-vms/Chart.yaml delete mode 100644 charts/hub/edge-gitops-vms/templates/job-waitForMetalNode.yaml delete mode 100644 charts/hub/edge-gitops-vms/templates/rbac/role.yaml delete mode 100644 charts/hub/edge-gitops-vms/templates/rbac/rolebinding.yaml delete mode 100644 charts/hub/edge-gitops-vms/templates/rbac/serviceAccount.yaml delete mode 100644 charts/hub/edge-gitops-vms/templates/virtual-machines.yaml delete mode 100644 charts/hub/edge-gitops-vms/values.yaml delete mode 100644 charts/hub/portworx/Chart.yaml delete mode 100644 charts/hub/portworx/templates/_helpers.tpl delete mode 100644 charts/hub/portworx/templates/aws-prereqs/px-aws-prereqs-cm.yaml delete mode 100644 charts/hub/portworx/templates/aws-prereqs/px-aws-prereqs-job.yaml delete mode 100644 charts/hub/portworx/templates/aws-prereqs/rbac/role.yaml delete mode 100644 charts/hub/portworx/templates/aws-prereqs/rbac/rolebinding.yaml delete mode 100644 charts/hub/portworx/templates/aws-prereqs/rbac/serviceAccount.yaml delete mode 100644 charts/hub/portworx/templates/portworx-storagecluster.yaml delete mode 100644 charts/hub/portworx/templates/storageclass/portworx-rwx.yaml delete mode 100644 charts/hub/portworx/templates/storageclass/rbac/clusterrole.yaml delete mode 100644 charts/hub/portworx/templates/storageclass/rbac/clusterrolebinding.yaml delete mode 100644 charts/hub/portworx/templates/storageclass/rbac/role-ns.yaml delete mode 100644 charts/hub/portworx/templates/storageclass/rbac/rolebinding-ns.yaml delete mode 100644 charts/hub/portworx/templates/storageclass/rbac/serviceAccount.yaml delete mode 100644 charts/hub/portworx/templates/storageclass/wait-for-pxe.yaml delete mode 100644 charts/hub/portworx/values.yaml create mode 100644 overrides/values-aap-config-aeg.yaml delete mode 120000 overrides/values-egv-4.12.yaml delete mode 100644 overrides/values-egv-4.13.yaml delete mode 100644 values-portworx.yaml diff --git a/Changes.md b/Changes.md index afa78fcf..b02085f4 100644 --- a/Changes.md +++ b/Changes.md @@ -53,16 +53,19 @@ * Remove ODF overrides from OCP 4.12/3 that force storageClass to gp2; all released versions should use gp3-csi now. * Include overrides for OCP 4.12 and OCP 4.13 to use the older `ocs-storagecluster-ceph-rbd` storageClass. -## Changes for v2.0 (TBD) +## Changes for v2.0 (March 5, 2025) * Split HMI Demo Project out to separate [repository](https://github.com/validatedpatterns-demos/rhvp.ansible_edge_hmi) * Split HMI Config out to separate [repository](https://github.com/validatedpatterns-demos/ansible-edge-gitops-hmi-config-as-code.git) * Drop the custom execution environment because AAP can resolve these dependencies itself * Switch to modular common * Use the Validated Patterns ODF Chart (dropping our custom version) -* Comment out portworx install and test, as the only OCP version that supports is 4.12, which is now past +* Drop portworx chart and Makefile targets, as the only OCP version that supports is 4.12, which is now past the end of its maintenance support lifecycle. * Refactor installation mechannism to use standard configuration-as-code approach, which will make it easier to drop in a new config-as-code repository. * Move VM definitions outside of edge-gitops-vms chart so that derived patterns do not inherit the HMI kiosks. Kiosk VMs now defined by default in overrides. +* Use Validated Patterns charts for Installing Ansible Automation Platform, OpenShift Virtualization, and + edge-gitops-vms. +* Switch to AAP-2.5 support as provided by Validated Patterns aap-config chart. diff --git a/Makefile b/Makefile index f0390a55..d0c0edbc 100644 --- a/Makefile +++ b/Makefile @@ -14,9 +14,6 @@ help: install upgrade deploy: operator-deploy post-install ## Install or upgrade the pattern via the operator echo "Installed/Upgraded" -#portworx-install portworx-upgrade portworx-deploy: ## Install with portworx instead -# EXTRA_HELM_OPTS='-f values-portworx.yaml' make install - post-install: ## Post-install tasks - load-secrets make load-secrets echo "Post-deploy complete" @@ -31,9 +28,6 @@ test: ## Run tests @set -e; for i in $(CHARTS); do echo "$${i}"; helm template "$${i}"; done echo Tests SUCCESSFUL -#portworx-test: -# EXTRA_HELM_OPTS='-f values-portworx.yaml' make test - update-tests: ## Update test results ./scripts/update-tests.sh $(CHART_OPTS) diff --git a/ansible/ansible_get_credentials.yml b/ansible/ansible_get_credentials.yml index b928bc6c..b9ca2716 100644 --- a/ansible/ansible_get_credentials.yml +++ b/ansible/ansible_get_credentials.yml @@ -13,7 +13,7 @@ api_version: route.openshift.io/v1 kind: Route namespace: ansible-automation-platform - name: controller + name: aap register: aap_host until: aap_host.resources | length == 1 retries: 20 @@ -27,7 +27,7 @@ kubernetes.core.k8s_info: kind: Secret namespace: ansible-automation-platform - name: controller-admin-password + name: aap-admin-password register: admin_pw until: admin_pw.resources | length == 1 retries: 20 diff --git a/ansible/configure_aap.yml b/ansible/configure_aap.yml deleted file mode 100644 index 5563bf16..00000000 --- a/ansible/configure_aap.yml +++ /dev/null @@ -1,94 +0,0 @@ -#!/usr/bin/env ansible-playbook ---- -- name: Configure this pattern's AAP Controller - become: false - connection: local - hosts: localhost - gather_facts: false - vars: - ansible_host: "" - admin_password: "" - secrets: "" - controller_configuration_dir: /tmp/controller_configuration_dir - entitle_aap: true - tasks: - - name: Assign variables for IAC Configuration - ansible.builtin.set_fact: - controller_hostname: "{{ ansible_host }}" - controller_username: admin - controller_password: "{{ admin_password }}" - controller_validate_certs: false - controller_configuration_secure_logging: false - - - name: Check on license key to determine need to entitle - block: - - name: Wait for API to become available - retries: 300 - delay: 5 - until: config_check.status == 200 - ansible.builtin.uri: - url: https://{{ ansible_host }}/api/v2/config/ - method: GET - user: admin - password: "{{ admin_password }}" - body_format: json - validate_certs: false - force_basic_auth: true - register: config_check - no_log: true - - - name: Debug config_check status - ansible.builtin.debug: - var: config_check - - - name: Turn off entitlement if warranted - ansible.builtin.set_fact: - entitle_aap: false - when: - - config_check.json.license_info.valid_key - - rescue: - - name: Notify that we are going to entitle - ansible.builtin.debug: - msg: "Could not get valid_key from license, entitling" - - - name: Load license via awx - awx.awx.license: - controller_host: "{{ ansible_host }}" - controller_username: admin - controller_password: "{{ admin_password }}" - manifest: "{{ secrets.manifest_file_ref }}" - validate_certs: false - retries: 30 - delay: 10 - register: result - until: result is not failed - when: entitle_aap - - name: Determine which repo to clone - kubernetes.core.k8s_info: - name: aap-configascode-cm - namespace: ansible-automation-platform - kind: ConfigMap - register: repo_config - - - name: Checkout infrastructure-as-code repository - ansible.builtin.git: - repo: "{{ repo_config.resources[0].data.aap_configascode_repo }}" - version: "{{ repo_config.resources[0].data.aap_configascode_revision }}" - dest: "{{ controller_configuration_dir }}" - clone: true - update: true - recursive: true - - - name: Include vars from infrastructure-as-code repository - ansible.builtin.include_vars: - dir: "{{ controller_configuration_dir }}" - ignore_unknown_extensions: true - extensions: - - json - - yaml - - yml - - - name: Configure AAP Controller - ansible.builtin.include_role: - name: infra.controller_configuration.dispatch diff --git a/ansible/get_controller_values_overrides.yml b/ansible/get_controller_values_overrides.yml deleted file mode 100644 index 01bc01c4..00000000 --- a/ansible/get_controller_values_overrides.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -- name: Copy controller overrides out of values.yml - hosts: localhost - gather_facts: false - become: false - vars: - kubeconfig: "{{ lookup('env', 'KUBECONFIG') }}" - tasks: - - name: Retrieve configmap values - kubernetes.core.k8s_info: - kind: ConfigMap - namespace: ansible-automation-platform - name: aap-configascode-cm - register: aap_cm - until: aap_cm.resources | length == 1 - retries: 20 - delay: 5 - - - name: Store needed values - ansible.builtin.set_fact: - aap_configascode_repo: "{{ aap_cm.resources[0].data.aap_configascode_repo }}" - aap_configascode_revision: "{{ aap_cm.resources[0].data.aap_configascode_revision }}" diff --git a/ansible/imperative_configure_aap.yml b/ansible/imperative_configure_aap.yml deleted file mode 100644 index 6732852a..00000000 --- a/ansible/imperative_configure_aap.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- name: Discover Ansible Controller Credentials - ansible.builtin.import_playbook: ansible_get_credentials.yml - -- name: Set parameters needed for configuring controller from values.yaml - ansible.builtin.import_playbook: get_controller_values_overrides.yml - -- name: Extract secrets from Kubernetes - ansible.builtin.import_playbook: parse_secrets_from_k8s.yml - -- name: Configure AAP using credentials - ansible.builtin.import_playbook: configure_aap.yml diff --git a/ansible/odf_fix_dataimportcrons.yml b/ansible/odf_fix_dataimportcrons.yml new file mode 100644 index 00000000..860185a6 --- /dev/null +++ b/ansible/odf_fix_dataimportcrons.yml @@ -0,0 +1,138 @@ +#!/usr/bin/env ansible-playbook +--- +# This workaround was implemented to fix a problem where openshift-cnv would +# not recognize a default virt storage class change and change the format of +# datasources. The issue was fixed in OpenShift Virtualization 4.16.4. +- name: Determine if we have PVC clean-up to do + become: false + connection: local + hosts: localhost + gather_facts: false + vars: + kubeconfig: "{{ lookup('env', 'KUBECONFIG') }}" + dataimportcron_cleanup: false + image_cleanup_namespace: "openshift-virtualization-os-images" + cluster_version: "{{ global['clusterVersion'] | default('UNSET') }}" + tasks: + - name: Check cluster version + ansible.builtin.debug: + var: cluster_version + + - name: Exit if normal version check is not right + ansible.builtin.meta: end_play + when: cluster_version not in [ '4.16', 'UNSET' ] + + - name: Find default storageclass + ansible.builtin.shell: | + set -o pipefail + oc get storageclass -o json | jq -r '.items[] | select(.metadata.annotations."storageclass.kubernetes.io/is-default-class")' + register: default_sc_output + changed_when: false + + - name: Find virtualization default storageclass + ansible.builtin.shell: | + set -o pipefail + oc get storageclass -o json | jq -r '.items[] | select(.metadata.annotations."storageclass.kubevirt.io/is-default-virt-class")' + register: default_virt_sc_output + changed_when: false + + - name: Compare default virtualization storageclass and default storageclass to determine whether to clean PVCs + block: + - name: Parse results + ansible.builtin.set_fact: + default_sc: '{{ default_sc_output.stdout | from_json }}' + default_virt_sc: '{{ default_virt_sc_output.stdout | from_json }}' + + - name: Commit to dataimportcron cleanup + ansible.builtin.set_fact: + dataimportcron_cleanup: true + when: + - default_virt_sc.metadata.name == "ocs-storagecluster-ceph-rbd-virtualization" + - default_sc.metadata.name != default_virt_sc.metadata.name + rescue: + - name: Note that we exited + ansible.builtin.debug: + msg: "Caught an error before we could determine to clean up dataimportcrons, exiting" + + - name: End play (successfully) + ansible.builtin.meta: end_play + + - name: Cleanup incorrect datasourceimport images (PVCs) + when: + - dataimportcron_cleanup + block: + - name: Find dataimportcrons + kubernetes.core.k8s_info: + kind: dataimportcron + namespace: '{{ image_cleanup_namespace }}' + api_version: cdi.kubevirt.io/v1beta1 + register: dic_list + + - name: Extract dic names + ansible.builtin.set_fact: + dic_names: "{{ dic_names | default([]) + [ item.metadata.name ] }}" + loop: "{{ dic_list.resources }}" + + - name: Show names + ansible.builtin.debug: + var: dic_names + + - name: Find datasources to cleanup + kubernetes.core.k8s_info: + kind: datasource + namespace: '{{ image_cleanup_namespace }}' + api_version: cdi.kubevirt.io/v1beta1 + register: ds_cleanup_list + + - name: Keep track of objects to remove + ansible.builtin.set_fact: + cron_cleanups: [] + ds_cleanups: [] + + - name: Record datasources that need cleanup + ansible.builtin.set_fact: + cron_cleanups: "{{ cron_cleanups + [ item.metadata.labels['cdi.kubevirt.io/dataImportCron'] ] }}" + ds_cleanups: "{{ ds_cleanups + [ item.metadata.name ] }}" + loop: "{{ ds_cleanup_list.resources }}" + when: + - item['metadata']['labels']['cdi.kubevirt.io/dataImportCron'] is defined + - item['metadata']['labels']['cdi.kubevirt.io/dataImportCron'] in dic_names + - item.status.conditions[0].message != "DataSource is ready to be consumed" + + - name: Check on removables + ansible.builtin.debug: + msg: + - "cron_cleanups: {{ cron_cleanups }}" + - "ds_cleanups: {{ ds_cleanups }}" + + - name: Delete datasources in cleanup list + kubernetes.core.k8s: + kind: datasource + namespace: '{{ image_cleanup_namespace }}' + api_version: cdi.kubevirt.io/v1beta1 + name: "{{ item }}" + state: absent + loop: "{{ ds_cleanups }}" + + - name: Delete datavolumes in cleanup list + kubernetes.core.k8s: + kind: datavolume + namespace: '{{ image_cleanup_namespace }}' + api_version: cdi.kubevirt.io/v1beta1 + label_selectors: + - 'cdi.kubevirt.io/dataImportCron={{ item }}' + state: absent + loop: "{{ cron_cleanups }}" + + - name: Delete dataimportcrons in cleanup list + kubernetes.core.k8s: + kind: dataimportcron + namespace: '{{ image_cleanup_namespace }}' + api_version: cdi.kubevirt.io/v1beta1 + name: "{{ item }}" + state: absent + loop: "{{ cron_cleanups }}" + rescue: + - name: Note that we exited + ansible.builtin.debug: + msg: "Caught an error while cleaning up dataimportcrons, exiting" diff --git a/ansible/parse_secrets_from_k8s.yml b/ansible/parse_secrets_from_k8s.yml deleted file mode 100644 index 5004cd34..00000000 --- a/ansible/parse_secrets_from_k8s.yml +++ /dev/null @@ -1,80 +0,0 @@ -#!/usr/bin/env ansible-playbook ---- -- name: Retrieve Credentials from Kubernetes for use in AAP - become: false - connection: local - hosts: localhost - gather_facts: false - vars: - kubeconfig: "{{ lookup('env', 'KUBECONFIG') }}" - tasks: - - name: Retrieve manifest file - kubernetes.core.k8s_info: - kind: Secret - namespace: ansible-automation-platform - name: aap-manifest - register: manifest_secret - until: manifest_secret.resources | length == 1 - retries: 20 - delay: 5 - - - name: Set manifest fact - ansible.builtin.set_fact: - manifest_file: "{{ manifest_secret.resources[0].data.b64content | b64decode | b64decode }}" - - - name: Write temp manifest file - ansible.builtin.tempfile: - state: file - suffix: .zip - register: manifest_file_tmp - - - name: Set manifest_file_ref fact - ansible.builtin.set_fact: - manifest_file_ref: "{{ manifest_file_tmp.path }}" - - - name: Copy manifest contents to tmpfile - ansible.builtin.copy: - content: "{{ manifest_file }}" - dest: "{{ manifest_file_ref }}" - mode: "0644" - - - name: Retrieve kubeconfig secret - kubernetes.core.k8s_info: - kind: Secret - namespace: openshift-kube-apiserver - name: node-kubeconfigs - register: node_kubeconfigs - until: node_kubeconfigs.resources | length == 1 - retries: 20 - delay: 5 - - - name: Parse out vault configmap data - kubernetes.core.k8s_info: - kind: ConfigMap - namespace: vault - name: openshift-service-ca.crt - register: vault_ca_cm - - - name: Retrieve CA field - ansible.builtin.set_fact: - vault_ca: "{{ vault_ca_cm.resources[0].data['service-ca.crt'] }}" - - - name: Retrieve config details about vault - kubernetes.core.k8s_info: - name: vaultkeys - namespace: imperative - kind: Secret - register: vault_secret - - - name: Parse out vault secret data - ansible.builtin.set_fact: - vault_data: "{{ vault_secret.resources[0].data.vault_data_json | b64decode | from_json }}" - - - name: Set secrets for use in load controller playbook - ansible.builtin.set_fact: - secrets: - manifest_file_ref: "{{ manifest_file_ref }}" - kubeconfig: "{{ node_kubeconfigs.resources[0].data['lb-ext.kubeconfig'] | b64decode }}" - vault_ca: "{{ vault_ca }}" - vault_root_token: "{{ vault_data.root_token }}" - vault_url: https://vault.vault.svc:8200 diff --git a/charts/hub/aap-config/Chart.yaml b/charts/hub/aap-config/Chart.yaml deleted file mode 100644 index fcf2556b..00000000 --- a/charts/hub/aap-config/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v2 -description: A Helm chart to build and deploy secrets using external-secrets for ansible-edge-gitops -keywords: -- pattern -name: aap-external-secrets -version: 0.0.1 diff --git a/charts/hub/aap-config/templates/aap-configascode-cm.yaml b/charts/hub/aap-config/templates/aap-configascode-cm.yaml deleted file mode 100644 index 5618f5cb..00000000 --- a/charts/hub/aap-config/templates/aap-configascode-cm.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: aap-configascode-cm - namespace: ansible-automation-platform -data: - aap_configascode_repo: "{{ $.Values.configAsCode.repo }}" - aap_configascode_revision: "{{ $.Values.configAsCode.revision }}" diff --git a/charts/hub/aap-config/templates/secret-aap-manifest.yaml b/charts/hub/aap-config/templates/secret-aap-manifest.yaml deleted file mode 100644 index 698782dc..00000000 --- a/charts/hub/aap-config/templates/secret-aap-manifest.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: "external-secrets.io/v1beta1" -kind: ExternalSecret -metadata: - name: aap-manifest - namespace: ansible-automation-platform -spec: - refreshInterval: 15s - secretStoreRef: - name: {{ .Values.secretStore.name }} - kind: {{ .Values.secretStore.kind }} - target: - name: aap-manifest - dataFrom: - - extract: - key: {{ .Values.aapManifest.key }} diff --git a/charts/hub/aap-config/values.yaml b/charts/hub/aap-config/values.yaml deleted file mode 100644 index e8303087..00000000 --- a/charts/hub/aap-config/values.yaml +++ /dev/null @@ -1,10 +0,0 @@ -configAsCode: - revision: main - repo: https://github.com/validatedpatterns-demos/ansible-edge-gitops-hmi-config-as-code.git - -secretStore: - name: vault-backend - kind: ClusterSecretStore - -aapManifest: - key: secret/data/hub/aap-manifest diff --git a/charts/hub/ansible-automation-platform/Chart.yaml b/charts/hub/ansible-automation-platform/Chart.yaml deleted file mode 100644 index 0a377e8f..00000000 --- a/charts/hub/ansible-automation-platform/Chart.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v2 -description: A Helm chart to configure ansible-automation-platform -keywords: -- pattern -name: ansible-automation-platform -version: 0.0.1 -dependencies: diff --git a/charts/hub/ansible-automation-platform/templates/.keep b/charts/hub/ansible-automation-platform/templates/.keep deleted file mode 100644 index e69de29b..00000000 diff --git a/charts/hub/ansible-automation-platform/templates/argocd-clusterbindingrole.yaml b/charts/hub/ansible-automation-platform/templates/argocd-clusterbindingrole.yaml deleted file mode 100644 index d91c4c18..00000000 --- a/charts/hub/ansible-automation-platform/templates/argocd-clusterbindingrole.yaml +++ /dev/null @@ -1,20 +0,0 @@ -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: openshift-gitops-cluster-admin - annotations: - argocd.argoproj.io/sync-wave: "-1" -subjects: - - kind: ServiceAccount - name: openshift-gitops-argocd-application-controller - namespace: openshift-gitops - - kind: ServiceAccount - name: openshift-gitops-applicationset-controller - namespace: openshift-gitops - - kind: ServiceAccount - name: openshift-gitops-argocd-server - namespace: openshift-gitops -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin diff --git a/charts/hub/ansible-automation-platform/templates/automationcontroller.yaml b/charts/hub/ansible-automation-platform/templates/automationcontroller.yaml deleted file mode 100644 index 05dc096b..00000000 --- a/charts/hub/ansible-automation-platform/templates/automationcontroller.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: automationcontroller.ansible.com/v1beta1 -kind: AutomationController -metadata: - name: controller - namespace: ansible-automation-platform - annotations: - argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true -spec: - create_preload_data: true - route_tls_termination_mechanism: Edge - garbage_collect_secrets: true - ingress_type: Route - image_pull_policy: IfNotPresent - task_privileged: false - projects_persistence: false - replicas: 1 - admin_user: admin diff --git a/charts/hub/ansible-automation-platform/templates/console-link.yaml b/charts/hub/ansible-automation-platform/templates/console-link.yaml deleted file mode 100644 index fff17d2c..00000000 --- a/charts/hub/ansible-automation-platform/templates/console-link.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: console.openshift.io/v1 -kind: ConsoleLink -metadata: - name: controller - namespace: ansible-automation-platform -spec: - applicationMenu: - section: Red Hat applications - imageURL: data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAADICAIAAAAiOjnJAAAc1klEQVR42u2deXAUZfrH++3uuTP3JCFAEnJBQBSQQ1jW6LIJAkYMRwgG5IgskUWMFVJsbYm4/sBdZSFldBVhFQrQaOIVMIAhuFJZEeQQEA8gdzhCJjOTzEzm7uP3By6FSN5M0nN0J++39g/LHSfT7/vp933e530OwLIshoQUaOFoCJAQWEgILCQEFhISAgsJgYWEwEJCQmAhIbCQEFhISAgsJAQWEgILCQmBhYTAQkJgISEhsJAQWEgDTCQagruIZVmKYmkaoyiWYTCWxW4P4AYAAwDgOEaSgCAASWIAoDFDYP0aIIZhvV6qvZ1qb/e1tHjq671Xr1JmM2U202Yz7XAwPh9L0yzD3EwOAAAAHAcEgYtEhEJB6PWkXk/q9eKhQyVJSaK4ODIykoyMBGIxwPGBDNzAA4thGKfTZzK5L150XrzoPn3a3dDga2ykOzsZnw+j6b5/803aNBpRQoI0MVE6YYI8NVWamioyGHC5HMMHltUBBkiWDktR3uZm5/Hj9pMnXWfPupua6LY21ucL7uCKRER0tHTYMNm4ccpJk+RTpojj4wFJIrAEv9MxTqfrp5/sNTXW/fvdFy5QVivGMGE6JuGkWi2991717NnKtDTZqFG4XN6P98r+CRZL055LlzoqKmzV1a7z5+mODl79PEKrlY0Zo8rI0GZlSUaMAASBwOK7/eQzGm3V1eZ33uk6cYLxevm8ILAYhovFEZMn61esUGVkiKKi+pMd1k/AYinK09Bg2rmzs6LCW1/PUpSQ5oAkxUlJmqwsQ16eJDGxfxhhggeL9Xgcp061v/GG9cgR2mIR9LMQOp06PT1yzRrFxIlAIkFghQkpr9f53XdtxcW2gwdph6PfbCKEQqGaNSu6sFB+//1ALEZghdSWcp4501ZSYq2spK3WfnmqItRqdWZmdEGBfPx4IdpeQgOLZT3Nze3btpm2b++vSN2BlyE/P3LVKkl8vLB8E0ICi3G5LKWlNzZv9tTWYgOn+hIAkpSUQevW6XJzcZkMgRXQdYqmXefOXSsqstfUsOHycIZ3nnBcmZY2ZMsW2dixgvB7CQAsxuEwbttmLC72tbZiA1uimJiowsKoVatwhQKBxclId124cGX1avuxYxjS/6ScOjX2zTdl997LZ6Oev7+M9fnMe/fWzZmDqLpD9mPH6ubMMe/dG+xL9H64YlHt7dc3bDDt3Ml6vYiku8+cWGzIyxv8f/9HRkYisPxyKLjr6ppXruyqqcEGpJ3em/0Gj0hLi9+xQ5qczDdnBM43qmyHD9dnZnYdPYqo8scG7Tp6tD4z03b4MN/8LzxasVifz1JWdqWgQOhXfqEXodPFlpTocnKASIRWrDupMpaUXHnmGURVH0RbLFeeecZYUsIfc54XKxbjdLZu3Ni2ZYuwwl14Zy+TZHRRUcwLL+Byedh/TPhDfxiH4/rLLxuLixFVXFd9imorLmYBGPz882H3oIZ5xWKczisFBaZduzilxyD9yuAiDMuXx5aUhHfdwsNL1fVNmxBVgTa4aNOuXdc3bWKczoEIFuvztW7caNy6FVEVDLaMW7e2btwYRlseDxdVxpKSti1bkGM9WCPs9bZt2RLGc2I4wGJZS1lZ66ZNyFoPti3fummTpawsLL7TkBvvLGs7fLgxN5dC/qrQHPt1uoTSUtX06SG+8wk1WO7a2vrMTPfly2jKQybp8OFJlZXSlJR+uxVS7e3NK1ciqkIs9+XLzStXUu3t/RMs1uu9vmFDV00NmunQq6um5vqGDaE8KoVqK2QY0549Lfn5Qj0GAkBotaLBgzGCoG7coIxGwWVzALE4bvt2w5IloYk7DRFYru+/r8vK8jY2ChEqQqOJeu45zdy54sGDMRynTCZrVZXx73/3Ci0GX5yQkFxRIbvvvn4CFuNw1D3yiEAjjEXR0fHvvqueOfNXLzrLOk6caFiwwHv1qrAeRzl1anJVVQhuEoO+KrI0bdy2Tahx6wQx6KWX7qQKwzAAFJMnD/7nP4FUKqwHsh87Zty2jQ3+bUfQwXKdO2csLhaozSsZMUI3d+7djRIANDNmyO6/X3APZSwudp07J2ywGJfralGRUPMBAdDNm0caDBDbS5+bK7iqfL7W1mtFRYzLJViwWNZSWipc/wKh0Wizs+HcaGbPJnU6wT2avabGUloa1INtEMHyNDff2LxZuBnxqsxM6ahRPZyzYmO1CxcK7tFYhrmxebOnuVmAYDFM+7ZtntpagVKFy2T6RYv8qZKgW7SI0GgE94Ce2tr2bduClwoVLLCcZ86Ytm8Xbk0Y2YQJEVOm+PNJ+dixCv8+ybNVizVt3+48c0ZIYLFeb1tJiYDrVwGgmzePUKn8XduWLRPiU9JWa1tJSZDuQoIClvPsWWtlJSZYkXq9Zu7cXlhj6eniuDghPqm1stJ59qwwwGI9nratWwVdbk8zf744NrYXIGq1+qVLhbpobd3KejwCAMtx6pTt4EHhUkWo1fonn+zt1qnJzhai3wHDMNvBg45Tp/gOFktR7W+8Iegaxorf/14+dmyvjf3UVNWjjwpy0XI42t94I+Bh4gEGy9PQYD1yBBOydLm5fcjIAyKRLjcXCLO1hPXIEU9DA4/BYhjTzp2CLr4gjo3VzJjRt/82YupU2bhxgly0LBbTzp2B9WkFEiyf0dhZUSHo5Uq7eDGh1Xa/07OQ0SciIrQLFgi0oVdnRYXPaOQpWLbqam99vYC9DDqd7oknIGR4GhutX3wBMeG1OTmimBghPru3vt5WXc1LsGja9M47gk4VVE6fLhsxAvZaf/ZZ2yuvQDyK4qFDNVlZQnx2lqJM77wTwKz0gIHlvnTJceKEcKkCJKlbsgTSu4alKPOOHY4TJ5zdH84BQegWLeJ/rey7ynHihPvSJZ6BxbIdFRWMkPPlpffdp5w6FfKBruPHXZcvMz6f+cMPIQuzfOxYBfR7eCvG6+2oqAjU9W5gwGIcDlt1taDb0OrmzSOUSshyZfngg19MyS++8LW1dTugMplu3jwhmvAAw2zV1UyAfJCBAcv188+u8+eFS5UoJka3eDHMbG9qsh448Ms/19VZP/8cYsJrsrMlwrw6dJ0/7/r5Zx6BZa+p4Vvf5V5J/dhjoiFDYAfeQ4d8tyXkdJSWQkJ7SY1Gk5MjxHGgOzrsAYr4DQBYLEVZ9+0TLlV4RIR+6VJITB/jcpn//e/bPViOU6dgJxUAdIsXk1FRQhwN6759ATnaBwAsb3Oz+4cfhAuWYtIk+ZgxsOPSsWN3bBCM22354ANIEpU0JSVi2jQhjob7hx+8gQhZDgBYzuPHKeEGyeC47oknIJeDLEWZy8p++xJbDx3yXbvW7bdKpYZFi4RowlNWq/P4cR6AxTD2kyeF20VCPGSIJisLQoC3pcVWVfXbf++7erUTGh2kTE+XDhsmQK9DYCaUK1iM0+kKTghiaKSdP5/U62E2x8GD3a1MHe+/DwkQwqVS/YoVQly0XGfPci+MyxUsn8nkbmoSKFVkVJRu2TLI3NNdXZY9e7p7fZ1nzji++QZG7cKFYgEuWu6mJp/JFGaw3Bcv0t17C/lutj/4ILzOnePbb53ffw85LVrefx+ya4hjY5V9DcIJp9Ohrc198WJYwWJZ588/87kdI0wAROblQdp3sxRl2b0bHg/eWVnpbWnp9i+IRJHLlgGSFNbAsD6f8+JFjnc7nMBiGcZ9+rRAlyvJkCHKhx+GuVGuXbP95z89vNxmcyc0H0k+ZoxcgNF/7tOnOaawcwPL63ULs5YahuOGVavgIcjWzz+HOBRuyVJaCklJAhKJYcUKwS1a7oYGjvmGnMCi2tt9wgRLNHSoJjsbthR1dVk+/NCvM9T5813QeCF1ZqY4OVlY4+NrbORYDJcbWEYj3dkpRLBUM2dKoOc1x8mTfrpRGKfTvHs37Ow5aBAcYj7a752dFLdIZU5g+VpaGAGGjAKCMCxdCmtGyjDmnTv99+XYDhyAZLkAHNcvWEAIKuuQoShf94eSoIPlaWjABAiW7L77FNBKfN7r122HD/fi/bbbO6EhctLhwyMmTRLSGFEUx4QwTmAJrrTrzeUq8umngUQC+UzHvn29szBY1vLBB1T3VgEQiwVnwnOcXA5gsSxlNgsOLHFSkmrWLLjZ3lle3utj1E8/OU6ehHwgYto0yejRQlqzzGYurqy+g8VSlBDB0mRniwcPhpnt337bh6pRjNNp2rkTEkhDajR66PURD8HiEpjFCSxaaGDhWq0uOxvemsGyd2/f4r7tR454IFkuAGgyM+Fxqvw6GJrNXKp2c9gKaVpwxT+UkyfLRo6EGxZ9TuamOzo6yssh24ckPl71yCOCAcvhwMKzYjEMI6hbQkCSemjmIIZhjN2O+1fI765GZ8f+/VT3sf+AJPW5ufAfwCOPg8/H5VaHk/HOCqqds2TkSOX06fDPSFNTkz79VDF5ct/+hPvHH7ug4ZeKKVPk48cLYrhYmg6P8Y6xrJBKbQOgW76chBT8+N/HFBMmJFdW6p96qg/tTFiv17x7N+SWDZfJDPn5/hRjDj9YDBMmsDCMFU5RZHLQIM2jj/p5KCP1+riSksEbN+K9Z8v+5ZduaBFyVXq6ODFRAGCFMWxGQFLPmiXtzXTiCsWgtWuT9u+XQI39u9i8Fotlxw7Iuy6OiRHc1WGowQIC8coAkUiXnd1rxzcAqvT0pI8/hodt/VadVVWw2r44rl+4kP+7IcfJxTn9ZYFURpRPmBCRlta3Z5SNGpW0b1/k00+D7mNN7zTh6+utX30F+YDsnnuUvM86BDjOxZ3LDSwhGKEYjuuWLcP9xuK3IlSqocXFcW++SfhZm5SiLO+/z7jdkJ9kyM+H31eGHyyCCA9YAMdxSOQJbyROTtZALwf9GiaZzLBsWeL+/TL/7vu6jh51//QT5APKP/yhxw5QYX4fRSIuOxKHFYskCSFUGNM+/ji8fKPPaPT4E3sEgGratOQDB9SzZ/c44rTZbNm9G2LCk1qtjt9twwiFAuMQjsFhxSIIAprqyZP1XJebC9+yzW+/XT9nTtfRoz27bQAQx8Ul7N4dVVTUo5fLUl5O2+2Qr9LMncvnAST0ei6mDgewSJLkPVgRDz0khzZtp+12y0cfub77rm7uXNN77/nT/IPQaIa8/HL8u++KoG1RfDdudB46BPmAJCFBw+OsQ1KvB2FZsTAAeA4WEIn0K1bAYxkcp0+7L1/GMIzu6LjyzDPXXnzRn562gCT1CxcmfvSRDFqmxlJeDvk2QBDaJ5/kbbtyUq8P06kQw8RDh/IZLOk996ih0QSs12vas+fWDQxjs7W9+mrD4sUef4oG4HjEAw+kVFVpFy7sLnzeceQIJJEawzDlgw8q+Hp1yHFyOYElSUzEeBxuq5k/H3456Glq6vpNgxbrZ581ZGU5vvvOn5syUXR0/I4dMS+9dNeYBdpm64C2Xsblct3SpXyM/iNJSVJS2MASxcXhfAWL0Ol0PfWJ6Cwru0tKKss6z5+vf+wx83vv+RNCSSiVMX/5S8Lu3eKEhN/+vx2lpRS0B4x61ixxfDzvfA0kKeJWRpUTWGRUFG/bIavS0yV3m+lbYlwu89693S0nvuvXW55+uvUf/4Cd7G7bFrU5OUn79yvS0u5A2Wc2wxN4RIMGaR5/nHevpUZDRkaGD6zISBF08sL2wkkk+qVL4YearhMn4GEIjNN5Y+PGllWrfNev+3OUkY8enVRWpl+8+FfbIstaPv4YkqIICEL3xBM4z0x4UUJCOMECYrGUlxEgsjFj4JeDrNdr3ru3x+9hfT5LaWndjBnOc+f8KXInGjQobseOoVu33t7pyfHNN3ATXj5uHN+uDqWJiRwjXbmBhePSCRN4CJZuyRIiIgJmtre02P3sq8iyzgsXGrKzO/fv98ecx6XSyFWrhu3Zc6vkGmOzdXz4IYRLIBbrelpfQw3WhAkcIwy4hScAIE9NBTy7MRTHx/dotXSWl/t6k5DpqatrmDfvxiuv0F1dPY8KQWgyM0ccPapMT7/pvO4oK/PeuAGzCKdNk0JdYqEUEInkqalY2MJmbqKdmkpER/PLbJ85E345yLjdlj17eht3yzLM9b/97cpzz/mZTSmOj0/84IPI1asBjvuMRtu+fbCrQ51OM3MmXyz36GhpaipXM5erlWcw8Ko2MC6VGp58En7JZf/yS3ddXR++nPV6ze++WzdzpvP77/3hkjQYhm7dGvuvf5HR0ab334elK+K4Pi+PJ23DpMOGiQyGMIOFy+W86lermDpVBvVlsz6f5eOPueQXOU6dasjOtlZV+fMlgCQj8/MTy8rYri64CS+Oj1fzY9GSjRvXh67YAQYLw3HlpEkYP0JJAUkannoKhwbQeZqa7JzboXsuX27MyTG+/ro/F4sYjivT0hI/+YS2WCDrHMBxw5/+xCUgMUBrfmAmNABAyKdMIdVqPoAlGTWqx3N7p38FIHsUbbNd++tfrzz3HOVfc3VJUpKqpwVJ8cAD8ilTwjuGpFodkN8QALDE8fFSftRR0Tz2GNytxzgcHd1723ttcnk8ph07GhctcvvXiq3HYF9CpdKGu22YdPTogFwxBQAsQJJqHlxK4DKZfulSuPfF/uWXrkD3k7J98UXt9Om2r74KQF44ALo5c3rOqg2m1I8/HhCPWmBsI2VaGhHW4cAwTPXHP0qg1wAsRXV88kkw2qF7r15tzM017drF/ctJg0Hz2GNhczRotcq+pTMFCSzZyJGysPr3gExmWL0a7mXwNDZa79ZuKSCibtxoyc/33+SCLFqGZ54J11sqGzNG1ssE3eCChSsUqoyMMObby8aPVzzwAPwz1kOHqKB2Z2GY9rffblqxwlNfz+lZ7rknLO3KWQxTZWQEypcWIDcBANqsLDx8BXr0ubkkNICHttstftw6cz4r0tbPPqubOdP+3//2uTMbLpfr8/JCH0GJi8VaaIe9cICFYdIRI/pc/YerZaBUaufMgY9I19dfh6wNrLu2tmH+fC4ml+qhhyQhDxuJmDxZOmJEwDAN3PQS4SoMrH38cRH0vpKlact778FSkwNuchmNLatXX9+wge5T71lSq9XOnh3KkGVAkvoVK7DApbYH0mOuysgQcwuU7gvPKpU+Px8+B96WFhtnb3uvTRaPp+3VVxsXLfJeudJrz9nNal7cQu16JXFSkiojI5AbawC/SxQVpcnKCvH8yX/3ux7ba3UeOMCxgUcf2WIY64ED9fPnO06d6rVpkZKiDOhMw6XJyhJFRfEULAzHDXl5oeztAQjC0FNQAG21dpSWhtEV4jx5sm76dHilv7s8mkhkWL4ccL4M9mvV1+kMeXmBvfAN8OWxJDFRnZ4esjkTxcWpeipe5ThzxnX+PBZWUVZry7PPtm7e7Nel9a3FeNw4SUhSCtTp6QE/KwQYLECSkWvWhKhYCAC6rCyyp8gh09tvc2+dzV2Mzdb6wguN8+Z5/b4CJzQaeU/OuQAsVwpF5Jo1AT91BT7cRTFxoopz2SC/RkSr1T75ZA9m+9WrvWq3FGx1HjrUsHCh07+GdQCAEIR9q2bNUkycGPCvDTxYQCKJXruWCH4gjXL69B6qVbFs56efUn068AdPjq+/rp0xo/PTT3v0cjEulweaoBaAl1Otjl67Nhgl4IISoCcfN06dmRncbVAq1S9ZAn+habvdUl7OwzKplNHYlJd3o7gYvke7Ll1yQYNOA2BdZWYGqWV1UMACYnF0QUFQFy3Z6NHKnuLRHKdPh91sh5xVrz//fMuf/+zrJnuHtlpbX3yRNpmCu1wVFASpU0awQorl48cbevJbcvK7zJiBAUDbbJD/mXftYvzI1grfwkWZ9+ypy8qyf/MNe3vzGIbxNDc35+VZKyuDevQx5OcHr00GCF4TAE9TU+0jj3guXw7GoEhTUvCeVkT3jz/y4TzYo0idTj13rjojQxQbS1ss9qNHOz//HNZILBCSDB+eUlUlCVqGVRDBwljWtHNny8qVQuqMEkYBwAKAsSwIfr8PgONxO3YY8vKCt6XgQR0pXW5uoCIS+79YFjAMCEkXGWVami43N6iX3MFN28JlsiFbtsDzkpFCLFFMzJAtW4KdZxb0fEDZ2LFRhYVoOvmjqMJC2dixQd9tQ9DBi3E46h55xH7sGJrUsEs5dWpyVVUIcvlDkcGMKxSxb70l5mWJtgElcUJC7FtvhaZCRIhS42WjR8ds2CCUrrX989ApFsds2CALVWpxqGou4Lg+NzfgQT9I/o+/IS9Pv2hRyMYfhLJLKtXeXr9gQdfRo2iiQ6yIhx9OKi8PZawzCHH7XXdtbX1mpjsY7nikbiQdPjypslKakhLSJTLUD5mcHPv662QIw5cHuEidLvb116XJyaHee0NuQwLV9OlDS0oIflQ+6t8i1OqhJSWq6dND3/wiHKY0ALqcnJj16wGP26X0h2MgScasX6/LyQlLS5XwnNGASBRVUBBdVIQcEMFzLkQXFUUVFISrpnXYDv9AJIp54YWotWsxQTSWFtgWSEStXRvzwgthrJQe6lPhHWKczisFBaZduzDuVcuQ/keVYfny2JISPCQ5ibxbsX7583J57GuvRa9bh/bEgO2A69bFvvZaeKkKP1gYhuEKxeD166MLC5Etz91ajy4sHLx+PR/qxYd5K7wl1uczlpS0btpE8yxbS0CehZj168NorfMUrJtsWcrKrhQU0ByrLQ5AqnS62JISXU4Of/oa8QgsDMMwlrUdPnzl2WfRnY//kg4fHvv662HxggoHLAzDWNZdV9e8cmVXTQ2GsjB6sE/xiLS0+B07pMnJfGsszb8gFgCkKSlJ5eWRK1eioyL8ABi5cmVSebk0JYWH7cr5t2LdbnKVll5/6SVvYyPC6A6JExIGv/iiLjeXb80iBQAWhmEYw7guXLiyejWKl79dyqlTY998U3bvvXyOmuQ3WDfpcjiM27YZi4t9ra0DHClRTExUYWHUqlU86WwobLAwDGNp2nXu3NWioq6amoGZVw1wPCItbeiWLbKxY4EQbleFAdYvS5fLZSktvbF5s6e2FhPOz+Z+mpGkpAxat06Xmxv+bob9EqybzghPc3P7tm2m7dsHgo+eUKsN+fmRq1ZJ4uN5ePTrR2D9z6h3njnTVlJirazsr3gRarU6MzO6oEA+frwQU5uECdbNxcvrdX73XVtxse3gQRrSx1twSCkUqlmzogsL5fffL1xPnoDB+gUvj8dx6lT7G29YjxwR+iUjodOp09Mj16xRTJwYjLqgCKze40VRnoYG086dnRUV3vr6YHS7DOIckKQ4KUmTlWXIy5MkJvaP8KF+AtYt28tnNNqqq03vvOM4cYLxevls7rIYhovFismTDStWqDIyRFFR/SlNvH+BdWvOaNpz6VJHRYWtutp1/jzd0cGvLU+rlY0Zo8rI0GZlSUaMAP0x6r9/gnXLN8E4na6ffrLX1Fj373dfuEBZrWGLmMBxUq2W3nuvevZsZVqabNQoXC4XlgcBgXV3I8zb3Ow8ftx+8qTr7Fl3UxPd1varWsXBGFyRiIiOlg4bJhs3TjlpknzKFHF8/ACJwB4oYN1uhzFOp89kcl+86Pz5Z/fp0+7GRl9jI93ZyVAUxsXqJ0mcJAmNRpSQIE1IkE6YIB85UpqaKjIYcLl8oJXZGXhg/XqvZBmG9Xqp9nbKaPS1tHgaGrxXr1JmM2U202Yz7XAwPh9L0yzD3BwoAADAcUAQuEhEKBSEXk/q9aReLx46VJKYKIqLI6OiyMhIIBYDHO/HOx0Cq6/AURRLURhNswyDseyvriYBwAAAOI4RBCBJQJIDGSAEFlJozypoCJAQWEgILCQEFhISAgsJgYWEwEJCQmAhIbCQEFhISAgsJAQWEgILCQmBhYTAQkJgISEhsJAQWEgDTP8PYtUOifNZCQcAAAAASUVORK5CYII= - href: 'https://controller-ansible-automation-platform.{{ .Values.global.hubClusterDomain }}' - location: ApplicationMenu - text: Ansible Controller diff --git a/charts/hub/ansible-automation-platform/templates/rbac.yaml b/charts/hub/ansible-automation-platform/templates/rbac.yaml deleted file mode 100644 index d363083d..00000000 --- a/charts/hub/ansible-automation-platform/templates/rbac.yaml +++ /dev/null @@ -1,14 +0,0 @@ -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: "openshift-config-default-cluster-admin" - annotations: - argocd.argoproj.io/sync-wave: "-1" -subjects: - - kind: ServiceAccount - name: default - namespace: openshift-config -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "cluster-admin" diff --git a/charts/hub/ansible-automation-platform/values.yaml b/charts/hub/ansible-automation-platform/values.yaml deleted file mode 100644 index f88c755e..00000000 --- a/charts/hub/ansible-automation-platform/values.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -global: - hubClusterDomain: example.com diff --git a/charts/hub/cnv/Chart.yaml b/charts/hub/cnv/Chart.yaml deleted file mode 100644 index 2998ac1f..00000000 --- a/charts/hub/cnv/Chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v2 -name: cnv -description: OpenShift Virtualization -type: application -version: 0.1.0 diff --git a/charts/hub/cnv/templates/_helpers.tpl b/charts/hub/cnv/templates/_helpers.tpl deleted file mode 100644 index e69de29b..00000000 diff --git a/charts/hub/cnv/templates/hyperconverged.yaml b/charts/hub/cnv/templates/hyperconverged.yaml deleted file mode 100644 index bc0272c1..00000000 --- a/charts/hub/cnv/templates/hyperconverged.yaml +++ /dev/null @@ -1,42 +0,0 @@ -# Please edit the object below. Lines beginning with a '#' will be ignored, -# and an empty file will abort the edit. If an error occurs while saving this file will be -# reopened with the relevant failures. -# -apiVersion: hco.kubevirt.io/v1beta1 -kind: HyperConverged -metadata: - annotations: - deployOVS: "false" - finalizers: - - kubevirt.io/hyperconverged - labels: - app: kubevirt-hyperconverged - name: kubevirt-hyperconverged - namespace: openshift-cnv -spec: - certConfig: - ca: - duration: 48h0m0s - renewBefore: 24h0m0s - server: - duration: 24h0m0s - renewBefore: 12h0m0s - featureGates: - enableCommonBootImageImport: true -{{- if .Values.sriovLiveMigration }} - sriovLiveMigration: true -{{- end }} - withHostPassthroughCPU: false - infra: {} - liveMigrationConfig: - completionTimeoutPerGiB: 800 - parallelMigrationsPerCluster: 5 - parallelOutboundMigrationsPerNode: 2 - progressTimeout: 150 - uninstallStrategy: BlockUninstallIfWorkloadsExist - workloadUpdateStrategy: - batchEvictionInterval: 1m0s - batchEvictionSize: 10 - workloadUpdateMethods: - - LiveMigrate - workloads: {} diff --git a/charts/hub/cnv/values.yaml b/charts/hub/cnv/values.yaml deleted file mode 100644 index 1628be5d..00000000 --- a/charts/hub/cnv/values.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -cnv: - debug: - useEmulation: false - -namespaceOverride: openshift-cnv -sriovLiveMigration: false diff --git a/charts/hub/edge-gitops-vms/Chart.yaml b/charts/hub/edge-gitops-vms/Chart.yaml deleted file mode 100644 index 96f2bf32..00000000 --- a/charts/hub/edge-gitops-vms/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v2 -name: edge-gitops-vms -description: Edge GitOps VMs -type: application -version: 0.1.0 -dependencies: [ ] diff --git a/charts/hub/edge-gitops-vms/templates/job-waitForMetalNode.yaml b/charts/hub/edge-gitops-vms/templates/job-waitForMetalNode.yaml deleted file mode 100644 index c60c90fb..00000000 --- a/charts/hub/edge-gitops-vms/templates/job-waitForMetalNode.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{ if .Values.waitForMetalNode }} -apiVersion: batch/v1 -kind: Job -metadata: - annotations: - argocd.argoproj.io/sync-wave: "1" - name: job-wait-for-metal-node - namespace: {{ .Values.vmNamespace }} -spec: - template: - spec: - containers: - - image: {{ .Values.job.image }} - command: - - /bin/bash - - -c - - | - while [ 1 ]; - do - nodes=$(oc get machineset -n openshift-machine-api -l 'edge-gitops-role=kubevirt-worker' -o jsonpath='{.items[*].status.availableReplicas}') - if [ "0$nodes" -ge "1" ]; then - echo "Node is ready, exiting" - exit 0 - fi - echo "Node is not yet ready, waiting" - sleep 15 - done - name: wait-for-metal-node - dnsPolicy: ClusterFirst - restartPolicy: Never - serviceAccount: {{ .Values.serviceAccountName }} - serviceAccountName: {{ .Values.serviceAccountName }} - terminationGracePeriodSeconds: {{ .Values.jobTerminationGracePeriod }} -{{ end }} diff --git a/charts/hub/edge-gitops-vms/templates/rbac/role.yaml b/charts/hub/edge-gitops-vms/templates/rbac/role.yaml deleted file mode 100644 index 54df29ac..00000000 --- a/charts/hub/edge-gitops-vms/templates/rbac/role.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{ if .Values.waitForMetalNode }} -{{- range $key, $value := .Values.rbac.roles }} -{{- if $value.createRole }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -{{- if $value.scope.cluster }} -kind: ClusterRole -metadata: - name: {{ .name }} -{{- else }} -kind: Role -metadata: - name: {{ $value.name }} - namespace: {{ $value.scope.namespace}} -{{- end }} - annotations: - argocd.argoproj.io/sync-wave: "1" -rules: - - apiGroups: -{{- range $value.apiGroups }} - - {{ . }} -{{- end }} - resources: -{{- range $value.resources }} - - {{ . }} -{{- end }} -{{- if (($value.resourceNames)) }} - resourceNames: -{{- range $value.resourceNames }} - - {{ . }} -{{- end }} -{{- end }} - verbs: -{{- range $value.verbs }} - - {{ . }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/hub/edge-gitops-vms/templates/rbac/rolebinding.yaml b/charts/hub/edge-gitops-vms/templates/rbac/rolebinding.yaml deleted file mode 100644 index 825d08d8..00000000 --- a/charts/hub/edge-gitops-vms/templates/rbac/rolebinding.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{ if .Values.waitForMetalNode }} -{{- range $key, $value := .Values.rbac.roleBindings }} -{{- if $value.createBinding }} -apiVersion: rbac.authorization.k8s.io/v1 -{{- if $value.scope.cluster }} -kind: ClusterRoleBinding -{{- else }} -kind: RoleBinding -{{- end }} -metadata: - name: {{ .name }} -{{- if eq $value.scope.cluster false }} - namespace: {{ $value.scope.namespace }} -{{- end }} - annotations: - argocd.argoproj.io/sync-wave: "1" -subjects: -- kind: {{ $value.subjects.kind | default "ServiceAccount" }} - name: {{ $value.subjects.name }} - namespace: {{ $value.subjects.namespace | default $.Values.global.pattern }} - apiGroup: "" -roleRef: - kind: {{ $value.roleRef.kind }} - name: {{ $value.roleRef.name }} - apiGroup: rbac.authorization.k8s.io ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/hub/edge-gitops-vms/templates/rbac/serviceAccount.yaml b/charts/hub/edge-gitops-vms/templates/rbac/serviceAccount.yaml deleted file mode 100644 index 2b464a62..00000000 --- a/charts/hub/edge-gitops-vms/templates/rbac/serviceAccount.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{ if .Values.waitForMetalNode }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccountName }} - namespace: {{ .Values.vms.namespace }} - annotations: - argocd.argoproj.io/sync-wave: "1" -{{ end }} diff --git a/charts/hub/edge-gitops-vms/templates/virtual-machines.yaml b/charts/hub/edge-gitops-vms/templates/virtual-machines.yaml deleted file mode 100644 index 2d4b4828..00000000 --- a/charts/hub/edge-gitops-vms/templates/virtual-machines.yaml +++ /dev/null @@ -1,176 +0,0 @@ -{{- $def := .Values.vmDefaults }} -{{- range $vm, $vmr := .Values.vms }} ---- -apiVersion: "external-secrets.io/v1beta1" -kind: ExternalSecret -metadata: - name: es-cloudinit-{{ $vmr.role }} - annotations: - argocd.argoproj.io/sync-wave: "2" -spec: - refreshInterval: 90s - secretStoreRef: - name: {{ $.Values.secretStore.name }} - kind: {{ $.Values.secretStore.kind }} - target: - name: cloudinit-{{ $vmr.role }} - template: - dataFrom: - - extract: - key: {{ coalesce $vmr.cloudinitsecret $def.cloudinitsecret }} -{{- $ctr := int (coalesce $vmr.count $def.count) }} -{{- range $i := until $ctr }} -{{- $idx := printf "%03d" (add $i 1) }} -{{- $identifier := printf "%s-%s-%s" (coalesce $vmr.os $def.os) $vmr.role $idx }} ---- -apiVersion: "external-secrets.io/v1beta1" -kind: ExternalSecret -metadata: - name: es-authorizedsshkeys-{{ $identifier }} - annotations: - argocd.argoproj.io/sync-wave: "2" -spec: - refreshInterval: 90s - secretStoreRef: - name: {{ $.Values.secretStore.name }} - kind: {{ $.Values.secretStore.kind }} - target: - name: authorizedsshkeys-{{ $identifier }} - template: - data: - - secretKey: key - remoteRef: - key: {{ coalesce $vmr.sshsecret $def.sshsecret }} - property: {{ coalesce $vmr.sshpubkeyfield $def.sshpubkeyfield }} ---- -apiVersion: v1 -items: -- apiVersion: kubevirt.io/v1 - kind: VirtualMachine - metadata: - annotations: - vm.kubevirt.io/validations: | - [ - { - "name": "minimal-required-memory", - "path": "jsonpath::.spec.domain.resources.requests.memory", - "rule": "integer", - "message": "This VM requires more memory.", - "min": 1610612736 - } - ] - argocd.argoproj.io/sync-wave: "2" - argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true - {{- range $ann_k, $ann_v := (coalesce $vmr.extraAnnotations $def.extraAnnotations nil) }} - {{ $ann_k }}: {{ $ann_v }} - {{- end }} - labels: - app: {{ $identifier }} - edge-gitops-role: {{ $vmr.role }} - vm.kubevirt.io/template: {{ coalesce $vmr.template $def.template }} - vm.kubevirt.io/template.revision: "1" - vm.kubevirt.io/template.version: v0.19.4 - {{- range $lbl_k, $lbl_v := (coalesce $vmr.extraLabels $def.extraLabels nil) }} - {{ $lbl_k }}: {{ $lbl_v }} - {{- end }} - name: {{ $identifier }} - spec: - dataVolumeTemplates: - - apiVersion: cdi.kubevirt.io/v1beta1 - kind: DataVolume - metadata: - name: {{ $identifier }} - spec: - sourceRef: - kind: DataSource - name: {{ coalesce $vmr.dataSource $def.dataSource $vmr.os $def.os }} - namespace: openshift-virtualization-os-images - pvc: - accessModes: - - {{ coalesce $vmr.accessMode $def.accessMode }} - resources: - requests: - storage: {{ coalesce $vmr.storage $def.storage }} - storageClassName: {{ coalesce $vmr.storageClassName $def.storageClassName }} - volumeMode: {{ coalesce $vmr.volumeMode $def.volumeMode }} - running: true - template: - metadata: - annotations: - vm.kubevirt.io/flavor: {{ coalesce $vmr.flavor $def.flavor }} - vm.kubevirt.io/os: {{ coalesce $vmr.os $def.os }} - vm.kubevirt.io/workload: {{ coalesce $vmr.workload $def.workload }} - labels: - kubevirt.io/domain: {{ $identifier }} - kubevirt.io/size: {{ coalesce $vmr.flavor $def.flavor }} - vm.kubevirt.io/name: {{ $identifier }} - spec: - accessCredentials: - - sshPublicKey: - propagationMethod: - configDrive: {} - source: - secret: - secretName: authorizedsshkeys-{{ $identifier }} - domain: - cpu: - cores: {{ coalesce $vmr.cores $def.cores }} - sockets: {{ coalesce $vmr.sockets $def.sockets }} - threads: {{ coalesce $vmr.threads $def.threads }} - devices: - disks: - - disk: - bus: virtio - name: {{ $identifier }} - - disk: - bus: virtio - name: cloudinitdisk - inputs: - - bus: virtio - name: tablet - type: tablet - interfaces: - - masquerade: {} - name: default - networkInterfaceMultiqueue: true - rng: {} - machine: - type: {{ coalesce $vmr.machineType $def.machineType }} - resources: - requests: - memory: {{ coalesce $vmr.memory $def.memory }} - evictionStrategy: LiveMigrate - networks: - - name: default - pod: {} - terminationGracePeriodSeconds: 180 - volumes: - - dataVolume: - name: {{ $identifier }} - name: {{ $identifier }} - - name: cloudinitdisk - cloudInitConfigDrive: - secretRef: - name: cloudinit-{{ $vmr.role }} -- apiVersion: v1 - kind: Service - metadata: - name: {{ $identifier }} - annotations: - argocd.argoproj.io/sync-wave: "2" - labels: - app: {{ $identifier }} - edge-gitops-role: {{ $vmr.role }} - spec: - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: {{ (coalesce $vmr.ports $def.ports) | toPrettyJson }} - selector: - vm.kubevirt.io/name: {{ $identifier }} - sessionAffinity: None - type: NodePort -kind: List -metadata: {} -{{- end }} -{{- end }} diff --git a/charts/hub/edge-gitops-vms/values.yaml b/charts/hub/edge-gitops-vms/values.yaml deleted file mode 100644 index d8f7fb68..00000000 --- a/charts/hub/edge-gitops-vms/values.yaml +++ /dev/null @@ -1,76 +0,0 @@ ---- -global: - pattern: ansible-edge-gitops - -secretStore: - name: vault-backend - kind: ClusterSecretStore - -vmNamespace: edge-gitops-vms - -waitForMetalNode: true -jobTerminationGracePeriod: 3600 - -vmDefaults: - cloudInitSecret: secret/data/hub/cloud-init - accessMode: "ReadWriteMany" - storageClassName: "ocs-storagecluster-ceph-rbd-virtualization" - volumeMode: "Block" - count: 1 - flavor: medium - workload: desktop - os: rhel8 - storage: 30Gi - memory: 4Gi - machineType: pc-q35-rhel8.4.0 - cores: 1 - sockets: 1 - threads: 1 - template: rhel8-desktop-medium - sshsecret: secret/data/hub/vm-ssh - cloudinitsecret: secret/data/hub/cloud-init - sshpubkeyfield: publickey - # extraLabels is available for default extra labels to add to the virtualmachine - # extraAnnotations is available for default extra labels to add to the virtualmachine - ports: - - name: ssh - port: 22 - protocol: TCP - targetPort: 22 - -# Define the VMs you want to create with any specific attributes from vmDefaults -# in an overrides file. -vms: {} - -serviceAccountName: ansible-edge-gitops-sa -rbac: - roles: - - name: view-machine-api - createRole: true - apiGroups: - - machine.openshift.io - scope: - cluster: true - resources: - - machinesets - verbs: - - "get" - - "list" - - "watch" - roleBindings: - - name: view-machine-api - createBinding: true - scope: - cluster: false - namespace: "openshift-machine-api" - subjects: - kind: ServiceAccount - name: ansible-edge-gitops-sa - namespace: edge-gitops-vms - apiGroup: "" - roleRef: - kind: ClusterRole - name: view-machine-api - -job: - image: image-registry.openshift-image-registry.svc:5000/openshift/cli:latest diff --git a/charts/hub/portworx/Chart.yaml b/charts/hub/portworx/Chart.yaml deleted file mode 100644 index 6ff495a6..00000000 --- a/charts/hub/portworx/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v2 -description: A Helm chart to configure Portworx Enterprise for OpenShift using Red Hat MultiCloud GitOps -keywords: -- pattern -name: portworx -version: 0.0.1 diff --git a/charts/hub/portworx/templates/_helpers.tpl b/charts/hub/portworx/templates/_helpers.tpl deleted file mode 100644 index d1d504d5..00000000 --- a/charts/hub/portworx/templates/_helpers.tpl +++ /dev/null @@ -1,78 +0,0 @@ -{{- define "px.getProductID" -}} -{{- $product := .Values.awsProduct | default "PX-ENTERPRISE" }} - {{- if eq $product "PX-ENTERPRISE-DR" }} - {{- cat "6a97e814-fbe5-4ae3-a3e2-14ca735b5e6b" }} - {{- else }} - {{- cat "3a3fcb1c-7ee5-4f3b-afe3-d293c3f9beb4" }} - {{- end }} -{{- end -}} - -{{- define "px.getImage" -}} -{{- $product := .Values.awsProduct | default "PX-ENTERPRISE" }} -{{- if (.Values.customRegistryURL) -}} - {{- if (eq "/" (.Values.customRegistryURL | regexFind "/")) -}} - {{- cat (trim .Values.customRegistryURL) "/px-enterprise:" (trim .Values.versions.enterprise) | replace " " ""}} - {{- else -}} - {{- cat (trim .Values.customRegistryURL) "/px-enterprise:" (trim .Values.versions.enterprise)| replace " " ""}} - {{- end -}} -{{- else -}} - {{- cat "portworx/px-enterprise:" (trim .Values.versions.enterprise) | replace " " ""}} -{{- end -}} -{{- end -}} - -{{- define "px.getOCIImage" -}} -{{- $product := .Values.awsProduct | default "PX-ENTERPRISE" }} -{{- if (.Values.customRegistryURL) -}} - {{- if (eq "/" (.Values.customRegistryURL | regexFind "/")) -}} - {{- cat (trim .Values.customRegistryURL) "/oci-monitor:" (trim .Values.versions.ociMon) | replace " " ""}} - {{- else -}} - {{- cat (trim .Values.customRegistryURL) "/oci-monitor:" (trim .Values.versions.ociMon) | replace " " ""}} - {{- end -}} -{{- else -}} - {{- cat "portworx/oci-monitor:" (trim .Values.versions.ociMon) | replace " " ""}} -{{- end -}} -{{- end -}} - -{{- define "px.getStorkImage" -}} -{{- $product := .Values.awsProduct | default "PX-ENTERPRISE" }} -{{- if (.Values.customRegistryURL) -}} - {{- if (eq "/" (.Values.customRegistryURL | regexFind "/")) -}} - {{- cat (trim .Values.customRegistryURL) "/stork:" (trim .Values.versions.stork)| replace " " ""}} - {{- else -}} - {{- cat (trim .Values.customRegistryURL) "/stork:" (trim .Values.versions.stork) | replace " " ""}} - {{- end -}} -{{- else -}} - {{- cat "openstorage/stork:" (trim .Values.versions.stork) | replace " " ""}} -{{- end -}} -{{- end -}} - -{{- define "px.getAutopilotImage" -}} -{{- $product := .Values.awsProduct | default "PX-ENTERPRISE" }} -{{- if (.Values.customRegistryURL) -}} - {{- if (eq "/" (.Values.customRegistryURL | regexFind "/")) -}} - {{- cat (trim .Values.customRegistryURL) "/autopilot:" (trim .Values.versions.autoPilot) | replace " " ""}} - {{- else -}} - {{- cat (trim .Values.customRegistryURL) "/autopilot:" (trim .Values.versions.autoPilot) | replace " " ""}} - {{- end -}} -{{- else -}} - {{- cat "portworx/autopilot:" (trim .Values.versions.autoPilot) | replace " " ""}} -{{- end -}} -{{- end -}} - -{{- define "px.getOperatorImage" -}} -{{- $product := .Values.awsProduct | default "PX-ENTERPRISE" }} -{{- if (.Values.customRegistryURL) -}} - {{- if (eq "/" (.Values.customRegistryURL | regexFind "/")) -}} - {{- cat (trim .Values.customRegistryURL) "/px-operator:" (trim .Values.versions.operator) | replace " " ""}} - {{- else -}} - {{- cat (trim .Values.customRegistryURL) "/px-operator:" (trim .Values.versions.operator) | replace " " ""}} - {{- end -}} -{{- else -}} - {{- cat "portworx/px-operator:" (trim .Values.versions.operator) | replace " " ""}} -{{- end -}} -{{- end -}} - -{{- define "px.clusterName" -}} -{{- $fullClusterName := print "px-cluster-" .Values.global.clusterDomain }} -{{- (split "." $fullClusterName)._0 }} -{{- end -}} diff --git a/charts/hub/portworx/templates/aws-prereqs/px-aws-prereqs-cm.yaml b/charts/hub/portworx/templates/aws-prereqs/px-aws-prereqs-cm.yaml deleted file mode 100644 index 4f6c6c47..00000000 --- a/charts/hub/portworx/templates/aws-prereqs/px-aws-prereqs-cm.yaml +++ /dev/null @@ -1,207 +0,0 @@ -{{- if eq $.Values.global.clusterPlatform "AWS" }} -apiVersion: v1 -kind: ConfigMap -metadata: - annotations: - argocd.argoproj.io/sync-wave: "1" - name: px-aws-prereqs-configmap - namespace: {{ .Values.namespace }} -data: - px_aws_pre-reqs.sh: | - #!/bin/bash - - export AWS_CONFIG_FILE=/pattern-home/credentials/.aws/config - export AWS_SHARED_CREDENTIALS_FILE=/pattern-home/credentials/.aws/credentials - - mkdir /pattern-home/credentials/.aws - - # Ensure we can access the secret for AWS credentials - oc get secret {{ .Values.secrets.AWSsecretName }} -n {{ .Values.secrets.AWSsecretNamespace }} -o json - if [ $? != 0 ]; - then - echo "Cannot access {{ .Values.secrets.AWSsecretName }} secret in {{ .Values.secrets.AWSSsecretNamespace }} namespace, please check rbac for portworx-prereq-sa serviceAccount." - else - echo "Found AWS credential secret, building credentials file." - AWS_ACCESS_KEY=$(curl -sSk -H "Authorization: Bearer $(cat /run/secrets/kubernetes.io/serviceaccount/token)" https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_PORT_443_TCP_PORT/api/v1/namespaces/{{ .Values.secrets.AWSsecretNamespace }}/secrets/{{ .Values.secrets.AWSsecretName }} | jq -r '.data.aws_access_key_id' | base64 -d) - AWS_SECRET_KEY=$(curl -sSk -H "Authorization: Bearer $(cat /run/secrets/kubernetes.io/serviceaccount/token)" https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_PORT_443_TCP_PORT/api/v1/namespaces/{{ .Values.secrets.AWSsecretNamespace }}/secrets/{{ .Values.secrets.AWSsecretName }} | jq -r '.data.aws_secret_access_key' | base64 -d) - NODE_REG=$(oc get node -l 'node-role.kubernetes.io/worker=' -o=jsonpath='{.items[0].metadata.name}') - AWS_REGION=$(oc get node $NODE_REG -o jsonpath='{.metadata.labels.topology\.kubernetes\.io/region}') - cat << EOF >> /pattern-home/credentials/.aws/credentials - [default] - aws_access_key_id = $AWS_ACCESS_KEY - aws_secret_access_key = $AWS_SECRET_KEY - EOF - - cat << EOF >> /pattern-home/credentials/.aws/config - [default] - region = $AWS_REGION - output = json - EOF - - fi - - - # Ensure we have AWS credentials to use - echo "Checking for AWS credentials." - aws sts get-caller-identity - - if [ $? != 0 ]; - then - echo "AWS credentials not found, exiting." - exit 1 - else - echo "Found AWS credentials." - fi - - # Ensure oc is functional and we can get node info from OCP cluster via serviceAccount - oc get node - if [ $? != 0 ]; - then - echo "Cannot list nodes, please check rbac for portworx-prereq-sa serviceAccount." - exit 1 - else - echo "Configuring for Portworx/Red Hat Multicloud GitOps Pattern." - fi - - # Ensure there are a minimum of three worker nodes in the cluster - NUM_WORKERS=$(oc get node -l 'node-role.kubernetes.io/worker=' -o name | wc -l) - if [ $NUM_WORKERS -lt 3 ]; - then - echo "Only $NUM_WORKERS worker nodes detected - minimum required is three." - exit 1 - else - echo "Found $NUM_WORKERS worker nodes - configuring..." - fi - - # Get the list of worker nodes in the cluster - WORKERS=$(oc get node -l 'node-role.kubernetes.io/worker=' -o name) - - # Modify the SG created by OpenShift Installer to allow ports necessary for Portworx - for NODE in $WORKERS; do - unset AWS_INSTANCE - unset AWS_REGION - unset AWS_SG - AWS_INSTANCE=$(oc get $NODE -o jsonpath='{.spec.providerID}' | sed 's|.*/||') - AWS_REGION=$(oc get $NODE -o jsonpath='{.metadata.labels.topology\.kubernetes\.io/region}') - AWS_SG=$(aws ec2 describe-instances --instance-id $AWS_INSTANCE --region=$AWS_REGION --query "Reservations[].Instances[].SecurityGroups[].GroupId[]" --output text) - for GROUP in $AWS_SG; do - OCP_SG=$(aws ec2 describe-security-groups --group-ids $GROUP --query SecurityGroups[*].Description | grep -w "Created By OpenShift Installer" | wc -l) - if [ $OCP_SG -eq 1 ]; - then - echo "Found OpenShift created security group assigned to $AWS_INSTANCE, opening Portworx ports." - - # Check to see if security group already allows TCP 17001-17022 - RULE_EXISTS_SG=$(aws ec2 describe-security-groups --region $AWS_REGION --filters Name=ip-permission.from-port,Values=17001 Name=ip-permission.to-port,Values=17022 Name=ip-permission.group-id,Values=$AWS_SG --output text) - if [ -z "$RULE_EXISTS_SG" ] - then - unset RULE_EXISTS_SG - echo "Adding rule for TCP 17001-17022" - aws ec2 authorize-security-group-ingress --group-id $GROUP --protocol tcp --port 17001-17022 --region $AWS_REGION --source-group $GROUP - else - unset RULE_EXISTS_SG - echo "Ports TCP 17001-17022 already allowed in security group $AWS_SG for $AWS_INSTANCE." - fi - - # Check to see if security group already allows TCP 20048 - RULE_EXISTS_SG=$(aws ec2 describe-security-groups --region $AWS_REGION --filters Name=ip-permission.from-port,Values=20048 Name=ip-permission.to-port,Values=20048 Name=ip-permission.group-id,Values=$AWS_SG --output text) - if [ -z "$RULE_EXISTS_SG" ] - then - unset RULE_EXISTS_SG - echo "Adding rule for TCP 20048" - aws ec2 authorize-security-group-ingress --group-id $GROUP --protocol tcp --port 20048 --region $AWS_REGION --source-group $GROUP - else - unset RULE_EXISTS_SG - echo "Port TCP 20048 already allowed in security group $AWS_SG for $AWS_INSTANCE." - fi - - # Check to see if security group already allows TCP 111 - RULE_EXISTS_SG=$(aws ec2 describe-security-groups --region $AWS_REGION --filters Name=ip-permission.from-port,Values=111 Name=ip-permission.to-port,Values=111 Name=ip-permission.group-id,Values=$AWS_SG --output text) - if [ -z "$RULE_EXISTS_SG" ] - then - unset RULE_EXISTS_SG - echo "Adding rule for TCP 111" - aws ec2 authorize-security-group-ingress --group-id $GROUP --protocol tcp --port 111 --region $AWS_REGION --source-group $GROUP - else - unset RULE_EXISTS_SG - echo "Port TCP 111 already allowed in security group $AWS_SG for $AWS_INSTANCE." - fi - - # Check to see if security group already allows UDP 17002 - RULE_EXISTS_SG=$(aws ec2 describe-security-groups --region $AWS_REGION --filters Name=ip-permission.from-port,Values=17002 Name=ip-permission.to-port,Values=111 Name=ip-permission.group-id,Values=$AWS_SG --output text) - if [ -z "$RULE_EXISTS_SG" ] - then - unset RULE_EXISTS_SG - echo "Adding rule for UDP 17002" - aws ec2 authorize-security-group-ingress --group-id $GROUP --protocol udp --port 17002 --region $AWS_REGION --source-group $GROUP - else - unset RULE_EXISTS_SG - echo "Port UDP 17002 already allowed in security group $AWS_SG for $AWS_INSTANCE." - fi - - # Check to see if security group already allows TCP 2049 - RULE_EXISTS_SG=$(aws ec2 describe-security-groups --region $AWS_REGION --filters Name=ip-permission.from-port,Values=2049 Name=ip-permission.to-port,Values=2049 Name=ip-permission.group-id,Values=$AWS_SG --output text) - if [ -z "$RULE_EXISTS_SG" ] - then - unset RULE_EXISTS_SG - echo "Adding rule for TCP 2049" - aws ec2 authorize-security-group-ingress --group-id $GROUP --protocol tcp --port 2049 --region $AWS_REGION --source-group $GROUP - else - unset RULE_EXISTS_SG - echo "Port UDP 2049 already allowed in security group $AWS_SG for $AWS_INSTANCE." - fi - - else - echo "Could not find security group created by OpenShift installer, exiting." - exit 1 - fi - echo "" - done - - # Get the IAM instance profile for the next step - AWS_IAM_IP=$(aws ec2 describe-instances --instance-id $AWS_INSTANCE --region $AWS_REGION --query "Reservations[].Instances[].IamInstanceProfile[].Arn" --output text | sed 's|.*/||') - done - - # Create the JSON for the necessary IAM permissions for Cloud Drives - cat << EOF >> /pattern-home/credentials/px-clouddrives.json - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "", - "Effect": "Allow", - "Action": [ - "ec2:AttachVolume", - "ec2:ModifyVolume", - "ec2:DetachVolume", - "ec2:CreateTags", - "ec2:CreateVolume", - "ec2:DeleteTags", - "ec2:DeleteVolume", - "ec2:DescribeTags", - "ec2:DescribeVolumeAttribute", - "ec2:DescribeVolumesModifications", - "ec2:DescribeVolumeStatus", - "ec2:DescribeVolumes", - "ec2:DescribeInstances", - "autoscaling:DescribeAutoScalingGroups" - ], - "Resource": [ - "*" - ] - } - ] - } - EOF - - # Get the IAM role being used - AWS_IAM_ROLE=$(aws iam get-instance-profile --instance-profile-name $AWS_IAM_IP --region $AWS_REGION --query "InstanceProfile.Roles[].RoleName" --output text) - - echo "Creating inline policy within IAM role $AWS_IAM_ROLE for Portworx CloudDrive permissions." - - # Attach the cloud drive permission policy to the IAM role - aws iam put-role-policy --region $AWS_REGION --role-name $AWS_IAM_ROLE --policy-name Portworx-CloudDrive --policy-document file:///pattern-home/credentials/px-clouddrives.json - rm /pattern-home/credentials/px-clouddrives.json - - echo "Portworx pre-reqs for AWS complete." ---- -{{- end }} diff --git a/charts/hub/portworx/templates/aws-prereqs/px-aws-prereqs-job.yaml b/charts/hub/portworx/templates/aws-prereqs/px-aws-prereqs-job.yaml deleted file mode 100644 index 40de0ae2..00000000 --- a/charts/hub/portworx/templates/aws-prereqs/px-aws-prereqs-job.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if eq $.Values.global.clusterPlatform "AWS" }} -apiVersion: batch/v1 -kind: Job -metadata: - annotations: - argocd.argoproj.io/sync-wave: "2" - name: px-aws-prereqs - namespace: {{ .Values.namespace }} -spec: - parallelism: 1 - completions: 1 - activeDeadlineSeconds: 120 - backoffLimit: 1 - template: - spec: - serviceAccountName: portworx-prereq-sa - containers: - - name: px-aws-prereqs-utility - image: quay.io/hybridcloudpatterns/utility-container - command: ['sh', '-c', 'sh /pattern-home/scripts/px_aws_pre-reqs.sh'] - volumeMounts: - - name: pattern-home-prereqs - mountPath: "/pattern-home/scripts" - - name: credentials - mountPath: "/pattern-home/credentials" - volumes: - - name: pattern-home-prereqs - configMap: - name: px-aws-prereqs-configmap - defaultMode: 0755 - - name: credentials - emptyDir: - sizeLimit: 1Mi - restartPolicy: Never ---- -{{- end }} diff --git a/charts/hub/portworx/templates/aws-prereqs/rbac/role.yaml b/charts/hub/portworx/templates/aws-prereqs/rbac/role.yaml deleted file mode 100644 index 396f6f41..00000000 --- a/charts/hub/portworx/templates/aws-prereqs/rbac/role.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if eq $.Values.global.clusterPlatform "AWS" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: portworx-prereq-clusterrole - annotations: - argocd.argoproj.io/hook: PreSync - argocd.argoproj.io/sync-wave: "-15" -rules: - - apiGroups: [''] - resources: ['secrets','nodes','services'] - verbs: ['get', 'list'] ---- -{{- end }} diff --git a/charts/hub/portworx/templates/aws-prereqs/rbac/rolebinding.yaml b/charts/hub/portworx/templates/aws-prereqs/rbac/rolebinding.yaml deleted file mode 100644 index 2c7dbade..00000000 --- a/charts/hub/portworx/templates/aws-prereqs/rbac/rolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if eq $.Values.global.clusterPlatform "AWS" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: portworx-prereq-clusterrolebinding - annotations: - argocd.argoproj.io/hook: PreSync - argocd.argoproj.io/sync-wave: "-15" -subjects: -- kind: ServiceAccount - name: portworx-prereq-sa - namespace: {{ .Values.namespace }} - apiGroup: "" -roleRef: - kind: ClusterRole - name: portworx-prereq-clusterrole - apiGroup: rbac.authorization.k8s.io ---- -{{- end }} diff --git a/charts/hub/portworx/templates/aws-prereqs/rbac/serviceAccount.yaml b/charts/hub/portworx/templates/aws-prereqs/rbac/serviceAccount.yaml deleted file mode 100644 index 797da068..00000000 --- a/charts/hub/portworx/templates/aws-prereqs/rbac/serviceAccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if eq $.Values.global.clusterPlatform "AWS" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: portworx-prereq-sa - namespace: {{ .Values.namespace }} - annotations: - argocd.argoproj.io/sync-hook: "PreSync" - argocd.argoproj.io/sync-wave: "-10" ---- -{{- end }} diff --git a/charts/hub/portworx/templates/portworx-storagecluster.yaml b/charts/hub/portworx/templates/portworx-storagecluster.yaml deleted file mode 100644 index 0c2d4ced..00000000 --- a/charts/hub/portworx/templates/portworx-storagecluster.yaml +++ /dev/null @@ -1,118 +0,0 @@ -{{- $usefileSystemDrive := .Values.storage.usefileSystemDrive | default false }} -{{- $drives := .Values.storage.drives | default "none" }} -{{- $usedrivesAndPartitions := .Values.storage.usedrivesAndPartitions | default false }} -{{- $maxStorageNodesPerZone := int64 .Values.storage.maxStorageNodesPerZone | int64 }} -{{- $dataInterface := .Values.dataInterface | default "none" }} -{{- $managementInterface := .Values.managementInterface | default "none" }} -{{- $registrySecret := .Values.registrySecret | default "none" }} -{{- $namespace := .Values.namespace | default "portworx" }} -{{- $serviceAccount := .Values.serviceAccount | default "none" }} -{{- $customRegistryURL := .Values.customRegistryURL | default "none" }} -{{- $deleteStrategy := .Values.deleteStrategy | default "none" }} -{{- $internalKVDB := .Values.internalKVDB | default true }} -{{- $kvdbDrives := .Values.storage.kvdbDrives | default "none" }} - -apiVersion: core.libopenstorage.org/v1 -kind: StorageCluster -metadata: - name: {{ template "px.clusterName" . }} - namespace: {{ $namespace }} - annotations: - argocd.argoproj.io/sync-wave: "3" - {{- if eq $.Values.global.clusterPlatform "AWS" }} - portworx.io/is-eks: "true" - {{- end }} - {{- if eq $.Values.global.clusterPlatform "Azure" }} - portworx.io/is-aks: "true" - {{- end }} - portworx.io/is-openshift: "true" - portworx.com/install-source: helm-rhmcgo - portworx.com/helm-vars: chart="{{.Chart.Name}}-{{.Chart.Version}}"{{range $k, $v := .Values }}{{if and ($v) (ne "clusterGroup" $k) }},{{ $k }}="{{ $v }}" {{end}}{{end}} -spec: - {{- if not (eq $deleteStrategy "none") }} - deleteStrategy: - type: {{ $deleteStrategy }} - {{- end }} - env: - {{- if eq $.Values.global.clusterPlatform "Azure" }} - - name: AZURE_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: px-azure - key: AZURE_CLIENT_SECRET - - name: AZURE_CLIENT_ID - valueFrom: - secretKeyRef: - name: px-azure - key: AZURE_CLIENT_ID - - name: AZURE_TENANT_ID - valueFrom: - secretKeyRef: - name: px-azure - key: AZURE_TENANT_ID - {{- end }} - {{- if not (eq $serviceAccount "none") }} - - name: PX_SERVICE_ACCOUNT - value: {{ $serviceAccount }} - {{- end }} - # TODO: Change this hardcoded image path to an ECR registry path with px-enterprise image (PWX-27961) - - name: PX_IMAGE - value: docker.io/portworx/px-enterprise:2.13.0 - - name: PX_NAMESPACE - value: {{ $namespace }} - image: "{{template "px.getOCIImage" . }}" - imagePullPolicy: Always - {{- if not (eq $registrySecret "none") }} - imagePullSecret: {{ $registrySecret }} - {{- end }} - {{- if not (eq $customRegistryURL "none") }} - customImageRegistry: {{ $customRegistryURL }} - {{- end }} - kvdb: - internal: true - {{- if eq $drives "none" }} - storage: - useAllWithPartitions: {{ $usedrivesAndPartitions }} - forceUseDisks: {{ $usefileSystemDrive }} - journalDevice: auto - {{- if $internalKVDB }} - kvdbDevice: {{ $kvdbDrives }} - {{- end }} - {{- else }} - cloudStorage: - deviceSpecs: - {{- $driveNames := $drives | split ";" }} - {{- range $index, $name := $driveNames }} - - {{ $name }} - {{- end }} - journalDeviceSpec: auto - {{- if $internalKVDB}} - kvdbDeviceSpec: {{ $kvdbDrives }} - {{- end }} - {{- if ne $maxStorageNodesPerZone 0 }} - maxStorageNodesPerZone: {{ $maxStorageNodesPerZone }} - {{- end }} - {{- end }} - {{- if ne .Values.secretType "k8s" }} - secretsProvider: {{ .Values.secretType }} - {{- end }} - {{- if or (ne $dataInterface "none") (ne $managementInterface "none") }} - network: - {{- if ne $dataInterface "none" }} - dataInterface: {{ .Values.network.dataInterface }} - {{- end }} - {{- if ne $managementInterface "none" }} - mgmtInterface: {{ .Values.network.managementInterface }} - {{- end }} - {{- end }} - secretsProvider: k8s - stork: - enabled: true - args: - webhook-controller: "true" - image: "{{ template "px.getStorkImage" . }}" - autopilot: - enabled: true - image: "{{ template "px.getAutopilotImage" . }}" - csi: - enabled: {{ .Values.csi | default "true" }} diff --git a/charts/hub/portworx/templates/storageclass/portworx-rwx.yaml b/charts/hub/portworx/templates/storageclass/portworx-rwx.yaml deleted file mode 100644 index aa7b5058..00000000 --- a/charts/hub/portworx/templates/storageclass/portworx-rwx.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - annotations: - argocd.argoproj.io/sync-wave: "4" - name: px-csi-db-shared -parameters: - io_profile: db_remote - repl: "3" - sharedv4: "true" - sharedv4_svc_type: "ClusterIP" -provisioner: pxd.portworx.com -reclaimPolicy: Delete -volumeBindingMode: Immediate -allowVolumeExpansion: true diff --git a/charts/hub/portworx/templates/storageclass/rbac/clusterrole.yaml b/charts/hub/portworx/templates/storageclass/rbac/clusterrole.yaml deleted file mode 100644 index 58a289ee..00000000 --- a/charts/hub/portworx/templates/storageclass/rbac/clusterrole.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - argocd.argoproj.io/hook: PreSync - argocd.argoproj.io/sync-wave: "-15" - name: portworx-sc-clusterrole -rules: -- apiGroups: ["*"] - resources: ['pods','storageclusters'] - verbs: ['get','list'] diff --git a/charts/hub/portworx/templates/storageclass/rbac/clusterrolebinding.yaml b/charts/hub/portworx/templates/storageclass/rbac/clusterrolebinding.yaml deleted file mode 100644 index 021d5c00..00000000 --- a/charts/hub/portworx/templates/storageclass/rbac/clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: portworx-sc-clusterrolebinding - annotations: - argocd.argoproj.io/hook: PreSync - argocd.argoproj.io/sync-wave: "-15" -subjects: -- kind: ServiceAccount - name: portworx-sc-sa - namespace: {{ .Values.namespace }} - apiGroup: "" -roleRef: - kind: ClusterRole - name: portworx-sc-clusterrole - apiGroup: rbac.authorization.k8s.io diff --git a/charts/hub/portworx/templates/storageclass/rbac/role-ns.yaml b/charts/hub/portworx/templates/storageclass/rbac/role-ns.yaml deleted file mode 100644 index 26203eca..00000000 --- a/charts/hub/portworx/templates/storageclass/rbac/role-ns.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - argocd.argoproj.io/hook: PreSync - argocd.argoproj.io/sync-wave: "-15" - namespace: {{ .Values.namespace }} - name: portworx-sc-ns-role -rules: -- apiGroups: ["*"] - resources: ["*"] - verbs: ["*"] diff --git a/charts/hub/portworx/templates/storageclass/rbac/rolebinding-ns.yaml b/charts/hub/portworx/templates/storageclass/rbac/rolebinding-ns.yaml deleted file mode 100644 index 084ac23b..00000000 --- a/charts/hub/portworx/templates/storageclass/rbac/rolebinding-ns.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: portworx-sc-ns-rolebinding - annotations: - argocd.argoproj.io/hook: PreSync - argocd.argoproj.io/sync-wave: "-15" -subjects: -- kind: ServiceAccount - name: portworx-sc-sa - namespace: {{ .Values.namespace }} - apiGroup: "" -roleRef: - kind: Role - name: portworx-sc-ns-role - apiGroup: rbac.authorization.k8s.io diff --git a/charts/hub/portworx/templates/storageclass/rbac/serviceAccount.yaml b/charts/hub/portworx/templates/storageclass/rbac/serviceAccount.yaml deleted file mode 100644 index 7bb4e542..00000000 --- a/charts/hub/portworx/templates/storageclass/rbac/serviceAccount.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: portworx-sc-sa - namespace: {{ .Values.namespace }} - annotations: - argocd.argoproj.io/sync-hook: "PreSync" - argocd.argoproj.io/sync-wave: "-10" diff --git a/charts/hub/portworx/templates/storageclass/wait-for-pxe.yaml b/charts/hub/portworx/templates/storageclass/wait-for-pxe.yaml deleted file mode 100644 index 3cef7a1f..00000000 --- a/charts/hub/portworx/templates/storageclass/wait-for-pxe.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - annotations: - argocd.argoproj.io/sync-wave: "3" - name: job-wait-for-portworx - namespace: {{ .Values.namespace }} -spec: - template: - spec: - containers: - - image: quay.io/hybridcloudpatterns/utility-container - command: - - /bin/bash - - -x - - -c - - | - stc_status=$(oc get stc -n {{ .Values.pxnamespace }} | grep -E "Online|Running" | wc -l) - until [ "$stc_status" -eq "1" ]; - do - echo "Portworx storagecluster not yet online" - sleep 10 - stc_status=$(oc get stc -n {{ .Values.pxnamespace }} | grep -E "Online|Running" | wc -l) - done - echo "Portworx storagecluster online, waiting for all containers to start" - num_px_pods=$(oc get pod -l name=portworx -n {{ .Values.pxnamespace }} --no-headers | wc -l) - while [ 1 ]; - do - num_px_pods_ready=$(oc get pod -l name=portworx -n {{ .Values.pxnamespace }} |grep -P '\s+([1-9]+[\d]*)\/\1\s+' | wc -l) - if [ "$num_px_pods_ready" -eq "$num_px_pods" ]; then - echo "Portworx is ready, $num_px_pods_ready of $num_px_pods pods running 2/2" - exit 0 - fi - echo "Portworx is not yet ready, $num_px_pods_ready of $num_px_pods pods running 2/2" - sleep 15 - done - name: wait-for-portworx-ready - dnsPolicy: ClusterFirst - restartPolicy: Never - serviceAccount: portworx-sc-sa - serviceAccountName: portworx-sc-sa - terminationGracePeriodSeconds: 600 diff --git a/charts/hub/portworx/values.yaml b/charts/hub/portworx/values.yaml deleted file mode 100644 index 3ca0e4ce..00000000 --- a/charts/hub/portworx/values.yaml +++ /dev/null @@ -1,52 +0,0 @@ -global: - clusterPlatform: AWS - -cloudProvider: - storageClass: default-rwo - -namespace: portworx # Recommended namespace for install is 'portworx', change to desired namespace if default is unacceptable -pxnamespace: portworx # Recommended namespace for install is 'portworx', change to desired namespace if default is unacceptable - -secrets: - AWSsecretName: aws-creds - AWSsecretNamespace: kube-system - -storage: - usefileSystemDrive: false # true/false Instructs PX to use an unmounted Drive even if it has a filesystem. - usedrivesAndPartitions: false # Defaults to false. Change to true and PX will use unmounted drives and partitions. - drives: "type=gp2,size=20" # NOTE: This is a ";" seperated list of drives. For eg: "/dev/sda;/dev/sdb;/dev/sdc" - # Defaults to use -A switch. - # To have drives automatically created specify the drive spec. For Eg: "type=gp2,size=150" or "type=io1,size=100,iops=2000" - journalDevice: - maxStorageNodesPerZone: "1" # WARNING: If you are running in a cloud region with two or less Availability Zones, you must set this to 2 (2 AZs) or 3 (1 AZ) for a minimum configuration (3-node cluster). This is NOT a recommended configuration as it could lead to data loss - Portworx recommends that storage nodes are split evenly across AZs for maximum storage resiliency. - kvdbDrives: "type=gp2,size=150" - -network: - dataInterface: none # Name of the interface - managementInterface: none # Name of the interface - -secretType: k8s # Defaults to k8s, but can be aws-kms/k8s/none -envVars: none # NOTE: This is a ";" seperated list of environment variables. For eg: MYENV1=myvalue1;MYENV2=myvalue2 - -csi: true # Enable CSI - -internalKVDB: true # internal KVDB - -customRegistryURL: -registrySecret: - -serviceAccount: - -repo: - enterprise: docker.io/portworx - dr: docker.io/portworx - -deleteStrategy: UninstallAndWipe # Options are Uninstall and UninstallAndWipe - -# You can determine the correct versions at the following URL: https://install.portworx.com/$PXVER/version?kbver=$KBVER -versions: - #operator: "1.10.4" # unless a specific operator from OperatorHub is necessary, leave this commented - enterprise: "2.13.4" # This will be the "version" string - ociMon: "2.13.4" # This will be the "version" string - autoPilot: "1.3.7" # This will be the "portworx/autopilot" version string - stork: "23.4.0" # This will be the "openstorage/stork" version string diff --git a/overrides/values-aap-config-aeg.yaml b/overrides/values-aap-config-aeg.yaml new file mode 100644 index 00000000..4809a92d --- /dev/null +++ b/overrides/values-aap-config-aeg.yaml @@ -0,0 +1,4 @@ +--- +agof: + iac_repo: https://github.com/validatedpatterns-demos/ansible-edge-gitops-hmi-config-as-code.git + iac_revision: main diff --git a/overrides/values-egv-4.12.yaml b/overrides/values-egv-4.12.yaml deleted file mode 120000 index 448ef8f2..00000000 --- a/overrides/values-egv-4.12.yaml +++ /dev/null @@ -1 +0,0 @@ -values-egv-4.13.yaml \ No newline at end of file diff --git a/overrides/values-egv-4.13.yaml b/overrides/values-egv-4.13.yaml deleted file mode 100644 index 0275b9f4..00000000 --- a/overrides/values-egv-4.13.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -vmDefaults: - storageClassName: "ocs-storagecluster-ceph-rbd" diff --git a/values-hub.yaml b/values-hub.yaml index 229f06ae..0c290c8e 100644 --- a/values-hub.yaml +++ b/values-hub.yaml @@ -15,7 +15,7 @@ clusterGroup: aap-operator: name: ansible-automation-platform-operator namespace: ansible-automation-platform - channel: stable-2.4 + channel: stable-2.5 openshift-virtualization: name: kubevirt-hyperconverged @@ -35,14 +35,8 @@ clusterGroup: playbook: ansible/deploy_kubevirt_worker.yml verbosity: -vvv - name: clean-golden-images - playbook: ansible/odf_clean_pvcs.yml - image: quay.io/hybridcloudpatterns/utility-container:latest + playbook: ansible/odf_fix_dataimportcrons.yml verbosity: -vvv - - name: configure-aap-controller - playbook: ansible/imperative_configure_aap.yml - image: quay.io/hybridcloudpatterns/utility-container:latest - verbosity: -vvv - timeout: "900" clusterRoleYaml: - apiGroups: - "*" @@ -50,6 +44,7 @@ clusterGroup: - machinesets - persistentvolumeclaims - datavolumes + - dataimportcrons verbs: - "*" - apiGroups: @@ -64,13 +59,19 @@ clusterGroup: applications: aap: name: ansible-automation-platform + namespace: ansible-automation-platform project: hub - path: charts/hub/ansible-automation-platform + chart: ansible-automation-platform-instance + chartVersion: 0.1.* aap-config: name: aap-config + namespace: aap-config project: hub - path: charts/hub/aap-config + chart: aap-config + chartVersion: 0.1.* + extraValueFiles: + - '$patternref/overrides/values-aap-config-aeg.yaml' vault: name: vault @@ -90,7 +91,8 @@ clusterGroup: name: openshift-cnv namespace: openshift-cnv project: hub - path: charts/hub/cnv + chart: openshift-virtualization-instance + chartVersion: 0.1.* odf: name: odf @@ -105,10 +107,10 @@ clusterGroup: name: edge-gitops-vms namespace: edge-gitops-vms project: hub - path: charts/hub/edge-gitops-vms + chart: edge-gitops-vms + chartVersion: 0.2.* extraValueFiles: - '$patternref/overrides/values-egv-vms.yaml' - - '$patternref/overrides/values-egv-{{ $.Values.global.clusterVersion }}.yaml' # Only the hub cluster here - managed entities are edge nodes managedClusterGroups: [] diff --git a/values-portworx.yaml b/values-portworx.yaml deleted file mode 100644 index e9edf0bf..00000000 --- a/values-portworx.yaml +++ /dev/null @@ -1,50 +0,0 @@ ---- -defaultVolumeMode: "Filesystem" -defaultStorageClassName: 'px-csi-db-shared' - -global: - extraValueFiles: - - '/values-portworx.yaml' - -# This is for the portworx cluster to be able to come up if only 2 AZs are available -storage: - maxStorageNodesPerZone: "3" - drives: "type=gp2,size=100" - -# Filesystem mode seems to want the volume to be bigger -vms: - kiosk: - storage: 40Gi - -clusterGroup: - namespaces: - - portworx - - vault - - golang-external-secrets - - ansible-automation-platform - - openshift-cnv - - edge-gitops-vms - - subscriptions: - openshift-data-foundation: - disabled: true - - portworx: - name: portworx-certified - namespace: portworx - channel: stable - source: certified-operators - - projects: - - portworx - - hub - - applications: - portworx: - name: portworx - namespace: portworx - project: portworx - path: charts/hub/portworx - - odf: - disabled: true diff --git a/values-secret.yaml.template b/values-secret.yaml.template index ab3adc85..045a822e 100644 --- a/values-secret.yaml.template +++ b/values-secret.yaml.template @@ -2,14 +2,6 @@ # NEVER COMMIT THESE VALUES TO GIT version: "2.0" secrets: - - name: aws-creds - fields: - - name: aws_access_key_id - value: "An aws access key that can provision VMs and manage IAM (if using portworx)" - - - name: aws_secret_access_key - value: "An aws access secret key that can provision VMs and manage IAM (if using portworx)" - - name: vm-ssh fields: - name: username @@ -48,3 +40,14 @@ secrets: - name: b64content path: 'full pathname of file containing Satellite Manifest for entitling Ansible Automation Platform' base64: true + + - name: automation-hub-token + fields: + - name: token + value: 'An automation hub token for retrieving Certified and Validated Ansible content' + + - name: agof-vault-file + fields: + - name: agof-vault-file + path: 'full pathname of a valid agof_vault file for secrets to overlay the iac config' + base64: true From 1318d9b254473918ccf8b4cce2676727bccfbf39 Mon Sep 17 00:00:00 2001 From: Martin Jackson Date: Wed, 5 Mar 2025 11:32:00 -0600 Subject: [PATCH 2/4] Add aap-config namespace --- values-hub.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/values-hub.yaml b/values-hub.yaml index 0c290c8e..46169bee 100644 --- a/values-hub.yaml +++ b/values-hub.yaml @@ -10,6 +10,7 @@ clusterGroup: - openshift-cnv - openshift-storage - edge-gitops-vms + - aap-config subscriptions: aap-operator: From bc2383bdbd2cf6fa55675a367937297661588e8b Mon Sep 17 00:00:00 2001 From: Martin Jackson Date: Wed, 5 Mar 2025 13:49:16 -0600 Subject: [PATCH 3/4] Allow dataimportcron cleanup to run in 4.17 too --- ansible/odf_fix_dataimportcrons.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/odf_fix_dataimportcrons.yml b/ansible/odf_fix_dataimportcrons.yml index 860185a6..d0f741a7 100644 --- a/ansible/odf_fix_dataimportcrons.yml +++ b/ansible/odf_fix_dataimportcrons.yml @@ -20,7 +20,7 @@ - name: Exit if normal version check is not right ansible.builtin.meta: end_play - when: cluster_version not in [ '4.16', 'UNSET' ] + when: cluster_version not in [ '4.17', '4.16', 'UNSET' ] - name: Find default storageclass ansible.builtin.shell: | From 30e817e0776a527aa4a491bb6454a4f1dbfcebf3 Mon Sep 17 00:00:00 2001 From: Martin Jackson Date: Wed, 5 Mar 2025 14:42:10 -0600 Subject: [PATCH 4/4] Add datasources to allowlist --- values-hub.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/values-hub.yaml b/values-hub.yaml index 46169bee..b753f1ea 100644 --- a/values-hub.yaml +++ b/values-hub.yaml @@ -46,6 +46,7 @@ clusterGroup: - persistentvolumeclaims - datavolumes - dataimportcrons + - datasources verbs: - "*" - apiGroups: