diff --git a/clustergroup/templates/imperative/clusterrole.yaml b/clustergroup/templates/imperative/clusterrole.yaml index 0ad8ff64..9508d8ca 100644 --- a/clustergroup/templates/imperative/clusterrole.yaml +++ b/clustergroup/templates/imperative/clusterrole.yaml @@ -1,4 +1,5 @@ {{- if not (eq .Values.enabled "plumbing") }} +{{- if $.Values.clusterGroup.imperative.enabled }} {{/* This is always defined as we always unseal the cluster with an imperative job */}} {{- if $.Values.clusterGroup.imperative.serviceAccountCreate }} --- @@ -34,4 +35,5 @@ rules: verbs: - '*' {{- end }} {{/* if $.Values.clusterGroup.imperative.adminServiceAccountCreate */}} +{{- end }} {{/* if $.Values.clusterGroup.imperative.enabled */}} {{- end }} diff --git a/clustergroup/templates/imperative/configmap.yaml b/clustergroup/templates/imperative/configmap.yaml index 9f2d6155..f87ed9c9 100644 --- a/clustergroup/templates/imperative/configmap.yaml +++ b/clustergroup/templates/imperative/configmap.yaml @@ -1,4 +1,5 @@ {{- if not (eq .Values.enabled "plumbing") }} +{{- if $.Values.clusterGroup.imperative.enabled }} {{/* This is always defined as we always unseal the cluster with an imperative job */}} {{- $valuesyaml := toYaml $.Values -}} apiVersion: v1 @@ -18,4 +19,5 @@ metadata: annotations: labels: config.openshift.io/inject-trusted-cabundle: 'true' +{{- end }} {{/* if $.Values.clusterGroup.imperative.enabled */}} {{- end }} diff --git a/clustergroup/templates/imperative/job.yaml b/clustergroup/templates/imperative/job.yaml index 0b82d47c..3171c659 100644 --- a/clustergroup/templates/imperative/job.yaml +++ b/clustergroup/templates/imperative/job.yaml @@ -1,6 +1,7 @@ {{- $hasInitContainerCapability := and (.Values.global.experimentalCapabilities) (has "initcontainers" (splitList "," .Values.global.experimentalCapabilities)) }} {{- if not (eq .Values.enabled "plumbing") }} +{{- if $.Values.clusterGroup.imperative.enabled }} {{/* Define this if needed (jobs defined */}} {{- if (and $.Values.clusterGroup.imperative (gt (len $.Values.clusterGroup.imperative.jobs) 0)) -}} --- @@ -77,4 +78,5 @@ spec: {{- end }} restartPolicy: Never {{- end }} +{{- end }} {{/* if $.Values.clusterGroup.imperative.enabled */}} {{- end }} diff --git a/clustergroup/templates/imperative/namespace.yaml b/clustergroup/templates/imperative/namespace.yaml index ee7b8adb..08bf9d2f 100644 --- a/clustergroup/templates/imperative/namespace.yaml +++ b/clustergroup/templates/imperative/namespace.yaml @@ -1,4 +1,5 @@ {{- if not (eq .Values.enabled "plumbing") }} +{{- if $.Values.clusterGroup.imperative.enabled }} {{/* This is always defined as we always unseal the cluster with an imperative job */}} apiVersion: v1 kind: Namespace @@ -7,4 +8,5 @@ metadata: name: {{ $.Values.clusterGroup.imperative.namespace }} argocd.argoproj.io/managed-by: {{ $.Values.global.pattern }}-{{ $.Values.clusterGroup.name }} name: {{ $.Values.clusterGroup.imperative.namespace }} +{{- end }} {{/* if $.Values.clusterGroup.imperative.enabled */}} {{- end }} diff --git a/clustergroup/templates/imperative/rbac.yaml b/clustergroup/templates/imperative/rbac.yaml index 8bfad5b3..9dea0e3d 100644 --- a/clustergroup/templates/imperative/rbac.yaml +++ b/clustergroup/templates/imperative/rbac.yaml @@ -1,4 +1,5 @@ {{- if not (eq .Values.enabled "plumbing") }} +{{- if $.Values.clusterGroup.imperative.enabled }} {{/* This is always defined as we always unseal the cluster with an imperative job */}} {{- if $.Values.clusterGroup.imperative.serviceAccountCreate -}} --- @@ -44,4 +45,5 @@ subjects: name: {{ $.Values.clusterGroup.imperative.adminServiceAccountName }} namespace: {{ $.Values.clusterGroup.imperative.namespace }} {{- end }} +{{- end }} {{/* if $.Values.clusterGroup.imperative.enabled */}} {{- end }} diff --git a/clustergroup/templates/imperative/role.yaml b/clustergroup/templates/imperative/role.yaml index 63ad37d1..db2b398f 100644 --- a/clustergroup/templates/imperative/role.yaml +++ b/clustergroup/templates/imperative/role.yaml @@ -1,4 +1,5 @@ {{- if not (eq .Values.enabled "plumbing") }} +{{- if $.Values.clusterGroup.imperative.enabled }} {{/* This is always defined as we always unseal the cluster with an imperative job */}} --- apiVersion: rbac.authorization.k8s.io/v1 @@ -17,4 +18,5 @@ rules: verbs: - '*' {{- end }} +{{- end }} {{/* if $.Values.clusterGroup.imperative.enabled */}} {{- end }} diff --git a/clustergroup/templates/imperative/serviceaccount.yaml b/clustergroup/templates/imperative/serviceaccount.yaml index a171d300..2660f694 100644 --- a/clustergroup/templates/imperative/serviceaccount.yaml +++ b/clustergroup/templates/imperative/serviceaccount.yaml @@ -1,4 +1,5 @@ {{- if not (eq .Values.enabled "plumbing") }} +{{- if $.Values.clusterGroup.imperative.enabled }} {{/* This is always defined as we always unseal the cluster with an imperative job */}} {{- if $.Values.clusterGroup.imperative.serviceAccountCreate }} apiVersion: v1 @@ -15,4 +16,5 @@ metadata: name: {{ $.Values.clusterGroup.imperative.adminServiceAccountName }} namespace: {{ $.Values.clusterGroup.imperative.namespace }} {{- end }} +{{- end }} {{/* if $.Values.clusterGroup.imperative.enabled */}} {{- end }} diff --git a/clustergroup/templates/imperative/unsealjob.yaml b/clustergroup/templates/imperative/unsealjob.yaml index e0ff2c78..b0ade528 100644 --- a/clustergroup/templates/imperative/unsealjob.yaml +++ b/clustergroup/templates/imperative/unsealjob.yaml @@ -4,6 +4,7 @@ why we avoid using the default function */}} {{- if or (eq .Values.global.secretStore.backend "vault") (not (hasKey .Values.global.secretStore "backend")) }} {{- if not (eq .Values.enabled "plumbing") }} +{{- if $.Values.clusterGroup.imperative.enabled }} {{- if $.Values.clusterGroup.isHubCluster }} --- apiVersion: batch/v1 @@ -70,5 +71,6 @@ spec: {{- end }} restartPolicy: Never {{- end }} +{{- end }} {{/* if $.Values.clusterGroup.imperative.enabled */}} {{- end }} {{- end }} diff --git a/clustergroup/values.schema.json b/clustergroup/values.schema.json index ea115f2a..fa5bc923 100644 --- a/clustergroup/values.schema.json +++ b/clustergroup/values.schema.json @@ -606,6 +606,10 @@ "type": "object", "additionalProperties": false, "properties": { + "enabled": { + "type": "boolean", + "default": true + }, "jobs": { "type": "array", "items": { diff --git a/clustergroup/values.yaml b/clustergroup/values.yaml index c3611241..efb0a5d5 100644 --- a/clustergroup/values.yaml +++ b/clustergroup/values.yaml @@ -25,6 +25,7 @@ clusterGroup: configManagementPlugins: [] imperative: + enabled: true jobs: [] # This image contains ansible + kubernetes.core by default and is used to run the jobs image: registry.redhat.io/ansible-automation-platform-24/ee-supported-rhel9:latest diff --git a/tests/clustergroup-industrial-edge-factory.expected.yaml b/tests/clustergroup-industrial-edge-factory.expected.yaml index 356b7e7e..66519981 100644 --- a/tests/clustergroup-industrial-edge-factory.expected.yaml +++ b/tests/clustergroup-industrial-edge-factory.expected.yaml @@ -129,6 +129,7 @@ data: clusterRoleName: imperative-cluster-role clusterRoleYaml: "" cronJobName: imperative-cronjob + enabled: true image: registry.redhat.io/ansible-automation-platform-24/ee-supported-rhel9:latest imagePullPolicy: Always insecureUnsealVaultInsideClusterSchedule: '*/5 * * * *' diff --git a/tests/clustergroup-industrial-edge-hub.expected.yaml b/tests/clustergroup-industrial-edge-hub.expected.yaml index 3291aeb2..e10e540c 100644 --- a/tests/clustergroup-industrial-edge-hub.expected.yaml +++ b/tests/clustergroup-industrial-edge-hub.expected.yaml @@ -250,6 +250,7 @@ data: clusterRoleName: imperative-cluster-role clusterRoleYaml: "" cronJobName: imperative-cronjob + enabled: true image: registry.redhat.io/ansible-automation-platform-24/ee-supported-rhel9:latest imagePullPolicy: Always insecureUnsealVaultInsideClusterSchedule: '*/5 * * * *' diff --git a/tests/clustergroup-medical-diagnosis-hub.expected.yaml b/tests/clustergroup-medical-diagnosis-hub.expected.yaml index 6e300fc3..9a1b7cd7 100644 --- a/tests/clustergroup-medical-diagnosis-hub.expected.yaml +++ b/tests/clustergroup-medical-diagnosis-hub.expected.yaml @@ -233,6 +233,7 @@ data: clusterRoleName: imperative-cluster-role clusterRoleYaml: "" cronJobName: imperative-cronjob + enabled: true image: registry.redhat.io/ansible-automation-platform-24/ee-supported-rhel9:latest imagePullPolicy: Always insecureUnsealVaultInsideClusterSchedule: '*/5 * * * *' diff --git a/tests/clustergroup-naked.expected.yaml b/tests/clustergroup-naked.expected.yaml index 6f1c6b2e..76207630 100644 --- a/tests/clustergroup-naked.expected.yaml +++ b/tests/clustergroup-naked.expected.yaml @@ -56,6 +56,7 @@ data: clusterRoleName: imperative-cluster-role clusterRoleYaml: "" cronJobName: imperative-cronjob + enabled: true image: registry.redhat.io/ansible-automation-platform-24/ee-supported-rhel9:latest imagePullPolicy: Always insecureUnsealVaultInsideClusterSchedule: '*/5 * * * *' diff --git a/tests/clustergroup-normal.expected.yaml b/tests/clustergroup-normal.expected.yaml index 41eb68b8..57408b88 100644 --- a/tests/clustergroup-normal.expected.yaml +++ b/tests/clustergroup-normal.expected.yaml @@ -141,6 +141,7 @@ data: clusterRoleName: imperative-cluster-role clusterRoleYaml: "" cronJobName: imperative-cronjob + enabled: true image: registry.redhat.io/ansible-automation-platform-24/ee-supported-rhel9:latest imagePullPolicy: Always insecureUnsealVaultInsideClusterSchedule: '*/5 * * * *'