fixed RBAC hooks, sed replaces, and Notes

Author: elai-shalev

charts/orchestrator-software-templates-infra/templates/NOTES.txt

@@ -46,5 +46,5 @@ oc wait --for=condition=Ready pod --all -n openshift-pipelines --timeout=120s
 Run the following command to validate that the openshift-gitops namespace and all pods within it are operational:
 
 oc wait --for=jsonpath='{.status.phase}'=Active namespace/openshift-gitops --timeout=80s && \
-oc wait --for=condition=Ready pod --all -n {{ .Release.Namespace }} --timeout=120s
+oc wait --for=condition=Ready pod --all -n orchestrator-gitops --timeout=120s
 {{- end }}

charts/orchestrator-software-templates/Chart.yaml

@@ -5,7 +5,8 @@ annotations:
 apiVersion: v2
 name: orchestrator-software-templates
 description: >
-  A Helm chart to install Openshift GitOps and Openshift Pipelines, which are required operators for installing Software Templates to be avaliable on RHDH.
+  This Helm chart deploys the Orchestrator Software Templates for Red Hat Developer Hub (RHDH) and other necessary GitOps configurations.
+
 kubeVersion: ">= 1.25.0-0"
 type: application
 sources:

charts/orchestrator-software-templates/README.md

@@ -4,7 +4,7 @@
 ![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square)
 ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
-A Helm chart to install Openshift GitOps and Openshift Pipelines, which are required operators for installing Software Templates to be avaliable on RHDH.
+This Helm chart deploys the Orchestrator Software Templates for Red Hat Developer Hub (RHDH) and other necessary GitOps configurations.
 
 ## Maintainers
 

charts/orchestrator-software-templates/templates/NOTES.txt

@@ -1,40 +1,5 @@
 {{/* Empty line */}}
 Helm Release {{ .Release.Name }} installed in namespace {{ .Release.Namespace }}.
-{{- $yes := "YES" }}
-{{- $no := "NO " }}
-{{- $tektonPipelineInstalled := $no }}
-{{- $tektonTaskInstalled := $no }}
-{{- $argocdInstalled := $no }}
-{{- $orchestratorAuthInstalled := $no }}
-{{- $orchestratorCatalogInstalled := $no }}
-
-{{- if eq "true" (include "install-tekton-pipeline" .) }}
-{{- $tektonPipelineInstalled = $yes }}
-{{- end }}
-
-{{- if eq "true" (include "install-tekton-task" .) }}
-{{- $tektonTaskInstalled = $yes }}
-{{- end }}
-
-{{- if eq "true" (include "install-argocd-project" .) }}
-{{- $argocdInstalled = $yes }}
-{{- end }}
-
-{{- if .Values.rhdhConfig.enabled }}
-{{- $orchestratorAuthInstalled = $yes }}
-{{- $orchestratorCatalogInstalled = $yes }}
-{{- end }}
-
-{{- $gitopsNamespace := include "get-argocd-namespace" . }}
-
-Components                   Installed   Namespace
-====================================================================
-Tekton pipeline              {{ $tektonPipelineInstalled }}        {{ $gitopsNamespace }}
-Tekton task                  {{ $tektonTaskInstalled }}        {{ $gitopsNamespace }}
-ArgoCD project               {{ $argocdInstalled }}        {{ $gitopsNamespace }}
-Orchestrator auth config     {{ $orchestratorAuthInstalled }}        {{ .Release.Namespace }}
-Orchestrator catalog config  {{ $orchestratorCatalogInstalled }}        {{ .Release.Namespace }}
-====================================================================
 
 Prerequisites check:
 {{- if not (.Capabilities.APIVersions.Has "tekton.dev/v1/Task") }}
@@ -78,8 +43,8 @@ Next Steps:
    RHDH_ROUTE="https://$(oc get route -n {{ .Values.orchestratorTemplates.rhdhChartNamespace }} -o jsonpath='{.items[0].spec.host}')"
 
    # Copy template and replace placeholders
-   cp orchestrator-templates-values.yaml.template orchestrator-templates-values.yaml
-   sed -i "s|{RHDH_BASE_URL}|$RHDH_ROUTE|g" orchestrator-templates-values.yaml
+   cp ../hack/orchestrator-templates-values.yaml.template orchestrator-templates-values.yaml
+   sed -i "s|__RHDH_BASE_URL__|$RHDH_ROUTE|g" orchestrator-templates-values.yaml
 
 2. Backup current values and upgrade backstage chart:
 
@@ -93,33 +58,11 @@ Next Steps:
      -f current-backstage-values.yaml \
      -f orchestrator-templates-values.yaml
 
-3. Verify the deployment:
-   
-   {{- if .Values.rhdhConfig.enabled }}
-   kubectl get configmaps -n {{ .Release.Namespace }} -l rhdh.redhat.com/ext-config-sync=true
-   {{- end }}
-   kubectl get pipelines,tasks -n {{ $gitopsNamespace }}
-   kubectl get appprojects -n {{ $gitopsNamespace }}
+3. Wait for the backstage deployment to finish rollout
 
 4. Access your RHDH instance and check the 'Create' section for new software templates.
 
 
-====================================================================
-Troubleshooting:
-====================================================================
-
-If upgrade fails, rollback:
-  helm rollback {{ .Values.orchestratorTemplates.rhdhChartReleaseName }} -n {{ .Values.orchestratorTemplates.rhdhChartNamespace }}
-
-If placeholders remain in values file:
-  grep "{.*}" my-orchestrator-values.yaml
-
-If software templates not visible:
-  kubectl logs -n {{ .Values.orchestratorTemplates.rhdhChartNamespace }} -l app.kubernetes.io/name=backstage
-
-If ConfigMaps not loading:
-  kubectl get configmaps -n {{ .Release.Namespace }} -l rhdh.redhat.com/ext-config-sync=true
-
 For more information, visit:
 https://github.com/redhat-developer/rhdh-chart
 

charts/orchestrator-software-templates/templates/rbac.yaml

@@ -3,36 +3,62 @@ kind: ServiceAccount
 metadata:
   name: backstage
   namespace: {{ .Values.orchestratorTemplates.rhdhChartNamespace }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  namespace: {{ .Values.orchestratorTemplates.argocd.argocdNamespace }}
-  name: backstage-k8s-read-binding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: backstage-k8s-read
-subjects:
-  - kind: ServiceAccount
-    name: backstage
-    namespace: {{ .Values.orchestratorTemplates.rhdhChartNamespace }}
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+    "helm.sh/hook-weight": "-5"
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  namespace: {{ .Values.orchestratorTemplates.argocd.argocdNamespace }}
+  namespace: {{ .Values.argocd.argocdNamespace }}
   name: backstage-k8s-read
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+    "helm.sh/hook-weight": "-4"
 rules:
-  - apiGroups: ["", "apps", "batch", "networking.k8s.io", "tekton.dev", "route.openshift.io", "autoscaling"]
-    resources: ["pods", "services", "configmaps", "limitranges", "resourcequotas", "deployments", "replicasets", "statefulsets", "jobs", "cronjobs", "ingresses", "horizontalpodautoscalers", "pipelines", "pipelineruns", "taskruns", "routes", "daemonsets"]
+  - apiGroups:
+      [
+        "",
+        "apps",
+        "batch",
+        "networking.k8s.io",
+        "tekton.dev",
+        "route.openshift.io",
+        "autoscaling",
+      ]
+    resources:
+      [
+        "pods",
+        "services",
+        "configmaps",
+        "limitranges",
+        "resourcequotas",
+        "deployments",
+        "replicasets",
+        "statefulsets",
+        "jobs",
+        "cronjobs",
+        "ingresses",
+        "horizontalpodautoscalers",
+        "pipelines",
+        "pipelineruns",
+        "taskruns",
+        "routes",
+        "daemonsets",
+      ]
     verbs: ["get", "list", "watch"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  namespace: {{ .Values.orchestratorTemplates.argocd.argocdNamespace }}
+  namespace: {{ .Values.argocd.argocdNamespace }}
   name: backstage-k8s-read-binding
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+    "helm.sh/hook-weight": "-3"
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role

hack/orchestrator-templates-setup.sh

@@ -150,7 +150,7 @@ function captureGitClientSecret {
 }
 
 function captureArgoCDNamespace {
-  default="openshift-gitops"
+  default="orchestrator-gitops"
   if [ "$use_default" == true ]; then
     argocd_namespace="$default"
   else