Skip to content

Commit 3a26281

Browse files
day0heromlorenzofr
andauthored
fix/ESO upgrade (#123)
* Repo/ESO Updates - ran patternizer against the repo to ensure that the latest goodness is from the vp framework is applied. - updated ESO from upstream to openshift supported - updated values-hub to use `argoProject{,s}` - changed namespace definition from list to dictionary. this is currently required for the framework to support multiple versions of an operator/service (golang-external-secrets/openshift-external-secrets) * update to values-group-one.yaml * rebasing branch * changing eso apiVersion for qtodo-quay-pass * updating pr * removing hardcoded value for clusterGroup chart * removing extra (unnecessary values) file * update makefile * removing duplicate seed entry * Addtl Changes to pattern for ocp-eso support - changed job behavior to match rhtpa-ingress-ca-extractor chart - central-htpasswd is now operator-managed * Add clustername to acs-secured-cluster * Apply suggestion from @mlorenzofr added policy Co-authored-by: Manuel Lorenzo <mlorenzofr@gmail.com> * Updated pattern.sh with Mac-specific handling: 1. Mac detection — sets MACHINE_TYPE=mac when uname -s is Darwin 2. TARGET_ORIGIN — exported as origin on Mac 3. Array expansion — on Mac, uses ${PKI_HOST_MOUNT_ARGS[@]+"${PKI_HOST_MOUNT_ARGS[@]}"} and ${EXTRA_ARGS_ARRAY[@]+"${EXTRA_ARGS_ARRAY[@]}"} via PKI_EXPAND and EXTRA_EXPAND before the podman run call Linux behavior is unchanged. * modified make targets to disable argocd app status * removes the intermediate variables --------- Co-authored-by: Manuel Lorenzo <mlorenzofr@gmail.com>
1 parent 3d68f0b commit 3a26281

56 files changed

Lines changed: 919 additions & 1683 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

Makefile

Lines changed: 4 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -1,26 +1,5 @@
1-
.PHONY: default
2-
default: help
1+
# Generated by patternizer
2+
# This Makefile includes the common pattern targets from Makefile-common
3+
# You can add custom targets above or below the include line
34

4-
.PHONY: help
5-
##@ Pattern tasks
6-
7-
# No need to add a comment here as help is described in common/
8-
help:
9-
@make -f common/Makefile MAKEFILE_LIST="Makefile common/Makefile" help
10-
11-
%:
12-
make -f common/Makefile $*
13-
14-
.PHONY: install
15-
install: operator-deploy post-install ## installs the pattern and loads the secrets
16-
@echo "Installed"
17-
18-
.PHONY: post-install
19-
post-install: ## Post-install tasks
20-
make load-secrets
21-
make vault-config-jwt
22-
@echo "Done"
23-
24-
.PHONY: test
25-
test:
26-
@make -f common/Makefile PATTERN_OPTS="-f values-global.yaml -f values-hub.yaml" test
5+
include Makefile-common

Makefile-common

Lines changed: 55 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,55 @@
1+
MAKEFLAGS += --no-print-directory
2+
ANSIBLE_STDOUT_CALLBACK ?= null # null silences all ansible output. Override this with default, minimal, oneline, etc. when debugging.
3+
ANSIBLE_RUN := ANSIBLE_STDOUT_CALLBACK=$(ANSIBLE_STDOUT_CALLBACK) ansible-playbook $(EXTRA_PLAYBOOK_OPTS)
4+
DOCS_URL := https://validatedpatterns.io/blog/2025-08-29-new-common-makefile-structure/
5+
6+
.PHONY: help
7+
help: ## Print this help message
8+
@echo "For a complete guide to these targets and the available overrides, please visit $(DOCS_URL)"
9+
@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m<target>\033[0m\n"} /^(\s|[a-zA-Z_0-9-])+:.*?##/ { printf " \033[36m%-35s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
10+
11+
##@ Pattern Install Tasks
12+
.PHONY: show
13+
show: ## Shows the template that would be applied by the `make install` target
14+
@$(ANSIBLE_RUN) rhvp.cluster_utils.show
15+
16+
.PHONY: operator-deploy
17+
operator-deploy operator-upgrade: ## Installs/updates the pattern on a cluster (DOES NOT load secrets)
18+
@$(ANSIBLE_RUN) rhvp.cluster_utils.operator_deploy
19+
20+
.PHONY: install
21+
#install: pattern-install ## Installs the pattern onto a cluster (Loads secrets as well if configured)
22+
install: operator-deploy load-secrets
23+
24+
.PHONY: uninstall ## Prints a notice that patterns cannot currently be uninstalled
25+
uninstall:
26+
@echo "Uninstall is not possible at the moment so this target is empty. We are working to implement it as well as we can."
27+
28+
.PHONY: pattern-install
29+
pattern-install:
30+
@$(ANSIBLE_RUN) rhvp.cluster_utils.install
31+
32+
.PHONY: load-secrets
33+
load-secrets: ## Loads secrets onto the cluster (unless explicitly disabled in values-global.yaml)
34+
@$(ANSIBLE_RUN) rhvp.cluster_utils.load_secrets
35+
36+
##@ Validation Tasks
37+
.PHONY: validate-prereq
38+
validate-prereq: ## verify pre-requisites
39+
@$(ANSIBLE_RUN) rhvp.cluster_utils.validate_prereq
40+
41+
.PHONY: validate-origin
42+
validate-origin: ## verify the git origin is available
43+
@$(ANSIBLE_RUN) rhvp.cluster_utils.validate_origin
44+
45+
.PHONY: validate-cluster
46+
validate-cluster: ## Do some cluster validations before installing
47+
@$(ANSIBLE_RUN) rhvp.cluster_utils.validate_cluster
48+
49+
.PHONY: validate-schema
50+
validate-schema: ## validates values files against schema in common/clustergroup
51+
@$(ANSIBLE_RUN) rhvp.cluster_utils.validate_schema
52+
53+
.PHONY: argo-healthcheck
54+
argo-healthcheck: ## Checks if all argo applications are synced
55+
@$(ANSIBLE_RUN) rhvp.cluster_utils.argo_healthcheck

ansible.cfg

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,15 @@
11
[defaults]
22
localhost_warning=False
33
retry_files_enabled=False
4-
library=~/.ansible/plugins/modules:./ansible/plugins/modules:./common/ansible/plugins/modules:/usr/share/ansible/plugins/modules
5-
roles_path=~/.ansible/roles:./ansible/roles:./common/ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles
6-
filter_plugins=~/.ansible/plugins/filter:./ansible/plugins/filter:./common/ansible/plugins/filter:/usr/share/ansible/plugins/filter
4+
# Retry files disabled to avoid cluttering CI/CD environments
5+
interpreter_python=auto_silent
6+
timeout=30
7+
library=~/.ansible/plugins/modules:./ansible/plugins/modules:/usr/share/ansible/plugins/modules
8+
roles_path=~/.ansible/roles:./ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles
9+
filter_plugins=~/.ansible/plugins/filter:./ansible/plugins/filter:/usr/share/ansible/plugins/filter
10+
# use the collections from the util. container,
11+
# change below if you want to test local collections
12+
collections_path=/usr/share/ansible/collections
13+
14+
[inventory]
15+
inventory_unparsed_warning=False

charts/acm-managed-clusters/templates/acm-external-secrets.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{{- $clusters := .Values.acmManagedClusters.clusters | default list }}
22
{{- range $clusters }}
33
---
4-
apiVersion: "external-secrets.io/v1beta1"
4+
apiVersion: "external-secrets.io/v1"
55
kind: ExternalSecret
66
metadata:
77
name: kubeconfig-{{ .name }}

charts/acs-central/templates/central-htpasswd-external-secret.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
{{- if and .Values.central.enabled .Values.central.adminPassword.useExternalSecret }}
2-
apiVersion: "external-secrets.io/v1beta1"
2+
apiVersion: "external-secrets.io/v1"
33
kind: ExternalSecret
44
metadata:
55
name: central-htpasswd-external-secret

charts/acs-central/templates/jobs/create-auth-provider.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,8 @@ metadata:
88
{{- include "acs-central.labels" . | nindent 4 }}
99
annotations:
1010
argocd.argoproj.io/sync-wave: "44"
11+
argocd.argoproj.io/hook: Sync
12+
argocd.argoproj.io/hook-delete-policy: BeforeHookCreation
1113
spec:
1214
template:
1315
metadata:

charts/acs-central/templates/jobs/create-cluster-init-bundle.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,8 @@ metadata:
1515
annotations:
1616
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
1717
argocd.argoproj.io/sync-wave: "43"
18+
argocd.argoproj.io/hook: Sync
19+
argocd.argoproj.io/hook-delete-policy: BeforeHookCreation
1820
spec:
1921
template:
2022
metadata:

charts/acs-central/templates/jobs/create-htpasswd-field.yaml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,9 @@ metadata:
88
{{- include "acs-central.labels" . | nindent 4 }}
99
annotations:
1010
argocd.argoproj.io/sync-wave: "37"
11+
# Jobs are immutable; delete and recreate on each sync when spec changes
12+
argocd.argoproj.io/hook: Sync
13+
argocd.argoproj.io/hook-delete-policy: BeforeHookCreation
1114
spec:
1215
template:
1316
metadata:
@@ -34,7 +37,7 @@ spec:
3437
3538
echo "🔄 Generating htpasswd entry for admin user..."
3639
37-
# Check if central-htpasswd secret already has valid htpasswd field
40+
# Check if admin password secret already has valid htpasswd field
3841
if oc get secret {{ .Values.central.adminPassword.secretName }} -n {{ .Release.Namespace }} -o jsonpath='{.data.htpasswd}' 2>/dev/null | base64 -d | grep -q "^admin:\$2[aby]\$"; then
3942
echo "✅ htpasswd entry already exists and is valid (bcrypt format)"
4043
exit 0

charts/acs-central/templates/keycloak-client-secret-external-secret.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
{{- if and .Values.central.enabled .Values.integration.keycloak.enabled }}
2-
apiVersion: "external-secrets.io/v1beta1"
2+
apiVersion: "external-secrets.io/v1"
33
kind: ExternalSecret
44
metadata:
55
name: {{ .Values.integration.keycloak.clientSecret.secretName }}

charts/acs-central/values.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ central:
2020
adminPassword:
2121
# Use external secret from Vault
2222
useExternalSecret: true
23-
secretName: central-htpasswd
23+
secretName: central-admin-htpasswd
2424
secretKey: password
2525

2626
# Image configuration
@@ -195,4 +195,4 @@ securityContext:
195195
# Node selector and tolerations
196196
nodeSelector: {}
197197
tolerations: []
198-
affinity: {}
198+
affinity: {}

0 commit comments

Comments
 (0)