Addtl Changes to pattern for ocp-eso support

day0hero · day0hero · commit 52f7c2dde57d · 2026-06-02T13:26:43.000+01:00
- changed job behavior to match rhtpa-ingress-ca-extractor chart
- central-htpasswd is now operator-managed
diff --git a/charts/acs-central/templates/jobs/create-auth-provider.yaml b/charts/acs-central/templates/jobs/create-auth-provider.yaml
@@ -8,6 +8,8 @@ metadata:
     {{- include "acs-central.labels" . | nindent 4 }}
   annotations:
     argocd.argoproj.io/sync-wave: "44"
+    argocd.argoproj.io/hook: Sync
+    argocd.argoproj.io/hook-delete-policy: BeforeHookCreation
 spec:
   template:
     metadata:
diff --git a/charts/acs-central/templates/jobs/create-cluster-init-bundle.yaml b/charts/acs-central/templates/jobs/create-cluster-init-bundle.yaml
@@ -15,6 +15,8 @@ metadata:
   annotations:
     argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
     argocd.argoproj.io/sync-wave: "43"
+    argocd.argoproj.io/hook: Sync
+    argocd.argoproj.io/hook-delete-policy: BeforeHookCreation
 spec:
   template:
     metadata:
diff --git a/charts/acs-central/templates/jobs/create-htpasswd-field.yaml b/charts/acs-central/templates/jobs/create-htpasswd-field.yaml
@@ -8,6 +8,9 @@ metadata:
     {{- include "acs-central.labels" . | nindent 4 }}
   annotations:
     argocd.argoproj.io/sync-wave: "37"
+    # Jobs are immutable; delete and recreate on each sync when spec changes
+    argocd.argoproj.io/hook: Sync
+    argocd.argoproj.io/hook-delete-policy: BeforeHookCreation
 spec:
   template:
     metadata:
@@ -34,7 +37,7 @@ spec:
 
               echo "🔄 Generating htpasswd entry for admin user..."
 
-              # Check if central-htpasswd secret already has valid htpasswd field
+              # Check if admin password secret already has valid htpasswd field
               if oc get secret {{ .Values.central.adminPassword.secretName }} -n {{ .Release.Namespace }} -o jsonpath='{.data.htpasswd}' 2>/dev/null | base64 -d | grep -q "^admin:\$2[aby]\$"; then
                 echo "✅ htpasswd entry already exists and is valid (bcrypt format)"
                 exit 0
diff --git a/charts/acs-central/values.yaml b/charts/acs-central/values.yaml
@@ -20,7 +20,7 @@ central:
   adminPassword:
     # Use external secret from Vault
     useExternalSecret: true
-    secretName: central-htpasswd
+    secretName: central-admin-htpasswd
     secretKey: password
 
   # Image configuration
@@ -195,4 +195,4 @@ securityContext:
 # Node selector and tolerations
 nodeSelector: {}
 tolerations: []
-affinity: {}
+affinity: {}
