[patch] Ensure external label added to routes prior to configtool oidc registration attempt. Fix .Values.ingress checks. (#252)

Author: tomklapiscak

cluster-applications/030-ibm-cis-cert-manager/templates/00-8-ibm-cis-webhook_cis-ingress-controller.yaml

@@ -1,4 +1,7 @@
-{{- if and (eq .Values.dns_provider "cis") (.Values.ingress) }}
+# .Values.ingress is properly passed into the cis-cert-manager app as a boolean
+# (see https://github.com/ibm-mas/gitops/blob/d46e6577fc2081e0a5624dddf575cead5310d794/root-applications/ibm-mas-cluster-root/templates/030-ibm-cis-cert-manager.yaml#L51)
+# Nevertheless, for consistency with checks against .Values.ingress in other charts, we will also accept the string "true" here.
+{{- if and (eq .Values.dns_provider "cis") (eq (toString .Values.ingress) "true") }}
 ---
 apiVersion: operator.openshift.io/v1
 kind: IngressController

instance-applications/130-ibm-mas-suite/templates/05-postsync-add-label_Job.yaml

@@ -1,4 +1,8 @@
-{{- if .Values.ingress }}
+# .Values.ingress is passed into the suite as a string (even though the original value is a boolean)
+# (see https://github.com/ibm-mas/gitops/blob/d46e6577fc2081e0a5624dddf575cead5310d794/root-applications/ibm-mas-instance-root/templates/130-ibm-mas-suite-app.yaml#L60)
+# This meant the check was passing even when ingress was false (.Values.ingress is considered true when it is the string "false")
+# Rather than change the suite app (and force it to resync in all existing envs), we'll instead fix the check here to look for either boolean true OR the string "true".
+{{- if (eq (toString .Values.ingress) "true") }}
 
 {{ $job_label :=  "mas-route-patch" }}
 ---
@@ -11,8 +15,6 @@ metadata:
   namespace: mas-{{ .Values.instance_id }}-core
   annotations:
     argocd.argoproj.io/sync-wave: "140"
-    argocd.argoproj.io/hook: PostSync
-    argocd.argoproj.io/hook-delete-policy: HookSucceeded,BeforeHookCreation
 {{- if .Values.custom_labels }}
   labels:
 {{ .Values.custom_labels | toYaml | indent 4 }}
@@ -35,8 +37,6 @@ metadata:
   namespace: mas-{{ .Values.instance_id }}-core
   annotations:
     argocd.argoproj.io/sync-wave: "140"
-    argocd.argoproj.io/hook: PostSync
-    argocd.argoproj.io/hook-delete-policy: HookSucceeded,BeforeHookCreation
 {{- if .Values.custom_labels }}
   labels:
 {{ .Values.custom_labels | toYaml | indent 4 }}
@@ -50,8 +50,6 @@ metadata:
   name: mas-route-prereq-role-{{ .Values.instance_id }}
   annotations:
     argocd.argoproj.io/sync-wave: "140"
-    argocd.argoproj.io/hook: PostSync
-    argocd.argoproj.io/hook-delete-policy: HookSucceeded,BeforeHookCreation
 {{- if .Values.custom_labels }}
   labels:
 {{ .Values.custom_labels | toYaml | indent 4 }}
@@ -81,8 +79,6 @@ metadata:
   name: mas-route-prereq-rb-{{ .Values.instance_id }}
   annotations:
     argocd.argoproj.io/sync-wave: "141"
-    argocd.argoproj.io/hook: PostSync
-    argocd.argoproj.io/hook-delete-policy: HookSucceeded,BeforeHookCreation
 {{- if .Values.custom_labels }}
   labels:
 {{ .Values.custom_labels | toYaml | indent 4 }}
@@ -100,12 +96,10 @@ roleRef:
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: mas-route-patch-v1-{{ omit .Values "junitreporter" | toYaml | adler32sum }}
+  name: mas-route-patch-v2-{{ omit .Values "junitreporter" | toYaml | adler32sum }}
   namespace: mas-{{ .Values.instance_id }}-core
   annotations:
     argocd.argoproj.io/sync-wave: "142"
-    argocd.argoproj.io/hook: PostSync
-    argocd.argoproj.io/hook-delete-policy: HookSucceeded,BeforeHookCreation
 {{- if .Values.custom_labels }}
   labels:
 {{ .Values.custom_labels | toYaml | indent 4 }}

instance-applications/130-ibm-mas-suite/templates/05-postsync-configtool-oidc.yaml renamed to instance-applications/130-ibm-mas-suite/templates/06-postsync-configtool-oidc.yaml

@@ -15,7 +15,7 @@ metadata:
   name: {{ $np_name }}
   namespace: {{ $ns }}
   annotations:
-    argocd.argoproj.io/sync-wave: "140"
+    argocd.argoproj.io/sync-wave: "143"
 {{- if .Values.custom_labels }}
   labels:
 {{ .Values.custom_labels | toYaml | indent 4 }}
@@ -37,7 +37,7 @@ metadata:
   name: {{ $sa_name }}
   namespace: {{ $ns }}
   annotations:
-    argocd.argoproj.io/sync-wave: "140"
+    argocd.argoproj.io/sync-wave: "143"
 {{- if .Values.custom_labels }}
   labels:
 {{ .Values.custom_labels | toYaml | indent 4 }}
@@ -50,7 +50,7 @@ metadata:
   name: {{ $role_name }}
   namespace: {{ $ns }}
   annotations:
-    argocd.argoproj.io/sync-wave: "140"
+    argocd.argoproj.io/sync-wave: "143"
 {{- if .Values.custom_labels }}
   labels:
 {{ .Values.custom_labels | toYaml | indent 4 }}
@@ -64,7 +64,7 @@ metadata:
   name: {{ $rb_name }}
   namespace: {{ $ns }}
   annotations:
-    argocd.argoproj.io/sync-wave: "141"
+    argocd.argoproj.io/sync-wave: "144"
 {{- if .Values.custom_labels }}
   labels:
 {{ .Values.custom_labels | toYaml | indent 4 }}
@@ -83,10 +83,10 @@ roleRef:
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: {{ $job_label }}-v1-{{ omit .Values "junitreporter" | toYaml | adler32sum }}
+  name: {{ $job_label }}-v2-{{ omit .Values "junitreporter" | toYaml | adler32sum }}
   namespace: {{ $ns }}
   annotations:
-    argocd.argoproj.io/sync-wave: "142"
+    argocd.argoproj.io/sync-wave: "145"
 {{- if .Values.custom_labels }}
   labels:
 {{ .Values.custom_labels | toYaml | indent 4 }}

instance-applications/220-ibm-mas-workspace/templates/05-postsync-add-label_Job.yaml

@@ -1,5 +1,8 @@
-{{- if .Values.ingress }}
-
+# .Values.ingress is passed into the workspace as a string (even though the original value is a boolean)
+# (see https://github.com/ibm-mas/gitops/blob/d46e6577fc2081e0a5624dddf575cead5310d794/root-applications/ibm-mas-instance-root/templates/200-ibm-mas-workspaces.yaml#L44)
+# This meant the check was passing even when ingress was false (.Values.ingress is considered true when it is the string "false")
+# Rather than change the workspace app (and force it to resync in all existing envs), we'll instead fix the check here to look for either boolean true OR the string "true".
+{{- if (eq (toString .Values.ingress) "true") }}
 {{ $job_label :=  "mas-ws-route-patch" }}
 ---
 # Permit outbound communication by the Job pods

instance-applications/510-550-ibm-mas-suite-app-config/templates/04-postsync-add-label_Job.yaml

@@ -1,4 +1,7 @@
-{{- if .Values.ingress }}
+# .Values.ingress is properly passed into the suite-app-config app as a boolean 
+# (see https://github.com/ibm-mas/gitops/blob/d46e6577fc2081e0a5624dddf575cead5310d794/root-applications/ibm-mas-instance-root/templates/510-550-ibm-mas-masapp-configs.yaml#L67)
+# Nevertheless, for consistency with checks against .Values.ingress in other charts, we will also accept the string "true" here.
+{{- if (eq (toString .Values.ingress) "true") }}
 
 {{ $ns        :=  .Values.mas_app_namespace }}
 {{ $job_label :=  "mas-app-route-patch" }}