diff --git a/cluster-applications/300-mas-provisioner/Chart.yaml b/cluster-applications/300-mas-provisioner/Chart.yaml new file mode 100644 index 00000000..bdf780d2 --- /dev/null +++ b/cluster-applications/300-mas-provisioner/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: mas-provisioner +description: IBM Mas Provisioner +type: application +version: 1.0.0 + +dependencies: +- name: junitreporter + version: 1.0.0 + repository: "file://../../sub-charts/junitreporter/" + condition: junitreporter.devops_mongo_uri != "" \ No newline at end of file diff --git a/cluster-applications/300-mas-provisioner/README.md b/cluster-applications/300-mas-provisioner/README.md new file mode 100644 index 00000000..a37bc7f8 --- /dev/null +++ b/cluster-applications/300-mas-provisioner/README.md @@ -0,0 +1,4 @@ +IBM Mas Provisioner +=============================================================================== +Installs the Mas Provisioner service which sends a notification when an order comes through AWS market place. + diff --git a/cluster-applications/300-mas-provisioner/templates/00-ServiceAccount.yaml b/cluster-applications/300-mas-provisioner/templates/00-ServiceAccount.yaml new file mode 100644 index 00000000..a639b954 --- /dev/null +++ b/cluster-applications/300-mas-provisioner/templates/00-ServiceAccount.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: mas-provisioner-sa + namespace: "{{ .Values.provisioner_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "300" + argocd.argoproj.io/compare-options: IgnoreExtraneous +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +imagePullSecrets: + - name: ibm-entitlement diff --git a/cluster-applications/300-mas-provisioner/templates/00-ibm-entitlement_Secret.yaml b/cluster-applications/300-mas-provisioner/templates/00-ibm-entitlement_Secret.yaml new file mode 100644 index 00000000..82642be4 --- /dev/null +++ b/cluster-applications/300-mas-provisioner/templates/00-ibm-entitlement_Secret.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: ibm-entitlement + namespace: "{{ .Values.provisioner_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "300" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: >- + {{ .Values.ibm_entitlement_key }} diff --git a/cluster-applications/300-mas-provisioner/templates/01-setup_Certificate.yaml b/cluster-applications/300-mas-provisioner/templates/01-setup_Certificate.yaml new file mode 100644 index 00000000..9ff0f426 --- /dev/null +++ b/cluster-applications/300-mas-provisioner/templates/01-setup_Certificate.yaml @@ -0,0 +1,100 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: "mas-provisioner-ca-issuer" + namespace: "{{ .Values.provisioner_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "300" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +spec: + selfSigned: {} + +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: "mas-provisioner-ca-certificate" + namespace: "{{ .Values.provisioner_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "301" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +spec: + secretName: "mas-provisioner-ca" + duration: "175200h0m0s" + renewBefore: "2160h0m0s" + issuerRef: + name: "mas-provisioner-ca-issuer" + kind: Issuer + isCA: true + usages: + - cert sign + - digital signature + - key encipherment + - server auth + commonName: "ca.mas-provisioner-tls" + subject: + countries: + - US + streetAddresses: + - New York + localities: + - New York + organizationalUnits: + - IBM Maximo Application Suite + +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: "mas-provisioner-issuer" + namespace: "{{ .Values.provisioner_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "302" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +spec: + ca: + secretName: "mas-provisioner-ca" + +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: "mas-provisioner-certificate" + namespace: "{{ .Values.provisioner_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "303" +spec: + secretName: "mas-provisioner-certificate" + duration: "175200h0m0s" + renewBefore: "2160h0m0s" + issuerRef: + name: "mas-provisioner-issuer" + kind: Issuer + usages: + - cert sign + - digital signature + - key encipherment + - server auth + commonName: "*.{{ .Values.provisioner_domain }}" + dnsNames: + - "*.{{ .Values.provisioner_domain }}" + - "mas-provisioner-service-{{ .Values.provisioner_namespace }}.{{ .Values.provisioner_domain }}" + subject: + countries: + - US + streetAddresses: + - New York + localities: + - New York + organizationalUnits: + - IBM Maximo Application Suite diff --git a/cluster-applications/300-mas-provisioner/templates/02-create_Secret.yaml b/cluster-applications/300-mas-provisioner/templates/02-create_Secret.yaml new file mode 100644 index 00000000..0d4bf34f --- /dev/null +++ b/cluster-applications/300-mas-provisioner/templates/02-create_Secret.yaml @@ -0,0 +1,93 @@ +{{- if not (empty .Values.csb_client_ca) }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: csb-ca + namespace: "{{ .Values.provisioner_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "304" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +type: Opaque +data: + ca.crt: {{ .Values.csb_client_ca | b64enc }} +{{- end }} + + +{{- if not (empty .Values.github_token) }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: git-secret + namespace: "{{ .Values.provisioner_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "304" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +type: Opaque +stringData: + token: {{ .Values.github_token }} +{{- end }} + + +{{- if not (empty .Values.instana_api_token) }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: instana-api-secret + namespace: "{{ .Values.provisioner_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "304" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +type: Opaque +stringData: + token: {{ .Values.instana_api_token }} +{{- end }} + + +{{- if and .Values.enable_ocm_alert (not (empty .Values.ocm_api_key)) }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: ocm-api-secret + namespace: "{{ .Values.provisioner_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "304" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +type: Opaque +stringData: + key: {{ .Values.ocm_api_key }} +{{- end }} + + +{{- if and .Values.enable_pd_alert (.Values.pd_key) }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: pd-routing-key-secret + namespace: "{{ .Values.provisioner_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "304" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +type: Opaque +stringData: + key: {{ .Values.pd_key }} +{{- end }} diff --git a/cluster-applications/300-mas-provisioner/templates/03-Service.yaml b/cluster-applications/300-mas-provisioner/templates/03-Service.yaml new file mode 100644 index 00000000..f7d4622f --- /dev/null +++ b/cluster-applications/300-mas-provisioner/templates/03-Service.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: mas-provisioner-service + namespace: "{{ .Values.provisioner_namespace }}" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} + annotations: + argocd.argoproj.io/sync-wave: "305" +spec: + type: ClusterIP + ports: + - name: provisioner-port + port: 443 + targetPort: {{ .Values.service_port }} + selector: + app: mas-provisioner + component: product-service-broker diff --git a/cluster-applications/300-mas-provisioner/templates/04-Deployment.yaml b/cluster-applications/300-mas-provisioner/templates/04-Deployment.yaml new file mode 100644 index 00000000..49846212 --- /dev/null +++ b/cluster-applications/300-mas-provisioner/templates/04-Deployment.yaml @@ -0,0 +1,163 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mas-mcsp-provisioner + namespace: "{{ .Values.provisioner_namespace }}" + labels: + app: mas-provisioner + component: product-service-broker +{{- if .Values.custom_labels }} +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} + annotations: + argocd.argoproj.io/sync-wave: "306" +spec: + selector: + matchLabels: + app: mas-provisioner + component: product-service-broker + replicas: 1 + template: + metadata: + labels: + app: mas-provisioner + component: product-service-broker + spec: + securityContext: + runAsNonRoot: true + containers: + - name: mas-provisioner-operator + image: "docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/maximoappsuite/ibm-mas-mcsp-provisioner:{{ .Values.provisioner_version }}" + imagePullPolicy: Always + ports: + - containerPort: {{ .Values.service_port }} + env: + {{- if not (empty .Values.pd_key) }} + - name: PD_ROUTING_KEY + value: /opt/automation/mas-provisioner/pdkey/key + {{- end }} + - name: MTLS_ENABLED + value: "{{ .Values.enable_mtls }}" + {{- if not (empty .Values.csb_client_ca) }} + - name: CLIENT_CA_PATH + value: /opt/automation/mas-provisioner/cert + {{- end }} + - name: TLS_CERT_PATH + value: /opt/automation/mas-provisioner/tls/tls.crt + - name: TLS_KEY_PATH + value: /opt/automation/mas-provisioner/tls/tls.key + - name: SERVICE_PORT + value: "{{ .Values.service_port }}" + {{- if not (empty .Values.github_token) }} + - name: GITHUB_TOKEN + value: /opt/automation/mas-provisioner/git/token + {{- end }} + - name: STATUS_REPO_URL + value: "{{ .Values.status_repo_url }}" + - name: ASYNC_POLL_INTERVAL + value: "{{ .Values.async_poll_interval }}" + - name: ASYNC_POLL_MAX + value: "{{ .Values.async_poll_max }}" + - name: ACCOUNT_ALIAS + value: "{{ .Values.account_alias }}" + - name: BASE_BRANCH + value: "{{ .Values.base_branch }}" + - name: ENABLE_PD_ALERT + value: "{{ .Values.enable_pd_alert }}" + - name: ENABLE_OCM_ALERT + value: "{{ .Values.enable_ocm_alert }}" + {{- if not (empty .Values.ocm_api_key) }} + - name: OCM_API_KEY + value: /opt/automation/mas-provisioner/ocm/key + {{- end }} + {{- if not (empty .Values.instana_api_token) }} + - name: INSTANA_API_TOKEN + value: /opt/automation/mas-provisioner/instana/token + {{- end }} + resources: + limits: + cpu: 50m + memory: 200Mi + requests: + cpu: 20m + memory: 100Mi + readinessProbe: + httpGet: + scheme: HTTPS + path: /health/ready + port: 8080 + initialDelaySeconds: 10 + timeoutSeconds: 180 + periodSeconds: 600 + livenessProbe: + httpGet: + scheme: HTTPS + path: /health/live + port: 8080 + initialDelaySeconds: 30 + timeoutSeconds: 30 + periodSeconds: 60 + failureThreshold: 1 + volumeMounts: + - name: tls-certs + readOnly: true + mountPath: /opt/automation/mas-provisioner/tls + {{- if not (empty .Values.github_token) }} + - name: git + readOnly: true + mountPath: /opt/automation/mas-provisioner/git + {{- end }} + {{- if and .Values.enable_pd_alert (.Values.pd_key) }} + - name: pd-key + readOnly: true + mountPath: /opt/automation/mas-provisioner/pdkey + {{- end }} + {{- if not (empty .Values.csb_client_ca) }} + - name: csb-client-ca + readOnly: true + mountPath: /opt/automation/mas-provisioner/cert/clientca + {{- end }} + {{- if not (empty .Values.instana_api_token) }} + - name: instana-api + readOnly: true + mountPath: /opt/automation/mas-provisioner/instana + {{- end }} + {{- if and .Values.enable_ocm_alert (not (empty .Values.ocm_api_key)) }} + - name: ocm-api + readOnly: true + mountPath: /opt/automation/mas-provisioner/ocm + {{- end }} + serviceAccountName: mas-provisioner-sa + imagePullSecrets: + - name: ibm-entitlement + volumes: + - name: tls-certs + secret: + secretName: mas-provisioner-certificate + {{- if not (empty .Values.github_token) }} + - name: git + secret: + secretName: git-secret + {{- end }} + {{- if and .Values.enable_pd_alert (.Values.pd_key) }} + - name: pd-key + secret: + secretName: pd-routing-key-secret + {{- end }} + {{- if not (empty .Values.csb_client_ca) }} + - name: csb-client-ca + secret: + secretName: csb-ca + {{- end }} + {{- if not (empty .Values.instana_api_token) }} + - name: instana-api + secret: + secretName: instana-api-secret + {{- end }} + {{- if and .Values.enable_ocm_alert (not (empty .Values.ocm_api_key)) }} + - name: ocm-api + secret: + secretName: ocm-api-secret + {{- end }} + terminationGracePeriodSeconds: 60 \ No newline at end of file diff --git a/cluster-applications/300-mas-provisioner/templates/05-Route.yaml b/cluster-applications/300-mas-provisioner/templates/05-Route.yaml new file mode 100644 index 00000000..ee5fded8 --- /dev/null +++ b/cluster-applications/300-mas-provisioner/templates/05-Route.yaml @@ -0,0 +1,24 @@ +--- +kind: Route +apiVersion: route.openshift.io/v1 +metadata: + name: "mas-provisioner-service-{{ .Values.provisioner_namespace }}" + namespace: "{{ .Values.provisioner_namespace }}" + labels: + type: external +{{- if .Values.custom_labels }} +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} + annotations: + argocd.argoproj.io/sync-wave: "307" +spec: + host: "mas-provisioner-service-{{ .Values.provisioner_namespace }}.{{ .Values.provisioner_domain }}" + to: + kind: Service + name: mas-provisioner-service + weight: 100 + port: + targetPort: {{ .Values.service_port }} + tls: + termination: passthrough + wildcardPolicy: None diff --git a/cluster-applications/300-mas-provisioner/values.yaml b/cluster-applications/300-mas-provisioner/values.yaml new file mode 100644 index 00000000..ed97d539 --- /dev/null +++ b/cluster-applications/300-mas-provisioner/values.yaml @@ -0,0 +1 @@ +--- diff --git a/docs/helmcharts.md b/docs/helmcharts.md index 8fc4f4f7..f76b486f 100644 --- a/docs/helmcharts.md +++ b/docs/helmcharts.md @@ -32,6 +32,7 @@ The following figure shows a tree of ArgoCD applications and Application Sets ge |NFD Operator | {{ gitops_repo_file_link("root-applications/ibm-mas-cluster-root/templates/050-nfd-operator-app.yaml", "050-nfd-operator-app.yaml") }} | {{ gitops_repo_dir_link("cluster-applications/050-nfd-operator", "050-nfd-operator") }} | |Nvidia GPU Operator | {{ gitops_repo_file_link("root-applications/ibm-mas-cluster-root/templates/051-nvidia-gpu-operator-app.yaml", "051-nvidia-gpu-operator-app.yaml") }} | {{ gitops_repo_dir_link("cluster-applications/051-nvidia-gpu-operator", "051-nvidia-gpu-operator") }} | |Custom Cluster Service Accounts | {{ gitops_repo_file_link("root-applications/ibm-mas-cluster-root/templates/060-custom-sa.yaml", "060-custom-sa.yaml") }} | {{ gitops_repo_dir_link("cluster-applications/060-custom-sa", "060-custom-sa") }} | +|MAS Provisioner Service | {{ gitops_repo_file_link("root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml", "300-mas-provisioner-app.yaml") }} | {{ gitops_repo_dir_link("cluster-applications/300-mas-provisioner", "300-mas-provisioner") }} | The {{ cluster_root_chart() }} also installs the {{ instance_root_app_set() }}. This generates a set of **Instance Root Applications** based on the configuration in the {{ config_repo() }}. diff --git a/root-applications/ibm-mas-account-root/templates/000-cluster-appset.yaml b/root-applications/ibm-mas-account-root/templates/000-cluster-appset.yaml index c3b1aba6..97cf1b5a 100644 --- a/root-applications/ibm-mas-account-root/templates/000-cluster-appset.yaml +++ b/root-applications/ibm-mas-account-root/templates/000-cluster-appset.yaml @@ -92,6 +92,11 @@ spec: revision: "{{ .Values.generator.revision }}" files: - path: "{{ .Values.account.id }}/*/instana-agent-operator.yaml" + - git: + repoURL: "{{ .Values.generator.repo_url }}" + revision: "{{ .Values.generator.revision }}" + files: + - path: "{{ .Values.account.id }}/*/mas-provisioner.yaml" syncPolicy: applicationsSync: "{{- if .Values.auto_delete }}sync{{- else }}create-update{{- end }}" template: diff --git a/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml b/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml new file mode 100644 index 00000000..a16b5005 --- /dev/null +++ b/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml @@ -0,0 +1,91 @@ +{{- if not (empty .Values.mas_provisioner) }} +--- +# Cluster Promotion +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: mas-provisioner.{{ .Values.cluster.id }} + namespace: {{ .Values.argo.namespace }} + labels: + cloud: aws + environment: '{{ .Values.account.id }}' + region: '{{ .Values.region.id }}' + cluster: '{{ .Values.cluster.id }}' + annotations: + argocd.argoproj.io/sync-wave: "300" + healthCheckTimeout: "1800" + {{- if and .Values.notifications .Values.notifications.slack_channel_id }} + notifications.argoproj.io/subscribe.on-sync-failed.workspace1: {{ .Values.notifications.slack_channel_id }} + notifications.argoproj.io/subscribe.on-sync-succeeded.workspace1: {{ .Values.notifications.slack_channel_id }} + {{- end }} + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: "{{ .Values.argo.projects.apps }}" + destination: + server: {{ .Values.cluster.url }} + namespace: "{{ .Values.mas_provisioner.provisioner_namespace }}" + source: + repoURL: "{{ .Values.source.repo_url }}" + path: cluster-applications/300-mas-provisioner + targetRevision: "{{ .Values.source.revision }}" + plugin: + name: {{ .Values.avp.name }} + env: + - name: {{ .Values.avp.values_varname }} + value: | + account_alias: "{{ .Values.mas_provisioner.account_alias }}" + provisioner_domain: "{{ .Values.mas_provisioner.provisioner_domain }}" + ibm_entitlement_key: "{{ .Values.mas_provisioner.ibm_entitlement }}" + provisioner_namespace: "{{ .Values.mas_provisioner.provisioner_namespace }}" + provisioner_version: "{{ .Values.mas_provisioner.provisioner_version }}" + enable_mtls: "{{ .Values.mas_provisioner.enable_mtls }}" + github_token: "{{ .Values.mas_provisioner.github_token }}" + csb_client_ca: "{{ .Values.mas_provisioner.csb_client_ca }}" + pd_key: "{{ .Values.mas_provisioner.pagerduty_integration }}" + service_port: "{{ .Values.mas_provisioner.service_port }}" + status_repo_url: "{{ .Values.mas_provisioner.status_repo_url }}" + base_branch: "{{ .Values.mas_provisioner.base_branch }}" + async_poll_interval: "{{ .Values.mas_provisioner.async_poll_interval }}" + async_poll_max: "{{ .Values.mas_provisioner.async_poll_max }}" + instana_api_token: "{{ .Values.mas_provisioner.instana_api_token }}" + enable_pd_alert: "{{ .Values.mas_provisioner.enable_pd_alert }}" + enable_ocm_alert: "{{ .Values.mas_provisioner.enable_ocm_alert }}" + ocm_api_key: "{{ .Values.mas_provisioner.ocm_api_token }}" + junitreporter: + reporter_name: "mas-provisioner" + cluster_id: "{{ .Values.cluster.id }}" + devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" + devops_build_number: "{{ .Values.devops.build_number }}" + gitops_version: "{{ .Values.source.revision }}" + {{- if .Values.custom_labels }} + custom_labels: {{ .Values.custom_labels | toYaml | nindent 14 }} + {{- end }} + - name: ARGOCD_APP_NAME + value: masprovisionerapp + {{- if not (empty .Values.avp.secret) }} + - name: AVP_SECRET + value: {{ .Values.avp.secret }} + {{- end }} + ignoreDifferences: + - jsonPointers: + - /imagePullSecrets + - /secrets + kind: ServiceAccount + syncPolicy: + automated: + {{- if .Values.auto_delete }} + prune: true + {{- end }} + selfHeal: true + retry: + limit: 20 + syncOptions: + - CreateNamespace=true + - RespectIgnoreDifferences=true + managedNamespaceMetadata: + labels: +{{- if .Values.custom_labels }} +{{ .Values.custom_labels | toYaml | indent 8 }} +{{- end }} +{{- end }}