From 2c6f8c2d4c10e5244b808279d0152bbf8cbd40a6 Mon Sep 17 00:00:00 2001 From: Caroline Azadze Date: Tue, 6 May 2025 13:51:48 -0400 Subject: [PATCH 01/21] [patch] add support for mas provisioner --- .../300-mas-provisioner/Chart.yaml | 11 ++ .../300-mas-provisioner/README.md | 4 + .../templates/00-ServiceAccount.yaml | 15 +++ .../templates/00-ca_Issuer.yaml | 14 +++ .../templates/00-ibm-entitlement_Secret.yaml | 16 +++ .../templates/01-ca_Certificate.yaml | 38 ++++++ .../templates/02-Issuer.yaml | 15 +++ .../templates/03-Certificate.yaml | 33 +++++ .../templates/04-csb-ca_Secret.yaml | 15 +++ .../templates/04-git_Secret.yaml | 16 +++ .../templates/04-pdroutekey_Secret.yaml | 17 +++ .../templates/05-Service.yaml | 19 +++ .../templates/06-Deployment.yaml | 114 ++++++++++++++++++ .../templates/07-Route.yaml | 25 ++++ .../300-mas-provisioner/values.yaml | 1 + docs/helmcharts.md | 1 + .../templates/300-mas-provisioner-app.yaml | 96 +++++++++++++++ 17 files changed, 450 insertions(+) create mode 100644 cluster-applications/300-mas-provisioner/Chart.yaml create mode 100644 cluster-applications/300-mas-provisioner/README.md create mode 100644 cluster-applications/300-mas-provisioner/templates/00-ServiceAccount.yaml create mode 100644 cluster-applications/300-mas-provisioner/templates/00-ca_Issuer.yaml create mode 100644 cluster-applications/300-mas-provisioner/templates/00-ibm-entitlement_Secret.yaml create mode 100644 cluster-applications/300-mas-provisioner/templates/01-ca_Certificate.yaml create mode 100644 cluster-applications/300-mas-provisioner/templates/02-Issuer.yaml create mode 100644 cluster-applications/300-mas-provisioner/templates/03-Certificate.yaml create mode 100644 cluster-applications/300-mas-provisioner/templates/04-csb-ca_Secret.yaml create mode 100644 cluster-applications/300-mas-provisioner/templates/04-git_Secret.yaml create mode 100644 cluster-applications/300-mas-provisioner/templates/04-pdroutekey_Secret.yaml create mode 100644 cluster-applications/300-mas-provisioner/templates/05-Service.yaml create mode 100644 cluster-applications/300-mas-provisioner/templates/06-Deployment.yaml create mode 100644 cluster-applications/300-mas-provisioner/templates/07-Route.yaml create mode 100644 cluster-applications/300-mas-provisioner/values.yaml create mode 100644 root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml diff --git a/cluster-applications/300-mas-provisioner/Chart.yaml b/cluster-applications/300-mas-provisioner/Chart.yaml new file mode 100644 index 000000000..bdf780d24 --- /dev/null +++ b/cluster-applications/300-mas-provisioner/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: mas-provisioner +description: IBM Mas Provisioner +type: application +version: 1.0.0 + +dependencies: +- name: junitreporter + version: 1.0.0 + repository: "file://../../sub-charts/junitreporter/" + condition: junitreporter.devops_mongo_uri != "" \ No newline at end of file diff --git a/cluster-applications/300-mas-provisioner/README.md b/cluster-applications/300-mas-provisioner/README.md new file mode 100644 index 000000000..a37bc7f83 --- /dev/null +++ b/cluster-applications/300-mas-provisioner/README.md @@ -0,0 +1,4 @@ +IBM Mas Provisioner +=============================================================================== +Installs the Mas Provisioner service which sends a notification when an order comes through AWS market place. + diff --git a/cluster-applications/300-mas-provisioner/templates/00-ServiceAccount.yaml b/cluster-applications/300-mas-provisioner/templates/00-ServiceAccount.yaml new file mode 100644 index 000000000..a639b9540 --- /dev/null +++ b/cluster-applications/300-mas-provisioner/templates/00-ServiceAccount.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: mas-provisioner-sa + namespace: "{{ .Values.provisioner_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "300" + argocd.argoproj.io/compare-options: IgnoreExtraneous +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +imagePullSecrets: + - name: ibm-entitlement diff --git a/cluster-applications/300-mas-provisioner/templates/00-ca_Issuer.yaml b/cluster-applications/300-mas-provisioner/templates/00-ca_Issuer.yaml new file mode 100644 index 000000000..9064a241e --- /dev/null +++ b/cluster-applications/300-mas-provisioner/templates/00-ca_Issuer.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: "mas-provisioner-ca-issuer" + namespace: "{{ .Values.provisioner_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "300" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +spec: + selfSigned: {} diff --git a/cluster-applications/300-mas-provisioner/templates/00-ibm-entitlement_Secret.yaml b/cluster-applications/300-mas-provisioner/templates/00-ibm-entitlement_Secret.yaml new file mode 100644 index 000000000..82642be42 --- /dev/null +++ b/cluster-applications/300-mas-provisioner/templates/00-ibm-entitlement_Secret.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: ibm-entitlement + namespace: "{{ .Values.provisioner_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "300" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: >- + {{ .Values.ibm_entitlement_key }} diff --git a/cluster-applications/300-mas-provisioner/templates/01-ca_Certificate.yaml b/cluster-applications/300-mas-provisioner/templates/01-ca_Certificate.yaml new file mode 100644 index 000000000..532cd8ce8 --- /dev/null +++ b/cluster-applications/300-mas-provisioner/templates/01-ca_Certificate.yaml @@ -0,0 +1,38 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: "mas-provisioner-ca-certificate" + namespace: "{{ .Values.provisioner_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "301" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +spec: + secretName: "mas-provisioner-ca" + duration: "175200h0m0s" + renewBefore: "2160h0m0s" + issuerRef: + name: "mas-provisioner-ca-issuer" + kind: Issuer + + isCA: true + + usages: + - cert sign + - digital signature + - key encipherment + - server auth + + commonName: "ca.mas-provisioner-tls" + subject: + countries: + - US + streetAddresses: + - New York + localities: + - New York + organizationalUnits: + - IBM Maximo Application Suite diff --git a/cluster-applications/300-mas-provisioner/templates/02-Issuer.yaml b/cluster-applications/300-mas-provisioner/templates/02-Issuer.yaml new file mode 100644 index 000000000..e19ddad23 --- /dev/null +++ b/cluster-applications/300-mas-provisioner/templates/02-Issuer.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: "mas-provisioner-issuer" + namespace: "{{ .Values.provisioner_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "302" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +spec: + ca: + secretName: "mas-provisioner-ca" diff --git a/cluster-applications/300-mas-provisioner/templates/03-Certificate.yaml b/cluster-applications/300-mas-provisioner/templates/03-Certificate.yaml new file mode 100644 index 000000000..2e2244194 --- /dev/null +++ b/cluster-applications/300-mas-provisioner/templates/03-Certificate.yaml @@ -0,0 +1,33 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: "mas-provisioner-certificate" + namespace: "{{ .Values.provisioner_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "303" +spec: + secretName: "mas-provisioner-certificate" + duration: "175200h0m0s" + renewBefore: "2160h0m0s" + issuerRef: + name: "mas-provisioner-issuer" + kind: Issuer + + usages: + - cert sign + - digital signature + - key encipherment + - server auth + + commonName: "*.{{ .Values.cluster_domain }}" + dnsNames: + - "*.{{ .Values.cluster_domain }}" + subject: + countries: + - US + streetAddresses: + - New York + localities: + - New York + organizationalUnits: + - IBM Maximo Application Suite diff --git a/cluster-applications/300-mas-provisioner/templates/04-csb-ca_Secret.yaml b/cluster-applications/300-mas-provisioner/templates/04-csb-ca_Secret.yaml new file mode 100644 index 000000000..d62a14c8e --- /dev/null +++ b/cluster-applications/300-mas-provisioner/templates/04-csb-ca_Secret.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: csb-ca + namespace: "{{ .Values.provisioner_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "304" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +type: Opaque +data: + ca.crt: {{ .Values.csb_client_ca_cert | b64enc }} diff --git a/cluster-applications/300-mas-provisioner/templates/04-git_Secret.yaml b/cluster-applications/300-mas-provisioner/templates/04-git_Secret.yaml new file mode 100644 index 000000000..4256ca5ec --- /dev/null +++ b/cluster-applications/300-mas-provisioner/templates/04-git_Secret.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: git-secret + namespace: "{{ .Values.provisioner_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "304" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +type: Opaque +data: + username: {{ .Values.github_username }} + token: {{ .Values.github_token }} diff --git a/cluster-applications/300-mas-provisioner/templates/04-pdroutekey_Secret.yaml b/cluster-applications/300-mas-provisioner/templates/04-pdroutekey_Secret.yaml new file mode 100644 index 000000000..c1d04d610 --- /dev/null +++ b/cluster-applications/300-mas-provisioner/templates/04-pdroutekey_Secret.yaml @@ -0,0 +1,17 @@ +{{- if not .Values.enable_pd_alert }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: pd-routing-key-secret + namespace: "{{ .Values.provisioner_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "304" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +type: Opaque +data: + key: {{ .Values.pd_key }} +{{- end }} \ No newline at end of file diff --git a/cluster-applications/300-mas-provisioner/templates/05-Service.yaml b/cluster-applications/300-mas-provisioner/templates/05-Service.yaml new file mode 100644 index 000000000..afef8e473 --- /dev/null +++ b/cluster-applications/300-mas-provisioner/templates/05-Service.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: mas-provisioner-service + namespace: "{{ .Values.provisioner_namespace }}" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} + annotations: + argocd.argoproj.io/sync-wave: "305" +spec: + type: ClusterIP + clusterIP: None + ports: + - name: https + port: {{ .Values.service_port }} + targetPort: https diff --git a/cluster-applications/300-mas-provisioner/templates/06-Deployment.yaml b/cluster-applications/300-mas-provisioner/templates/06-Deployment.yaml new file mode 100644 index 000000000..d7983301c --- /dev/null +++ b/cluster-applications/300-mas-provisioner/templates/06-Deployment.yaml @@ -0,0 +1,114 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mas-provisioner + namespace: "{{ .Values.provisioner_namespace }}" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} + annotations: + argocd.argoproj.io/sync-wave: "306" +spec: + replicas: 1 + template: + spec: + securityContext: + runAsNonRoot: true + containers: + - name: mas-provisioner-operator + image: "docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/maximoappsuite/ibm-mas-mcsp-provisioner:{{ .Values.provisioner_version }}" + imagePullPolicy: Always + ports: + - name: https + containerPort: {{ .Values.service_port }} + env: + - name: PD_ROUTING_KEY + value: /opt/automation/mas-provisioner/pdkey/key + - name: MTLS_ENABLED + value: "{{ .Values.enable_mtls }}" + - name: CLIENT_CA_PATH + value: /opt/automation/mas-provisioner/certs + - name: TLS_CERT_PATH + value: /opt/automation/mas-provisioner/tls/tls.crt + - name: TLS_KEY_PATH + value: /opt/automation/mas-provisioner/tls/tls.key + - name: SERVICE_PORT + value: "{{ .Values.service_port }}" + - name: GITHUB_TOKEN + value: /opt/automation/mas-provisioner/git/token + - name: W3_USERNAME + value: /opt/automation/mas-provisioner/git/username + - name: STATUS_REPO_URL + value: "{{ .Values.status_repo_url }}" + - name: ASYNC_POLL_INTERVAL + value: "{{ .Values.async_poll_interval }}" + - name: ASYNC_POLL_MAX + value: "{{ .Values.async_poll_max }}" + - name: ACCOUNT_ALIAS + value: "{{ .Values.account_alias }}" + - name: BASE_BRANCH + value: "{{ .Values.base_branch }}" + - name: ENABLE_PD_ALERT + value: "{{ .Values.enable_pd_alert }}" + - name: ENABLE_OCM_ALERT + value: "{{ .Values.enable_ocm_alert }}" + - name: OCM_API_KEY + value: "{{ .Values.ocm_api_key }}" + - name: INSTANA_API_TOKEN + value: "{{ .Values.instana_api_token }}" + resources: + limits: + cpu: 50m + memory: 200Mi + requests: + cpu: 20m + memory: 100Mi + readinessProbe: + httpGet: + scheme: HTTPS + path: /health/ready + port: 8080 + initialDelaySeconds: 10 + timeoutSeconds: 180 + periodSeconds: 600 + livenessProbe: + httpGet: + scheme: HTTPS + path: /health/live + port: 8080 + initialDelaySeconds: 30 + timeoutSeconds: 30 + periodSeconds: 60 + failureThreshold: 1 + volumeMounts: + - name: tls-certs + readOnly: true + mountPath: /opt/automation/mas-provisioner/tls + - name: git + readOnly: true + mountPath: /opt/automation/mas-provisioner/git + - name: pd-key + readOnly: true + mountPath: /opt/automation/mas-provisioner/pdkey + - name: csb-client-ca + readOnly: true + mountPath: /opt/automation/mas-provisioner/certs/clientca + serviceAccountName: mas-provisioner-sa + imagePullSecrets: + - name: ibm-entitlement + volumes: + - name: tls-certs + secret: + secretName: mas-provisioner-certificate + - name: git + secret: + secretName: git-secret + - name: pd-key + secret: + secretName: pd-routing-key-secret + - name: csb-client-ca + secret: + secretName: csb-ca + terminationGracePeriodSeconds: 60 \ No newline at end of file diff --git a/cluster-applications/300-mas-provisioner/templates/07-Route.yaml b/cluster-applications/300-mas-provisioner/templates/07-Route.yaml new file mode 100644 index 000000000..23e93587c --- /dev/null +++ b/cluster-applications/300-mas-provisioner/templates/07-Route.yaml @@ -0,0 +1,25 @@ +--- +kind: Route +apiVersion: route.openshift.io/v1 +metadata: + name: "mas-provisioner-service-{{ .Values.provisioner_namespace }}" + namespace: "{{ .Values.provisioner_namespace }}" + labels: + type: external +{{- if .Values.custom_labels }} +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} + annotations: + argocd.argoproj.io/sync-wave: "307" +spec: + host: "mas-provisioner-service-{{ .Values.provisioner_namespace }}.{{ .Values.cluster_domain }}" + to: + kind: Service + name: mas-provisioner-service + weight: 100 + port: + targetPort: {{ .Values.service_port }} + tls: + termination: passthrough + insecureEdgeTerminationPolicy: None + wildcardPolicy: None diff --git a/cluster-applications/300-mas-provisioner/values.yaml b/cluster-applications/300-mas-provisioner/values.yaml new file mode 100644 index 000000000..ed97d539c --- /dev/null +++ b/cluster-applications/300-mas-provisioner/values.yaml @@ -0,0 +1 @@ +--- diff --git a/docs/helmcharts.md b/docs/helmcharts.md index c209a5251..453b64275 100644 --- a/docs/helmcharts.md +++ b/docs/helmcharts.md @@ -32,6 +32,7 @@ The following figure shows a tree of ArgoCD applications and Application Sets ge |NFD Operator | {{ gitops_repo_file_link("root-applications/ibm-mas-cluster-root/templates/050-nfd-operator-app.yaml", "050-nfd-operator-app.yaml") }} | {{ gitops_repo_dir_link("cluster-applications/050-nfd-operator", "050-nfd-operator") }} | |Nvidia GPU Operator | {{ gitops_repo_file_link("root-applications/ibm-mas-cluster-root/templates/051-nvidia-gpu-operator-app.yaml", "051-nvidia-gpu-operator-app.yaml") }} | {{ gitops_repo_dir_link("cluster-applications/051-nvidia-gpu-operator", "051-nvidia-gpu-operator") }} | |Custom Cluster Service Accounts | {{ gitops_repo_file_link("root-applications/ibm-mas-cluster-root/templates/060-custom-sa.yaml", "060-custom-sa.yaml") }} | {{ gitops_repo_dir_link("cluster-applications/060-custom-sa", "060-custom-sa") }} | +|MAS Provisioner Service | {{ gitops_repo_file_link("root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml", "300-mas-provisioner-app.yaml") }} | {{ gitops_repo_dir_link("cluster-applications/300-mas-provisioner", "300-mas-provisioner") }} | The {{ cluster_root_chart() }} also installs the {{ instance_root_app_set() }}. This generates a set of **Instance Root Applications** based on the configuration in the {{ config_repo() }}. diff --git a/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml b/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml new file mode 100644 index 000000000..a861c94e6 --- /dev/null +++ b/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml @@ -0,0 +1,96 @@ +{{- if not (empty .Values.mas_provisioner) }} +--- +# Cluster Promotion +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: mas-provisioner.{{ .Values.cluster.id }} + namespace: {{ .Values.argo.namespace }} + labels: + cloud: aws + environment: '{{ .Values.account.id }}' + region: '{{ .Values.region.id }}' + cluster: '{{ .Values.cluster.id }}' + annotations: + argocd.argoproj.io/sync-wave: "300" + healthCheckTimeout: "1800" + {{- if and .Values.notifications .Values.notifications.slack_channel_id }} + notifications.argoproj.io/subscribe.on-sync-failed.workspace1: {{ .Values.notifications.slack_channel_id }} + notifications.argoproj.io/subscribe.on-sync-succeeded.workspace1: {{ .Values.notifications.slack_channel_id }} + {{- end }} + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: "{{ .Values.argo.projects.apps }}" + destination: + server: {{ .Values.cluster.url }} + namespace: default + source: + repoURL: "{{ .Values.source.repo_url }}" + path: cluster-applications/300-mas-provisioner + targetRevision: "{{ .Values.source.revision }}" + plugin: + name: {{ .Values.avp.name }} + env: + - name: {{ .Values.avp.values_varname }} + value: | + account_alias: "{{ .Values.mas_provisioner.account_alias }}" + ibm_entitlement_key: "{{ .Values.mas_provisioner.image_pull_secret }}" + provisioner_namespace: "{{ .Values.mas_provisioner.provisioner_namespace }}" + provisioner_version: "{{ .Values.mas_provisioner.provisioner_version }}" + enable_mtls: "{{ .Values.mas_provisioner.enable_mtls }}" + github_username: "{{ .Values.mas_provisioner.github_username }}" + github_token: "{{ .Values.mas_provisioner.github_token }}" + csb_client_ca_cert: "{{ .Values.mas_provisioner.csb_clientca }}" + pd_key: "{{ .Values.mas_provisioner.pagerdury_key }}" + service_port: "{{ .Values.mas_provisioner.service_port }}" + status_repo_url: "{{ .Values.mas_provisioner.status_repo_url }}" + status_branch: "{{ .Values.mas_provisioner.status_branch }}" + base_branch: "{{ .Values.mas_provisioner.base_branch }}" + async_poll_interval: "{{ .Values.mas_provisioner.async_poll_interval }}" + async_poll_max: "{{ .Values.mas_provisioner.async_poll_max }}" + instana_api_token: "{{ .Values.mas_provisioner.instana_api_token }}" + enable_pd_alert: "{{ .Values.mas_provisioner.enable_pd_alert }}" + enable_ocm_alert: "{{ .Values.mas_provisioner.enable_ocm_alert }}" + ocm_api_key: "{{ .Values.mas_provisioner.ocm_api_key }}" + junitreporter: + reporter_name: "mas-provisioner" + cluster_id: "{{ .Values.cluster.id }}" + devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" + devops_build_number: "{{ .Values.devops.build_number }}" + gitops_version: "{{ .Values.source.revision }}" + {{- if .Values.custom_labels }} + custom_labels: {{ .Values.custom_labels | toYaml | nindent 14 }} + {{- end }} + - name: ARGOCD_APP_NAME + value: masprovisionerapp + {{- if not (empty .Values.avp.secret) }} + - name: AVP_SECRET + value: {{ .Values.avp.secret }} + {{- end }} + ignoreDifferences: + - jsonPointers: + - /imagePullSecrets + - /secrets + kind: ServiceAccount + syncPolicy: + automated: + {{- if .Values.auto_delete }} + prune: true + {{- end }} + selfHeal: true + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m0s + syncOptions: + - CreateNamespace=true + - RespectIgnoreDifferences=true + managedNamespaceMetadata: + labels: +{{- if .Values.custom_labels }} +{{ .Values.custom_labels | toYaml | indent 8 }} +{{- end }} +{{- end }} From b9daae861e235ff6db6f99e442bdb4767ea7e92d Mon Sep 17 00:00:00 2001 From: Caroline Azadze Date: Thu, 8 May 2025 15:00:39 -0400 Subject: [PATCH 02/21] [patch] typo fixes and changes --- .../300-mas-provisioner/templates/04-git_Secret.yaml | 1 - .../300-mas-provisioner/templates/06-Deployment.yaml | 10 ++++------ .../templates/300-mas-provisioner-app.yaml | 7 +++---- 3 files changed, 7 insertions(+), 11 deletions(-) diff --git a/cluster-applications/300-mas-provisioner/templates/04-git_Secret.yaml b/cluster-applications/300-mas-provisioner/templates/04-git_Secret.yaml index 4256ca5ec..54035d38a 100644 --- a/cluster-applications/300-mas-provisioner/templates/04-git_Secret.yaml +++ b/cluster-applications/300-mas-provisioner/templates/04-git_Secret.yaml @@ -12,5 +12,4 @@ metadata: {{- end }} type: Opaque data: - username: {{ .Values.github_username }} token: {{ .Values.github_token }} diff --git a/cluster-applications/300-mas-provisioner/templates/06-Deployment.yaml b/cluster-applications/300-mas-provisioner/templates/06-Deployment.yaml index d7983301c..12a279a67 100644 --- a/cluster-applications/300-mas-provisioner/templates/06-Deployment.yaml +++ b/cluster-applications/300-mas-provisioner/templates/06-Deployment.yaml @@ -25,11 +25,11 @@ spec: containerPort: {{ .Values.service_port }} env: - name: PD_ROUTING_KEY - value: /opt/automation/mas-provisioner/pdkey/key + value: /opt/automation/mas-provisioner/pdkey - name: MTLS_ENABLED value: "{{ .Values.enable_mtls }}" - name: CLIENT_CA_PATH - value: /opt/automation/mas-provisioner/certs + value: /opt/automation/mas-provisioner/cert/ca.crt - name: TLS_CERT_PATH value: /opt/automation/mas-provisioner/tls/tls.crt - name: TLS_KEY_PATH @@ -37,9 +37,7 @@ spec: - name: SERVICE_PORT value: "{{ .Values.service_port }}" - name: GITHUB_TOKEN - value: /opt/automation/mas-provisioner/git/token - - name: W3_USERNAME - value: /opt/automation/mas-provisioner/git/username + value: /opt/automation/mas-provisioner/git - name: STATUS_REPO_URL value: "{{ .Values.status_repo_url }}" - name: ASYNC_POLL_INTERVAL @@ -94,7 +92,7 @@ spec: mountPath: /opt/automation/mas-provisioner/pdkey - name: csb-client-ca readOnly: true - mountPath: /opt/automation/mas-provisioner/certs/clientca + mountPath: /opt/automation/mas-provisioner/cert serviceAccountName: mas-provisioner-sa imagePullSecrets: - name: ibm-entitlement diff --git a/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml b/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml index a861c94e6..37c332d1f 100644 --- a/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml @@ -35,17 +35,16 @@ spec: - name: {{ .Values.avp.values_varname }} value: | account_alias: "{{ .Values.mas_provisioner.account_alias }}" + cluster_domain: "{{ .Values.mas_provisioner.cluster_domain }}" ibm_entitlement_key: "{{ .Values.mas_provisioner.image_pull_secret }}" provisioner_namespace: "{{ .Values.mas_provisioner.provisioner_namespace }}" provisioner_version: "{{ .Values.mas_provisioner.provisioner_version }}" enable_mtls: "{{ .Values.mas_provisioner.enable_mtls }}" - github_username: "{{ .Values.mas_provisioner.github_username }}" github_token: "{{ .Values.mas_provisioner.github_token }}" - csb_client_ca_cert: "{{ .Values.mas_provisioner.csb_clientca }}" - pd_key: "{{ .Values.mas_provisioner.pagerdury_key }}" + csb_client_ca_cert: "{{ .Values.mas_provisioner.csb_client_ca }}" + pd_key: "{{ .Values.mas_provisioner.pagerduty_key }}" service_port: "{{ .Values.mas_provisioner.service_port }}" status_repo_url: "{{ .Values.mas_provisioner.status_repo_url }}" - status_branch: "{{ .Values.mas_provisioner.status_branch }}" base_branch: "{{ .Values.mas_provisioner.base_branch }}" async_poll_interval: "{{ .Values.mas_provisioner.async_poll_interval }}" async_poll_max: "{{ .Values.mas_provisioner.async_poll_max }}" From 508bc9c4e7587e1f0722fab930670d04dc31aaf2 Mon Sep 17 00:00:00 2001 From: Caroline Azadze Date: Fri, 9 May 2025 13:26:19 -0400 Subject: [PATCH 03/21] [patch] change variable names --- .../300-mas-provisioner/templates/03-Certificate.yaml | 4 ++-- .../templates/04-csb-ca_Secret.yaml | 2 +- .../300-mas-provisioner/templates/07-Route.yaml | 2 +- .../templates/300-mas-provisioner-app.yaml | 10 +++++----- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/cluster-applications/300-mas-provisioner/templates/03-Certificate.yaml b/cluster-applications/300-mas-provisioner/templates/03-Certificate.yaml index 2e2244194..14bbef151 100644 --- a/cluster-applications/300-mas-provisioner/templates/03-Certificate.yaml +++ b/cluster-applications/300-mas-provisioner/templates/03-Certificate.yaml @@ -19,9 +19,9 @@ spec: - key encipherment - server auth - commonName: "*.{{ .Values.cluster_domain }}" + commonName: "*.{{ .Values.broker_domain }}" dnsNames: - - "*.{{ .Values.cluster_domain }}" + - "*.{{ .Values.broker_domain }}" subject: countries: - US diff --git a/cluster-applications/300-mas-provisioner/templates/04-csb-ca_Secret.yaml b/cluster-applications/300-mas-provisioner/templates/04-csb-ca_Secret.yaml index d62a14c8e..c12619ad2 100644 --- a/cluster-applications/300-mas-provisioner/templates/04-csb-ca_Secret.yaml +++ b/cluster-applications/300-mas-provisioner/templates/04-csb-ca_Secret.yaml @@ -12,4 +12,4 @@ metadata: {{- end }} type: Opaque data: - ca.crt: {{ .Values.csb_client_ca_cert | b64enc }} + ca.crt: {{ .Values.csb_client_ca | b64enc }} diff --git a/cluster-applications/300-mas-provisioner/templates/07-Route.yaml b/cluster-applications/300-mas-provisioner/templates/07-Route.yaml index 23e93587c..d4c482c58 100644 --- a/cluster-applications/300-mas-provisioner/templates/07-Route.yaml +++ b/cluster-applications/300-mas-provisioner/templates/07-Route.yaml @@ -12,7 +12,7 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "307" spec: - host: "mas-provisioner-service-{{ .Values.provisioner_namespace }}.{{ .Values.cluster_domain }}" + host: "mas-provisioner-service-{{ .Values.provisioner_namespace }}.{{ .Values.broker_domain }}" to: kind: Service name: mas-provisioner-service diff --git a/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml b/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml index 37c332d1f..9cb8a005f 100644 --- a/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml @@ -35,14 +35,14 @@ spec: - name: {{ .Values.avp.values_varname }} value: | account_alias: "{{ .Values.mas_provisioner.account_alias }}" - cluster_domain: "{{ .Values.mas_provisioner.cluster_domain }}" - ibm_entitlement_key: "{{ .Values.mas_provisioner.image_pull_secret }}" + broker_domain: "{{ .Values.mas_provisioner.mas_broker_domain }}" + ibm_entitlement_key: "{{ .Values.mas_provisioner.ibm_entitlement }}" provisioner_namespace: "{{ .Values.mas_provisioner.provisioner_namespace }}" provisioner_version: "{{ .Values.mas_provisioner.provisioner_version }}" enable_mtls: "{{ .Values.mas_provisioner.enable_mtls }}" github_token: "{{ .Values.mas_provisioner.github_token }}" - csb_client_ca_cert: "{{ .Values.mas_provisioner.csb_client_ca }}" - pd_key: "{{ .Values.mas_provisioner.pagerduty_key }}" + csb_client_ca: "{{ .Values.mas_provisioner.csb_client_ca }}" + pd_key: "{{ .Values.mas_provisioner.pagerduty_integration }}" service_port: "{{ .Values.mas_provisioner.service_port }}" status_repo_url: "{{ .Values.mas_provisioner.status_repo_url }}" base_branch: "{{ .Values.mas_provisioner.base_branch }}" @@ -51,7 +51,7 @@ spec: instana_api_token: "{{ .Values.mas_provisioner.instana_api_token }}" enable_pd_alert: "{{ .Values.mas_provisioner.enable_pd_alert }}" enable_ocm_alert: "{{ .Values.mas_provisioner.enable_ocm_alert }}" - ocm_api_key: "{{ .Values.mas_provisioner.ocm_api_key }}" + ocm_api_key: "{{ .Values.mas_provisioner.ocm_api_token }}" junitreporter: reporter_name: "mas-provisioner" cluster_id: "{{ .Values.cluster.id }}" From 330e4cfd265b5edd4d8535a815866651183efb01 Mon Sep 17 00:00:00 2001 From: Caroline Azadze Date: Wed, 14 May 2025 16:01:09 -0400 Subject: [PATCH 04/21] [patch] add mas-provisioner to base cluster appset --- .../ibm-mas-account-root/templates/000-cluster-appset.yaml | 5 +++++ .../templates/300-mas-provisioner-app.yaml | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/root-applications/ibm-mas-account-root/templates/000-cluster-appset.yaml b/root-applications/ibm-mas-account-root/templates/000-cluster-appset.yaml index c3b1aba65..97cf1b5a9 100644 --- a/root-applications/ibm-mas-account-root/templates/000-cluster-appset.yaml +++ b/root-applications/ibm-mas-account-root/templates/000-cluster-appset.yaml @@ -92,6 +92,11 @@ spec: revision: "{{ .Values.generator.revision }}" files: - path: "{{ .Values.account.id }}/*/instana-agent-operator.yaml" + - git: + repoURL: "{{ .Values.generator.repo_url }}" + revision: "{{ .Values.generator.revision }}" + files: + - path: "{{ .Values.account.id }}/*/mas-provisioner.yaml" syncPolicy: applicationsSync: "{{- if .Values.auto_delete }}sync{{- else }}create-update{{- end }}" template: diff --git a/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml b/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml index 9cb8a005f..161067c12 100644 --- a/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml @@ -35,7 +35,7 @@ spec: - name: {{ .Values.avp.values_varname }} value: | account_alias: "{{ .Values.mas_provisioner.account_alias }}" - broker_domain: "{{ .Values.mas_provisioner.mas_broker_domain }}" + broker_domain: "{{ .Values.mas_provisioner.provisioner_domain }}" ibm_entitlement_key: "{{ .Values.mas_provisioner.ibm_entitlement }}" provisioner_namespace: "{{ .Values.mas_provisioner.provisioner_namespace }}" provisioner_version: "{{ .Values.mas_provisioner.provisioner_version }}" From 497b80e4bfba1e8803eddd8f51bbcbfe280ba992 Mon Sep 17 00:00:00 2001 From: Caroline Azadze Date: Wed, 14 May 2025 21:28:13 -0400 Subject: [PATCH 05/21] [patch] change retry limit --- .../templates/300-mas-provisioner-app.yaml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml b/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml index 161067c12..0cf786486 100644 --- a/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml @@ -34,6 +34,7 @@ spec: env: - name: {{ .Values.avp.values_varname }} value: | + argo_namespace: "{{ .Values.argo.namespace }}" account_alias: "{{ .Values.mas_provisioner.account_alias }}" broker_domain: "{{ .Values.mas_provisioner.provisioner_domain }}" ibm_entitlement_key: "{{ .Values.mas_provisioner.ibm_entitlement }}" @@ -79,11 +80,7 @@ spec: {{- end }} selfHeal: true retry: - limit: 5 - backoff: - duration: 5s - factor: 2 - maxDuration: 3m0s + limit: 20 syncOptions: - CreateNamespace=true - RespectIgnoreDifferences=true From 8f954bae655aceab539bd65f39a1569ad665f68c Mon Sep 17 00:00:00 2001 From: Caroline Azadze Date: Thu, 15 May 2025 00:35:17 -0400 Subject: [PATCH 06/21] [patch] set namespace --- .../ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml b/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml index 0cf786486..ddd826232 100644 --- a/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml @@ -24,7 +24,7 @@ spec: project: "{{ .Values.argo.projects.apps }}" destination: server: {{ .Values.cluster.url }} - namespace: default + namespace: "{{ .Values.mas_provisioner.provisioner_namespace }}" source: repoURL: "{{ .Values.source.repo_url }}" path: cluster-applications/300-mas-provisioner From 62e38c17d293b561fe97cf6e335921d7414cf4d7 Mon Sep 17 00:00:00 2001 From: Caroline Azadze Date: Thu, 15 May 2025 00:39:18 -0400 Subject: [PATCH 07/21] [patch] fix conditional statement --- .../300-mas-provisioner/templates/04-pdroutekey_Secret.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster-applications/300-mas-provisioner/templates/04-pdroutekey_Secret.yaml b/cluster-applications/300-mas-provisioner/templates/04-pdroutekey_Secret.yaml index c1d04d610..3a068d9cf 100644 --- a/cluster-applications/300-mas-provisioner/templates/04-pdroutekey_Secret.yaml +++ b/cluster-applications/300-mas-provisioner/templates/04-pdroutekey_Secret.yaml @@ -1,4 +1,4 @@ -{{- if not .Values.enable_pd_alert }} +{{- if .Values.enable_pd_alert }} --- apiVersion: v1 kind: Secret From 00c57ab31684db10e9a61e1da18b32288f62a96b Mon Sep 17 00:00:00 2001 From: Caroline Azadze Date: Thu, 15 May 2025 08:36:59 -0400 Subject: [PATCH 08/21] [patch] add conditions for secrets --- .../300-mas-provisioner/templates/03-Certificate.yaml | 4 ++-- .../300-mas-provisioner/templates/04-csb-ca_Secret.yaml | 4 +++- .../300-mas-provisioner/templates/04-git_Secret.yaml | 2 ++ .../300-mas-provisioner/templates/04-pdroutekey_Secret.yaml | 2 +- .../300-mas-provisioner/templates/07-Route.yaml | 2 +- .../templates/300-mas-provisioner-app.yaml | 2 +- 6 files changed, 10 insertions(+), 6 deletions(-) diff --git a/cluster-applications/300-mas-provisioner/templates/03-Certificate.yaml b/cluster-applications/300-mas-provisioner/templates/03-Certificate.yaml index 14bbef151..ce440c7ef 100644 --- a/cluster-applications/300-mas-provisioner/templates/03-Certificate.yaml +++ b/cluster-applications/300-mas-provisioner/templates/03-Certificate.yaml @@ -19,9 +19,9 @@ spec: - key encipherment - server auth - commonName: "*.{{ .Values.broker_domain }}" + commonName: "*.{{ .Values.provisioner_domain }}" dnsNames: - - "*.{{ .Values.broker_domain }}" + - "*.{{ .Values.provisioner_domain }}" subject: countries: - US diff --git a/cluster-applications/300-mas-provisioner/templates/04-csb-ca_Secret.yaml b/cluster-applications/300-mas-provisioner/templates/04-csb-ca_Secret.yaml index c12619ad2..4a9f19342 100644 --- a/cluster-applications/300-mas-provisioner/templates/04-csb-ca_Secret.yaml +++ b/cluster-applications/300-mas-provisioner/templates/04-csb-ca_Secret.yaml @@ -1,3 +1,4 @@ +{{- if not (empty .Values.csb_client_ca) }} --- apiVersion: v1 kind: Secret @@ -12,4 +13,5 @@ metadata: {{- end }} type: Opaque data: - ca.crt: {{ .Values.csb_client_ca | b64enc }} + ca.crt: {{ .Values.csb_client_ca }} +{{- end }} \ No newline at end of file diff --git a/cluster-applications/300-mas-provisioner/templates/04-git_Secret.yaml b/cluster-applications/300-mas-provisioner/templates/04-git_Secret.yaml index 54035d38a..d35c69216 100644 --- a/cluster-applications/300-mas-provisioner/templates/04-git_Secret.yaml +++ b/cluster-applications/300-mas-provisioner/templates/04-git_Secret.yaml @@ -1,3 +1,4 @@ +{{- if not (empty .Values.github_token) }} --- apiVersion: v1 kind: Secret @@ -13,3 +14,4 @@ metadata: type: Opaque data: token: {{ .Values.github_token }} +{{- end }} \ No newline at end of file diff --git a/cluster-applications/300-mas-provisioner/templates/04-pdroutekey_Secret.yaml b/cluster-applications/300-mas-provisioner/templates/04-pdroutekey_Secret.yaml index 3a068d9cf..a6c78d787 100644 --- a/cluster-applications/300-mas-provisioner/templates/04-pdroutekey_Secret.yaml +++ b/cluster-applications/300-mas-provisioner/templates/04-pdroutekey_Secret.yaml @@ -1,4 +1,4 @@ -{{- if .Values.enable_pd_alert }} +{{- if and (.Values.enable_pd_alert) (not(empty .Values.pd_key)) }} --- apiVersion: v1 kind: Secret diff --git a/cluster-applications/300-mas-provisioner/templates/07-Route.yaml b/cluster-applications/300-mas-provisioner/templates/07-Route.yaml index d4c482c58..b99a89853 100644 --- a/cluster-applications/300-mas-provisioner/templates/07-Route.yaml +++ b/cluster-applications/300-mas-provisioner/templates/07-Route.yaml @@ -12,7 +12,7 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "307" spec: - host: "mas-provisioner-service-{{ .Values.provisioner_namespace }}.{{ .Values.broker_domain }}" + host: "mas-provisioner-service-{{ .Values.provisioner_namespace }}.{{ .Values.provisioner_domain }}" to: kind: Service name: mas-provisioner-service diff --git a/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml b/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml index ddd826232..3b6e0313f 100644 --- a/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml @@ -36,7 +36,7 @@ spec: value: | argo_namespace: "{{ .Values.argo.namespace }}" account_alias: "{{ .Values.mas_provisioner.account_alias }}" - broker_domain: "{{ .Values.mas_provisioner.provisioner_domain }}" + provisioner_domain: "{{ .Values.mas_provisioner.provisioner_domain }}" ibm_entitlement_key: "{{ .Values.mas_provisioner.ibm_entitlement }}" provisioner_namespace: "{{ .Values.mas_provisioner.provisioner_namespace }}" provisioner_version: "{{ .Values.mas_provisioner.provisioner_version }}" From aabf6cc6fbacbddb0a29ffa5226c27515e2bdb10 Mon Sep 17 00:00:00 2001 From: Caroline Azadze Date: Thu, 15 May 2025 08:53:29 -0400 Subject: [PATCH 09/21] [patch] fix error --- .../300-mas-provisioner/templates/04-pdroutekey_Secret.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster-applications/300-mas-provisioner/templates/04-pdroutekey_Secret.yaml b/cluster-applications/300-mas-provisioner/templates/04-pdroutekey_Secret.yaml index a6c78d787..3b4b5c310 100644 --- a/cluster-applications/300-mas-provisioner/templates/04-pdroutekey_Secret.yaml +++ b/cluster-applications/300-mas-provisioner/templates/04-pdroutekey_Secret.yaml @@ -1,4 +1,4 @@ -{{- if and (.Values.enable_pd_alert) (not(empty .Values.pd_key)) }} +{{- if and .Values.enable_pd_alert (.Values.pd_key) }} --- apiVersion: v1 kind: Secret From 970b42a81c533a564f7a66a00b5f85b699270249 Mon Sep 17 00:00:00 2001 From: Caroline Azadze Date: Thu, 15 May 2025 09:03:52 -0400 Subject: [PATCH 10/21] [patch] secret data --- .../300-mas-provisioner/templates/04-csb-ca_Secret.yaml | 2 +- .../300-mas-provisioner/templates/04-git_Secret.yaml | 2 +- .../300-mas-provisioner/templates/04-pdroutekey_Secret.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cluster-applications/300-mas-provisioner/templates/04-csb-ca_Secret.yaml b/cluster-applications/300-mas-provisioner/templates/04-csb-ca_Secret.yaml index 4a9f19342..c9843f6e6 100644 --- a/cluster-applications/300-mas-provisioner/templates/04-csb-ca_Secret.yaml +++ b/cluster-applications/300-mas-provisioner/templates/04-csb-ca_Secret.yaml @@ -13,5 +13,5 @@ metadata: {{- end }} type: Opaque data: - ca.crt: {{ .Values.csb_client_ca }} + ca.crt: {{ .Values.csb_client_ca | b64enc }} {{- end }} \ No newline at end of file diff --git a/cluster-applications/300-mas-provisioner/templates/04-git_Secret.yaml b/cluster-applications/300-mas-provisioner/templates/04-git_Secret.yaml index d35c69216..8db028bb2 100644 --- a/cluster-applications/300-mas-provisioner/templates/04-git_Secret.yaml +++ b/cluster-applications/300-mas-provisioner/templates/04-git_Secret.yaml @@ -12,6 +12,6 @@ metadata: {{ .Values.custom_labels | toYaml | indent 4 }} {{- end }} type: Opaque -data: +stringData: token: {{ .Values.github_token }} {{- end }} \ No newline at end of file diff --git a/cluster-applications/300-mas-provisioner/templates/04-pdroutekey_Secret.yaml b/cluster-applications/300-mas-provisioner/templates/04-pdroutekey_Secret.yaml index 3b4b5c310..a54fec1d2 100644 --- a/cluster-applications/300-mas-provisioner/templates/04-pdroutekey_Secret.yaml +++ b/cluster-applications/300-mas-provisioner/templates/04-pdroutekey_Secret.yaml @@ -12,6 +12,6 @@ metadata: {{ .Values.custom_labels | toYaml | indent 4 }} {{- end }} type: Opaque -data: +stringData: key: {{ .Values.pd_key }} {{- end }} \ No newline at end of file From 44fd0e55ee8256845d0318a13623e9f6c3015e08 Mon Sep 17 00:00:00 2001 From: Caroline Azadze Date: Thu, 15 May 2025 09:13:55 -0400 Subject: [PATCH 11/21] [patch] add selector to deployment --- .../300-mas-provisioner/templates/06-Deployment.yaml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/cluster-applications/300-mas-provisioner/templates/06-Deployment.yaml b/cluster-applications/300-mas-provisioner/templates/06-Deployment.yaml index 12a279a67..675511deb 100644 --- a/cluster-applications/300-mas-provisioner/templates/06-Deployment.yaml +++ b/cluster-applications/300-mas-provisioner/templates/06-Deployment.yaml @@ -4,15 +4,25 @@ kind: Deployment metadata: name: mas-provisioner namespace: "{{ .Values.provisioner_namespace }}" -{{- if .Values.custom_labels }} labels: + app: mas-provisioner + component: product-service-broker +{{- if .Values.custom_labels }} {{ .Values.custom_labels | toYaml | indent 4 }} {{- end }} annotations: argocd.argoproj.io/sync-wave: "306" spec: + selector: + matchLabels: + app: mas-provisioner + component: product-service-broker replicas: 1 template: + metadata: + labels: + app: mas-provisioner + component: product-service-broker spec: securityContext: runAsNonRoot: true From 9bd97ff9a7ee3eb5b083b153a0eea5bb5217841d Mon Sep 17 00:00:00 2001 From: Caroline Azadze Date: Thu, 15 May 2025 09:46:17 -0400 Subject: [PATCH 12/21] [patch] try something out --- .../300-mas-provisioner/templates/06-Deployment.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/cluster-applications/300-mas-provisioner/templates/06-Deployment.yaml b/cluster-applications/300-mas-provisioner/templates/06-Deployment.yaml index 675511deb..3b01e35f7 100644 --- a/cluster-applications/300-mas-provisioner/templates/06-Deployment.yaml +++ b/cluster-applications/300-mas-provisioner/templates/06-Deployment.yaml @@ -94,15 +94,21 @@ spec: - name: tls-certs readOnly: true mountPath: /opt/automation/mas-provisioner/tls + {{- if not (empty .Values.github_token) }} - name: git readOnly: true mountPath: /opt/automation/mas-provisioner/git + {{- end }} + {{- if and .Values.enable_pd_alert (.Values.pd_key) }} - name: pd-key readOnly: true mountPath: /opt/automation/mas-provisioner/pdkey + {{- end }} + {{- if not (empty .Values.csb_client_ca) }} - name: csb-client-ca readOnly: true mountPath: /opt/automation/mas-provisioner/cert + {{- end }} serviceAccountName: mas-provisioner-sa imagePullSecrets: - name: ibm-entitlement @@ -110,13 +116,19 @@ spec: - name: tls-certs secret: secretName: mas-provisioner-certificate + {{- if not (empty .Values.github_token) }} - name: git secret: secretName: git-secret + {{- end }} + {{- if and .Values.enable_pd_alert (.Values.pd_key) }} - name: pd-key secret: secretName: pd-routing-key-secret + {{- end }} + {{- if not (empty .Values.csb_client_ca) }} - name: csb-client-ca secret: secretName: csb-ca + {{- end }} terminationGracePeriodSeconds: 60 \ No newline at end of file From a9f020cae7a204d1fb7b979816f6ae20fb448e72 Mon Sep 17 00:00:00 2001 From: Caroline Azadze Date: Thu, 15 May 2025 10:54:08 -0400 Subject: [PATCH 13/21] [patch] fix issues --- .../300-mas-provisioner/templates/06-Deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cluster-applications/300-mas-provisioner/templates/06-Deployment.yaml b/cluster-applications/300-mas-provisioner/templates/06-Deployment.yaml index 3b01e35f7..cba8821a4 100644 --- a/cluster-applications/300-mas-provisioner/templates/06-Deployment.yaml +++ b/cluster-applications/300-mas-provisioner/templates/06-Deployment.yaml @@ -35,7 +35,7 @@ spec: containerPort: {{ .Values.service_port }} env: - name: PD_ROUTING_KEY - value: /opt/automation/mas-provisioner/pdkey + value: /opt/automation/mas-provisioner/pdkey/key - name: MTLS_ENABLED value: "{{ .Values.enable_mtls }}" - name: CLIENT_CA_PATH @@ -47,7 +47,7 @@ spec: - name: SERVICE_PORT value: "{{ .Values.service_port }}" - name: GITHUB_TOKEN - value: /opt/automation/mas-provisioner/git + value: /opt/automation/mas-provisioner/git/token - name: STATUS_REPO_URL value: "{{ .Values.status_repo_url }}" - name: ASYNC_POLL_INTERVAL From 1625db8e705998c6fe420efcd3a44df37c99e190 Mon Sep 17 00:00:00 2001 From: Caroline Azadze Date: Thu, 15 May 2025 11:09:32 -0400 Subject: [PATCH 14/21] [patch] client cert setup --- .../300-mas-provisioner/templates/06-Deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cluster-applications/300-mas-provisioner/templates/06-Deployment.yaml b/cluster-applications/300-mas-provisioner/templates/06-Deployment.yaml index cba8821a4..7b48f0f4a 100644 --- a/cluster-applications/300-mas-provisioner/templates/06-Deployment.yaml +++ b/cluster-applications/300-mas-provisioner/templates/06-Deployment.yaml @@ -39,7 +39,7 @@ spec: - name: MTLS_ENABLED value: "{{ .Values.enable_mtls }}" - name: CLIENT_CA_PATH - value: /opt/automation/mas-provisioner/cert/ca.crt + value: /opt/automation/mas-provisioner/cert - name: TLS_CERT_PATH value: /opt/automation/mas-provisioner/tls/tls.crt - name: TLS_KEY_PATH @@ -107,7 +107,7 @@ spec: {{- if not (empty .Values.csb_client_ca) }} - name: csb-client-ca readOnly: true - mountPath: /opt/automation/mas-provisioner/cert + mountPath: /opt/automation/mas-provisioner/cert/clientca {{- end }} serviceAccountName: mas-provisioner-sa imagePullSecrets: From 56b4cdb3a6c60561bb12c86fca7fe50418c0150b Mon Sep 17 00:00:00 2001 From: Caroline Azadze Date: Fri, 16 May 2025 14:39:04 -0400 Subject: [PATCH 15/21] [patch] add secret mounts for ocm and instana api tokens --- .../templates/04-instana_Secret.yaml | 17 +++++++++ .../templates/04-ocm_Secret.yaml | 17 +++++++++ .../templates/06-Deployment.yaml | 36 +++++++++++++++++-- .../templates/300-mas-provisioner-app.yaml | 1 - 4 files changed, 67 insertions(+), 4 deletions(-) create mode 100644 cluster-applications/300-mas-provisioner/templates/04-instana_Secret.yaml create mode 100644 cluster-applications/300-mas-provisioner/templates/04-ocm_Secret.yaml diff --git a/cluster-applications/300-mas-provisioner/templates/04-instana_Secret.yaml b/cluster-applications/300-mas-provisioner/templates/04-instana_Secret.yaml new file mode 100644 index 000000000..b6adda437 --- /dev/null +++ b/cluster-applications/300-mas-provisioner/templates/04-instana_Secret.yaml @@ -0,0 +1,17 @@ +{{- if not (empty .Values.instana_api_token) }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: instana-api-secret + namespace: "{{ .Values.provisioner_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "304" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +type: Opaque +stringData: + token: {{ .Values.instana_api_token }} +{{- end }} \ No newline at end of file diff --git a/cluster-applications/300-mas-provisioner/templates/04-ocm_Secret.yaml b/cluster-applications/300-mas-provisioner/templates/04-ocm_Secret.yaml new file mode 100644 index 000000000..baf17dc4b --- /dev/null +++ b/cluster-applications/300-mas-provisioner/templates/04-ocm_Secret.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.enable_ocm_alert (not (empty .Values.ocm_api_key)) }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: ocm-api-secret + namespace: "{{ .Values.provisioner_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "304" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +type: Opaque +stringData: + key: {{ .Values.ocm_api_key }} +{{- end }} diff --git a/cluster-applications/300-mas-provisioner/templates/06-Deployment.yaml b/cluster-applications/300-mas-provisioner/templates/06-Deployment.yaml index 7b48f0f4a..2e72ba9f5 100644 --- a/cluster-applications/300-mas-provisioner/templates/06-Deployment.yaml +++ b/cluster-applications/300-mas-provisioner/templates/06-Deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: mas-provisioner + name: mas-mcsp-provisioner namespace: "{{ .Values.provisioner_namespace }}" labels: app: mas-provisioner @@ -34,20 +34,26 @@ spec: - name: https containerPort: {{ .Values.service_port }} env: + {{- if not (empty .Values.pd_key) }} - name: PD_ROUTING_KEY value: /opt/automation/mas-provisioner/pdkey/key + {{- end }} - name: MTLS_ENABLED value: "{{ .Values.enable_mtls }}" + {{- if not (empty .Values.csb_client_ca) }} - name: CLIENT_CA_PATH value: /opt/automation/mas-provisioner/cert + {{- end }} - name: TLS_CERT_PATH value: /opt/automation/mas-provisioner/tls/tls.crt - name: TLS_KEY_PATH value: /opt/automation/mas-provisioner/tls/tls.key - name: SERVICE_PORT value: "{{ .Values.service_port }}" + {{- if not (empty .Values.github_token) }} - name: GITHUB_TOKEN value: /opt/automation/mas-provisioner/git/token + {{- end }} - name: STATUS_REPO_URL value: "{{ .Values.status_repo_url }}" - name: ASYNC_POLL_INTERVAL @@ -62,10 +68,14 @@ spec: value: "{{ .Values.enable_pd_alert }}" - name: ENABLE_OCM_ALERT value: "{{ .Values.enable_ocm_alert }}" + {{- if not (empty .Values.ocm_api_key) }} - name: OCM_API_KEY - value: "{{ .Values.ocm_api_key }}" + value: /opt/automation/mas-provisioner/ocm/key + {{- end }} + {{- if not (empty .Values.instana_api_token) }} - name: INSTANA_API_TOKEN - value: "{{ .Values.instana_api_token }}" + value: /opt/automation/mas-provisioner/instana/token + {{- end }} resources: limits: cpu: 50m @@ -109,6 +119,16 @@ spec: readOnly: true mountPath: /opt/automation/mas-provisioner/cert/clientca {{- end }} + {{- if not (empty .Values.instana_api_token) }} + - name: instana-api + readOnly: true + mountPath: /opt/automation/mas-provisioner/instana + {{- end }} + {{- if and .Values.enable_ocm_alert (not (empty .Values.ocm_api_key)) }} + - name: ocm-api + readOnly: true + mountPath: /opt/automation/mas-provisioner/ocm + {{- end }} serviceAccountName: mas-provisioner-sa imagePullSecrets: - name: ibm-entitlement @@ -131,4 +151,14 @@ spec: secret: secretName: csb-ca {{- end }} + {{- if not (empty .Values.instana_api_token) }} + - name: instana-api + secret: + secretName: instana-api-secret + {{- end }} + {{- if and .Values.enable_ocm_alert (not (empty .Values.ocm_api_key)) }} + - name: ocm-api + secret: + secretName: ocm-api-secret + {{- end }} terminationGracePeriodSeconds: 60 \ No newline at end of file diff --git a/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml b/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml index 3b6e0313f..a16b50050 100644 --- a/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/300-mas-provisioner-app.yaml @@ -34,7 +34,6 @@ spec: env: - name: {{ .Values.avp.values_varname }} value: | - argo_namespace: "{{ .Values.argo.namespace }}" account_alias: "{{ .Values.mas_provisioner.account_alias }}" provisioner_domain: "{{ .Values.mas_provisioner.provisioner_domain }}" ibm_entitlement_key: "{{ .Values.mas_provisioner.ibm_entitlement }}" From 65679a4a10a109c4c94e0fe8f135762bf238b0a9 Mon Sep 17 00:00:00 2001 From: Caroline Azadze Date: Thu, 22 May 2025 09:18:43 -0400 Subject: [PATCH 16/21] [patch] change port --- .../300-mas-provisioner/templates/07-Route.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster-applications/300-mas-provisioner/templates/07-Route.yaml b/cluster-applications/300-mas-provisioner/templates/07-Route.yaml index b99a89853..f1c8509f1 100644 --- a/cluster-applications/300-mas-provisioner/templates/07-Route.yaml +++ b/cluster-applications/300-mas-provisioner/templates/07-Route.yaml @@ -18,7 +18,7 @@ spec: name: mas-provisioner-service weight: 100 port: - targetPort: {{ .Values.service_port }} + targetPort: https tls: termination: passthrough insecureEdgeTerminationPolicy: None From 109f4a12d5b667a11a63d6e39c20e1c77b6e17e6 Mon Sep 17 00:00:00 2001 From: Caroline Azadze Date: Thu, 22 May 2025 10:04:07 -0400 Subject: [PATCH 17/21] [patch] test --- .../300-mas-provisioner/templates/07-Route.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/cluster-applications/300-mas-provisioner/templates/07-Route.yaml b/cluster-applications/300-mas-provisioner/templates/07-Route.yaml index f1c8509f1..017ebdc87 100644 --- a/cluster-applications/300-mas-provisioner/templates/07-Route.yaml +++ b/cluster-applications/300-mas-provisioner/templates/07-Route.yaml @@ -20,6 +20,9 @@ spec: port: targetPort: https tls: - termination: passthrough - insecureEdgeTerminationPolicy: None + termination: edge + certificate: /opt/automation/mas-provisioner/tls/tls.crt + key: /opt/automation/mas-provisioner/tls/tls.key + caCertificate: /opt/automation/mas-provisioner/tls/ca.crt + wildcardPolicy: None From 1f12f77f8bdd5f206eefe9950cc2d73706432ff3 Mon Sep 17 00:00:00 2001 From: Caroline Azadze Date: Thu, 22 May 2025 10:18:53 -0400 Subject: [PATCH 18/21] Revert "[patch] test" This reverts commit 109f4a12d5b667a11a63d6e39c20e1c77b6e17e6. --- .../300-mas-provisioner/templates/07-Route.yaml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/cluster-applications/300-mas-provisioner/templates/07-Route.yaml b/cluster-applications/300-mas-provisioner/templates/07-Route.yaml index 017ebdc87..f1c8509f1 100644 --- a/cluster-applications/300-mas-provisioner/templates/07-Route.yaml +++ b/cluster-applications/300-mas-provisioner/templates/07-Route.yaml @@ -20,9 +20,6 @@ spec: port: targetPort: https tls: - termination: edge - certificate: /opt/automation/mas-provisioner/tls/tls.crt - key: /opt/automation/mas-provisioner/tls/tls.key - caCertificate: /opt/automation/mas-provisioner/tls/ca.crt - + termination: passthrough + insecureEdgeTerminationPolicy: None wildcardPolicy: None From 76bf8a37e57fcec7d9a8b02e876908b0e7ac7551 Mon Sep 17 00:00:00 2001 From: Caroline Azadze Date: Thu, 22 May 2025 14:05:47 -0400 Subject: [PATCH 19/21] [patch] rearrange and fix network issues --- .../templates/00-ca_Issuer.yaml | 14 --- .../templates/01-ca_Certificate.yaml | 38 ------- .../templates/01-setup_Certificate.yaml | 100 ++++++++++++++++++ .../templates/02-Issuer.yaml | 15 --- .../templates/02-create_Secret.yaml | 93 ++++++++++++++++ .../templates/03-Certificate.yaml | 33 ------ .../{05-Service.yaml => 03-Service.yaml} | 11 +- ...{06-Deployment.yaml => 04-Deployment.yaml} | 2 +- .../templates/04-csb-ca_Secret.yaml | 17 --- .../templates/04-git_Secret.yaml | 17 --- .../templates/04-instana_Secret.yaml | 17 --- .../templates/04-ocm_Secret.yaml | 17 --- .../templates/04-pdroutekey_Secret.yaml | 17 --- .../{07-Route.yaml => 05-Route.yaml} | 11 +- 14 files changed, 208 insertions(+), 194 deletions(-) delete mode 100644 cluster-applications/300-mas-provisioner/templates/00-ca_Issuer.yaml delete mode 100644 cluster-applications/300-mas-provisioner/templates/01-ca_Certificate.yaml create mode 100644 cluster-applications/300-mas-provisioner/templates/01-setup_Certificate.yaml delete mode 100644 cluster-applications/300-mas-provisioner/templates/02-Issuer.yaml create mode 100644 cluster-applications/300-mas-provisioner/templates/02-create_Secret.yaml delete mode 100644 cluster-applications/300-mas-provisioner/templates/03-Certificate.yaml rename cluster-applications/300-mas-provisioner/templates/{05-Service.yaml => 03-Service.yaml} (63%) rename cluster-applications/300-mas-provisioner/templates/{06-Deployment.yaml => 04-Deployment.yaml} (99%) delete mode 100644 cluster-applications/300-mas-provisioner/templates/04-csb-ca_Secret.yaml delete mode 100644 cluster-applications/300-mas-provisioner/templates/04-git_Secret.yaml delete mode 100644 cluster-applications/300-mas-provisioner/templates/04-instana_Secret.yaml delete mode 100644 cluster-applications/300-mas-provisioner/templates/04-ocm_Secret.yaml delete mode 100644 cluster-applications/300-mas-provisioner/templates/04-pdroutekey_Secret.yaml rename cluster-applications/300-mas-provisioner/templates/{07-Route.yaml => 05-Route.yaml} (76%) diff --git a/cluster-applications/300-mas-provisioner/templates/00-ca_Issuer.yaml b/cluster-applications/300-mas-provisioner/templates/00-ca_Issuer.yaml deleted file mode 100644 index 9064a241e..000000000 --- a/cluster-applications/300-mas-provisioner/templates/00-ca_Issuer.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: "mas-provisioner-ca-issuer" - namespace: "{{ .Values.provisioner_namespace }}" - annotations: - argocd.argoproj.io/sync-wave: "300" -{{- if .Values.custom_labels }} - labels: -{{ .Values.custom_labels | toYaml | indent 4 }} -{{- end }} -spec: - selfSigned: {} diff --git a/cluster-applications/300-mas-provisioner/templates/01-ca_Certificate.yaml b/cluster-applications/300-mas-provisioner/templates/01-ca_Certificate.yaml deleted file mode 100644 index 532cd8ce8..000000000 --- a/cluster-applications/300-mas-provisioner/templates/01-ca_Certificate.yaml +++ /dev/null @@ -1,38 +0,0 @@ ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: "mas-provisioner-ca-certificate" - namespace: "{{ .Values.provisioner_namespace }}" - annotations: - argocd.argoproj.io/sync-wave: "301" -{{- if .Values.custom_labels }} - labels: -{{ .Values.custom_labels | toYaml | indent 4 }} -{{- end }} -spec: - secretName: "mas-provisioner-ca" - duration: "175200h0m0s" - renewBefore: "2160h0m0s" - issuerRef: - name: "mas-provisioner-ca-issuer" - kind: Issuer - - isCA: true - - usages: - - cert sign - - digital signature - - key encipherment - - server auth - - commonName: "ca.mas-provisioner-tls" - subject: - countries: - - US - streetAddresses: - - New York - localities: - - New York - organizationalUnits: - - IBM Maximo Application Suite diff --git a/cluster-applications/300-mas-provisioner/templates/01-setup_Certificate.yaml b/cluster-applications/300-mas-provisioner/templates/01-setup_Certificate.yaml new file mode 100644 index 000000000..9ff0f426d --- /dev/null +++ b/cluster-applications/300-mas-provisioner/templates/01-setup_Certificate.yaml @@ -0,0 +1,100 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: "mas-provisioner-ca-issuer" + namespace: "{{ .Values.provisioner_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "300" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +spec: + selfSigned: {} + +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: "mas-provisioner-ca-certificate" + namespace: "{{ .Values.provisioner_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "301" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +spec: + secretName: "mas-provisioner-ca" + duration: "175200h0m0s" + renewBefore: "2160h0m0s" + issuerRef: + name: "mas-provisioner-ca-issuer" + kind: Issuer + isCA: true + usages: + - cert sign + - digital signature + - key encipherment + - server auth + commonName: "ca.mas-provisioner-tls" + subject: + countries: + - US + streetAddresses: + - New York + localities: + - New York + organizationalUnits: + - IBM Maximo Application Suite + +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: "mas-provisioner-issuer" + namespace: "{{ .Values.provisioner_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "302" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +spec: + ca: + secretName: "mas-provisioner-ca" + +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: "mas-provisioner-certificate" + namespace: "{{ .Values.provisioner_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "303" +spec: + secretName: "mas-provisioner-certificate" + duration: "175200h0m0s" + renewBefore: "2160h0m0s" + issuerRef: + name: "mas-provisioner-issuer" + kind: Issuer + usages: + - cert sign + - digital signature + - key encipherment + - server auth + commonName: "*.{{ .Values.provisioner_domain }}" + dnsNames: + - "*.{{ .Values.provisioner_domain }}" + - "mas-provisioner-service-{{ .Values.provisioner_namespace }}.{{ .Values.provisioner_domain }}" + subject: + countries: + - US + streetAddresses: + - New York + localities: + - New York + organizationalUnits: + - IBM Maximo Application Suite diff --git a/cluster-applications/300-mas-provisioner/templates/02-Issuer.yaml b/cluster-applications/300-mas-provisioner/templates/02-Issuer.yaml deleted file mode 100644 index e19ddad23..000000000 --- a/cluster-applications/300-mas-provisioner/templates/02-Issuer.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: "mas-provisioner-issuer" - namespace: "{{ .Values.provisioner_namespace }}" - annotations: - argocd.argoproj.io/sync-wave: "302" -{{- if .Values.custom_labels }} - labels: -{{ .Values.custom_labels | toYaml | indent 4 }} -{{- end }} -spec: - ca: - secretName: "mas-provisioner-ca" diff --git a/cluster-applications/300-mas-provisioner/templates/02-create_Secret.yaml b/cluster-applications/300-mas-provisioner/templates/02-create_Secret.yaml new file mode 100644 index 000000000..0d4bf34f6 --- /dev/null +++ b/cluster-applications/300-mas-provisioner/templates/02-create_Secret.yaml @@ -0,0 +1,93 @@ +{{- if not (empty .Values.csb_client_ca) }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: csb-ca + namespace: "{{ .Values.provisioner_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "304" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +type: Opaque +data: + ca.crt: {{ .Values.csb_client_ca | b64enc }} +{{- end }} + + +{{- if not (empty .Values.github_token) }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: git-secret + namespace: "{{ .Values.provisioner_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "304" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +type: Opaque +stringData: + token: {{ .Values.github_token }} +{{- end }} + + +{{- if not (empty .Values.instana_api_token) }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: instana-api-secret + namespace: "{{ .Values.provisioner_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "304" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +type: Opaque +stringData: + token: {{ .Values.instana_api_token }} +{{- end }} + + +{{- if and .Values.enable_ocm_alert (not (empty .Values.ocm_api_key)) }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: ocm-api-secret + namespace: "{{ .Values.provisioner_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "304" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +type: Opaque +stringData: + key: {{ .Values.ocm_api_key }} +{{- end }} + + +{{- if and .Values.enable_pd_alert (.Values.pd_key) }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: pd-routing-key-secret + namespace: "{{ .Values.provisioner_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "304" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +type: Opaque +stringData: + key: {{ .Values.pd_key }} +{{- end }} diff --git a/cluster-applications/300-mas-provisioner/templates/03-Certificate.yaml b/cluster-applications/300-mas-provisioner/templates/03-Certificate.yaml deleted file mode 100644 index ce440c7ef..000000000 --- a/cluster-applications/300-mas-provisioner/templates/03-Certificate.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: "mas-provisioner-certificate" - namespace: "{{ .Values.provisioner_namespace }}" - annotations: - argocd.argoproj.io/sync-wave: "303" -spec: - secretName: "mas-provisioner-certificate" - duration: "175200h0m0s" - renewBefore: "2160h0m0s" - issuerRef: - name: "mas-provisioner-issuer" - kind: Issuer - - usages: - - cert sign - - digital signature - - key encipherment - - server auth - - commonName: "*.{{ .Values.provisioner_domain }}" - dnsNames: - - "*.{{ .Values.provisioner_domain }}" - subject: - countries: - - US - streetAddresses: - - New York - localities: - - New York - organizationalUnits: - - IBM Maximo Application Suite diff --git a/cluster-applications/300-mas-provisioner/templates/05-Service.yaml b/cluster-applications/300-mas-provisioner/templates/03-Service.yaml similarity index 63% rename from cluster-applications/300-mas-provisioner/templates/05-Service.yaml rename to cluster-applications/300-mas-provisioner/templates/03-Service.yaml index afef8e473..6d6ae7622 100644 --- a/cluster-applications/300-mas-provisioner/templates/05-Service.yaml +++ b/cluster-applications/300-mas-provisioner/templates/03-Service.yaml @@ -12,8 +12,11 @@ metadata: argocd.argoproj.io/sync-wave: "305" spec: type: ClusterIP - clusterIP: None ports: - - name: https - port: {{ .Values.service_port }} - targetPort: https + - name: provisioner-port + port: 443 + protocol: TCP + targetPort: {{ .Values.service_port }} + selector: + app: mas-provisioner + component: product-service-broker diff --git a/cluster-applications/300-mas-provisioner/templates/06-Deployment.yaml b/cluster-applications/300-mas-provisioner/templates/04-Deployment.yaml similarity index 99% rename from cluster-applications/300-mas-provisioner/templates/06-Deployment.yaml rename to cluster-applications/300-mas-provisioner/templates/04-Deployment.yaml index 2e72ba9f5..24205c077 100644 --- a/cluster-applications/300-mas-provisioner/templates/06-Deployment.yaml +++ b/cluster-applications/300-mas-provisioner/templates/04-Deployment.yaml @@ -31,7 +31,7 @@ spec: image: "docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/maximoappsuite/ibm-mas-mcsp-provisioner:{{ .Values.provisioner_version }}" imagePullPolicy: Always ports: - - name: https + - name: provisioner-port containerPort: {{ .Values.service_port }} env: {{- if not (empty .Values.pd_key) }} diff --git a/cluster-applications/300-mas-provisioner/templates/04-csb-ca_Secret.yaml b/cluster-applications/300-mas-provisioner/templates/04-csb-ca_Secret.yaml deleted file mode 100644 index c9843f6e6..000000000 --- a/cluster-applications/300-mas-provisioner/templates/04-csb-ca_Secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if not (empty .Values.csb_client_ca) }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: csb-ca - namespace: "{{ .Values.provisioner_namespace }}" - annotations: - argocd.argoproj.io/sync-wave: "304" -{{- if .Values.custom_labels }} - labels: -{{ .Values.custom_labels | toYaml | indent 4 }} -{{- end }} -type: Opaque -data: - ca.crt: {{ .Values.csb_client_ca | b64enc }} -{{- end }} \ No newline at end of file diff --git a/cluster-applications/300-mas-provisioner/templates/04-git_Secret.yaml b/cluster-applications/300-mas-provisioner/templates/04-git_Secret.yaml deleted file mode 100644 index 8db028bb2..000000000 --- a/cluster-applications/300-mas-provisioner/templates/04-git_Secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if not (empty .Values.github_token) }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: git-secret - namespace: "{{ .Values.provisioner_namespace }}" - annotations: - argocd.argoproj.io/sync-wave: "304" -{{- if .Values.custom_labels }} - labels: -{{ .Values.custom_labels | toYaml | indent 4 }} -{{- end }} -type: Opaque -stringData: - token: {{ .Values.github_token }} -{{- end }} \ No newline at end of file diff --git a/cluster-applications/300-mas-provisioner/templates/04-instana_Secret.yaml b/cluster-applications/300-mas-provisioner/templates/04-instana_Secret.yaml deleted file mode 100644 index b6adda437..000000000 --- a/cluster-applications/300-mas-provisioner/templates/04-instana_Secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if not (empty .Values.instana_api_token) }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: instana-api-secret - namespace: "{{ .Values.provisioner_namespace }}" - annotations: - argocd.argoproj.io/sync-wave: "304" -{{- if .Values.custom_labels }} - labels: -{{ .Values.custom_labels | toYaml | indent 4 }} -{{- end }} -type: Opaque -stringData: - token: {{ .Values.instana_api_token }} -{{- end }} \ No newline at end of file diff --git a/cluster-applications/300-mas-provisioner/templates/04-ocm_Secret.yaml b/cluster-applications/300-mas-provisioner/templates/04-ocm_Secret.yaml deleted file mode 100644 index baf17dc4b..000000000 --- a/cluster-applications/300-mas-provisioner/templates/04-ocm_Secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.enable_ocm_alert (not (empty .Values.ocm_api_key)) }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: ocm-api-secret - namespace: "{{ .Values.provisioner_namespace }}" - annotations: - argocd.argoproj.io/sync-wave: "304" -{{- if .Values.custom_labels }} - labels: -{{ .Values.custom_labels | toYaml | indent 4 }} -{{- end }} -type: Opaque -stringData: - key: {{ .Values.ocm_api_key }} -{{- end }} diff --git a/cluster-applications/300-mas-provisioner/templates/04-pdroutekey_Secret.yaml b/cluster-applications/300-mas-provisioner/templates/04-pdroutekey_Secret.yaml deleted file mode 100644 index a54fec1d2..000000000 --- a/cluster-applications/300-mas-provisioner/templates/04-pdroutekey_Secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.enable_pd_alert (.Values.pd_key) }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: pd-routing-key-secret - namespace: "{{ .Values.provisioner_namespace }}" - annotations: - argocd.argoproj.io/sync-wave: "304" -{{- if .Values.custom_labels }} - labels: -{{ .Values.custom_labels | toYaml | indent 4 }} -{{- end }} -type: Opaque -stringData: - key: {{ .Values.pd_key }} -{{- end }} \ No newline at end of file diff --git a/cluster-applications/300-mas-provisioner/templates/07-Route.yaml b/cluster-applications/300-mas-provisioner/templates/05-Route.yaml similarity index 76% rename from cluster-applications/300-mas-provisioner/templates/07-Route.yaml rename to cluster-applications/300-mas-provisioner/templates/05-Route.yaml index f1c8509f1..2ff4e0780 100644 --- a/cluster-applications/300-mas-provisioner/templates/07-Route.yaml +++ b/cluster-applications/300-mas-provisioner/templates/05-Route.yaml @@ -18,8 +18,11 @@ spec: name: mas-provisioner-service weight: 100 port: - targetPort: https + targetPort: provisioner-port tls: - termination: passthrough - insecureEdgeTerminationPolicy: None - wildcardPolicy: None + termination: edge + selector: + matchLabels: + app: mas-provisioner + component: product-service-broker + wildcardPolicy: None \ No newline at end of file From 3bf8c94901a490b1628317a6decabd71f4acdc1e Mon Sep 17 00:00:00 2001 From: Caroline Azadze Date: Thu, 22 May 2025 14:20:00 -0400 Subject: [PATCH 20/21] Update 04-Deployment.yaml --- .../300-mas-provisioner/templates/04-Deployment.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/cluster-applications/300-mas-provisioner/templates/04-Deployment.yaml b/cluster-applications/300-mas-provisioner/templates/04-Deployment.yaml index 24205c077..498462122 100644 --- a/cluster-applications/300-mas-provisioner/templates/04-Deployment.yaml +++ b/cluster-applications/300-mas-provisioner/templates/04-Deployment.yaml @@ -31,8 +31,7 @@ spec: image: "docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/maximoappsuite/ibm-mas-mcsp-provisioner:{{ .Values.provisioner_version }}" imagePullPolicy: Always ports: - - name: provisioner-port - containerPort: {{ .Values.service_port }} + - containerPort: {{ .Values.service_port }} env: {{- if not (empty .Values.pd_key) }} - name: PD_ROUTING_KEY From 759e03191904a8a2e8d888c26f97b5b4ef3f34bf Mon Sep 17 00:00:00 2001 From: Caroline Azadze Date: Fri, 23 May 2025 00:26:15 -0400 Subject: [PATCH 21/21] [patch] cleanup and fix minor issue --- .../300-mas-provisioner/templates/03-Service.yaml | 1 - .../300-mas-provisioner/templates/05-Route.yaml | 10 +++------- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/cluster-applications/300-mas-provisioner/templates/03-Service.yaml b/cluster-applications/300-mas-provisioner/templates/03-Service.yaml index 6d6ae7622..f7d4622f8 100644 --- a/cluster-applications/300-mas-provisioner/templates/03-Service.yaml +++ b/cluster-applications/300-mas-provisioner/templates/03-Service.yaml @@ -15,7 +15,6 @@ spec: ports: - name: provisioner-port port: 443 - protocol: TCP targetPort: {{ .Values.service_port }} selector: app: mas-provisioner diff --git a/cluster-applications/300-mas-provisioner/templates/05-Route.yaml b/cluster-applications/300-mas-provisioner/templates/05-Route.yaml index 2ff4e0780..ee5fded8e 100644 --- a/cluster-applications/300-mas-provisioner/templates/05-Route.yaml +++ b/cluster-applications/300-mas-provisioner/templates/05-Route.yaml @@ -18,11 +18,7 @@ spec: name: mas-provisioner-service weight: 100 port: - targetPort: provisioner-port + targetPort: {{ .Values.service_port }} tls: - termination: edge - selector: - matchLabels: - app: mas-provisioner - component: product-service-broker - wildcardPolicy: None \ No newline at end of file + termination: passthrough + wildcardPolicy: None