Merge branch 'main' into 4459

ibm-mas · Nov 27, 2024 · 6ef9af2 · 6ef9af2
2 parents 9e3aa5d + 55871b6
commit 6ef9af2
Show file tree

Hide file tree

Showing 12 changed files with 281 additions and 74 deletions.
diff --git a/cluster-applications/060-custom-sa/Chart.yaml b/cluster-applications/060-custom-sa/Chart.yaml
@@ -0,0 +1,11 @@
+apiVersion: v2
+name: custom-sa
+description: Custom Service Accounts
+type: application
+version: 1.0.0
+
+dependencies:
+- name: junitreporter
+  version: 1.0.0
+  repository: "file://../../sub-charts/junitreporter/"
+  condition: junitreporter.devops_mongo_uri != ""
diff --git a/cluster-applications/060-custom-sa/README.md b/cluster-applications/060-custom-sa/README.md
@@ -0,0 +1,3 @@
+Custom Service Accounts
+===============================================================================
+Creates configurable service accounts with assigned rbac
diff --git a/cluster-applications/060-custom-sa/templates/01-custom-sa_ServiceAccount.yaml b/cluster-applications/060-custom-sa/templates/01-custom-sa_ServiceAccount.yaml
@@ -0,0 +1,15 @@
+{{- range $key, $value := $.Values.custom_sa_details }}
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "061"
+  name: {{ $key }}
+  namespace: {{ $.Values.custom_sa_namespace }}
+{{- if $.Values.custom_labels }}
+  labels:
+{{ $.Values.custom_labels | toYaml | indent 4 }}
+{{- end }}
+{{- end }}
diff --git a/cluster-applications/060-custom-sa/templates/02-custom-sa_rbac.yaml b/cluster-applications/060-custom-sa/templates/02-custom-sa_rbac.yaml
@@ -0,0 +1,23 @@
+{{- range $key, $value := $.Values.custom_sa_details }}
+---
+
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: "{{ $key }}-crb"
+  annotations:
+    argocd.argoproj.io/sync-wave: "062"
+{{- if $.Values.custom_labels }}
+  labels:
+{{ $.Values.custom_labels | toYaml | indent 4 }}
+{{- end }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ $key }}
+    namespace: {{ $.Values.custom_sa_namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ $value }}
+
+{{- end }}
diff --git a/cluster-applications/060-custom-sa/values.yaml b/cluster-applications/060-custom-sa/values.yaml
@@ -0,0 +1 @@
+---
diff --git a/docs/drawio/appstructure.drawio b/docs/drawio/appstructure.drawio
@@ -1,6 +1,6 @@
-<mxfile host="Electron" modified="2024-08-07T21:17:04.423Z" agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/24.6.4 Chrome/124.0.6367.207 Electron/30.0.6 Safari/537.36" version="24.6.4" etag="08vjqMRO2S39ZF--8Acr" type="device">
+<mxfile host="Electron" agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/24.7.17 Chrome/128.0.6613.36 Electron/32.0.1 Safari/537.36" version="24.7.17">
   <diagram id="ml8bYYsEtUAZJTW_Lftc" name="Page-1">
-    <mxGraphModel dx="2464" dy="1648" grid="1" gridSize="10" guides="0" tooltips="1" connect="1" arrows="1" fold="1" page="0" pageScale="1" pageWidth="827" pageHeight="1169" background="#ffffff" math="0" shadow="0">
+    <mxGraphModel dx="1891" dy="1114" grid="1" gridSize="10" guides="0" tooltips="1" connect="1" arrows="1" fold="1" page="0" pageScale="1" pageWidth="827" pageHeight="1169" background="#ffffff" math="0" shadow="0">
       <root>
         <mxCell id="0" />
         <mxCell id="1" parent="0" />
@@ -25,16 +25,17 @@
         <mxCell id="3" value="Cluster Root Appset" style="shape=parallelogram;perimeter=parallelogramPerimeter;whiteSpace=wrap;html=1;fixedSize=1;fillColor=#008a00;fontColor=#ffffff;strokeColor=#000000;fontStyle=1;fontSize=20;strokeWidth=2;align=center;spacing=0;" parent="1" vertex="1">
           <mxGeometry x="631.6616821289062" y="180" width="190" height="60" as="geometry" />
         </mxCell>
-        <mxCell id="134" style="edgeStyle=orthogonalEdgeStyle;html=1;strokeWidth=3;orthogonal=1;strokeColor=#000000;" parent="1" source="5" target="125" edge="1">
+        <mxCell id="134" style="edgeStyle=orthogonalEdgeStyle;html=1;strokeWidth=3;orthogonal=1;strokeColor=#000000;" parent="1" source="5" edge="1">
           <mxGeometry relative="1" as="geometry">
             <Array as="points">
-              <mxPoint x="1345" y="610" />
-              <mxPoint x="801" y="610" />
+              <mxPoint x="1503" y="610" />
+              <mxPoint x="779" y="610" />
             </Array>
+            <mxPoint x="779.0666666666666" y="660" as="targetPoint" />
           </mxGeometry>
         </mxCell>
         <mxCell id="5" value="Instance Root Appset" style="shape=parallelogram;perimeter=parallelogramPerimeter;whiteSpace=wrap;html=1;fixedSize=1;fillColor=#008a00;fontColor=#ffffff;strokeColor=#000000;fontStyle=1;fontSize=20;strokeWidth=2;align=center;spacing=0;" parent="1" vertex="1">
-          <mxGeometry x="1250" y="500" width="190" height="60" as="geometry" />
+          <mxGeometry x="1398" y="500" width="190" height="60" as="geometry" />
         </mxCell>
         <mxCell id="11" value="Operator Catalog" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#d80073;strokeColor=#000000;fontColor=#ffffff;fontStyle=1;fontSize=20;strokeWidth=2;align=center;spacing=0;" parent="1" vertex="1">
           <mxGeometry x="145" y="500" width="140" height="60" as="geometry" />
@@ -98,12 +99,13 @@
             </Array>
           </mxGeometry>
         </mxCell>
-        <mxCell id="124" style="edgeStyle=orthogonalEdgeStyle;html=1;strokeWidth=3;orthogonal=1;strokeColor=#000000;" parent="1" source="107" target="5" edge="1">
+        <mxCell id="124" style="edgeStyle=orthogonalEdgeStyle;html=1;strokeWidth=3;orthogonal=1;strokeColor=#000000;" parent="1" target="5" edge="1">
           <mxGeometry relative="1" as="geometry">
             <Array as="points">
-              <mxPoint x="726" y="440" />
-              <mxPoint x="1345" y="440" />
+              <mxPoint x="704" y="440" />
+              <mxPoint x="1498" y="440" />
             </Array>
+            <mxPoint x="704" y="379" as="sourcePoint" />
           </mxGeometry>
         </mxCell>
         <mxCell id="107" value="&lt;span style=&quot;color: rgb(255, 255, 255); font-family: Helvetica; font-size: 20px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;&quot;&gt;Cluster Roots&lt;/span&gt;" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.layered_rect;dx=10;outlineConnect=0;fillColor=#0050ef;fontColor=#ffffff;strokeColor=#000000;labelPosition=center;align=center;labelBackgroundColor=none;whiteSpace=wrap;horizontal=1;fontStyle=1;fontSize=20;strokeWidth=2;spacing=0;" parent="1" vertex="1">
@@ -173,7 +175,7 @@
             </Array>
           </mxGeometry>
         </mxCell>
-        <mxCell id="WCPXIc9LmJP7Mr7B8AD5-185" style="edgeStyle=orthogonalEdgeStyle;rounded=1;orthogonalLoop=1;jettySize=auto;html=1;exitX=0;exitY=0;exitDx=100;exitDy=80;exitPerimeter=0;entryX=1;entryY=0.5;entryDx=0;entryDy=0;strokeWidth=3;curved=0;" edge="1" parent="1" source="125" target="WCPXIc9LmJP7Mr7B8AD5-183">
+        <mxCell id="WCPXIc9LmJP7Mr7B8AD5-185" style="edgeStyle=orthogonalEdgeStyle;rounded=1;orthogonalLoop=1;jettySize=auto;html=1;exitX=0;exitY=0;exitDx=100;exitDy=80;exitPerimeter=0;entryX=1;entryY=0.5;entryDx=0;entryDy=0;strokeWidth=3;curved=0;" parent="1" source="125" target="WCPXIc9LmJP7Mr7B8AD5-183" edge="1">
           <mxGeometry relative="1" as="geometry">
             <Array as="points">
               <mxPoint x="806" y="780" />
@@ -182,7 +184,7 @@
             </Array>
           </mxGeometry>
         </mxCell>
-        <mxCell id="WCPXIc9LmJP7Mr7B8AD5-186" style="edgeStyle=orthogonalEdgeStyle;rounded=1;orthogonalLoop=1;jettySize=auto;html=1;exitX=0;exitY=0;exitDx=100;exitDy=80;exitPerimeter=0;entryX=1;entryY=0.5;entryDx=0;entryDy=0;strokeWidth=3;curved=0;" edge="1" parent="1" source="125" target="WCPXIc9LmJP7Mr7B8AD5-184">
+        <mxCell id="WCPXIc9LmJP7Mr7B8AD5-186" style="edgeStyle=orthogonalEdgeStyle;rounded=1;orthogonalLoop=1;jettySize=auto;html=1;exitX=0;exitY=0;exitDx=100;exitDy=80;exitPerimeter=0;entryX=1;entryY=0.5;entryDx=0;entryDy=0;strokeWidth=3;curved=0;" parent="1" source="125" target="WCPXIc9LmJP7Mr7B8AD5-184" edge="1">
           <mxGeometry relative="1" as="geometry">
             <Array as="points">
               <mxPoint x="806" y="780" />
@@ -327,26 +329,40 @@
             <mxPoint x="-80" y="850" as="targetPoint" />
           </mxGeometry>
         </mxCell>
-        <mxCell id="WCPXIc9LmJP7Mr7B8AD5-181" value="NVIDIA GPU" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#d80073;strokeColor=#000000;fontColor=#ffffff;fontStyle=1;fontSize=20;strokeWidth=2;align=center;spacing=0;" vertex="1" parent="1">
+        <mxCell id="WCPXIc9LmJP7Mr7B8AD5-181" value="NVIDIA GPU" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#d80073;strokeColor=#000000;fontColor=#ffffff;fontStyle=1;fontSize=20;strokeWidth=2;align=center;spacing=0;" parent="1" vertex="1">
           <mxGeometry x="990" y="500" width="140" height="60" as="geometry" />
         </mxCell>
-        <mxCell id="WCPXIc9LmJP7Mr7B8AD5-182" style="edgeStyle=orthogonalEdgeStyle;html=1;strokeWidth=3;orthogonal=1;strokeColor=#000000;entryX=0.5;entryY=0;entryDx=0;entryDy=0;" edge="1" parent="1" target="WCPXIc9LmJP7Mr7B8AD5-181">
+        <mxCell id="WCPXIc9LmJP7Mr7B8AD5-182" style="edgeStyle=orthogonalEdgeStyle;html=1;strokeWidth=3;orthogonal=1;strokeColor=#000000;entryX=0.5;entryY=0;entryDx=0;entryDy=0;" parent="1" target="WCPXIc9LmJP7Mr7B8AD5-181" edge="1" source="107">
           <mxGeometry relative="1" as="geometry">
             <Array as="points">
-              <mxPoint x="730" y="389" />
               <mxPoint x="730" y="440" />
               <mxPoint x="1060" y="440" />
             </Array>
-            <mxPoint x="736" y="389" as="sourcePoint" />
+            <mxPoint x="780" y="389" as="sourcePoint" />
             <mxPoint x="905" y="510" as="targetPoint" />
           </mxGeometry>
         </mxCell>
-        <mxCell id="WCPXIc9LmJP7Mr7B8AD5-183" value="CP4D Operators" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#d80073;strokeColor=#000000;fontColor=#ffffff;fontStyle=1;fontSize=20;strokeWidth=2;align=center;spacing=0;" vertex="1" parent="1">
+        <mxCell id="WCPXIc9LmJP7Mr7B8AD5-183" value="CP4D Operators" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#d80073;strokeColor=#000000;fontColor=#ffffff;fontStyle=1;fontSize=20;strokeWidth=2;align=center;spacing=0;" parent="1" vertex="1">
           <mxGeometry y="930" width="140" height="60" as="geometry" />
         </mxCell>
-        <mxCell id="WCPXIc9LmJP7Mr7B8AD5-184" value="CP4D CS Control" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#d80073;strokeColor=#000000;fontColor=#ffffff;fontStyle=1;fontSize=20;strokeWidth=2;align=center;spacing=0;" vertex="1" parent="1">
+        <mxCell id="WCPXIc9LmJP7Mr7B8AD5-184" value="CP4D CS Control" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#d80073;strokeColor=#000000;fontColor=#ffffff;fontStyle=1;fontSize=20;strokeWidth=2;align=center;spacing=0;" parent="1" vertex="1">
           <mxGeometry y="1010" width="140" height="60" as="geometry" />
         </mxCell>
+        <mxCell id="2ge-qGCwmwGJbEV4CsZ1-181" value="&lt;font style=&quot;font-size: 17px;&quot;&gt;Custom Service Accounts&lt;/font&gt;" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#d80073;strokeColor=#000000;fontColor=#ffffff;fontStyle=1;fontSize=20;strokeWidth=2;align=center;spacing=0;" vertex="1" parent="1">
+          <mxGeometry x="1154" y="501" width="140" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="2ge-qGCwmwGJbEV4CsZ1-182" style="edgeStyle=orthogonalEdgeStyle;html=1;strokeWidth=3;orthogonal=1;strokeColor=#000000;exitX=0.493;exitY=1.048;exitDx=0;exitDy=0;exitPerimeter=0;" edge="1" parent="1" target="2ge-qGCwmwGJbEV4CsZ1-181" source="107">
+          <mxGeometry relative="1" as="geometry">
+            <Array as="points">
+              <mxPoint x="726" y="390" />
+              <mxPoint x="730" y="390" />
+              <mxPoint x="730" y="441" />
+              <mxPoint x="1230" y="441" />
+            </Array>
+            <mxPoint x="906" y="390" as="sourcePoint" />
+            <mxPoint x="1075" y="511" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
       </root>
     </mxGraphModel>
   </diagram>

diff --git a/docs/helmcharts.md b/docs/helmcharts.md
@@ -30,6 +30,7 @@ The following figure shows a tree of ArgoCD applications and Application Sets ge
 |CIS Compliance | {{ gitops_repo_file_link("root-applications/ibm-mas-cluster-root/templates/040-cis-compliance-app.yaml", "040-cis-compliance-app.yaml") }} | {{ gitops_repo_dir_link("cluster-applications/040-cis-compliance", "040-cis-compliance") }} |
 |NFD Operator | {{ gitops_repo_file_link("root-applications/ibm-mas-cluster-root/templates/050-nfd-operator-app.yaml", "050-nfd-operator-app.yaml") }} | {{ gitops_repo_dir_link("cluster-applications/050-nfd-operator", "050-nfd-operator") }} |
 |Nvidia GPU Operator | {{ gitops_repo_file_link("root-applications/ibm-mas-cluster-root/templates/051-nvidia-gpu-operator-app.yaml", "051-nvidia-gpu-operator-app.yaml") }} | {{ gitops_repo_dir_link("cluster-applications/051-nvidia-gpu-operator", "051-nvidia-gpu-operator") }} |
+|Custom Cluster Service Accounts | {{ gitops_repo_file_link("root-applications/ibm-mas-cluster-root/templates/060-custom-sa.yaml", "060-custom-sa.yaml") }} | {{ gitops_repo_dir_link("cluster-applications/060-custom-sa", "060-custom-sa") }} |
 The {{ cluster_root_chart() }} also installs the {{ instance_root_app_set() }}. This generates a set of **Instance Root Applications** based on the configuration in the {{  config_repo() }}.  
 
 ## {{ instance_root_chart() }} 

diff --git a/example-config/dev/cluster1/custom-sa.yaml b/example-config/dev/cluster1/custom-sa.yaml
@@ -0,0 +1,7 @@
+merge-key: "dev/cluster1"
+
+custom_sa:
+  custom_sa_namespace: default
+  custom_sa_details:
+    custom_sa1: cluster-admin
+    custom_sa2: cluster-reader