From c65ef56d02ce2940b928c71f21267d37e6833069 Mon Sep 17 00:00:00 2001 From: Joe Harte <13206585+boonware@users.noreply.github.com> Date: Mon, 9 Dec 2024 11:23:18 +0000 Subject: [PATCH] [minor] group sync operator (#230) --- .../052-group-sync-operator/Chart.yaml | 11 +++ .../052-group-sync-operator/README.md | 3 + .../templates/01-gso_OperatorGroup.yaml | 15 ++++ .../templates/02-gso_Subcription.yaml | 18 +++++ .../templates/03-gso_Secret.yaml | 16 +++++ .../templates/04-gso_GroupSync.yaml | 20 ++++++ .../052-group-sync-operator/values.yaml | 5 ++ .../templates/000-cluster-appset.yaml | 5 ++ .../052-group-sync-operator-app.yaml | 70 +++++++++++++++++++ 9 files changed, 163 insertions(+) create mode 100644 cluster-applications/052-group-sync-operator/Chart.yaml create mode 100644 cluster-applications/052-group-sync-operator/README.md create mode 100644 cluster-applications/052-group-sync-operator/templates/01-gso_OperatorGroup.yaml create mode 100644 cluster-applications/052-group-sync-operator/templates/02-gso_Subcription.yaml create mode 100644 cluster-applications/052-group-sync-operator/templates/03-gso_Secret.yaml create mode 100644 cluster-applications/052-group-sync-operator/templates/04-gso_GroupSync.yaml create mode 100644 cluster-applications/052-group-sync-operator/values.yaml create mode 100644 root-applications/ibm-mas-cluster-root/templates/052-group-sync-operator-app.yaml diff --git a/cluster-applications/052-group-sync-operator/Chart.yaml b/cluster-applications/052-group-sync-operator/Chart.yaml new file mode 100644 index 00000000..311552c3 --- /dev/null +++ b/cluster-applications/052-group-sync-operator/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: group-sync-operator +description: Group Sync Operator +type: application +version: 1.0.0 + +dependencies: +- name: junitreporter + version: 1.0.0 + repository: "file://../../sub-charts/junitreporter/" + condition: junitreporter.devops_mongo_uri != "" diff --git a/cluster-applications/052-group-sync-operator/README.md b/cluster-applications/052-group-sync-operator/README.md new file mode 100644 index 00000000..5fa6d689 --- /dev/null +++ b/cluster-applications/052-group-sync-operator/README.md @@ -0,0 +1,3 @@ +Group Sync Operator +=============================================================================== +Installs the Group Sync Operator. Minimum required version: 0.0.31 diff --git a/cluster-applications/052-group-sync-operator/templates/01-gso_OperatorGroup.yaml b/cluster-applications/052-group-sync-operator/templates/01-gso_OperatorGroup.yaml new file mode 100644 index 00000000..585d76dc --- /dev/null +++ b/cluster-applications/052-group-sync-operator/templates/01-gso_OperatorGroup.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: operators.coreos.com/v1 +kind: OperatorGroup +metadata: + name: group-sync-operator + namespace: group-sync-operator + annotations: + argocd.argoproj.io/sync-wave: "052" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +spec: + targetNamespaces: + - group-sync-operator diff --git a/cluster-applications/052-group-sync-operator/templates/02-gso_Subcription.yaml b/cluster-applications/052-group-sync-operator/templates/02-gso_Subcription.yaml new file mode 100644 index 00000000..4a7e63fd --- /dev/null +++ b/cluster-applications/052-group-sync-operator/templates/02-gso_Subcription.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: operators.coreos.com/v1alpha1 +kind: Subscription +metadata: + name: group-sync-operator + namespace: group-sync-operator + annotations: + argocd.argoproj.io/sync-wave: "052" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +spec: + channel: "{{ .Values.group_sync_operator_channel }}" + installPlanApproval: {{ .Values.group_sync_operator_install_plan | default "Automatic" | quote }} + name: group-sync-operator + source: community-operators + sourceNamespace: openshift-marketplace diff --git a/cluster-applications/052-group-sync-operator/templates/03-gso_Secret.yaml b/cluster-applications/052-group-sync-operator/templates/03-gso_Secret.yaml new file mode 100644 index 00000000..1f9d884f --- /dev/null +++ b/cluster-applications/052-group-sync-operator/templates/03-gso_Secret.yaml @@ -0,0 +1,16 @@ +--- +kind: Secret +apiVersion: v1 +metadata: + name: isv-group-sync + namespace: group-sync-operator + annotations: + argocd.argoproj.io/sync-wave: "052" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +type: Opaque +data: + clientId: {{ .Values.group_sync_operator_isv_client_id | b64enc }} + clientSecret: {{ .Values.group_sync_operator_isv_client_secret | b64enc }} diff --git a/cluster-applications/052-group-sync-operator/templates/04-gso_GroupSync.yaml b/cluster-applications/052-group-sync-operator/templates/04-gso_GroupSync.yaml new file mode 100644 index 00000000..09703416 --- /dev/null +++ b/cluster-applications/052-group-sync-operator/templates/04-gso_GroupSync.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: redhatcop.redhat.io/v1alpha1 +kind: GroupSync +metadata: + name: isv-group-sync + namespace: group-sync-operator + annotations: + argocd.argoproj.io/sync-wave: "053" + argocd.argoproj.io/sync-options: "SkipDryRunOnMissingResource=true,Validate=false" +spec: + schedule: "{{ .Values.group_sync_operator_cron_schedule }}" + providers: + - name: ibmsecurityverify + ibmsecurityverify: + credentialsSecret: + name: isv-group-sync + namespace: group-sync-operator + tenantUrl: "{{ .Values.group_sync_operator_isv_tenant_url }}" + groups: +{{ .Values.group_sync_operator_isv_groups | toYaml | indent 10 }} diff --git a/cluster-applications/052-group-sync-operator/values.yaml b/cluster-applications/052-group-sync-operator/values.yaml new file mode 100644 index 00000000..ff0d8925 --- /dev/null +++ b/cluster-applications/052-group-sync-operator/values.yaml @@ -0,0 +1,5 @@ +--- +group_sync_operator_channel: "alpha" +group_sync_operator_cron_schedule: "*/30 * * * *" # every 30 minutes +group_sync_operator_isv_client_id: xxx +group_sync_operator_isv_client_secret: xxx diff --git a/root-applications/ibm-mas-account-root/templates/000-cluster-appset.yaml b/root-applications/ibm-mas-account-root/templates/000-cluster-appset.yaml index beb2a0ca..3ed17848 100644 --- a/root-applications/ibm-mas-account-root/templates/000-cluster-appset.yaml +++ b/root-applications/ibm-mas-account-root/templates/000-cluster-appset.yaml @@ -72,6 +72,11 @@ spec: revision: "{{ .Values.generator.revision }}" files: - path: "{{ .Values.account.id }}/*/selenium-grid.yaml" + - git: + repoURL: "{{ .Values.generator.repo_url }}" + revision: "{{ .Values.generator.revision }}" + files: + - path: "{{ .Values.account.id }}/*/group-sync-operator.yaml" syncPolicy: applicationsSync: "{{- if .Values.auto_delete }}sync{{- else }}create-update{{- end }}" template: diff --git a/root-applications/ibm-mas-cluster-root/templates/052-group-sync-operator-app.yaml b/root-applications/ibm-mas-cluster-root/templates/052-group-sync-operator-app.yaml new file mode 100644 index 00000000..e8832ac5 --- /dev/null +++ b/root-applications/ibm-mas-cluster-root/templates/052-group-sync-operator-app.yaml @@ -0,0 +1,70 @@ +{{- if not (empty .Values.group_sync_operator) }} +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: group-sync-operator.{{ .Values.cluster.id }} + namespace: {{ .Values.argo.namespace }} + labels: + environment: '{{ .Values.account.id }}' + region: '{{ .Values.region.id }}' + cluster: '{{ .Values.cluster.id }}' + annotations: + argocd.argoproj.io/sync-wave: "052" + healthCheckTimeout: "1800" + {{- if and .Values.notifications .Values.notifications.slack_channel_id }} + notifications.argoproj.io/subscribe.on-sync-failed.workspace1: {{ .Values.notifications.slack_channel_id }} + notifications.argoproj.io/subscribe.on-sync-succeeded.workspace1: {{ .Values.notifications.slack_channel_id }} + {{- end }} + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: "{{ .Values.argo.projects.apps }}" + destination: + server: {{ .Values.cluster.url }} + namespace: group-sync-operator + source: + repoURL: "{{ .Values.source.repo_url }}" + path: cluster-applications/052-group-sync-operator + targetRevision: "{{ .Values.source.revision }}" + plugin: + name: {{ .Values.avp.name }} + env: + - name: {{ .Values.avp.values_varname }} + value: | + group_sync_operator_cron_schedule: "{{ .Values.group_sync_operator.cron_schedule }}" + group_sync_operator_isv_tenant_url: "{{ .Values.group_sync_operator.isv_tenant_url }}" + group_sync_operator_isv_client_id: "{{ .Values.group_sync_operator.isv_client_id }}" + group_sync_operator_isv_client_secret: "{{ .Values.group_sync_operator.isv_client_secret }}" + group_sync_operator_isv_groups: {{ .Values.group_sync_operator.isv_groups | toYaml | nindent 14 }} + junitreporter: + reporter_name: "group-sync-operator" + cluster_id: "{{ .Values.cluster.id }}" + devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" + devops_build_number: "{{ .Values.devops.build_number }}" + gitops_version: "{{ .Values.source.revision }}" + {{- if .Values.custom_labels }} + custom_labels: {{ .Values.custom_labels | toYaml | nindent 14 }} + {{- end }} + - name: ARGOCD_APP_NAME + value: groupsyncoperatorapp + {{- if not (empty .Values.avp.secret) }} + - name: AVP_SECRET + value: {{ .Values.avp.secret }} + {{- end }} + syncPolicy: + automated: + {{- if .Values.auto_delete }} + prune: true + {{- end }} + selfHeal: true + retry: + limit: 20 + syncOptions: + - CreateNamespace=true + managedNamespaceMetadata: + labels: +{{- if .Values.custom_labels }} +{{ .Values.custom_labels | toYaml | indent 8 }} +{{- end }} +{{- end }}