From fe785320501946539ffdb241e75ce97fda1e69fe Mon Sep 17 00:00:00 2001 From: Andrew Beekhof Date: Mon, 3 Oct 2022 13:48:06 +1100 Subject: [PATCH 1/5] Combine hosted argo sites with acm into a managedClusters chart --- Changes.md | 1 + acm | 1 + acm/templates/multiclusterhub.yaml | 8 - {acm => managedClusters}/.helmignore | 0 {acm => managedClusters}/Chart.yaml | 0 .../templates/acm/multiclusterhub.yaml | 16 + .../acm}/policies/application-policies.yaml | 2 +- .../acm}/policies/ocp-gitops-policy.yaml | 8 + .../acm}/provision/_install-config.tpl | 0 .../templates/acm}/provision/clusterpool.yaml | 4 +- .../templates/acm}/provision/secrets-aws.yaml | 2 +- .../acm}/provision/secrets-azure.yaml | 2 +- .../acm}/provision/secrets-common.yaml | 2 +- .../templates/argo}/hosted-sites.yaml | 4 +- {acm => managedClusters}/test.yaml | 0 {acm => managedClusters}/values.yaml | 0 tests/clustergroup-normal.expected.yml | 269 ----- tests/clustergroup.expected.diff | 277 +---- tests/managedClusters-naked.expected.yml | 3 + tests/managedClusters-normal.expected.yml | 963 +++++++++++++++++ tests/managedClusters.expected.diff | 966 ++++++++++++++++++ 21 files changed, 1969 insertions(+), 559 deletions(-) create mode 120000 acm delete mode 100644 acm/templates/multiclusterhub.yaml rename {acm => managedClusters}/.helmignore (100%) rename {acm => managedClusters}/Chart.yaml (100%) create mode 100644 managedClusters/templates/acm/multiclusterhub.yaml rename {acm/templates => managedClusters/templates/acm}/policies/application-policies.yaml (98%) rename {acm/templates => managedClusters/templates/acm}/policies/ocp-gitops-policy.yaml (91%) rename {acm/templates => managedClusters/templates/acm}/provision/_install-config.tpl (100%) rename {acm/templates => managedClusters/templates/acm}/provision/clusterpool.yaml (91%) rename {acm/templates => managedClusters/templates/acm}/provision/secrets-aws.yaml (96%) rename {acm/templates => managedClusters/templates/acm}/provision/secrets-azure.yaml (96%) rename {acm/templates => managedClusters/templates/acm}/provision/secrets-common.yaml (94%) rename {clustergroup/templates/plumbing => managedClusters/templates/argo}/hosted-sites.yaml (98%) rename {acm => managedClusters}/test.yaml (100%) rename {acm => managedClusters}/values.yaml (100%) create mode 100644 tests/managedClusters-naked.expected.yml create mode 100644 tests/managedClusters-normal.expected.yml create mode 100644 tests/managedClusters.expected.diff diff --git a/Changes.md b/Changes.md index 09d9bd0b..efd27f2b 100644 --- a/Changes.md +++ b/Changes.md @@ -1,6 +1,7 @@ # Changes ## October 3, 2022 +* Support both .Values.global.managedClusterGroups and the old .Values.clusterGroup.managedClusterGroups * Restore the ability to install a non-default site: `make TARGET_SITE=mysite install` * Revised tests (new output and filenames, requires adding new result files to git) * ACM 2.6 required for ACM-based managed sites diff --git a/acm b/acm new file mode 120000 index 00000000..aee08647 --- /dev/null +++ b/acm @@ -0,0 +1 @@ +managedClusters \ No newline at end of file diff --git a/acm/templates/multiclusterhub.yaml b/acm/templates/multiclusterhub.yaml deleted file mode 100644 index f925d5a6..00000000 --- a/acm/templates/multiclusterhub.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: operator.open-cluster-management.io/v1 -kind: MultiClusterHub -metadata: - name: multiclusterhub - namespace: open-cluster-management - annotations: - argocd.argoproj.io/sync-wave: "-1" -spec: {} diff --git a/acm/.helmignore b/managedClusters/.helmignore similarity index 100% rename from acm/.helmignore rename to managedClusters/.helmignore diff --git a/acm/Chart.yaml b/managedClusters/Chart.yaml similarity index 100% rename from acm/Chart.yaml rename to managedClusters/Chart.yaml diff --git a/managedClusters/templates/acm/multiclusterhub.yaml b/managedClusters/templates/acm/multiclusterhub.yaml new file mode 100644 index 00000000..94f017bd --- /dev/null +++ b/managedClusters/templates/acm/multiclusterhub.yaml @@ -0,0 +1,16 @@ +{{- $haveACM := false }} +{{- range coalesce .Values.global.managedClusterGroups .Values.clusterGroup.managedClusterGroups }} +{{- if not .hostedArgoSites }} +{{- $haveACM = true }} +{{- end }} +{{- end }} +{{- if $haveACM }} +apiVersion: operator.open-cluster-management.io/v1 +kind: MultiClusterHub +metadata: + name: multiclusterhub + namespace: open-cluster-management + annotations: + argocd.argoproj.io/sync-wave: "-1" +spec: {} +{{- end }} diff --git a/acm/templates/policies/application-policies.yaml b/managedClusters/templates/acm/policies/application-policies.yaml similarity index 98% rename from acm/templates/policies/application-policies.yaml rename to managedClusters/templates/acm/policies/application-policies.yaml index dfb29a90..a0cfc2ba 100644 --- a/acm/templates/policies/application-policies.yaml +++ b/managedClusters/templates/acm/policies/application-policies.yaml @@ -1,5 +1,5 @@ # TODO: Also create a GitOpsCluster.apps.open-cluster-management.io -{{- range .Values.clusterGroup.managedClusterGroups }} +{{- range coalesce .Values.global.managedClusterGroups .Values.clusterGroup.managedClusterGroups }} {{- $group := . }} {{- if not .hostedArgoSites }} apiVersion: policy.open-cluster-management.io/v1 diff --git a/acm/templates/policies/ocp-gitops-policy.yaml b/managedClusters/templates/acm/policies/ocp-gitops-policy.yaml similarity index 91% rename from acm/templates/policies/ocp-gitops-policy.yaml rename to managedClusters/templates/acm/policies/ocp-gitops-policy.yaml index 7ca61b0f..30ad5e93 100644 --- a/acm/templates/policies/ocp-gitops-policy.yaml +++ b/managedClusters/templates/acm/policies/ocp-gitops-policy.yaml @@ -1,3 +1,10 @@ +{{- $haveACM := false }} +{{- range coalesce .Values.global.managedClusterGroups .Values.clusterGroup.managedClusterGroups }} +{{- if not .hostedArgoSites }} +{{- $haveACM = true }} +{{- end }} +{{- end }} +{{- if $haveACM }} apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: @@ -74,3 +81,4 @@ spec: operator: In values: - OpenShift +{{- end }} diff --git a/acm/templates/provision/_install-config.tpl b/managedClusters/templates/acm/provision/_install-config.tpl similarity index 100% rename from acm/templates/provision/_install-config.tpl rename to managedClusters/templates/acm/provision/_install-config.tpl diff --git a/acm/templates/provision/clusterpool.yaml b/managedClusters/templates/acm/provision/clusterpool.yaml similarity index 91% rename from acm/templates/provision/clusterpool.yaml rename to managedClusters/templates/acm/provision/clusterpool.yaml index 0ac851c5..0b8a9a34 100644 --- a/acm/templates/provision/clusterpool.yaml +++ b/managedClusters/templates/acm/provision/clusterpool.yaml @@ -1,4 +1,4 @@ -{{- range .Values.clusterGroup.managedClusterGroups }} +{{- range coalesce .Values.global.managedClusterGroups .Values.clusterGroup.managedClusterGroups }} {{- $group := . }} {{- if .clusterPools }}{{- /* We only create ManagedClusterSets if there are clusterPools defined */}} apiVersion: cluster.open-cluster-management.io/v1beta1 @@ -84,4 +84,4 @@ spec: {{- end }}{{- /* range .range clusters */}} {{- end }}{{- /* range .clusterPools */}} {{- end }}{{- /* if .clusterPools) */}} -{{- end }}{{- /* range .Values.clusterGroup.managedClusterGroups */}} +{{- end }}{{- /* range coalesce .Values.global.managedClusterGroups .Values.clusterGroup.managedClusterGroups */}} diff --git a/acm/templates/provision/secrets-aws.yaml b/managedClusters/templates/acm/provision/secrets-aws.yaml similarity index 96% rename from acm/templates/provision/secrets-aws.yaml rename to managedClusters/templates/acm/provision/secrets-aws.yaml index 002c9247..0ea4ec8a 100644 --- a/acm/templates/provision/secrets-aws.yaml +++ b/managedClusters/templates/acm/provision/secrets-aws.yaml @@ -1,4 +1,4 @@ -{{- range .Values.clusterGroup.managedClusterGroups }} +{{- range coalesce .Values.global.managedClusterGroups .Values.clusterGroup.managedClusterGroups }} {{- $group := . }} {{- range .clusterPools }} {{- $poolName := print .name "-" $group.name }} diff --git a/acm/templates/provision/secrets-azure.yaml b/managedClusters/templates/acm/provision/secrets-azure.yaml similarity index 96% rename from acm/templates/provision/secrets-azure.yaml rename to managedClusters/templates/acm/provision/secrets-azure.yaml index 7fe6271b..6f054737 100644 --- a/acm/templates/provision/secrets-azure.yaml +++ b/managedClusters/templates/acm/provision/secrets-azure.yaml @@ -1,4 +1,4 @@ -{{- range .Values.clusterGroup.managedClusterGroups }} +{{- range coalesce .Values.global.managedClusterGroups .Values.clusterGroup.managedClusterGroups }} {{- $group := . }} {{- range .clusterPools }} {{- $poolName := print .name "-" $group.name }} diff --git a/acm/templates/provision/secrets-common.yaml b/managedClusters/templates/acm/provision/secrets-common.yaml similarity index 94% rename from acm/templates/provision/secrets-common.yaml rename to managedClusters/templates/acm/provision/secrets-common.yaml index 21a03b73..f95091dd 100644 --- a/acm/templates/provision/secrets-common.yaml +++ b/managedClusters/templates/acm/provision/secrets-common.yaml @@ -1,4 +1,4 @@ -{{- range .Values.clusterGroup.managedClusterGroups }} +{{- range coalesce .Values.global.managedClusterGroups .Values.clusterGroup.managedClusterGroups }} {{- $group := . }} {{- range .clusterPools }} {{- $poolName := print .name "-" $group.name }} diff --git a/clustergroup/templates/plumbing/hosted-sites.yaml b/managedClusters/templates/argo/hosted-sites.yaml similarity index 98% rename from clustergroup/templates/plumbing/hosted-sites.yaml rename to managedClusters/templates/argo/hosted-sites.yaml index 1f11dbe4..0f605715 100644 --- a/clustergroup/templates/plumbing/hosted-sites.yaml +++ b/managedClusters/templates/argo/hosted-sites.yaml @@ -1,5 +1,4 @@ -{{- if (eq .Values.enabled "all") }} -{{- range .Values.clusterGroup.managedClusterGroups }} +{{- range coalesce .Values.global.managedClusterGroups .Values.clusterGroup.managedClusterGroups }} {{- $group := . }} {{- if .hostedArgoSites }} apiVersion: argoproj.io/v1alpha1 @@ -174,4 +173,3 @@ spec: --- {{- end }} {{- end }} -{{- end }} diff --git a/acm/test.yaml b/managedClusters/test.yaml similarity index 100% rename from acm/test.yaml rename to managedClusters/test.yaml diff --git a/acm/values.yaml b/managedClusters/values.yaml similarity index 100% rename from acm/values.yaml rename to managedClusters/values.yaml diff --git a/tests/clustergroup-normal.expected.yml b/tests/clustergroup-normal.expected.yml index 50a8fb46..9c7966ea 100644 --- a/tests/clustergroup-normal.expected.yml +++ b/tests/clustergroup-normal.expected.yml @@ -466,27 +466,6 @@ spec: # Source: pattern-clustergroup/templates/core/subscriptions.yaml --- --- -# Source: pattern-clustergroup/templates/plumbing/hosted-sites.yaml -apiVersion: argoproj.io/v1alpha1 -kind: AppProject -metadata: - name: argo-edge - namespace: openshift-gitops -spec: - description: "Cluster Group argo-edge" - destinations: - - namespace: '*' - server: '*' - clusterResourceWhitelist: - - group: '*' - kind: '*' - namespaceResourceWhitelist: - - group: '*' - kind: '*' - sourceRepos: - - '*' -status: {} ---- # Source: pattern-clustergroup/templates/plumbing/projects.yaml apiVersion: argoproj.io/v1alpha1 kind: AppProject @@ -601,254 +580,6 @@ spec: automated: {} # selfHeal: true --- -# Source: pattern-clustergroup/templates/plumbing/hosted-sites.yaml -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: mypattern-argo-edge-perth - namespace: openshift-gitops - finalizers: - - resources-finalizer.argocd.argoproj.io/foreground -spec: - project: argo-edge - source: - repoURL: https://github.com/pattern-clone/mypattern - targetRevision: main - path: common/clustergroup - helm: - ignoreMissingValueFiles: true - valueFiles: - - "/values-global.yaml" - - "/values-argo-edge.yaml" - parameters: - - name: global.repoURL - value: $ARGOCD_APP_SOURCE_REPO_URL - - name: global.targetRevision - value: $ARGOCD_APP_SOURCE_TARGET_REVISION - - name: global.namespace - value: $ARGOCD_APP_NAMESPACE - - name: global.pattern - value: mypattern - - name: global.hubClusterDomain - value: apps.hub.example.com - - name: global.localClusterDomain - value: apps.perth1.beekhof.net - - name: global.clusterDomain - value: perth1.beekhof.net - - name: enabled - value: core - - name: clusterGroup.name - value: argo-edge - - name: clusterGroup.targetCluster - value: perth - - name: clusterGroup.hostedSite.bearerKeyPath - value: secret/data/hub/cluster_perth - - name: clusterGroup.hostedSite.caKeyPath - value: secret/data/hub/cluster_perth_ca - - name: clusterGroup.isHubCluster - value: "false" - destination: - name: perth - namespace: mypattern-argo-edge - syncPolicy: - automated: - selfHeal: true - ignoreDifferences: - - group: apps - kind: Deployment - jsonPointers: - - /spec/replicas - - group: route.openshift.io - kind: Route - jsonPointers: - - /status ---- -# Source: pattern-clustergroup/templates/plumbing/hosted-sites.yaml -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: mypattern-argo-edge-perth-plumbing - namespace: openshift-gitops - finalizers: - - resources-finalizer.argocd.argoproj.io/foreground -spec: - project: argo-edge - source: - repoURL: https://github.com/pattern-clone/mypattern - targetRevision: main - path: common/clustergroup - helm: - ignoreMissingValueFiles: true - valueFiles: - - "/values-global.yaml" - - "/values-argo-edge.yaml" - parameters: - - name: global.repoURL - value: $ARGOCD_APP_SOURCE_REPO_URL - - name: global.targetRevision - value: $ARGOCD_APP_SOURCE_TARGET_REVISION - - name: global.namespace - value: $ARGOCD_APP_NAMESPACE - - name: global.pattern - value: mypattern - - name: global.hubClusterDomain - value: apps.hub.example.com - - name: global.localClusterDomain - value: apps.perth1.beekhof.net - - name: global.clusterDomain - value: perth1.beekhof.net - - name: enabled - value: plumbing - - name: clusterGroup.name - value: argo-edge - - name: clusterGroup.targetCluster - value: perth - - name: clusterGroup.hostedSite.bearerKeyPath - value: secret/data/hub/cluster_perth - - name: clusterGroup.hostedSite.caKeyPath - value: secret/data/hub/cluster_perth_ca - - name: clusterGroup.isHubCluster - value: "false" - destination: - name: in-cluster - namespace: openshift-gitops - syncPolicy: - automated: - selfHeal: true - ignoreDifferences: - - group: apps - kind: Deployment - jsonPointers: - - /spec/replicas - - group: route.openshift.io - kind: Route - jsonPointers: - - /status ---- -# Source: pattern-clustergroup/templates/plumbing/hosted-sites.yaml -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: mypattern-argo-edge-sydney - namespace: openshift-gitops - finalizers: - - resources-finalizer.argocd.argoproj.io/foreground -spec: - project: argo-edge - source: - repoURL: https://github.com/pattern-clone/mypattern - targetRevision: main - path: common/clustergroup - helm: - ignoreMissingValueFiles: true - valueFiles: - - "/values-global.yaml" - - "/values-argo-edge.yaml" - parameters: - - name: global.repoURL - value: $ARGOCD_APP_SOURCE_REPO_URL - - name: global.targetRevision - value: $ARGOCD_APP_SOURCE_TARGET_REVISION - - name: global.namespace - value: $ARGOCD_APP_NAMESPACE - - name: global.pattern - value: mypattern - - name: global.hubClusterDomain - value: apps.hub.example.com - - name: global.localClusterDomain - value: apps.syd.beekhof.net - - name: global.clusterDomain - value: syd.beekhof.net - - name: enabled - value: core - - name: clusterGroup.name - value: argo-edge - - name: clusterGroup.targetCluster - value: sydney - - name: clusterGroup.hostedSite.bearerKeyPath - value: secret/data/hub/cluster_sydney - - name: clusterGroup.hostedSite.caKeyPath - value: secret/data/hub/cluster_sydney_ca - - name: clusterGroup.isHubCluster - value: "false" - destination: - name: sydney - namespace: mypattern-argo-edge - syncPolicy: - automated: - selfHeal: true - ignoreDifferences: - - group: apps - kind: Deployment - jsonPointers: - - /spec/replicas - - group: route.openshift.io - kind: Route - jsonPointers: - - /status ---- -# Source: pattern-clustergroup/templates/plumbing/hosted-sites.yaml -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: mypattern-argo-edge-sydney-plumbing - namespace: openshift-gitops - finalizers: - - resources-finalizer.argocd.argoproj.io/foreground -spec: - project: argo-edge - source: - repoURL: https://github.com/pattern-clone/mypattern - targetRevision: main - path: common/clustergroup - helm: - ignoreMissingValueFiles: true - valueFiles: - - "/values-global.yaml" - - "/values-argo-edge.yaml" - parameters: - - name: global.repoURL - value: $ARGOCD_APP_SOURCE_REPO_URL - - name: global.targetRevision - value: $ARGOCD_APP_SOURCE_TARGET_REVISION - - name: global.namespace - value: $ARGOCD_APP_NAMESPACE - - name: global.pattern - value: mypattern - - name: global.hubClusterDomain - value: apps.hub.example.com - - name: global.localClusterDomain - value: apps.syd.beekhof.net - - name: global.clusterDomain - value: syd.beekhof.net - - name: enabled - value: plumbing - - name: clusterGroup.name - value: argo-edge - - name: clusterGroup.targetCluster - value: sydney - - name: clusterGroup.hostedSite.bearerKeyPath - value: secret/data/hub/cluster_sydney - - name: clusterGroup.hostedSite.caKeyPath - value: secret/data/hub/cluster_sydney_ca - - name: clusterGroup.isHubCluster - value: "false" - destination: - name: in-cluster - namespace: openshift-gitops - syncPolicy: - automated: - selfHeal: true - ignoreDifferences: - - group: apps - kind: Deployment - jsonPointers: - - /spec/replicas - - group: route.openshift.io - kind: Route - jsonPointers: - - /status ---- # Source: pattern-clustergroup/templates/plumbing/argocd.yaml apiVersion: argoproj.io/v1alpha1 kind: ArgoCD diff --git a/tests/clustergroup.expected.diff b/tests/clustergroup.expected.diff index b1bb3239..4efa0e96 100644 --- a/tests/clustergroup.expected.diff +++ b/tests/clustergroup.expected.diff @@ -255,7 +255,7 @@ roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole -@@ -45,16 +271,583 @@ +@@ -45,16 +271,314 @@ - kind: ServiceAccount # This is the {ArgoCD.name}-argocd-application-controller name: example-gitops-argocd-application-controller @@ -457,27 +457,6 @@ +# Source: pattern-clustergroup/templates/core/subscriptions.yaml +--- +--- -+# Source: pattern-clustergroup/templates/plumbing/hosted-sites.yaml -+apiVersion: argoproj.io/v1alpha1 -+kind: AppProject -+metadata: -+ name: argo-edge -+ namespace: openshift-gitops -+spec: -+ description: "Cluster Group argo-edge" -+ destinations: -+ - namespace: '*' -+ server: '*' -+ clusterResourceWhitelist: -+ - group: '*' -+ kind: '*' -+ namespaceResourceWhitelist: -+ - group: '*' -+ kind: '*' -+ sourceRepos: -+ - '*' -+status: {} -+--- +# Source: pattern-clustergroup/templates/plumbing/projects.yaml +apiVersion: argoproj.io/v1alpha1 +kind: AppProject @@ -591,258 +570,10 @@ + syncPolicy: + automated: {} + # selfHeal: true -+--- -+# Source: pattern-clustergroup/templates/plumbing/hosted-sites.yaml -+apiVersion: argoproj.io/v1alpha1 -+kind: Application -+metadata: -+ name: mypattern-argo-edge-perth -+ namespace: openshift-gitops -+ finalizers: -+ - resources-finalizer.argocd.argoproj.io/foreground -+spec: -+ project: argo-edge -+ source: -+ repoURL: https://github.com/pattern-clone/mypattern -+ targetRevision: main -+ path: common/clustergroup -+ helm: -+ ignoreMissingValueFiles: true -+ valueFiles: -+ - "/values-global.yaml" -+ - "/values-argo-edge.yaml" -+ parameters: -+ - name: global.repoURL -+ value: $ARGOCD_APP_SOURCE_REPO_URL -+ - name: global.targetRevision -+ value: $ARGOCD_APP_SOURCE_TARGET_REVISION -+ - name: global.namespace -+ value: $ARGOCD_APP_NAMESPACE -+ - name: global.pattern -+ value: mypattern -+ - name: global.hubClusterDomain -+ value: apps.hub.example.com -+ - name: global.localClusterDomain -+ value: apps.perth1.beekhof.net -+ - name: global.clusterDomain -+ value: perth1.beekhof.net -+ - name: enabled -+ value: core -+ - name: clusterGroup.name -+ value: argo-edge -+ - name: clusterGroup.targetCluster -+ value: perth -+ - name: clusterGroup.hostedSite.bearerKeyPath -+ value: secret/data/hub/cluster_perth -+ - name: clusterGroup.hostedSite.caKeyPath -+ value: secret/data/hub/cluster_perth_ca -+ - name: clusterGroup.isHubCluster -+ value: "false" -+ destination: -+ name: perth -+ namespace: mypattern-argo-edge -+ syncPolicy: -+ automated: -+ selfHeal: true -+ ignoreDifferences: -+ - group: apps -+ kind: Deployment -+ jsonPointers: -+ - /spec/replicas -+ - group: route.openshift.io -+ kind: Route -+ jsonPointers: -+ - /status -+--- -+# Source: pattern-clustergroup/templates/plumbing/hosted-sites.yaml -+apiVersion: argoproj.io/v1alpha1 -+kind: Application -+metadata: -+ name: mypattern-argo-edge-perth-plumbing -+ namespace: openshift-gitops -+ finalizers: -+ - resources-finalizer.argocd.argoproj.io/foreground -+spec: -+ project: argo-edge -+ source: -+ repoURL: https://github.com/pattern-clone/mypattern -+ targetRevision: main -+ path: common/clustergroup -+ helm: -+ ignoreMissingValueFiles: true -+ valueFiles: -+ - "/values-global.yaml" -+ - "/values-argo-edge.yaml" -+ parameters: -+ - name: global.repoURL -+ value: $ARGOCD_APP_SOURCE_REPO_URL -+ - name: global.targetRevision -+ value: $ARGOCD_APP_SOURCE_TARGET_REVISION -+ - name: global.namespace -+ value: $ARGOCD_APP_NAMESPACE -+ - name: global.pattern -+ value: mypattern -+ - name: global.hubClusterDomain -+ value: apps.hub.example.com -+ - name: global.localClusterDomain -+ value: apps.perth1.beekhof.net -+ - name: global.clusterDomain -+ value: perth1.beekhof.net -+ - name: enabled -+ value: plumbing -+ - name: clusterGroup.name -+ value: argo-edge -+ - name: clusterGroup.targetCluster -+ value: perth -+ - name: clusterGroup.hostedSite.bearerKeyPath -+ value: secret/data/hub/cluster_perth -+ - name: clusterGroup.hostedSite.caKeyPath -+ value: secret/data/hub/cluster_perth_ca -+ - name: clusterGroup.isHubCluster -+ value: "false" -+ destination: -+ name: in-cluster -+ namespace: openshift-gitops -+ syncPolicy: -+ automated: -+ selfHeal: true -+ ignoreDifferences: -+ - group: apps -+ kind: Deployment -+ jsonPointers: -+ - /spec/replicas -+ - group: route.openshift.io -+ kind: Route -+ jsonPointers: -+ - /status -+--- -+# Source: pattern-clustergroup/templates/plumbing/hosted-sites.yaml -+apiVersion: argoproj.io/v1alpha1 -+kind: Application -+metadata: -+ name: mypattern-argo-edge-sydney -+ namespace: openshift-gitops -+ finalizers: -+ - resources-finalizer.argocd.argoproj.io/foreground -+spec: -+ project: argo-edge -+ source: -+ repoURL: https://github.com/pattern-clone/mypattern -+ targetRevision: main -+ path: common/clustergroup -+ helm: -+ ignoreMissingValueFiles: true -+ valueFiles: -+ - "/values-global.yaml" -+ - "/values-argo-edge.yaml" -+ parameters: -+ - name: global.repoURL -+ value: $ARGOCD_APP_SOURCE_REPO_URL -+ - name: global.targetRevision -+ value: $ARGOCD_APP_SOURCE_TARGET_REVISION -+ - name: global.namespace -+ value: $ARGOCD_APP_NAMESPACE -+ - name: global.pattern -+ value: mypattern -+ - name: global.hubClusterDomain -+ value: apps.hub.example.com -+ - name: global.localClusterDomain -+ value: apps.syd.beekhof.net -+ - name: global.clusterDomain -+ value: syd.beekhof.net -+ - name: enabled -+ value: core -+ - name: clusterGroup.name -+ value: argo-edge -+ - name: clusterGroup.targetCluster -+ value: sydney -+ - name: clusterGroup.hostedSite.bearerKeyPath -+ value: secret/data/hub/cluster_sydney -+ - name: clusterGroup.hostedSite.caKeyPath -+ value: secret/data/hub/cluster_sydney_ca -+ - name: clusterGroup.isHubCluster -+ value: "false" -+ destination: -+ name: sydney -+ namespace: mypattern-argo-edge -+ syncPolicy: -+ automated: -+ selfHeal: true -+ ignoreDifferences: -+ - group: apps -+ kind: Deployment -+ jsonPointers: -+ - /spec/replicas -+ - group: route.openshift.io -+ kind: Route -+ jsonPointers: -+ - /status -+--- -+# Source: pattern-clustergroup/templates/plumbing/hosted-sites.yaml -+apiVersion: argoproj.io/v1alpha1 -+kind: Application -+metadata: -+ name: mypattern-argo-edge-sydney-plumbing -+ namespace: openshift-gitops -+ finalizers: -+ - resources-finalizer.argocd.argoproj.io/foreground -+spec: -+ project: argo-edge -+ source: -+ repoURL: https://github.com/pattern-clone/mypattern -+ targetRevision: main -+ path: common/clustergroup -+ helm: -+ ignoreMissingValueFiles: true -+ valueFiles: -+ - "/values-global.yaml" -+ - "/values-argo-edge.yaml" -+ parameters: -+ - name: global.repoURL -+ value: $ARGOCD_APP_SOURCE_REPO_URL -+ - name: global.targetRevision -+ value: $ARGOCD_APP_SOURCE_TARGET_REVISION -+ - name: global.namespace -+ value: $ARGOCD_APP_NAMESPACE -+ - name: global.pattern -+ value: mypattern -+ - name: global.hubClusterDomain -+ value: apps.hub.example.com -+ - name: global.localClusterDomain -+ value: apps.syd.beekhof.net -+ - name: global.clusterDomain -+ value: syd.beekhof.net -+ - name: enabled -+ value: plumbing -+ - name: clusterGroup.name -+ value: argo-edge -+ - name: clusterGroup.targetCluster -+ value: sydney -+ - name: clusterGroup.hostedSite.bearerKeyPath -+ value: secret/data/hub/cluster_sydney -+ - name: clusterGroup.hostedSite.caKeyPath -+ value: secret/data/hub/cluster_sydney_ca -+ - name: clusterGroup.isHubCluster -+ value: "false" -+ destination: -+ name: in-cluster -+ namespace: openshift-gitops -+ syncPolicy: -+ automated: -+ selfHeal: true -+ ignoreDifferences: -+ - group: apps -+ kind: Deployment -+ jsonPointers: -+ - /spec/replicas -+ - group: route.openshift.io -+ kind: Route -+ jsonPointers: -+ - /status --- # Source: pattern-clustergroup/templates/plumbing/argocd.yaml apiVersion: argoproj.io/v1alpha1 -@@ -65,7 +858,7 @@ +@@ -65,7 +589,7 @@ # Changing the name affects the ClusterRoleBinding, the generated secret, # route URL, and argocd.argoproj.io/managed-by annotations name: example-gitops @@ -851,7 +582,7 @@ annotations: argocd.argoproj.io/compare-options: IgnoreExtraneous spec: -@@ -94,10 +887,10 @@ +@@ -94,10 +618,10 @@ --set global.repoURL=$ARGOCD_APP_SOURCE_REPO_URL --set global.targetRevision=$ARGOCD_APP_SOURCE_TARGET_REVISION --set global.namespace=$ARGOCD_APP_NAMESPACE @@ -866,7 +597,7 @@ --set clusterGroup.name=example --post-renderer ./kustomize"] applicationSet: -@@ -174,11 +967,59 @@ +@@ -174,11 +698,59 @@ kind: ConsoleLink metadata: name: example-gitops-link diff --git a/tests/managedClusters-naked.expected.yml b/tests/managedClusters-naked.expected.yml new file mode 100644 index 00000000..e1d9758b --- /dev/null +++ b/tests/managedClusters-naked.expected.yml @@ -0,0 +1,3 @@ +--- +# Source: acm/templates/acm/policies/application-policies.yaml +# TODO: Also create a GitOpsCluster.apps.open-cluster-management.io diff --git a/tests/managedClusters-normal.expected.yml b/tests/managedClusters-normal.expected.yml new file mode 100644 index 00000000..4aeffb30 --- /dev/null +++ b/tests/managedClusters-normal.expected.yml @@ -0,0 +1,963 @@ +--- +# Source: acm/templates/acm/provision/secrets-common.yaml +apiVersion: v1 +kind: Secret +metadata: + name: aws-ap-acm-provision-edge-install-config +data: + # Base64 encoding of install-config yaml + install-config.yaml: CgphcGlWZXJzaW9uOiB2MQptZXRhZGF0YToKICBuYW1lOiAnYXdzLWFwJyAKYmFzZURvbWFpbjogYmx1ZXByaW50cy5yaGVjb2VuZy5jb20KY29udHJvbFBsYW5lOgogIGFyY2hpdGVjdHVyZTogYW1kNjQKICBoeXBlcnRocmVhZGluZzogRW5hYmxlZAogIG5hbWU6IGNvbnRyb2xQbGFuZQogIHJlcGxpY2FzOiAzCiAgcGxhdGZvcm06CiAgICBhd3M6CiAgICAgIHR5cGU6IG01LnhsYXJnZQpjb21wdXRlOgotIGh5cGVydGhyZWFkaW5nOiBFbmFibGVkCiAgYXJjaGl0ZWN0dXJlOiBhbWQ2NAogIG5hbWU6ICd3b3JrZXInCiAgcmVwbGljYXM6IDMKICBwbGF0Zm9ybToKICAgIGF3czoKICAgICAgdHlwZTogbTUueGxhcmdlCm5ldHdvcmtpbmc6CiAgY2x1c3Rlck5ldHdvcms6CiAgLSBjaWRyOiAxMC4xMjguMC4wLzE0CiAgICBob3N0UHJlZml4OiAyMwogIG1hY2hpbmVOZXR3b3JrOgogIC0gY2lkcjogMTAuMC4wLjAvMTYKICBuZXR3b3JrVHlwZTogT3BlblNoaWZ0U0ROCiAgc2VydmljZU5ldHdvcms6CiAgLSAxNzIuMzAuMC4wLzE2CnBsYXRmb3JtOiB7CiAgImF3cyI6IHsKICAgICJyZWdpb24iOiAiYXAtc291dGhlYXN0LTIiCiAgfQp9CnB1bGxTZWNyZXQ6ICIiICMgc2tpcCwgaGl2ZSB3aWxsIGluamVjdCBiYXNlZCBvbiBpdCdzIHNlY3JldHMKc3NoS2V5OiAiIiAgICAgIyBza2lwLCBoaXZlIHdpbGwgaW5qZWN0IGJhc2VkIG9uIGl0J3Mgc2VjcmV0cw== +type: Opaque +--- +# Source: acm/templates/acm/provision/secrets-common.yaml +apiVersion: v1 +kind: Secret +metadata: + name: azure-us-acm-provision-edge-install-config +data: + # Base64 encoding of install-config yaml + install-config.yaml: CgphcGlWZXJzaW9uOiB2MQptZXRhZGF0YToKICBuYW1lOiAnYXp1cmUtdXMnIApiYXNlRG9tYWluOiBibHVlcHJpbnRzLnJoZWNvZW5nLmNvbQpjb250cm9sUGxhbmU6CiAgYXJjaGl0ZWN0dXJlOiBhbWQ2NAogIGh5cGVydGhyZWFkaW5nOiBFbmFibGVkCiAgbmFtZTogY29udHJvbFBsYW5lCiAgcmVwbGljYXM6IDMKICBwbGF0Zm9ybToKICAgIGF6dXJlOgogICAgICB0eXBlOiBTdGFuZGFyZF9EOHNfdjMKY29tcHV0ZToKLSBoeXBlcnRocmVhZGluZzogRW5hYmxlZAogIGFyY2hpdGVjdHVyZTogYW1kNjQKICBuYW1lOiAnd29ya2VyJwogIHJlcGxpY2FzOiAzCiAgcGxhdGZvcm06CiAgICBhenVyZToKICAgICAgdHlwZTogU3RhbmRhcmRfRDhzX3YzCm5ldHdvcmtpbmc6CiAgY2x1c3Rlck5ldHdvcms6CiAgLSBjaWRyOiAxMC4xMjguMC4wLzE0CiAgICBob3N0UHJlZml4OiAyMwogIG1hY2hpbmVOZXR3b3JrOgogIC0gY2lkcjogMTAuMC4wLjAvMTYKICBuZXR3b3JrVHlwZTogT3BlblNoaWZ0U0ROCiAgc2VydmljZU5ldHdvcms6CiAgLSAxNzIuMzAuMC4wLzE2CnBsYXRmb3JtOiB7CiAgImF6dXJlIjogewogICAgImJhc2VEb21haW5SZXNvdXJjZUdyb3VwTmFtZSI6ICJkb2pvLWRucy16b25lcyIsCiAgICAicmVnaW9uIjogImVhc3R1cyIKICB9Cn0KcHVsbFNlY3JldDogIiIgIyBza2lwLCBoaXZlIHdpbGwgaW5qZWN0IGJhc2VkIG9uIGl0J3Mgc2VjcmV0cwpzc2hLZXk6ICIiICAgICAjIHNraXAsIGhpdmUgd2lsbCBpbmplY3QgYmFzZWQgb24gaXQncyBzZWNyZXRz +type: Opaque +--- +# Source: acm/templates/argo/hosted-sites.yaml +apiVersion: argoproj.io/v1alpha1 +kind: AppProject +metadata: + name: argo-edge + namespace: openshift-gitops +spec: + description: "Cluster Group argo-edge" + destinations: + - namespace: '*' + server: '*' + clusterResourceWhitelist: + - group: '*' + kind: '*' + namespaceResourceWhitelist: + - group: '*' + kind: '*' + sourceRepos: + - '*' +status: {} +--- +# Source: acm/templates/argo/hosted-sites.yaml +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: mypattern-argo-edge-perth + namespace: openshift-gitops + finalizers: + - resources-finalizer.argocd.argoproj.io/foreground +spec: + project: argo-edge + source: + repoURL: https://github.com/pattern-clone/mypattern + targetRevision: main + path: common/clustergroup + helm: + ignoreMissingValueFiles: true + valueFiles: + - "/values-global.yaml" + - "/values-argo-edge.yaml" + parameters: + - name: global.repoURL + value: $ARGOCD_APP_SOURCE_REPO_URL + - name: global.targetRevision + value: $ARGOCD_APP_SOURCE_TARGET_REVISION + - name: global.namespace + value: $ARGOCD_APP_NAMESPACE + - name: global.pattern + value: mypattern + - name: global.hubClusterDomain + value: apps.hub.example.com + - name: global.localClusterDomain + value: apps.perth1.beekhof.net + - name: global.clusterDomain + value: perth1.beekhof.net + - name: enabled + value: core + - name: clusterGroup.name + value: argo-edge + - name: clusterGroup.targetCluster + value: perth + - name: clusterGroup.hostedSite.bearerKeyPath + value: secret/data/hub/cluster_perth + - name: clusterGroup.hostedSite.caKeyPath + value: secret/data/hub/cluster_perth_ca + - name: clusterGroup.isHubCluster + value: "false" + destination: + name: perth + namespace: mypattern-argo-edge + syncPolicy: + automated: + selfHeal: true + ignoreDifferences: + - group: apps + kind: Deployment + jsonPointers: + - /spec/replicas + - group: route.openshift.io + kind: Route + jsonPointers: + - /status +--- +# Source: acm/templates/argo/hosted-sites.yaml +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: mypattern-argo-edge-perth-plumbing + namespace: openshift-gitops + finalizers: + - resources-finalizer.argocd.argoproj.io/foreground +spec: + project: argo-edge + source: + repoURL: https://github.com/pattern-clone/mypattern + targetRevision: main + path: common/clustergroup + helm: + ignoreMissingValueFiles: true + valueFiles: + - "/values-global.yaml" + - "/values-argo-edge.yaml" + parameters: + - name: global.repoURL + value: $ARGOCD_APP_SOURCE_REPO_URL + - name: global.targetRevision + value: $ARGOCD_APP_SOURCE_TARGET_REVISION + - name: global.namespace + value: $ARGOCD_APP_NAMESPACE + - name: global.pattern + value: mypattern + - name: global.hubClusterDomain + value: apps.hub.example.com + - name: global.localClusterDomain + value: apps.perth1.beekhof.net + - name: global.clusterDomain + value: perth1.beekhof.net + - name: enabled + value: plumbing + - name: clusterGroup.name + value: argo-edge + - name: clusterGroup.targetCluster + value: perth + - name: clusterGroup.hostedSite.bearerKeyPath + value: secret/data/hub/cluster_perth + - name: clusterGroup.hostedSite.caKeyPath + value: secret/data/hub/cluster_perth_ca + - name: clusterGroup.isHubCluster + value: "false" + destination: + name: in-cluster + namespace: openshift-gitops + syncPolicy: + automated: + selfHeal: true + ignoreDifferences: + - group: apps + kind: Deployment + jsonPointers: + - /spec/replicas + - group: route.openshift.io + kind: Route + jsonPointers: + - /status +--- +# Source: acm/templates/argo/hosted-sites.yaml +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: mypattern-argo-edge-sydney + namespace: openshift-gitops + finalizers: + - resources-finalizer.argocd.argoproj.io/foreground +spec: + project: argo-edge + source: + repoURL: https://github.com/pattern-clone/mypattern + targetRevision: main + path: common/clustergroup + helm: + ignoreMissingValueFiles: true + valueFiles: + - "/values-global.yaml" + - "/values-argo-edge.yaml" + parameters: + - name: global.repoURL + value: $ARGOCD_APP_SOURCE_REPO_URL + - name: global.targetRevision + value: $ARGOCD_APP_SOURCE_TARGET_REVISION + - name: global.namespace + value: $ARGOCD_APP_NAMESPACE + - name: global.pattern + value: mypattern + - name: global.hubClusterDomain + value: apps.hub.example.com + - name: global.localClusterDomain + value: apps.syd.beekhof.net + - name: global.clusterDomain + value: syd.beekhof.net + - name: enabled + value: core + - name: clusterGroup.name + value: argo-edge + - name: clusterGroup.targetCluster + value: sydney + - name: clusterGroup.hostedSite.bearerKeyPath + value: secret/data/hub/cluster_sydney + - name: clusterGroup.hostedSite.caKeyPath + value: secret/data/hub/cluster_sydney_ca + - name: clusterGroup.isHubCluster + value: "false" + destination: + name: sydney + namespace: mypattern-argo-edge + syncPolicy: + automated: + selfHeal: true + ignoreDifferences: + - group: apps + kind: Deployment + jsonPointers: + - /spec/replicas + - group: route.openshift.io + kind: Route + jsonPointers: + - /status +--- +# Source: acm/templates/argo/hosted-sites.yaml +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: mypattern-argo-edge-sydney-plumbing + namespace: openshift-gitops + finalizers: + - resources-finalizer.argocd.argoproj.io/foreground +spec: + project: argo-edge + source: + repoURL: https://github.com/pattern-clone/mypattern + targetRevision: main + path: common/clustergroup + helm: + ignoreMissingValueFiles: true + valueFiles: + - "/values-global.yaml" + - "/values-argo-edge.yaml" + parameters: + - name: global.repoURL + value: $ARGOCD_APP_SOURCE_REPO_URL + - name: global.targetRevision + value: $ARGOCD_APP_SOURCE_TARGET_REVISION + - name: global.namespace + value: $ARGOCD_APP_NAMESPACE + - name: global.pattern + value: mypattern + - name: global.hubClusterDomain + value: apps.hub.example.com + - name: global.localClusterDomain + value: apps.syd.beekhof.net + - name: global.clusterDomain + value: syd.beekhof.net + - name: enabled + value: plumbing + - name: clusterGroup.name + value: argo-edge + - name: clusterGroup.targetCluster + value: sydney + - name: clusterGroup.hostedSite.bearerKeyPath + value: secret/data/hub/cluster_sydney + - name: clusterGroup.hostedSite.caKeyPath + value: secret/data/hub/cluster_sydney_ca + - name: clusterGroup.isHubCluster + value: "false" + destination: + name: in-cluster + namespace: openshift-gitops + syncPolicy: + automated: + selfHeal: true + ignoreDifferences: + - group: apps + kind: Deployment + jsonPointers: + - /spec/replicas + - group: route.openshift.io + kind: Route + jsonPointers: + - /status +--- +# Source: acm/templates/acm/provision/clusterpool.yaml +apiVersion: hive.openshift.io/v1 +kind: ClusterClaim +metadata: + name: 'One-acm-provision-edge' + annotations: + argocd.argoproj.io/sync-wave: "20" + cluster.open-cluster-management.io/createmanagedcluster: "true" + labels: + clusterClaimName: One-acm-provision-edge + clusterGroup: region +spec: + clusterPoolName: aws-ap +--- +# Source: acm/templates/acm/provision/clusterpool.yaml +apiVersion: hive.openshift.io/v1 +kind: ClusterClaim +metadata: + name: 'Two-acm-provision-edge' + annotations: + argocd.argoproj.io/sync-wave: "20" + cluster.open-cluster-management.io/createmanagedcluster: "true" + labels: + clusterClaimName: Two-acm-provision-edge + clusterGroup: region +spec: + clusterPoolName: azure-us +--- +# Source: acm/templates/acm/provision/clusterpool.yaml +apiVersion: hive.openshift.io/v1 +kind: ClusterClaim +metadata: + name: 'Three-acm-provision-edge' + annotations: + argocd.argoproj.io/sync-wave: "20" + cluster.open-cluster-management.io/createmanagedcluster: "true" + labels: + clusterClaimName: Three-acm-provision-edge + clusterGroup: region +spec: + clusterPoolName: azure-us +--- +# Source: acm/templates/acm/provision/clusterpool.yaml +apiVersion: hive.openshift.io/v1 +kind: ClusterPool +metadata: + name: "aws-ap-acm-provision-edge" + annotations: + argocd.argoproj.io/sync-wave: "10" + labels: + cloud: aws + region: 'ap-southeast-2' + vendor: OpenShift + cluster.open-cluster-management.io/clusterset: aws-ap +spec: + size: 3 + runningCount: 1 + baseDomain: blueprints.rhecoeng.com + installConfigSecretTemplateRef: + name: aws-ap-acm-provision-edge-install-config + imageSetRef: + name: img4.10.18-x86-64-appsub + pullSecretRef: + name: aws-ap-acm-provision-edge-pull-secret + skipMachinePools: true # Disable MachinePool as using custom install-config + platform: + aws: + credentialsSecretRef: + name: aws-ap-acm-provision-edge-creds + region: ap-southeast-2 +--- +# Source: acm/templates/acm/provision/clusterpool.yaml +apiVersion: hive.openshift.io/v1 +kind: ClusterPool +metadata: + name: "azure-us-acm-provision-edge" + annotations: + argocd.argoproj.io/sync-wave: "10" + labels: + cloud: azure + region: 'eastus' + vendor: OpenShift + cluster.open-cluster-management.io/clusterset: azure-us +spec: + size: 2 + runningCount: 2 + baseDomain: blueprints.rhecoeng.com + installConfigSecretTemplateRef: + name: azure-us-acm-provision-edge-install-config + imageSetRef: + name: img4.10.18-x86-64-appsub + pullSecretRef: + name: azure-us-acm-provision-edge-pull-secret + skipMachinePools: true # Disable MachinePool as using custom install-config + platform: + azure: + credentialsSecretRef: + name: azure-us-acm-provision-edge-creds + region: eastus +--- +# Source: acm/templates/acm/provision/secrets-aws.yaml +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: aws-ap-acm-provision-edge-creds +spec: + dataFrom: + - extract: + # Expects entries called: aws_access_key_id and aws_secret_access_key + key: secret/data/hub/aws + refreshInterval: 24h0m0s + secretStoreRef: + name: vault-backend + kind: ClusterSecretStore + target: + name: aws-ap-acm-provision-edge-creds + creationPolicy: Owner + template: + type: Opaque +--- +# Source: acm/templates/acm/provision/secrets-aws.yaml +# For use when manually creating clusters with ACM +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: aws-ap-acm-provision-edge-infra-creds +spec: + data: + - secretKey: openshiftPullSecret + remoteRef: + key: secret/data/hub/openshiftPullSecret + property: content + - secretKey: awsKeyId + remoteRef: + key: secret/data/hub/aws + property: aws_access_key_id + - secretKey: awsAccessKey + remoteRef: + key: secret/data/hub/aws + property: aws_secret_access_key + - secretKey: sshPublicKey + remoteRef: + key: secret/data/hub/publickey + property: content + - secretKey: sshPrivateKey + remoteRef: + key: secret/data/hub/privatekey + property: content + refreshInterval: 24h0m0s + secretStoreRef: + name: vault-backend + kind: ClusterSecretStore + target: + name: aws-ap-acm-provision-edge-infra-creds + creationPolicy: Owner + template: + type: Opaque + metadata: + labels: + cluster.open-cluster-management.io/credentials: "" + cluster.open-cluster-management.io/type: aws + data: + baseDomain: "blueprints.rhecoeng.com" + pullSecret: |- + {{ .openshiftPullSecret | toString }} + aws_access_key_id: |- + {{ .awsKeyId | toString }} + aws_secret_access_key: |- + {{ .awsAccessKey | toString }} + ssh-privatekey: |- + {{ .sshPrivateKey | toString }} + ssh-publickey: |- + {{ .sshPublicKey | toString }} + httpProxy: "" + httpsProxy: "" + noProxy: "" + additionalTrustBundle: "" +--- +# Source: acm/templates/acm/provision/secrets-azure.yaml +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: azure-us-acm-provision-edge-creds +spec: + data: + - secretKey: azureOsServicePrincipal + remoteRef: + key: secret/data/hub/azureOsServicePrincipal + property: content + refreshInterval: 24h0m0s + secretStoreRef: + name: vault-backend + kind: ClusterSecretStore + target: + name: azure-us-acm-provision-edge-creds + creationPolicy: Owner + template: + type: Opaque + data: + osServicePrincipal.json: |- + {{ .azureOsServicePrincipal | toString }} +--- +# Source: acm/templates/acm/provision/secrets-azure.yaml +# For use when manually creating clusters with ACM +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: azure-us-acm-provision-edge-infra-creds +spec: + data: + - secretKey: openshiftPullSecret + remoteRef: + key: secret/data/hub/openshiftPullSecret + property: content + - secretKey: sshPublicKey + remoteRef: + key: secret/data/hub/publickey + property: content + - secretKey: sshPrivateKey + remoteRef: + key: secret/data/hub/privatekey + property: content + - secretKey: azureOsServicePrincipal + remoteRef: + key: secret/data/hub/azureOsServicePrincipal + property: content + refreshInterval: 24h0m0s + secretStoreRef: + name: vault-backend + kind: ClusterSecretStore + target: + name: azure-us-acm-provision-edge-infra-creds + creationPolicy: Owner + template: + type: Opaque + metadata: + labels: + cluster.open-cluster-management.io/credentials: "" + cluster.open-cluster-management.io/type: aws + data: + cloudName: AzurePublicCloud + osServicePrincipal.json: |- + {{ .azureOsServicePrincipal | toString }} + baseDomain: "blueprints.rhecoeng.com" + baseDomainResourceGroupName: "dojo-dns-zones" + pullSecret: |- + {{ .openshiftPullSecret | toString }} + ssh-privatekey: |- + {{ .sshPrivateKey | toString }} + ssh-publickey: |- + {{ .sshPublicKey | toString }} + httpProxy: "" + httpsProxy: "" + noProxy: "" + additionalTrustBundle: "" +--- +# Source: acm/templates/acm/provision/secrets-common.yaml +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: aws-ap-acm-provision-edge-pull-secret +spec: + data: + - secretKey: openshiftPullSecret + remoteRef: + key: secret/data/hub/openshiftPullSecret + property: content + refreshInterval: 24h0m0s + secretStoreRef: + name: vault-backend + kind: ClusterSecretStore + target: + name: aws-ap-acm-provision-edge-pull-secret + creationPolicy: Owner + template: + type: kubernetes.io/dockerconfigjson + data: + .dockerconfigjson: |- + {{ .openshiftPullSecret | toString }} +--- +# Source: acm/templates/acm/provision/secrets-common.yaml +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: aws-ap-acm-provision-edge-ssh-private-key +spec: + data: + - secretKey: sshPrivateKey + remoteRef: + key: secret/data/hub/privatekey + property: content + refreshInterval: 24h0m0s + secretStoreRef: + name: vault-backend + kind: ClusterSecretStore + target: + name: aws-ap-acm-provision-edge-ssh-private-key + creationPolicy: Owner + template: + type: Opaque + data: + ssh-privatekey: |- + {{ .sshPrivateKey | toString }} +--- +# Source: acm/templates/acm/provision/secrets-common.yaml +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: azure-us-acm-provision-edge-pull-secret +spec: + data: + - secretKey: openshiftPullSecret + remoteRef: + key: secret/data/hub/openshiftPullSecret + property: content + refreshInterval: 24h0m0s + secretStoreRef: + name: vault-backend + kind: ClusterSecretStore + target: + name: azure-us-acm-provision-edge-pull-secret + creationPolicy: Owner + template: + type: kubernetes.io/dockerconfigjson + data: + .dockerconfigjson: |- + {{ .openshiftPullSecret | toString }} +--- +# Source: acm/templates/acm/provision/secrets-common.yaml +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: azure-us-acm-provision-edge-ssh-private-key +spec: + data: + - secretKey: sshPrivateKey + remoteRef: + key: secret/data/hub/privatekey + property: content + refreshInterval: 24h0m0s + secretStoreRef: + name: vault-backend + kind: ClusterSecretStore + target: + name: azure-us-acm-provision-edge-ssh-private-key + creationPolicy: Owner + template: + type: Opaque + data: + ssh-privatekey: |- + {{ .sshPrivateKey | toString }} +--- +# Source: acm/templates/acm/provision/clusterpool.yaml +apiVersion: cluster.open-cluster-management.io/v1beta1 +kind: ManagedClusterSet +metadata: + annotations: + cluster.open-cluster-management.io/submariner-broker-ns: acm-provision-edge-broker + name: acm-provision-edge +spec: + clusterSelector: + selectorType: LegacyClusterSetLabel +--- +# Source: acm/templates/acm/multiclusterhub.yaml +apiVersion: operator.open-cluster-management.io/v1 +kind: MultiClusterHub +metadata: + name: multiclusterhub + namespace: open-cluster-management + annotations: + argocd.argoproj.io/sync-wave: "-1" +spec: {} +--- +# Source: acm/templates/acm/policies/application-policies.yaml +apiVersion: policy.open-cluster-management.io/v1 +kind: PlacementBinding +metadata: + name: acm-edge-placement-binding + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true +placementRef: + name: acm-edge-placement + kind: PlacementRule + apiGroup: apps.open-cluster-management.io +subjects: + - name: acm-edge-clustergroup-policy + kind: Policy + apiGroup: policy.open-cluster-management.io +--- +# Source: acm/templates/acm/policies/application-policies.yaml +apiVersion: policy.open-cluster-management.io/v1 +kind: PlacementBinding +metadata: + name: acm-provision-edge-placement-binding + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true +placementRef: + name: acm-provision-edge-placement + kind: PlacementRule + apiGroup: apps.open-cluster-management.io +subjects: + - name: acm-provision-edge-clustergroup-policy + kind: Policy + apiGroup: policy.open-cluster-management.io +--- +# Source: acm/templates/acm/policies/ocp-gitops-policy.yaml +apiVersion: policy.open-cluster-management.io/v1 +kind: PlacementBinding +metadata: + name: openshift-gitops-placement-binding + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true +placementRef: + name: openshift-gitops-placement + kind: PlacementRule + apiGroup: apps.open-cluster-management.io +subjects: + - name: openshift-gitops-policy + kind: Policy + apiGroup: policy.open-cluster-management.io +--- +# Source: acm/templates/acm/policies/application-policies.yaml +apiVersion: apps.open-cluster-management.io/v1 +kind: PlacementRule +metadata: + name: acm-edge-placement +spec: + clusterConditions: + - status: 'True' + type: ManagedClusterConditionAvailable + clusterSelector: + matchLabels: + clusterGroup: acm-region +--- +# Source: acm/templates/acm/policies/application-policies.yaml +apiVersion: apps.open-cluster-management.io/v1 +kind: PlacementRule +metadata: + name: acm-provision-edge-placement +spec: + clusterConditions: + - status: 'True' + type: ManagedClusterConditionAvailable + clusterSelector: + matchLabels: + clusterGroup: region +--- +# Source: acm/templates/acm/policies/ocp-gitops-policy.yaml +apiVersion: apps.open-cluster-management.io/v1 +kind: PlacementRule +metadata: + name: openshift-gitops-placement +spec: + clusterConditions: + - status: 'True' + type: ManagedClusterConditionAvailable + clusterSelector: + matchExpressions: + - key: vendor + operator: In + values: + - OpenShift +--- +# Source: acm/templates/acm/policies/application-policies.yaml +# TODO: Also create a GitOpsCluster.apps.open-cluster-management.io +apiVersion: policy.open-cluster-management.io/v1 +kind: Policy +metadata: + name: acm-edge-clustergroup-policy + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/compare-options: IgnoreExtraneous +spec: + remediationAction: enforce + disabled: false + policy-templates: + - objectDefinition: + apiVersion: policy.open-cluster-management.io/v1 + kind: ConfigurationPolicy + metadata: + name: acm-edge-clustergroup-config + spec: + remediationAction: enforce + severity: medium + namespaceSelector: + include: + - default + object-templates: + - complianceType: mustonlyhave + objectDefinition: + apiVersion: argoproj.io/v1alpha1 + kind: Application + metadata: + name: mypattern-acm-edge + namespace: openshift-gitops + finalizers: + - resources-finalizer.argocd.argoproj.io/foreground + spec: + project: default + source: + repoURL: https://github.com/pattern-clone/mypattern + targetRevision: main + path: common/clustergroup + helm: + ignoreMissingValueFiles: true + valueFiles: + - "/values-global.yaml" + - "/values-acm-edge.yaml" + parameters: + - name: global.repoURL + value: $ARGOCD_APP_SOURCE_REPO_URL + - name: global.targetRevision + value: $ARGOCD_APP_SOURCE_TARGET_REVISION + - name: global.namespace + value: $ARGOCD_APP_NAMESPACE + - name: global.pattern + value: mypattern + - name: global.hubClusterDomain + value: apps.hub.example.com + - name: global.localClusterDomain + value: '{{ (lookup "config.openshift.io/v1" "Ingress" "" "cluster").spec.domain }}' + # Requires ACM 2.6 or higher + - name: global.clusterDomain + value: '{{ (lookup "config.openshift.io/v1" "Ingress" "" "cluster").spec.domain | replace "apps." "" }}' + - name: clusterGroup.name + value: acm-edge + - name: clusterGroup.isHubCluster + value: "false" + destination: + server: https://kubernetes.default.svc + namespace: mypattern-acm-edge + syncPolicy: + automated: + prune: false + selfHeal: true + ignoreDifferences: + - group: apps + kind: Deployment + jsonPointers: + - /spec/replicas + - group: route.openshift.io + kind: Route + jsonPointers: + - /status +--- +# Source: acm/templates/acm/policies/application-policies.yaml +apiVersion: policy.open-cluster-management.io/v1 +kind: Policy +metadata: + name: acm-provision-edge-clustergroup-policy + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/compare-options: IgnoreExtraneous +spec: + remediationAction: enforce + disabled: false + policy-templates: + - objectDefinition: + apiVersion: policy.open-cluster-management.io/v1 + kind: ConfigurationPolicy + metadata: + name: acm-provision-edge-clustergroup-config + spec: + remediationAction: enforce + severity: medium + namespaceSelector: + include: + - default + object-templates: + - complianceType: mustonlyhave + objectDefinition: + apiVersion: argoproj.io/v1alpha1 + kind: Application + metadata: + name: mypattern-acm-provision-edge + namespace: openshift-gitops + finalizers: + - resources-finalizer.argocd.argoproj.io/foreground + spec: + project: default + source: + repoURL: https://github.com/pattern-clone/mypattern + targetRevision: main + path: common/clustergroup + helm: + ignoreMissingValueFiles: true + valueFiles: + - "/values-global.yaml" + - "/values-acm-provision-edge.yaml" + parameters: + - name: global.repoURL + value: $ARGOCD_APP_SOURCE_REPO_URL + - name: global.targetRevision + value: $ARGOCD_APP_SOURCE_TARGET_REVISION + - name: global.namespace + value: $ARGOCD_APP_NAMESPACE + - name: global.pattern + value: mypattern + - name: global.hubClusterDomain + value: apps.hub.example.com + - name: global.localClusterDomain + value: '{{ (lookup "config.openshift.io/v1" "Ingress" "" "cluster").spec.domain }}' + # Requires ACM 2.6 or higher + - name: global.clusterDomain + value: '{{ (lookup "config.openshift.io/v1" "Ingress" "" "cluster").spec.domain | replace "apps." "" }}' + - name: clusterGroup.name + value: acm-provision-edge + - name: clusterGroup.isHubCluster + value: "false" + destination: + server: https://kubernetes.default.svc + namespace: mypattern-acm-provision-edge + syncPolicy: + automated: + prune: false + selfHeal: true + ignoreDifferences: + - group: apps + kind: Deployment + jsonPointers: + - /spec/replicas + - group: route.openshift.io + kind: Route + jsonPointers: + - /status +--- +# Source: acm/templates/acm/policies/ocp-gitops-policy.yaml +apiVersion: policy.open-cluster-management.io/v1 +kind: Policy +metadata: + name: openshift-gitops-policy + annotations: + policy.open-cluster-management.io/standards: NIST-CSF + policy.open-cluster-management.io/categories: PR.DS Data Security + policy.open-cluster-management.io/controls: PR.DS-1 Data-at-rest + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/compare-options: IgnoreExtraneous +spec: + remediationAction: enforce + disabled: false + policy-templates: + - objectDefinition: + apiVersion: policy.open-cluster-management.io/v1 + kind: ConfigurationPolicy + metadata: + name: openshift-gitops-config + spec: + remediationAction: enforce + severity: medium + namespaceSelector: + include: + - default + object-templates: + - complianceType: mustonlyhave + objectDefinition: + # This is an auto-generated file. DO NOT EDIT + apiVersion: operators.coreos.com/v1alpha1 + kind: Subscription + metadata: + name: openshift-gitops-operator + namespace: openshift-operators + labels: + operators.coreos.com/openshift-gitops-operator.openshift-operators: '' + spec: + channel: stable + installPlanApproval: Automatic + name: openshift-gitops-operator + source: redhat-operators + sourceNamespace: openshift-marketplace + config: + env: + - name: ARGOCD_CLUSTER_CONFIG_NAMESPACES + value: "*" diff --git a/tests/managedClusters.expected.diff b/tests/managedClusters.expected.diff new file mode 100644 index 00000000..cf17a3ff --- /dev/null +++ b/tests/managedClusters.expected.diff @@ -0,0 +1,966 @@ +--- tests/managedClusters-naked.expected.yml ++++ tests/managedClusters-normal.expected.yml +@@ -1,3 +1,963 @@ + --- ++# Source: acm/templates/acm/provision/secrets-common.yaml ++apiVersion: v1 ++kind: Secret ++metadata: ++ name: aws-ap-acm-provision-edge-install-config ++data: ++ # Base64 encoding of install-config yaml ++ install-config.yaml: CgphcGlWZXJzaW9uOiB2MQptZXRhZGF0YToKICBuYW1lOiAnYXdzLWFwJyAKYmFzZURvbWFpbjogYmx1ZXByaW50cy5yaGVjb2VuZy5jb20KY29udHJvbFBsYW5lOgogIGFyY2hpdGVjdHVyZTogYW1kNjQKICBoeXBlcnRocmVhZGluZzogRW5hYmxlZAogIG5hbWU6IGNvbnRyb2xQbGFuZQogIHJlcGxpY2FzOiAzCiAgcGxhdGZvcm06CiAgICBhd3M6CiAgICAgIHR5cGU6IG01LnhsYXJnZQpjb21wdXRlOgotIGh5cGVydGhyZWFkaW5nOiBFbmFibGVkCiAgYXJjaGl0ZWN0dXJlOiBhbWQ2NAogIG5hbWU6ICd3b3JrZXInCiAgcmVwbGljYXM6IDMKICBwbGF0Zm9ybToKICAgIGF3czoKICAgICAgdHlwZTogbTUueGxhcmdlCm5ldHdvcmtpbmc6CiAgY2x1c3Rlck5ldHdvcms6CiAgLSBjaWRyOiAxMC4xMjguMC4wLzE0CiAgICBob3N0UHJlZml4OiAyMwogIG1hY2hpbmVOZXR3b3JrOgogIC0gY2lkcjogMTAuMC4wLjAvMTYKICBuZXR3b3JrVHlwZTogT3BlblNoaWZ0U0ROCiAgc2VydmljZU5ldHdvcms6CiAgLSAxNzIuMzAuMC4wLzE2CnBsYXRmb3JtOiB7CiAgImF3cyI6IHsKICAgICJyZWdpb24iOiAiYXAtc291dGhlYXN0LTIiCiAgfQp9CnB1bGxTZWNyZXQ6ICIiICMgc2tpcCwgaGl2ZSB3aWxsIGluamVjdCBiYXNlZCBvbiBpdCdzIHNlY3JldHMKc3NoS2V5OiAiIiAgICAgIyBza2lwLCBoaXZlIHdpbGwgaW5qZWN0IGJhc2VkIG9uIGl0J3Mgc2VjcmV0cw== ++type: Opaque ++--- ++# Source: acm/templates/acm/provision/secrets-common.yaml ++apiVersion: v1 ++kind: Secret ++metadata: ++ name: azure-us-acm-provision-edge-install-config ++data: ++ # Base64 encoding of install-config yaml ++ install-config.yaml: CgphcGlWZXJzaW9uOiB2MQptZXRhZGF0YToKICBuYW1lOiAnYXp1cmUtdXMnIApiYXNlRG9tYWluOiBibHVlcHJpbnRzLnJoZWNvZW5nLmNvbQpjb250cm9sUGxhbmU6CiAgYXJjaGl0ZWN0dXJlOiBhbWQ2NAogIGh5cGVydGhyZWFkaW5nOiBFbmFibGVkCiAgbmFtZTogY29udHJvbFBsYW5lCiAgcmVwbGljYXM6IDMKICBwbGF0Zm9ybToKICAgIGF6dXJlOgogICAgICB0eXBlOiBTdGFuZGFyZF9EOHNfdjMKY29tcHV0ZToKLSBoeXBlcnRocmVhZGluZzogRW5hYmxlZAogIGFyY2hpdGVjdHVyZTogYW1kNjQKICBuYW1lOiAnd29ya2VyJwogIHJlcGxpY2FzOiAzCiAgcGxhdGZvcm06CiAgICBhenVyZToKICAgICAgdHlwZTogU3RhbmRhcmRfRDhzX3YzCm5ldHdvcmtpbmc6CiAgY2x1c3Rlck5ldHdvcms6CiAgLSBjaWRyOiAxMC4xMjguMC4wLzE0CiAgICBob3N0UHJlZml4OiAyMwogIG1hY2hpbmVOZXR3b3JrOgogIC0gY2lkcjogMTAuMC4wLjAvMTYKICBuZXR3b3JrVHlwZTogT3BlblNoaWZ0U0ROCiAgc2VydmljZU5ldHdvcms6CiAgLSAxNzIuMzAuMC4wLzE2CnBsYXRmb3JtOiB7CiAgImF6dXJlIjogewogICAgImJhc2VEb21haW5SZXNvdXJjZUdyb3VwTmFtZSI6ICJkb2pvLWRucy16b25lcyIsCiAgICAicmVnaW9uIjogImVhc3R1cyIKICB9Cn0KcHVsbFNlY3JldDogIiIgIyBza2lwLCBoaXZlIHdpbGwgaW5qZWN0IGJhc2VkIG9uIGl0J3Mgc2VjcmV0cwpzc2hLZXk6ICIiICAgICAjIHNraXAsIGhpdmUgd2lsbCBpbmplY3QgYmFzZWQgb24gaXQncyBzZWNyZXRz ++type: Opaque ++--- ++# Source: acm/templates/argo/hosted-sites.yaml ++apiVersion: argoproj.io/v1alpha1 ++kind: AppProject ++metadata: ++ name: argo-edge ++ namespace: openshift-gitops ++spec: ++ description: "Cluster Group argo-edge" ++ destinations: ++ - namespace: '*' ++ server: '*' ++ clusterResourceWhitelist: ++ - group: '*' ++ kind: '*' ++ namespaceResourceWhitelist: ++ - group: '*' ++ kind: '*' ++ sourceRepos: ++ - '*' ++status: {} ++--- ++# Source: acm/templates/argo/hosted-sites.yaml ++apiVersion: argoproj.io/v1alpha1 ++kind: Application ++metadata: ++ name: mypattern-argo-edge-perth ++ namespace: openshift-gitops ++ finalizers: ++ - resources-finalizer.argocd.argoproj.io/foreground ++spec: ++ project: argo-edge ++ source: ++ repoURL: https://github.com/pattern-clone/mypattern ++ targetRevision: main ++ path: common/clustergroup ++ helm: ++ ignoreMissingValueFiles: true ++ valueFiles: ++ - "/values-global.yaml" ++ - "/values-argo-edge.yaml" ++ parameters: ++ - name: global.repoURL ++ value: $ARGOCD_APP_SOURCE_REPO_URL ++ - name: global.targetRevision ++ value: $ARGOCD_APP_SOURCE_TARGET_REVISION ++ - name: global.namespace ++ value: $ARGOCD_APP_NAMESPACE ++ - name: global.pattern ++ value: mypattern ++ - name: global.hubClusterDomain ++ value: apps.hub.example.com ++ - name: global.localClusterDomain ++ value: apps.perth1.beekhof.net ++ - name: global.clusterDomain ++ value: perth1.beekhof.net ++ - name: enabled ++ value: core ++ - name: clusterGroup.name ++ value: argo-edge ++ - name: clusterGroup.targetCluster ++ value: perth ++ - name: clusterGroup.hostedSite.bearerKeyPath ++ value: secret/data/hub/cluster_perth ++ - name: clusterGroup.hostedSite.caKeyPath ++ value: secret/data/hub/cluster_perth_ca ++ - name: clusterGroup.isHubCluster ++ value: "false" ++ destination: ++ name: perth ++ namespace: mypattern-argo-edge ++ syncPolicy: ++ automated: ++ selfHeal: true ++ ignoreDifferences: ++ - group: apps ++ kind: Deployment ++ jsonPointers: ++ - /spec/replicas ++ - group: route.openshift.io ++ kind: Route ++ jsonPointers: ++ - /status ++--- ++# Source: acm/templates/argo/hosted-sites.yaml ++apiVersion: argoproj.io/v1alpha1 ++kind: Application ++metadata: ++ name: mypattern-argo-edge-perth-plumbing ++ namespace: openshift-gitops ++ finalizers: ++ - resources-finalizer.argocd.argoproj.io/foreground ++spec: ++ project: argo-edge ++ source: ++ repoURL: https://github.com/pattern-clone/mypattern ++ targetRevision: main ++ path: common/clustergroup ++ helm: ++ ignoreMissingValueFiles: true ++ valueFiles: ++ - "/values-global.yaml" ++ - "/values-argo-edge.yaml" ++ parameters: ++ - name: global.repoURL ++ value: $ARGOCD_APP_SOURCE_REPO_URL ++ - name: global.targetRevision ++ value: $ARGOCD_APP_SOURCE_TARGET_REVISION ++ - name: global.namespace ++ value: $ARGOCD_APP_NAMESPACE ++ - name: global.pattern ++ value: mypattern ++ - name: global.hubClusterDomain ++ value: apps.hub.example.com ++ - name: global.localClusterDomain ++ value: apps.perth1.beekhof.net ++ - name: global.clusterDomain ++ value: perth1.beekhof.net ++ - name: enabled ++ value: plumbing ++ - name: clusterGroup.name ++ value: argo-edge ++ - name: clusterGroup.targetCluster ++ value: perth ++ - name: clusterGroup.hostedSite.bearerKeyPath ++ value: secret/data/hub/cluster_perth ++ - name: clusterGroup.hostedSite.caKeyPath ++ value: secret/data/hub/cluster_perth_ca ++ - name: clusterGroup.isHubCluster ++ value: "false" ++ destination: ++ name: in-cluster ++ namespace: openshift-gitops ++ syncPolicy: ++ automated: ++ selfHeal: true ++ ignoreDifferences: ++ - group: apps ++ kind: Deployment ++ jsonPointers: ++ - /spec/replicas ++ - group: route.openshift.io ++ kind: Route ++ jsonPointers: ++ - /status ++--- ++# Source: acm/templates/argo/hosted-sites.yaml ++apiVersion: argoproj.io/v1alpha1 ++kind: Application ++metadata: ++ name: mypattern-argo-edge-sydney ++ namespace: openshift-gitops ++ finalizers: ++ - resources-finalizer.argocd.argoproj.io/foreground ++spec: ++ project: argo-edge ++ source: ++ repoURL: https://github.com/pattern-clone/mypattern ++ targetRevision: main ++ path: common/clustergroup ++ helm: ++ ignoreMissingValueFiles: true ++ valueFiles: ++ - "/values-global.yaml" ++ - "/values-argo-edge.yaml" ++ parameters: ++ - name: global.repoURL ++ value: $ARGOCD_APP_SOURCE_REPO_URL ++ - name: global.targetRevision ++ value: $ARGOCD_APP_SOURCE_TARGET_REVISION ++ - name: global.namespace ++ value: $ARGOCD_APP_NAMESPACE ++ - name: global.pattern ++ value: mypattern ++ - name: global.hubClusterDomain ++ value: apps.hub.example.com ++ - name: global.localClusterDomain ++ value: apps.syd.beekhof.net ++ - name: global.clusterDomain ++ value: syd.beekhof.net ++ - name: enabled ++ value: core ++ - name: clusterGroup.name ++ value: argo-edge ++ - name: clusterGroup.targetCluster ++ value: sydney ++ - name: clusterGroup.hostedSite.bearerKeyPath ++ value: secret/data/hub/cluster_sydney ++ - name: clusterGroup.hostedSite.caKeyPath ++ value: secret/data/hub/cluster_sydney_ca ++ - name: clusterGroup.isHubCluster ++ value: "false" ++ destination: ++ name: sydney ++ namespace: mypattern-argo-edge ++ syncPolicy: ++ automated: ++ selfHeal: true ++ ignoreDifferences: ++ - group: apps ++ kind: Deployment ++ jsonPointers: ++ - /spec/replicas ++ - group: route.openshift.io ++ kind: Route ++ jsonPointers: ++ - /status ++--- ++# Source: acm/templates/argo/hosted-sites.yaml ++apiVersion: argoproj.io/v1alpha1 ++kind: Application ++metadata: ++ name: mypattern-argo-edge-sydney-plumbing ++ namespace: openshift-gitops ++ finalizers: ++ - resources-finalizer.argocd.argoproj.io/foreground ++spec: ++ project: argo-edge ++ source: ++ repoURL: https://github.com/pattern-clone/mypattern ++ targetRevision: main ++ path: common/clustergroup ++ helm: ++ ignoreMissingValueFiles: true ++ valueFiles: ++ - "/values-global.yaml" ++ - "/values-argo-edge.yaml" ++ parameters: ++ - name: global.repoURL ++ value: $ARGOCD_APP_SOURCE_REPO_URL ++ - name: global.targetRevision ++ value: $ARGOCD_APP_SOURCE_TARGET_REVISION ++ - name: global.namespace ++ value: $ARGOCD_APP_NAMESPACE ++ - name: global.pattern ++ value: mypattern ++ - name: global.hubClusterDomain ++ value: apps.hub.example.com ++ - name: global.localClusterDomain ++ value: apps.syd.beekhof.net ++ - name: global.clusterDomain ++ value: syd.beekhof.net ++ - name: enabled ++ value: plumbing ++ - name: clusterGroup.name ++ value: argo-edge ++ - name: clusterGroup.targetCluster ++ value: sydney ++ - name: clusterGroup.hostedSite.bearerKeyPath ++ value: secret/data/hub/cluster_sydney ++ - name: clusterGroup.hostedSite.caKeyPath ++ value: secret/data/hub/cluster_sydney_ca ++ - name: clusterGroup.isHubCluster ++ value: "false" ++ destination: ++ name: in-cluster ++ namespace: openshift-gitops ++ syncPolicy: ++ automated: ++ selfHeal: true ++ ignoreDifferences: ++ - group: apps ++ kind: Deployment ++ jsonPointers: ++ - /spec/replicas ++ - group: route.openshift.io ++ kind: Route ++ jsonPointers: ++ - /status ++--- ++# Source: acm/templates/acm/provision/clusterpool.yaml ++apiVersion: hive.openshift.io/v1 ++kind: ClusterClaim ++metadata: ++ name: 'One-acm-provision-edge' ++ annotations: ++ argocd.argoproj.io/sync-wave: "20" ++ cluster.open-cluster-management.io/createmanagedcluster: "true" ++ labels: ++ clusterClaimName: One-acm-provision-edge ++ clusterGroup: region ++spec: ++ clusterPoolName: aws-ap ++--- ++# Source: acm/templates/acm/provision/clusterpool.yaml ++apiVersion: hive.openshift.io/v1 ++kind: ClusterClaim ++metadata: ++ name: 'Two-acm-provision-edge' ++ annotations: ++ argocd.argoproj.io/sync-wave: "20" ++ cluster.open-cluster-management.io/createmanagedcluster: "true" ++ labels: ++ clusterClaimName: Two-acm-provision-edge ++ clusterGroup: region ++spec: ++ clusterPoolName: azure-us ++--- ++# Source: acm/templates/acm/provision/clusterpool.yaml ++apiVersion: hive.openshift.io/v1 ++kind: ClusterClaim ++metadata: ++ name: 'Three-acm-provision-edge' ++ annotations: ++ argocd.argoproj.io/sync-wave: "20" ++ cluster.open-cluster-management.io/createmanagedcluster: "true" ++ labels: ++ clusterClaimName: Three-acm-provision-edge ++ clusterGroup: region ++spec: ++ clusterPoolName: azure-us ++--- ++# Source: acm/templates/acm/provision/clusterpool.yaml ++apiVersion: hive.openshift.io/v1 ++kind: ClusterPool ++metadata: ++ name: "aws-ap-acm-provision-edge" ++ annotations: ++ argocd.argoproj.io/sync-wave: "10" ++ labels: ++ cloud: aws ++ region: 'ap-southeast-2' ++ vendor: OpenShift ++ cluster.open-cluster-management.io/clusterset: aws-ap ++spec: ++ size: 3 ++ runningCount: 1 ++ baseDomain: blueprints.rhecoeng.com ++ installConfigSecretTemplateRef: ++ name: aws-ap-acm-provision-edge-install-config ++ imageSetRef: ++ name: img4.10.18-x86-64-appsub ++ pullSecretRef: ++ name: aws-ap-acm-provision-edge-pull-secret ++ skipMachinePools: true # Disable MachinePool as using custom install-config ++ platform: ++ aws: ++ credentialsSecretRef: ++ name: aws-ap-acm-provision-edge-creds ++ region: ap-southeast-2 ++--- ++# Source: acm/templates/acm/provision/clusterpool.yaml ++apiVersion: hive.openshift.io/v1 ++kind: ClusterPool ++metadata: ++ name: "azure-us-acm-provision-edge" ++ annotations: ++ argocd.argoproj.io/sync-wave: "10" ++ labels: ++ cloud: azure ++ region: 'eastus' ++ vendor: OpenShift ++ cluster.open-cluster-management.io/clusterset: azure-us ++spec: ++ size: 2 ++ runningCount: 2 ++ baseDomain: blueprints.rhecoeng.com ++ installConfigSecretTemplateRef: ++ name: azure-us-acm-provision-edge-install-config ++ imageSetRef: ++ name: img4.10.18-x86-64-appsub ++ pullSecretRef: ++ name: azure-us-acm-provision-edge-pull-secret ++ skipMachinePools: true # Disable MachinePool as using custom install-config ++ platform: ++ azure: ++ credentialsSecretRef: ++ name: azure-us-acm-provision-edge-creds ++ region: eastus ++--- ++# Source: acm/templates/acm/provision/secrets-aws.yaml ++apiVersion: external-secrets.io/v1beta1 ++kind: ExternalSecret ++metadata: ++ name: aws-ap-acm-provision-edge-creds ++spec: ++ dataFrom: ++ - extract: ++ # Expects entries called: aws_access_key_id and aws_secret_access_key ++ key: secret/data/hub/aws ++ refreshInterval: 24h0m0s ++ secretStoreRef: ++ name: vault-backend ++ kind: ClusterSecretStore ++ target: ++ name: aws-ap-acm-provision-edge-creds ++ creationPolicy: Owner ++ template: ++ type: Opaque ++--- ++# Source: acm/templates/acm/provision/secrets-aws.yaml ++# For use when manually creating clusters with ACM ++apiVersion: external-secrets.io/v1beta1 ++kind: ExternalSecret ++metadata: ++ name: aws-ap-acm-provision-edge-infra-creds ++spec: ++ data: ++ - secretKey: openshiftPullSecret ++ remoteRef: ++ key: secret/data/hub/openshiftPullSecret ++ property: content ++ - secretKey: awsKeyId ++ remoteRef: ++ key: secret/data/hub/aws ++ property: aws_access_key_id ++ - secretKey: awsAccessKey ++ remoteRef: ++ key: secret/data/hub/aws ++ property: aws_secret_access_key ++ - secretKey: sshPublicKey ++ remoteRef: ++ key: secret/data/hub/publickey ++ property: content ++ - secretKey: sshPrivateKey ++ remoteRef: ++ key: secret/data/hub/privatekey ++ property: content ++ refreshInterval: 24h0m0s ++ secretStoreRef: ++ name: vault-backend ++ kind: ClusterSecretStore ++ target: ++ name: aws-ap-acm-provision-edge-infra-creds ++ creationPolicy: Owner ++ template: ++ type: Opaque ++ metadata: ++ labels: ++ cluster.open-cluster-management.io/credentials: "" ++ cluster.open-cluster-management.io/type: aws ++ data: ++ baseDomain: "blueprints.rhecoeng.com" ++ pullSecret: |- ++ {{ .openshiftPullSecret | toString }} ++ aws_access_key_id: |- ++ {{ .awsKeyId | toString }} ++ aws_secret_access_key: |- ++ {{ .awsAccessKey | toString }} ++ ssh-privatekey: |- ++ {{ .sshPrivateKey | toString }} ++ ssh-publickey: |- ++ {{ .sshPublicKey | toString }} ++ httpProxy: "" ++ httpsProxy: "" ++ noProxy: "" ++ additionalTrustBundle: "" ++--- ++# Source: acm/templates/acm/provision/secrets-azure.yaml ++apiVersion: external-secrets.io/v1beta1 ++kind: ExternalSecret ++metadata: ++ name: azure-us-acm-provision-edge-creds ++spec: ++ data: ++ - secretKey: azureOsServicePrincipal ++ remoteRef: ++ key: secret/data/hub/azureOsServicePrincipal ++ property: content ++ refreshInterval: 24h0m0s ++ secretStoreRef: ++ name: vault-backend ++ kind: ClusterSecretStore ++ target: ++ name: azure-us-acm-provision-edge-creds ++ creationPolicy: Owner ++ template: ++ type: Opaque ++ data: ++ osServicePrincipal.json: |- ++ {{ .azureOsServicePrincipal | toString }} ++--- ++# Source: acm/templates/acm/provision/secrets-azure.yaml ++# For use when manually creating clusters with ACM ++apiVersion: external-secrets.io/v1beta1 ++kind: ExternalSecret ++metadata: ++ name: azure-us-acm-provision-edge-infra-creds ++spec: ++ data: ++ - secretKey: openshiftPullSecret ++ remoteRef: ++ key: secret/data/hub/openshiftPullSecret ++ property: content ++ - secretKey: sshPublicKey ++ remoteRef: ++ key: secret/data/hub/publickey ++ property: content ++ - secretKey: sshPrivateKey ++ remoteRef: ++ key: secret/data/hub/privatekey ++ property: content ++ - secretKey: azureOsServicePrincipal ++ remoteRef: ++ key: secret/data/hub/azureOsServicePrincipal ++ property: content ++ refreshInterval: 24h0m0s ++ secretStoreRef: ++ name: vault-backend ++ kind: ClusterSecretStore ++ target: ++ name: azure-us-acm-provision-edge-infra-creds ++ creationPolicy: Owner ++ template: ++ type: Opaque ++ metadata: ++ labels: ++ cluster.open-cluster-management.io/credentials: "" ++ cluster.open-cluster-management.io/type: aws ++ data: ++ cloudName: AzurePublicCloud ++ osServicePrincipal.json: |- ++ {{ .azureOsServicePrincipal | toString }} ++ baseDomain: "blueprints.rhecoeng.com" ++ baseDomainResourceGroupName: "dojo-dns-zones" ++ pullSecret: |- ++ {{ .openshiftPullSecret | toString }} ++ ssh-privatekey: |- ++ {{ .sshPrivateKey | toString }} ++ ssh-publickey: |- ++ {{ .sshPublicKey | toString }} ++ httpProxy: "" ++ httpsProxy: "" ++ noProxy: "" ++ additionalTrustBundle: "" ++--- ++# Source: acm/templates/acm/provision/secrets-common.yaml ++apiVersion: external-secrets.io/v1beta1 ++kind: ExternalSecret ++metadata: ++ name: aws-ap-acm-provision-edge-pull-secret ++spec: ++ data: ++ - secretKey: openshiftPullSecret ++ remoteRef: ++ key: secret/data/hub/openshiftPullSecret ++ property: content ++ refreshInterval: 24h0m0s ++ secretStoreRef: ++ name: vault-backend ++ kind: ClusterSecretStore ++ target: ++ name: aws-ap-acm-provision-edge-pull-secret ++ creationPolicy: Owner ++ template: ++ type: kubernetes.io/dockerconfigjson ++ data: ++ .dockerconfigjson: |- ++ {{ .openshiftPullSecret | toString }} ++--- ++# Source: acm/templates/acm/provision/secrets-common.yaml ++apiVersion: external-secrets.io/v1beta1 ++kind: ExternalSecret ++metadata: ++ name: aws-ap-acm-provision-edge-ssh-private-key ++spec: ++ data: ++ - secretKey: sshPrivateKey ++ remoteRef: ++ key: secret/data/hub/privatekey ++ property: content ++ refreshInterval: 24h0m0s ++ secretStoreRef: ++ name: vault-backend ++ kind: ClusterSecretStore ++ target: ++ name: aws-ap-acm-provision-edge-ssh-private-key ++ creationPolicy: Owner ++ template: ++ type: Opaque ++ data: ++ ssh-privatekey: |- ++ {{ .sshPrivateKey | toString }} ++--- ++# Source: acm/templates/acm/provision/secrets-common.yaml ++apiVersion: external-secrets.io/v1beta1 ++kind: ExternalSecret ++metadata: ++ name: azure-us-acm-provision-edge-pull-secret ++spec: ++ data: ++ - secretKey: openshiftPullSecret ++ remoteRef: ++ key: secret/data/hub/openshiftPullSecret ++ property: content ++ refreshInterval: 24h0m0s ++ secretStoreRef: ++ name: vault-backend ++ kind: ClusterSecretStore ++ target: ++ name: azure-us-acm-provision-edge-pull-secret ++ creationPolicy: Owner ++ template: ++ type: kubernetes.io/dockerconfigjson ++ data: ++ .dockerconfigjson: |- ++ {{ .openshiftPullSecret | toString }} ++--- ++# Source: acm/templates/acm/provision/secrets-common.yaml ++apiVersion: external-secrets.io/v1beta1 ++kind: ExternalSecret ++metadata: ++ name: azure-us-acm-provision-edge-ssh-private-key ++spec: ++ data: ++ - secretKey: sshPrivateKey ++ remoteRef: ++ key: secret/data/hub/privatekey ++ property: content ++ refreshInterval: 24h0m0s ++ secretStoreRef: ++ name: vault-backend ++ kind: ClusterSecretStore ++ target: ++ name: azure-us-acm-provision-edge-ssh-private-key ++ creationPolicy: Owner ++ template: ++ type: Opaque ++ data: ++ ssh-privatekey: |- ++ {{ .sshPrivateKey | toString }} ++--- ++# Source: acm/templates/acm/provision/clusterpool.yaml ++apiVersion: cluster.open-cluster-management.io/v1beta1 ++kind: ManagedClusterSet ++metadata: ++ annotations: ++ cluster.open-cluster-management.io/submariner-broker-ns: acm-provision-edge-broker ++ name: acm-provision-edge ++spec: ++ clusterSelector: ++ selectorType: LegacyClusterSetLabel ++--- ++# Source: acm/templates/acm/multiclusterhub.yaml ++apiVersion: operator.open-cluster-management.io/v1 ++kind: MultiClusterHub ++metadata: ++ name: multiclusterhub ++ namespace: open-cluster-management ++ annotations: ++ argocd.argoproj.io/sync-wave: "-1" ++spec: {} ++--- ++# Source: acm/templates/acm/policies/application-policies.yaml ++apiVersion: policy.open-cluster-management.io/v1 ++kind: PlacementBinding ++metadata: ++ name: acm-edge-placement-binding ++ annotations: ++ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true ++placementRef: ++ name: acm-edge-placement ++ kind: PlacementRule ++ apiGroup: apps.open-cluster-management.io ++subjects: ++ - name: acm-edge-clustergroup-policy ++ kind: Policy ++ apiGroup: policy.open-cluster-management.io ++--- ++# Source: acm/templates/acm/policies/application-policies.yaml ++apiVersion: policy.open-cluster-management.io/v1 ++kind: PlacementBinding ++metadata: ++ name: acm-provision-edge-placement-binding ++ annotations: ++ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true ++placementRef: ++ name: acm-provision-edge-placement ++ kind: PlacementRule ++ apiGroup: apps.open-cluster-management.io ++subjects: ++ - name: acm-provision-edge-clustergroup-policy ++ kind: Policy ++ apiGroup: policy.open-cluster-management.io ++--- ++# Source: acm/templates/acm/policies/ocp-gitops-policy.yaml ++apiVersion: policy.open-cluster-management.io/v1 ++kind: PlacementBinding ++metadata: ++ name: openshift-gitops-placement-binding ++ annotations: ++ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true ++placementRef: ++ name: openshift-gitops-placement ++ kind: PlacementRule ++ apiGroup: apps.open-cluster-management.io ++subjects: ++ - name: openshift-gitops-policy ++ kind: Policy ++ apiGroup: policy.open-cluster-management.io ++--- ++# Source: acm/templates/acm/policies/application-policies.yaml ++apiVersion: apps.open-cluster-management.io/v1 ++kind: PlacementRule ++metadata: ++ name: acm-edge-placement ++spec: ++ clusterConditions: ++ - status: 'True' ++ type: ManagedClusterConditionAvailable ++ clusterSelector: ++ matchLabels: ++ clusterGroup: acm-region ++--- ++# Source: acm/templates/acm/policies/application-policies.yaml ++apiVersion: apps.open-cluster-management.io/v1 ++kind: PlacementRule ++metadata: ++ name: acm-provision-edge-placement ++spec: ++ clusterConditions: ++ - status: 'True' ++ type: ManagedClusterConditionAvailable ++ clusterSelector: ++ matchLabels: ++ clusterGroup: region ++--- ++# Source: acm/templates/acm/policies/ocp-gitops-policy.yaml ++apiVersion: apps.open-cluster-management.io/v1 ++kind: PlacementRule ++metadata: ++ name: openshift-gitops-placement ++spec: ++ clusterConditions: ++ - status: 'True' ++ type: ManagedClusterConditionAvailable ++ clusterSelector: ++ matchExpressions: ++ - key: vendor ++ operator: In ++ values: ++ - OpenShift ++--- + # Source: acm/templates/acm/policies/application-policies.yaml + # TODO: Also create a GitOpsCluster.apps.open-cluster-management.io ++apiVersion: policy.open-cluster-management.io/v1 ++kind: Policy ++metadata: ++ name: acm-edge-clustergroup-policy ++ annotations: ++ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true ++ argocd.argoproj.io/compare-options: IgnoreExtraneous ++spec: ++ remediationAction: enforce ++ disabled: false ++ policy-templates: ++ - objectDefinition: ++ apiVersion: policy.open-cluster-management.io/v1 ++ kind: ConfigurationPolicy ++ metadata: ++ name: acm-edge-clustergroup-config ++ spec: ++ remediationAction: enforce ++ severity: medium ++ namespaceSelector: ++ include: ++ - default ++ object-templates: ++ - complianceType: mustonlyhave ++ objectDefinition: ++ apiVersion: argoproj.io/v1alpha1 ++ kind: Application ++ metadata: ++ name: mypattern-acm-edge ++ namespace: openshift-gitops ++ finalizers: ++ - resources-finalizer.argocd.argoproj.io/foreground ++ spec: ++ project: default ++ source: ++ repoURL: https://github.com/pattern-clone/mypattern ++ targetRevision: main ++ path: common/clustergroup ++ helm: ++ ignoreMissingValueFiles: true ++ valueFiles: ++ - "/values-global.yaml" ++ - "/values-acm-edge.yaml" ++ parameters: ++ - name: global.repoURL ++ value: $ARGOCD_APP_SOURCE_REPO_URL ++ - name: global.targetRevision ++ value: $ARGOCD_APP_SOURCE_TARGET_REVISION ++ - name: global.namespace ++ value: $ARGOCD_APP_NAMESPACE ++ - name: global.pattern ++ value: mypattern ++ - name: global.hubClusterDomain ++ value: apps.hub.example.com ++ - name: global.localClusterDomain ++ value: '{{ (lookup "config.openshift.io/v1" "Ingress" "" "cluster").spec.domain }}' ++ # Requires ACM 2.6 or higher ++ - name: global.clusterDomain ++ value: '{{ (lookup "config.openshift.io/v1" "Ingress" "" "cluster").spec.domain | replace "apps." "" }}' ++ - name: clusterGroup.name ++ value: acm-edge ++ - name: clusterGroup.isHubCluster ++ value: "false" ++ destination: ++ server: https://kubernetes.default.svc ++ namespace: mypattern-acm-edge ++ syncPolicy: ++ automated: ++ prune: false ++ selfHeal: true ++ ignoreDifferences: ++ - group: apps ++ kind: Deployment ++ jsonPointers: ++ - /spec/replicas ++ - group: route.openshift.io ++ kind: Route ++ jsonPointers: ++ - /status ++--- ++# Source: acm/templates/acm/policies/application-policies.yaml ++apiVersion: policy.open-cluster-management.io/v1 ++kind: Policy ++metadata: ++ name: acm-provision-edge-clustergroup-policy ++ annotations: ++ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true ++ argocd.argoproj.io/compare-options: IgnoreExtraneous ++spec: ++ remediationAction: enforce ++ disabled: false ++ policy-templates: ++ - objectDefinition: ++ apiVersion: policy.open-cluster-management.io/v1 ++ kind: ConfigurationPolicy ++ metadata: ++ name: acm-provision-edge-clustergroup-config ++ spec: ++ remediationAction: enforce ++ severity: medium ++ namespaceSelector: ++ include: ++ - default ++ object-templates: ++ - complianceType: mustonlyhave ++ objectDefinition: ++ apiVersion: argoproj.io/v1alpha1 ++ kind: Application ++ metadata: ++ name: mypattern-acm-provision-edge ++ namespace: openshift-gitops ++ finalizers: ++ - resources-finalizer.argocd.argoproj.io/foreground ++ spec: ++ project: default ++ source: ++ repoURL: https://github.com/pattern-clone/mypattern ++ targetRevision: main ++ path: common/clustergroup ++ helm: ++ ignoreMissingValueFiles: true ++ valueFiles: ++ - "/values-global.yaml" ++ - "/values-acm-provision-edge.yaml" ++ parameters: ++ - name: global.repoURL ++ value: $ARGOCD_APP_SOURCE_REPO_URL ++ - name: global.targetRevision ++ value: $ARGOCD_APP_SOURCE_TARGET_REVISION ++ - name: global.namespace ++ value: $ARGOCD_APP_NAMESPACE ++ - name: global.pattern ++ value: mypattern ++ - name: global.hubClusterDomain ++ value: apps.hub.example.com ++ - name: global.localClusterDomain ++ value: '{{ (lookup "config.openshift.io/v1" "Ingress" "" "cluster").spec.domain }}' ++ # Requires ACM 2.6 or higher ++ - name: global.clusterDomain ++ value: '{{ (lookup "config.openshift.io/v1" "Ingress" "" "cluster").spec.domain | replace "apps." "" }}' ++ - name: clusterGroup.name ++ value: acm-provision-edge ++ - name: clusterGroup.isHubCluster ++ value: "false" ++ destination: ++ server: https://kubernetes.default.svc ++ namespace: mypattern-acm-provision-edge ++ syncPolicy: ++ automated: ++ prune: false ++ selfHeal: true ++ ignoreDifferences: ++ - group: apps ++ kind: Deployment ++ jsonPointers: ++ - /spec/replicas ++ - group: route.openshift.io ++ kind: Route ++ jsonPointers: ++ - /status ++--- ++# Source: acm/templates/acm/policies/ocp-gitops-policy.yaml ++apiVersion: policy.open-cluster-management.io/v1 ++kind: Policy ++metadata: ++ name: openshift-gitops-policy ++ annotations: ++ policy.open-cluster-management.io/standards: NIST-CSF ++ policy.open-cluster-management.io/categories: PR.DS Data Security ++ policy.open-cluster-management.io/controls: PR.DS-1 Data-at-rest ++ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true ++ argocd.argoproj.io/compare-options: IgnoreExtraneous ++spec: ++ remediationAction: enforce ++ disabled: false ++ policy-templates: ++ - objectDefinition: ++ apiVersion: policy.open-cluster-management.io/v1 ++ kind: ConfigurationPolicy ++ metadata: ++ name: openshift-gitops-config ++ spec: ++ remediationAction: enforce ++ severity: medium ++ namespaceSelector: ++ include: ++ - default ++ object-templates: ++ - complianceType: mustonlyhave ++ objectDefinition: ++ # This is an auto-generated file. DO NOT EDIT ++ apiVersion: operators.coreos.com/v1alpha1 ++ kind: Subscription ++ metadata: ++ name: openshift-gitops-operator ++ namespace: openshift-operators ++ labels: ++ operators.coreos.com/openshift-gitops-operator.openshift-operators: '' ++ spec: ++ channel: stable ++ installPlanApproval: Automatic ++ name: openshift-gitops-operator ++ source: redhat-operators ++ sourceNamespace: openshift-marketplace ++ config: ++ env: ++ - name: ARGOCD_CLUSTER_CONFIG_NAMESPACES ++ value: "*" From 9d4437e71a3a378a8df6e5760fc2436fd8401ee1 Mon Sep 17 00:00:00 2001 From: Andrew Beekhof Date: Mon, 3 Oct 2022 13:59:41 +1100 Subject: [PATCH 2/5] We don't need managedClusterGroups to be global now we have a single chart consuming it --- Changes.md | 2 +- managedClusters/templates/acm/multiclusterhub.yaml | 2 +- .../templates/acm/policies/application-policies.yaml | 2 +- managedClusters/templates/acm/policies/ocp-gitops-policy.yaml | 2 +- managedClusters/templates/acm/provision/clusterpool.yaml | 4 ++-- managedClusters/templates/acm/provision/secrets-aws.yaml | 2 +- managedClusters/templates/acm/provision/secrets-azure.yaml | 2 +- managedClusters/templates/acm/provision/secrets-common.yaml | 2 +- managedClusters/templates/argo/hosted-sites.yaml | 2 +- 9 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Changes.md b/Changes.md index efd27f2b..ec69a394 100644 --- a/Changes.md +++ b/Changes.md @@ -1,7 +1,7 @@ # Changes ## October 3, 2022 -* Support both .Values.global.managedClusterGroups and the old .Values.clusterGroup.managedClusterGroups +* Support both .Values.managedClusterGroups and the old .Values.clusterGroup.managedClusterGroups * Restore the ability to install a non-default site: `make TARGET_SITE=mysite install` * Revised tests (new output and filenames, requires adding new result files to git) * ACM 2.6 required for ACM-based managed sites diff --git a/managedClusters/templates/acm/multiclusterhub.yaml b/managedClusters/templates/acm/multiclusterhub.yaml index 94f017bd..da039682 100644 --- a/managedClusters/templates/acm/multiclusterhub.yaml +++ b/managedClusters/templates/acm/multiclusterhub.yaml @@ -1,5 +1,5 @@ {{- $haveACM := false }} -{{- range coalesce .Values.global.managedClusterGroups .Values.clusterGroup.managedClusterGroups }} +{{- range coalesce .Values.managedClusterGroups .Values.clusterGroup.managedClusterGroups }} {{- if not .hostedArgoSites }} {{- $haveACM = true }} {{- end }} diff --git a/managedClusters/templates/acm/policies/application-policies.yaml b/managedClusters/templates/acm/policies/application-policies.yaml index a0cfc2ba..ef53557f 100644 --- a/managedClusters/templates/acm/policies/application-policies.yaml +++ b/managedClusters/templates/acm/policies/application-policies.yaml @@ -1,5 +1,5 @@ # TODO: Also create a GitOpsCluster.apps.open-cluster-management.io -{{- range coalesce .Values.global.managedClusterGroups .Values.clusterGroup.managedClusterGroups }} +{{- range coalesce .Values.managedClusterGroups .Values.clusterGroup.managedClusterGroups }} {{- $group := . }} {{- if not .hostedArgoSites }} apiVersion: policy.open-cluster-management.io/v1 diff --git a/managedClusters/templates/acm/policies/ocp-gitops-policy.yaml b/managedClusters/templates/acm/policies/ocp-gitops-policy.yaml index 30ad5e93..61028d5f 100644 --- a/managedClusters/templates/acm/policies/ocp-gitops-policy.yaml +++ b/managedClusters/templates/acm/policies/ocp-gitops-policy.yaml @@ -1,5 +1,5 @@ {{- $haveACM := false }} -{{- range coalesce .Values.global.managedClusterGroups .Values.clusterGroup.managedClusterGroups }} +{{- range coalesce .Values.managedClusterGroups .Values.clusterGroup.managedClusterGroups }} {{- if not .hostedArgoSites }} {{- $haveACM = true }} {{- end }} diff --git a/managedClusters/templates/acm/provision/clusterpool.yaml b/managedClusters/templates/acm/provision/clusterpool.yaml index 0b8a9a34..a2f4bb17 100644 --- a/managedClusters/templates/acm/provision/clusterpool.yaml +++ b/managedClusters/templates/acm/provision/clusterpool.yaml @@ -1,4 +1,4 @@ -{{- range coalesce .Values.global.managedClusterGroups .Values.clusterGroup.managedClusterGroups }} +{{- range coalesce .Values.managedClusterGroups .Values.clusterGroup.managedClusterGroups }} {{- $group := . }} {{- if .clusterPools }}{{- /* We only create ManagedClusterSets if there are clusterPools defined */}} apiVersion: cluster.open-cluster-management.io/v1beta1 @@ -84,4 +84,4 @@ spec: {{- end }}{{- /* range .range clusters */}} {{- end }}{{- /* range .clusterPools */}} {{- end }}{{- /* if .clusterPools) */}} -{{- end }}{{- /* range coalesce .Values.global.managedClusterGroups .Values.clusterGroup.managedClusterGroups */}} +{{- end }}{{- /* range coalesce .Values.managedClusterGroups .Values.clusterGroup.managedClusterGroups */}} diff --git a/managedClusters/templates/acm/provision/secrets-aws.yaml b/managedClusters/templates/acm/provision/secrets-aws.yaml index 0ea4ec8a..c65e986b 100644 --- a/managedClusters/templates/acm/provision/secrets-aws.yaml +++ b/managedClusters/templates/acm/provision/secrets-aws.yaml @@ -1,4 +1,4 @@ -{{- range coalesce .Values.global.managedClusterGroups .Values.clusterGroup.managedClusterGroups }} +{{- range coalesce .Values.managedClusterGroups .Values.clusterGroup.managedClusterGroups }} {{- $group := . }} {{- range .clusterPools }} {{- $poolName := print .name "-" $group.name }} diff --git a/managedClusters/templates/acm/provision/secrets-azure.yaml b/managedClusters/templates/acm/provision/secrets-azure.yaml index 6f054737..306b8613 100644 --- a/managedClusters/templates/acm/provision/secrets-azure.yaml +++ b/managedClusters/templates/acm/provision/secrets-azure.yaml @@ -1,4 +1,4 @@ -{{- range coalesce .Values.global.managedClusterGroups .Values.clusterGroup.managedClusterGroups }} +{{- range coalesce .Values.managedClusterGroups .Values.clusterGroup.managedClusterGroups }} {{- $group := . }} {{- range .clusterPools }} {{- $poolName := print .name "-" $group.name }} diff --git a/managedClusters/templates/acm/provision/secrets-common.yaml b/managedClusters/templates/acm/provision/secrets-common.yaml index f95091dd..892cbd9a 100644 --- a/managedClusters/templates/acm/provision/secrets-common.yaml +++ b/managedClusters/templates/acm/provision/secrets-common.yaml @@ -1,4 +1,4 @@ -{{- range coalesce .Values.global.managedClusterGroups .Values.clusterGroup.managedClusterGroups }} +{{- range coalesce .Values.managedClusterGroups .Values.clusterGroup.managedClusterGroups }} {{- $group := . }} {{- range .clusterPools }} {{- $poolName := print .name "-" $group.name }} diff --git a/managedClusters/templates/argo/hosted-sites.yaml b/managedClusters/templates/argo/hosted-sites.yaml index 0f605715..a48dd9bc 100644 --- a/managedClusters/templates/argo/hosted-sites.yaml +++ b/managedClusters/templates/argo/hosted-sites.yaml @@ -1,4 +1,4 @@ -{{- range coalesce .Values.global.managedClusterGroups .Values.clusterGroup.managedClusterGroups }} +{{- range coalesce .Values.managedClusterGroups .Values.clusterGroup.managedClusterGroups }} {{- $group := . }} {{- if .hostedArgoSites }} apiVersion: argoproj.io/v1alpha1 From d68b7c115ddfd787c8666007ae615d0255323371 Mon Sep 17 00:00:00 2001 From: Andrew Beekhof Date: Mon, 3 Oct 2022 14:03:55 +1100 Subject: [PATCH 3/5] Explicitly set the namespace for acm objects --- .../templates/acm/policies/application-policies.yaml | 3 +++ .../templates/acm/policies/ocp-gitops-policy.yaml | 3 +++ tests/managedClusters-normal.expected.yml | 9 +++++++++ tests/managedClusters.expected.diff | 11 ++++++++++- 4 files changed, 25 insertions(+), 1 deletion(-) diff --git a/managedClusters/templates/acm/policies/application-policies.yaml b/managedClusters/templates/acm/policies/application-policies.yaml index ef53557f..5cac4f2d 100644 --- a/managedClusters/templates/acm/policies/application-policies.yaml +++ b/managedClusters/templates/acm/policies/application-policies.yaml @@ -6,6 +6,7 @@ apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: name: {{ .name }}-clustergroup-policy + namespace: open-cluster-management annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true argocd.argoproj.io/compare-options: IgnoreExtraneous @@ -98,6 +99,7 @@ apiVersion: policy.open-cluster-management.io/v1 kind: PlacementBinding metadata: name: {{ .name }}-placement-binding + namespace: open-cluster-management annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true placementRef: @@ -113,6 +115,7 @@ apiVersion: apps.open-cluster-management.io/v1 kind: PlacementRule metadata: name: {{ .name }}-placement + namespace: open-cluster-management spec: clusterConditions: - status: 'True' diff --git a/managedClusters/templates/acm/policies/ocp-gitops-policy.yaml b/managedClusters/templates/acm/policies/ocp-gitops-policy.yaml index 61028d5f..887aa111 100644 --- a/managedClusters/templates/acm/policies/ocp-gitops-policy.yaml +++ b/managedClusters/templates/acm/policies/ocp-gitops-policy.yaml @@ -9,6 +9,7 @@ apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: name: openshift-gitops-policy + namespace: open-cluster-management annotations: policy.open-cluster-management.io/standards: NIST-CSF policy.open-cluster-management.io/categories: PR.DS Data Security @@ -56,6 +57,7 @@ apiVersion: policy.open-cluster-management.io/v1 kind: PlacementBinding metadata: name: openshift-gitops-placement-binding + namespace: open-cluster-management annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true placementRef: @@ -71,6 +73,7 @@ apiVersion: apps.open-cluster-management.io/v1 kind: PlacementRule metadata: name: openshift-gitops-placement + namespace: open-cluster-management spec: clusterConditions: - status: 'True' diff --git a/tests/managedClusters-normal.expected.yml b/tests/managedClusters-normal.expected.yml index 4aeffb30..80ab3c89 100644 --- a/tests/managedClusters-normal.expected.yml +++ b/tests/managedClusters-normal.expected.yml @@ -666,6 +666,7 @@ apiVersion: policy.open-cluster-management.io/v1 kind: PlacementBinding metadata: name: acm-edge-placement-binding + namespace: open-cluster-management annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true placementRef: @@ -682,6 +683,7 @@ apiVersion: policy.open-cluster-management.io/v1 kind: PlacementBinding metadata: name: acm-provision-edge-placement-binding + namespace: open-cluster-management annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true placementRef: @@ -698,6 +700,7 @@ apiVersion: policy.open-cluster-management.io/v1 kind: PlacementBinding metadata: name: openshift-gitops-placement-binding + namespace: open-cluster-management annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true placementRef: @@ -714,6 +717,7 @@ apiVersion: apps.open-cluster-management.io/v1 kind: PlacementRule metadata: name: acm-edge-placement + namespace: open-cluster-management spec: clusterConditions: - status: 'True' @@ -727,6 +731,7 @@ apiVersion: apps.open-cluster-management.io/v1 kind: PlacementRule metadata: name: acm-provision-edge-placement + namespace: open-cluster-management spec: clusterConditions: - status: 'True' @@ -740,6 +745,7 @@ apiVersion: apps.open-cluster-management.io/v1 kind: PlacementRule metadata: name: openshift-gitops-placement + namespace: open-cluster-management spec: clusterConditions: - status: 'True' @@ -757,6 +763,7 @@ apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: name: acm-edge-clustergroup-policy + namespace: open-cluster-management annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true argocd.argoproj.io/compare-options: IgnoreExtraneous @@ -838,6 +845,7 @@ apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: name: acm-provision-edge-clustergroup-policy + namespace: open-cluster-management annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true argocd.argoproj.io/compare-options: IgnoreExtraneous @@ -919,6 +927,7 @@ apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: name: openshift-gitops-policy + namespace: open-cluster-management annotations: policy.open-cluster-management.io/standards: NIST-CSF policy.open-cluster-management.io/categories: PR.DS Data Security diff --git a/tests/managedClusters.expected.diff b/tests/managedClusters.expected.diff index cf17a3ff..1001fad5 100644 --- a/tests/managedClusters.expected.diff +++ b/tests/managedClusters.expected.diff @@ -1,6 +1,6 @@ --- tests/managedClusters-naked.expected.yml +++ tests/managedClusters-normal.expected.yml -@@ -1,3 +1,963 @@ +@@ -1,3 +1,972 @@ --- +# Source: acm/templates/acm/provision/secrets-common.yaml +apiVersion: v1 @@ -669,6 +669,7 @@ +kind: PlacementBinding +metadata: + name: acm-edge-placement-binding ++ namespace: open-cluster-management + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true +placementRef: @@ -685,6 +686,7 @@ +kind: PlacementBinding +metadata: + name: acm-provision-edge-placement-binding ++ namespace: open-cluster-management + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true +placementRef: @@ -701,6 +703,7 @@ +kind: PlacementBinding +metadata: + name: openshift-gitops-placement-binding ++ namespace: open-cluster-management + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true +placementRef: @@ -717,6 +720,7 @@ +kind: PlacementRule +metadata: + name: acm-edge-placement ++ namespace: open-cluster-management +spec: + clusterConditions: + - status: 'True' @@ -730,6 +734,7 @@ +kind: PlacementRule +metadata: + name: acm-provision-edge-placement ++ namespace: open-cluster-management +spec: + clusterConditions: + - status: 'True' @@ -743,6 +748,7 @@ +kind: PlacementRule +metadata: + name: openshift-gitops-placement ++ namespace: open-cluster-management +spec: + clusterConditions: + - status: 'True' @@ -760,6 +766,7 @@ +kind: Policy +metadata: + name: acm-edge-clustergroup-policy ++ namespace: open-cluster-management + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/compare-options: IgnoreExtraneous @@ -841,6 +848,7 @@ +kind: Policy +metadata: + name: acm-provision-edge-clustergroup-policy ++ namespace: open-cluster-management + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/compare-options: IgnoreExtraneous @@ -922,6 +930,7 @@ +kind: Policy +metadata: + name: openshift-gitops-policy ++ namespace: open-cluster-management + annotations: + policy.open-cluster-management.io/standards: NIST-CSF + policy.open-cluster-management.io/categories: PR.DS Data Security From 5db2c7e1e159db4901dfe48733365b53ec191a29 Mon Sep 17 00:00:00 2001 From: Andrew Beekhof Date: Mon, 3 Oct 2022 14:04:49 +1100 Subject: [PATCH 4/5] Update the example to point to the new chart path --- clustergroup/test.yaml | 2 +- examples/values-example.yaml | 2 +- tests/clustergroup-normal.expected.yml | 4 ++-- tests/clustergroup.expected.diff | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/clustergroup/test.yaml b/clustergroup/test.yaml index 5db2e4a6..de3f8e49 100644 --- a/clustergroup/test.yaml +++ b/clustergroup/test.yaml @@ -32,7 +32,7 @@ clusterGroup: name: acm namespace: open-cluster-management project: hub - path: common/acm + path: common/managedClusters ignoreDifferences: - group: internal.open-cluster-management.io kind: ManagedClusterInfo diff --git a/examples/values-example.yaml b/examples/values-example.yaml index 81bbcf10..cb3e99c0 100644 --- a/examples/values-example.yaml +++ b/examples/values-example.yaml @@ -36,7 +36,7 @@ clusterGroup: name: acm namespace: open-cluster-management project: datacenter - path: common/acm + path: common/managedClusters ignoreDifferences: - group: internal.open-cluster-management.io kind: ManagedClusterInfo diff --git a/tests/clustergroup-normal.expected.yml b/tests/clustergroup-normal.expected.yml index 9c7966ea..8fbd481f 100644 --- a/tests/clustergroup-normal.expected.yml +++ b/tests/clustergroup-normal.expected.yml @@ -66,7 +66,7 @@ data: kind: ManagedClusterInfo name: acm namespace: open-cluster-management - path: common/acm + path: common/managedClusters project: datacenter pipe: name: pipelines @@ -503,7 +503,7 @@ spec: source: repoURL: https://github.com/pattern-clone/mypattern targetRevision: main - path: common/acm + path: common/managedClusters helm: ignoreMissingValueFiles: true valueFiles: diff --git a/tests/clustergroup.expected.diff b/tests/clustergroup.expected.diff index 4efa0e96..418a8e8a 100644 --- a/tests/clustergroup.expected.diff +++ b/tests/clustergroup.expected.diff @@ -71,7 +71,7 @@ + kind: ManagedClusterInfo + name: acm + namespace: open-cluster-management -+ path: common/acm ++ path: common/managedClusters + project: datacenter + pipe: + name: pipelines @@ -494,7 +494,7 @@ + source: + repoURL: https://github.com/pattern-clone/mypattern + targetRevision: main -+ path: common/acm ++ path: common/managedClusters + helm: + ignoreMissingValueFiles: true + valueFiles: From 1f0988e2b849b285dbd168d5ffaa6948740cb72f Mon Sep 17 00:00:00 2001 From: Andrew Beekhof Date: Mon, 3 Oct 2022 14:12:55 +1100 Subject: [PATCH 5/5] Helm doesn't like camelcase --- clustergroup/test.yaml | 2 +- examples/values-example.yaml | 2 +- {managedClusters => managedclusters}/.helmignore | 0 {managedClusters => managedclusters}/Chart.yaml | 0 .../templates/acm/multiclusterhub.yaml | 0 .../templates/acm/policies/application-policies.yaml | 0 .../templates/acm/policies/ocp-gitops-policy.yaml | 0 .../templates/acm/provision/_install-config.tpl | 0 .../templates/acm/provision/clusterpool.yaml | 0 .../templates/acm/provision/secrets-aws.yaml | 0 .../templates/acm/provision/secrets-azure.yaml | 0 .../templates/acm/provision/secrets-common.yaml | 0 .../templates/argo/hosted-sites.yaml | 0 {managedClusters => managedclusters}/test.yaml | 0 {managedClusters => managedclusters}/values.yaml | 0 tests/clustergroup-normal.expected.yml | 4 ++-- tests/clustergroup.expected.diff | 4 ++-- ...-naked.expected.yml => managedclusters-naked.expected.yml} | 0 ...ormal.expected.yml => managedclusters-normal.expected.yml} | 0 ...edClusters.expected.diff => managedclusters.expected.diff} | 4 ++-- 20 files changed, 8 insertions(+), 8 deletions(-) rename {managedClusters => managedclusters}/.helmignore (100%) rename {managedClusters => managedclusters}/Chart.yaml (100%) rename {managedClusters => managedclusters}/templates/acm/multiclusterhub.yaml (100%) rename {managedClusters => managedclusters}/templates/acm/policies/application-policies.yaml (100%) rename {managedClusters => managedclusters}/templates/acm/policies/ocp-gitops-policy.yaml (100%) rename {managedClusters => managedclusters}/templates/acm/provision/_install-config.tpl (100%) rename {managedClusters => managedclusters}/templates/acm/provision/clusterpool.yaml (100%) rename {managedClusters => managedclusters}/templates/acm/provision/secrets-aws.yaml (100%) rename {managedClusters => managedclusters}/templates/acm/provision/secrets-azure.yaml (100%) rename {managedClusters => managedclusters}/templates/acm/provision/secrets-common.yaml (100%) rename {managedClusters => managedclusters}/templates/argo/hosted-sites.yaml (100%) rename {managedClusters => managedclusters}/test.yaml (100%) rename {managedClusters => managedclusters}/values.yaml (100%) rename tests/{managedClusters-naked.expected.yml => managedclusters-naked.expected.yml} (100%) rename tests/{managedClusters-normal.expected.yml => managedclusters-normal.expected.yml} (100%) rename tests/{managedClusters.expected.diff => managedclusters.expected.diff} (99%) diff --git a/clustergroup/test.yaml b/clustergroup/test.yaml index de3f8e49..f7b75b41 100644 --- a/clustergroup/test.yaml +++ b/clustergroup/test.yaml @@ -32,7 +32,7 @@ clusterGroup: name: acm namespace: open-cluster-management project: hub - path: common/managedClusters + path: common/managedclusters ignoreDifferences: - group: internal.open-cluster-management.io kind: ManagedClusterInfo diff --git a/examples/values-example.yaml b/examples/values-example.yaml index cb3e99c0..bea8cc43 100644 --- a/examples/values-example.yaml +++ b/examples/values-example.yaml @@ -36,7 +36,7 @@ clusterGroup: name: acm namespace: open-cluster-management project: datacenter - path: common/managedClusters + path: common/managedclusters ignoreDifferences: - group: internal.open-cluster-management.io kind: ManagedClusterInfo diff --git a/managedClusters/.helmignore b/managedclusters/.helmignore similarity index 100% rename from managedClusters/.helmignore rename to managedclusters/.helmignore diff --git a/managedClusters/Chart.yaml b/managedclusters/Chart.yaml similarity index 100% rename from managedClusters/Chart.yaml rename to managedclusters/Chart.yaml diff --git a/managedClusters/templates/acm/multiclusterhub.yaml b/managedclusters/templates/acm/multiclusterhub.yaml similarity index 100% rename from managedClusters/templates/acm/multiclusterhub.yaml rename to managedclusters/templates/acm/multiclusterhub.yaml diff --git a/managedClusters/templates/acm/policies/application-policies.yaml b/managedclusters/templates/acm/policies/application-policies.yaml similarity index 100% rename from managedClusters/templates/acm/policies/application-policies.yaml rename to managedclusters/templates/acm/policies/application-policies.yaml diff --git a/managedClusters/templates/acm/policies/ocp-gitops-policy.yaml b/managedclusters/templates/acm/policies/ocp-gitops-policy.yaml similarity index 100% rename from managedClusters/templates/acm/policies/ocp-gitops-policy.yaml rename to managedclusters/templates/acm/policies/ocp-gitops-policy.yaml diff --git a/managedClusters/templates/acm/provision/_install-config.tpl b/managedclusters/templates/acm/provision/_install-config.tpl similarity index 100% rename from managedClusters/templates/acm/provision/_install-config.tpl rename to managedclusters/templates/acm/provision/_install-config.tpl diff --git a/managedClusters/templates/acm/provision/clusterpool.yaml b/managedclusters/templates/acm/provision/clusterpool.yaml similarity index 100% rename from managedClusters/templates/acm/provision/clusterpool.yaml rename to managedclusters/templates/acm/provision/clusterpool.yaml diff --git a/managedClusters/templates/acm/provision/secrets-aws.yaml b/managedclusters/templates/acm/provision/secrets-aws.yaml similarity index 100% rename from managedClusters/templates/acm/provision/secrets-aws.yaml rename to managedclusters/templates/acm/provision/secrets-aws.yaml diff --git a/managedClusters/templates/acm/provision/secrets-azure.yaml b/managedclusters/templates/acm/provision/secrets-azure.yaml similarity index 100% rename from managedClusters/templates/acm/provision/secrets-azure.yaml rename to managedclusters/templates/acm/provision/secrets-azure.yaml diff --git a/managedClusters/templates/acm/provision/secrets-common.yaml b/managedclusters/templates/acm/provision/secrets-common.yaml similarity index 100% rename from managedClusters/templates/acm/provision/secrets-common.yaml rename to managedclusters/templates/acm/provision/secrets-common.yaml diff --git a/managedClusters/templates/argo/hosted-sites.yaml b/managedclusters/templates/argo/hosted-sites.yaml similarity index 100% rename from managedClusters/templates/argo/hosted-sites.yaml rename to managedclusters/templates/argo/hosted-sites.yaml diff --git a/managedClusters/test.yaml b/managedclusters/test.yaml similarity index 100% rename from managedClusters/test.yaml rename to managedclusters/test.yaml diff --git a/managedClusters/values.yaml b/managedclusters/values.yaml similarity index 100% rename from managedClusters/values.yaml rename to managedclusters/values.yaml diff --git a/tests/clustergroup-normal.expected.yml b/tests/clustergroup-normal.expected.yml index 8fbd481f..b90f5677 100644 --- a/tests/clustergroup-normal.expected.yml +++ b/tests/clustergroup-normal.expected.yml @@ -66,7 +66,7 @@ data: kind: ManagedClusterInfo name: acm namespace: open-cluster-management - path: common/managedClusters + path: common/managedclusters project: datacenter pipe: name: pipelines @@ -503,7 +503,7 @@ spec: source: repoURL: https://github.com/pattern-clone/mypattern targetRevision: main - path: common/managedClusters + path: common/managedclusters helm: ignoreMissingValueFiles: true valueFiles: diff --git a/tests/clustergroup.expected.diff b/tests/clustergroup.expected.diff index 418a8e8a..93397c39 100644 --- a/tests/clustergroup.expected.diff +++ b/tests/clustergroup.expected.diff @@ -71,7 +71,7 @@ + kind: ManagedClusterInfo + name: acm + namespace: open-cluster-management -+ path: common/managedClusters ++ path: common/managedclusters + project: datacenter + pipe: + name: pipelines @@ -494,7 +494,7 @@ + source: + repoURL: https://github.com/pattern-clone/mypattern + targetRevision: main -+ path: common/managedClusters ++ path: common/managedclusters + helm: + ignoreMissingValueFiles: true + valueFiles: diff --git a/tests/managedClusters-naked.expected.yml b/tests/managedclusters-naked.expected.yml similarity index 100% rename from tests/managedClusters-naked.expected.yml rename to tests/managedclusters-naked.expected.yml diff --git a/tests/managedClusters-normal.expected.yml b/tests/managedclusters-normal.expected.yml similarity index 100% rename from tests/managedClusters-normal.expected.yml rename to tests/managedclusters-normal.expected.yml diff --git a/tests/managedClusters.expected.diff b/tests/managedclusters.expected.diff similarity index 99% rename from tests/managedClusters.expected.diff rename to tests/managedclusters.expected.diff index 1001fad5..082f2bd5 100644 --- a/tests/managedClusters.expected.diff +++ b/tests/managedclusters.expected.diff @@ -1,5 +1,5 @@ ---- tests/managedClusters-naked.expected.yml -+++ tests/managedClusters-normal.expected.yml +--- tests/managedclusters-naked.expected.yml ++++ tests/managedclusters-normal.expected.yml @@ -1,3 +1,972 @@ --- +# Source: acm/templates/acm/provision/secrets-common.yaml