From e721e9a6d3bd11f57830e0e8afd4329504f044a4 Mon Sep 17 00:00:00 2001 From: Denilson Nastacio Date: Sat, 9 Sep 2023 21:18:28 -0400 Subject: [PATCH] fix: Update CP4S to 1.10.15 Signed-off-by: Denilson Nastacio --- README.md | 4 ++-- .../cp-shared/templates/0050-sync-cp4s-config-map.yaml | 4 +++- .../cp4s/templates/00-presync-adjust-parameters.yaml | 7 +++++++ config/argocd-cloudpaks/cp4s/templates/cp4s-all-app.yaml | 4 ++++ config/argocd-cloudpaks/cp4s/templates/cp4s-app.yaml | 4 ++++ config/argocd-cloudpaks/cp4s/values.yaml | 3 +++ config/cloudpaks/cp4s/Chart.yaml | 4 ++-- .../cp4s/templates/resources/200-cp4s-threat-mgmt.yaml | 3 +++ .../cloudpaks/cp4s/templates/resources/220-openldap.yaml | 6 +++--- config/cloudpaks/cp4s/values.yaml | 3 +++ tests/prebuild/yamllint-config.yaml | 1 + 11 files changed, 35 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index a925a25a..150f6d4d 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,7 @@ Supported versions: | Cloud Pak for Business Automation | [22.0.2](https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/22.0.2) | Multi-pattern starter deployment | | Cloud Pak for Data | [4.7.2](https://www.ibm.com/docs/en/cloud-paks/cp-data/4.7.x?topic=overview) | Online, specialized installation | | Cloud Pak for Integration | [2023.2](https://www.ibm.com/docs/en/cloud-paks/cp-integration/2023.2) | Online installation | -| Cloud Pak for Security | [1.10.12](https://www.ibm.com/docs/en/cloud-paks/cp-security/1.10) | Online installation | +| Cloud Pak for Security | [1.10.15](https://www.ibm.com/docs/en/cloud-paks/cp-security/1.10) | Online installation | | Cloud Pak for Watson AIOps | [4.1.2](https://www.ibm.com/docs/en/cloud-paks/cloud-pak-watson-aiops/4.1.2) | Starter Installation | ### Shared cluster @@ -47,7 +47,7 @@ Starting with the v0.22 release, it is possible to deploy Cloud Paks using dedic At the root of this configuration, lies a pre-synchronization hook inside the `cp-shared` application, which creates a default "common-service-maps" ConfigMap under the `kube-public` namespace, according to the instructions listed under -Note that if you want to enable this feature and customize the target namespaces for Cloud Paks, you must update the parameters to the `cp-shared-app` application to override that default location. +Note that if you want to enable this feature and customize the target namespaces for Cloud Paks, you must update the parameters to the `cp-shared-app` application to override that default location. ### GitOps diff --git a/config/argocd-cloudpaks/cp-shared/templates/0050-sync-cp4s-config-map.yaml b/config/argocd-cloudpaks/cp-shared/templates/0050-sync-cp4s-config-map.yaml index 7824e474..823791e9 100644 --- a/config/argocd-cloudpaks/cp-shared/templates/0050-sync-cp4s-config-map.yaml +++ b/config/argocd-cloudpaks/cp-shared/templates/0050-sync-cp4s-config-map.yaml @@ -123,10 +123,12 @@ spec: oc get configmap "${config_map_name}" \ --namespace "${ARGOCD_NAMESPACE}" > /dev/null 2>&1 \ && oc patch configmap "${config_map_name}" \ - --patch "{\"data\":{\"cluster_domain\":\"${ocp_domain}\", \"roks_authentication\":\"${cp4s_roks_auth}\", \"serviceaccount.argocd_application_controller\":\"{{.Values.serviceaccount.argocd_application_controller}}\", \"storageclass.rwo\":\"${storage_class_rwo}\" }}" \ + --patch "{\"data\":{\"cluster_domain\":\"${ocp_domain}\", \"dedicated_cs_enabled\":\"{{.Values.dedicated_cs.enabled}}\", \"dedicated_cs_namespace\":\"{{.Values.dedicated_cs.control_namespace}}\", \"roks_authentication\":\"${cp4s_roks_auth}\", \"serviceaccount.argocd_application_controller\":\"{{.Values.serviceaccount.argocd_application_controller}}\", \"storageclass.rwo\":\"${storage_class_rwo}\" }}" \ --namespace "${ARGOCD_NAMESPACE}" \ || oc create configmap "${config_map_name}" \ --from-literal=cluster_domain="${ocp_domain}" \ + --from-literal=dedicated_cs_enabled="{{.Values.dedicated_cs.enabled}}" \ + --from-literal=dedicated_cs_namespace="{{.Values.dedicated_cs.enabled}}" \ --from-literal=roks_authentication="${cp4s_roks_auth}" \ --from-literal=serviceaccount.argocd_application_controller="{{.Values.serviceaccount.argocd_application_controller}}" \ --from-literal=storageclass.rwo="${storage_class_rwo}" diff --git a/config/argocd-cloudpaks/cp4s/templates/00-presync-adjust-parameters.yaml b/config/argocd-cloudpaks/cp4s/templates/00-presync-adjust-parameters.yaml index 12aeea11..3cc80d2b 100644 --- a/config/argocd-cloudpaks/cp4s/templates/00-presync-adjust-parameters.yaml +++ b/config/argocd-cloudpaks/cp4s/templates/00-presync-adjust-parameters.yaml @@ -46,6 +46,11 @@ spec: roks_authentication=$(oc get configmap argocd-cp4s-config \ --namespace "${ARGOCD_NAMESPACE}" -o jsonpath='{.data.roks_authentication}') + dedicated_cs_enabled=$(oc get configmap argocd-cp4s-config \ + --namespace "${ARGOCD_NAMESPACE}" -o jsonpath='{.data.dedicated_cs_enabled}') + dedicated_cs_namespace=$(oc get configmap argocd-cp4s-config \ + --namespace "${ARGOCD_NAMESPACE}" -o jsonpath='{.data.dedicated_cs_namespace}') + echo "INFO: Install Argo CLI." # Install it from cluster, not from Internet, so airgap scenarios still work argo_route=openshift-gitops-server @@ -66,6 +71,8 @@ spec: app_name=cp4s-app echo "INFO: Patching storage for ${app_name}." \ && "${argo_cmd}" app set "${app_name}" \ + --helm-set-string dedicated_cs.enabled="${dedicated_cs_enabled}" \ + --helm-set-string dedicated_cs.namespace="${dedicated_cs_namespace}" \ --helm-set-string cluster_domain="${cluster_domain}" \ --helm-set-string roks_authentication="${roks_authentication}" \ --helm-set-string storageclass.rwo="${storage_class_rwo}" \ diff --git a/config/argocd-cloudpaks/cp4s/templates/cp4s-all-app.yaml b/config/argocd-cloudpaks/cp4s/templates/cp4s-all-app.yaml index 61c4eaff..93374652 100644 --- a/config/argocd-cloudpaks/cp4s/templates/cp4s-all-app.yaml +++ b/config/argocd-cloudpaks/cp4s/templates/cp4s-all-app.yaml @@ -22,6 +22,10 @@ spec: value: {{.Values.admin_user}} - name: cluster_domain value: {{.Values.cluster_domain}} + - name: dedicated_cs.control_namespace + value: "{{.Values.dedicated_cs.control_namespace}}" + - name: dedicated_cs.enabled + value: "{{.Values.dedicated_cs.enabled}}" - name: metadata.argocd_app_namespace value: {{.Values.metadata.argocd_app_namespace}} - name: repoURL diff --git a/config/argocd-cloudpaks/cp4s/templates/cp4s-app.yaml b/config/argocd-cloudpaks/cp4s/templates/cp4s-app.yaml index 127268c0..113f2213 100644 --- a/config/argocd-cloudpaks/cp4s/templates/cp4s-app.yaml +++ b/config/argocd-cloudpaks/cp4s/templates/cp4s-app.yaml @@ -27,6 +27,10 @@ spec: value: {{.Values.admin_user}} - name: cluster_domain value: {{.Values.cluster_domain}} + - name: dedicated_cs.control_namespace + value: "{{.Values.dedicated_cs.control_namespace}}" + - name: dedicated_cs.enabled + value: "{{.Values.dedicated_cs.enabled}}" - name: metadata.argocd_app_namespace value: {{.Values.metadata.argocd_app_namespace}} - name: metadata.operators_namespace diff --git a/config/argocd-cloudpaks/cp4s/values.yaml b/config/argocd-cloudpaks/cp4s/values.yaml index 6c910718..806fb70d 100644 --- a/config/argocd-cloudpaks/cp4s/values.yaml +++ b/config/argocd-cloudpaks/cp4s/values.yaml @@ -9,5 +9,8 @@ serviceaccount: metadata: argocd_app_namespace: cp4s argocd_namespace: openshift-gitops +dedicated_cs: + control_namespace: cs-control + enabled: false storageclass: rwo: ocs-storagecluster-ceph-rbd diff --git a/config/cloudpaks/cp4s/Chart.yaml b/config/cloudpaks/cp4s/Chart.yaml index 63c584c6..a1258a4b 100644 --- a/config/cloudpaks/cp4s/Chart.yaml +++ b/config/cloudpaks/cp4s/Chart.yaml @@ -16,9 +16,9 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.3.2 +version: 0.3.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 1.10.12 +appVersion: 1.10.15 diff --git a/config/cloudpaks/cp4s/templates/resources/200-cp4s-threat-mgmt.yaml b/config/cloudpaks/cp4s/templates/resources/200-cp4s-threat-mgmt.yaml index 3ed6c53c..52c719c3 100644 --- a/config/cloudpaks/cp4s/templates/resources/200-cp4s-threat-mgmt.yaml +++ b/config/cloudpaks/cp4s/templates/resources/200-cp4s-threat-mgmt.yaml @@ -15,13 +15,16 @@ spec: storageClass: {{.Values.storageclass.rwo}} extendedDeploymentConfiguration: airgapInstall: false + clusterProxy: false backupStorageClass: {{.Values.storageclass.rwo}} backupStorageSize: "" imagePullPolicy: IfNotPresent repository: cp.icr.io/cp/cp4s repositoryType: entitled roksAuthentication: {{.Values.roks_authentication}} +{{ if eq ( default "false" .Values.dedicated_cs.enabled ) "true" }} CSNamespace: "{{.Values.metadata.argocd_app_namespace}}-cs" +{{ end }} threatManagementCapabilities: deployDRC: true deployRiskManager: true diff --git a/config/cloudpaks/cp4s/templates/resources/220-openldap.yaml b/config/cloudpaks/cp4s/templates/resources/220-openldap.yaml index e9007f5a..20a69516 100644 --- a/config/cloudpaks/cp4s/templates/resources/220-openldap.yaml +++ b/config/cloudpaks/cp4s/templates/resources/220-openldap.yaml @@ -4,7 +4,7 @@ kind: Job metadata: annotations: argocd.argoproj.io/hook: Sync - argocd.argoproj.io/sync-wave: "220" + argocd.argoproj.io/sync-wave: "200" name: cp4s-openldap namespace: {{.Values.metadata.argocd_namespace}} spec: @@ -54,7 +54,7 @@ spec: --inplace \ --partial \ --append \ - --progress $pod_name:/opt/bin/linux/cpctl ./cpctl \ + --progress ${pod_name:?}:/opt/bin/linux/cpctl ./cpctl \ && chmod +x ./cpctl \ || result=1 @@ -79,4 +79,4 @@ spec: restartPolicy: Never serviceAccountName: {{.Values.serviceaccount.ibm_cloudpaks_installer}} - backoffLimit: 2 + backoffLimit: 12 diff --git a/config/cloudpaks/cp4s/values.yaml b/config/cloudpaks/cp4s/values.yaml index 7bd275eb..fa40373b 100644 --- a/config/cloudpaks/cp4s/values.yaml +++ b/config/cloudpaks/cp4s/values.yaml @@ -4,6 +4,9 @@ cluster_domain: "to_be_set_by_presync_job" metadata: argocd_app_namespace: ibm-cloudpaks argocd_namespace: openshift-gitops +dedicated_cs: + control_namespace: cs-control + enabled: false serviceaccount: argocd_application_controller: openshift-gitops-argocd-application-controller ibm_cloudpaks_installer: ibm-cloudpaks-installer diff --git a/tests/prebuild/yamllint-config.yaml b/tests/prebuild/yamllint-config.yaml index 706f2e21..80e87b01 100644 --- a/tests/prebuild/yamllint-config.yaml +++ b/tests/prebuild/yamllint-config.yaml @@ -10,6 +10,7 @@ ignore: | config/cloudpaks/cp4a/operators/templates/0100-operator-group.yaml config/cloudpaks/cp4i/install-prereqs/templates/0000-namespace.yaml config/cloudpaks/cp4i/install-prereqs/templates/0100-operator-group.yaml + config/cloudpaks/cp4s/templates/resources/200-cp4s-threat-mgmt.yaml config/cloudpaks/cp4s/templates/subscriptions/050-cp4s-operator-group.yaml config/cloudpaks/cp4waiops/install-aimgr/templates/subscriptions/050-operator-group.yaml config/rhacm/cloudpaks/templates/placement-argocd.yaml