From 7c04e30dcac253175311cbd535b07351f482c179 Mon Sep 17 00:00:00 2001 From: Thomas Jungbauer Date: Sun, 23 Jun 2024 06:30:13 +0200 Subject: [PATCH 1/2] adding helper-operator, helper-status-checker and update-clusterversion as first test --- _templates.gotmpl | 70 +++++++++ charts/helper-operator/Chart.yaml | 14 ++ charts/helper-operator/LICENSE | 13 ++ charts/helper-operator/README.md | 145 ++++++++++++++++++ charts/helper-operator/README.md.gotmpl | 73 +++++++++ charts/helper-operator/templates/_helpers.tpl | 51 ++++++ .../jobs/enable_console_plugin-crb.yaml | 23 +++ .../jobs/enable_console_plugin-role.yaml | 25 +++ .../jobs/enable_console_plugin-sa.yaml | 16 ++ .../templates/jobs/enable_console_plugin.yaml | 56 +++++++ .../helper-operator/templates/namespace.yaml | 24 +++ .../templates/operators/operatorgroup.yaml | 25 +++ .../templates/operators/subscription.yaml | 70 +++++++++ charts/helper-operator/values.yaml | 131 ++++++++++++++++ charts/helper-status-checker/Chart.yaml | 13 ++ charts/helper-status-checker/LICENSE | 13 ++ charts/helper-status-checker/README.md | 96 ++++++++++++ charts/helper-status-checker/README.md.gotmpl | 42 +++++ .../templates/_helpers.tpl | 69 +++++++++ .../templates/check_if_operator_is_ready.yaml | 141 +++++++++++++++++ .../templates/clusterrole.yaml | 30 ++++ .../templates/clusterrolebinding.yaml | 26 ++++ .../templates/installplan-approver.yaml | 77 ++++++++++ .../templates/serviceAccount.yaml | 18 +++ charts/helper-status-checker/values.yaml | 37 +++++ charts/update-clusterversion/.helmignore | 23 +++ charts/update-clusterversion/Chart.yaml | 12 ++ charts/update-clusterversion/LICENSE | 13 ++ charts/update-clusterversion/README.md | 83 ++++++++++ charts/update-clusterversion/README.md.gotmpl | 31 ++++ .../templates/clusterversion.yaml | 12 ++ charts/update-clusterversion/values.yaml | 18 +++ 32 files changed, 1490 insertions(+) create mode 100644 _templates.gotmpl create mode 100644 charts/helper-operator/Chart.yaml create mode 100644 charts/helper-operator/LICENSE create mode 100644 charts/helper-operator/README.md create mode 100644 charts/helper-operator/README.md.gotmpl create mode 100644 charts/helper-operator/templates/_helpers.tpl create mode 100644 charts/helper-operator/templates/jobs/enable_console_plugin-crb.yaml create mode 100644 charts/helper-operator/templates/jobs/enable_console_plugin-role.yaml create mode 100644 charts/helper-operator/templates/jobs/enable_console_plugin-sa.yaml create mode 100644 charts/helper-operator/templates/jobs/enable_console_plugin.yaml create mode 100644 charts/helper-operator/templates/namespace.yaml create mode 100644 charts/helper-operator/templates/operators/operatorgroup.yaml create mode 100644 charts/helper-operator/templates/operators/subscription.yaml create mode 100644 charts/helper-operator/values.yaml create mode 100644 charts/helper-status-checker/Chart.yaml create mode 100644 charts/helper-status-checker/LICENSE create mode 100644 charts/helper-status-checker/README.md create mode 100644 charts/helper-status-checker/README.md.gotmpl create mode 100644 charts/helper-status-checker/templates/_helpers.tpl create mode 100644 charts/helper-status-checker/templates/check_if_operator_is_ready.yaml create mode 100644 charts/helper-status-checker/templates/clusterrole.yaml create mode 100644 charts/helper-status-checker/templates/clusterrolebinding.yaml create mode 100755 charts/helper-status-checker/templates/installplan-approver.yaml create mode 100644 charts/helper-status-checker/templates/serviceAccount.yaml create mode 100644 charts/helper-status-checker/values.yaml create mode 100644 charts/update-clusterversion/.helmignore create mode 100644 charts/update-clusterversion/Chart.yaml create mode 100644 charts/update-clusterversion/LICENSE create mode 100644 charts/update-clusterversion/README.md create mode 100644 charts/update-clusterversion/README.md.gotmpl create mode 100644 charts/update-clusterversion/templates/clusterversion.yaml create mode 100644 charts/update-clusterversion/values.yaml diff --git a/_templates.gotmpl b/_templates.gotmpl new file mode 100644 index 00000000..5fa9a6b8 --- /dev/null +++ b/_templates.gotmpl @@ -0,0 +1,70 @@ + +{{ define "doc.header" -}} + +{{ template "chart.header" . }} + [![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) + + {{ template "chart.versionBadge" . }} + + {{ template "chart.deprecationWarning" . }} + + ## Description + + {{ template "chart.description" . }} + +{{- end }} + +{{ define "doc.maintainer_and_sources" -}} + +{{ template "chart.maintainersSection" . }} + +## Sources +Source: {{ template "chart.sourcesList" . }} + +Source code: {{ template "chart.homepage" . }} + +{{- end }} + + +{{ define "doc.deps" -}} + +## Dependencies + +This chart has the following dependencies: + +{{ template "chart.requirementsTable" . }} + +{{- end }} + +{{ define "doc.values" -}} + +{{ template "chart.valuesSection" . }} + +{{- end }} + + +{{ define "doc.footer" -}} + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm install my-release repo/> +``` + +The command deploys the chart on the Kubernetes cluster in the default configuration. + +## Uninstalling the Chart + +To uninstall/delete the my-release deployment: + +```console +helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +{{ template "helm-docs.versionFooter" . }} + +{{- end }} diff --git a/charts/helper-operator/Chart.yaml b/charts/helper-operator/Chart.yaml new file mode 100644 index 00000000..a8a64c7d --- /dev/null +++ b/charts/helper-operator/Chart.yaml @@ -0,0 +1,14 @@ +apiVersion: v2 +name: helper-operator +description: A helper Chart to reduce code repetition. This Chart should be called as a dependency by other charts in order to install Operators. +version: 1.0.26 +home: https://github.com/redhat-cop/helm-charts +maintainers: + - name: tjungbauer + email: tjungbau@redhat.com + url: https://blog.stderr.at/ +keywords: + - helper + - subchart + - operator + diff --git a/charts/helper-operator/LICENSE b/charts/helper-operator/LICENSE new file mode 100644 index 00000000..1652d17e --- /dev/null +++ b/charts/helper-operator/LICENSE @@ -0,0 +1,13 @@ +Copyright 2022 Thomas Jungbauer + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/charts/helper-operator/README.md b/charts/helper-operator/README.md new file mode 100644 index 00000000..d39429ac --- /dev/null +++ b/charts/helper-operator/README.md @@ -0,0 +1,145 @@ + + +# helper-operator + + [![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) + + ![Version: 1.0.26](https://img.shields.io/badge/Version-1.0.26-informational?style=flat-square) + + + + ## Description + + A helper Chart to reduce code repetition. This Chart should be called as a dependency by other charts in order to install Operators. + +This chart can be used to install Operators in OpenShift. +It is best used with a GitOps approach such as Argo CD does. For example: https://github.com/tjungbauer/openshift-clusterconfig-gitops + +This chart will create the objects: Namespace, Subscription, OperatorGroup and a Job, that will enable additional console plugins, if enabled. + +*NOTE*: It is usually used as Subchart for other Charts and it works best with the second subchart [helper-status-checker](https://github.com/tjungbauer/helm-charts/tree/main/charts/helper-status-checker) + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| tjungbauer | | | + +## Sources +Source: + +Source code: https://github.com/redhat-cop/helm-charts + +## Parameters + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| console_plugins | object | "" | Configure console plugins for OpenShift. | +| console_plugins.enabled | bool | false | Enable console plugin configuration. | +| console_plugins.job_namespace | string | openshift-gitops | Optional: Namespace where kubernetes job shall be executed. | +| console_plugins.job_service_account | string | enable-console-plugin-sa | Optional: Name of the service account that will execute the Job. | +| console_plugins.job_service_account_crb | string | enable-console-plugin-crb | Optional: Name of the ClusterRoleBinding. | +| console_plugins.job_service_account_role | string | enable-console-plugin-role | Optional: Name of the role that will be assigned to the service account. | +| console_plugins.plugins | list | empty | List of console plugins to configure. Each list item will be added to the OpenShift UI. | +| console_plugins.syncwave | int | 5 | Optional: Syncwave for console plugin configuration. | +| operators | object | "" | Define operators that you want to deploy. A key/value setup is used here. Each new operator is a new key (in this example "my-operator") | +| operators.my-operator.enabled | bool | false | Enabled yes/no | +| operators.my-operator.namespace.create | bool | false | Create the Namespace yes/no. | +| operators.my-operator.namespace.descr | string | "" | Description of the namespace. | +| operators.my-operator.namespace.displayname | string | "" | Displayname of the namespace. | +| operators.my-operator.namespace.name | string | `"openshift-operators-redhat"` | The Namespace the Operator should be installed in. | +| operators.my-operator.operatorgroup.create | bool | false | Create an Operatorgroup object | +| operators.my-operator.operatorgroup.notownnamespace | bool | false | Monitor own Namespace. For some Operators no `targetNamespaces` must be defined | +| operators.my-operator.subscription | object | "" | Definition of the Operator Subscription | +| operators.my-operator.subscription.approval | string | Automatic | Update behavior of the Operator. Manual/Automatic | +| operators.my-operator.subscription.channel | string | stable | Channel of the Subscription | +| operators.my-operator.subscription.config | object | "" | Optional additional configuration for the Operator subscription. | +| operators.my-operator.subscription.config.env | list | "" | Additional environment parameter, as a list: name/value | +| operators.my-operator.subscription.config.nodeSelector | object | "" | Optionally define a nodeSelector. | +| operators.my-operator.subscription.config.resources | object | "" | Optionally set resources (limits/requests) for the Operator. | +| operators.my-operator.subscription.config.tolerations | list | "" | Optionally set Tolerations for the Subscription. | +| operators.my-operator.subscription.operatorName | string | "empty" | Name of the Operator | +| operators.my-operator.subscription.source | string | redhat-operators | Source of the Operator | +| operators.my-operator.subscription.sourceNamespace | string | openshift-marketplace | Namespace of the source | +| operators.my-operator.syncwave | int | 0 | Syncwave for the operator deployment | + +## Example + +Installing the Operator "Loki" + +TIP: Fetch the values for the subscription specification with `oc get packagemanifest advanced-cluster-management -o yaml` + +```yaml +--- +console_plugins: + enabled: false + syncwave: 5 + plugins: + - plugin_name + + job_namespace: kube-system + +operators: + loki-operator: + enabled: false + namespace: + name: openshift-operators-redhat + create: true + subscription: + channel: stable + approval: Automatic + operatorName: loki-operator + source: redhat-operators + sourceNamespace: openshift-marketplace + config: + env: + - name: FIRST_ENV_PARAMENTER + value: ThisIsRequierd + - name: SECOND_ENV_PARAMETER + value: 'true' + resources: + limits: + cpu: 100m + memory: 1Gi + requests: + cpu: 400m + memory: 300Mi + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/infra + value: reserved + - effect: NoExecute + key: node-role.kubernetes.io/infra + value: reserved + nodeSelector: + key: node-role.kubernetes.io/infra + value: "" + operatorgroup: + create: true + notownnamespace: true +``` + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm install my-release repo/> +``` + +The command deploys the chart on the Kubernetes cluster in the default configuration. + +## Uninstalling the Chart + +To uninstall/delete the my-release deployment: + +```console +helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0) diff --git a/charts/helper-operator/README.md.gotmpl b/charts/helper-operator/README.md.gotmpl new file mode 100644 index 00000000..d846d984 --- /dev/null +++ b/charts/helper-operator/README.md.gotmpl @@ -0,0 +1,73 @@ +{{ template "doc.header" . }} + +This chart can be used to install Operators in OpenShift. +It is best used with a GitOps approach such as Argo CD does. For example: https://github.com/tjungbauer/openshift-clusterconfig-gitops + +This chart will create the objects: Namespace, Subscription, OperatorGroup and a Job, that will enable additional console plugins, if enabled. + +*NOTE*: It is usually used as Subchart for other Charts and it works best with the second subchart [helper-status-checker](https://github.com/tjungbauer/helm-charts/tree/main/charts/helper-status-checker) + + +{{ template "doc.maintainer_and_sources" . }} + +## Parameters + +{{ template "doc.values" . }} + +## Example + +Installing the Operator "Loki" + +TIP: Fetch the values for the subscription specification with `oc get packagemanifest advanced-cluster-management -o yaml` + +```yaml +--- +console_plugins: + enabled: false + syncwave: 5 + plugins: + - plugin_name + + job_namespace: kube-system + +operators: + loki-operator: + enabled: false + namespace: + name: openshift-operators-redhat + create: true + subscription: + channel: stable + approval: Automatic + operatorName: loki-operator + source: redhat-operators + sourceNamespace: openshift-marketplace + config: + env: + - name: FIRST_ENV_PARAMENTER + value: ThisIsRequierd + - name: SECOND_ENV_PARAMETER + value: 'true' + resources: + limits: + cpu: 100m + memory: 1Gi + requests: + cpu: 400m + memory: 300Mi + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/infra + value: reserved + - effect: NoExecute + key: node-role.kubernetes.io/infra + value: reserved + nodeSelector: + key: node-role.kubernetes.io/infra + value: "" + operatorgroup: + create: true + notownnamespace: true +``` + +{{ template "doc.footer" . }} diff --git a/charts/helper-operator/templates/_helpers.tpl b/charts/helper-operator/templates/_helpers.tpl new file mode 100644 index 00000000..b067f32d --- /dev/null +++ b/charts/helper-operator/templates/_helpers.tpl @@ -0,0 +1,51 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "common.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "common.labels" -}} +helm.sh/chart: {{ include "common.chart" . }} +{{ include "common.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "common.selectorLabels" -}} +app.kubernetes.io/name: {{ include "common.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} \ No newline at end of file diff --git a/charts/helper-operator/templates/jobs/enable_console_plugin-crb.yaml b/charts/helper-operator/templates/jobs/enable_console_plugin-crb.yaml new file mode 100644 index 00000000..8817f232 --- /dev/null +++ b/charts/helper-operator/templates/jobs/enable_console_plugin-crb.yaml @@ -0,0 +1,23 @@ +{{- if .Values.console_plugins }} +{{- if eq (.Values.console_plugins.enabled | toString) "true" }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Values.console_plugins.job_service_account_crb | default "enable-console-plugin-crb" }} + annotations: + argocd.argoproj.io/hook: Sync + argocd.argoproj.io/hook-delete-policy: HookSucceeded + argocd.argoproj.io/sync-wave: {{ .syncwave | default 5 | quote }} + labels: + {{- include "common.labels" $ | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Values.console_plugins.job_service_account_role | default "enable-console-plugin-role" }} +subjects: + - kind: ServiceAccount + name: {{ .Values.console_plugins.job_service_account | default "enable-console-plugin-sa" }} + namespace: {{ .Values.console_plugins.job_namespace | default "openshift-gitops" }} +{{- end }} +{{- end }} diff --git a/charts/helper-operator/templates/jobs/enable_console_plugin-role.yaml b/charts/helper-operator/templates/jobs/enable_console_plugin-role.yaml new file mode 100644 index 00000000..2d4bd226 --- /dev/null +++ b/charts/helper-operator/templates/jobs/enable_console_plugin-role.yaml @@ -0,0 +1,25 @@ +{{- if .Values.console_plugins }} +{{- if eq (.Values.console_plugins.enabled | toString) "true" }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Values.console_plugins.job_service_account_role | default "enable-console-plugin-role" }} + annotations: + argocd.argoproj.io/hook: Sync + argocd.argoproj.io/hook-delete-policy: HookSucceeded + argocd.argoproj.io/sync-wave: {{ .syncwave | default 5 | quote }} + labels: + {{- include "common.labels" $ | nindent 4 }} +rules: + - apiGroups: + - operator.openshift.io + resources: + - consoles + verbs: + - get + - list + - update + - patch +{{- end }} +{{- end }} diff --git a/charts/helper-operator/templates/jobs/enable_console_plugin-sa.yaml b/charts/helper-operator/templates/jobs/enable_console_plugin-sa.yaml new file mode 100644 index 00000000..a70f2527 --- /dev/null +++ b/charts/helper-operator/templates/jobs/enable_console_plugin-sa.yaml @@ -0,0 +1,16 @@ +{{- if .Values.console_plugins }} +{{- if eq (.Values.console_plugins.enabled | toString) "true" }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.console_plugins.job_service_account | default "enable-console-plugin-sa" }} + namespace: {{ .Values.console_plugins.job_namespace | default "openshift-gitops" }} + annotations: + argocd.argoproj.io/hook: Sync + argocd.argoproj.io/hook-delete-policy: HookSucceeded + argocd.argoproj.io/sync-wave: {{ .syncwave | default 5 | quote }} + labels: + {{- include "common.labels" $ | nindent 4 }} +{{- end }} +{{- end }} diff --git a/charts/helper-operator/templates/jobs/enable_console_plugin.yaml b/charts/helper-operator/templates/jobs/enable_console_plugin.yaml new file mode 100644 index 00000000..6015a0b3 --- /dev/null +++ b/charts/helper-operator/templates/jobs/enable_console_plugin.yaml @@ -0,0 +1,56 @@ +{{- if .Values.console_plugins }} +{{- if eq (.Values.console_plugins.enabled | toString) "true" }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: enable-console-plugin-{{ randAlphaNum 5 | lower }} + namespace: {{ .Values.console_plugins.job_namespace | default "openshift-gitops" }} + annotations: + argocd.argoproj.io/hook: Sync + argocd.argoproj.io/hook-delete-policy: HookSucceeded + argocd.argoproj.io/sync-wave: {{ .Values.console_plugins.syncwave | default 5 | quote }} + labels: + {{- include "common.labels" $ | nindent 4 }} +spec: + selector: {} + template: + metadata: + name: enable-console-plugin + spec: + containers: + - name: enable-console-plugin + image: registry.redhat.io/openshift4/ose-cli:latest + command: + - /bin/bash + - -c + - | + #!/usr/bin/env bash + + # Patch console.operator + # Be sure to keep the "/-" at the end of the path + + new_values=({{ join " " .Values.console_plugins.plugins }}) + + for value in "${new_values[@]}"; do + + verify_if_plugin_is_configured=`oc get console.operator cluster -o jsonpath='{.spec.plugins}' | grep $value` + + if [ $? -eq 0 ]; then + + echo "Plugin $value is already configured. (Plugins: $verify_if_plugin_is_configured)" + + else + + echo "Plugin $value is not yet configured ... adding it to the list" + + oc patch console.operator cluster --type json -p '[{"op": "add", "path": "/spec/plugins/-", "value": "'$value'" }]' + + echo "Plugin $value has been added" + fi + done + + restartPolicy: Never + serviceAccountName: enable-console-plugin-sa +{{- end }} +{{- end }} diff --git a/charts/helper-operator/templates/namespace.yaml b/charts/helper-operator/templates/namespace.yaml new file mode 100644 index 00000000..7cf8e322 --- /dev/null +++ b/charts/helper-operator/templates/namespace.yaml @@ -0,0 +1,24 @@ + +{{- range $key, $value := .Values.operators }} +{{ if eq ($value.enabled | toString) "true" }} +{{ if eq ($value.namespace.create | toString) "true" }} +--- +apiVersion: v1 +kind: Namespace +metadata: + name: {{ $value.namespace.name | quote }} + labels: + openshift.io/cluster-monitoring: "true" + {{- include "common.labels" $ | nindent 4 }} + {{- if or ($value.namespace.descr) ($value.namespace.displayname) }} + annotations: + {{- if $value.namespace.descr }} + openshift.io/description: {{ $value.namespace.descr }} + {{- end }} + {{- if $value.namespace.displayname }} + openshift.io/display-name: {{ $value.namespace.displayname }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/helper-operator/templates/operators/operatorgroup.yaml b/charts/helper-operator/templates/operators/operatorgroup.yaml new file mode 100644 index 00000000..04a64c40 --- /dev/null +++ b/charts/helper-operator/templates/operators/operatorgroup.yaml @@ -0,0 +1,25 @@ +{{- range $key, $value := .Values.operators }} +{{ if eq ($value.enabled | toString) "true" }} +{{- if $value.operatorgroup.create }} +--- +apiVersion: operators.coreos.com/v1 +kind: OperatorGroup +metadata: + name: {{ $key | default "demo-operator-group" | quote }} + namespace: {{ $value.namespace.name | quote }} + labels: + {{- include "common.labels" $ | nindent 4 }} + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: {{ $value.syncwave | default "0" | quote }} +{{- /* Configure the operatorgroup for all Namespaces or for the "Home" namespace */ -}} +{{- if $value.operatorgroup.notownnamespace }} +spec: {} +{{- else }} +spec: + targetNamespaces: + - {{ $value.namespace.name }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/helper-operator/templates/operators/subscription.yaml b/charts/helper-operator/templates/operators/subscription.yaml new file mode 100644 index 00000000..da67181e --- /dev/null +++ b/charts/helper-operator/templates/operators/subscription.yaml @@ -0,0 +1,70 @@ +{{- range $key, $value := .Values.operators }} +{{- if eq ($value.enabled | toString) "true" }} +--- +apiVersion: operators.coreos.com/v1alpha1 +kind: Subscription +metadata: + name: {{ $key | quote }} + namespace: {{ $value.namespace.name | quote }} + labels: + {{- include "common.labels" $ | nindent 4 }} + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: {{ $value.syncwave | default "0" | quote }} +spec: + {{- /* Main settings for the Operator */}} + channel: {{ $value.subscription.channel | default "stable" | quote }} + installPlanApproval: {{ $value.subscription.approval | default "Automatic" | quote }} + name: {{ $value.subscription.operatorName | quote }} + source: {{ $value.subscription.source | default "redhat-operators" | quote }} + sourceNamespace: {{ $value.subscription.sourceNamespace | default "openshift-marketplace" | quote }} + + {{- /* additional and optional settings for the Operator */}} + {{- if $value.subscription.config }} + config: + {{- /* Define a nodeSelector if required */}} + {{- if $value.subscription.config.nodeSelector }} + nodeSelector: + {{ $value.subscription.config.nodeSelector.key }}: {{ $value.subscription.config.nodeSelector.value | quote }} + {{- end }} + + {{- /* Define required tolerations */}} + {{- if $value.subscription.config.tolerations }} + tolerations: + {{- toYaml $value.subscription.config.tolerations | nindent 6 }} + {{- end }} + {{- if $value.subscription.config.env }} + + {{- /* Define additional environment variables, that might configure the Operator */}} + env: + {{- toYaml $value.subscription.config.env | nindent 6 }} + {{- end }} + {{- if $value.subscription.config.resources }} + + {{- /* Define resource limits and requests for the Operator */}} + resources: + {{- if $value.subscription.config.resources.requests }} + requests: + {{- if $value.subscription.config.resources.requests.memory }} + memory: {{ $value.subscription.config.resources.requests.memory | replace "gi" "Gi" | replace "mi" "Mi" | quote }} + {{- end }} + {{- if $value.subscription.config.resources.requests.cpu }} + cpu: {{ $value.subscription.config.resources.requests.cpu | quote }} + {{- end }} + {{- end }} + {{- if $value.subscription.config.resources.limits }} + limits: + {{- if $value.subscription.config.resources.limits.memory }} + memory: {{ $value.subscription.config.resources.limits.memory | replace "gi" "Gi" | replace "mi" "Mi" | quote }} + {{- end }} + {{- if $value.subscription.config.resources.limits.cpu }} + cpu: {{ $value.subscription.config.resources.limits.cpu | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} +{{- if $value.subscription.csv }} + startingCSV: {{ $value.subscription.csv }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/helper-operator/values.yaml b/charts/helper-operator/values.yaml new file mode 100644 index 00000000..46c2302d --- /dev/null +++ b/charts/helper-operator/values.yaml @@ -0,0 +1,131 @@ +--- +# -- Configure console plugins for OpenShift. +# @default -- "" +console_plugins: + + # -- Enable console plugin configuration. + # @default -- false + enabled: false + + # -- Optional: Syncwave for console plugin configuration. + # @default -- 5 + syncwave: 5 + + # -- List of console plugins to configure. Each list item will be added to the OpenShift UI. + # @default -- empty + plugins: + - console-plugin-name + + # -- Optional: Namespace where kubernetes job shall be executed. + # @default -- openshift-gitops + job_namespace: kube-system + + # -- Optional: Name of the service account that will execute the Job. + # @default -- enable-console-plugin-sa + job_service_account: enable-console-plugin-sa + + # -- Optional: Name of the role that will be assigned to the service account. + # @default -- enable-console-plugin-role + job_service_account_role: enable-console-plugin-role + + # -- Optional: Name of the ClusterRoleBinding. + # @default -- enable-console-plugin-crb + job_service_account_crb: enable-console-plugin-crb + +# -- Define operators that you want to deploy. A key/value setup is used here. +# Each new operator is a new key (in this example "my-operator") +# @default -- "" +operators: + my-operator: + # -- Enabled yes/no + # @default -- false + enabled: false + + # -- Syncwave for the operator deployment + # @default -- 0 + syncwave: 0 + + namespace: + # -- The Namespace the Operator should be installed in. + name: openshift-operators-redhat + + # -- Description of the namespace. + # @default -- "" + descr: "" + + # -- Displayname of the namespace. + # @default -- "" + displayname: + + # -- Create the Namespace yes/no. + # @default -- false + create: true + + # -- Definition of the Operator Subscription + # @default -- "" + subscription: + # -- Channel of the Subscription + # @default -- stable + channel: stable + + # -- Update behavior of the Operator. Manual/Automatic + # @default -- Automatic + approval: Automatic + + # -- Name of the Operator + # @default -- "empty" + operatorName: loki-operator + + # -- Source of the Operator + # @default -- redhat-operators + source: redhat-operators + + # -- Namespace of the source + # @default -- openshift-marketplace + sourceNamespace: openshift-marketplace + + # -- Optional additional configuration for the Operator subscription. + # @default -- "" + config: + # -- Additional environment parameter, as a list: name/value + # @default -- "" + env: + - name: FIRST_ENV_PARAMENTER + value: ThisIsRequierd + - name: SECOND_ENV_PARAMETER + value: 'true' + + # -- Optionally set resources (limits/requests) for the Operator. + # @default -- "" + resources: + limits: + cpu: 100m + memory: 1Gi + requests: + cpu: 400m + memory: 300Mi + + # -- Optionally set Tolerations for the Subscription. + # @default -- "" + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/infra + value: reserved + - effect: NoExecute + key: node-role.kubernetes.io/infra + value: reserved + + # -- Optionally define a nodeSelector. + # @default -- "" + nodeSelector: + key: node-role.kubernetes.io/infra + value: "" + + operatorgroup: + # -- Create an Operatorgroup object + # @default -- false + create: false + + # -- Monitor own Namespace. For some Operators no `targetNamespaces` must be defined + # @default -- false + notownnamespace: true diff --git a/charts/helper-status-checker/Chart.yaml b/charts/helper-status-checker/Chart.yaml new file mode 100644 index 00000000..e2dcb0eb --- /dev/null +++ b/charts/helper-status-checker/Chart.yaml @@ -0,0 +1,13 @@ +apiVersion: v2 +name: helper-status-checker +description: A helper Chart that creates a job to verify if the deployments of an operator are running. To do so it creates a service account with a role to read the status of the Deployments. +version: 4.0.9 +home: https://github.com/redhat-cop/helm-charts +maintainers: + - name: tjungbauer + email: tjungbau@redhat.com + url: https://blog.stderr.at/ +keywords: + - helper + - subchart + diff --git a/charts/helper-status-checker/LICENSE b/charts/helper-status-checker/LICENSE new file mode 100644 index 00000000..1652d17e --- /dev/null +++ b/charts/helper-status-checker/LICENSE @@ -0,0 +1,13 @@ +Copyright 2022 Thomas Jungbauer + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/charts/helper-status-checker/README.md b/charts/helper-status-checker/README.md new file mode 100644 index 00000000..714e13fb --- /dev/null +++ b/charts/helper-status-checker/README.md @@ -0,0 +1,96 @@ + + +# helper-status-checker + + [![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) + + ![Version: 4.0.9](https://img.shields.io/badge/Version-4.0.9-informational?style=flat-square) + + + + ## Description + + A helper Chart that creates a job to verify if the deployments of an operator are running. To do so it creates a service account with a role to read the status of the Deployments. + +This chart is used the check the installation status of an Operator. +Whenever a new Operator gets installed, this Chart can be called to verify if the status of the Operator is ready. +This is useful when you want to install an Operator AND configure it in the same Helm Chart. Typically, Argo CD will fail in such case, +because it would try to configure the CRD that the Operator provides immediately after the Subscription object becomes ready. However, +the CRD is not available yet, since the Operator is still installing itself. + +It is best used as a Subchart, for example, https://github.com/tjungbauer/helm-charts/tree/main/charts/rhacm-full-stack + +helper-status-checker will create a Service Account (incl. a ClusterRole and a ClusterRoleBinding) and a Job that will try to check the status of the Operator. If the Operator is not available after some time (configurable with mx_retries), the Job will fail. + +NOTE: This chart can also be used to automatically approve an InstallPlan + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| tjungbauer | | | + +## Sources +Source: + +Source code: https://github.com/redhat-cop/helm-charts + +## Parameters + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| approver | bool | false | Enable automatic approval of an InstallPlan. Useful if the installation must be approved manually and you want to initially deploy the Operator using GitOps. | +| checks[0] | object | `{"maxretries":20,"namespace":{"name":"openshift-logging"},"operatorName":"name-of-operator","serviceAccount":{"name":"status-checker"},"sleeptimer":20,"subscriptionName":"name-of-subscription","syncwave":0}` | Name of operator to check. Use the value of the currentCSV (packagemanifest) but WITHOUT the version !! | +| checks[0].maxretries | int | 20 | Maximum number of retries before the checks will fail | +| checks[0].namespace | object | `{"name":"openshift-logging"}` | Namespace where the status-checker Job shall be scheduled. | +| checks[0].serviceAccount.name | string | `"status-checker"` | Name of the Service Account. | +| checks[0].sleeptimer | int | 20 | If the Operator is not yet ready wait this amount of seconds. | +| checks[0].subscriptionName | string | `"name-of-subscription"` | OPTIONAL: Name of subscription that shall be approved. In some cases the name of the Subscription is different to the name of the operator. @default --operatorName | +| checks[0].syncwave | int | 0 | Syncwave for the status-check Job. 0 is the recommended value. | +| enabled | bool | false | Enable or disable the status-checker configuration | + +## Example + +```yaml +--- +enabled: true +approver: true + +checks: + - operatorName: name-of-operator + + sleeptimer: 20 + maxretries: 20 + + namespace: + name: openshift-logging + syncwave: 3 + + serviceAccount: + name: "status-checker" +``` + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm install my-release repo/> +``` + +The command deploys the chart on the Kubernetes cluster in the default configuration. + +## Uninstalling the Chart + +To uninstall/delete the my-release deployment: + +```console +helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0) diff --git a/charts/helper-status-checker/README.md.gotmpl b/charts/helper-status-checker/README.md.gotmpl new file mode 100644 index 00000000..6c31dd08 --- /dev/null +++ b/charts/helper-status-checker/README.md.gotmpl @@ -0,0 +1,42 @@ +{{ template "doc.header" . }} + +This chart is used the check the installation status of an Operator. +Whenever a new Operator gets installed, this Chart can be called to verify if the status of the Operator is ready. +This is useful when you want to install an Operator AND configure it in the same Helm Chart. Typically, Argo CD will fail in such case, +because it would try to configure the CRD that the Operator provides immediately after the Subscription object becomes ready. However, +the CRD is not available yet, since the Operator is still installing itself. + +It is best used as a Subchart, for example, https://github.com/tjungbauer/helm-charts/tree/main/charts/rhacm-full-stack + +helper-status-checker will create a Service Account (incl. a ClusterRole and a ClusterRoleBinding) and a Job that will try to check the status of the Operator. If the Operator is not available after some time (configurable with mx_retries), the Job will fail. + +NOTE: This chart can also be used to automatically approve an InstallPlan + +{{ template "doc.maintainer_and_sources" . }} + +## Parameters + +{{ template "doc.values" . }} + +## Example + +```yaml +--- +enabled: true +approver: true + +checks: + - operatorName: name-of-operator + + sleeptimer: 20 + maxretries: 20 + + namespace: + name: openshift-logging + syncwave: 3 + + serviceAccount: + name: "status-checker" +``` + +{{ template "doc.footer" . }} diff --git a/charts/helper-status-checker/templates/_helpers.tpl b/charts/helper-status-checker/templates/_helpers.tpl new file mode 100644 index 00000000..8fe4c1a6 --- /dev/null +++ b/charts/helper-status-checker/templates/_helpers.tpl @@ -0,0 +1,69 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "common.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "common.labels" -}} +helm.sh/chart: {{ include "common.chart" . }} +{{ include "common.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "common.selectorLabels" -}} +app.kubernetes.io/name: {{ include "common.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "helper.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "common.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Create the name of the role and rolebinding for the serviceaccount +*/}} +{{- define "helper.rolename" -}} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} diff --git a/charts/helper-status-checker/templates/check_if_operator_is_ready.yaml b/charts/helper-status-checker/templates/check_if_operator_is_ready.yaml new file mode 100644 index 00000000..d6a1b217 --- /dev/null +++ b/charts/helper-status-checker/templates/check_if_operator_is_ready.yaml @@ -0,0 +1,141 @@ +{{- with .Values }} +{{ if eq ( .enabled | toString) "true" }} +{{- range .checks }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: check-operator-status + namespace: {{ .namespace.name | quote }} + annotations: + argocd.argoproj.io/hook: Sync + argocd.argoproj.io/hook-delete-policy: HookSucceeded + argocd.argoproj.io/sync-wave: {{ .syncwave | default 1 | quote }} + labels: + {{- include "common.labels" $ | nindent 4 }} +spec: + ttlSecondsAfterFinished: 120 + template: + spec: + containers: + - image: registry.redhat.io/openshift4/ose-cli + command: + - /bin/bash + - -c + - | + #!/usr/bin/env bash + sleep_timer={{ .sleeptimer | default 20 }} + max_timer={{ .maxretries | default 20 }} + counter=0 + status=0 + + echo "Starting operator status checker" + operator={{ .operatorName }} + printf "\nWaiting for operator %s to appear\n" "$i"; + + # Wait until operator appears + SLEEPER_TMP=0 + get_exact_name=`oc get clusterserviceversion -n {{ .namespace.name }} | grep $operator | awk -F" " '{print $1}'` + until [ "$get_exact_name" != "" ]; do + # do not wait forever + let "counter=counter+1" + echo "Attempt $counter of $max_timer" + + if [[ $counter -eq $max_timer ]] + then + echo "Giving up. Operator does not appear as clusterserviceversion" + exit 3 + fi + + echo "Operator not yet found... Give Operator $sleep_timer seconds to create the Deployment" + while [[ $SLEEPER_TMP -le "$sleep_timer" ]]; do + echo -n "." + sleep 1 + SLEEPER_TMP=$(($SLEEPER_TMP+1)) + done + get_exact_name=`oc get clusterserviceversion -n {{ .namespace.name }} | grep $operator | awk -F" " '{print $1}'` + done + + # Get exact name of the operator + counter=0 + SLEEPER_TMP=0 + get_status=`oc get clusterserviceversion -n {{ .namespace.name }} $get_exact_name -o jsonpath={.status.phase}` + until [ "$get_status" != "" ]; do + # do not wait forever + let "counter=counter+1" + echo "Attempt $counter of $max_timer" + + if [[ $counter -eq $max_timer ]] + then + echo "Giving up. Operator installation failed" + exit 3 + fi + + echo "Operator not yet ready ... Waiting $sleep_timer seconds" + + while [[ $SLEEPER_TMP -le "$sleep_timer" ]]; do + echo -n "." + sleep 1 + SLEEPER_TMP=$(($SLEEPER_TMP+1)) + done + get_status=`oc get clusterserviceversion -n {{ .namespace.name }} $get_exact_name -o jsonpath={.status.phase}` + done + + echo "Checking status of $get_exact_name. Current status: $get_status" + + # Wait until operator is ready + counter=0 + SLEEPER_TMP=0 + until [ "$get_status" == "Succeeded" ]; do + let "counter=counter+1" + echo "Attempt $counter of $max_timer" + + if [[ $counter -eq $max_timer ]] + then + echo "Giving up. Operator installation failed" + exit 3 + fi + + echo "Operator deployment is ongoing. Current status: $get_status" + #sleep $sleep_timer + + while [[ $SLEEPER_TMP -le "$sleep_timer" ]]; do + echo -n "." + sleep 1 + SLEEPER_TMP=$(($SLEEPER_TMP+1)) + done + + if [ "$get_status" == "Succeeded" ]; + then + status=$? + fi + get_status=`oc get clusterserviceversion -n {{ .namespace.name }} $get_exact_name -o jsonpath={.status.phase}` + done + + oc get clusterserviceversion -n {{ .namespace.name }} $get_exact_name + + echo "Falling to sleep" + + SLEEPER_TMP=0 + + while [[ $SLEEPER_TMP -le "10" ]]; do + echo -n "." + sleep 1 + SLEEPER_TMP=$(($SLEEPER_TMP+1)) + done + + printf "\nStatus: $status\n" + if [ $status -eq 0 ]; then + echo "Operator seems to be ready" + else + echo "ERROR: Operator is not ready" + exit 1 + fi + name: check-operator + dnsPolicy: ClusterFirst + restartPolicy: Never + terminationGracePeriodSeconds: 30 + serviceAccountName: {{ .serviceAccount.name }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/helper-status-checker/templates/clusterrole.yaml b/charts/helper-status-checker/templates/clusterrole.yaml new file mode 100644 index 00000000..168a8ec8 --- /dev/null +++ b/charts/helper-status-checker/templates/clusterrole.yaml @@ -0,0 +1,30 @@ +{{- with .Values }} +{{ if eq ( .enabled | toString) "true" }} +{{- range .checks }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + argocd.argoproj.io/hook: Sync + argocd.argoproj.io/hook-delete-policy: HookSucceeded + argocd.argoproj.io/sync-wave: {{ .syncwave | default 0 | quote }} + name: {{ .serviceAccount.name }}-{{ .namespace.name }} + namespace: {{ .namespace.name | quote }} + labels: + {{- include "common.labels" $ | nindent 4 }} +rules: + - apiGroups: + - operators.coreos.com + resources: + - clusterserviceversions + - installplans + - subscription + - subscriptions + verbs: + - get + - list + - patch +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/helper-status-checker/templates/clusterrolebinding.yaml b/charts/helper-status-checker/templates/clusterrolebinding.yaml new file mode 100644 index 00000000..57baea36 --- /dev/null +++ b/charts/helper-status-checker/templates/clusterrolebinding.yaml @@ -0,0 +1,26 @@ +{{- with .Values }} +{{ if eq ( .enabled | toString) "true" }} +{{- range .checks }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .serviceAccount.name }}-{{ .namespace.name }} + namespace: {{ .namespace.name | quote }} + labels: + {{- include "common.labels" $ | nindent 4 }} + annotations: + argocd.argoproj.io/hook: Sync + argocd.argoproj.io/hook-delete-policy: HookSucceeded + argocd.argoproj.io/sync-wave: {{ .syncwave | default 0 | quote }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .serviceAccount.name }}-{{ .namespace.name }} +subjects: + - kind: ServiceAccount + name: {{ .serviceAccount.name | quote }} + namespace: {{ .namespace.name | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/helper-status-checker/templates/installplan-approver.yaml b/charts/helper-status-checker/templates/installplan-approver.yaml new file mode 100755 index 00000000..1c9cfc17 --- /dev/null +++ b/charts/helper-status-checker/templates/installplan-approver.yaml @@ -0,0 +1,77 @@ +{{- with .Values }} +{{ if eq ( .approver | toString) "true" }} +{{- range .checks }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: installplan-approver + namespace: {{ .namespace.name | quote }} + annotations: + argocd.argoproj.io/hook: Sync + argocd.argoproj.io/sync-wave: {{ .syncwave | default 0 | quote }} + labels: + {{- include "common.labels" $ | nindent 4 }} +spec: + template: + spec: + containers: + - image: registry.redhat.io/openshift4/ose-cli + command: + - /bin/bash + - -c + - | + export HOME=/tmp/approver + + echo "Approving operator install. Waiting a few seconds ({{ .sleeptimer | default 20 }}) to make sure the InstallPlan gets created first." + sleep_timer={{ .sleeptimer | default 20 }} + + SLEEPER_TMP=1 + SLEEPER_MOD=10 + while [[ $SLEEPER_TMP -le "$sleep_timer" ]]; do + if (( $SLEEPER_TMP % 10 == 0 )) + then + echo -n "$SLEEPER_MOD" + SLEEPER_MOD=$(($SLEEPER_MOD+10)) + else + echo -n "." + fi + sleep 1 + SLEEPER_TMP=$(($SLEEPER_TMP+1)) + done + + {{- if .subscriptionName }} + subscription={{ .subscriptionName }} + {{- else }} + subscription={{ .operatorName }} + {{- end }} + + printf "\n\nProcessing subscription '$subscription'\n" + + installplan=$(oc get subscriptions.operators.coreos.com --field-selector metadata.name=${subscription} -o jsonpath='{.items[0].status.installPlanRef.name}') + + printf "\nCheck installplan approved status: " + + oc get installplan $installplan -o jsonpath="{.spec.approved}" + + if [ "`oc get installplan $installplan -o jsonpath="{.spec.approved}"`" == "false" ]; then + + printf "\nApproving Subscription $subscription with install plan $installplan\n" + + oc patch installplan $installplan --type=json -p='[{"op":"replace","path": "/spec/approved", "value": true}]' + + else + printf "\nInstall Plan '$installplan' already approved\n" + fi + imagePullPolicy: Always + name: installplan-approver + env: + - name: SLEEP + value: "20" + dnsPolicy: ClusterFirst + restartPolicy: Never + terminationGracePeriodSeconds: 30 + serviceAccountName: {{ .serviceAccount.name | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/helper-status-checker/templates/serviceAccount.yaml b/charts/helper-status-checker/templates/serviceAccount.yaml new file mode 100644 index 00000000..409b29d2 --- /dev/null +++ b/charts/helper-status-checker/templates/serviceAccount.yaml @@ -0,0 +1,18 @@ +{{- with .Values }} +{{ if eq ( .enabled | toString) "true" }} +{{- range .checks }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .serviceAccount.name | quote }} + namespace: {{ .namespace.name | quote }} + labels: + {{- include "common.labels" $ | nindent 4 }} + annotations: + argocd.argoproj.io/hook: Sync + argocd.argoproj.io/hook-delete-policy: HookSucceeded + argocd.argoproj.io/sync-wave: {{ .syncwave | default 0 | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/helper-status-checker/values.yaml b/charts/helper-status-checker/values.yaml new file mode 100644 index 00000000..0e58485e --- /dev/null +++ b/charts/helper-status-checker/values.yaml @@ -0,0 +1,37 @@ +--- +# -- Enable or disable the status-checker configuration +# @default -- false +enabled: false + +# -- Enable automatic approval of an InstallPlan. Useful if the installation must be approved manually and you want to initially deploy the Operator using GitOps. +# @default -- false +approver: false + +# List of checks that shall be performed. +checks: + # -- Name of operator to check. Use the value of the currentCSV (packagemanifest) but WITHOUT the version !! + - operatorName: name-of-operator + + # -- OPTIONAL: Name of subscription that shall be approved. In some cases the name of the Subscription is different to the name of the operator. + # @default --operatorName + subscriptionName: name-of-subscription + + # -- If the Operator is not yet ready wait this amount of seconds. + # @default -- 20 + sleeptimer: 20 + + # -- Maximum number of retries before the checks will fail + # @default -- 20 + maxretries: 20 + + # -- Namespace where the status-checker Job shall be scheduled. + namespace: + name: openshift-logging + + # -- Syncwave for the status-check Job. 0 is the recommended value. + # @default -- 0 + syncwave: 0 + + serviceAccount: + # -- Name of the Service Account. + name: "status-checker" diff --git a/charts/update-clusterversion/.helmignore b/charts/update-clusterversion/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/charts/update-clusterversion/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/update-clusterversion/Chart.yaml b/charts/update-clusterversion/Chart.yaml new file mode 100644 index 00000000..c8a2e5e3 --- /dev/null +++ b/charts/update-clusterversion/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +name: update-clusterversion +description: A Helm chart to update OpenShift ClusterVersion +home: https://github.com/redhat-cop/helm-charts +version: 1.0.0 +maintainers: + - name: tjungbauer + email: tjungbau@redhat.com + url: https://blog.stderr.at/ +keywords: + - configuration + diff --git a/charts/update-clusterversion/LICENSE b/charts/update-clusterversion/LICENSE new file mode 100644 index 00000000..1652d17e --- /dev/null +++ b/charts/update-clusterversion/LICENSE @@ -0,0 +1,13 @@ +Copyright 2022 Thomas Jungbauer + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/charts/update-clusterversion/README.md b/charts/update-clusterversion/README.md new file mode 100644 index 00000000..89cebf1b --- /dev/null +++ b/charts/update-clusterversion/README.md @@ -0,0 +1,83 @@ + + +# update-clusterversion + + [![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) + + ![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) + + + + ## Description + + A Helm chart to update OpenShift ClusterVersion + +This Chart can be used to start a cluster update using a GitOps approach. +All you need are the required channel, the version and (optionally) the image-sha. + +All this information can be found by `oc get clusterversion/version -o yaml`. + +Simply select the channel, version etc and update your values file. +Once Argo CD syncs the changes the update process will start. + +## Dependencies + +This chart has the following dependencies: + +| Repository | Name | Version | +|------------|------|---------| + +It is best used with a full GitOps approach such as Argo CD does. For example, https://github.com/tjungbauer/openshift-clusterconfig-gitops + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| tjungbauer | | | + +## Sources +Source: + +Source code: https://github.com/redhat-cop/helm-charts + +## Parameters + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| channel | string | `"your-channel"` | The channel that shall be used for that cluster. The available channels can be found with oc get clusterversion -o yaml Verify the availableUpdates to find the required channel. | +| desiredVersion | string | `"your-target-version"` | The desired version that the cluster shall be updated to. The available versions can be found with oc get clusterversion -o yaml Verify the availableUpdates to find the required version. | +| image | string | `""` | OPTIONAL: The desired image SHA that the cluster shall be updated to. The available SHA can be found with oc get clusterversion -o yaml Verify the availableUpdates to find the required SHA. This option is optional and typically only used for restricted clusters. | + +## Example values + +Update the cluster to version 4.15.15 using the channel stable-4.15 + +```yaml +channel: stable-4.15 +desiredVersion: 4.15.15 +``` + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm install my-release repo/> +``` + +The command deploys the chart on the Kubernetes cluster in the default configuration. + +## Uninstalling the Chart + +To uninstall/delete the my-release deployment: + +```console +helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0) diff --git a/charts/update-clusterversion/README.md.gotmpl b/charts/update-clusterversion/README.md.gotmpl new file mode 100644 index 00000000..7befd73c --- /dev/null +++ b/charts/update-clusterversion/README.md.gotmpl @@ -0,0 +1,31 @@ +{{ template "doc.header" . }} + +This Chart can be used to start a cluster update using a GitOps approach. +All you need are the required channel, the version and (optionally) the image-sha. + +All this information can be found by `oc get clusterversion/version -o yaml`. + +Simply select the channel, version etc and update your values file. +Once Argo CD syncs the changes the update process will start. + +{{ template "doc.deps" . }} + +It is best used with a full GitOps approach such as Argo CD does. For example, https://github.com/tjungbauer/openshift-clusterconfig-gitops + + +{{ template "doc.maintainer_and_sources" . }} + +## Parameters + +{{ template "doc.values" . }} + +## Example values + +Update the cluster to version 4.15.15 using the channel stable-4.15 + +```yaml +channel: stable-4.15 +desiredVersion: 4.15.15 +``` + +{{ template "doc.footer" . }} diff --git a/charts/update-clusterversion/templates/clusterversion.yaml b/charts/update-clusterversion/templates/clusterversion.yaml new file mode 100644 index 00000000..bf8be94f --- /dev/null +++ b/charts/update-clusterversion/templates/clusterversion.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: config.openshift.io/v1 +kind: ClusterVersion +metadata: + name: version +spec: + channel: {{ .Values.channel }} + desiredUpdate: + version: {{ .Values.desiredVersion }} + {{- if .Values.image }} + image: {{ .Values.image }} + {{- end }} diff --git a/charts/update-clusterversion/values.yaml b/charts/update-clusterversion/values.yaml new file mode 100644 index 00000000..7a4b640d --- /dev/null +++ b/charts/update-clusterversion/values.yaml @@ -0,0 +1,18 @@ +--- +# Example values file. This should be used by a gitOps process that triggers the clsuter update. + +# -- The channel that shall be used for that cluster. The available channels +# can be found with oc get clusterversion -o yaml +# Verify the availableUpdates to find the required channel. +channel: your-channel + +# -- The desired version that the cluster shall be updated to. The available versions +# can be found with oc get clusterversion -o yaml +# Verify the availableUpdates to find the required version. +desiredVersion: your-target-version + +# -- OPTIONAL: The desired image SHA that the cluster shall be updated to. The available SHA +# can be found with oc get clusterversion -o yaml +# Verify the availableUpdates to find the required SHA. +# This option is optional and typically only used for restricted clusters. +image: '' From 6bd256f9e6732bfd9d6fd9abfbea52be19b2d8ce Mon Sep 17 00:00:00 2001 From: Thomas Jungbauer Date: Fri, 5 Jul 2024 16:15:55 +0200 Subject: [PATCH 2/2] linting --- charts/helper-operator/Chart.yaml | 1 - charts/helper-operator/templates/_helpers.tpl | 3 ++- charts/helper-operator/templates/namespace.yaml | 2 +- charts/helper-operator/templates/operators/operatorgroup.yaml | 2 +- charts/helper-status-checker/Chart.yaml | 1 - charts/update-clusterversion/Chart.yaml | 1 - 6 files changed, 4 insertions(+), 6 deletions(-) diff --git a/charts/helper-operator/Chart.yaml b/charts/helper-operator/Chart.yaml index a8a64c7d..67fadffe 100644 --- a/charts/helper-operator/Chart.yaml +++ b/charts/helper-operator/Chart.yaml @@ -11,4 +11,3 @@ keywords: - helper - subchart - operator - diff --git a/charts/helper-operator/templates/_helpers.tpl b/charts/helper-operator/templates/_helpers.tpl index b067f32d..316203d8 100644 --- a/charts/helper-operator/templates/_helpers.tpl +++ b/charts/helper-operator/templates/_helpers.tpl @@ -48,4 +48,5 @@ Selector labels {{- define "common.selectorLabels" -}} app.kubernetes.io/name: {{ include "common.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} \ No newline at end of file +{{- end }} + diff --git a/charts/helper-operator/templates/namespace.yaml b/charts/helper-operator/templates/namespace.yaml index 7cf8e322..1c3bd748 100644 --- a/charts/helper-operator/templates/namespace.yaml +++ b/charts/helper-operator/templates/namespace.yaml @@ -21,4 +21,4 @@ metadata: {{- end }} {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/helper-operator/templates/operators/operatorgroup.yaml b/charts/helper-operator/templates/operators/operatorgroup.yaml index 04a64c40..410e699d 100644 --- a/charts/helper-operator/templates/operators/operatorgroup.yaml +++ b/charts/helper-operator/templates/operators/operatorgroup.yaml @@ -22,4 +22,4 @@ spec: {{- end }} {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/helper-status-checker/Chart.yaml b/charts/helper-status-checker/Chart.yaml index e2dcb0eb..b6f65a04 100644 --- a/charts/helper-status-checker/Chart.yaml +++ b/charts/helper-status-checker/Chart.yaml @@ -10,4 +10,3 @@ maintainers: keywords: - helper - subchart - diff --git a/charts/update-clusterversion/Chart.yaml b/charts/update-clusterversion/Chart.yaml index c8a2e5e3..7854bc45 100644 --- a/charts/update-clusterversion/Chart.yaml +++ b/charts/update-clusterversion/Chart.yaml @@ -9,4 +9,3 @@ maintainers: url: https://blog.stderr.at/ keywords: - configuration -