From 05af19116ab6161d4ee133b359e74e8c646d407a Mon Sep 17 00:00:00 2001 From: Bernard Tison Date: Fri, 8 Nov 2024 16:29:31 +0100 Subject: [PATCH 01/15] workload platform engineering workshop --- .../defaults/main.yml | 327 ++++++++++++++++++ .../openshift_gitops_clusterrolebinding.yaml | 13 + .../tasks/external_secrets.yml | 7 + .../tasks/gitlab.yml | 6 + .../tasks/keycloak.yml | 11 + .../tasks/main.yml | 30 ++ .../tasks/noobaa.yml | 7 + .../tasks/openshift_gitops.yml | 62 ++++ .../tasks/openshift_pipelines.yml | 6 + .../tasks/parasol.yml | 6 + .../tasks/post_workload.yml | 26 ++ .../tasks/pre_workload.yml | 57 +++ .../tasks/quay.yml | 6 + .../tasks/redhat_developer_hub.yml | 55 +++ .../tasks/rhdh_gitops.yml | 6 + .../tasks/showroom.yml | 7 + .../tasks/vault.yml | 7 + .../tasks/workload.yml | 37 ++ .../developer-hub-application.yaml.j2 | 74 ++++ .../secret-default-sa-token.yaml.j2 | 8 + .../external-secrets-application.yml.j2 | 34 ++ .../gitlab/gitlab-application.yml.j2 | 49 +++ .../keycloak/keycloak-application.yaml.j2 | 59 ++++ .../noobaa/noobaa-application.yaml.j2 | 32 ++ .../openshift-gitops/openshift-gitops.yaml.j2 | 93 +++++ .../openshift-pipelines-application.yaml.j2 | 28 ++ .../parasol/parasol-application.yml.j2 | 82 +++++ .../templates/quay/quay-application.yaml.j2 | 43 +++ .../rhdh-gitops-application.yaml.j2 | 32 ++ .../templates/vault/vault-application.yml.j2 | 35 ++ 30 files changed, 1245 insertions(+) create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/defaults/main.yml create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/files/openshift_gitops_clusterrolebinding.yaml create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/external_secrets.yml create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/gitlab.yml create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/keycloak.yml create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/main.yml create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/noobaa.yml create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/openshift_gitops.yml create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/openshift_pipelines.yml create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/parasol.yml create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/post_workload.yml create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/pre_workload.yml create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/quay.yml create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/redhat_developer_hub.yml create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/rhdh_gitops.yml create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/showroom.yml create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/vault.yml create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/workload.yml create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/developer-hub/developer-hub-application.yaml.j2 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/developer-hub/secret-default-sa-token.yaml.j2 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/external-secrets/external-secrets-application.yml.j2 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/gitlab/gitlab-application.yml.j2 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/keycloak/keycloak-application.yaml.j2 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/noobaa/noobaa-application.yaml.j2 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/openshift-gitops/openshift-gitops.yaml.j2 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/openshift-pipelines/openshift-pipelines-application.yaml.j2 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/parasol/parasol-application.yml.j2 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/quay/quay-application.yaml.j2 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/rhdh-gitops/rhdh-gitops-application.yaml.j2 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/vault/vault-application.yml.j2 diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/defaults/main.yml b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/defaults/main.yml new file mode 100644 index 00000000000..05db7fd16ea --- /dev/null +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/defaults/main.yml @@ -0,0 +1,327 @@ +become_override: false +ocp_username: opentlc-mgr +silent: false + +# ------------------------------------------------ +# OpenShift Gitops +# ------------------------------------------------ + +ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_channel: latest +ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_automatic_install_plan_approval: true +ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_starting_csv: "" +ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_name: openshift-gitops-operator +ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_namespace: openshift-operators +ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_catalog: redhat-operators +ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_use_catalog_snapshot: false +ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_catalogsource_name: "" +ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_catalogsource_namespace: openshift-operators +ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_catalog_snapshot_image: "" +ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_catalog_snapshot_image_tag: "" + +ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_config: + env: + - name: ARGOCD_CLUSTER_CONFIG_NAMESPACES + value: '{{ ocp4_workload_platform_engineering_workshop_rhdh_gitops_namespace }},openshift-gitops' + +ocp4_workload_platform_engineering_workshop_openshift_gitops_setup_cluster_admin: true + +ocp4_workload_platform_engineering_workshop_openshift_gitops_enable_route: true +ocp4_workload_platform_engineering_workshop_openshift_gitops_update_route_tls: true + +ocp4_workload_platform_engineering_workshop_openshift_gitops_update_resources: true + +# ApplicationSet Controller +ocp4_workload_platform_engineering_workshop_openshift_gitops_applicationset_controller_update: false +ocp4_workload_platform_engineering_workshop_openshift_gitops_applicationset_controller_requests_cpu: 250m +ocp4_workload_platform_engineering_workshop_openshift_gitops_applicationset_controller_requests_memory: 512Mi +ocp4_workload_platform_engineering_workshop_openshift_gitops_applicationset_controller_limits_cpu: "2" +ocp4_workload_platform_engineering_workshop_openshift_gitops_applicationset_controller_limits_memory: 1Gi + +# Application Controller +ocp4_workload_platform_engineering_workshop_openshift_gitops_controller_update: true +ocp4_workload_platform_engineering_workshop_openshift_gitops_controller_requests_cpu: 512m +ocp4_workload_platform_engineering_workshop_openshift_gitops_controller_requests_memory: 1Gi +ocp4_workload_platform_engineering_workshop_openshift_gitops_controller_limits_cpu: "4" +ocp4_workload_platform_engineering_workshop_openshift_gitops_controller_limits_memory: 4Gi +# Setting a default value for reconcile timeout as it needs to be configurable +# Reduce this value if you want to sync more frequently +ocp4_workload_platform_engineering_workshop_openshift_gitops_controller_app_sync: 3m + +ocp4_workload_platform_engineering_workshop_openshift_gitops_controller_remove_memory_limits: false + +# Redis +ocp4_workload_platform_engineering_workshop_openshift_gitops_redis_update: false +ocp4_workload_platform_engineering_workshop_openshift_gitops_redis_requests_cpu: 250m +ocp4_workload_platform_engineering_workshop_openshift_gitops_redis_requests_memory: 128Mi +ocp4_workload_platform_engineering_workshop_openshift_gitops_redis_limits_cpu: 500m +ocp4_workload_platform_engineering_workshop_openshift_gitops_redis_limits_memory: 256Mi + +# Repo Server +ocp4_workload_platform_engineering_workshop_openshift_gitops_repo_update: true +ocp4_workload_platform_engineering_workshop_openshift_gitops_repo_requests_cpu: 500m +ocp4_workload_platform_engineering_workshop_openshift_gitops_repo_requests_memory: 512Mi +ocp4_workload_platform_engineering_workshop_openshift_gitops_repo_limits_cpu: "2" +ocp4_workload_platform_engineering_workshop_openshift_gitops_repo_limits_memory: 2Gi + +# DEX +ocp4_workload_platform_engineering_workshop_openshift_gitops_dex_update: false +ocp4_workload_platform_engineering_workshop_openshift_gitops_dex_requests_cpu: 125m +ocp4_workload_platform_engineering_workshop_openshift_gitops_dex_requests_memory: 128Mi +ocp4_workload_platform_engineering_workshop_openshift_gitops_dex_limits_cpu: 500m +ocp4_workload_platform_engineering_workshop_openshift_gitops_dex_limits_memory: 256Mi + +# Server +ocp4_workload_platform_engineering_workshop_openshift_gitops_server_update: false +ocp4_workload_platform_engineering_workshop_openshift_gitops_server_requests_cpu: 250m +ocp4_workload_platform_engineering_workshop_openshift_gitops_server_requests_memory: 128Mi +ocp4_workload_platform_engineering_workshop_openshift_gitops_server_limits_cpu: 500m +ocp4_workload_platform_engineering_workshop_openshift_gitops_server_limits_memory: 256Mi + +ocp4_workload_platform_engineering_workshop_openshift_gitops_resource_customizations: | + operators.coreos.com/Subscription: + health.lua: | + health_status = {} + if obj.status ~= nil then + if obj.status.conditions ~= nil then + numDegraded = 0 + numPending = 0 + msg = "" + for i, condition in pairs(obj.status.conditions) do + msg = msg .. i .. ": " .. condition.type .. " | " .. condition.status .. "\n" + if condition.type == "InstallPlanPending" and condition.status == "True" then + numPending = numPending + 1 + elseif (condition.type == "InstallPlanMissing" and condition.reason ~= "ReferencedInstallPlanNotFound") then + numDegraded = numDegraded + 1 + elseif (condition.type == "CatalogSourcesUnhealthy" or condition.type == "InstallPlanFailed") and condition.status == "True" then + numDegraded = numDegraded + 1 + end + end + if numDegraded == 0 and numPending == 0 then + health_status.status = "Healthy" + health_status.message = msg + return health_status + elseif numPending > 0 and numDegraded == 0 then + health_status.status = "Progressing" + health_status.message = "An install plan for a subscription is pending installation" + return health_status + else + health_status.status = "Degraded" + health_status.message = msg + return health_status + end + end + end + health_status.status = "Progressing" + health_status.message = "An install plan for a subscription is pending installation" + return health_status + + quay.redhat.com/QuayRegistry: + health.lua: | + local hs={ status = "Progressing", message = "Waiting for initialization" } + found_status = false + + if obj.status ~= nil then + found_status = true + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + + if condition.type == "Available" and condition.status ~= "True" then + if condition.reason == "ComponentNotReady" then + hs.status = "Progressing" + else + hs.status = "Degraded" + end + hs.message = condition.message or condition.reason + end + if condition.type == "Available" and condition.status == "True" then + hs.status = "Healthy" + hs.message = "All instances are available" + end + end + end + end + + if not found_status then + hs = { status = "Progressing", message = "Instance is waiting for initialization" } + end + + return hs + +# e.g. +# openshift_gitops_resource_customizations: | + # argoproj.io/Application: + # health.lua: | + # hs = {} + # hs.status = "Progressing" + # hs.message = "" + # if obj.status ~= nil then + # if obj.status.health ~= nil then + # hs.status = obj.status.health.status + # hs.message = obj.status.health.message + # end + # end + # return hs + +ocp4_workload_platform_engineering_workshop_openshift_gitops_ignore_differences: {} + +# ------------------------------------------------ +# OpenShift Pipelines +# ------------------------------------------------ + +ocp4_workload_platform_engineering_workshop_openshift_pipelines_application_namespace: openshift-gitops +ocp4_workload_platform_engineering_workshop_openshift_pipelines_application_name: openshift-pipelines +ocp4_workload_platform_engineering_workshop_openshift_pipelines_namespace: openshift-operators +ocp4_workload_platform_engineering_workshop_openshift_pipelines_gitops_repo: https://github.com/redhat-pe-workshop/helm.git +ocp4_workload_platform_engineering_workshop_openshift_pipelines_gitops_repo_tag: openshift-pipelines +ocp4_workload_platform_engineering_workshop_openshift_pipelines_gitops_repo_path: openshift-pipelines + +# ------------------------------------------------ +# NooBaa +# ------------------------------------------------ + +# set to false when deploying on a cluster with ODF installed +ocp4_workload_platform_engineering_workshop_noobaa_install: false +ocp4_workload_platform_engineering_workshop_noobaa_application_namespace: openshift-gitops +ocp4_workload_platform_engineering_workshop_noobaa_application_name: noobaa +ocp4_workload_platform_engineering_workshop_noobaa_namespace: openshift-storage +ocp4_workload_platform_engineering_workshop_noobaa_gitops_repo: https://github.com/redhat-pe-workshop/helm.git +ocp4_workload_platform_engineering_workshop_noobaa_gitops_repo_tag: noobaa +ocp4_workload_platform_engineering_workshop_noobaa_gitops_repo_path: noobaa + +ocp4_workload_platform_engineering_workshop_noobaa_name: noobaa + +# ------------------------------------------------ +# GitLab +# ------------------------------------------------ + +ocp4_workload_platform_engineering_workshop_gitlab_namespace: gitlab + +ocp4_workload_platform_engineering_workshop_gitlab_gitops_repo: https://github.com/redhat-pe-workshop/agnosticg.git +ocp4_workload_platform_engineering_workshop_gitlab_gitops_repo_path: charts/gitlab +ocp4_workload_platform_engineering_workshop_gitlab_gitops_repo_tag: pew-gitlab +ocp4_workload_platform_engineering_workshop_gitlab_gitops_name: gitlab +ocp4_workload_platform_engineering_workshop_gitlab_gitops_namespace: openshift-gitops + +ocp4_workload_platform_engineering_workshop_gitlab_config_smtp_host: + smtp.gitlab-{{ ocp4_workload_platform_engineering_workshop_gitlab_namespace }}.{{ r_openshift_subdomain }} +ocp4_workload_platform_engineering_workshop_gitlab_config_ssh_host: + ssh.gitlab-{{ ocp4_workload_platform_engineering_workshop_gitlab_namespace }}.{{ r_openshift_subdomain }} +ocp4_workload_platform_engineering_workshop_gitlab_config_root_password: "{{ common_password }}" +ocp4_workload_platform_engineering_workshop_gitlab_config_host: + "gitlab-{{ ocp4_workload_platform_engineering_workshop_gitlab_namespace }}.{{ r_openshift_subdomain }}" + +ocp4_workload_platform_engineering_workshop_gitlab_users_password: "{{ common_password }}" + +# ------------------------------------------------ +# Red Hat Build Of Keycloak +# ------------------------------------------------ + +ocp4_workload_platform_engineering_workshop_rhbk_client_backstage_name: backstage +ocp4_workload_platform_engineering_workshop_rhbk_application_namespace: openshift-gitops +ocp4_workload_platform_engineering_workshop_rhbk_application_name: keycloak +ocp4_workload_platform_engineering_workshop_rhbk_namespace: keycloak +ocp4_workload_platform_engineering_workshop_rhbk_gitops_repo: https://github.com/redhat-pe-workshop/helm.git +ocp4_workload_platform_engineering_workshop_rhbk_gitops_repo_tag: backstage-auth-keycloak +ocp4_workload_platform_engineering_workshop_rhbk_gitops_repo_path: keycloak + +ocp4_workload_platform_engineering_workshop_rhbk_cr_name: keycloak +ocp4_workload_platform_engineering_workshop_rhbk_external_access: false +ocp4_workload_platform_engineering_workshop_rhbk_host: sso +ocp4_workload_platform_engineering_workshop_rhbk_max_time_to_wait: 600000 + +ocp4_workload_platform_engineering_workshop_rhbk_realm_backstage_name: backstage + +ocp4_workload_platform_engineering_workshop_rhbk_client_backstage_secret: + "{{ lookup('ansible.builtin.password', '/tmp/passwordfile-client-backstage', chars=['ascii_letters', 'digits'], length=32) }}" + +ocp4_workload_platform_engineering_workshop_rhbk_client_backstage_plugin_name: + "{{ ocp4_workload_platform_engineering_workshop_rhbk_realm_backstage_name }}-plugin" +ocp4_workload_platform_engineering_workshop_rhbk_client_backstage_plugin_secret: + "{{ lookup('ansible.builtin.password', '/tmp/passwordfile-client-backstage-plugin', chars=['ascii_letters', 'digits'], length=32) }}" + +ocp4_workload_platform_engineering_workshop_rhbk_user_password: "{{ common_password }}" + +# ------------------------------------------------ +# Quay +# ------------------------------------------------ + +ocp4_workload_platform_engineering_workshop_quay_application_namespace: openshift-gitops +ocp4_workload_platform_engineering_workshop_quay_application_name: quay +ocp4_workload_platform_engineering_workshop_quay_namespace: quay-registry +ocp4_workload_platform_engineering_workshop_quay_gitops_repo: https://github.com/redhat-pe-workshop/helm.git +ocp4_workload_platform_engineering_workshop_quay_gitops_repo_tag: quay-vault +ocp4_workload_platform_engineering_workshop_quay_gitops_repo_path: quay + +ocp4_workload_platform_engineering_workshop_quay_registry_host: "quay.{{ r_openshift_subdomain }}" +ocp4_workload_platform_engineering_workshop_quay_admin_user: quayadmin +ocp4_workload_platform_engineering_workshop_quay_admin_user_password: "{{ common_password }}" + +ocp4_workload_platform_engineering_workshop_quay_organizations: + - parasol + +# ------------------------------------------------ +# Vault +# ------------------------------------------------ + +ocp4_workload_platform_engineering_workshop_vault_application_namespace: openshift-gitops +ocp4_workload_platform_engineering_workshop_vault_application_name: vault +ocp4_workload_platform_engineering_workshop_vault_namespace: vault +ocp4_workload_platform_engineering_workshop_vault_gitops_repo: https://github.com/redhat-pe-workshop/agnosticg.git +ocp4_workload_platform_engineering_workshop_vault_gitops_repo_tag: pew-vault +ocp4_workload_platform_engineering_workshop_vault_gitops_repo_path: charts/hashicorp-vault + +ocp4_workload_platform_engineering_workshop_vault_name: vault + +ocp4_workload_platform_engineering_workshop_vault_auth_namespace: default + +# ------------------------------------------------ +# External Secrets +# ------------------------------------------------ + +ocp4_workload_platform_engineering_workshop_external_secrets_application_namespace: openshift-gitops +ocp4_workload_platform_engineering_workshop_external_secrets_application_name: external-secrets +ocp4_workload_platform_engineering_workshop_external_secrets_namespace: external-secrets +ocp4_workload_platform_engineering_workshop_external_secrets_gitops_repo: https://github.com/redhat-pe-workshop/helm.git +ocp4_workload_platform_engineering_workshop_external_secrets_gitops_repo_tag: external-secrets +ocp4_workload_platform_engineering_workshop_external_secrets_gitops_repo_path: external-secrets + +# ------------------------------------------------ +# RHDH GitOps +# ------------------------------------------------ + +ocp4_workload_platform_engineering_workshop_rhdh_gitops_application_namespace: openshift-gitops +ocp4_workload_platform_engineering_workshop_rhdh_gitops_application_name: rhdh-gitops +ocp4_workload_platform_engineering_workshop_rhdh_gitops_namespace: rhdh-gitops +ocp4_workload_platform_engineering_workshop_rhdh_gitops_gitops_repo: https://github.com/redhat-pe-workshop/helm.git +ocp4_workload_platform_engineering_workshop_rhdh_gitops_gitops_repo_tag: rhdh-gitops +ocp4_workload_platform_engineering_workshop_rhdh_gitops_gitops_repo_path: gitops + +ocp4_workload_platform_engineering_workshop_rhdh_gitops_name: rhdh-gitops +ocp4_workload_platform_engineering_workshop_rhdh_gitops_password: "{{ common_password }}" + +# ------------------------------------------------ +# Red Hat Developer Hub +# ------------------------------------------------ + +ocp4_workload_platform_engineering_workshop_rhdh_argo_application_name: backstage-bootstrap +ocp4_workload_platform_engineering_workshop_rhdh_argo_application_namespace: openshift-gitops +ocp4_workload_platform_engineering_workshop_rhdh_namespace: backstage + +ocp4_workload_platform_engineering_workshop_rhdh_helm_repo: https://github.com/redhat-pe-workshop/helm.git +ocp4_workload_platform_engineering_workshop_rhdh_helm_repo_tag: bootstrap +ocp4_workload_platform_engineering_workshop_rhdh_helm_repo_path: redhat-developer-hub + +ocp4_workload_platform_engineering_workshop_rhdh_psql_password: password + +ocp4_workload_platform_engineering_workshop_rhdh_namespace_sa_token: default + +# ------------------------------------------------ +# Parasol +# ------------------------------------------------ + +ocp4_workload_platform_engineering_workshop_parasol_application_repo: https://github.com/redhat-pe-workshop/helm.git +ocp4_workload_platform_engineering_workshop_parasol_application_repo_tag: parasol +ocp4_workload_platform_engineering_workshop_parasol_application_repo_path: parasol +ocp4_workload_platform_engineering_workshop_parasol_application_name: parasol +ocp4_workload_platform_engineering_workshop_parasol_application_namespace: openshift-gitops +ocp4_workload_platform_engineering_workshop_parasol_namespace: default diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/files/openshift_gitops_clusterrolebinding.yaml b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/files/openshift_gitops_clusterrolebinding.yaml new file mode 100644 index 00000000000..db6e1c73698 --- /dev/null +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/files/openshift_gitops_clusterrolebinding.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: gitops-cluster-admin +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: openshift-gitops-argocd-application-controller + namespace: openshift-gitops diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/external_secrets.yml b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/external_secrets.yml new file mode 100644 index 00000000000..9293353f5cb --- /dev/null +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/external_secrets.yml @@ -0,0 +1,7 @@ +--- + +- name: Create External Secrets application + kubernetes.core.k8s: + state: present + definition: "{{ lookup('template', 'external-secrets/external-secrets-application.yml.j2') | from_yaml }}" + diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/gitlab.yml b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/gitlab.yml new file mode 100644 index 00000000000..c4e7d4f82e1 --- /dev/null +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/gitlab.yml @@ -0,0 +1,6 @@ +--- + +- name: Create GitLab application + kubernetes.core.k8s: + state: present + definition: "{{ lookup('template', 'gitlab/gitlab-application.yml.j2') | from_yaml }}" diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/keycloak.yml b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/keycloak.yml new file mode 100644 index 00000000000..33bf64295ef --- /dev/null +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/keycloak.yml @@ -0,0 +1,11 @@ +--- + +- name: Set facts + ansible.builtin.set_fact: + _backstage_redirect_url: "https://backstage-{{ ocp4_workload_platform_engineering_workshop_rhdh_namespace }}.{{ r_openshift_subdomain }}/oauth2/callback" # yamllint disable-line rule:line-length + _backstage_web_origin: "https://backstage-{{ ocp4_workload_platform_engineering_workshop_rhdh_namespace }}.{{ r_openshift_subdomain }}" # yamllint disable-line rule:line-length + +- name: Create RHBK application + kubernetes.core.k8s: + state: present + definition: "{{ lookup('template', 'keycloak/keycloak-application.yaml.j2') | from_yaml }}" diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/main.yml b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/main.yml new file mode 100644 index 00000000000..fbf3df9760f --- /dev/null +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/main.yml @@ -0,0 +1,30 @@ +--- +# Do not modify this file + +- name: Running Pre Workload Tasks + ansible.builtin.include_tasks: + file: ./pre_workload.yml + apply: + become: "{{ become_override | bool }}" + when: ACTION == "create" or ACTION == "provision" + +- name: Running Workload Tasks + ansible.builtin.include_tasks: + file: ./workload.yml + apply: + become: "{{ become_override | bool }}" + when: ACTION == "create" or ACTION == "provision" + +- name: Running Post Workload Tasks + ansible.builtin.include_tasks: + file: ./post_workload.yml + apply: + become: "{{ become_override | bool }}" + when: ACTION == "create" or ACTION == "provision" + +- name: Running Workload removal Tasks + ansible.builtin.include_tasks: + file: ./remove_workload.yml + apply: + become: "{{ become_override | bool }}" + when: ACTION == "destroy" or ACTION == "remove" diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/noobaa.yml b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/noobaa.yml new file mode 100644 index 00000000000..63df4d5896f --- /dev/null +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/noobaa.yml @@ -0,0 +1,7 @@ +--- + +- name: Create NooBaa application + when: ocp4_workload_platform_engineering_workshop_noobaa_install | bool + kubernetes.core.k8s: + state: present + definition: "{{ lookup('template', 'noobaa/noobaa-application.yaml.j2') | from_yaml }}" diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/openshift_gitops.yml b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/openshift_gitops.yml new file mode 100644 index 00000000000..b3b50033fef --- /dev/null +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/openshift_gitops.yml @@ -0,0 +1,62 @@ +--- + +- name: Install OpenShift GitOps operator + ansible.builtin.include_role: + name: install_operator + vars: + install_operator_action: install + install_operator_name: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_name }}" + install_operator_namespace: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_namespace }}" + install_operator_channel: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_channel }}" + install_operator_catalog: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_catalog }}" + install_operator_automatic_install_plan_approval: + "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_automatic_install_plan_approval | default(true) }}" + install_operator_starting_csv: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_starting_csv }}" + install_operator_catalogsource_setup: + "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_use_catalog_snapshot | default(false) }}" + install_operator_catalogsource_name: + "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_catalogsource_name | default('') }}" + install_operator_catalogsource_namespace: + "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_catalogsource_namespace | default('') }}" + install_operator_catalogsource_image: + "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_catalog_snapshot_image | default('') }}" + install_operator_catalogsource_image_tag: + "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_catalog_snapshot_image_tag | default('') }}" + install_operator_subscription_config: + "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_config }}" + + +- name: Grant cluster-admin permissions to Gitops Service account + when: ocp4_workload_platform_engineering_workshop_openshift_gitops_setup_cluster_admin | bool + kubernetes.core.k8s: + state: present + definition: "{{ lookup('file', 'openshift_gitops_clusterrolebinding.yaml') | from_yaml }}" + +- name: Wait until openshift-gitops ArgoCD instance has been created + kubernetes.core.k8s_info: + api_version: argoproj.io/v1alpha1 + kind: ArgoCD + name: openshift-gitops + namespace: openshift-gitops + register: r_openshift_gitops + until: + - r_openshift_gitops is defined + - r_openshift_gitops.resources is defined + - r_openshift_gitops.resources | length == 1 + +- name: Update resources for openshift-gitops ArgoCD instance + when: ocp4_workload_platform_engineering_workshop_openshift_gitops_update_resources | bool + kubernetes.core.k8s: + state: patched + definition: "{{ lookup('template', 'openshift-gitops/openshift-gitops.yaml.j2') | from_yaml }}" + +- name: Remove memory limit for ArgoCD controller + when: ocp4_workload_platform_engineering_workshop_openshift_gitops_controller_remove_memory_limits | bool + kubernetes.core.k8s_json_patch: + api_version: argoproj.io/v1alpha1 + kind: ArgoCD + name: openshift-gitops + namespace: openshift-gitops + patch: + - op: remove + path: /spec/controller/resources/limits/memory diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/openshift_pipelines.yml b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/openshift_pipelines.yml new file mode 100644 index 00000000000..7014e59ce56 --- /dev/null +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/openshift_pipelines.yml @@ -0,0 +1,6 @@ +--- + +- name: Create OpenShift Pipeliness application + kubernetes.core.k8s: + state: present + definition: "{{ lookup('template', 'openshift-pipelines/openshift-pipelines-application.yaml.j2') | from_yaml }}" \ No newline at end of file diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/parasol.yml b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/parasol.yml new file mode 100644 index 00000000000..2f764c1a0d3 --- /dev/null +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/parasol.yml @@ -0,0 +1,6 @@ +--- + +- name: Create Parasol application + kubernetes.core.k8s: + state: present + definition: "{{ lookup('template', 'parasol/parasol-application.yml.j2') | from_yaml }}" diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/post_workload.yml b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/post_workload.yml new file mode 100644 index 00000000000..be8580aa07d --- /dev/null +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/post_workload.yml @@ -0,0 +1,26 @@ +--- +# Implement your Post Workload deployment tasks here +# -------------------------------------------------- + +# Leave these as the last tasks in the playbook +# --------------------------------------------- + +# For deployment onto a dedicated cluster (as part of the +# cluster deployment) set workload_shared_deployment to False +# This is the default so it does not have to be set explicitely +- name: Post_workload tasks complete + ansible.builtin.debug: + msg: "Post-Workload tasks completed successfully." + when: + - not silent | bool + - not workload_shared_deployment | default(false) | bool + +# For RHPDS deployment (onto a shared cluster) set +# workload_shared_deployment to True +# (in the deploy script or AgnosticV configuration) +- name: Post_workload tasks complete + ansible.builtin.debug: + msg: "Post-Software checks completed successfully" + when: + - not silent | bool + - workload_shared_deployment | default(false) | bool diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/pre_workload.yml b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/pre_workload.yml new file mode 100644 index 00000000000..b9032ed8abb --- /dev/null +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/pre_workload.yml @@ -0,0 +1,57 @@ +--- +# Implement your Pre Workload deployment tasks here +# ------------------------------------------------- + +- name: Get OpenShift Web Console route + kubernetes.core.k8s_info: + api_version: route.openshift.io/v1 + kind: Route + namespace: openshift-console + name: console + register: r_console_route + +- name: Get ingress domain + kubernetes.core.k8s_info: + kind: IngressController + name: default + namespace: openshift-ingress-operator + api_version: operator.openshift.io/v1 + register: r_openshift_ingress_controller + +- name: Set openshift domain + ansible.builtin.set_fact: + r_openshift_subdomain: "{{ r_openshift_ingress_controller.resources[0].status.domain }}" + +- name: Get API server URL + kubernetes.core.k8s_info: + api_version: config.openshift.io/v1 + kind: Infrastructure + name: cluster + register: r_api_url + +- name: Set API server URL + ansible.builtin.set_fact: + r_openshift_api_server: "{{ r_api_url.resources[0].status.apiServerURL }}" + +# Leave these as the last tasks in the playbook +# --------------------------------------------- + +# For deployment onto a dedicated cluster (as part of the +# cluster deployment) set workload_shared_deployment to False +# This is the default so it does not have to be set explicitely +- name: Pre_workload tasks complete + ansible.builtin.debug: + msg: "Pre-Workload tasks completed successfully." + when: + - not silent | bool + - not workload_shared_deployment | default(false) | bool + +# For RHPDS deployment (onto a shared cluster) set +# workload_shared_deployment to True +# (in the deploy script or AgnosticV configuration) +- name: Pre_workload tasks complete + ansible.builtin.debug: + msg: "Pre-Software checks completed successfully" + when: + - not silent | bool + - workload_shared_deployment | default(false) | bool diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/quay.yml b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/quay.yml new file mode 100644 index 00000000000..1def06f06fa --- /dev/null +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/quay.yml @@ -0,0 +1,6 @@ +--- + +- name: Create Quay application + kubernetes.core.k8s: + state: present + definition: "{{ lookup('template', 'quay/quay-application.yaml.j2') | from_yaml }}" diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/redhat_developer_hub.yml b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/redhat_developer_hub.yml new file mode 100644 index 00000000000..204017aa63c --- /dev/null +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/redhat_developer_hub.yml @@ -0,0 +1,55 @@ +--- + +- name: Retrieve Gitlab root private token + kubernetes.core.k8s_info: + api_version: v1 + kind: Secret + name: root-user-personal-token + namespace: "{{ ocp4_workload_platform_engineering_workshop_gitlab_namespace }}" + register: r_root_token + retries: 120 + delay: 10 + until: + - r_root_token is defined + - r_root_token.resources is defined + - r_root_token.resources | length > 0 + - r_root_token.resources[0] is defined + - r_root_token.resources[0].data is defined + - r_root_token.resources[0].data.token is defined + - r_root_token.resources[0].data.token | length > 0 + +- name: Decode root token + ansible.builtin.set_fact: + _ocp4_workload_platform_engineering_workshop_gitlab_root_token: "{{ r_root_token.resources[0].data.token | b64decode }}" + +- name: Create default token secret + kubernetes.core.k8s: + state: present + definition: "{{ lookup('template', 'developer-hub/secret-default-sa-token.yaml.j2') | from_yaml }}" + +- name: Get default token + kubernetes.core.k8s_info: + api_version: v1 + kind: Secret + name: default-token + namespace: default + register: r_default_token + retries: 120 + delay: 10 + until: + - r_default_token is defined + - r_default_token.resources is defined + - r_default_token.resources | length > 0 + - r_default_token.resources[0] is defined + - r_default_token.resources[0].data is defined + - r_default_token.resources[0].data.token is defined + - r_default_token.resources[0].data.token | length > 0 + +- name: Decode default token + ansible.builtin.set_fact: + ocp4_workload_platform_engineering_workshop_rhdh_ocp_default_sa_token: "{{ r_default_token.resources[0].data.token | b64decode }}" + +- name: Install RHDH Application + kubernetes.core.k8s: + state: present + definition: "{{ lookup('template', 'developer-hub/developer-hub-application.yaml.j2') }}" diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/rhdh_gitops.yml b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/rhdh_gitops.yml new file mode 100644 index 00000000000..e0cb08bdb01 --- /dev/null +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/rhdh_gitops.yml @@ -0,0 +1,6 @@ +--- + +- name: Create RHDH Gitops application + kubernetes.core.k8s: + state: present + definition: "{{ lookup('template', 'rhdh-gitops/rhdh-gitops-application.yaml.j2') | from_yaml }}" diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/showroom.yml b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/showroom.yml new file mode 100644 index 00000000000..3165d6f37c4 --- /dev/null +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/showroom.yml @@ -0,0 +1,7 @@ +--- + +- name: Set user info for showroom + agnosticd_user_info: + user: "{{ ocp4_workload_authentication_htpasswd_user_base }}{{ ocp4_workload_authentication_htpasswd_user_count }}" + data: + common_password: "{{ common_password }}" diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/vault.yml b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/vault.yml new file mode 100644 index 00000000000..f52f5d79140 --- /dev/null +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/vault.yml @@ -0,0 +1,7 @@ +--- + +- name: Create Vault application + kubernetes.core.k8s: + state: present + definition: "{{ lookup('template', 'vault/vault-application.yml.j2') | from_yaml }}" + diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/workload.yml b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/workload.yml new file mode 100644 index 00000000000..e19af6ed7ce --- /dev/null +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/workload.yml @@ -0,0 +1,37 @@ +--- + +- name: Install OpenShift Gitops + ansible.builtin.include_tasks: openshift_gitops.yml + +- name: Install OpenShift Pipelines + ansible.builtin.include_tasks: openshift_pipelines.yml + +- name: Install NooBaa + ansible.builtin.include_tasks: noobaa.yml + +- name: Install Vault + ansible.builtin.include_tasks: vault.yml + +- name: Install External Secrets + ansible.builtin.include_tasks: external_secrets.yml + +- name: Install Gitlab + ansible.builtin.include_tasks: gitlab.yml + +- name: Install RHBK + ansible.builtin.include_tasks: keycloak.yml + +- name: Install Quay + ansible.builtin.include_tasks: quay.yml + +- name: Install RHDH GitOps + ansible.builtin.include_tasks: rhdh_gitops.yml + +- name: Install Red Hat Developer Hub + ansible.builtin.include_tasks: redhat_developer_hub.yml + +- name: Install Parasol + ansible.builtin.include_tasks: parasol.yml + +- name: Install Showroom + ansible.builtin.include_tasks: showroom.yml diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/developer-hub/developer-hub-application.yaml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/developer-hub/developer-hub-application.yaml.j2 new file mode 100644 index 00000000000..49a2c79c1c6 --- /dev/null +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/developer-hub/developer-hub-application.yaml.j2 @@ -0,0 +1,74 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: {{ ocp4_workload_platform_engineering_workshop_rhdh_argo_application_name }} + namespace: {{ ocp4_workload_platform_engineering_workshop_rhdh_argo_application_namespace }} + finalizers: + - resources-finalizer.argocd.argoproj.io/foreground +spec: + destination: + name: "" + namespace: {{ ocp4_workload_platform_engineering_workshop_rhdh_namespace }} + server: 'https://kubernetes.default.svc' + project: default + syncPolicy: + automated: + prune: true + selfHeal: true + retry: + backoff: + duration: 10s + factor: 2 + maxDuration: 10m + limit: 15 + syncOptions: + - CreateNamespace=true + - RespectIgnoreDifferences=true + - ApplyOutOfSyncOnly=true + source: + repoURL: {{ ocp4_workload_platform_engineering_workshop_rhdh_helm_repo }} + path: {{ ocp4_workload_platform_engineering_workshop_rhdh_helm_repo_path }} + targetRevision: {{ ocp4_workload_platform_engineering_workshop_rhdh_helm_repo_tag }} + helm: + valuesObject: + redhat-developer-hub-prereqs: + backstage: + oauth: + clientId: {{ ocp4_workload_platform_engineering_workshop_rhbk_client_backstage_name }} + clientSecret: {{ ocp4_workload_platform_engineering_workshop_rhbk_client_backstage_secret }} + kubernetes: + sa_token: {{ ocp4_workload_platform_engineering_workshop_rhdh_ocp_default_sa_token }} + gitlab: + token: {{ _ocp4_workload_platform_engineering_workshop_gitlab_root_token }} + argocd: + password: {{ ocp4_workload_platform_engineering_workshop_rhdh_gitops_password }} + postgresql: + password: {{ ocp4_workload_platform_engineering_workshop_rhdh_psql_password }} + redhat-developer-hub-config-template: + gitlab: + rootPassword: {{ ocp4_workload_platform_engineering_workshop_gitlab_config_root_password }} + host: {{ ocp4_workload_platform_engineering_workshop_gitlab_config_host }} + backstage: + host: backstage-{{ ocp4_workload_platform_engineering_workshop_rhdh_namespace }}.{{ r_openshift_subdomain }} + keycloak: + host: {{ ocp4_workload_platform_engineering_workshop_rhbk_host }}.{{ r_openshift_subdomain }} + realm: {{ ocp4_workload_platform_engineering_workshop_rhbk_realm_backstage_name }} + loginRealm: {{ ocp4_workload_platform_engineering_workshop_rhbk_realm_backstage_name }} + clientId: {{ ocp4_workload_platform_engineering_workshop_rhbk_client_backstage_plugin_name }} + clientSecret: {{ ocp4_workload_platform_engineering_workshop_rhbk_client_backstage_plugin_secret }} + gitops: + host: {{ ocp4_workload_platform_engineering_workshop_rhdh_gitops_name }}-server-{{ ocp4_workload_platform_engineering_workshop_rhdh_gitops_namespace }}.{{ r_openshift_subdomain }} + kubernetes: + api: {{ r_openshift_api_server }} + oauth2: + issuer: https://{{ ocp4_workload_platform_engineering_workshop_rhbk_host }}.{{ r_openshift_subdomain }}/realms/{{ ocp4_workload_platform_engineering_workshop_rhbk_realm_backstage_name }} + cluster: + subdomain: {{ r_openshift_subdomain }} + redhat-developer-hub-application: + gitops: + namespace: {{ ocp4_workload_platform_engineering_workshop_rhdh_argo_application_namespace }} + helm: + values: + git: + host: {{ ocp4_workload_platform_engineering_workshop_gitlab_config_host }} diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/developer-hub/secret-default-sa-token.yaml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/developer-hub/secret-default-sa-token.yaml.j2 new file mode 100644 index 00000000000..557c062a25a --- /dev/null +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/developer-hub/secret-default-sa-token.yaml.j2 @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +type: kubernetes.io/service-account-token +metadata: + name: default-token + namespace: {{ ocp4_workload_platform_engineering_workshop_rhdh_namespace_sa_token }} + annotations: + kubernetes.io/service-account.name: default \ No newline at end of file diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/external-secrets/external-secrets-application.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/external-secrets/external-secrets-application.yml.j2 new file mode 100644 index 00000000000..7274f673c4c --- /dev/null +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/external-secrets/external-secrets-application.yml.j2 @@ -0,0 +1,34 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: {{ ocp4_workload_platform_engineering_workshop_external_secrets_application_name }} + namespace: {{ ocp4_workload_platform_engineering_workshop_external_secrets_application_namespace }} + finalizers: + - resources-finalizer.argocd.argoproj.io/foreground +spec: + destination: + namespace: {{ ocp4_workload_platform_engineering_workshop_external_secrets_namespace }} + server: 'https://kubernetes.default.svc' + project: default + ignoreDifferences: + - group: admissionregistration.k8s.io + kind: MutatingWebhookConfiguration + jqPathExpressions: + - '.webhooks[]?.clientConfig.caBundle' + source: + path: {{ ocp4_workload_platform_engineering_workshop_external_secrets_gitops_repo_path }} + repoURL: {{ ocp4_workload_platform_engineering_workshop_external_secrets_gitops_repo }} + targetRevision: {{ ocp4_workload_platform_engineering_workshop_external_secrets_gitops_repo_tag }} + helm: + values: | + vault-integration: + vault: + namespace: {{ ocp4_workload_platform_engineering_workshop_vault_namespace }} + name: {{ ocp4_workload_platform_engineering_workshop_vault_name }} + auth: + namespace: {{ ocp4_workload_platform_engineering_workshop_vault_auth_namespace }} + syncPolicy: + automated: {} + syncOptions: + - CreateNamespace=true diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/gitlab/gitlab-application.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/gitlab/gitlab-application.yml.j2 new file mode 100644 index 00000000000..ca54fd1a299 --- /dev/null +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/gitlab/gitlab-application.yml.j2 @@ -0,0 +1,49 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: {{ ocp4_workload_platform_engineering_workshop_gitlab_gitops_name }} + namespace: {{ ocp4_workload_platform_engineering_workshop_gitlab_gitops_namespace }} + finalizers: + - resources-finalizer.argocd.argoproj.io/foreground +spec: + destination: + namespace: {{ ocp4_workload_platform_engineering_workshop_gitlab_namespace }} + server: 'https://kubernetes.default.svc' + project: default + source: + helm: + parameters: + - name: gitlab.smtp.host + value: "{{ ocp4_workload_platform_engineering_workshop_gitlab_config_smtp_host }}" + - name: gitlab.ssh.host + value: "{{ ocp4_workload_platform_engineering_workshop_gitlab_config_ssh_host }}" + - name: gitlab.rootPassword + value: "{{ ocp4_workload_platform_engineering_workshop_gitlab_config_root_password }}" + - name: gitlab.users.password + value: "{{ ocp4_workload_platform_engineering_workshop_gitlab_users_password }}" + - name: gitlab.host + value: {{ ocp4_workload_platform_engineering_workshop_gitlab_config_host }} + - name: cluster.subdomain + value: {{ r_openshift_subdomain }} + - name: gitops.namespace + value: {{ ocp4_workload_platform_engineering_workshop_rhdh_gitops_namespace }} + - name: quay.host + value: {{ ocp4_workload_platform_engineering_workshop_quay_registry_host }} + - name: vault.name + value: {{ ocp4_workload_platform_engineering_workshop_vault_name }} + - name: vault.namespace + value: {{ ocp4_workload_platform_engineering_workshop_vault_namespace }} + path: {{ ocp4_workload_platform_engineering_workshop_gitlab_gitops_repo_path }} + repoURL: {{ ocp4_workload_platform_engineering_workshop_gitlab_gitops_repo }} + targetRevision: {{ ocp4_workload_platform_engineering_workshop_gitlab_gitops_repo_tag }} + syncPolicy: + automated: {} + retry: + backoff: + duration: 5s + factor: 2 + maxDuration: 3m0s + limit: 2 + syncOptions: + - CreateNamespace=true + - RespectIgnoreDifferences=true \ No newline at end of file diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/keycloak/keycloak-application.yaml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/keycloak/keycloak-application.yaml.j2 new file mode 100644 index 00000000000..4eb37232138 --- /dev/null +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/keycloak/keycloak-application.yaml.j2 @@ -0,0 +1,59 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: {{ ocp4_workload_platform_engineering_workshop_rhbk_application_name }} + namespace: {{ ocp4_workload_platform_engineering_workshop_rhbk_application_namespace }} + finalizers: + - resources-finalizer.argocd.argoproj.io/foreground +spec: + destination: + name: "" + namespace: {{ ocp4_workload_platform_engineering_workshop_rhbk_namespace }} + server: 'https://kubernetes.default.svc' + project: default + syncPolicy: + automated: {} + retry: + backoff: + duration: 5s + factor: 2 + maxDuration: 3m0s + limit: 2 + syncOptions: + - CreateNamespace=true + - RespectIgnoreDifferences=true + ignoreDifferences: + - group: k8s.keycloak.org + kind: KeycloakRealmImport + jqPathExpressions: + - .. | (.id, .containerId, .secret)? | strings + source: + repoURL: {{ ocp4_workload_platform_engineering_workshop_rhbk_gitops_repo }} + targetRevision: {{ ocp4_workload_platform_engineering_workshop_rhbk_gitops_repo_tag }} + path: {{ ocp4_workload_platform_engineering_workshop_rhbk_gitops_repo_path }} + helm: + values: | + + keycloak: + nameOverride: {{ ocp4_workload_platform_engineering_workshop_rhbk_cr_name }} + route: + host: {{ ocp4_workload_platform_engineering_workshop_rhbk_host }}.{{ r_openshift_subdomain }} + ingress: + enabled: {{ ocp4_workload_platform_engineering_workshop_rhbk_external_access }} + keycloak-realm-import: + keycloak: + name: {{ ocp4_workload_platform_engineering_workshop_rhbk_cr_name }} + realm: + name: {{ ocp4_workload_platform_engineering_workshop_rhbk_realm_backstage_name }} + client: + backstage: + name: {{ ocp4_workload_platform_engineering_workshop_rhbk_client_backstage_name }} + redirectUri: {{ _backstage_redirect_url }} + webOrigin: {{ _backstage_web_origin }} + secret: {{ ocp4_workload_platform_engineering_workshop_rhbk_client_backstage_secret }} + backstagePlugin: + name: {{ ocp4_workload_platform_engineering_workshop_rhbk_client_backstage_plugin_name }} + secret: {{ ocp4_workload_platform_engineering_workshop_rhbk_client_backstage_plugin_secret }} + users: + password: {{ ocp4_workload_platform_engineering_workshop_rhbk_user_password }} + diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/noobaa/noobaa-application.yaml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/noobaa/noobaa-application.yaml.j2 new file mode 100644 index 00000000000..368dcc1ece5 --- /dev/null +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/noobaa/noobaa-application.yaml.j2 @@ -0,0 +1,32 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: {{ ocp4_workload_platform_engineering_workshop_noobaa_application_name }} + namespace: {{ ocp4_workload_platform_engineering_workshop_noobaa_application_namespace }} + finalizers: + - resources-finalizer.argocd.argoproj.io/foreground +spec: + destination: + name: "" + namespace: {{ ocp4_workload_platform_engineering_workshop_noobaa_namespace }} + server: 'https://kubernetes.default.svc' + project: default + syncPolicy: + automated: {} + retry: + backoff: + duration: 5s + factor: 2 + maxDuration: 3m0s + limit: 2 + syncOptions: + - CreateNamespace=true + - RespectIgnoreDifferences=true + source: + repoURL: {{ ocp4_workload_platform_engineering_workshop_noobaa_gitops_repo }} + targetRevision: {{ ocp4_workload_platform_engineering_workshop_noobaa_gitops_repo_tag }} + path: {{ ocp4_workload_platform_engineering_workshop_noobaa_gitops_repo_path }} + helm: + values: | + noobaa: + nameOverride: {{ ocp4_workload_platform_engineering_workshop_noobaa_name }} diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/openshift-gitops/openshift-gitops.yaml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/openshift-gitops/openshift-gitops.yaml.j2 new file mode 100644 index 00000000000..e2b130dcc77 --- /dev/null +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/openshift-gitops/openshift-gitops.yaml.j2 @@ -0,0 +1,93 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: ArgoCD +metadata: + name: openshift-gitops + namespace: openshift-gitops +spec: +{% if ocp4_workload_platform_engineering_workshop_openshift_gitops_rbac_update | default(false) | bool %} + rbac: + policy: | + {{ ocp4_workload_platform_engineering_workshop_openshift_gitops_rbac_policy | indent(6) }} + scopes: '{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_rbac_scopes | default(omit) }}' +{% endif %} + applicationSet: +{% if ocp4_workload_platform_engineering_workshop_openshift_gitops_applicationset_controller_update | default(false) | bool %} + resources: + limits: + cpu: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_applicationset_controller_limits_cpu }}" + memory: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_applicationset_controller_limits_memory }}" + requests: + cpu: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_applicationset_controller_requests_cpu }}" + memory: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_applicationset_controller_requests_memory }}" +{% endif %} + controller: +{% if ocp4_workload_platform_engineering_workshop_openshift_gitops_controller_update | default(false) | bool %} + resources: + limits: + cpu: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_controller_limits_cpu }}" + memory: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_controller_limits_memory }}" + requests: + cpu: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_controller_requests_cpu }}" + memory: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_controller_requests_memory }}" + appSync: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_controller_app_sync }}" +{% endif %} + dex: +{% if ocp4_workload_platform_engineering_workshop_openshift_gitops_dex_update | default(false) | bool %} + resources: + limits: + cpu: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_dex_limits_cpu }}" + memory: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_dex_limits_memory }}" + requests: + cpu: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_dex_requests_cpu }}" + memory: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_dex_requests_memory }}" +{% endif %} + redis: +{% if ocp4_workload_platform_engineering_workshop_openshift_gitops_redis_update | default(false) | bool %} + resources: + limits: + cpu: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_redis_limits_cpu }}" + memory: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_redis_limits_memory }}" + requests: + cpu: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_redis_requests_cpu }}" + memory: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_redis_requests_memory }}" +{% endif %} + repo: +{% if ocp4_workload_platform_engineering_workshop_openshift_gitops_repo_update | default(false) | bool %} + resources: + limits: + cpu: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_repo_limits_cpu }}" + memory: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_repo_limits_memory }}" + requests: + cpu: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_repo_requests_cpu }}" + memory: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_repo_requests_memory }}" +{% endif %} + server: +{% if ocp4_workload_platform_engineering_workshop_openshift_gitops_server_update | default(false) | bool %} + resources: + limits: + cpu: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_server_limits_cpu }}" + memory: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_server_limits_memory }}" + requests: + cpu: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_server_requests_cpu }}" + memory: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_server_requests_memory }}" +{% endif %} +{% if ocp4_workload_platform_engineering_workshop_openshift_gitops_enable_route | bool %} + route: + enabled: true +{% if ocp4_workload_platform_engineering_workshop_openshift_gitops_update_route_tls | bool %} + tls: + termination: edge + insecureEdgeTerminationPolicy: Redirect + insecure: true +{% endif %} +{% endif %} +{% if ocp4_workload_platform_engineering_workshop_openshift_gitops_resource_customizations | length > 0 %} + extraConfig: + resource.customizations: | + {{ ocp4_workload_platform_engineering_workshop_openshift_gitops_resource_customizations | regex_replace("\n(?!$)", "\n ") }} +{% endif %} +{% if ocp4_workload_platform_engineering_workshop_openshift_gitops_ignore_differences | length > 0 %} + resourceIgnoreDifferences: + {{ ocp4_workload_platform_engineering_workshop_openshift_gitops_ignore_differences | indent(4) }} +{% endif %} diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/openshift-pipelines/openshift-pipelines-application.yaml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/openshift-pipelines/openshift-pipelines-application.yaml.j2 new file mode 100644 index 00000000000..23c42f0a97d --- /dev/null +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/openshift-pipelines/openshift-pipelines-application.yaml.j2 @@ -0,0 +1,28 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: {{ ocp4_workload_platform_engineering_workshop_openshift_pipelines_application_name }} + namespace: {{ ocp4_workload_platform_engineering_workshop_openshift_pipelines_application_namespace }} + finalizers: + - resources-finalizer.argocd.argoproj.io/foreground +spec: + destination: + name: "" + namespace: {{ ocp4_workload_platform_engineering_workshop_openshift_pipelines_namespace }} + server: 'https://kubernetes.default.svc' + project: default + syncPolicy: + automated: {} + retry: + backoff: + duration: 5s + factor: 2 + maxDuration: 3m0s + limit: 2 + syncOptions: + - CreateNamespace=false + - RespectIgnoreDifferences=true + source: + repoURL: {{ ocp4_workload_platform_engineering_workshop_openshift_pipelines_gitops_repo }} + targetRevision: {{ ocp4_workload_platform_engineering_workshop_openshift_pipelines_gitops_repo_tag }} + path: {{ ocp4_workload_platform_engineering_workshop_openshift_pipelines_gitops_repo_path }} diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/parasol/parasol-application.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/parasol/parasol-application.yml.j2 new file mode 100644 index 00000000000..f94d3843d24 --- /dev/null +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/parasol/parasol-application.yml.j2 @@ -0,0 +1,82 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: {{ ocp4_workload_platform_engineering_workshop_parasol_application_name }} + namespace: {{ ocp4_workload_platform_engineering_workshop_parasol_application_namespace }} + finalizers: + - resources-finalizer.argocd.argoproj.io/foreground +spec: + destination: + namespace: {{ ocp4_workload_platform_engineering_workshop_parasol_namespace }} + server: 'https://kubernetes.default.svc' + project: default + source: + repoURL: {{ ocp4_workload_platform_engineering_workshop_parasol_application_repo }} + path: {{ ocp4_workload_platform_engineering_workshop_parasol_application_repo_path }} + targetRevision: {{ ocp4_workload_platform_engineering_workshop_parasol_application_repo_tag }} + helm: + values: | + parasol: + gitlab: + rootPassword: {{ ocp4_workload_platform_engineering_workshop_gitlab_config_root_password }} + host: {{ ocp4_workload_platform_engineering_workshop_gitlab_config_host }} + parasol: + db: + argocd: + namespace: {{ ocp4_workload_platform_engineering_workshop_rhdh_gitops_namespace }} + store: + argocd: + namespace: {{ ocp4_workload_platform_engineering_workshop_rhdh_gitops_namespace }} + web: + argocd: + namespace: {{ ocp4_workload_platform_engineering_workshop_rhdh_gitops_namespace }} + sso: + dev: + host: {{ ocp4_workload_platform_engineering_workshop_rhbk_host }}.{{ r_openshift_subdomain }} + staging: + host: {{ ocp4_workload_platform_engineering_workshop_rhbk_host }}.{{ r_openshift_subdomain }} + prod: + host: {{ ocp4_workload_platform_engineering_workshop_rhbk_host }}.{{ r_openshift_subdomain }} + registry: + host: {{ ocp4_workload_platform_engineering_workshop_quay_registry_host }} + username: {{ ocp4_workload_platform_engineering_workshop_quay_admin_user }} + password: {{ ocp4_workload_platform_engineering_workshop_quay_admin_user_password }} + cluster: + subdomain: {{ r_openshift_subdomain }} + + parasol-build: + gitlab: + rootPassword: {{ ocp4_workload_platform_engineering_workshop_gitlab_config_root_password }} + host: {{ ocp4_workload_platform_engineering_workshop_gitlab_config_host }} + parasol: + store: + argocd: + namespace: {{ ocp4_workload_platform_engineering_workshop_rhdh_gitops_namespace }} + registry: + host: {{ ocp4_workload_platform_engineering_workshop_quay_registry_host }} + username: {{ ocp4_workload_platform_engineering_workshop_quay_admin_user }} + password: {{ ocp4_workload_platform_engineering_workshop_quay_admin_user_password }} + cluster: + subdomain: {{ r_openshift_subdomain }} + parasol-templates: + gitlab: + rootPassword: {{ ocp4_workload_platform_engineering_workshop_gitlab_config_root_password }} + host: {{ ocp4_workload_platform_engineering_workshop_gitlab_config_host }} + gitops: + namespace: {{ ocp4_workload_platform_engineering_workshop_rhdh_gitops_namespace }} + cluster: + subdomain: {{ r_openshift_subdomain }} + keycloak-realm-import: + keycloak: + namespace: {{ ocp4_workload_platform_engineering_workshop_rhbk_namespace }} + hook: + maxTimeToWait: {{ocp4_workload_platform_engineering_workshop_rhbk_max_time_to_wait }} + + syncPolicy: + automated: {} + ignoreDifferences: + - group: k8s.keycloak.org + kind: KeycloakRealmImport + jqPathExpressions: + - .. | (.id, .containerId, .secret)? | strings diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/quay/quay-application.yaml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/quay/quay-application.yaml.j2 new file mode 100644 index 00000000000..8d4ed48b320 --- /dev/null +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/quay/quay-application.yaml.j2 @@ -0,0 +1,43 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: {{ ocp4_workload_platform_engineering_workshop_quay_application_name }} + namespace: {{ ocp4_workload_platform_engineering_workshop_quay_application_namespace }} + finalizers: + - resources-finalizer.argocd.argoproj.io/foreground +spec: + destination: + name: "" + namespace: {{ ocp4_workload_platform_engineering_workshop_quay_namespace }} + server: 'https://kubernetes.default.svc' + project: default + syncPolicy: + automated: {} + retry: + backoff: + duration: 5s + factor: 2 + maxDuration: 3m0s + limit: 2 + syncOptions: + - CreateNamespace=true + - RespectIgnoreDifferences=true + source: + repoURL: {{ ocp4_workload_platform_engineering_workshop_quay_gitops_repo }} + targetRevision: {{ ocp4_workload_platform_engineering_workshop_quay_gitops_repo_tag }} + path: {{ ocp4_workload_platform_engineering_workshop_quay_gitops_repo_path }} + helm: + values: | + quay-registry: + quay: + host: {{ ocp4_workload_platform_engineering_workshop_quay_registry_host }} + adminUser: {{ ocp4_workload_platform_engineering_workshop_quay_admin_user }} + adminUserPassword: {{ ocp4_workload_platform_engineering_workshop_quay_admin_user_password }} + organizations: {{ ocp4_workload_platform_engineering_workshop_quay_organizations }} + vault: + name: {{ ocp4_workload_platform_engineering_workshop_vault_name }} + namespace: {{ ocp4_workload_platform_engineering_workshop_vault_namespace }} + noobaa: + name: {{ ocp4_workload_platform_engineering_workshop_noobaa_name }} + namespace: {{ ocp4_workload_platform_engineering_workshop_noobaa_namespace }} + diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/rhdh-gitops/rhdh-gitops-application.yaml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/rhdh-gitops/rhdh-gitops-application.yaml.j2 new file mode 100644 index 00000000000..d867415940b --- /dev/null +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/rhdh-gitops/rhdh-gitops-application.yaml.j2 @@ -0,0 +1,32 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: {{ ocp4_workload_platform_engineering_workshop_rhdh_gitops_application_name }} + namespace: {{ ocp4_workload_platform_engineering_workshop_rhdh_gitops_application_namespace }} + finalizers: + - resources-finalizer.argocd.argoproj.io/foreground +spec: + destination: + name: "" + namespace: {{ ocp4_workload_platform_engineering_workshop_rhdh_gitops_namespace }} + server: 'https://kubernetes.default.svc' + project: default + syncPolicy: + automated: {} + retry: + backoff: + duration: 5s + factor: 2 + maxDuration: 3m0s + limit: 2 + syncOptions: + - CreateNamespace=true + - RespectIgnoreDifferences=true + source: + repoURL: {{ ocp4_workload_platform_engineering_workshop_rhdh_gitops_gitops_repo }} + targetRevision: {{ ocp4_workload_platform_engineering_workshop_rhdh_gitops_gitops_repo_tag }} + path: {{ ocp4_workload_platform_engineering_workshop_rhdh_gitops_gitops_repo_path }} + helm: + values: | + nameOverride: {{ ocp4_workload_platform_engineering_workshop_rhdh_gitops_name }} + password: {{ ocp4_workload_platform_engineering_workshop_rhdh_gitops_password }} diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/vault/vault-application.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/vault/vault-application.yml.j2 new file mode 100644 index 00000000000..47bae64fc71 --- /dev/null +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/vault/vault-application.yml.j2 @@ -0,0 +1,35 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: {{ ocp4_workload_platform_engineering_workshop_vault_application_name }} + namespace: {{ ocp4_workload_platform_engineering_workshop_vault_application_namespace }} + finalizers: + - resources-finalizer.argocd.argoproj.io/foreground +spec: + destination: + namespace: {{ ocp4_workload_platform_engineering_workshop_vault_namespace }} + server: 'https://kubernetes.default.svc' + project: default + ignoreDifferences: + - group: admissionregistration.k8s.io + kind: MutatingWebhookConfiguration + jqPathExpressions: + - '.webhooks[]?.clientConfig.caBundle' + source: + path: {{ ocp4_workload_platform_engineering_workshop_vault_gitops_repo_path }} + repoURL: {{ ocp4_workload_platform_engineering_workshop_vault_gitops_repo }} + targetRevision: {{ ocp4_workload_platform_engineering_workshop_vault_gitops_repo_tag }} + helm: + values: | + nameOverride: {{ ocp4_workload_platform_engineering_workshop_vault_name }} + kubernetes: + apiserver: {{ r_openshift_api_server }} + vault: + auth: + namespace: {{ ocp4_workload_platform_engineering_workshop_vault_auth_namespace }} + + syncPolicy: + automated: {} + syncOptions: + - CreateNamespace=true From e2273730e7253481e836b3fbb02e2bc78b91f241 Mon Sep 17 00:00:00 2001 From: Bernard Tison Date: Fri, 8 Nov 2024 17:00:48 +0100 Subject: [PATCH 02/15] no defined users --- .../tasks/showroom.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/showroom.yml b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/showroom.yml index 3165d6f37c4..97bb29173ab 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/showroom.yml +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/showroom.yml @@ -2,6 +2,5 @@ - name: Set user info for showroom agnosticd_user_info: - user: "{{ ocp4_workload_authentication_htpasswd_user_base }}{{ ocp4_workload_authentication_htpasswd_user_count }}" data: common_password: "{{ common_password }}" From e8f8cf05438adbdaf02fe127cfbf283fa3e237d2 Mon Sep 17 00:00:00 2001 From: Evan Shortiss Date: Tue, 12 Nov 2024 12:56:25 -0700 Subject: [PATCH 03/15] fix: increase retry count for argo applications to prevent install failures --- .../templates/keycloak/keycloak-application.yaml.j2 | 2 +- .../templates/noobaa/noobaa-application.yaml.j2 | 2 +- .../templates/quay/quay-application.yaml.j2 | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/keycloak/keycloak-application.yaml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/keycloak/keycloak-application.yaml.j2 index 4eb37232138..a675601d607 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/keycloak/keycloak-application.yaml.j2 +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/keycloak/keycloak-application.yaml.j2 @@ -18,7 +18,7 @@ spec: duration: 5s factor: 2 maxDuration: 3m0s - limit: 2 + limit: 10 syncOptions: - CreateNamespace=true - RespectIgnoreDifferences=true diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/noobaa/noobaa-application.yaml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/noobaa/noobaa-application.yaml.j2 index 368dcc1ece5..e2a59f0337f 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/noobaa/noobaa-application.yaml.j2 +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/noobaa/noobaa-application.yaml.j2 @@ -18,7 +18,7 @@ spec: duration: 5s factor: 2 maxDuration: 3m0s - limit: 2 + limit: 10 syncOptions: - CreateNamespace=true - RespectIgnoreDifferences=true diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/quay/quay-application.yaml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/quay/quay-application.yaml.j2 index 8d4ed48b320..14ea4e9ace6 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/quay/quay-application.yaml.j2 +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/quay/quay-application.yaml.j2 @@ -18,7 +18,7 @@ spec: duration: 5s factor: 2 maxDuration: 3m0s - limit: 2 + limit: 10 syncOptions: - CreateNamespace=true - RespectIgnoreDifferences=true From 6a991aec2aba6945c9aa86788a880f9e678301dd Mon Sep 17 00:00:00 2001 From: Jaya Christina Date: Wed, 20 Nov 2024 12:54:36 +0530 Subject: [PATCH 04/15] switching to OIDC --- .../tasks/keycloak.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/keycloak.yml b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/keycloak.yml index 33bf64295ef..d57d32bca2b 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/keycloak.yml +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/keycloak.yml @@ -2,7 +2,7 @@ - name: Set facts ansible.builtin.set_fact: - _backstage_redirect_url: "https://backstage-{{ ocp4_workload_platform_engineering_workshop_rhdh_namespace }}.{{ r_openshift_subdomain }}/oauth2/callback" # yamllint disable-line rule:line-length + _backstage_redirect_url: "https://backstage-{{ ocp4_workload_platform_engineering_workshop_rhdh_namespace }}.{{ r_openshift_subdomain }}/api/auth/oidc/handler/frame" # yamllint disable-line rule:line-length _backstage_web_origin: "https://backstage-{{ ocp4_workload_platform_engineering_workshop_rhdh_namespace }}.{{ r_openshift_subdomain }}" # yamllint disable-line rule:line-length - name: Create RHBK application From 4cf733f6012bb93cddd6a44c648852e32172a139 Mon Sep 17 00:00:00 2001 From: Jaya Christina Date: Wed, 20 Nov 2024 18:53:01 +0530 Subject: [PATCH 05/15] fetching openshift_gitops_password for showroom.yaml --- .../tasks/openshift_gitops.yml | 26 +++++++++++++++++++ .../tasks/showroom.yml | 1 + 2 files changed, 27 insertions(+) diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/openshift_gitops.yml b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/openshift_gitops.yml index b3b50033fef..cf11398116e 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/openshift_gitops.yml +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/openshift_gitops.yml @@ -60,3 +60,29 @@ patch: - op: remove path: /spec/controller/resources/limits/memory + + +- name: Retrieve openshift-gitops-cluster secret + kubernetes.core.k8s_info: + api_version: "v1" + kind: Secret + name: openshift-gitops-cluster + namespace: openshift-gitops + register: r_secret + +- name: Get automation_controller route hostname + ansible.builtin.set_fact: + openshift_gitops_admin_password: "{{ r_secret.resources[0]['data']['admin.password'] |string |b64decode }}" + +- name: Print Access information + agnosticd_user_info: + msg: "{{ item }}" + loop: + - "Login Name: admin" + - "Login Password: {{ openshift_gitops_admin_password }}" + +- name: Print Access information + agnosticd_user_info: + data: + openshift_gitops_user: "admin" + openshift_gitops_password: "{{ openshift_gitops_admin_password }}" \ No newline at end of file diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/showroom.yml b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/showroom.yml index 97bb29173ab..920c462d0a1 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/showroom.yml +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/showroom.yml @@ -4,3 +4,4 @@ agnosticd_user_info: data: common_password: "{{ common_password }}" + openshift_gitops_password: "{{ openshift_gitops_password }}" From 07cdf2ca1f75d32ef0d5a4a26208ca337eaa1d98 Mon Sep 17 00:00:00 2001 From: Jaya Christina Date: Wed, 20 Nov 2024 20:42:22 +0530 Subject: [PATCH 06/15] remove openshift_gitops_password for showroom.yaml --- .../tasks/showroom.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/showroom.yml b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/showroom.yml index 920c462d0a1..97bb29173ab 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/showroom.yml +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/showroom.yml @@ -4,4 +4,3 @@ agnosticd_user_info: data: common_password: "{{ common_password }}" - openshift_gitops_password: "{{ openshift_gitops_password }}" From b41876e9e70d3be257ac1a49c271ea77dc40ef8e Mon Sep 17 00:00:00 2001 From: Jaya Christina Date: Thu, 21 Nov 2024 14:05:53 +0530 Subject: [PATCH 07/15] turning noobaa ON --- .../defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/defaults/main.yml b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/defaults/main.yml index 05db7fd16ea..98d8c76d37e 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/defaults/main.yml +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/defaults/main.yml @@ -180,7 +180,7 @@ ocp4_workload_platform_engineering_workshop_openshift_pipelines_gitops_repo_path # ------------------------------------------------ # set to false when deploying on a cluster with ODF installed -ocp4_workload_platform_engineering_workshop_noobaa_install: false +ocp4_workload_platform_engineering_workshop_noobaa_install: true ocp4_workload_platform_engineering_workshop_noobaa_application_namespace: openshift-gitops ocp4_workload_platform_engineering_workshop_noobaa_application_name: noobaa ocp4_workload_platform_engineering_workshop_noobaa_namespace: openshift-storage From da04b2290b7a7bc43187485503a4698dd1498f66 Mon Sep 17 00:00:00 2001 From: Jaya Christina Date: Fri, 22 Nov 2024 12:21:26 +0530 Subject: [PATCH 08/15] pause between Argo App creation --- .../tasks/keycloak.yml | 8 +++++ .../tasks/workload.yml | 36 +++++++++++++++++++ 2 files changed, 44 insertions(+) diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/keycloak.yml b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/keycloak.yml index d57d32bca2b..4670af0cb18 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/keycloak.yml +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/keycloak.yml @@ -5,7 +5,15 @@ _backstage_redirect_url: "https://backstage-{{ ocp4_workload_platform_engineering_workshop_rhdh_namespace }}.{{ r_openshift_subdomain }}/api/auth/oidc/handler/frame" # yamllint disable-line rule:line-length _backstage_web_origin: "https://backstage-{{ ocp4_workload_platform_engineering_workshop_rhdh_namespace }}.{{ r_openshift_subdomain }}" # yamllint disable-line rule:line-length +- name: Pause for 5 minutes to finish setting up + ansible.builtin.pause: + minutes: 5 + - name: Create RHBK application kubernetes.core.k8s: state: present definition: "{{ lookup('template', 'keycloak/keycloak-application.yaml.j2') | from_yaml }}" + +- name: Pause for 5 minutes to finish setting up + ansible.builtin.pause: + minutes: 5 diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/workload.yml b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/workload.yml index e19af6ed7ce..cf71a7f96ca 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/workload.yml +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/workload.yml @@ -3,9 +3,17 @@ - name: Install OpenShift Gitops ansible.builtin.include_tasks: openshift_gitops.yml +- name: Pause for 5 minutes to finish setting up + ansible.builtin.pause: + minutes: 3 + - name: Install OpenShift Pipelines ansible.builtin.include_tasks: openshift_pipelines.yml +- name: Pause for 5 minutes to finish setting up + ansible.builtin.pause: + minutes: 3 + - name: Install NooBaa ansible.builtin.include_tasks: noobaa.yml @@ -15,23 +23,51 @@ - name: Install External Secrets ansible.builtin.include_tasks: external_secrets.yml +- name: Pause for 5 minutes to finish setting up + ansible.builtin.pause: + minutes: 3 + - name: Install Gitlab ansible.builtin.include_tasks: gitlab.yml +- name: Pause for 5 minutes to finish setting up + ansible.builtin.pause: + minutes: 3 + - name: Install RHBK ansible.builtin.include_tasks: keycloak.yml +- name: Pause for 5 minutes to finish setting up + ansible.builtin.pause: + minutes: 3 + - name: Install Quay ansible.builtin.include_tasks: quay.yml +- name: Pause for 5 minutes to finish setting up + ansible.builtin.pause: + minutes: 3 + - name: Install RHDH GitOps ansible.builtin.include_tasks: rhdh_gitops.yml +- name: Pause for 5 minutes to finish setting up + ansible.builtin.pause: + minutes: 3 + - name: Install Red Hat Developer Hub ansible.builtin.include_tasks: redhat_developer_hub.yml +- name: Pause for 5 minutes to finish setting up + ansible.builtin.pause: + minutes: 3 + - name: Install Parasol ansible.builtin.include_tasks: parasol.yml +- name: Pause for 5 minutes to finish setting up + ansible.builtin.pause: + minutes: 3 + - name: Install Showroom ansible.builtin.include_tasks: showroom.yml From 8906d4b95f2afa23d37d824c3e107b3aacebfb2f Mon Sep 17 00:00:00 2001 From: Jaya Christina Date: Sat, 23 Nov 2024 13:01:02 +0530 Subject: [PATCH 09/15] Kind:ArgoCD to v1beta1 --- .../tasks/openshift_gitops.yml | 4 ++-- .../templates/openshift-gitops/openshift-gitops.yaml.j2 | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/openshift_gitops.yml b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/openshift_gitops.yml index cf11398116e..0ad2c0f366e 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/openshift_gitops.yml +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/openshift_gitops.yml @@ -34,7 +34,7 @@ - name: Wait until openshift-gitops ArgoCD instance has been created kubernetes.core.k8s_info: - api_version: argoproj.io/v1alpha1 + api_version: argoproj.io/v1beta1 kind: ArgoCD name: openshift-gitops namespace: openshift-gitops @@ -53,7 +53,7 @@ - name: Remove memory limit for ArgoCD controller when: ocp4_workload_platform_engineering_workshop_openshift_gitops_controller_remove_memory_limits | bool kubernetes.core.k8s_json_patch: - api_version: argoproj.io/v1alpha1 + api_version: argoproj.io/v1beta1 kind: ArgoCD name: openshift-gitops namespace: openshift-gitops diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/openshift-gitops/openshift-gitops.yaml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/openshift-gitops/openshift-gitops.yaml.j2 index e2b130dcc77..dd4d7c2967b 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/openshift-gitops/openshift-gitops.yaml.j2 +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/templates/openshift-gitops/openshift-gitops.yaml.j2 @@ -1,5 +1,5 @@ --- -apiVersion: argoproj.io/v1alpha1 +apiVersion: argoproj.io/v1beta1 kind: ArgoCD metadata: name: openshift-gitops From 4895d803cc8f9426bf813cd102e47a305dad755a Mon Sep 17 00:00:00 2001 From: Jaya Christina Date: Wed, 4 Dec 2024 21:01:46 +0530 Subject: [PATCH 10/15] wait for openshift-gitops-cluster to be available --- .../tasks/openshift_gitops.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/openshift_gitops.yml b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/openshift_gitops.yml index 0ad2c0f366e..d384157be39 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/openshift_gitops.yml +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/openshift_gitops.yml @@ -69,7 +69,11 @@ name: openshift-gitops-cluster namespace: openshift-gitops register: r_secret - + until: + - r_secret is defined + - r_openshift_gitops.resources is defined + - r_openshift_gitops.resources | length == 1 + - name: Get automation_controller route hostname ansible.builtin.set_fact: openshift_gitops_admin_password: "{{ r_secret.resources[0]['data']['admin.password'] |string |b64decode }}" From 04fc76bed368c8c966085ed7fbb770d1a39c2d38 Mon Sep 17 00:00:00 2001 From: Jaya Christina Date: Wed, 11 Dec 2024 15:52:39 +0530 Subject: [PATCH 11/15] typos corrections --- .../tasks/openshift_gitops.yml | 9 +-------- .../tasks/workload.yml | 18 +++++++++--------- 2 files changed, 10 insertions(+), 17 deletions(-) diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/openshift_gitops.yml b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/openshift_gitops.yml index d384157be39..95eea95553e 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/openshift_gitops.yml +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/openshift_gitops.yml @@ -74,17 +74,10 @@ - r_openshift_gitops.resources is defined - r_openshift_gitops.resources | length == 1 -- name: Get automation_controller route hostname +- name: Get openshift_gitops_admin_password ansible.builtin.set_fact: openshift_gitops_admin_password: "{{ r_secret.resources[0]['data']['admin.password'] |string |b64decode }}" -- name: Print Access information - agnosticd_user_info: - msg: "{{ item }}" - loop: - - "Login Name: admin" - - "Login Password: {{ openshift_gitops_admin_password }}" - - name: Print Access information agnosticd_user_info: data: diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/workload.yml b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/workload.yml index cf71a7f96ca..cd46408b4c4 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/workload.yml +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/workload.yml @@ -3,14 +3,14 @@ - name: Install OpenShift Gitops ansible.builtin.include_tasks: openshift_gitops.yml -- name: Pause for 5 minutes to finish setting up +- name: Pause for 3 minutes to finish setting up ansible.builtin.pause: minutes: 3 - name: Install OpenShift Pipelines ansible.builtin.include_tasks: openshift_pipelines.yml -- name: Pause for 5 minutes to finish setting up +- name: Pause for 3 minutes to finish setting up ansible.builtin.pause: minutes: 3 @@ -23,49 +23,49 @@ - name: Install External Secrets ansible.builtin.include_tasks: external_secrets.yml -- name: Pause for 5 minutes to finish setting up +- name: Pause for 3 minutes to finish setting up ansible.builtin.pause: minutes: 3 - name: Install Gitlab ansible.builtin.include_tasks: gitlab.yml -- name: Pause for 5 minutes to finish setting up +- name: Pause for 3 minutes to finish setting up ansible.builtin.pause: minutes: 3 - name: Install RHBK ansible.builtin.include_tasks: keycloak.yml -- name: Pause for 5 minutes to finish setting up +- name: Pause for 3 minutes to finish setting up ansible.builtin.pause: minutes: 3 - name: Install Quay ansible.builtin.include_tasks: quay.yml -- name: Pause for 5 minutes to finish setting up +- name: Pause for 3 minutes to finish setting up ansible.builtin.pause: minutes: 3 - name: Install RHDH GitOps ansible.builtin.include_tasks: rhdh_gitops.yml -- name: Pause for 5 minutes to finish setting up +- name: Pause for 3 minutes to finish setting up ansible.builtin.pause: minutes: 3 - name: Install Red Hat Developer Hub ansible.builtin.include_tasks: redhat_developer_hub.yml -- name: Pause for 5 minutes to finish setting up +- name: Pause for 3 minutes to finish setting up ansible.builtin.pause: minutes: 3 - name: Install Parasol ansible.builtin.include_tasks: parasol.yml -- name: Pause for 5 minutes to finish setting up +- name: Pause for 3 minutes to finish setting up ansible.builtin.pause: minutes: 3 From b576b93a7294859a1ee609f3882273d7eac43150 Mon Sep 17 00:00:00 2001 From: Jaya Christina Date: Wed, 11 Dec 2024 16:56:44 +0530 Subject: [PATCH 12/15] remove extra lines --- .../tasks/external_secrets.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/external_secrets.yml b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/external_secrets.yml index 9293353f5cb..6940aff5057 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/external_secrets.yml +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/external_secrets.yml @@ -4,4 +4,3 @@ kubernetes.core.k8s: state: present definition: "{{ lookup('template', 'external-secrets/external-secrets-application.yml.j2') | from_yaml }}" - From c13cd1aa9a12816b6031b197df40faaf6f7dde77 Mon Sep 17 00:00:00 2001 From: Jaya Christina Date: Wed, 11 Dec 2024 17:14:02 +0530 Subject: [PATCH 13/15] trailing spaces --- .../tasks/openshift_gitops.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/openshift_gitops.yml b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/openshift_gitops.yml index 95eea95553e..46e86da4063 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/openshift_gitops.yml +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/openshift_gitops.yml @@ -24,7 +24,6 @@ "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_catalog_snapshot_image_tag | default('') }}" install_operator_subscription_config: "{{ ocp4_workload_platform_engineering_workshop_openshift_gitops_operator_config }}" - - name: Grant cluster-admin permissions to Gitops Service account when: ocp4_workload_platform_engineering_workshop_openshift_gitops_setup_cluster_admin | bool @@ -73,7 +72,7 @@ - r_secret is defined - r_openshift_gitops.resources is defined - r_openshift_gitops.resources | length == 1 - + - name: Get openshift_gitops_admin_password ansible.builtin.set_fact: openshift_gitops_admin_password: "{{ r_secret.resources[0]['data']['admin.password'] |string |b64decode }}" From 2814fde0d2d27d54eec33e728f16079136a3d9f5 Mon Sep 17 00:00:00 2001 From: Jaya Christina <5083049+jayachristina@users.noreply.github.com> Date: Wed, 11 Dec 2024 19:11:36 +0530 Subject: [PATCH 14/15] Trailing space --- .../tasks/pre_workload.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/pre_workload.yml b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/pre_workload.yml index b9032ed8abb..0c3a47aa818 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/pre_workload.yml +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/pre_workload.yml @@ -31,7 +31,7 @@ - name: Set API server URL ansible.builtin.set_fact: - r_openshift_api_server: "{{ r_api_url.resources[0].status.apiServerURL }}" + r_openshift_api_server: "{{ r_api_url.resources[0].status.apiServerURL }}" # Leave these as the last tasks in the playbook # --------------------------------------------- From 6d937a90ad2e59819ef9dd3825820f47d65bffa2 Mon Sep 17 00:00:00 2001 From: Jaya Christina <5083049+jayachristina@users.noreply.github.com> Date: Wed, 11 Dec 2024 22:51:24 +0530 Subject: [PATCH 15/15] Lint fix --- .../ocp4_workload_platform_engineering_workshop/tasks/vault.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/vault.yml b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/vault.yml index f52f5d79140..40b86ac7153 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/vault.yml +++ b/ansible/roles_ocp_workloads/ocp4_workload_platform_engineering_workshop/tasks/vault.yml @@ -4,4 +4,3 @@ kubernetes.core.k8s: state: present definition: "{{ lookup('template', 'vault/vault-application.yml.j2') | from_yaml }}" -