From db345467defaf73f1ddb3ad74d9a5b9f02092e86 Mon Sep 17 00:00:00 2001 From: Chris Butler Date: Tue, 29 Apr 2025 15:06:10 +1000 Subject: [PATCH 1/3] fix: add ripple ns Signed-off-by: Chris Butler --- values-simple.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/values-simple.yaml b/values-simple.yaml index 61383f0b..def003ce 100644 --- a/values-simple.yaml +++ b/values-simple.yaml @@ -16,6 +16,8 @@ clusterGroup: - kbs-access - encrypted-storage - experiment + - ripple + subscriptions: # ACM is kept anticipating From d2260b7dfdc3309f1cb4cfac5e3ed404963233fa Mon Sep 17 00:00:00 2001 From: Chris Butler Date: Thu, 1 May 2025 10:57:53 +1000 Subject: [PATCH 2/3] feat: enable LE Signed-off-by: Chris Butler --- .gitignore | 3 ++- rhdp/wrapper.sh | 4 ++-- values-simple.yaml | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index b6764c81..32dc120a 100644 --- a/.gitignore +++ b/.gitignore @@ -17,4 +17,5 @@ azure-env.sh .openshift* .DS_Store openshift-install -node_modules \ No newline at end of file +node_modules +.envrc diff --git a/rhdp/wrapper.sh b/rhdp/wrapper.sh index 67b20ebe..4a7dc17d 100644 --- a/rhdp/wrapper.sh +++ b/rhdp/wrapper.sh @@ -76,10 +76,10 @@ sleep 60 echo "---------------------" echo "pattern install" echo "---------------------" -export KUBECONFIG=`pwd`/openshift-install/auth/kubeconfig +#export KUBECONFIG=`pwd`/openshift-install/auth/kubeconfig -./pattern.sh make install +#./pattern.sh make install echo "---------------------" echo "pattern install done" echo "---------------------" diff --git a/values-simple.yaml b/values-simple.yaml index def003ce..355200f3 100644 --- a/values-simple.yaml +++ b/values-simple.yaml @@ -97,7 +97,7 @@ clusterGroup: # Default to 'safe' for ARO overrides: - name: letsencrypt.enabled - value: false + value: true hello-openshift: name: hello-openshift namespace: hello-openshift From 87ec7267cbb4ba4da169799ce4326b4b1b35f682 Mon Sep 17 00:00:00 2001 From: Chris Butler Date: Thu, 1 May 2025 19:18:35 +1000 Subject: [PATCH 3/3] fix: remove uneeded azure credential code Signed-off-by: Chris Butler --- .../templates/peer-pods-secret-eso.yaml | 60 ------------------- values-simple.yaml | 21 +------ 2 files changed, 1 insertion(+), 80 deletions(-) delete mode 100644 charts/coco-supported/sandbox/templates/peer-pods-secret-eso.yaml diff --git a/charts/coco-supported/sandbox/templates/peer-pods-secret-eso.yaml b/charts/coco-supported/sandbox/templates/peer-pods-secret-eso.yaml deleted file mode 100644 index 80654326..00000000 --- a/charts/coco-supported/sandbox/templates/peer-pods-secret-eso.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{ if .Values.sandbox.azure }} -apiVersion: policy.open-cluster-management.io/v1 -kind: Policy -metadata: - name: peer-pods-secret-policy -spec: - remediationAction: enforce - disabled: false - policy-templates: - - objectDefinition: - apiVersion: policy.open-cluster-management.io/v1 - kind: ConfigurationPolicy - metadata: - name: azure-peer-pods-creds - spec: - remediationAction: enforce - severity: medium - object-templates: - - complianceType: mustonlyhave - objectDefinition: - apiVersion: v1 - type: Opaque - kind: Secret - metadata: - name: peer-pods-secret - namespace: openshift-sandboxed-containers-operator - data: - AZURE_CLIENT_ID: '{{ `{{ fromSecret "openshift-cloud-controller-manager" "azure-cloud-credentials" "azure_client_id" }}` }}' - AZURE_CLIENT_SECRET: '{{ `{{ fromSecret "openshift-cloud-controller-manager" "azure-cloud-credentials" "azure_client_secret" }}` }}' - AZURE_TENANT_ID: '{{ `{{ fromSecret "openshift-cloud-controller-manager" "azure-cloud-credentials" "azure_tenant_id" }}` }}' - AZURE_SUBSCRIPTION_ID: '{{ `{{ fromSecret "openshift-cloud-controller-manager" "azure-cloud-credentials" "azure_subscription_id" }}` }}' ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: peer-pod-secret-binding - annotations: - argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true -placementRef: - name: azure-peer-pods-secret-rule - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: peer-pods-secret-policy - kind: Policy - apiGroup: policy.open-cluster-management.io ------- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: azure-peer-pods-secret-rule -spec: - clusterConditions: - - status: 'True' - type: ManagedClusterConditionAvailable - clusterSelector: - matchLabels: - cloud: Azure ---- -{{ end }} \ No newline at end of file diff --git a/values-simple.yaml b/values-simple.yaml index 355200f3..00485694 100644 --- a/values-simple.yaml +++ b/values-simple.yaml @@ -17,7 +17,6 @@ clusterGroup: - encrypted-storage - experiment - ripple - subscriptions: # ACM is kept anticipating @@ -97,7 +96,7 @@ clusterGroup: # Default to 'safe' for ARO overrides: - name: letsencrypt.enabled - value: true + value: false hello-openshift: name: hello-openshift namespace: hello-openshift @@ -110,24 +109,6 @@ clusterGroup: project: workloads path: charts/coco-supported/kbs-access - encrypted-storage: - name: encrypted-storage - namespace: encrypted-storage - project: workloads - path: charts/coco-supported/encrypted-storage - - image-build: - name: image-build - namespace: kbs-access - project: workloads - path: charts/coco-supported/image-build - - experiment: - name: experiment - namespace: experiment - project: workloads - path: charts/hub/experiment - imperative: # NOTE: We *must* use lists and not hashes. As hashes lose ordering once parsed by helm # The default schedule is every 10 minutes: imperative.schedule