diff --git a/Makefile b/Makefile index 831fee122..b70c4d5d9 100644 --- a/Makefile +++ b/Makefile @@ -12,7 +12,10 @@ lintCheck: yamllint -c .yamllint.yaml telco-core/configuration/reference-crs yamllint -c .yamllint.yaml telco-core/configuration/template-values yamllint -c .yamllint.yaml telco-core/install/ - yamllint -c .yamllint.yaml telco-hub/ + yamllint -c .yamllint.yaml telco-hub/configuration/*yaml + yamllint -c .yamllint.yaml telco-hub/configuration/reference-crs + yamllint -c .yamllint.yaml telco-hub/configuration/example-overlays-config + yamllint -c .yamllint.yaml telco-hub/install/ # markdownlint rules, following: https://github.com/openshift/enhancements/blob/master/Makefile .PHONY: markdownlint-image @@ -32,7 +35,7 @@ markdownlint: markdownlint-image ## run the markdown linter -v $$(pwd):/workdir:Z \ $(IMAGE_NAME)-markdownlint:latest -ci-validate: lintCheck check-reference-core check-reference-ran +ci-validate: lintCheck check-reference-core check-reference-ran check-reference-hub .PHONY: check-reference-core check-reference-core: @@ -41,3 +44,7 @@ check-reference-core: .PHONY: check-reference-ran check-reference-ran: $(MAKE) -C ./telco-ran/configuration check + +.PHONY: check-reference-hub +check-reference-hub: + $(MAKE) -C ./telco-hub/configuration/reference-crs-kube-compare check diff --git a/telco-hub/configuration/example-overlays-config/acm/acmMirrorRegistryCM-patch.yaml b/telco-hub/configuration/example-overlays-config/acm/acmMirrorRegistryCM-patch.yaml index dce34e277..4aa744dbf 100644 --- a/telco-hub/configuration/example-overlays-config/acm/acmMirrorRegistryCM-patch.yaml +++ b/telco-hub/configuration/example-overlays-config/acm/acmMirrorRegistryCM-patch.yaml @@ -1,3 +1,4 @@ +--- - op: replace path: /data/ca-bundle.crt value: | diff --git a/telco-hub/configuration/reference-crs-kube-compare/Makefile b/telco-hub/configuration/reference-crs-kube-compare/Makefile new file mode 100644 index 000000000..213a4c21c --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/Makefile @@ -0,0 +1,50 @@ +.PHONY: check +check: metadata_lint compare + +kubectl-cluster_compare: + @command -v kubectl-cluster_compare > /dev/null 2>&1 || { \ + echo "kubectl-cluster_compare tool isn't installed; please download it from https://github.com/openshift/kube-compare"; \ + } + +helm-convert: + @command -v helm-convert > /dev/null 2>&1 || { \ + echo "helm-convert isn't installed; please download and install it"; \ + } + +.PHONY: metadata_lint +metadata_lint: kubectl-cluster_compare + @echo "Running kube-compare to ensure metadata.yaml is sane" + @COMPARE_OUTPUT=$$(./kubectl-cluster_compare -r ./metadata.yaml -f /dev/null 2>&1); \ + if grep -q 'an error occurred while parsing template' <<<"$${COMPARE_OUTPUT}"; then \ + echo "Template parsing error"; \ + echo "$${COMPARE_OUTPUT}"; \ + exit 1; \ + fi; \ + echo "Okay"; \ + exit 0 + +.PHONY: clean +clean: + rm -rf kubectl-cluster_compare Chartv1 renderedv1 helm + + +.PHONY: convert +convert: helm-convert helm + @echo "Converting reference files to Helm Charts." + @rm -rf Chartv1 renderedv1 + @helm-convert -r ./metadata.yaml -n Chartv1 -v default_value.yaml + @echo "Rendering Helm Charts to CR files." + @helm template renderedv1 ./Chartv1 --output-dir renderedv1 + +helm: + @command -v helm > /dev/null 2>&1 || { \ + echo "helm isn't installed; please download and install it"; \ + } + +.PHONY: compare +compare: convert + @./compare.sh "../reference-crs" renderedv1 + +.PHONY: sync +sync: convert + @./compare.sh --sync "../reference-crs" renderedv1 diff --git a/telco-hub/configuration/reference-crs-kube-compare/ReferenceVersionCheck.yaml b/telco-hub/configuration/reference-crs-kube-compare/ReferenceVersionCheck.yaml new file mode 100644 index 000000000..47d938237 --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/ReferenceVersionCheck.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: config.openshift.io/v1 +kind: ClusterVersion +metadata: + name: version +status: + desired: + version: {{ template "versionMatch" (list .status.desired.version "4.19") }} diff --git a/telco-hub/configuration/reference-crs-kube-compare/compare.sh b/telco-hub/configuration/reference-crs-kube-compare/compare.sh new file mode 100755 index 000000000..20c0310d3 --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/compare.sh @@ -0,0 +1,175 @@ +#! /bin/bash + +trap cleanup EXIT + +function cleanup() { + rm -rf source_file rendered_file same_file +} + +function read_dir() { + local dir=$1 + local file + + for file in "$dir"/*; do + if [ -d "$file" ]; then + read_dir "$file" + else + echo "$file" + fi + done +} + +function compare_cr { + local rendered_dir=$1 + local source_dir=$2 + local exclusionfile=$3 + local status=0 + + local DIFF=${DIFF:-colordiff} + if ! command -v "$DIFF" >/dev/null; then + echo "Warning: Requested diff tool '$DIFF' is not found; falling back to plain old 'diff'" + DIFF="diff" + fi + + read_dir "$rendered_dir" |grep yaml > rendered_file + read_dir "$source_dir" |grep yaml > source_file + + # Apply ignore filtering before comparison + while IFS= read -r file; do + [[ ${file::1} != "#" ]] || continue # Skip any comment lines in the exclusionfile + [[ -n ${file} ]] || continue # Skip empty lines + sed -i "/${file##*/}/d" source_file + sed -i "/${file##*/}/d" rendered_file + done < "$exclusionfile" + + local source_cr rendered + while IFS= read -r source_cr; do + while IFS= read -r rendered; do + if [ "${source_cr##*/}" = "${rendered##*/}" ]; then + # helm adds a yaml doc header (---) and a leading comment to every source_cr file; so remove those lines + tail -n +3 "$rendered" > "$rendered.fixed" + mv "$rendered.fixed" "$rendered" + + # Check the differences + if ! "$DIFF" -u "$source_cr" "$rendered"; then + status=$(( status || 1 )) + printf "\n\n**********************************************************************************\n\n" + fi + # cleanup + echo "$source_cr" >> same_file + fi + done < rendered_file + done < source_file + + # Filter out files with a source-cr/reference match from the full list of potentiol source-crs/reference files + while IFS= read -r file; do + [[ ${file::1} != "#" ]] || continue # Skip any comment lines in the exclusionfile + [[ -n ${file} ]] || continue # Skip empty lines + sed -i "/${file##*/}/d" source_file + sed -i "/${file##*/}/d" rendered_file + done < <(cat same_file "$exclusionfile") + + if [[ -s source_file || -s rendered_file ]]; then + [ -s source_file ] && printf "\n\nThe following files exist in source-crs only, but not found in reference:\n" && cat source_file + [ -s rendered_file ] && printf "\nThe following files exist in reference only, but not found in source-crs:\n" && cat rendered_file + status=1 + fi + + return $status +} + +sync_cr() { + local rendered_dir=$1 + local source_dir=$2 + local exclusionfile=$3 + local status=0 + + local -a renderedFiles + readarray -t renderedFiles < <(read_dir "$rendered_dir" | grep yaml) + + local -a sourceFiles + readarray -t sourceFiles < <(read_dir "$source_dir" | grep yaml) + + local -a excludedFiles + readarray -t excludedFiles < <(grep -v '^#' "$exclusionfile" | grep -v '^$') + + local source rendered excluded found + for rendered in "${renderedFiles[@]}"; do + found=0 + for source in "${sourceFiles[@]}"; do + if [ "${source##*/}" = "${rendered##*/}" ]; then + # Match found! + found=1 + break + fi + done + if [[ $found == 0 ]]; then + source="$source_dir/${rendered##*/}" + fi + + # Replace the CR with the rendered copy (minus the helm-rendered heading) + tail -n +3 "$rendered" >"$source" + git add "$source" + done + + for source in "${sourceFiles[@]}"; do + found=0 + for rendered in "${renderedFiles[@]}"; do + if [ "${source##*/}" = "${rendered##*/}" ]; then + # Match found! + found=1 + break + fi + done + for excluded in "${excludedFiles[@]}"; do + if [ "${source##*/}" = "${excluded##*/}" ]; then + # Match found! + found=1 + break + fi + done + if [[ $found == 0 ]]; then + git rm -f "$source" + fi + done + + git diff --cached --stat --exit-code +} + +usage() { + echo "$(basename "$0") [--sync] sourceDir renderDir" + echo + echo "Compares the rendered reference-based CRs to the CRs in the compare directory" +} + +DOSYNC=0 +for arg in "$@"; do + case "$arg" in + -h | --help) + usage + exit 0 + ;; + --sync) + DOSYNC=1 + shift + ;; + esac +done +SOURCEDIR=$1 +if [[ ! -d $SOURCEDIR ]]; then + echo "No such source directory $SOURCEDIR" + usage + exit 1 +fi +RENDERDIR=$2 +if [[ ! -d $RENDERDIR ]]; then + echo "No such source directory $RENDERDIR" + usage + exit 1 +fi + +if [[ $DOSYNC == 1 ]]; then + sync_cr "$RENDERDIR" "$SOURCEDIR" compare_ignore +else + compare_cr "$RENDERDIR" "$SOURCEDIR" compare_ignore +fi diff --git a/telco-hub/configuration/reference-crs-kube-compare/compare_ignore b/telco-hub/configuration/reference-crs-kube-compare/compare_ignore new file mode 100644 index 000000000..576cbc374 --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/compare_ignore @@ -0,0 +1,63 @@ +# Internal files for cluster-compare, not real CRs +metadata.yaml + +# Used in the reference only for version compliance checks +ReferenceVersionCheck.yaml + +# Not yet published in the RDS: +optional/quay/quayNS.yaml +optional/quay/quayOperatorGroup.yaml +optional/quay/quaySubscription.yaml + +# Reference templates not implemented yet: +optional/logging/clusterLogForwarder.yaml +optional/logging/clusterLogServiceAccount.yaml +optional/logging/clusterLogServiceAccountAuditBinding.yaml +optional/logging/clusterLogServiceAccountInfrastructureBinding.yaml +required/registry/catalog-source.yaml +required/registry/idms-operator.yaml +required/registry/idms-release.yaml +required/registry/itms-generic.yaml +required/registry/itms-release.yaml +required/registry/operator-hub.yaml +required/gitops/addPluginsPolicy.yaml +required/gitops/app-project.yaml +required/gitops/argocd-application.yaml +required/gitops/argocd-ssh-known-hosts-cm.yaml +required/gitops/argocd-tls-certs-cm.yaml +required/gitops/clusterrolebinding.yaml +required/gitops/clusterrole.yaml +required/gitops/gitopsNS.yaml +required/gitops/gitopsOperatorGroup.yaml +required/gitops/gitopsSubscription.yaml +required/gitops/kustomization.yaml +required/gitops/ztp-installation/app-project.yaml +required/gitops/ztp-installation/clusters-app.yaml +required/gitops/ztp-installation/gitops-cluster-rolebinding.yaml +required/gitops/ztp-installation/gitops-policy-rolebinding.yaml +required/gitops/ztp-installation/kustomization.yaml +required/gitops/ztp-installation/policies-app-project.yaml +required/gitops/ztp-installation/policies-app.yaml +required/gitops/ztp-repo.yaml +optional/cert-manager/certManagerClusterIssuer.yaml +optional/cert-manager/certManagerNS.yaml +optional/cert-manager/certManagerOperatorgroup.yaml +optional/cert-manager/certManagerSubscription.yaml +optional/cert-manager/consoleCertificate.yaml +optional/cert-manager/downloadsCertificate.yaml +optional/cert-manager/oauthServiceCertificate.yaml +optional/backup-recovery/backupSchedule.yaml +optional/backup-recovery/dataProtectionApplication.yaml +optional/backup-recovery/objectBucketClaim.yaml +optional/backup-recovery/policy-backup.yaml +optional/backup-recovery/restore.yaml +optional/odf-internal/odfReady.yaml +required/acm/acmPerfSearch.yaml +required/acm/thanosSecretPolicy.yaml + +# ArgoCD files +kustomization.yaml +optional/lso/kustomization.yaml +optional/odf-internal/kustomization.yaml +required/talm/kustomization.yaml +required/acm/kustomization.yaml diff --git a/telco-hub/configuration/reference-crs-kube-compare/default_value.yaml b/telco-hub/configuration/reference-crs-kube-compare/default_value.yaml new file mode 100644 index 000000000..190472d0f --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/default_value.yaml @@ -0,0 +1,280 @@ +optional_odf_internal_storageCluster: +- metadata: + annotations: + argocd.argoproj.io/sync-wave: "-2" + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + spec: + manageNodes: false + resources: + mds: + limits: + cpu: "3" + memory: "8Gi" + requests: + cpu: "3" + memory: "8Gi" + storageDeviceSets: + - count: 1 + dataPVCTemplate: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: "600Gi" + storageClassName: "local-sc" + volumeMode: Block + name: ocs-deviceset + placement: {} + portable: false + replica: 3 + resources: + limits: + cpu: "2" + memory: "5Gi" + requests: + cpu: "2" + memory: "5Gi" + monDataDirHostPath: /var/lib/rook + +optional_lso_lsoLocalVolume: +- metadata: + name: "local-disks" + namespace: "openshift-local-storage" + annotations: + argocd.argoproj.io/sync-wave: "-3" + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + spec: + logLevel: Normal + managementState: Managed + nodeSelector: + nodeSelectorTerms: + - matchExpressions: + - key: cluster.ocs.openshift.io/openshift-storage + operator: In + values: + - "" + storageClassDevices: + - storageClassName: "local-sc" + forceWipeDevicesAndDestroyAllData: true + volumeMode: Block + devicePaths: + - /dev/disk/by-path/pci-xxx + +optional_lso_lsoNS: +- metadata: + annotations: + argocd.argoproj.io/sync-wave: "-5" + labels: + openshift.io/cluster-monitoring: "true" + +optional_lso_lsoOperatorGroup: +- metadata: + annotations: + argocd.argoproj.io/sync-wave: "-5" + spec: + targetNamespaces: + - openshift-local-storage + +optional_lso_lsoSubscription: +- metadata: + annotations: + argocd.argoproj.io/sync-wave: "-5" + spec: + source: redhat-operators-disconnected + +optional_odf_internal_odfNS: +- metadata: + annotations: + argocd.argoproj.io/sync-wave: "-5" + workload.openshift.io/allowed: management + +optional_odf_internal_odfOperatorGroup: +- metadata: + annotations: + argocd.argoproj.io/sync-wave: "-5" + spec: {} + +optional_odf_internal_odfSubscription: +- metadata: + annotations: + argocd.argoproj.io/sync-wave: "-5" + spec: + source: redhat-operators-disconnected + +# ACM defaults +required_acm_acmSubscription: +- spec: + source: redhat-operators-disconnected + +required_acm_acmProvisioning: +- metadata: + annotations: + argocd.argoproj.io/sync-wave: "6" + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + spec: + watchAllNamespaces: true + provisioningNetwork: Disabled + # disableVirtualMediaTLS: true + +required_acm_observabilityMCO: +- spec: + availabilityConfig: Basic + storageConfig: + storageClass: " # your-fs-storageclass-here" + alertmanagerStorageSize: 10Gi + compactStorageSize: 100Gi + receiveStorageSize: 10Gi + ruleStorageSize: 30Gi + storeStorageSize: 100Gi + +required_acm_observabilityOBC: +- spec: + storageClassName: example-storage-class + +required_acm_acmAgentServiceConfig: +- metadata: + annotations: + argocd.argoproj.io/sync-wave: "7" + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + spec: + databaseStorage: + storageClassName: " # your-fs-storageclass-here" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + filesystemStorage: + storageClassName: " # your-fs-storageclass-here" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + imageStorage: + storageClassName: " # your-fs-storageclass-here" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + mirrorRegistryRef: + name: mirror-registry-config + osImages: + - cpuArchitecture: "x86_64" + openshiftVersion: "4.17" + rootFSUrl: http:///rhcos-4.17.0-x86_64-live-rootfs.x86_64.img + url: http:///rhcos-4.17.0-x86_64-live.x86_64.iso + version: "417.94.202409121747-0" + - cpuArchitecture: "x86_64" + openshiftVersion: "4.18" + rootFSUrl: http:///rhcos-4.18.0-x86_64-live-rootfs.x86_64.img + url: http:///rhcos-4.18.0-x86_64-live.x86_64.iso + version: "418.94.202502100215-0" + - cpuArchitecture: "x86_64" + openshiftVersion: "4.19" + rootFSUrl: http:///rhcos-4.19.0-x86_64-live-rootfs.x86_64.img + url: http:///rhcos-4.19.0-x86_64-live-iso.x86_64.iso + version: "9.6.20250530-0" + osImageVersion: {} + +required_acm_acmMirrorRegistryCM: +- metadata: + annotations: + argocd.argoproj.io/sync-wave: "5" + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + data: + ca-bundle.crt: | + -----BEGIN CERTIFICATE----- + MIID7jCCAtagAwXXX... + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + MIIDvTCCAqWgAwXXX... + -----END CERTIFICATE----- + registries.conf: | + unqualified-search-registries = ["registry.access.redhat.com", "docker.io"] + [[registry]] + prefix = "" + location = "quay.io/openshift-release-dev" + [[registry.mirror]] + location = "/openshift-release-dev" + pull-from-mirror = "digest-only" + [[registry]] + prefix = "" + location = "quay.io/openshift-release-dev/ocp-release" + [[registry.mirror]] + location = "/openshift-release-dev/ocp-release" + pull-from-mirror = "digest-only" + [[registry]] + prefix = "" + location = "quay.io/openshift-release-dev/ocp-v4.0-art-dev" + [[registry.mirror]] + location = "/openshift-release-dev/ocp-v4.0-art-dev" + pull-from-mirror = "digest-only" + [[registry]] + prefix = "" + location = "registry.redhat.io/multicluster-engine" + [[registry.mirror]] + location = "/multicluster-engine" + pull-from-mirror = "digest-only" + [[registry]] + prefix = "" + location = "registry.redhat.io/odf4" + [[registry.mirror]] + location = "/odf4" + pull-from-mirror = "digest-only" + [[registry]] + prefix = "" + location = "registry.redhat.io/openshift4" + [[registry.mirror]] + location = "/openshift4" + pull-from-mirror = "digest-only" + [[registry]] + prefix = "" + location = "registry.redhat.io/rhacm2" + [[registry.mirror]] + location = "/rhacm2" + pull-from-mirror = "digest-only" + [[registry]] + prefix = "" + location = "registry.redhat.io/rhceph" + [[registry.mirror]] + location = "/rhceph" + pull-from-mirror = "digest-only" + [[registry]] + prefix = "" + location = "registry.redhat.io/rhel8" + [[registry.mirror]] + location = "/rhel8" + pull-from-mirror = "digest-only" + [[registry]] + prefix = "" + location = "registry.redhat.io/rhel9" + [[registry.mirror]] + location = "/rhel9" + pull-from-mirror = "digest-only" + [[registry]] + prefix = "" + location = "registry.redhat.io/ubi8" + [[registry.mirror]] + location = "/ubi8" + pull-from-mirror = "tag-only" + +required_acm_observabilitySecret: +- data: + # Value provided by user or by pull-secret-openshift-config-copy policy + .dockerconfigjson: '' + +required_talm_talmSubscription: +- spec: + source: redhat-operators-disconnected + +optional_logging_clusterLogNS: +- metadata: + annotations: + workload.openshift.io/allowed: management + +optional_logging_clusterLogSubscription: +- spec: + source: redhat-operators-disconnected diff --git a/telco-hub/configuration/reference-crs-kube-compare/metadata.yaml b/telco-hub/configuration/reference-crs-kube-compare/metadata.yaml new file mode 100644 index 000000000..a4f4ebfa7 --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/metadata.yaml @@ -0,0 +1,136 @@ +--- +apiVersion: v2 +parts: + - name: version-check + description: |- + A mismatch here means you may be using the wrong reference. + This reference was designed for OpenShift 4.19. + components: + - name: version-check + allOf: + - path: ReferenceVersionCheck.yaml + config: + ignore-unspecified-fields: true + fieldsToOmitRefs: + - allowStatusCheck + - name: optional-storage + components: + - name: local-storage-operator + description: |- + https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/scalability_and_performance/telco-hub-ref-design-specs#telco-hub-local-storage-operator_telco-hub + allOrNoneOf: + - path: optional/lso/lsoNS.yaml + - path: optional/lso/lsoOperatorGroup.yaml + - path: optional/lso/lsoSubscription.yaml + - path: optional/lso/lsoLocalVolume.yaml + - name: odf-internal-operator + description: |- + https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/scalability_and_performance/telco-hub-ref-design-specs#telco-hub-openshift-data-foundation_telco-hub + allOrNoneOf: + - path: optional/odf-internal/odfNS.yaml + - path: optional/odf-internal/odfOperatorGroup.yaml + - path: optional/odf-internal/odfSubscription.yaml + - path: optional/odf-internal/storageCluster.yaml + config: + ignore-unspecified-fields: true + - name: required-talm + description: |- + https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/scalability_and_performance/telco-hub-ref-design-specs#telco-hub-topology-aware-lifecycle-manager-talm_telco-hub + components: + - name: talm-operator + allOf: + - path: required/talm/talmSubscription.yaml + - name: required-acm + description: |- + https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/scalability_and_performance/telco-hub-ref-design-specs#telco-hub-red-hat-advanced-cluster-management-rhacm_telco-hub + components: + - name: acm-operator + allOf: + - path: required/acm/acmNS.yaml + - path: required/acm/acmOperGroup.yaml + - path: required/acm/acmSubscription.yaml + - path: required/acm/acmMCH.yaml + - path: required/acm/acmMCE.yaml + - path: required/acm/acmProvisioning.yaml + config: + ignore-unspecified-fields: true + - path: required/acm/acmMirrorRegistryCM.yaml + - path: required/acm/acmAgentServiceConfig.yaml + - path: required/acm/observabilityMCO.yaml + config: + ignore-unspecified-fields: true + - path: required/acm/observabilityNS.yaml + - path: required/acm/observabilityOBC.yaml + config: + ignore-unspecified-fields: true + - path: required/acm/observabilitySecret.yaml + - path: required/acm/pullSecretPolicy.yaml + - path: required/acm/pullSecretPlacement.yaml + - path: required/acm/pullSecretPlacementBinding.yaml + - path: required/acm/pullSecretMCSB.yaml + - path: required/acm/thanosSecretPolicy.yaml + config: + ignore-unspecified-fields: true + fieldsToOmitRefs: + - templates + - path: required/acm/thanosSecretPlacement.yaml + - path: required/acm/thanosSecretPlacementBinding.yaml + - name: optional-logging + description: |- + https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/scalability_and_performance/telco-hub-ref-design-specs#telco-hub-logging_telco-hub + components: + - name: cluster-logging-operator + allOrNoneOf: + - path: optional/logging/clusterLogNS.yaml + - path: optional/logging/clusterLogOperGroup.yaml + - path: optional/logging/clusterLogSubscription.yaml + +templateFunctionFiles: + - version_match.tmpl + +fieldsToOmit: + defaultOmitRef: all + items: + defaults: + - pathToKey: metadata.annotations."kubectl.kubernetes.io/last-applied-configuration" + - pathToKey: metadata.annotations."openshift.io/sa.scc.uid-range" + - pathToKey: metadata.annotations."openshift.io/sa.scc.mcs" + - pathToKey: metadata.annotations."openshift.io/sa.scc.supplemental-groups" + - pathToKey: metadata.annotations."olm.providedAPIs" + - pathToKey: metadata.annotations."argocd.argoproj.io" + isPrefix: true + - pathToKey: metadata.annotations."installer.multicluster.openshift.io" + isPrefix: true + - pathToKey: metadata.annotations."installer.open-cluster-management.io" + isPrefix: true + - pathToKey: metadata.annotations."security.openshift.io/MinimallySufficientPodSecurityStandard" + - pathToKey: metadata.labels."kubernetes.io/metadata.name" + - pathToKey: metadata.labels."security.openshift.io/scc.podSecurityLabelSync" + - pathToKey: metadata.labels."operators.coreos.com/local-storage-operator.openshift-local-storage" + - pathToKey: metadata.labels."operators.coreos.com/odf-operator.openshift-storage" + - pathToKey: metadata.labels."operators.coreos.com/topology-aware-lifecycle-manager.openshift-operators" + - pathToKey: metadata.labels."operators.coreos.com/advanced-cluster-management.open-cluster-management" + - pathToKey: metadata.labels."agent-install.openshift.io/watch" + - pathToKey: metadata.labels."cluster.open-cluster-management.io/backup" + - pathToKey: metadata.labels."pod-security.kubernetes.io" + isPrefix: true + - pathToKey: metadata.labels."olm.operatorgroup.uid" + isPrefix: true + - pathToKey: metadata.labels."app.kubernetes.io/instance" + - pathToKey: metadata.labels."installer.name" + - pathToKey: metadata.labels."installer.namespace" + - pathToKey: metadata.labels."multiclusterhubs.operator.open-cluster-management.io/managed-by" + - pathToKey: metadata.creationTimestamp + - pathToKey: metadata.finalizers + - pathToKey: metadata.generation + - pathToKey: metadata.resourceVersion + - pathToKey: metadata.uid + - pathToKey: metadata.ownerReferences + - pathToKey: spec.finalizers + allowStatusCheck: + - include: defaults + templates: + - pathToKey: spec.policy-templates + all: + - include: defaults + - pathToKey: status diff --git a/telco-hub/configuration/reference-crs-kube-compare/optional/logging/clusterLogNS.yaml b/telco-hub/configuration/reference-crs-kube-compare/optional/logging/clusterLogNS.yaml new file mode 100644 index 000000000..bcfc99edf --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/optional/logging/clusterLogNS.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: openshift-logging +{{- if .metadata.annotations }} + annotations: +{{- range $key, $value := .metadata.annotations }} + {{ $key }}: {{ $value }} +{{- end }} +{{- end }} diff --git a/telco-hub/configuration/reference-crs-kube-compare/optional/logging/clusterLogOperGroup.yaml b/telco-hub/configuration/reference-crs-kube-compare/optional/logging/clusterLogOperGroup.yaml new file mode 100644 index 000000000..35c1b3991 --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/optional/logging/clusterLogOperGroup.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: operators.coreos.com/v1 +kind: OperatorGroup +metadata: + name: cluster-logging + namespace: openshift-logging +spec: + targetNamespaces: + - openshift-logging + {{- if .spec.upgradeStrategy }} + upgradeStrategy: Default + {{- end }} diff --git a/telco-hub/configuration/reference-crs-kube-compare/optional/logging/clusterLogSubscription.yaml b/telco-hub/configuration/reference-crs-kube-compare/optional/logging/clusterLogSubscription.yaml new file mode 100644 index 000000000..01907497a --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/optional/logging/clusterLogSubscription.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: operators.coreos.com/v1alpha1 +kind: Subscription +metadata: + name: cluster-logging + namespace: openshift-logging +spec: + channel: "stable-6.2" + name: cluster-logging + source: {{ .spec.source }} + sourceNamespace: openshift-marketplace + installPlanApproval: Automatic diff --git a/telco-hub/configuration/reference-crs-kube-compare/optional/lso/lsoLocalVolume.yaml b/telco-hub/configuration/reference-crs-kube-compare/optional/lso/lsoLocalVolume.yaml new file mode 100644 index 000000000..b0977e14b --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/optional/lso/lsoLocalVolume.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: "local.storage.openshift.io/v1" +kind: "LocalVolume" +metadata: + name: {{ .metadata.name | quote }} + namespace: "openshift-local-storage" + annotations: + argocd.argoproj.io/sync-wave: "-3" + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true +spec: + logLevel: Normal + managementState: Managed + {{- if .spec.nodeSelector }} + nodeSelector: + {{- .spec.nodeSelector | toYaml | nindent 4 }} + {{- end }} + storageClassDevices: + {{- range .spec.storageClassDevices }} + - storageClassName: {{ .storageClassName | quote }} + forceWipeDevicesAndDestroyAllData: true + {{- if or (eq .volumeMode "Block") (eq .volumeMode "Filesystem") }} + volumeMode: {{ .volumeMode }} + {{- else }} + volumeMode: must be 'Block' or 'Filesystem' + {{- end }} + devicePaths: + {{- .devicePaths | toYaml | nindent 8 }} + {{- end }} diff --git a/telco-hub/configuration/reference-crs-kube-compare/optional/lso/lsoNS.yaml b/telco-hub/configuration/reference-crs-kube-compare/optional/lso/lsoNS.yaml new file mode 100644 index 000000000..cfe82946c --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/optional/lso/lsoNS.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: openshift-local-storage + annotations: + argocd.argoproj.io/sync-wave: "-5" + labels: + openshift.io/cluster-monitoring: "true" diff --git a/telco-hub/configuration/reference-crs-kube-compare/optional/lso/lsoOperatorGroup.yaml b/telco-hub/configuration/reference-crs-kube-compare/optional/lso/lsoOperatorGroup.yaml new file mode 100644 index 000000000..2fcf19740 --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/optional/lso/lsoOperatorGroup.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: operators.coreos.com/v1 +kind: OperatorGroup +metadata: + annotations: + argocd.argoproj.io/sync-wave: "-5" + name: local-operator-group + namespace: openshift-local-storage +spec: + targetNamespaces: + - openshift-local-storage + {{- if .spec.upgradeStrategy }} + upgradeStrategy: Default + {{- end }} diff --git a/telco-hub/configuration/reference-crs-kube-compare/optional/lso/lsoSubscription.yaml b/telco-hub/configuration/reference-crs-kube-compare/optional/lso/lsoSubscription.yaml new file mode 100644 index 000000000..80d4f6119 --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/optional/lso/lsoSubscription.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: operators.coreos.com/v1alpha1 +kind: Subscription +metadata: + annotations: + argocd.argoproj.io/sync-wave: "-5" + name: local-storage-operator + namespace: openshift-local-storage +spec: + channel: stable + installPlanApproval: Automatic + name: local-storage-operator + source: {{ .spec.source }} + sourceNamespace: openshift-marketplace diff --git a/telco-hub/configuration/reference-crs-kube-compare/optional/odf-internal/odfNS.yaml b/telco-hub/configuration/reference-crs-kube-compare/optional/odf-internal/odfNS.yaml new file mode 100644 index 000000000..cd2316510 --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/optional/odf-internal/odfNS.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: openshift-storage + annotations: + argocd.argoproj.io/sync-wave: "-5" + workload.openshift.io/allowed: management + labels: + openshift.io/cluster-monitoring: "true" diff --git a/telco-hub/configuration/reference-crs-kube-compare/optional/odf-internal/odfOperatorGroup.yaml b/telco-hub/configuration/reference-crs-kube-compare/optional/odf-internal/odfOperatorGroup.yaml new file mode 100644 index 000000000..9272a6b38 --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/optional/odf-internal/odfOperatorGroup.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: operators.coreos.com/v1 +kind: OperatorGroup +metadata: + annotations: + argocd.argoproj.io/sync-wave: "-5" + name: openshift-storage-operatorgroup + namespace: openshift-storage +spec: + targetNamespaces: + - openshift-storage + {{- if .spec.upgradeStrategy }} + upgradeStrategy: Default + {{- end }} diff --git a/telco-hub/configuration/reference-crs-kube-compare/optional/odf-internal/odfSubscription.yaml b/telco-hub/configuration/reference-crs-kube-compare/optional/odf-internal/odfSubscription.yaml new file mode 100644 index 000000000..48eed8eb4 --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/optional/odf-internal/odfSubscription.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: operators.coreos.com/v1alpha1 +kind: Subscription +metadata: + annotations: + argocd.argoproj.io/sync-wave: "-5" + name: odf-operator + namespace: openshift-storage +spec: + channel: "stable-4.18" + name: odf-operator + source: {{ .spec.source }} + sourceNamespace: openshift-marketplace + installPlanApproval: Automatic diff --git a/telco-hub/configuration/reference-crs-kube-compare/optional/odf-internal/storageCluster.yaml b/telco-hub/configuration/reference-crs-kube-compare/optional/odf-internal/storageCluster.yaml new file mode 100644 index 000000000..8ec1f1228 --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/optional/odf-internal/storageCluster.yaml @@ -0,0 +1,46 @@ +--- +apiVersion: ocs.openshift.io/v1 +kind: StorageCluster +metadata: + name: ocs-storagecluster + namespace: openshift-storage + annotations: + argocd.argoproj.io/sync-wave: "-2" + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true +spec: + manageNodes: false + {{- if .spec.resources }} + resources: + mds: + limits: + cpu: {{ .spec.resources.mds.limits.cpu | quote }} + memory: {{ .spec.resources.mds.limits.memory | quote }} + requests: + cpu: {{ .spec.resources.mds.requests.cpu | quote }} + memory: {{ .spec.resources.mds.requests.memory | quote }} + {{- end }} + monDataDirHostPath: /var/lib/rook + storageDeviceSets: + {{- range .spec.storageDeviceSets }} + - count: {{ .count }} # <-- Modify count to desired value. For each set of 3 disks increment the count by 1. + dataPVCTemplate: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .dataPVCTemplate.spec.resources.requests.storage | quote }} # <-- This should be changed as per storage size. Minimum 100 GiB and Maximum 4 TiB + storageClassName: {{ .dataPVCTemplate.spec.storageClassName | quote }} # match this with the storage block created at the LSO step + volumeMode: Block + name: ocs-deviceset + placement: {} + portable: false + replica: 3 + resources: + limits: + cpu: {{ .resources.limits.cpu | quote }} + memory: {{ .resources.limits.memory | quote }} + requests: + cpu: {{ .resources.requests.cpu | quote }} + memory: {{ .resources.requests.memory | quote }} + {{- end }} diff --git a/telco-hub/configuration/reference-crs-kube-compare/required/acm/acmAgentServiceConfig.yaml b/telco-hub/configuration/reference-crs-kube-compare/required/acm/acmAgentServiceConfig.yaml new file mode 100644 index 000000000..2c640b01c --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/required/acm/acmAgentServiceConfig.yaml @@ -0,0 +1,42 @@ +--- +apiVersion: agent-install.openshift.io/v1beta1 +kind: AgentServiceConfig +metadata: + name: agent + annotations: + argocd.argoproj.io/sync-wave: "7" + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true +spec: + databaseStorage: + storageClassName: {{ .spec.databaseStorage.storageClassName }} + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .spec.databaseStorage.resources.requests.storage }} + filesystemStorage: + storageClassName: {{ .spec.filesystemStorage.storageClassName }} + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .spec.filesystemStorage.resources.requests.storage }} + imageStorage: + storageClassName: {{ .spec.imageStorage.storageClassName }} + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .spec.imageStorage.resources.requests.storage }} + mirrorRegistryRef: + name: mirror-registry-config + osImages: + # Replace with the address of the local web server that stores the RHCOS images. + # The images can be downloaded from "https://mirror.openshift.com/pub/openshift-v4/x86_64/dependencies/rhcos/". + {{- range .spec.osImages }} + - cpuArchitecture: {{ .cpuArchitecture | quote }} + openshiftVersion: {{ .openshiftVersion | quote }} + rootFSUrl: {{ .rootFSUrl }} + url: {{ .url }} + version: {{ .version | quote }} + {{- end }} diff --git a/telco-hub/configuration/reference-crs-kube-compare/required/acm/acmMCE.yaml b/telco-hub/configuration/reference-crs-kube-compare/required/acm/acmMCE.yaml new file mode 100644 index 000000000..574bda309 --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/required/acm/acmMCE.yaml @@ -0,0 +1,62 @@ +--- +apiVersion: multicluster.openshift.io/v1 +kind: MultiClusterEngine +metadata: + annotations: + argocd.argoproj.io/sync-wave: "5" + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + name: multiclusterengine +spec: + availabilityConfig: High + overrides: + components: + - configOverrides: {} + enabled: true + name: local-cluster + - configOverrides: {} + enabled: true + name: assisted-service + - configOverrides: {} + enabled: true + name: cluster-lifecycle + - configOverrides: {} + enabled: true + name: cluster-manager + - configOverrides: {} + enabled: true + name: discovery + - configOverrides: {} + enabled: true + name: hive + - configOverrides: {} + enabled: true + name: server-foundation + - configOverrides: {} + enabled: false + name: cluster-proxy-addon + - configOverrides: {} + enabled: true + name: hypershift-local-hosting + - configOverrides: {} + enabled: true + name: hypershift + - configOverrides: {} + enabled: true + name: managedserviceaccount + - configOverrides: {} + enabled: false + name: cluster-api-preview + - configOverrides: {} + enabled: false + name: cluster-api-provider-aws-preview + - configOverrides: {} + enabled: true + name: image-based-install-operator + - configOverrides: {} + enabled: true + name: console-mce + targetNamespace: multicluster-engine + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/infra + operator: Exists diff --git a/telco-hub/configuration/reference-crs-kube-compare/required/acm/acmMCH.yaml b/telco-hub/configuration/reference-crs-kube-compare/required/acm/acmMCH.yaml new file mode 100644 index 000000000..b8f9ecbbd --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/required/acm/acmMCH.yaml @@ -0,0 +1,60 @@ +--- +apiVersion: operator.open-cluster-management.io/v1 +kind: MultiClusterHub +metadata: + annotations: + argocd.argoproj.io/sync-wave: "4" + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + installer.open-cluster-management.io/mce-subscription-spec: '{"source": "redhat-operators-disconnected", "installPlanApproval": "Automatic"}' + installer.open-cluster-management.io/oadp-subscription-spec: '{"source": "redhat-operators-disconnected", "installPlanApproval": "Automatic"}' + name: multiclusterhub + namespace: open-cluster-management +spec: + availabilityConfig: High + enableClusterBackup: false + ingress: {} + overrides: + components: + - configOverrides: {} + enabled: true + name: app-lifecycle + - configOverrides: {} + enabled: true + name: cluster-lifecycle + - configOverrides: {} + enabled: true + name: cluster-permission + - configOverrides: {} + enabled: true + name: console + - configOverrides: {} + enabled: true + name: grc + - configOverrides: {} + enabled: true + name: insights + - configOverrides: {} + enabled: true + name: multicluster-engine + - configOverrides: {} + enabled: true + name: multicluster-observability + - configOverrides: {} + enabled: true + name: search + - configOverrides: {} + enabled: true + name: submariner-addon + - configOverrides: {} + enabled: true + name: volsync + - configOverrides: {} + enabled: true + name: cluster-backup + - configOverrides: {} + enabled: true + name: siteconfig + - configOverrides: {} + enabled: false + name: edge-manager-preview + separateCertificateManagement: false diff --git a/telco-hub/configuration/reference-crs-kube-compare/required/acm/acmMirrorRegistryCM.yaml b/telco-hub/configuration/reference-crs-kube-compare/required/acm/acmMirrorRegistryCM.yaml new file mode 100644 index 000000000..012dbe067 --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/required/acm/acmMirrorRegistryCM.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: mirror-registry-config + annotations: + argocd.argoproj.io/sync-wave: "5" + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + namespace: multicluster-engine + labels: + app: assisted-service +data: +{{- if .data }} + # Add the mirror registry SSL certificate chain up to the CA itself. + ca-bundle.crt: | +{{ index .data "ca-bundle.crt" | trimSuffix "\n" | indent 4 }} + # The registries.conf field has been populated using the registries.conf file found in "/etc/containers/registries.conf" on each node. + # Replace with the mirror registry's address. + registries.conf: | +{{ index .data "registries.conf" | trimSuffix "\n" | indent 4 }} +{{- end }} diff --git a/telco-hub/configuration/reference-crs-kube-compare/required/acm/acmNS.yaml b/telco-hub/configuration/reference-crs-kube-compare/required/acm/acmNS.yaml new file mode 100644 index 000000000..960802415 --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/required/acm/acmNS.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + labels: + openshift.io/cluster-monitoring: "true" + name: open-cluster-management diff --git a/telco-hub/configuration/reference-crs-kube-compare/required/acm/acmOperGroup.yaml b/telco-hub/configuration/reference-crs-kube-compare/required/acm/acmOperGroup.yaml new file mode 100644 index 000000000..7bdbfad66 --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/required/acm/acmOperGroup.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: operators.coreos.com/v1 +kind: OperatorGroup +metadata: + name: open-cluster-management-group + namespace: open-cluster-management +spec: + targetNamespaces: + - open-cluster-management + {{- if .spec.upgradeStrategy }} + upgradeStrategy: Default + {{- end }} diff --git a/telco-hub/configuration/reference-crs-kube-compare/required/acm/acmProvisioning.yaml b/telco-hub/configuration/reference-crs-kube-compare/required/acm/acmProvisioning.yaml new file mode 100644 index 000000000..121b6e5a2 --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/required/acm/acmProvisioning.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: metal3.io/v1alpha1 +kind: Provisioning +metadata: + name: provisioning-configuration + annotations: + argocd.argoproj.io/sync-wave: "6" + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true +spec: + watchAllNamespaces: true + # some servers do not support virtual media installations + # when the image is served using the https protocol + # disableVirtualMediaTLS: true + {{- if .spec.disableVirtualMediaTLS }} + disableVirtualMediaTLS: true + {{- end }} diff --git a/telco-hub/configuration/reference-crs-kube-compare/required/acm/acmSubscription.yaml b/telco-hub/configuration/reference-crs-kube-compare/required/acm/acmSubscription.yaml new file mode 100644 index 000000000..65bfa0cff --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/required/acm/acmSubscription.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: operators.coreos.com/v1alpha1 +kind: Subscription +metadata: + name: open-cluster-management-subscription + namespace: open-cluster-management +spec: + channel: release-2.13 + installPlanApproval: Automatic + name: advanced-cluster-management + source: {{ .spec.source }} + sourceNamespace: openshift-marketplace diff --git a/telco-hub/configuration/reference-crs-kube-compare/required/acm/observabilityMCO.yaml b/telco-hub/configuration/reference-crs-kube-compare/required/acm/observabilityMCO.yaml new file mode 100644 index 000000000..12a7b0976 --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/required/acm/observabilityMCO.yaml @@ -0,0 +1,47 @@ +--- +apiVersion: observability.open-cluster-management.io/v1beta2 +kind: MultiClusterObservability +metadata: + name: observability + annotations: + argocd.argoproj.io/sync-wave: "10" + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + # avoids MultiClusterHub Observability to own/manage the + # spoke clusters configuration about AlertManager forwards. + # ZTP Policies will be in charge of configuring it + # https://issues.redhat.com/browse/CNF-13398 + mco-disable-alerting: "true" +spec: + # based on the data provided by acm-capacity tool + # https://github.com/stolostron/capacity-planning/blob/main/calculation/ObsSizingTemplate-Rev1.ipynb + # for an scenario with: + # 3500SNOs, 125 pods and 4 Namespaces (apart from Openshift NS) + # storage retention 15 days + # downsampling disabled + # default MCO Addon configuration samples_per_hour, pv_retention_hrs. + # More on how to stimate: https://access.redhat.com/articles/7103886 + advanced: + retentionConfig: + blockDuration: 2h + deleteDelay: 48h + retentionInLocal: 24h + retentionResolutionRaw: 15d + enableDownsampling: false + observabilityAddonSpec: + enableMetrics: true + interval: 300 + storageConfig: + storageClass: {{ .spec.storageConfig.storageClass }} + alertmanagerStorageSize: {{ .spec.storageConfig.alertmanagerStorageSize }} + compactStorageSize: {{ .spec.storageConfig.compactStorageSize }} + metricObjectStorage: + # buckets storage should provide a capacity + # of at least 2.5TB + key: thanos.yaml + name: thanos-object-storage + receiveStorageSize: {{ .spec.storageConfig.receiveStorageSize }} + ruleStorageSize: {{ .spec.storageConfig.ruleStorageSize }} + storeStorageSize: {{ .spec.storageConfig.storeStorageSize }} + # In addition to these storage settings, the `metricObjectStorage` + # points to an Object Storage. Under the reference configuration, + # scale and retention the estimated object storage is about 101Gi diff --git a/telco-hub/configuration/reference-crs-kube-compare/required/acm/observabilityNS.yaml b/telco-hub/configuration/reference-crs-kube-compare/required/acm/observabilityNS.yaml new file mode 100644 index 000000000..6eee63d14 --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/required/acm/observabilityNS.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + labels: + openshift.io/cluster-monitoring: "true" + name: open-cluster-management-observability diff --git a/telco-hub/configuration/reference-crs-kube-compare/required/acm/observabilityOBC.yaml b/telco-hub/configuration/reference-crs-kube-compare/required/acm/observabilityOBC.yaml new file mode 100644 index 000000000..1ef1da5a3 --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/required/acm/observabilityOBC.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: objectbucket.io/v1alpha1 +kind: ObjectBucketClaim +metadata: + name: observability-obc + annotations: + argocd.argoproj.io/sync-wave: "8" + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + namespace: open-cluster-management-observability +spec: + generateBucketName: observability-object-bucket + storageClassName: openshift-storage.noobaa.io diff --git a/telco-hub/configuration/reference-crs-kube-compare/required/acm/observabilitySecret.yaml b/telco-hub/configuration/reference-crs-kube-compare/required/acm/observabilitySecret.yaml new file mode 100644 index 000000000..2d6300005 --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/required/acm/observabilitySecret.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + argocd.argoproj.io/sync-wave: "9" + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + labels: + cluster.open-cluster-management.io/backup: "" + name: multiclusterhub-operator-pull-secret + namespace: open-cluster-management-observability +type: kubernetes.io/dockerconfigjson +data: +{{- if .data }} + # Value provided by user or by pull-secret-openshift-config-copy policy + .dockerconfigjson: {{ index .data ".dockerconfigjson" | quote }} +{{- end }} diff --git a/telco-hub/configuration/reference-crs-kube-compare/required/acm/pullSecretMCSB.yaml b/telco-hub/configuration/reference-crs-kube-compare/required/acm/pullSecretMCSB.yaml new file mode 100644 index 000000000..e8dace2d1 --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/required/acm/pullSecretMCSB.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: cluster.open-cluster-management.io/v1beta2 +kind: ManagedClusterSetBinding +metadata: + annotations: + argocd.argoproj.io/sync-wave: "9" + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + name: default + namespace: open-cluster-management-observability +spec: + clusterSet: default diff --git a/telco-hub/configuration/reference-crs-kube-compare/required/acm/pullSecretPlacement.yaml b/telco-hub/configuration/reference-crs-kube-compare/required/acm/pullSecretPlacement.yaml new file mode 100644 index 000000000..aebeca5b5 --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/required/acm/pullSecretPlacement.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: cluster.open-cluster-management.io/v1beta1 +kind: Placement +metadata: + annotations: + argocd.argoproj.io/sync-wave: "9" + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + name: pull-secret-copy + namespace: open-cluster-management-observability +spec: + predicates: + - requiredClusterSelector: + labelSelector: + matchExpressions: + - key: name + operator: In + values: + - local-cluster diff --git a/telco-hub/configuration/reference-crs-kube-compare/required/acm/pullSecretPlacementBinding.yaml b/telco-hub/configuration/reference-crs-kube-compare/required/acm/pullSecretPlacementBinding.yaml new file mode 100644 index 000000000..6b4539fb0 --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/required/acm/pullSecretPlacementBinding.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: policy.open-cluster-management.io/v1 +kind: PlacementBinding +metadata: + annotations: + argocd.argoproj.io/sync-wave: "9" + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + name: pull-secret-copy + namespace: open-cluster-management-observability +placementRef: + name: pull-secret-copy + apiGroup: cluster.open-cluster-management.io + kind: Placement +subjects: + - name: pull-secret-copy + apiGroup: policy.open-cluster-management.io + kind: Policy diff --git a/telco-hub/configuration/reference-crs-kube-compare/required/acm/pullSecretPolicy.yaml b/telco-hub/configuration/reference-crs-kube-compare/required/acm/pullSecretPolicy.yaml new file mode 100644 index 000000000..43bde25fd --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/required/acm/pullSecretPolicy.yaml @@ -0,0 +1,34 @@ +--- +# this policy will create a copy of the pull secret from openshift-config to open-cluster-management-observability namespace +apiVersion: policy.open-cluster-management.io/v1 +kind: Policy +metadata: + name: pull-secret-copy + namespace: open-cluster-management-observability + annotations: + argocd.argoproj.io/sync-wave: "9" + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + policy.open-cluster-management.io/description: Policy used to copy the pull secret from openshift-config to open-cluster-management-observability namespace +spec: + remediationAction: enforce + disabled: false + policy-templates: + - objectDefinition: + apiVersion: policy.open-cluster-management.io/v1 + kind: ConfigurationPolicy + metadata: + name: pull-secret-openshift-config-copy + spec: + object-templates: + - complianceType: musthave + objectDefinition: + apiVersion: v1 + data: + .dockerconfigjson: {{ `'{{- if eq (lookup "v1" "Secret" "open-cluster-management" "multiclusterhub-operator-pull-secret").kind "Secret" -}} {{- fromSecret "open-cluster-management" "multiclusterhub-operator-pull-secret" ".dockerconfigjson" -}} {{- else -}} {{- fromSecret "openshift-config" "pull-secret" ".dockerconfigjson" -}} {{- end -}}'` }} + kind: Secret + metadata: + labels: + cluster.open-cluster-management.io/backup: "" + name: multiclusterhub-operator-pull-secret + namespace: open-cluster-management-observability + type: kubernetes.io/dockerconfigjson diff --git a/telco-hub/configuration/reference-crs-kube-compare/required/acm/thanosSecretPlacement.yaml b/telco-hub/configuration/reference-crs-kube-compare/required/acm/thanosSecretPlacement.yaml new file mode 100644 index 000000000..a54b3c0d1 --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/required/acm/thanosSecretPlacement.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: cluster.open-cluster-management.io/v1beta1 +kind: Placement +metadata: + name: obs-thanos-pl + namespace: hub-policies + annotations: + argocd.argoproj.io/sync-wave: "9" + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true +spec: + predicates: + - requiredClusterSelector: + labelSelector: + matchExpressions: + - key: name + operator: In + values: + - local-cluster diff --git a/telco-hub/configuration/reference-crs-kube-compare/required/acm/thanosSecretPlacementBinding.yaml b/telco-hub/configuration/reference-crs-kube-compare/required/acm/thanosSecretPlacementBinding.yaml new file mode 100644 index 000000000..50ea1e136 --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/required/acm/thanosSecretPlacementBinding.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: policy.open-cluster-management.io/v1 +kind: PlacementBinding +metadata: + name: obs-thanos-binding + namespace: hub-policies + annotations: + argocd.argoproj.io/sync-wave: "9" + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true +placementRef: + name: obs-thanos-pl + apiGroup: cluster.open-cluster-management.io + kind: Placement +subjects: + - name: obs-thanos-secret + apiGroup: policy.open-cluster-management.io + kind: Policy diff --git a/telco-hub/configuration/reference-crs-kube-compare/required/acm/thanosSecretPolicy.yaml b/telco-hub/configuration/reference-crs-kube-compare/required/acm/thanosSecretPolicy.yaml new file mode 100644 index 000000000..b995c4c44 --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/required/acm/thanosSecretPolicy.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: policy.open-cluster-management.io/v1 +kind: Policy +metadata: + annotations: + policy.open-cluster-management.io/categories: CM Configuration Management + policy.open-cluster-management.io/controls: CM-2 Baseline Configuration + policy.open-cluster-management.io/description: "" + policy.open-cluster-management.io/standards: NIST SP 800-53 + argocd.argoproj.io/sync-wave: "9" + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + name: obs-thanos-secret + namespace: hub-policies +spec: + disabled: false + policy-templates: + - objectDefinition: + apiVersion: policy.open-cluster-management.io/v1 + kind: ConfigurationPolicy + metadata: + name: thanos-secret-cp + spec: + remediationAction: enforce + severity: high diff --git a/telco-hub/configuration/reference-crs-kube-compare/required/talm/talmSubscription.yaml b/telco-hub/configuration/reference-crs-kube-compare/required/talm/talmSubscription.yaml new file mode 100644 index 000000000..b49e2c21d --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/required/talm/talmSubscription.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: operators.coreos.com/v1alpha1 +kind: Subscription +metadata: + name: openshift-topology-aware-lifecycle-manager-subscription + namespace: openshift-operators +spec: + channel: stable + installPlanApproval: Automatic + name: topology-aware-lifecycle-manager + source: {{ .spec.source }} + sourceNamespace: openshift-marketplace diff --git a/telco-hub/configuration/reference-crs-kube-compare/version_match.tmpl b/telco-hub/configuration/reference-crs-kube-compare/version_match.tmpl new file mode 100644 index 000000000..c5af9af76 --- /dev/null +++ b/telco-hub/configuration/reference-crs-kube-compare/version_match.tmpl @@ -0,0 +1,9 @@ +{{- define "versionMatch" }} + {{- $version := semver (index . 0 | default "0.0.0") }} + {{- $target := semver (index . 1) }} + {{- $result := print ($target.Original) ".*" }} + {{- if and (eq $version.Major $target.Major) (eq $version.Minor $target.Minor) }} + {{- $result = $version.Original }} + {{- end }} + {{- $result }} +{{- end }} diff --git a/telco-hub/configuration/reference-crs/optional/lso/lsoLocalVolume.yaml b/telco-hub/configuration/reference-crs/optional/lso/lsoLocalVolume.yaml index 3b24e6511..cb858673e 100644 --- a/telco-hub/configuration/reference-crs/optional/lso/lsoLocalVolume.yaml +++ b/telco-hub/configuration/reference-crs/optional/lso/lsoLocalVolume.yaml @@ -8,13 +8,15 @@ metadata: argocd.argoproj.io/sync-wave: "-3" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true spec: + logLevel: Normal + managementState: Managed nodeSelector: nodeSelectorTerms: - matchExpressions: - - key: cluster.ocs.openshift.io/openshift-storage - operator: In - values: - - "" + - key: cluster.ocs.openshift.io/openshift-storage + operator: In + values: + - "" storageClassDevices: - storageClassName: "local-sc" forceWipeDevicesAndDestroyAllData: true diff --git a/telco-hub/configuration/reference-crs/required/acm/acmMCE.yaml b/telco-hub/configuration/reference-crs/required/acm/acmMCE.yaml index d9bdeafb8..574bda309 100644 --- a/telco-hub/configuration/reference-crs/required/acm/acmMCE.yaml +++ b/telco-hub/configuration/reference-crs/required/acm/acmMCE.yaml @@ -1,3 +1,4 @@ +--- apiVersion: multicluster.openshift.io/v1 kind: MultiClusterEngine metadata: @@ -31,7 +32,7 @@ spec: enabled: true name: server-foundation - configOverrides: {} - enabled: true + enabled: false name: cluster-proxy-addon - configOverrides: {} enabled: true diff --git a/telco-hub/configuration/reference-crs/required/acm/acmMirrorRegistryCM.yaml b/telco-hub/configuration/reference-crs/required/acm/acmMirrorRegistryCM.yaml index 8a7954cb1..669b966d1 100644 --- a/telco-hub/configuration/reference-crs/required/acm/acmMirrorRegistryCM.yaml +++ b/telco-hub/configuration/reference-crs/required/acm/acmMirrorRegistryCM.yaml @@ -25,87 +25,66 @@ data: [[registry]] prefix = "" location = "quay.io/openshift-release-dev" - [[registry.mirror]] location = "/openshift-release-dev" pull-from-mirror = "digest-only" - [[registry]] prefix = "" location = "quay.io/openshift-release-dev/ocp-release" - [[registry.mirror]] location = "/openshift-release-dev/ocp-release" pull-from-mirror = "digest-only" - [[registry]] prefix = "" location = "quay.io/openshift-release-dev/ocp-v4.0-art-dev" - [[registry.mirror]] location = "/openshift-release-dev/ocp-v4.0-art-dev" pull-from-mirror = "digest-only" - [[registry]] prefix = "" location = "registry.redhat.io/multicluster-engine" - [[registry.mirror]] location = "/multicluster-engine" pull-from-mirror = "digest-only" - [[registry]] prefix = "" location = "registry.redhat.io/odf4" - [[registry.mirror]] location = "/odf4" pull-from-mirror = "digest-only" - [[registry]] prefix = "" location = "registry.redhat.io/openshift4" - [[registry.mirror]] location = "/openshift4" pull-from-mirror = "digest-only" - [[registry]] prefix = "" location = "registry.redhat.io/rhacm2" - [[registry.mirror]] location = "/rhacm2" pull-from-mirror = "digest-only" - [[registry]] prefix = "" location = "registry.redhat.io/rhceph" - [[registry.mirror]] location = "/rhceph" pull-from-mirror = "digest-only" - [[registry]] prefix = "" location = "registry.redhat.io/rhel8" - [[registry.mirror]] location = "/rhel8" pull-from-mirror = "digest-only" - [[registry]] prefix = "" location = "registry.redhat.io/rhel9" - [[registry.mirror]] location = "/rhel9" pull-from-mirror = "digest-only" - [[registry]] prefix = "" location = "registry.redhat.io/ubi8" - [[registry.mirror]] location = "/ubi8" pull-from-mirror = "tag-only" diff --git a/telco-hub/configuration/reference-crs/required/acm/kustomization.yaml b/telco-hub/configuration/reference-crs/required/acm/kustomization.yaml index 81f4633e1..e4d41b621 100644 --- a/telco-hub/configuration/reference-crs/required/acm/kustomization.yaml +++ b/telco-hub/configuration/reference-crs/required/acm/kustomization.yaml @@ -6,6 +6,7 @@ resources: - acmOperGroup.yaml - acmSubscription.yaml - acmMCH.yaml + - acmMCSB.yaml - acmMCE.yaml - acmAgentServiceConfig.yaml - acmMirrorRegistryCM.yaml @@ -13,7 +14,14 @@ resources: - acmProvisioning.yaml - observabilityNS.yaml - observabilityOBC.yaml - - thanosSecret.yaml + - thanosSecretPolicy.yaml + - thanosSecretPlacement.yaml + - thanosSecretPlacementBinding.yaml + - thanosSecretMCSB.yaml # - observabilitySecret.yaml - - pull-secret-copy.yaml + - pullSecretPolicy.yaml + - pullSecretPlacement.yaml + - pullSecretPlacementBinding.yaml + - pullSecretMCSB.yaml + - observabilityMCO.yaml diff --git a/telco-hub/configuration/reference-crs/required/acm/observabilitySecret.yaml b/telco-hub/configuration/reference-crs/required/acm/observabilitySecret.yaml index 3a7d1d5c8..b2587bc8f 100644 --- a/telco-hub/configuration/reference-crs/required/acm/observabilitySecret.yaml +++ b/telco-hub/configuration/reference-crs/required/acm/observabilitySecret.yaml @@ -11,4 +11,5 @@ metadata: namespace: open-cluster-management-observability type: kubernetes.io/dockerconfigjson data: - .dockerconfigjson: '' # Value provided by user or by pull-secret-openshift-config-copy policy + # Value provided by user or by pull-secret-openshift-config-copy policy + .dockerconfigjson: "" diff --git a/telco-hub/configuration/reference-crs/required/acm/pullSecretMCSB.yaml b/telco-hub/configuration/reference-crs/required/acm/pullSecretMCSB.yaml new file mode 100644 index 000000000..e8dace2d1 --- /dev/null +++ b/telco-hub/configuration/reference-crs/required/acm/pullSecretMCSB.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: cluster.open-cluster-management.io/v1beta2 +kind: ManagedClusterSetBinding +metadata: + annotations: + argocd.argoproj.io/sync-wave: "9" + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + name: default + namespace: open-cluster-management-observability +spec: + clusterSet: default diff --git a/telco-hub/configuration/reference-crs/required/acm/pullSecretPlacement.yaml b/telco-hub/configuration/reference-crs/required/acm/pullSecretPlacement.yaml new file mode 100644 index 000000000..aebeca5b5 --- /dev/null +++ b/telco-hub/configuration/reference-crs/required/acm/pullSecretPlacement.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: cluster.open-cluster-management.io/v1beta1 +kind: Placement +metadata: + annotations: + argocd.argoproj.io/sync-wave: "9" + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + name: pull-secret-copy + namespace: open-cluster-management-observability +spec: + predicates: + - requiredClusterSelector: + labelSelector: + matchExpressions: + - key: name + operator: In + values: + - local-cluster diff --git a/telco-hub/configuration/reference-crs/required/acm/pullSecretPlacementBinding.yaml b/telco-hub/configuration/reference-crs/required/acm/pullSecretPlacementBinding.yaml new file mode 100644 index 000000000..6b4539fb0 --- /dev/null +++ b/telco-hub/configuration/reference-crs/required/acm/pullSecretPlacementBinding.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: policy.open-cluster-management.io/v1 +kind: PlacementBinding +metadata: + annotations: + argocd.argoproj.io/sync-wave: "9" + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + name: pull-secret-copy + namespace: open-cluster-management-observability +placementRef: + name: pull-secret-copy + apiGroup: cluster.open-cluster-management.io + kind: Placement +subjects: + - name: pull-secret-copy + apiGroup: policy.open-cluster-management.io + kind: Policy diff --git a/telco-hub/configuration/reference-crs/required/acm/pull-secret-copy.yaml b/telco-hub/configuration/reference-crs/required/acm/pullSecretPolicy.yaml similarity index 53% rename from telco-hub/configuration/reference-crs/required/acm/pull-secret-copy.yaml rename to telco-hub/configuration/reference-crs/required/acm/pullSecretPolicy.yaml index 08f69292e..70109556d 100644 --- a/telco-hub/configuration/reference-crs/required/acm/pull-secret-copy.yaml +++ b/telco-hub/configuration/reference-crs/required/acm/pullSecretPolicy.yaml @@ -28,53 +28,7 @@ spec: kind: Secret metadata: labels: - ccluster.open-cluster-management.io/backup: "" + cluster.open-cluster-management.io/backup: "" name: multiclusterhub-operator-pull-secret namespace: open-cluster-management-observability type: kubernetes.io/dockerconfigjson ---- -apiVersion: cluster.open-cluster-management.io/v1beta1 -kind: Placement -metadata: - annotations: - argocd.argoproj.io/sync-wave: "9" - argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true - name: pull-secret-copy - namespace: open-cluster-management-observability -spec: - predicates: - - requiredClusterSelector: - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - local-cluster ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - annotations: - argocd.argoproj.io/sync-wave: "9" - argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true - name: pull-secret-copy - namespace: open-cluster-management-observability -placementRef: - name: pull-secret-copy - apiGroup: cluster.open-cluster-management.io - kind: Placement -subjects: - - name: pull-secret-copy - apiGroup: policy.open-cluster-management.io - kind: Policy ---- -apiVersion: cluster.open-cluster-management.io/v1beta2 -kind: ManagedClusterSetBinding -metadata: - annotations: - argocd.argoproj.io/sync-wave: "9" - argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true - name: default - namespace: open-cluster-management-observability -spec: - clusterSet: default diff --git a/telco-hub/configuration/reference-crs/required/acm/readme.md b/telco-hub/configuration/reference-crs/required/acm/readme.md index fed82d03e..66ee242a8 100644 --- a/telco-hub/configuration/reference-crs/required/acm/readme.md +++ b/telco-hub/configuration/reference-crs/required/acm/readme.md @@ -5,15 +5,16 @@ 3. Create the `acmMCH.yaml`. 4. If Subscription was set to Manual installPlanApproval, approve the created InstallPlan on `multicluster-engine` 5. Apply the `acmProvisioning.yaml`. -6. Create the `acmAgentServiceConfig.yaml` (Two PVs are required, so ODF must be configured prior to this step). -7. The `multicluster-engine` enables the `cluster-proxy-addon` feature by default. Apply the following patch to disable it: `oc patch multiclusterengines.multicluster.openshift.io multiclusterengine --type=merge --patch-file ./disable-cluster-proxy-addon.json`. -8. Create the `observabilityNS.yaml`. -9. Create the pull-secret. There are two methods to create the pull-secret: - - The pull-secret multiclusterhub-operator-pull-secret can be automatically created by the ACM policy in pull-secret-copy.yaml. If secret multiclusterhub-operator-pull-secret exists in open-cluster-management, the policy copy it to ns open-cluster-management-observability. If the previous command returns an empty value, then copy secret pull-secret from ns openshift-config. +6. Create the `acmMirrorRegistryCM.yaml`. +7. Create the `acmAgentServiceConfig.yaml` (Two PVs are required, so ODF must be configured prior to this step). +8. The `multicluster-engine` enables the `cluster-proxy-addon` feature by default. Apply the following patch to disable it: `oc patch multiclusterengines.multicluster.openshift.io multiclusterengine --type=merge --patch-file ./disable-cluster-proxy-addon.json`. +9. Create the `observabilityNS.yaml`. +10. Create the pull-secret. There are two methods to create the pull-secret: + - The pull-secret multiclusterhub-operator-pull-secret can be automatically created by the ACM policy in pullSecretPolicy.yaml. If secret multiclusterhub-operator-pull-secret exists in open-cluster-management, the policy copy it to ns open-cluster-management-observability. If the previous command returns an empty value, then copy secret pull-secret from ns openshift-config. - If you want to use your own pull-secret, you may update the value of .dockerconfigjson in observabilitySecret.yaml. -10. Create the `observabilityOBC.yaml`. -11. The Thanos secret will be automatically created by the ACM Policy - in `thanosSecret.yaml`. +11. Create the `observabilityOBC.yaml`. +12. The Thanos secret will be automatically created by the ACM Policy + in `thanosSecretPolicy.yaml`. - The `bucket` and the `endpoint` are copied from the ConfigMap that the OBC automatically creates in its namespace. The policy pulls the bucket name and host from the fields `BUCKET_NAME` @@ -24,5 +25,5 @@ `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` are pulled from the secret and base64 decoded before being inserted into the Thanos secret. -12. Create the `observabilityMCO.yaml`. -13. When all the installation is done. Apply the `acmPerfSearch.yaml` .This will configure Search CR called `search-v2-operator` considering different performance and scale optimizations. +13. Create the `observabilityMCO.yaml`. +14. When all the installation is done. Apply the `acmPerfSearch.yaml` .This will configure Search CR called `search-v2-operator` considering different performance and scale optimizations. diff --git a/telco-hub/configuration/reference-crs/required/acm/thanosSecretPlacement.yaml b/telco-hub/configuration/reference-crs/required/acm/thanosSecretPlacement.yaml new file mode 100644 index 000000000..a54b3c0d1 --- /dev/null +++ b/telco-hub/configuration/reference-crs/required/acm/thanosSecretPlacement.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: cluster.open-cluster-management.io/v1beta1 +kind: Placement +metadata: + name: obs-thanos-pl + namespace: hub-policies + annotations: + argocd.argoproj.io/sync-wave: "9" + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true +spec: + predicates: + - requiredClusterSelector: + labelSelector: + matchExpressions: + - key: name + operator: In + values: + - local-cluster diff --git a/telco-hub/configuration/reference-crs/required/acm/thanosSecretPlacementBinding.yaml b/telco-hub/configuration/reference-crs/required/acm/thanosSecretPlacementBinding.yaml new file mode 100644 index 000000000..50ea1e136 --- /dev/null +++ b/telco-hub/configuration/reference-crs/required/acm/thanosSecretPlacementBinding.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: policy.open-cluster-management.io/v1 +kind: PlacementBinding +metadata: + name: obs-thanos-binding + namespace: hub-policies + annotations: + argocd.argoproj.io/sync-wave: "9" + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true +placementRef: + name: obs-thanos-pl + apiGroup: cluster.open-cluster-management.io + kind: Placement +subjects: + - name: obs-thanos-secret + apiGroup: policy.open-cluster-management.io + kind: Policy diff --git a/telco-hub/configuration/reference-crs/required/acm/thanosSecret.yaml b/telco-hub/configuration/reference-crs/required/acm/thanosSecretPolicy.yaml similarity index 76% rename from telco-hub/configuration/reference-crs/required/acm/thanosSecret.yaml rename to telco-hub/configuration/reference-crs/required/acm/thanosSecretPolicy.yaml index e0e6f43f2..20ebe3b07 100644 --- a/telco-hub/configuration/reference-crs/required/acm/thanosSecret.yaml +++ b/telco-hub/configuration/reference-crs/required/acm/thanosSecretPolicy.yaml @@ -55,41 +55,6 @@ spec: ($awsAccess.data.AWS_ACCESS_KEY_ID | base64dec) ($awsAccess.data.AWS_SECRET_ACCESS_KEY | base64dec) ) | base64enc }} ---- -apiVersion: cluster.open-cluster-management.io/v1beta1 -kind: Placement -metadata: - name: obs-thanos-pl - namespace: hub-policies - annotations: - argocd.argoproj.io/sync-wave: "9" - argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true -spec: - predicates: - - requiredClusterSelector: - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - local-cluster ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: obs-thanos-binding - namespace: hub-policies - annotations: - argocd.argoproj.io/sync-wave: "9" - argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true -placementRef: - name: obs-thanos-pl - apiGroup: cluster.open-cluster-management.io - kind: Placement -subjects: - - name: obs-thanos-secret - apiGroup: policy.open-cluster-management.io - kind: Policy # For reference this is the secret which is being generated (with # approriate values in the fields):