diff --git a/charts/gitea/templates/gitea/statefulset.yaml b/charts/gitea/templates/gitea/statefulset.yaml index 9bbcb2affb..bff2163eb8 100644 --- a/charts/gitea/templates/gitea/statefulset.yaml +++ b/charts/gitea/templates/gitea/statefulset.yaml @@ -319,7 +319,9 @@ spec: emptyDir: {} {{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} volumeClaimTemplates: - - metadata: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: name: data {{- with .Values.persistence.annotations }} annotations: diff --git a/charts/harbor/templates/redis/statefulset.yaml b/charts/harbor/templates/redis/statefulset.yaml index 74b7581fd8..b38d9d3b18 100644 --- a/charts/harbor/templates/redis/statefulset.yaml +++ b/charts/harbor/templates/redis/statefulset.yaml @@ -85,7 +85,9 @@ spec: {{- end }} {{- if and .Values.persistence.enabled (not $redis.existingClaim) }} volumeClaimTemplates: - - metadata: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: name: data labels: {{ include "harbor.labels" . | indent 8 }} diff --git a/charts/harbor/templates/trivy/trivy-sts.yaml b/charts/harbor/templates/trivy/trivy-sts.yaml index 37b19ac2d3..83a5dc574e 100644 --- a/charts/harbor/templates/trivy/trivy-sts.yaml +++ b/charts/harbor/templates/trivy/trivy-sts.yaml @@ -182,7 +182,9 @@ spec: {{- end }} {{- if and .Values.persistence.enabled (not $trivy.existingClaim) }} volumeClaimTemplates: - - metadata: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: name: data labels: {{ include "harbor.labels" . | indent 8 }} diff --git a/charts/oauth2-proxy/charts/redis/templates/master/application.yaml b/charts/oauth2-proxy/charts/redis/templates/master/application.yaml index d79ee63b0c..05336c4e43 100644 --- a/charts/oauth2-proxy/charts/redis/templates/master/application.yaml +++ b/charts/oauth2-proxy/charts/redis/templates/master/application.yaml @@ -496,7 +496,9 @@ spec: claimName: {{ printf "redis-data-%s-master" (include "common.names.fullname" .) }} {{- else }} volumeClaimTemplates: - - metadata: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: name: redis-data labels: {{- include "common.labels.matchLabels" . | nindent 10 }} app.kubernetes.io/component: master diff --git a/charts/oauth2-proxy/charts/redis/templates/replicas/statefulset.yaml b/charts/oauth2-proxy/charts/redis/templates/replicas/statefulset.yaml index 20034829cc..2d6a2c310a 100644 --- a/charts/oauth2-proxy/charts/redis/templates/replicas/statefulset.yaml +++ b/charts/oauth2-proxy/charts/redis/templates/replicas/statefulset.yaml @@ -493,7 +493,9 @@ spec: claimName: {{ printf "%s" (tpl .Values.replica.persistence.existingClaim .) }} {{- else }} volumeClaimTemplates: - - metadata: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: name: redis-data labels: {{- include "common.labels.matchLabels" . | nindent 10 }} app.kubernetes.io/component: replica diff --git a/charts/oauth2-proxy/charts/redis/templates/sentinel/statefulset.yaml b/charts/oauth2-proxy/charts/redis/templates/sentinel/statefulset.yaml index 6976d05d04..c7f19cd1ca 100644 --- a/charts/oauth2-proxy/charts/redis/templates/sentinel/statefulset.yaml +++ b/charts/oauth2-proxy/charts/redis/templates/sentinel/statefulset.yaml @@ -736,7 +736,9 @@ spec: claimName: {{ printf "%s" (tpl .Values.replica.persistence.existingClaim .) }} {{- else }} volumeClaimTemplates: - - metadata: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: name: redis-data labels: {{- include "common.labels.matchLabels" . | nindent 10 }} app.kubernetes.io/component: node diff --git a/charts/otomi-pipelines/templates/eventlistener.yaml b/charts/otomi-pipelines/templates/eventlistener.yaml index f612495c1c..c532409c78 100644 --- a/charts/otomi-pipelines/templates/eventlistener.yaml +++ b/charts/otomi-pipelines/templates/eventlistener.yaml @@ -7,7 +7,8 @@ spec: triggers: - name: otomi-tekton-listener bindings: - - ref: otomi-tekton-binding + - kind: TriggerBinding + ref: otomi-tekton-binding template: ref: otomi-tekton-template resources: @@ -18,4 +19,5 @@ spec: serviceAccountName: otomi-tekton-triggers-sa containers: - resources: {{- toYaml .Values.eventListener.resources | nindent 18 }} + name: '' \ No newline at end of file diff --git a/charts/otomi-pipelines/templates/tekton-otomi-git-clone.yaml b/charts/otomi-pipelines/templates/tekton-otomi-git-clone.yaml index 02bfd9dc29..21a0983af1 100644 --- a/charts/otomi-pipelines/templates/tekton-otomi-git-clone.yaml +++ b/charts/otomi-pipelines/templates/tekton-otomi-git-clone.yaml @@ -6,17 +6,24 @@ metadata: spec: params: - name: repoUrl + type: string - name: commitMessage + type: string - name: giteaCredentialsSecretName + type: string results: - name: CI description: Determine if pipeline should run based on the commit message + type: string - name: OTOMI_VERSION description: Otomi version as in values/env/settings.yaml + type: string - name: TRIGGER_TEAMS_PIPELINE description: Determine if the otomi-task-teams is about to run + type: string - name: TRIGGER_PLATFORM_PIPELINE description: Determine if the otomi-task is about to run + type: string workspaces: - name: source mountPath: /home/app/stack/env/ @@ -28,6 +35,7 @@ spec: image: otomi/core:{{ .Values.otomiVersion }} steps: - name: git-clone + computeResources: {} script: | #!/bin/bash set -e diff --git a/charts/otomi-pipelines/templates/tekton-otomi-task-teams.yaml b/charts/otomi-pipelines/templates/tekton-otomi-task-teams.yaml index 322c22faa6..633b3f4f8d 100644 --- a/charts/otomi-pipelines/templates/tekton-otomi-task-teams.yaml +++ b/charts/otomi-pipelines/templates/tekton-otomi-task-teams.yaml @@ -8,9 +8,13 @@ metadata: spec: params: - name: OTOMI_VERSION + type: string - name: CI + type: string - name: repoUrl + type: string - name: giteaCredentialsSecretName + type: string workspaces: - name: source mountPath: /home/app/stack/env @@ -37,6 +41,7 @@ spec: value: '2' steps: - name: git-clone + computeResources: {} script: | #!/bin/bash set -e @@ -57,12 +62,14 @@ spec: git clone --depth 1 https://$GITEA_USERNAME:$GITEA_PASSWORD@$url $ENV_DIR {{- end }} - name: test + computeResources: {} command: - '/bin/bash' args: - '-c' - 'binzx/otomi validate-values' - name: apply + computeResources: {} script: | #!/bin/bash set -e diff --git a/charts/otomi-pipelines/templates/tekton-otomi-task.yaml b/charts/otomi-pipelines/templates/tekton-otomi-task.yaml index de6f179728..1f869e1e56 100644 --- a/charts/otomi-pipelines/templates/tekton-otomi-task.yaml +++ b/charts/otomi-pipelines/templates/tekton-otomi-task.yaml @@ -8,9 +8,13 @@ metadata: spec: params: - name: OTOMI_VERSION + type: string - name: CI + type: string - name: repoUrl + type: string - name: giteaCredentialsSecretName + type: string workspaces: - name: source mountPath: /home/app/stack/env @@ -37,6 +41,7 @@ spec: value: '1' steps: - name: git-clone + computeResources: {} script: | #!/bin/bash set -e @@ -57,18 +62,21 @@ spec: git clone --depth 1 https://$GITEA_USERNAME:$GITEA_PASSWORD@$url $ENV_DIR {{- end }} - name: bootstrap + computeResources: {} command: - '/bin/bash' args: - '-c' - 'binzx/otomi bootstrap' - name: test + computeResources: {} command: - '/bin/bash' args: - '-c' - 'binzx/otomi validate-values' - name: apply + computeResources: {} script: | #!/bin/bash set -e diff --git a/charts/otomi-pipelines/templates/tekton-pipeline.yaml b/charts/otomi-pipelines/templates/tekton-pipeline.yaml index 870e6d7359..e2dc43e5cb 100644 --- a/charts/otomi-pipelines/templates/tekton-pipeline.yaml +++ b/charts/otomi-pipelines/templates/tekton-pipeline.yaml @@ -9,8 +9,11 @@ spec: - name: gitea-credentials params: - name: repoUrl + type: string - name: commitMessage + type: string - name: giteaCredentialsSecretName + type: string tasks: - name: otomi-git-clone params: @@ -21,6 +24,7 @@ spec: - name: giteaCredentialsSecretName value: $(params.giteaCredentialsSecretName) taskRef: + kind: Task name: otomi-git-clone workspaces: - name: source @@ -38,6 +42,7 @@ spec: - name: giteaCredentialsSecretName value: $(params.giteaCredentialsSecretName) taskRef: + kind: Task name: otomi-task workspaces: - name: source @@ -64,6 +69,7 @@ spec: - name: giteaCredentialsSecretName value: $(params.giteaCredentialsSecretName) taskRef: + kind: Task name: otomi-task-teams workspaces: - name: source diff --git a/charts/tempo/templates/lib/service-monitor.tpl b/charts/tempo/templates/lib/service-monitor.tpl index c7cb25dc6a..267a9d22ab 100644 --- a/charts/tempo/templates/lib/service-monitor.tpl +++ b/charts/tempo/templates/lib/service-monitor.tpl @@ -47,7 +47,8 @@ spec: scrapeTimeout: {{ . }} {{- end }} relabelings: - - sourceLabels: [job] + - action: replace + sourceLabels: [job] replacement: "{{ $.ctx.Release.Namespace }}/{{ $.component }}" targetLabel: job {{- if kindIs "string" .clusterLabel }} diff --git a/src/cmd/apply-as-apps.ts b/src/cmd/apply-as-apps.ts index 2a3c2bb00b..e83d58acc5 100644 --- a/src/cmd/apply-as-apps.ts +++ b/src/cmd/apply-as-apps.ts @@ -29,7 +29,7 @@ const setup = (): void => { mkdirSync(valuesDir, { recursive: true }) } -interface HelmRelese { +interface HelmRelease { name: string namespace: string enabled: boolean @@ -38,11 +38,11 @@ interface HelmRelese { chart: string version: string } -const getAppName = (release: HelmRelese): string => { +const getAppName = (release: HelmRelease): string => { return `${release.namespace}-${release.name}` } -const getArgocdAppManifest = (release: HelmRelese, values: Record, otomiVersion) => { +const getArgocdAppManifest = (release: HelmRelease, values: Record, otomiVersion) => { return { apiVersion: 'argoproj.io/v1alpha1', kind: 'Application', @@ -80,17 +80,17 @@ const getArgocdAppManifest = (release: HelmRelese, values: Record, } } -const removeApplication = async (release: HelmRelese): Promise => { +const removeApplication = async (release: HelmRelease): Promise => { const name = getAppName(release) if (!(await isResourcePresent('application', name, 'argocd'))) return - // TODO: do we always want to remove finalisers? + // TODO: do we always want to remove finalizers? await $`kubectl -n argocd patch application ${name} -p '{"metadata": {"finalizers": null}}' --type merge` const resDelete = await $`kubectl -n argocd delete application ${name}` d.info(resDelete.stdout.toString()) } -const writeApplicationManifest = async (release: HelmRelese, otomiVersion: string): Promise => { +const writeApplicationManifest = async (release: HelmRelease, otomiVersion: string): Promise => { const appName = `${release.namespace}-${release.name}` // d.info(`Generating Argocd Application at ${appName}`) const applicationPath = `${appsDir}/${appName}.yaml` @@ -125,9 +125,9 @@ export const applyAsApps = async (argv: HelmArguments): Promise => { }) const errors: Array = [] // Generate JSON object with all helmfile releases defined in helmfile.d - const releses: [] = JSON.parse(res.stdout.toString()) + const releases: [] = JSON.parse(res.stdout.toString()) await Promise.allSettled( - releses.map(async (release: HelmRelese) => { + releases.map(async (release: HelmRelease) => { try { if (release.installed) await writeApplicationManifest(release, otomiVersion) else { @@ -147,10 +147,10 @@ export const applyAsApps = async (argv: HelmArguments): Promise => { d.error(e) errors.push(e) } - if (errors.length === 0) d.info(`All applications has been deployed succesfully`) + if (errors.length === 0) d.info(`All applications has been deployed successfully`) else { errors.map((e) => d.error(e)) - d.error(`Not all applications has been deployed succesfully`) + d.error(`Not all applications has been deployed successfully`) } } diff --git a/src/cmd/apply.ts b/src/cmd/apply.ts index 9c7e65c405..f1900906f1 100644 --- a/src/cmd/apply.ts +++ b/src/cmd/apply.ts @@ -87,27 +87,25 @@ const applyAll = async () => { // When Otomi is installed for the very first time and ArgoCD is not yet there. // The 'tag!=teams' does not include team-ns-admin release name. labelOpts = ['tag!=teams'] + await hf( + { + labelOpts, + logLevel: logLevelString(), + args: hfArgs, + }, + { streams: { stdout: d.stream.log, stderr: d.stream.error } }, + ) } else { // When Otomi is already installed and Tekton pipeline performs GitOps. // We ensure that helmfile does not deploy any team related Helm release. - labelOpts = ['pipeline!=otomi-task-teams'] // We still need to deploy all teams because some settings depend on platform apps. // Note that team-ns-admin contains ingress for platform apps. const params = cloneDeep(argv) - params.label = ['pipeline=otomi-task-teams'] + //TODO here happens the real installation of the apps await applyAsApps(params) } - await hf( - { - labelOpts, - logLevel: logLevelString(), - args: hfArgs, - }, - { streams: { stdout: d.stream.log, stderr: d.stream.error } }, - ) - await upgrade({ when: 'post' }) if (!(env.isDev && env.DISABLE_SYNC)) { await commit() diff --git a/values/argocd/argocd.gotmpl b/values/argocd/argocd.gotmpl index f529a28a7a..3b73b72adb 100644 --- a/values/argocd/argocd.gotmpl +++ b/values/argocd/argocd.gotmpl @@ -111,6 +111,20 @@ configs: users.anonymous.enabled: "false" # Note that the clientSecret is not actually used # as for now oauth2-proxy handles the login + resource.compareoptions: | + # disables status field diffing in specified resource types + ignoreAggregatedRoles: true + resource.exclusions: | + - apiGroups: + - "*" + kinds: + - "PipelineRun" + - "TaskRun" + clusters: + - "*" + resource.customizations.knownTypeFields.cert-manager.io_Certificate: | + - field: spec.duration + type: meta/v1/Duration oidc.config: | name: Otomi issuer: {{ $v._derived.oidcBaseUrl }} diff --git a/values/jaeger-operator/jaeger-operator.gotmpl b/values/jaeger-operator/jaeger-operator.gotmpl index 00e2a7e893..a8f0b433e8 100644 --- a/values/jaeger-operator/jaeger-operator.gotmpl +++ b/values/jaeger-operator/jaeger-operator.gotmpl @@ -59,7 +59,7 @@ jaeger: securityContext: runAsNonRoot: true runAsUser: 1000 - strategy: allInOne + strategy: allinone rbac: clusterRole: true