From 44728b595a9d9e2b9c04a93e49b2e247d0c45836 Mon Sep 17 00:00:00 2001 From: Romain Arnaud Date: Tue, 11 Feb 2025 07:51:17 -0500 Subject: [PATCH] feat: deploy dh and gitops in their own namespaces There's no good reason for the 2 services to share the same namespace. This change helps with segregation of services. This in turn helps with development, as it guarantee that there is no unknown link between the 2 services and one can reset a service by deleting the namespace and redeploying the cluster. With this change, the `rhtap` namespace becomes a location for integration secrets. rh-pre-commit.version: 2.3.2 rh-pre-commit.check-secrets: ENABLED --- .../rhtap-app-namespaces/hooks/post-deploy.sh | 10 +++--- .../rhtap-app-namespaces/templates/NOTES.txt | 5 +++ .../templates/namespaces.yaml | 4 +-- .../charts/rhtap-app-namespaces/values.yaml | 6 ++-- .../templates/app-config-content.yaml | 35 +++++++++--------- .../charts/rhtap-dh/templates/extra-env.yaml | 19 +++++----- .../rhtap-dh/templates/plugins-content.yaml | 15 ++++---- .../charts/rhtap-dh/templates/tests/test.yaml | 4 ++- installer/charts/rhtap-dh/values.yaml | 2 ++ .../templates/job-post-deploy.yaml | 4 +-- installer/charts/rhtap-gitops/values.yaml | 5 +-- .../rhtap-openshift/templates/NOTES.txt | 2 +- installer/charts/values.yaml.tpl | 36 +++++++++++++------ installer/config.yaml | 10 +++--- integration-tests/scripts/install.sh | 4 +-- pkg/integrations/acs.go | 9 ++--- pkg/integrations/artifactory.go | 9 ++--- pkg/integrations/bitbucket.go | 9 ++--- pkg/integrations/github.go | 9 ++--- pkg/integrations/gitlab.go | 9 ++--- pkg/integrations/jenkins.go | 9 ++--- pkg/integrations/nexus.go | 9 ++--- pkg/integrations/quay.go | 9 ++--- pkg/integrations/trustification.go | 9 ++--- 24 files changed, 111 insertions(+), 131 deletions(-) diff --git a/installer/charts/rhtap-app-namespaces/hooks/post-deploy.sh b/installer/charts/rhtap-app-namespaces/hooks/post-deploy.sh index 804f0173..66d15ee1 100755 --- a/installer/charts/rhtap-app-namespaces/hooks/post-deploy.sh +++ b/installer/charts/rhtap-app-namespaces/hooks/post-deploy.sh @@ -21,6 +21,8 @@ patch_serviceaccount() { local NAMESPACE="$1" local SA="$2" + echo -n "- Patching ServiceAccount '$SA' in '$NAMESPACE': " + # Wait until the ServiceAccount is available and get the definition until "$KUBECTL" get serviceaccounts --namespace "$NAMESPACE" "$SA" >/dev/null 2>&1; do echo -n "_" @@ -44,14 +46,12 @@ patch_serviceaccount() { fi done - if [ -e "$SA_DEFINITION_UPDATED" ]; then - echo -n "- Patching ServiceAccount '$SA' in '$NAMESPACE': " - "$KUBECTL" apply -f "$SA_DEFINITION_UPDATED" - fi + echo "OK" + "$KUBECTL" apply -f "$SA_DEFINITION_UPDATED" } app_namespaces() { - NAMESPACE="$INSTALLER__DEVELOPERHUB__NAMESPACE" + NAMESPACE="$INSTALLER__QUAY__SECRET__NAMESPACE" for env in "development" "prod" "stage"; do for SA in "default" "pipeline"; do diff --git a/installer/charts/rhtap-app-namespaces/templates/NOTES.txt b/installer/charts/rhtap-app-namespaces/templates/NOTES.txt index e69de29b..4605fde6 100644 --- a/installer/charts/rhtap-app-namespaces/templates/NOTES.txt +++ b/installer/charts/rhtap-app-namespaces/templates/NOTES.txt @@ -0,0 +1,5 @@ +{{- $namespace := .Release.Namespace -}} +OpenShift Projects: +{{- range tuple "development" "prod" "stage" }} + - "{{ $namespace }}-app-{{ . }}" +{{- end }} diff --git a/installer/charts/rhtap-app-namespaces/templates/namespaces.yaml b/installer/charts/rhtap-app-namespaces/templates/namespaces.yaml index 2bc5bdb3..e9533297 100644 --- a/installer/charts/rhtap-app-namespaces/templates/namespaces.yaml +++ b/installer/charts/rhtap-app-namespaces/templates/namespaces.yaml @@ -1,11 +1,11 @@ {{ $namespace := .Release.Namespace }} -{{ $argoCD := .Values.argoCD }} +{{ $argoCD := .Values.appNamespaces.argoCD.name }} {{- range tuple "development" "prod" "stage" }} --- apiVersion: v1 kind: Namespace metadata: labels: - argocd.argoproj.io/managed-by: {{ $argoCD.name }} + argocd.argoproj.io/managed-by: {{ $argoCD }} name: {{ $namespace }}-app-{{ . }} {{- end }} \ No newline at end of file diff --git a/installer/charts/rhtap-app-namespaces/values.yaml b/installer/charts/rhtap-app-namespaces/values.yaml index 19c443cd..d4eb1f6d 100644 --- a/installer/charts/rhtap-app-namespaces/values.yaml +++ b/installer/charts/rhtap-app-namespaces/values.yaml @@ -1,4 +1,4 @@ --- -argoCD: - # ArgoCD instance name controlling the namespace - name: __OVERWRITE_ME__ \ No newline at end of file +appNamespaces: + argoCD: + name: __OVERWRITE_ME__ \ No newline at end of file diff --git a/installer/charts/rhtap-dh/templates/app-config-content.yaml b/installer/charts/rhtap-dh/templates/app-config-content.yaml index f159717f..c4c10f53 100644 --- a/installer/charts/rhtap-dh/templates/app-config-content.yaml +++ b/installer/charts/rhtap-dh/templates/app-config-content.yaml @@ -1,18 +1,19 @@ {{- define "rhtap-dh.app-conf" }} +{{- $integrationNamespace := .Values.developerHub.integrationSecrets.namespace }} app: title: Red Hat Developer Hub baseUrl: ${BACKEND_URL} # Lookup for all the required secrets -{{- $argocdSecretObj := (lookup "v1" "Secret" .Release.Namespace "rhtap-argocd-integration") }} +{{- $argocdSecretObj := (lookup "v1" "Secret" $integrationNamespace "rhtap-argocd-integration") }} {{- $argocdSecretData := ($argocdSecretObj.data | default dict) }} -{{- $bbSecretObj := (lookup "v1" "Secret" .Release.Namespace "rhtap-bitbucket-integration") }} -{{- $ghSecretObj := (lookup "v1" "Secret" .Release.Namespace "rhtap-github-integration") }} -{{- $gitlabSecretObj := (lookup "v1" "Secret" .Release.Namespace "rhtap-gitlab-integration") }} -{{- $jenkinsSecretObj := (lookup "v1" "Secret" .Release.Namespace "rhtap-jenkins-integration") }} -{{- $quaySecretObj := (lookup "v1" "Secret" .Release.Namespace "rhtap-quay-integration") }} +{{- $bbSecretObj := (lookup "v1" "Secret" $integrationNamespace "rhtap-bitbucket-integration") }} +{{- $githubSecretObj := (lookup "v1" "Secret" $integrationNamespace "rhtap-github-integration") }} +{{- $gitlabSecretObj := (lookup "v1" "Secret" $integrationNamespace "rhtap-gitlab-integration") }} +{{- $jenkinsSecretObj := (lookup "v1" "Secret" $integrationNamespace "rhtap-jenkins-integration") }} +{{- $quaySecretObj := (lookup "v1" "Secret" $integrationNamespace "rhtap-quay-integration") }} {{- $quaySecretData := ($quaySecretObj.data | default dict) }} -{{- $nexusSecretObj := (lookup "v1" "Secret" .Release.Namespace "rhtap-nexus-integration") }} -{{- $artifactorySecretObj := (lookup "v1" "Secret" .Release.Namespace "rhtap-artifactory-integration") }} +{{- $nexusSecretObj := (lookup "v1" "Secret" $integrationNamespace "rhtap-nexus-integration") }} +{{- $artifactorySecretObj := (lookup "v1" "Secret" $integrationNamespace "rhtap-artifactory-integration") }} {{- $artifactorySecretData := ($artifactorySecretObj.data | default dict) }} {{- if $argocdSecretData }} @@ -35,25 +36,23 @@ auth: environment: production providers: {{- $signInPage := "" }} - {{- $ghSecretObj := (lookup "v1" "Secret" .Release.Namespace "rhtap-github-integration") }} - {{- if $ghSecretObj }} + {{- if $githubSecretObj }} {{- $signInPage = "github" }} github: production: clientId: ${GITHUB__APP__CLIENT__ID} clientSecret: ${GITHUB__APP__CLIENT__SECRET} - {{- if ne ($ghSecretObj.data.host | b64dec) "github.com" }} + {{- if ne ($githubSecretObj.data.host | b64dec) "github.com" }} enterpriseInstanceUrl: ${GITHUB__URL} {{- end }} {{- end }} - {{- $glSecretObj := (lookup "v1" "Secret" .Release.Namespace "rhtap-gitlab-integration") }} - {{- $glSecretData := ($glSecretObj.data | default dict) }} - {{- if $glSecretData }} - {{- if and $glSecretData.clientId $glSecretData.clientSecret }} + {{- $gitlabSecretData := ($gitlabSecretObj.data | default dict) }} + {{- if $gitlabSecretData }} + {{- if and $gitlabSecretData.clientId $gitlabSecretData.clientSecret }} {{- $signInPage = "gitlab" }} gitlab: production: - {{- if ne ($glSecretData.host | b64dec) "gitlab.com" }} + {{- if ne ($gitlabSecretData.host | b64dec) "gitlab.com" }} audience: ${GITLAB__URL} {{- end }} clientId: ${GITLAB__APP__CLIENT__ID} @@ -90,7 +89,7 @@ integrations: - appPassword: ${BITBUCKET__APP_PASSWORD} username: ${BITBUCKET__USERNAME} {{- end }} -{{- if $ghSecretObj }} +{{- if $githubSecretObj }} github: - host: ${GITHUB__HOST} token: ${GITHUB__TOKEN} @@ -108,7 +107,7 @@ integrations: apiBaseUrl: https://${GITLAB__HOST}/api/v4 token: ${GITLAB__TOKEN} {{- end }} -{{- if (lookup "v1" "Secret" .Release.Namespace "rhtap-jenkins-integration") }} +{{- if $jenkinsSecretObj }} jenkins: instances: - name: default diff --git a/installer/charts/rhtap-dh/templates/extra-env.yaml b/installer/charts/rhtap-dh/templates/extra-env.yaml index f5ba644d..296a0e3e 100644 --- a/installer/charts/rhtap-dh/templates/extra-env.yaml +++ b/installer/charts/rhtap-dh/templates/extra-env.yaml @@ -1,3 +1,4 @@ +{{- $integrationNamespace := .Values.developerHub.integrationSecrets.namespace -}} --- apiVersion: v1 kind: Secret @@ -13,7 +14,7 @@ data: BACKEND_SECRET: {{ randAlphaNum 16 | b64enc }} BACKEND_URL: {{ printf "https://backstage-developer-hub-%s.%s" .Release.Namespace .Values.developerHub.ingressDomain | b64enc }} NODE_TLS_REJECT_UNAUTHORIZED: {{ "0" | b64enc }} -{{- $argocdSecretObj := (lookup "v1" "Secret" .Release.Namespace "rhtap-argocd-integration") }} +{{- $argocdSecretObj := (lookup "v1" "Secret" $integrationNamespace "rhtap-argocd-integration") }} {{- $argocdSecretData := ($argocdSecretObj.data | default dict) }} {{- if $argocdSecretData }} ARGOCD__API_TOKEN: {{ $argocdSecretData.ARGOCD_API_TOKEN }} @@ -21,13 +22,13 @@ data: ARGOCD__URL: {{ print "https://" ($argocdSecretData.ARGOCD_HOSTNAME | b64dec) | b64enc }} ARGOCD__USER: {{ $argocdSecretData.ARGOCD_USER }} {{- end }} -{{- $artifactorySecretObj := (lookup "v1" "Secret" .Release.Namespace "rhtap-artifactory-integration") }} +{{- $artifactorySecretObj := (lookup "v1" "Secret" $integrationNamespace "rhtap-artifactory-integration") }} {{- $artifactorySecretData := ($artifactorySecretObj.data | default dict) }} {{- if $artifactorySecretData }} ARTIFACTORY__API_TOKEN: {{ $artifactorySecretData.token }} ARTIFACTORY__URL: {{ $artifactorySecretData.url }} {{- end }} -{{- $bbSecretObj := (lookup "v1" "Secret" .Release.Namespace "rhtap-bitbucket-integration") }} +{{- $bbSecretObj := (lookup "v1" "Secret" $integrationNamespace "rhtap-bitbucket-integration") }} {{- $bbSecretData := ($bbSecretObj.data | default dict) }} {{- if $bbSecretData }} BITBUCKET__APP_PASSWORD: {{ $bbSecretData.appPassword }} @@ -36,7 +37,7 @@ data: DEVELOPER_HUB__CATALOG__URL: {{ required ".developerHub.catalogURL is required" .Values.developerHub.catalogURL | b64enc }} -{{- $ghSecretObj := (lookup "v1" "Secret" .Release.Namespace "rhtap-github-integration") }} +{{- $ghSecretObj := (lookup "v1" "Secret" $integrationNamespace "rhtap-github-integration") }} {{- $ghSecretData := ($ghSecretObj.data | default dict) }} {{- if $ghSecretData }} GITHUB__APP__ID: {{ $ghSecretData.id }} @@ -53,7 +54,7 @@ data: GITHUB__URL: {{ print "https://" ($ghSecretData.host | b64dec) | b64enc }} {{- end }} {{- end }} -{{- $glSecretObj := (lookup "v1" "Secret" .Release.Namespace "rhtap-gitlab-integration") -}} +{{- $glSecretObj := (lookup "v1" "Secret" $integrationNamespace "rhtap-gitlab-integration") -}} {{- $glSecretData := ($glSecretObj.data | default dict) -}} {{- if $glSecretData }} GITLAB__HOST: {{ $glSecretData.host }} @@ -64,24 +65,24 @@ data: GITLAB__APP__CLIENT__SECRET: {{ $glSecretData.clientSecret }} {{- end }} {{- end }} -{{- $jenkinsSecretObj := (lookup "v1" "Secret" .Release.Namespace "rhtap-jenkins-integration") }} +{{- $jenkinsSecretObj := (lookup "v1" "Secret" $integrationNamespace "rhtap-jenkins-integration") }} {{- $jenkinsSecretData := ($jenkinsSecretObj.data | default dict) }} {{- if $jenkinsSecretData }} JENKINS__BASEURL: {{ $jenkinsSecretData.baseUrl }} JENKINS__USERNAME: {{ $jenkinsSecretData.username }} JENKINS__TOKEN: {{ $jenkinsSecretData.token }} {{- end }} -{{- $k8sSecretObj := (lookup "v1" "Secret" .Release.Namespace "rhtap-k8s-integration") }} +{{- $k8sSecretObj := (lookup "v1" "Secret" $integrationNamespace "rhtap-k8s-integration") }} {{- $k8sSecretData := ($k8sSecretObj.data | default dict) }} {{- if $k8sSecretData }} K8S_SERVICEACCOUNT_TOKEN: {{ $k8sSecretData.token }} {{- end }} -{{- $nexusSecretObj := (lookup "v1" "Secret" .Release.Namespace "rhtap-nexus-integration") }} +{{- $nexusSecretObj := (lookup "v1" "Secret" $integrationNamespace "rhtap-nexus-integration") }} {{- $nexusSecretData := ($nexusSecretObj.data | default dict) }} {{- if $nexusSecretData }} NEXUS__URL: {{ $nexusSecretData.url }} {{- end }} -{{- $quaySecretObj := (lookup "v1" "Secret" .Release.Namespace "rhtap-quay-integration") }} +{{- $quaySecretObj := (lookup "v1" "Secret" $integrationNamespace "rhtap-quay-integration") }} {{- $quaySecretData := ($quaySecretObj.data | default dict) }} {{- if $quaySecretData }} {{- if $quaySecretData.token }} diff --git a/installer/charts/rhtap-dh/templates/plugins-content.yaml b/installer/charts/rhtap-dh/templates/plugins-content.yaml index 2eba7bfa..94e291b5 100644 --- a/installer/charts/rhtap-dh/templates/plugins-content.yaml +++ b/installer/charts/rhtap-dh/templates/plugins-content.yaml @@ -1,10 +1,11 @@ {{- define "rhtap-dh.plugins-conf" }} +{{- $integrationNamespace := .Values.developerHub.integrationSecrets.namespace }} includes: - dynamic-plugins.default.yaml plugins: # Installed plugins can be listed at: # https://DH_HOSTNAME/api/dynamic-plugins-info/loaded-plugins -{{- if (lookup "v1" "Secret" .Release.Namespace "rhtap-argocd-integration") }} +{{- if (lookup "v1" "Secret" $integrationNamespace "rhtap-argocd-integration") }} # # ArgoCD # @@ -44,17 +45,17 @@ plugins: gridRowStart: 1 importName: TektonCI mountPoint: entity.page.ci/cards -{{- if (lookup "v1" "Secret" .Release.Namespace "rhtap-github-integration") }} +{{- if (lookup "v1" "Secret" $integrationNamespace "rhtap-github-integration") }} - disabled: false package: ./dynamic-plugins/dist/backstage-community-plugin-github-actions {{- end }} -{{- if (lookup "v1" "Secret" .Release.Namespace "rhtap-gitlab-integration") }} +{{- if (lookup "v1" "Secret" $integrationNamespace "rhtap-gitlab-integration") }} - disabled: false package: ./dynamic-plugins/dist/immobiliarelabs-backstage-plugin-gitlab - disabled: false package: ./dynamic-plugins/dist/immobiliarelabs-backstage-plugin-gitlab-backend-dynamic {{- end }} -{{- if (lookup "v1" "Secret" .Release.Namespace "rhtap-jenkins-integration") }} +{{- if (lookup "v1" "Secret" $integrationNamespace "rhtap-jenkins-integration") }} - disabled: false package: ./dynamic-plugins/dist/backstage-community-plugin-jenkins pluginConfig: @@ -86,15 +87,15 @@ plugins: # # Image Registry # -{{- if (lookup "v1" "Secret" .Release.Namespace "rhtap-artifactory-integration") }} +{{- if (lookup "v1" "Secret" $integrationNamespace "rhtap-artifactory-integration") }} - disabled: false package: ./dynamic-plugins/dist/backstage-community-plugin-jfrog-artifactory {{- end }} -{{- if (lookup "v1" "Secret" .Release.Namespace "rhtap-nexus-integration") }} +{{- if (lookup "v1" "Secret" $integrationNamespace "rhtap-nexus-integration") }} - disabled: false package: ./dynamic-plugins/dist/backstage-community-plugin-nexus-repository-manager {{- end }} -{{- if (lookup "v1" "Secret" .Release.Namespace "rhtap-quay-integration") }} +{{- if (lookup "v1" "Secret" $integrationNamespace "rhtap-quay-integration") }} - disabled: false package: ./dynamic-plugins/dist/backstage-community-plugin-quay {{- end }} diff --git a/installer/charts/rhtap-dh/templates/tests/test.yaml b/installer/charts/rhtap-dh/templates/tests/test.yaml index 187b0b33..007947a9 100644 --- a/installer/charts/rhtap-dh/templates/tests/test.yaml +++ b/installer/charts/rhtap-dh/templates/tests/test.yaml @@ -1,4 +1,5 @@ {{- $name := printf "%s-test-%d" .Chart.Name .Release.Revision -}} +{{- $integrationNamespace := .Values.developerHub.integrationSecrets.namespace -}} --- apiVersion: v1 kind: Pod @@ -8,7 +9,8 @@ metadata: helm.sh/hook-delete-policy: hook-succeeded labels: {{- include "rhtap-dh.labels" . | nindent 4 }} - name: {{ $name }} + name: {{ $name }} + namespace: {{ $integrationNamespace }} spec: restartPolicy: Never serviceAccountName: rhdh-kubernetes-plugin diff --git a/installer/charts/rhtap-dh/values.yaml b/installer/charts/rhtap-dh/values.yaml index 59897042..f89f9870 100644 --- a/installer/charts/rhtap-dh/values.yaml +++ b/installer/charts/rhtap-dh/values.yaml @@ -6,3 +6,5 @@ developerHub: instanceName: developer-hub catalogURL: __OVERWRITE_ME__ ingressDomain: __OVERWRITE_ME__ + integrationSecrets: + namespace: __OVERWRITE_ME__ diff --git a/installer/charts/rhtap-gitops/templates/job-post-deploy.yaml b/installer/charts/rhtap-gitops/templates/job-post-deploy.yaml index 0d4d2c71..2d2857cf 100644 --- a/installer/charts/rhtap-gitops/templates/job-post-deploy.yaml +++ b/installer/charts/rhtap-gitops/templates/job-post-deploy.yaml @@ -71,9 +71,9 @@ spec: image: quay.io/codeready-toolchain/oc-client-base:latest env: - name: SECRET_NAME - value: {{ $argoCD.secretName }} + value: {{ $argoCD.integrationSecret.name }} - name: NAMESPACE - value: {{ $argoCD.namespace }} + value: {{ $argoCD.integrationSecret.namespace }} - name: ARGOCD_ENV_FILE value: {{ $argoCDEnvFile }} command: diff --git a/installer/charts/rhtap-gitops/values.yaml b/installer/charts/rhtap-gitops/values.yaml index 0569a470..45c29cc8 100644 --- a/installer/charts/rhtap-gitops/values.yaml +++ b/installer/charts/rhtap-gitops/values.yaml @@ -9,9 +9,10 @@ argoCD: namespace: __OVERWRITE_ME__ # The domain for the ArgoCD instance, used to define the final route. ingressDomain: __OVERWRITE_ME__ - # The secret name to store the ArgoCD API credentials, this secret is later on + # The secret namespace to store the ArgoCD API credentials, this secret is later on # used for integration with other services. - secretName: __OVERWRITE_ME__ + integrationSecret: + namespace: __OVERWRITE_ME__ # Route configuration for all ArgoCD components. route: # Toggles the route for the ArgoCD components. diff --git a/installer/charts/rhtap-openshift/templates/NOTES.txt b/installer/charts/rhtap-openshift/templates/NOTES.txt index ab518721..e13ce3dd 100644 --- a/installer/charts/rhtap-openshift/templates/NOTES.txt +++ b/installer/charts/rhtap-openshift/templates/NOTES.txt @@ -1,4 +1,4 @@ OpenShift Projects: -{{- range $p := .Values.openshift.projects }} +{{- range $p := .Values.openshift.projects | sortAlpha }} - {{ $p | quote }} {{- end }} diff --git a/installer/charts/values.yaml.tpl b/installer/charts/values.yaml.tpl index 66ccc8bc..09b56590 100644 --- a/installer/charts/values.yaml.tpl +++ b/installer/charts/values.yaml.tpl @@ -31,6 +31,9 @@ openshift: - rhacs-operator {{- end }} {{- end }} +{{- if $gitops.Enabled }} + - {{ $gitops.Namespace }} +{{- end }} {{- if $quay.Enabled }} - {{ $quay.Namespace }} {{- end }} @@ -49,8 +52,6 @@ openshift: # rhtap-subscriptions # -{{- $argoCDNamespace := .Installer.Namespace }} - subscriptions: amqStreams: enabled: {{ $tpa.Enabled }} @@ -62,7 +63,7 @@ subscriptions: enabled: {{ $gitops.Enabled }} managed: {{ and $gitops.Enabled $gitops.Properties.manageSubscription }} config: - argoCDClusterNamespace: {{ $argoCDNamespace }} + argoCDClusterNamespace: {{ $gitops.Namespace }} openshiftKeycloak: enabled: {{ $keycloak.Enabled }} managed: {{ and $keycloak.Enabled $keycloak.Properties.manageSubscription }} @@ -103,6 +104,8 @@ minIOOperator: {{- $quayMinIOSecretName := "quay-minio-root-user" }} infrastructure: + developerHub: + namespace: {{ $rhdh.Namespace }} kafkas: tpa: enabled: {{ $tpa.Enabled }} @@ -142,7 +145,7 @@ infrastructure: patchClusterTektonConfig: annotations: meta.helm.sh/release-name: rhtap-backing-services - meta.helm.sh/release-namespace: {{ $argoCDNamespace }} + meta.helm.sh/release-namespace: {{ .Installer.Namespace }} labels: app.kubernetes.io/managed-by: Helm @@ -152,7 +155,7 @@ infrastructure: {{- $keycloakRouteTLSSecretName := "keycloak-tls" }} {{- $keycloakRouteHost := printf "sso.%s" $ingressDomain }} -{{- $argoCDName := "argocd" }} +{{- $argoCDName := printf "%s-gitops" .Installer.Namespace }} {{- $quayMinIOHost := printf "minio-%s.%s" $quay.Namespace $ingressDomain }} backingServices: @@ -178,11 +181,11 @@ backingServices: annotations: service.beta.openshift.io/serving-cert-secret-name: {{ $keycloakRouteTLSSecretName }} argoCD: - enabled: {{ $rhdh.Enabled }} + enabled: {{ $gitops.Enabled }} name: {{ $argoCDName }} - namespace: {{ $argoCDNamespace }} - # TODO: link this secret name with RHDH configuration. - secretName: rhtap-argocd-integration + namespace: {{ $gitops.Namespace }} + integrationSecret: + namespace: {{ .Installer.Namespace }} ingressDomain: {{ $ingressDomain }} # @@ -200,6 +203,13 @@ acs: &acs image: registry.access.redhat.com/ubi9:latest acsTest: *acs +# +# rhtap-app-namespaces +# +appNamespaces: + argoCD: + name: {{ $argoCDName }} + # # rhtap-gitops # @@ -207,8 +217,10 @@ acsTest: *acs argoCD: enabled: {{ $rhdh.Enabled }} name: {{ $argoCDName }} - namespace: {{ $argoCDNamespace }} - secretName: rhtap-argocd-integration + namespace: {{ $gitops.Namespace }} + integrationSecret: + name: rhtap-argocd-integration + namespace: {{ .Installer.Namespace }} ingressDomain: {{ $ingressDomain }} # @@ -277,6 +289,8 @@ developerHub: namespace: {{ $rhdh.Namespace }} ingressDomain: {{ $ingressDomain }} catalogURL: {{ $catalogURL }} + integrationSecrets: + namespace: {{ .Installer.Namespace }} # # rhtap-tpa diff --git a/installer/config.yaml b/installer/config.yaml index de16a8ae..853edbfa 100644 --- a/installer/config.yaml +++ b/installer/config.yaml @@ -21,9 +21,9 @@ rhtapCLI: manageSubscription: true redHatDeveloperHub: enabled: &rhdhEnabled true - namespace: *installerNamespace + namespace: &rhdhNamespace rhtap-dh properties: - catalogURL: https://github.com/redhat-appstudio/tssc-sample-templates/blob/v1.4.0/all.yaml + catalogURL: https://github.com/redhat-appstudio/tssc-sample-templates/blob/main/all.yaml manageSubscription: true redHatAdvancedClusterSecurity: enabled: &rhacsEnabled true @@ -37,7 +37,7 @@ rhtapCLI: manageSubscription: true openShiftGitOps: enabled: &gitopsEnabled true - namespace: *installerNamespace + namespace: &gitopsNamespace rhtap-gitops properties: manageSubscription: true openShiftPipelines: @@ -66,7 +66,7 @@ rhtapCLI: namespace: *rhacsNamespace enabled: *rhacsEnabled - chart: charts/rhtap-gitops - namespace: *installerNamespace + namespace: *gitopsNamespace enabled: *gitopsEnabled - chart: charts/rhtap-pipelines namespace: *installerNamespace @@ -84,7 +84,7 @@ rhtapCLI: namespace: *installerNamespace enabled: *pipelinesEnabled - chart: charts/rhtap-dh - namespace: *installerNamespace + namespace: *rhdhNamespace enabled: *rhdhEnabled - chart: charts/rhtap-acs-test namespace: *rhacsNamespace diff --git a/integration-tests/scripts/install.sh b/integration-tests/scripts/install.sh index bca0585f..3f32b44e 100755 --- a/integration-tests/scripts/install.sh +++ b/integration-tests/scripts/install.sh @@ -257,8 +257,8 @@ install_rhtap() { cat "$tpl_file" ./bin/rhtap-cli deploy --timeout 35m --config "$config_file" --values-template "$tpl_file" --kube-config "$KUBECONFIG" --debug --log-level=debug - homepage_url=https://$(kubectl -n rhtap get route backstage-developer-hub -o 'jsonpath={.spec.host}') - callback_url=https://$(kubectl -n rhtap get route backstage-developer-hub -o 'jsonpath={.spec.host}')/api/auth/${auth_config}/handler/frame + homepage_url=https://$(kubectl -n rhtap-dh get route backstage-developer-hub -o 'jsonpath={.spec.host}') + callback_url=https://$(kubectl -n rhtap-dh get route backstage-developer-hub -o 'jsonpath={.spec.host}')/api/auth/${auth_config}/handler/frame webhook_url=https://$(kubectl -n openshift-pipelines get route pipelines-as-code-controller -o 'jsonpath={.spec.host}') echo "[INFO]homepage_url=$homepage_url" diff --git a/pkg/integrations/acs.go b/pkg/integrations/acs.go index 04336845..d0f97452 100644 --- a/pkg/integrations/acs.go +++ b/pkg/integrations/acs.go @@ -67,24 +67,19 @@ func (a *ACSIntegration) Validate() error { // EnsureNamespace ensures the namespace needed for the ACS integration secret // is created on the cluster. func (a *ACSIntegration) EnsureNamespace(ctx context.Context) error { - feature, err := a.cfg.GetFeature(config.RedHatDeveloperHub) - if err != nil { - return err - } return k8s.EnsureOpenShiftProject( ctx, a.log(), a.kube, - feature.GetNamespace(), + a.cfg.Installer.Namespace, ) } // secretName returns the secret name for the integration. The name is "lazy" // generated to make sure configuration is already loaded. func (a *ACSIntegration) secretName() types.NamespacedName { - feature, _ := a.cfg.GetFeature(config.RedHatDeveloperHub) return types.NamespacedName{ - Namespace: feature.GetNamespace(), + Namespace: a.cfg.Installer.Namespace, Name: "rhtap-acs-integration", } } diff --git a/pkg/integrations/artifactory.go b/pkg/integrations/artifactory.go index 1e4b13d6..35e5df67 100644 --- a/pkg/integrations/artifactory.go +++ b/pkg/integrations/artifactory.go @@ -77,24 +77,19 @@ func (a *ArtifactoryIntegration) Validate() error { // EnsureNamespace ensures the namespace needed for the Artifactory integration secret // is created on the cluster. func (a *ArtifactoryIntegration) EnsureNamespace(ctx context.Context) error { - feature, err := a.cfg.GetFeature(config.RedHatDeveloperHub) - if err != nil { - return err - } return k8s.EnsureOpenShiftProject( ctx, a.log(), a.kube, - feature.GetNamespace(), + a.cfg.Installer.Namespace, ) } // secretName returns the secret name for the integration. The name is "lazy" // generated to make sure configuration is already loaded. func (a *ArtifactoryIntegration) secretName() types.NamespacedName { - feature, _ := a.cfg.GetFeature(config.RedHatDeveloperHub) return types.NamespacedName{ - Namespace: feature.GetNamespace(), + Namespace: a.cfg.Installer.Namespace, Name: "rhtap-artifactory-integration", } } diff --git a/pkg/integrations/bitbucket.go b/pkg/integrations/bitbucket.go index 59118047..7adfe146 100644 --- a/pkg/integrations/bitbucket.go +++ b/pkg/integrations/bitbucket.go @@ -70,24 +70,19 @@ func (g *BitBucketIntegration) Validate() error { // EnsureNamespace ensures the namespace needed for the BitBucket integration secret // is created on the cluster. func (g *BitBucketIntegration) EnsureNamespace(ctx context.Context) error { - feature, err := g.cfg.GetFeature(config.RedHatDeveloperHub) - if err != nil { - return err - } return k8s.EnsureOpenShiftProject( ctx, g.log(), g.kube, - feature.GetNamespace(), + g.cfg.Installer.Namespace, ) } // secretName returns the secret name for the integration. The name is "lazy" // generated to make sure configuration is already loaded. func (g *BitBucketIntegration) secretName() types.NamespacedName { - feature, _ := g.cfg.GetFeature(config.RedHatDeveloperHub) return types.NamespacedName{ - Namespace: feature.GetNamespace(), + Namespace: g.cfg.Installer.Namespace, Name: "rhtap-bitbucket-integration", } } diff --git a/pkg/integrations/github.go b/pkg/integrations/github.go index f0e74edb..0d208836 100644 --- a/pkg/integrations/github.go +++ b/pkg/integrations/github.go @@ -75,15 +75,11 @@ func (g *GithubIntegration) Validate() error { // EnsureNamespace ensures the namespace needed for the GitHub integration secret // is created on the cluster. func (g *GithubIntegration) EnsureNamespace(ctx context.Context) error { - feature, err := g.cfg.GetFeature(config.RedHatDeveloperHub) - if err != nil { - return err - } return k8s.EnsureOpenShiftProject( ctx, g.log(), g.kube, - feature.GetNamespace(), + g.cfg.Installer.Namespace, ) } @@ -136,9 +132,8 @@ func (g *GithubIntegration) setOpenShiftURLs(ctx context.Context) error { // secretName returns the secret name for the integration. The name is "lazy" // generated to make sure configuration is already loaded. func (g *GithubIntegration) secretName() types.NamespacedName { - feature, _ := g.cfg.GetFeature(config.RedHatDeveloperHub) return types.NamespacedName{ - Namespace: feature.GetNamespace(), + Namespace: g.cfg.Installer.Namespace, Name: "rhtap-github-integration", } } diff --git a/pkg/integrations/gitlab.go b/pkg/integrations/gitlab.go index 0fd9a381..2a2056e9 100644 --- a/pkg/integrations/gitlab.go +++ b/pkg/integrations/gitlab.go @@ -77,24 +77,19 @@ func (g *GitLabIntegration) Validate() error { // EnsureNamespace ensures the namespace needed for the GitLab integration secret // is created on the cluster. func (g *GitLabIntegration) EnsureNamespace(ctx context.Context) error { - feature, err := g.cfg.GetFeature(config.RedHatDeveloperHub) - if err != nil { - return err - } return k8s.EnsureOpenShiftProject( ctx, g.log(), g.kube, - feature.GetNamespace(), + g.cfg.Installer.Namespace, ) } // secretName returns the secret name for the integration. The name is "lazy" // generated to make sure configuration is already loaded. func (g *GitLabIntegration) secretName() types.NamespacedName { - feature, _ := g.cfg.GetFeature(config.RedHatDeveloperHub) return types.NamespacedName{ - Namespace: feature.GetNamespace(), + Namespace: g.cfg.Installer.Namespace, Name: "rhtap-gitlab-integration", } } diff --git a/pkg/integrations/jenkins.go b/pkg/integrations/jenkins.go index 50c86d88..3fa36a6d 100644 --- a/pkg/integrations/jenkins.go +++ b/pkg/integrations/jenkins.go @@ -77,24 +77,19 @@ func (j *JenkinsIntegration) Validate() error { // EnsureNamespace ensures the namespace needed for the Jenkins integration secret // is created on the cluster. func (j *JenkinsIntegration) EnsureNamespace(ctx context.Context) error { - feature, err := j.cfg.GetFeature(config.RedHatDeveloperHub) - if err != nil { - return err - } return k8s.EnsureOpenShiftProject( ctx, j.log(), j.kube, - feature.GetNamespace(), + j.cfg.Installer.Namespace, ) } // secretName returns the secret name for the integration. The name is "lazy" // generated to make sure configuration is already loaded. func (j *JenkinsIntegration) secretName() types.NamespacedName { - feature, _ := j.cfg.GetFeature(config.RedHatDeveloperHub) return types.NamespacedName{ - Namespace: feature.GetNamespace(), + Namespace: j.cfg.Installer.Namespace, Name: "rhtap-jenkins-integration", } } diff --git a/pkg/integrations/nexus.go b/pkg/integrations/nexus.go index 50526be5..8614b097 100644 --- a/pkg/integrations/nexus.go +++ b/pkg/integrations/nexus.go @@ -70,24 +70,19 @@ func (n *NexusIntegration) Validate() error { // EnsureNamespace ensures the namespace needed for the Nexus integration secret // is created on the cluster. func (n *NexusIntegration) EnsureNamespace(ctx context.Context) error { - feature, err := n.cfg.GetFeature(config.RedHatDeveloperHub) - if err != nil { - return err - } return k8s.EnsureOpenShiftProject( ctx, n.log(), n.kube, - feature.GetNamespace(), + n.cfg.Installer.Namespace, ) } // secretName returns the secret name for the integration. The name is "lazy" // generated to make sure configuration is already loaded. func (n *NexusIntegration) secretName() types.NamespacedName { - feature, _ := n.cfg.GetFeature(config.RedHatDeveloperHub) return types.NamespacedName{ - Namespace: feature.GetNamespace(), + Namespace: n.cfg.Installer.Namespace, Name: "rhtap-nexus-integration", } } diff --git a/pkg/integrations/quay.go b/pkg/integrations/quay.go index 7a867071..ff110ea3 100644 --- a/pkg/integrations/quay.go +++ b/pkg/integrations/quay.go @@ -80,24 +80,19 @@ func (q *QuayIntegration) Validate() error { // EnsureNamespace ensures the namespace needed for the Quay integration secret // is created on the cluster. func (q *QuayIntegration) EnsureNamespace(ctx context.Context) error { - feature, err := q.cfg.GetFeature(config.RedHatDeveloperHub) - if err != nil { - return err - } return k8s.EnsureOpenShiftProject( ctx, q.log(), q.kube, - feature.GetNamespace(), + q.cfg.Installer.Namespace, ) } // secretName returns the secret name for the integration. The name is "lazy" // generated to make sure configuration is already loaded. func (q *QuayIntegration) secretName() types.NamespacedName { - feature, _ := q.cfg.GetFeature(config.RedHatDeveloperHub) return types.NamespacedName{ - Namespace: feature.GetNamespace(), + Namespace: q.cfg.Installer.Namespace, Name: "rhtap-quay-integration", } } diff --git a/pkg/integrations/trustification.go b/pkg/integrations/trustification.go index 1ed117f8..b7f7534f 100644 --- a/pkg/integrations/trustification.go +++ b/pkg/integrations/trustification.go @@ -85,24 +85,19 @@ func (i *TrustificationIntegration) Validate() error { // EnsureNamespace ensures the namespace needed for the Trustification integration secret // is created on the cluster. func (i *TrustificationIntegration) EnsureNamespace(ctx context.Context) error { - feature, err := i.cfg.GetFeature(config.RedHatDeveloperHub) - if err != nil { - return err - } return k8s.EnsureOpenShiftProject( ctx, i.log(), i.kube, - feature.GetNamespace(), + i.cfg.Installer.Namespace, ) } // secretName returns the secret name for the integration. The name is "lazy" // generated to make sure configuration is already loaded. func (i *TrustificationIntegration) secretName() types.NamespacedName { - feature, _ := i.cfg.GetFeature(config.RedHatDeveloperHub) return types.NamespacedName{ - Namespace: feature.GetNamespace(), + Namespace: i.cfg.Installer.Namespace, Name: "rhtap-trustification-integration", } }