redhat-cop / gitops-catalog Goto Github PK
View Code? Open in Web Editor NEWTools and technologies that are hosted on an OpenShift cluster
License: Apache License 2.0
Tools and technologies that are hosted on an OpenShift cluster
License: Apache License 2.0
On my cluster the job to generate internal registration integrations doesn't work as the auto-generated interations it copies haven't been created yet. This is noted in the bash script where it waits for 3 minutes but on my cluster it isn't enough time. Ideally it should be getting the list of integrations and sleeping in a loop until the auto-generated ones show up.
This is a placeholder issue to remind me to modify this job to do this, I'm happy to do the work in the next couple of weeks.
$ oc apply -k https://github.com/redhat-cop/gitops-catalog/elastisearch-operator/overlays/stable
Error from server (NotFound): error when creating "https://github.com/redhat-cop/gitops-catalog/elastisearch-operator/overlays/stable": namespaces "openshift-operators-redhat" not found
Works if you change the namespace by removing "-redhat" from all the following files:
gitops-catalog/elastisearch-operator/overlays/stable/kustomization.yaml
gitops-catalog/elastisearch-operator//overlays/5.0/kustomization.yaml
gitops-catalog/elastisearch-operator//overlays/4.6/kustomization.yaml
gitops-catalog/elastisearch-operator//base/kustomization.yaml
gitops-catalog/elastisearch-operator//base/elastisearch-subscription.yaml
Several PVC objects have a finalizer included in the object. Generally I keep all finalizers out of the object defenition and only allow k8s to apply the appropriate finalizers in order to prevent a finalizer that doesn't exist from preventing the deletion of the object.
Is there any advantage to keeping the finalizer in the object definition?
finalizers:
- kubernetes.io/pvc-protection
Right now the maven pipelines task (https://github.com/redhat-cop/gitops-catalog/blob/main/openshift-pipelines-tasks/maven/base/maven-task.yaml#L8) is using a google image from the google registry, I would like to suggest we default this to a Red Hat image. I have been using the java:openjdk-11-ubi8
image in OpenShift and haven't experienced any issues.
Interestingly my m2-cache overlay is expecting this image to be used and does not work with the google image. So if you want to leave the google image as the default I need to either make the overlay work with it, patch the overlay to use the RH image or just remove the overlay completely.
@pittar and @sabre1041 thoughts?
The current base is https://github.com/redhat-cop/gitops-catalog/catalog/sealed-secrets-operator/overlays/default
While it should be https://github.com/redhat-cop/gitops-catalog/sealed-secrets-operator/overlays/default
Need to remove redundant "catalog" word in the kustomization file example
The kustomization file for the 4.7 overlay has this reference for a resource:
resources: - knative-kafka-instance.yaml
There is no file like that in the directory.
patchesJson6902
and patchesStrategicMerge
have been depreciated in the v1beta1 API in kustomize v5.0.0 and should be replaced by patches
.
Any references using these should be updated in the GitOps catalog.
OpenShift GitOps 1.10 depreciated the v1alpha1 API and it should be updated to v1beta1.
When applying the current OpenShift GitOps instance you get the following warning:
Warning: ArgoCD v1alpha1 version is deprecated and will be converted to v1beta1 automatically. Moving forward, please use v1beta1 as the ArgoCD API version.
Warning: resource argocds/openshift-gitops is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by oc apply. oc apply should only be used on resources created declaratively by either oc create --save-config or oc apply. The missing annotation will be patched automatically.
argocd.argoproj.io/openshift-gitops configured
The API version in the instance should be updated. Need to validate if anything else needs to change.
Based on this:
I think that everything should be fine since we are already using spec.sso.dex
instead of spec.dex
.
@gnunn1 Do you know of anything else with this API change that we should be aware of?
Several buildconfigs have a status object in the definition that should be removed and instead should allow OCP to create that instead.
status:
lastVersion: 0
As per part 2 of #55 , the main Elasticsearch operator folder is missing a c
in its name.
@gnunn1 @sabre1041 , what's the best way to fix the folder name without breaking anyone's existing kustomizations?
Over in the helm-charts repo we now have a super charged version of the installplan-approver from this repository that does things even more robustly. makign sure to only approve the correct installplan for instance.
maybe we should depricate the installplan-approver here and/or at least cross link from here to the more advanced helm chart?
https://github.com/redhat-cop/helm-charts/tree/master/charts/operators-installer
thoughts?
In this script:
https://github.com/redhat-canada-gitops/catalog/blob/master/sealed-secrets-operator/scripts/get-sealed-secret-key.sh
You have:
oc get $(oc get secret -n sealed-secrets -l sealedsecrets.bitnami.com/sealed-secrets-key=active -o name) -n sealed-secrets -o yaml > ~/.bitnami/sealed-secrets-secret.yaml
You can use the label in the outer command like this to get the same results:
oc get secret -l sealedsecrets.bitnami.com/sealed-secrets-key=active -n sealed-secrets -o yaml > ~/.bitnami/sealed-secrets-secret.yaml
The bases
resource has been depreciated since v2.1.0 and should be combined/replaced with resources
.
Any references using bases
in the gitops catalog should be updated to utilize resources
.
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
.github/workflows/spellcheck.yaml
actions/checkout v4@a5ac7e51b41094c92402da3b24376905380afc29
rojopolis/spellcheck-github-actions 0.37.0@e36f662b21ead3f6f29794ac5c35069bf236463c
.github/workflows/validate-manifests.yaml
actions/checkout v4@a5ac7e51b41094c92402da3b24376905380afc29
actions/checkout v4@a5ac7e51b41094c92402da3b24376905380afc29
ibiqlik/action-yamllint v3@2576378a8e339169678f9939646ee3ee325e845c
actions/checkout v4@a5ac7e51b41094c92402da3b24376905380afc29
ludeeus/action-shellcheck master
gpu-operator-certified/operator/components/console-plugin-helm/kustomization.yaml
requirements.txt
I am looking at adding yamllint to the repo/github actions to enforce better formatting.
@pittar @gnunn1 any thoughts or opinions on adding this to the current configuration?
I also wanted to get your thoughts on a few of the settings that are the most common problems in the repo:
---
at the start of files: I'm not a huge fan of this and would be happy to turn it off.myList:
- name: myObject
instead of
myList:
- name: myObject
The rest of the errors seem pretty minor but a count of all of the errors can be found below:
Row Labels | Count of Errors |
---|---|
[error] no new line character at the end of file (new-line-at-end-of-file) | 189 |
[error] too many blank lines (1 > 0) (empty-lines) | 12 |
[error] too many blank lines (2 > 0) (empty-lines) | 1 |
[error] too many spaces after colon (colons) | 7 |
[error] too many spaces after hyphen (hyphens) | 7 |
[error] too many spaces inside braces (braces) | 2 |
[error] trailing spaces (trailing-spaces) | 33 |
[error] wrong indentation | 317 |
[warning] comment not indented like content (comments-indentation) | 1 |
[warning] missing document start "---" (document-start) | 329 |
[warning] truthy value should be one of [false, true] (truthy) | 7 |
Add a catalog item for Minio
Incoming PR to remove the URL patch from the Ansible operator
There are currently two folders for devspaces that should be combined:
https://github.com/redhat-cop/gitops-catalog/tree/main/devspaces
https://github.com/redhat-cop/gitops-catalog/tree/main/openshift-dev-spaces
As the Elasticsearch Operator is deprecated and targeting removal, there will be an eventual need for manifests to install Lokistack.
PR incoming to update the ansible operator to stable-2.1 from pre-release and removing pre-release.
The namespace field in base/kustomization.yaml should be updated to match the namespace.yaml resource (cert-manager-operator
).
I believe the startingCSV field in the base/subscription.yaml is superfluous and may be removed.
olm.providedAPIs
on OperatorGroup objects should be applied by OLM and should not be included in the object definition.
olm.providedAPIs
Example:
rhsso/rhsso-operator/base/rhsso-operatorgroup.yaml
this is just beauty/confusion... when reusing the sealed-secrets I get
W0502 18:15:57.469772 441936 warnings.go:70] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "sealed-secrets-controller" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "sealed-secrets-controller" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "sealed-secrets-controller" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "sealed-secrets-controller" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
Installation AAP operator using the OpenShift console results in install to namespace "aap"
The kustomization here installs to "ansible-automation-platform" namespace.
Is there an established opinion about inconsistencies like this?
Personally I would like to strive to match the defaults. I can do a PR, but I am only just now testing this for the first time today.
./gitops-catalog/openshift-logging/instance/overlays/default/kustomization.yaml: value: 'https://kibana-openshift-logging.apps.mgnt.adetalhouet.rhtelco.io'
The nmstate resource here
Has the following issues:
$ kustomize build 'https://github.com/redhat-cop/gitops-catalog/nmstate/aggregate/overlays/default?ref=main' | kfilt -k nmstate
---
apiVersion: nmstate.io/v1beta1
kind: NMState
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
name: nmstate
spec:
nodeSelector:
beta.kubernetes.io/arch: amd64
Operators may wish to have ODF provide storage for the internal registry. However 334027 invokes a job to enable the ODF console plug-in. This job depends on image-registry.openshift-image-registry.svc:5000/openshift/cli, which wouldn't be available until the registry is already configured.
It's possible that cluster operators are expected to have configured ephemeral storage for the registry, or to deploy a StorageCluster with in the same ArgoCD application that installs the operator. But the requirement isn't documented and may be unintentional.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.