diff --git a/MISC/sample-secret-decode.inputfile b/MISC/sample-secret-decode.inputfile new file mode 100644 index 0000000..c548d65 --- /dev/null +++ b/MISC/sample-secret-decode.inputfile @@ -0,0 +1,4 @@ +imageCredentials: + password: Kambh12# # Quay password + keyStorePassword: encrypted:samljks-password:password + branch: master diff --git a/MISC/secret-decoder.sh b/MISC/secret-decoder.sh index 9e9794b..8870203 100755 --- a/MISC/secret-decoder.sh +++ b/MISC/secret-decoder.sh @@ -12,7 +12,7 @@ # PLEASE REPLACE the KUBECTL command below as required # Also, change SEDCHAR to a charected that is NOT present in any of the secret-values ################################################################################ -KUBECTL="kubectl" +KUBECTL="kubectl -n oes3952" SEDCHAR="?" echo "##########Replacing Secrets#########" while IFS= read -r line ; do diff --git a/MISC/tmp.yaml b/MISC/tmp.yaml new file mode 100644 index 0000000..522b486 --- /dev/null +++ b/MISC/tmp.yaml @@ -0,0 +1,46 @@ +# Pod to create sampleapp in Spinnaker. This should automatically happen +# During installation. However, if there is a failure, this pod can be run to re-execute +# the script that will re-create sampleapp from opsmx/sampleapp repo +# Please REPLACE "test" (all occurences) with name of the RELEASE if required +# and execute the following command, replacing the namespace accordingly: +# +# kubectl replace --force -f create-sample-app.yaml -n opsmx-test +# +apiVersion: batch/v1 +kind: Job +metadata: + name: "test-create-sample-app" +spec: + template: + spec: + serviceAccountName: test-spinnaker-halyard + securityContext: + fsGroup: 1000 + runAsUser: 1000 + restartPolicy: OnFailure + volumes: + - name: halyard-config + configMap: + name: test-spinnaker-halyard-config + - secret: + secretName: test-spinnaker-spin-config + name: spin-config + - configMap: + defaultMode: 420 + name: test-spinnaker-spin-pipeline-import + name: spin-pipeline-import + - name: spin-pipeline-config + emptyDir: {} + containers: + - command: ["sleep","infinity"] + #- bash + #- /tmp/config/spin-pipeline-import.sh + name: sample-pipeline-install + image: quay.io/opsmxpublic/spin-sample-pipeline:1.0 + volumeMounts: + - name: spin-pipeline-config + mountPath: /tmp/config/git + - mountPath: /tmp/config + name: spin-pipeline-import + - mountPath: /tmp/config/spin + name: spin-config diff --git a/README.md b/README.md index 41f2a6d..718e264 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ Instructions basic requirements of a laptop and cluster can be found [here](http 1. Create an empty-repo (called the "gitops-repo" in the document), "main" branch should be the default, and clone it locally 2. Clone https://github.com/OpsMx/standard-isd-gitops, selecting the appropriate branch: -- `git clone https://github.com/OpsMx/standard-isd-gitops -b 3.12` +- `git clone https://github.com/OpsMx/standard-isd-gitops -b 3.11` 3. Copy contents of the standard-isd-repo to the gitops-repo created above using: @@ -89,6 +89,10 @@ Use the following command (replace isd below with the helm release-name) to chec If the clone is not happening correctly, please check your values.yaml git user, token, repo, branch etc. For those interested, the script can be found in the isd-spinnaker-halyard-init-script +## Only clouddriver and igor pods are in error/crashloop +This is usually caused by incorrect "branch". Ensure that the "default" label in default/profiles/spinnakerconfig.yml is "main" or whatever branch you are using. Once corrected, restart the halyard pod by deleting it e.g.: +- `kubectl -n opsmx-isd delete po isd-spinnaker-halyard-0` + # Cleaning up/Delete the installation Issue these commands, replace -n option with the namespace diff --git a/SAMPLES/agent-config/deploy-service-config-k8s-only.yaml b/SAMPLES/agent-config/deploy-service-config-k8s-only.yaml index 4a993d6..c5fadf2 100644 --- a/SAMPLES/agent-config/deploy-service-config-k8s-only.yaml +++ b/SAMPLES/agent-config/deploy-service-config-k8s-only.yaml @@ -11,7 +11,7 @@ metadata: agent.opsmx.com/role: agent data: services.yaml: | - outgoingServices: + services: - name: demo-cluster type: kubernetes enabled: true diff --git a/SAMPLES/values-yamls/easy-values-gitlab.yaml b/SAMPLES/values-yamls/easy-values-gitlab.yaml deleted file mode 100644 index 70f5088..0000000 --- a/SAMPLES/values-yamls/easy-values-gitlab.yaml +++ /dev/null @@ -1,32 +0,0 @@ -# This file can be used for very simple installation that uses -# insecure urls (i.e. http, not httpS). This may not be be allowed in some environments -# and/or your browser may give a security warning -# Excellent choice for 1st time ISD Trial -# -# Instructions: -# a) Update the 3 URLs below -# b) Update the git repo details -# c) Follow the installation instructions to experience the next generation of Software Delivery -# -global: - createIngress: true - gitea: - enabled: false - ## OES-UI url configuration - oesUI: - protocol: http - host: oes.isd-pov.example.com # REPLACE if you have DNS access, else use hosts file entries - -spinnaker: - gitopsHalyard: - enabled: true - repo: - type: git # git, s3, stash(bitbucket server) - baseUrlHostName: gitlab.com - organization: # REPLACE - username: # REPLACE - Usermailid: - token: # REPLACE - repository: # REPLACE repo name for Gitlab - dynamicAccRepository: # REPLACE - diff --git a/SAMPLES/values-yamls/easy-values.yaml b/SAMPLES/values-yamls/easy-values.yaml index c205351..3f60878 100644 --- a/SAMPLES/values-yamls/easy-values.yaml +++ b/SAMPLES/values-yamls/easy-values.yaml @@ -9,14 +9,21 @@ # c) Follow the installation instructions to experience the next generation of Software Delivery # global: - createIngress: true - gitea: + certManager: + installed: false + ssl: enabled: false - + spinDeck: + protocol: http + host: spin.isd-pov.example.com # REPLACE if you have DNS access, else use hosts file entries ## OES-UI url configuration oesUI: protocol: http host: oes.isd-pov.example.com # REPLACE if you have DNS access, else use hosts file entries + ## OES-Gate url configuration + oesGate: + protocol: http + host: oes-gate.isd-pov.example.com # REPLACE if you have DNS access, else use hosts file entries spinnaker: gitopsHalyard: diff --git a/clouddriver-local.yml b/clouddriver-local.yml deleted file mode 100644 index 4b37ab2..0000000 --- a/clouddriver-local.yml +++ /dev/null @@ -1,22 +0,0 @@ -kubernetes: - enabled: true - accounts: - - name: "default" - liveManifestCalls: true - requiredGroupMembership: [] - providerVersion: "v2" - permissions: {} - dockerRegistries: [] - configureImagePullSecrets: true - serviceAccount: true - cacheThreads: 1 - namespaces: - - "opsmx-isd" - omitNamespaces: [] - kinds: [] - omitKinds: - - "podPreset" - - "namespaces" - customResources: [] - cachingPolicies: [] - onlySpinnakerManaged: true diff --git a/config b/config index 3120213..02e0c89 100644 --- a/config +++ b/config @@ -309,7 +309,7 @@ deploymentConfigurations: apiSecurity: ssl: enabled: false - overrideBaseUrl: /gate/ + overrideBaseUrl: PROTOCOL://OVERRIDE_API_URL uiSecurity: ssl: enabled: false diff --git a/default/profiles/front50-local.yml b/default/profiles/front50-local.yml index 55f3657..c494af3 100644 --- a/default/profiles/front50-local.yml +++ b/default/profiles/front50-local.yml @@ -5,5 +5,3 @@ policy: opa: enabled: true url: http://oes-sapor:8085 -migrations: - migrateToManagedServiceAccounts: false diff --git a/default/profiles/orca-local.yml b/default/profiles/orca-local.yml index 376b2fa..d4abd3f 100644 --- a/default/profiles/orca-local.yml +++ b/default/profiles/orca-local.yml @@ -7,7 +7,7 @@ pollers: tasks: daysOfExecutionHistory: 180 # How many days to keep old task executions around. - useManagedServiceAccounts: false + job: preconfigured: kubernetes: @@ -90,11 +90,10 @@ job: name: git-token key: git_pr_token - name: git_secret_sshkey - value: "" - #valueFrom: - # secretKeyRef: - # name: git-token - # key: git_secret_sshkey + valueFrom: + secretKeyRef: + name: git-token + key: git_secret_sshkey volumes: - configMap: defaultMode: 420 @@ -193,11 +192,10 @@ job: name: git-token key: git_pr_token - name: git_secret_sshkey - value: "" - #valueFrom: - # secretKeyRef: - # name: git-token - # key: git_secret_sshkey + valueFrom: + secretKeyRef: + name: git-token + key: git_secret_sshkey volumes: - configMap: defaultMode: 420 @@ -219,173 +217,15 @@ job: serviceAccountName: default webhook: preconfigured: - - label: "ServiceNow-Create Change Request" - type: CreateServiceNowChangeRequest - enabled: true - description: Custom stage for servicenow normal request creation - method: POST - url: SERVICENOW_URL/api/sn_chg_rest/v1/change - customHeaders: - Authorization: Basic SERVICENOW_BASE64_USR_PASSWD - Content-Type: application/json - payload: |- - { - "delivery_plan":"${parameterValues['deliveryplan']}", - "impact":"${parameterValues['impact']}", - "priority":"${parameterValues['priority']}", - "change_plan":"${parameterValues['changeplan']}", - "short_description":"${parameterValues['shortdescription']}", - "description":"${parameterValues['description']}", - "implementation_plan":"${parameterValues['implementationplan']}", - "backout_plan":"${parameterValues['backoutplan']}", - "type":"${parameterValues['type']}" - } - parameters: - - label: Delivery Plan - name: deliveryplan - description: Delivery plan - type: string - - label: Impact - name: impact - description: 1-High, 2-Medium, 3-Low. Mention 1 or 2 or 3 in the column. - type: string - - label: Priority - name: priority - description: 1-Critical, 2-High, 3-Moderate, 4-Low - type: string - - label: Change Plan - name: changeplan - description: Change plan - type: string - - label: Short Description - name: shortdescription - description: Short description - type: string - - label: Description - name: description - description: Description - type: string - - label: Implementation Plan - name: implementationplan - description: Implementation plan - type: string - - label: Backout Plan - name: backoutplan - description: Backout plan - type: string - - label: Type - name: type - description: Emergency, Normal etc - type: string - - - label: "ServiceNow-Change State of Change Request" - type: ChangeStateofChangeRequest - enabled: true - description: Custom stage to change the state of the normal request - method: PATCH - url: SERVICENOW_URL/api/sn_chg_rest/v1/change/${parameterValues['sysid']} - customHeaders: - Authorization: Basic SERVICENOW_BASE64_USR_PASSWD - Content-Type: application/json - payload: |- - { - "assignment_group":"${parameterValues['assignmentgroup']}", - "state":"${parameterValues['state']}" - } - parameters: - - label: Assignment Group - name: assignmentgroup - description: Assignment group to approval the state change Eg- CAB Approval - type: string - - label: State - name: state - description: Change to which state? Eg- Assess - type: string - - label: sys_id - name: sysid - description: Sys id of the request. Can get from url of the request Eg-7067852307303010268affa08c1ed0a6 - type: string - - - label: "ServiceNow-Add Work Note to Change Request" - type: AddWorkNotetoChangeRequst - enabled: true - description: Custom stage to add work note to normal request - method: PATCH - url: SERVICENOW_URL/api/sn_chg_rest/change/${parameterValues['sysid']} - customHeaders: - Authorization: Basic SERVICENOW_BASE64_USR_PASSWD - Content-Type: application/json - payload: |- - { - "work_notes":"${parameterValues['worknotes']}" - } - parameters: - - label: Work Notes - name: worknotes - description: Add work notes to the request - type: string - - label: sys_id - name: sysid - description: Sys id of the request. Can get from url of the request Eg-7067852307303010268affa08c1ed0a6 - type: string - - - label: "Service Now: Wait for state" - type: waitServiceNowState - enabled: true - description: Custom stage that waits for a specific state on a Service Now Issue - method: GET - url: SERVICENOW_URL/api/sn_chg_rest/change/${parameterValues['sysid']} - customHeaders: - Authorization: Basic SERVICENOW_BASE64_USR_PASSWD - Content-Type: application/json - failPipeline: true - progressJsonPath: "result.state.display_value" - payload: "" - retryStatusCodes: - - 200 - statusJsonPath: "result.state.display_value" - statusUrlResolution: "getMethod" - successStatuses: ${parameterValues['success']} - retryStatuses: ${parameterValue['retry']} - terminalStatuses: ${parameterValues['terminate']} - canceledStatuses: ${parameterValues['cancel']} - waitBeforeMonitor: "1" - waitForCompletion: true - parameters: - - label: Sys id - name: sysid - description: "sys id of the request" - type: string - defaultValue: "" - - label: Service Now Success States - name: success - description: "Service Now issue States that progress the pipeline, e.g,: In Verificaiton etc." - type: string - defaultValue: "" - - label: Service Now Retry States - name: retry - description: "Service Now issue states that Retry the stage e.g,: New etc. Can give multiple states coma seperated" - type: string - defaultValue: "" - - label: Service Now Termination States - name: terminate - description: "Service Now issue states that terminates the pipeline, e.g,: Done etc." - type: string - defaultValue: "" - - label: Service Now Canceled States - name: cancel - description: "Service Now issue states that cancel the pipeline e.g,: Closed, etc." - type: string - defaultValue: Closed - label: "JIRA: Wait for state" type: waitJiraState enabled: true description: Custom stage that waits for a specific state on a Jira Issue method: GET - url: JIRA_URL/rest/api/latest/issue/${parameterValues['issue']} + url: https:///rest/api/latest/issue/${parameterValues['issue']} customHeaders: ## Provide the JIRA credentails that are in base64 encoded USER:PASSWORD/TOKEN - Authorization: Basic JIRA_BASE64_USR_PASSWD + Authorization: Basic base64{<>:<>} Content-Type: application/json failPipeline: true progressJsonPath: "fields.status.name" @@ -431,10 +271,10 @@ webhook: enabled: true description: Custom stage that add an Issue in Jira method: POST - url: JIRA_URL/rest/api/2/issue/ + url: https:///rest/api/2/issue/ customHeaders: ## Provide the JIRA credentails that are in base64 encoded USER:PASSWORD/TOKEN - Authorization: Basic JIRA_BASE64_USR_PASSWD + Authorization: Basic base64{<>:<>} Content-Type: application/json payload: |- { @@ -487,10 +327,10 @@ webhook: enabled: true description: Custom stage that posts a comment in a Jira Issue method: POST - url: JIRA_URL/rest/api/latest/issue/${parameterValues['issue']}/comment + url: https:///rest/api/latest/issue/${parameterValues['issue']}/comment customHeaders: ## Provide the JIRA credentails that are in base64 encoded USER:PASSWORD/TOKEN - Authorization: Basic JIRA_BASE64_USR_PASSWD + Authorization: Basic base64{<>:<>} Content-Type: application/json payload: |- { @@ -510,10 +350,10 @@ webhook: enabled: true description: Custom stage that updates an Issue in Jira method: PUT - url: JIRA_URL/rest/api/latest/issue/${parameterValues['issue']} + url: https:///rest/api/latest/issue/${parameterValues['issue']} customHeaders: ## Provide the JIRA credentails that are in base64 encoded USER:PASSWORD/TOKEN - Authorization: Basic JIRA_BASE64_USR_PASSWD + Authorization: Basic base64{<>:<>} Content-Type: application/json payload: |- { @@ -547,10 +387,10 @@ webhook: enabled: true description: Custom stage that transitions an Issue in Jira method: POST - url: JIRA_URL/rest/api/latest/issue/${parameterValues['issue']}/transitions + url: https:///rest/api/latest/issue/${parameterValues['issue']}/transitions customHeaders: ## Provide the JIRA credentails that are in base64 encoded USER:PASSWORD/TOKEN - Authorization: Basic JIRA_BASE64_USR_PASSWD + Authorization: Basic base64{<>:<>} Content-Type: application/json payload: |- { diff --git a/default/profiles/rosco-local.yml b/default/profiles/rosco-local.yml index be86041..6dc97e0 100644 --- a/default/profiles/rosco-local.yml +++ b/default/profiles/rosco-local.yml @@ -1,4 +1,4 @@ rosco: configDir: /opt/rosco/config/packer -redis: - connection: redis://:password@RELEASE_NAME-redis-master:6379 +#redis: +# connection: redis://:password@oes-redis-master:6379 diff --git a/default/profiles/settings-local.js b/default/profiles/settings-local.js deleted file mode 100644 index d0cc669..0000000 --- a/default/profiles/settings-local.js +++ /dev/null @@ -1 +0,0 @@ -window.spinnakerSettings.feature.managedServiceAccounts = false; diff --git a/default/profiles/spinnakerconfig.yml b/default/profiles/spinnakerconfig.yml index d17c4d6..c6c717e 100644 --- a/default/profiles/spinnakerconfig.yml +++ b/default/profiles/spinnakerconfig.yml @@ -10,7 +10,7 @@ spring: password: GIT_TOKEN basedir: /tmp/config-repo searchPaths: DYN_ACCNT_CONFG_PATH - defaultLabel: master + defaultLabel: main refresh-rate: 10 encrypt: key: Q7udUkHPuA3VnNlOtksSgQ diff --git a/default/profiles/spinnakerconfig.yml.ssh b/default/profiles/spinnakerconfig.yml.ssh index 663deb9..e50e57e 100644 --- a/default/profiles/spinnakerconfig.yml.ssh +++ b/default/profiles/spinnakerconfig.yml.ssh @@ -11,5 +11,4 @@ spring: basedir: /tmp/config-repo strictHostKeyChecking: false ignoreLocalSshSettings: true - defaultLabel: master privateKey: | diff --git a/default/service-settings/clouddriver-caching.yml b/default/service-settings/clouddriver-caching.yml index aa8bf20..bf05287 100644 --- a/default/service-settings/clouddriver-caching.yml +++ b/default/service-settings/clouddriver-caching.yml @@ -1,11 +1,8 @@ -artifactId: quay.io/opsmxpublic/ubi8-spin-clouddriver:v3.12.0-git +artifactId: quay.io/opsmxpublic/ubi8-spin-clouddriver:8.0.4-1 kubernetes: volumes: - id: oes-cacerts type: secret mountPath: /etc/pki/ca-trust/extracted/java - podAnnotations: - moniker.spinnaker.io/application: spin - env: JAVA_OPTS: "-XX:MaxRAMPercentage=100.0" diff --git a/default/service-settings/clouddriver-caching.yml.s3 b/default/service-settings/clouddriver-caching.yml.s3 index e19dcfa..538273a 100644 --- a/default/service-settings/clouddriver-caching.yml.s3 +++ b/default/service-settings/clouddriver-caching.yml.s3 @@ -1,6 +1,4 @@ -artifactId: quay.io/opsmxpublic/ubi8-spin-clouddriver:v3.12.0-git +artifactId: quay.io/opsmxpublic/ubi8-spin-clouddriver:8.0.4 env: JAVA_OPTS: "-XX:MaxRAMPercentage=100.0 -Daws.accessKeyId=AWS_ACCESS_KEY_ID -Daws.secretKey=AWS_SECRET_ACCESS_KEY" -kubernetes: - podAnnotations: - moniker.spinnaker.io/application: spin + diff --git a/default/service-settings/clouddriver-ro-deck.yml b/default/service-settings/clouddriver-ro-deck.yml index aa8bf20..bf05287 100644 --- a/default/service-settings/clouddriver-ro-deck.yml +++ b/default/service-settings/clouddriver-ro-deck.yml @@ -1,11 +1,8 @@ -artifactId: quay.io/opsmxpublic/ubi8-spin-clouddriver:v3.12.0-git +artifactId: quay.io/opsmxpublic/ubi8-spin-clouddriver:8.0.4-1 kubernetes: volumes: - id: oes-cacerts type: secret mountPath: /etc/pki/ca-trust/extracted/java - podAnnotations: - moniker.spinnaker.io/application: spin - env: JAVA_OPTS: "-XX:MaxRAMPercentage=100.0" diff --git a/default/service-settings/clouddriver-ro-deck.yml.s3 b/default/service-settings/clouddriver-ro-deck.yml.s3 index 7b9edbe..0ee746d 100644 --- a/default/service-settings/clouddriver-ro-deck.yml.s3 +++ b/default/service-settings/clouddriver-ro-deck.yml.s3 @@ -1,7 +1,3 @@ -artifactId: quay.io/opsmxpublic/ubi8-spin-clouddriver:v3.12.0-git +artifactId: quay.io/opsmxpublic/ubi8-spin-clouddriver:8.0.4 env: JAVA_OPTS: "-XX:MaxRAMPercentage=100.0 -Daws.accessKeyId=AWS_ACCESS_KEY_ID -Daws.secretKey=AWS_SECRET_ACCESS_KEY" -kubernetes: - podAnnotations: - moniker.spinnaker.io/application: spin - diff --git a/default/service-settings/clouddriver-ro.yml b/default/service-settings/clouddriver-ro.yml index aa8bf20..bf05287 100644 --- a/default/service-settings/clouddriver-ro.yml +++ b/default/service-settings/clouddriver-ro.yml @@ -1,11 +1,8 @@ -artifactId: quay.io/opsmxpublic/ubi8-spin-clouddriver:v3.12.0-git +artifactId: quay.io/opsmxpublic/ubi8-spin-clouddriver:8.0.4-1 kubernetes: volumes: - id: oes-cacerts type: secret mountPath: /etc/pki/ca-trust/extracted/java - podAnnotations: - moniker.spinnaker.io/application: spin - env: JAVA_OPTS: "-XX:MaxRAMPercentage=100.0" diff --git a/default/service-settings/clouddriver-ro.yml.s3 b/default/service-settings/clouddriver-ro.yml.s3 index e19dcfa..538273a 100644 --- a/default/service-settings/clouddriver-ro.yml.s3 +++ b/default/service-settings/clouddriver-ro.yml.s3 @@ -1,6 +1,4 @@ -artifactId: quay.io/opsmxpublic/ubi8-spin-clouddriver:v3.12.0-git +artifactId: quay.io/opsmxpublic/ubi8-spin-clouddriver:8.0.4 env: JAVA_OPTS: "-XX:MaxRAMPercentage=100.0 -Daws.accessKeyId=AWS_ACCESS_KEY_ID -Daws.secretKey=AWS_SECRET_ACCESS_KEY" -kubernetes: - podAnnotations: - moniker.spinnaker.io/application: spin + diff --git a/default/service-settings/clouddriver-rw.yml b/default/service-settings/clouddriver-rw.yml index aa8bf20..bf05287 100644 --- a/default/service-settings/clouddriver-rw.yml +++ b/default/service-settings/clouddriver-rw.yml @@ -1,11 +1,8 @@ -artifactId: quay.io/opsmxpublic/ubi8-spin-clouddriver:v3.12.0-git +artifactId: quay.io/opsmxpublic/ubi8-spin-clouddriver:8.0.4-1 kubernetes: volumes: - id: oes-cacerts type: secret mountPath: /etc/pki/ca-trust/extracted/java - podAnnotations: - moniker.spinnaker.io/application: spin - env: JAVA_OPTS: "-XX:MaxRAMPercentage=100.0" diff --git a/default/service-settings/clouddriver-rw.yml.s3 b/default/service-settings/clouddriver-rw.yml.s3 index 7b9edbe..538273a 100644 --- a/default/service-settings/clouddriver-rw.yml.s3 +++ b/default/service-settings/clouddriver-rw.yml.s3 @@ -1,7 +1,4 @@ -artifactId: quay.io/opsmxpublic/ubi8-spin-clouddriver:v3.12.0-git +artifactId: quay.io/opsmxpublic/ubi8-spin-clouddriver:8.0.4 env: JAVA_OPTS: "-XX:MaxRAMPercentage=100.0 -Daws.accessKeyId=AWS_ACCESS_KEY_ID -Daws.secretKey=AWS_SECRET_ACCESS_KEY" -kubernetes: - podAnnotations: - moniker.spinnaker.io/application: spin diff --git a/default/service-settings/clouddriver.yml b/default/service-settings/clouddriver.yml index 3b6d030..22b3689 100644 --- a/default/service-settings/clouddriver.yml +++ b/default/service-settings/clouddriver.yml @@ -1,6 +1,3 @@ -artifactId: quay.io/opsmxpublic/ubi8-spin-clouddriver:v3.12.0 +artifactId: quay.io/opsmxpublic/ubi8-spin-clouddriver:8.0.4-1 env: JAVA_OPTS: "-XX:MaxRAMPercentage=100.0" -kubernetes: - podAnnotations: - moniker.spinnaker.io/application: spin diff --git a/default/service-settings/deck.yml b/default/service-settings/deck.yml index 51af83b..0ba43a7 100644 --- a/default/service-settings/deck.yml +++ b/default/service-settings/deck.yml @@ -1,6 +1,3 @@ -artifactId: quay.io/opsmxpublic/ubi8-oes-deck:v3.12.0 +artifactId: quay.io/opsmxpublic/ubi8-oes-deck:3.7.2 env: API_HOST: http://spin-gate:8084 -kubernetes: - podAnnotations: - moniker.spinnaker.io/application: spin diff --git a/default/service-settings/echo-scheduler.yml b/default/service-settings/echo-scheduler.yml index aa43e4f..5383cae 100644 --- a/default/service-settings/echo-scheduler.yml +++ b/default/service-settings/echo-scheduler.yml @@ -1,6 +1,3 @@ -artifactId: quay.io/opsmxpublic/ubi8-spin-echo:v3.12.0 +artifactId: quay.io/opsmxpublic/ubi8-spin-echo:2.17.1-slackops env: JAVA_OPTS: "-XX:MaxRAMPercentage=100.0" -kubernetes: - podAnnotations: - moniker.spinnaker.io/application: spin diff --git a/default/service-settings/echo-worker.yml b/default/service-settings/echo-worker.yml index aa43e4f..5383cae 100644 --- a/default/service-settings/echo-worker.yml +++ b/default/service-settings/echo-worker.yml @@ -1,6 +1,3 @@ -artifactId: quay.io/opsmxpublic/ubi8-spin-echo:v3.12.0 +artifactId: quay.io/opsmxpublic/ubi8-spin-echo:2.17.1-slackops env: JAVA_OPTS: "-XX:MaxRAMPercentage=100.0" -kubernetes: - podAnnotations: - moniker.spinnaker.io/application: spin diff --git a/default/service-settings/echo.yml b/default/service-settings/echo.yml index aa43e4f..5383cae 100644 --- a/default/service-settings/echo.yml +++ b/default/service-settings/echo.yml @@ -1,6 +1,3 @@ -artifactId: quay.io/opsmxpublic/ubi8-spin-echo:v3.12.0 +artifactId: quay.io/opsmxpublic/ubi8-spin-echo:2.17.1-slackops env: JAVA_OPTS: "-XX:MaxRAMPercentage=100.0" -kubernetes: - podAnnotations: - moniker.spinnaker.io/application: spin diff --git a/default/service-settings/fiat.yml b/default/service-settings/fiat.yml index 883d47e..4360908 100644 --- a/default/service-settings/fiat.yml +++ b/default/service-settings/fiat.yml @@ -1,6 +1,3 @@ -artifactId: quay.io/opsmxpublic/ubi8-spin-fiat:v3.12.0 +artifactId: quay.io/opsmxpublic/ubi8-spin-fiat:1.16.0 env: JAVA_OPTS: "-XX:MaxRAMPercentage=100.0" -kubernetes: - podAnnotations: - moniker.spinnaker.io/application: spin diff --git a/default/service-settings/front50.yml b/default/service-settings/front50.yml index b92fd00..07a94f5 100644 --- a/default/service-settings/front50.yml +++ b/default/service-settings/front50.yml @@ -1,6 +1,3 @@ -artifactId: quay.io/opsmxpublic/ubi8-oes-front50:v3.12.0 +artifactId: quay.io/opsmxpublic/ubi8-oes-front50:0.27.1-opa env: JAVA_OPTS: "-XX:MaxRAMPercentage=100.0" -kubernetes: - podAnnotations: - moniker.spinnaker.io/application: spin diff --git a/default/service-settings/gate.yml b/default/service-settings/gate.yml index 912dde9..d074ae6 100644 --- a/default/service-settings/gate.yml +++ b/default/service-settings/gate.yml @@ -1,9 +1,6 @@ -artifactId: quay.io/opsmxpublic/ubi8-oes-spin-gate:v3.12.0 +artifactId: quay.io/opsmxpublic/ubi8-oes-spin-gate:1.22.1 healthEndpoint: /health kubernetes: useExecHealthCheck: false - podAnnotations: - moniker.spinnaker.io/application: spin - env: JAVA_OPTS: "-XX:MaxRAMPercentage=100.0" diff --git a/default/service-settings/igor.yml b/default/service-settings/igor.yml index feebbbc..60f1567 100644 --- a/default/service-settings/igor.yml +++ b/default/service-settings/igor.yml @@ -1,4 +1,4 @@ -artifactId: quay.io/opsmxpublic/ubi8-spin-igor:v3.12.0 +artifactId: quay.io/opsmxpublic/ubi8-spin-igor:1.16.0 kubernetes: volumes: #- id: ca-trust-bundle @@ -13,8 +13,5 @@ kubernetes: mountPath: /etc/pki/ca-trust/extracted/java type: secret readOnly: true - podAnnotations: - moniker.spinnaker.io/application: spin - env: JAVA_OPTS: "-XX:MaxRAMPercentage=100.0" diff --git a/default/service-settings/kayenta.yml b/default/service-settings/kayenta.yml index 9100775..b0d153a 100644 --- a/default/service-settings/kayenta.yml +++ b/default/service-settings/kayenta.yml @@ -1,3 +1,3 @@ -artifactId: quay.io/opsmxpublic/ubi8-spin-kayenta:v3.12.0 +artifactId: quay.io/opsmxpublic/ubi8-spin-kayenta:0.21.0 env: JAVA_OPTS: "-XX:MaxRAMPercentage=100.0" diff --git a/default/service-settings/orca.yml b/default/service-settings/orca.yml index 0175f20..5539e2f 100644 --- a/default/service-settings/orca.yml +++ b/default/service-settings/orca.yml @@ -1,13 +1,9 @@ -#artifactId: quay.io/opsmxpublic/ubi8-oes-orca:2.20.3-slackops -artifactId: quay.io/opsmxpublic/ubi8-oes-orca:v3.12.5 +artifactId: quay.io/opsmxpublic/ubi8-oes-orca:2.20.3-slackops kubernetes: volumes: - id: oes-cacerts mountPath: /etc/ssl/certs/java type: secret readOnly: true - podAnnotations: - moniker.spinnaker.io/application: spin - env: JAVA_OPTS: "-XX:MaxRAMPercentage=100.0" diff --git a/default/service-settings/redis.yml b/default/service-settings/redis.yml index 6396c72..43dc1d7 100644 --- a/default/service-settings/redis.yml +++ b/default/service-settings/redis.yml @@ -1,6 +1,2 @@ overrideBaseUrl: redis://:password@RELEASE_NAME-redis-master:6379 skipLifeCycleManagement: true -kubernetes: - podAnnotations: - moniker.spinnaker.io/application: spin - diff --git a/default/service-settings/rosco.yml b/default/service-settings/rosco.yml index c256e83..7be1eab 100644 --- a/default/service-settings/rosco.yml +++ b/default/service-settings/rosco.yml @@ -1,4 +1 @@ -artifactId: quay.io/opsmxpublic/ubi8-spin-rosco:v3.12.0 -kubernetes: - podAnnotations: - moniker.spinnaker.io/application: spin +artifactId: quay.io/opsmxpublic/ubi8-spin-rosco:0.25.0 diff --git a/install/ISD-Install-Job.yaml b/install/ISD-Install-Job.yaml index 2e3a9fc..1a769b2 100644 --- a/install/ISD-Install-Job.yaml +++ b/install/ISD-Install-Job.yaml @@ -209,7 +209,7 @@ spec: - mountPath: /repo name: repo-volume serviceAccount: byos - serviceAccountName: byos + serviceAccountName: isd-install restartPolicy: "Never" volumes: - emptyDir: {} diff --git a/install/inputcm.yaml b/install/inputcm.yaml index 26e98fc..467f176 100644 --- a/install/inputcm.yaml +++ b/install/inputcm.yaml @@ -8,7 +8,7 @@ data: # Typically, there is no need to change the values below this line ##################################################################################################### branch: main # Gitrepo branch, MUST be the default branch - version: 3.12.6 # ISD version + version: 3.11.1 # ISD version namespace: opsmx-isd # Namespace to install ISD, best not to change path: install/isd-install.sh # Script to execute for installation, should not be changed diff --git a/install/serviceaccount.yaml b/install/serviceaccount.yaml index 6b474dc..a441883 100644 --- a/install/serviceaccount.yaml +++ b/install/serviceaccount.yaml @@ -1,17 +1,17 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: byos + name: isd-install --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: byos + name: isd-install roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount - name: byos - namespace: opsmx-isd #Please update the namespace + name: isd-install + namespace: opsmx-isd #Please update the namespace accordingly diff --git a/reinstall/reinstall.yaml b/reinstall/reinstall.yaml deleted file mode 100644 index 1e95ee7..0000000 --- a/reinstall/reinstall.yaml +++ /dev/null @@ -1,119 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: byos-hiu - labels: - app: byos -spec: - backoffLimit: 2 - template: - spec: - containers: - - args: - - |- - set +x - - source /repo/environment - - chmod +x /repo/byos-reinstall.sh - - export version="$version" - - /repo/byos-reinstall.sh - - command: - - /bin/bash - - +x - - '-c' - envFrom: - - configMapRef: - name: upgradecm - image: 'quay.io/opsmxpublic/helm-bash:v4' - name: script - volumeMounts: - - mountPath: /repo - name: repo-volume - initContainers: - - args: - - >- - export namespace="$namespace" - - export gittoken=`kubectl -n "$namespace" get secret gittoken -o yaml | yq - e '.data.gittoken' - | base64 -d` - - export ldappassword=`kubectl -n "$namespace" get secret ldappassword -o - yaml | yq e '.data.ldappassword' - | base64 -d` - - export dbpassword=`kubectl -n "$namespace" get secret dbpassword -o yaml - | yq e '.data.dbpassword' - | base64 -d` - - export keystorepassword=`kubectl -n "$namespace" get secret - keystorepassword -o yaml | yq e '.data.keystorepassword' - | - base64 -d` - - export rabbitmqpassword=`kubectl -n "$namespace" get secret - rabbitmqpassword -o yaml | yq e '.data.rabbitmqpassword' - | - base64 -d` - - export saporpassword=`kubectl -n "$namespace" get secret saporpassword -o - yaml | yq e '.data.saporpassword' - | base64 -d` - - export redispassword=`kubectl -n "$namespace" get secret redispassword -o - yaml | yq e '.data.redispassword' - | base64 -d` - - export miniopassword=`kubectl -n "$namespace" get secret miniopassword -o - yaml | yq e '.data.miniopassword' - | base64 -d` - - export ldapconfigpassword=`kubectl -n "$namespace" get secret - ldapconfigpassword -o yaml | yq e '.data.ldapconfigpassword' - | - base64 -d` - - export branch="$version" - - git clone https://"$username":"$gittoken"@"$url" -b "$branch" - /repo - - - echo "export namespace=$namespace" > /repo/environment - - echo "export gittoken=$gittoken" >> /repo/environment - - echo "export ldappassword=$ldappassword" >> /repo/environment - - echo "export dbpassword=$dbpassword" >> /repo/environment - - echo "export keystorepassword=$keystorepassword" >> - /repo/environment - - echo "export rabbitmqpassword=$rabbitmqpassword" >> - /repo/environment - - echo "export saporpassword=$saporpassword" >> /repo/environment - - echo "export redispassword=$redispassword" >> /repo/environment - - echo "export miniopassword=$miniopassword" >> /repo/environment - - echo "export ldapconfigpassword=$ldapconfigpassword" >> - /repo/environment - - echo "export version=$version" >> /repo/environment - - ls -ltra /repo - command: - - /bin/bash - - +x - - '-c' - envFrom: - - configMapRef: - name: upgradecm - image: quay.io/opsmxpublic/helm-bash:v4-yq-jq - name: kube - volumeMounts: - - mountPath: /repo - name: repo-volume - restartPolicy: Never - serviceAccountName: byos - volumes: - - emptyDir: {} - name: repo-volume diff --git a/upgrade/ISD-Apply-yamls-job.yaml b/upgrade/ISD-Apply-yamls-job.yaml new file mode 100644 index 0000000..db22269 --- /dev/null +++ b/upgrade/ISD-Apply-yamls-job.yaml @@ -0,0 +1,450 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: isd-yaml-update + labels: + app: byos +spec: + backoffLimit: 2 + completions: 1 + parallelism: 1 + template: + spec: + containers: + - args: + - |- + + for env in $( echo $envs | tr "," "\n" ) + do + echo export $env >> /tmp/environment + done + for filename in /secret/* + do + variable=$(echo $filename | sed 's#/# #g' | awk '{print $2}') + echo setting env $variable for $filename + echo "export $variable=$(cat "$filename")" >> /tmp/environment + done + + source /tmp/environment >/dev/null 2>&1 + + source /repo/environment + + cd /repo/ + + export version="$chartVersion" + + chmod +x /repo/upgrade/isd-apply-yamls.sh + + /repo/upgrade/isd-apply-yamls.sh + command: + - /bin/bash + - +x + - '-c' + envFrom: + - configMapRef: + name: upgrade-inputcm + image: 'quay.io/opsmxpublic/helm-bash:v2' + imagePullPolicy: IfNotPresent + name: apply-yamls + volumeMounts: + - mountPath: /repo + name: repo-volume + - mountPath: /secret + name: secret-volume + initContainers: + - args: + - >- + + create_default_secret() + { + if [[ $1 == "gittoken" ]] + + then + + echo "Error: Cannot create a default gittoken as it is specific to the git-repo. Please create a secret containing the gittoken manually." + + exit 1 + + fi + + if [[ $1 == "ldappassword" ]] + + then + + kubectl -n $2 create secret generic ldappassword --from-literal ldappassword=opsmxadmin123 + + if [ $?! = 0 ]; then echo "Error creating default secret ldappassword"; exit 1; fi + + fi + + if [[ $1 == "dbpassword" ]] + + then + + kubectl -n $2 create secret generic dbpassword --from-literal dbpassword=networks123 + + if [ $?! = 0 ]; then echo "Error creating default secret dbpassword"; exit 1; fi + + fi + + if [[ $1 == "keystorepassword" ]] + + then + + kubectl -n $2 create secret generic keystorepassword --from-literal keystorepassword=changeit + + if [ $?! = 0 ]; then echo "Error creating default secret keystorepassword"l exit 1; fi + + fi + + if [[ $1 == "rabbitmqpassword" ]] + + then + + kubectl -n $2 create secret generic rabbitmqpassword --from-literal rabbitmqpassword=Networks123 + + if [ $?! = 0 ]; then echo "Error creating default secret rabbitmqpassword"; exit 1; fi + + fi + + if [[ $1 == "saporpassword" ]] + + then + + kubectl -n $2 create secret generic saporpassword --from-literal saporpassword=saporadmin + + if [ $?! = 0 ]; then echo "Error creating default secret saporpassword"; exit 1; fi + + fi + + if [[ $1 == "redispassword" ]] + + then + + kubectl -n $2 create secret generic redispassword --from-literal redispassword=password + + if [ $?! = 0 ]; then echo "Error creating default secret redispassword"; exit 1; fi + + fi + + if [[ $1 == "miniopassword" ]] + + then + + kubectl -n $2 create secret generic miniopassword --from-literal miniopassword=spinnakeradmin + + if [ $?! = 0 ]; then echo "Error creating default secret miniopassword"; exit 1; fi + + fi + + if [[ $1 == "ldapconfigpassword" ]] + + then + + kubectl -n $2 create secret generic ldapconfigpassword --from-literal ldapconfigpassword=opsmxadmin123 + + if [ $?! = 0 ]; then echo "Error creating default secret ldapconfigpassword"; exit 1; fi + + fi + + } + + + for secret in $(echo $secrets | sed "s/,/ /g") + + do + + echo getting $secret + + kubectl -n "$namespace" get secret "$secret" 2>/dev/null || { echo "Defaulting secret $secret as it was not found." ; create_default_secret $secret $namespace; } + + kubectl -n "$namespace" get secret "$secret" -o jsonpath='{.data.*}' |base64 -d > /secret/"$secret" + + ls -ltr /secret/"$secret" + + done + + command: + - /bin/bash + - +x + - '-c' + envFrom: + - configMapRef: + name: upgrade-inputcm + image: 'bitnami/kubectl:1.22' + imagePullPolicy: IfNotPresent + name: get-secrets + volumeMounts: + - mountPath: /secret + name: secret-volume + - args: + - >- + + ls -ltr /secret/gittoken || { echo "failed cloning $url" ; exit 1; } + + export branch="$chartVersion" + + git clone https://"$username":"$(cat /secret/gittoken)"@"$url" -b "$branch" /repo + + echo "export version=$chartVersion" >> /repo/environment + + if [ $? != 0 ] + + then + + exit 1 + + else + + ls -lrt /repo # Show the files cloned, as a success marker + + fi + + command: + - /bin/sh + - +x + - '-c' + envFrom: + - configMapRef: + name: upgrade-inputcm + image: 'bitnami/kubectl:1.22' + imagePullPolicy: IfNotPresent + name: git-clone + volumeMounts: + - mountPath: /secret + name: secret-volume + - mountPath: /repo + name: repo-volume + serviceAccount: isd-install + serviceAccountName: isd-install + restartPolicy: "Never" + volumes: + - emptyDir: {} + name: secret-volume + - emptyDir: {} + D-Apply-yamls-job.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: isd-yaml-update + labels: + app: byos +spec: + backoffLimit: 2 + completions: 1 + parallelism: 1 + template: + spec: + containers: + - args: + - |- + + for env in $( echo $envs | tr "," "\n" ) + do + echo export $env >> /tmp/environment + done + for filename in /secret/* + do + variable=$(echo $filename | sed 's#/# #g' | awk '{print $2}') + echo setting env $variable for $filename + echo "export $variable=$(cat "$filename")" >> /tmp/environment + done + + source /tmp/environment >/dev/null 2>&1 + + source /repo/environment + + cd /repo/ + + export version="$chartVersion" + + chmod +x /repo/upgrade/isd-apply-yamls.sh + + /repo/upgrade/isd-apply-yamls.sh + command: + - /bin/bash + - +x + - '-c' + envFrom: + - configMapRef: + name: upgrade-inputcm + image: 'quay.io/opsmxpublic/helm-bash:v2' + imagePullPolicy: IfNotPresent + name: apply-yamls + volumeMounts: + - mountPath: /repo + name: repo-volume + - mountPath: /secret + name: secret-volume + initContainers: + - args: + - >- + + create_default_secret() + { + if [[ $1 == "gittoken" ]] + + then + + echo "Error: Cannot create a default gittoken as it is specific to the git-repo. Please create a secret containing the gittoken manually." + + exit 1 + + fi + + if [[ $1 == "ldappassword" ]] + + then + + kubectl -n $2 create secret generic ldappassword --from-literal ldappassword=opsmxadmin123 + + if [ $?! = 0 ]; then echo "Error creating default secret ldappassword"; exit 1; fi + + fi + + if [[ $1 == "dbpassword" ]] + + then + + kubectl -n $2 create secret generic dbpassword --from-literal dbpassword=networks123 + + if [ $?! = 0 ]; then echo "Error creating default secret dbpassword"; exit 1; fi + + fi + + if [[ $1 == "keystorepassword" ]] + + then + + kubectl -n $2 create secret generic keystorepassword --from-literal keystorepassword=changeit + + if [ $?! = 0 ]; then echo "Error creating default secret keystorepassword"l exit 1; fi + + fi + + if [[ $1 == "rabbitmqpassword" ]] + + then + + kubectl -n $2 create secret generic rabbitmqpassword --from-literal rabbitmqpassword=Networks123 + + if [ $?! = 0 ]; then echo "Error creating default secret rabbitmqpassword"; exit 1; fi + + fi + + if [[ $1 == "saporpassword" ]] + + then + + kubectl -n $2 create secret generic saporpassword --from-literal saporpassword=saporadmin + + if [ $?! = 0 ]; then echo "Error creating default secret saporpassword"; exit 1; fi + + fi + + if [[ $1 == "redispassword" ]] + + then + + kubectl -n $2 create secret generic redispassword --from-literal redispassword=password + + if [ $?! = 0 ]; then echo "Error creating default secret redispassword"; exit 1; fi + + fi + + if [[ $1 == "miniopassword" ]] + + then + + kubectl -n $2 create secret generic miniopassword --from-literal miniopassword=spinnakeradmin + + if [ $?! = 0 ]; then echo "Error creating default secret miniopassword"; exit 1; fi + + fi + + if [[ $1 == "ldapconfigpassword" ]] + + then + + kubectl -n $2 create secret generic ldapconfigpassword --from-literal ldapconfigpassword=opsmxadmin123 + + if [ $?! = 0 ]; then echo "Error creating default secret ldapconfigpassword"; exit 1; fi + + fi + + } + + + for secret in $(echo $secrets | sed "s/,/ /g") + + do + + echo getting $secret + + kubectl -n "$namespace" get secret "$secret" 2>/dev/null || { echo "Defaulting secret $secret as it was not found." ; create_default_secret $secret $namespace; } + + kubectl -n "$namespace" get secret "$secret" -o jsonpath='{.data.*}' |base64 -d > /secret/"$secret" + + ls -ltr /secret/"$secret" + + done + + command: + - /bin/bash + - +x + - '-c' + envFrom: + - configMapRef: + name: upgrade-inputcm + image: 'bitnami/kubectl:1.22' + imagePullPolicy: IfNotPresent + name: get-secrets + volumeMounts: + - mountPath: /secret + name: secret-volume + - args: + - >- + + ls -ltr /secret/gittoken || { echo "failed cloning $url" ; exit 1; } + + export branch="$chartVersion" + + git clone https://"$username":"$(cat /secret/gittoken)"@"$url" -b "$branch" /repo + + echo "export version=$chartVersion" >> /repo/environment + + if [ $? != 0 ] + + then + + exit 1 + + else + + ls -lrt /repo # Show the files cloned, as a success marker + + fi + + command: + - /bin/sh + - +x + - '-c' + envFrom: + - configMapRef: + name: upgrade-inputcm + image: 'bitnami/kubectl:1.22' + imagePullPolicy: IfNotPresent + name: git-clone + volumeMounts: + - mountPath: /secret + name: secret-volume + - mountPath: /repo + name: repo-volume + serviceAccount: isd-install + serviceAccountName: isd-install + restartPolicy: "Never" + volumes: + - emptyDir: {} + name: secret-volume + - emptyDir: {} + name: repo-volume \ No newline at end of file diff --git a/upgrade/upgrade.yaml b/upgrade/ISD-Generate-yamls-job.yaml similarity index 69% rename from upgrade/upgrade.yaml rename to upgrade/ISD-Generate-yamls-job.yaml index 0d69685..8238fe7 100644 --- a/upgrade/upgrade.yaml +++ b/upgrade/ISD-Generate-yamls-job.yaml @@ -1,9 +1,9 @@ apiVersion: batch/v1 kind: Job metadata: - name: byos-hiu + name: isd-generate-yamls labels: - app: byos + app: isd spec: backoffLimit: 2 template: @@ -17,22 +17,24 @@ spec: rm -rf /repo/environment - chmod +x /repo/byosupgrade.sh + chmod +x /repo/upgrade/isd-generate-yamls.sh - export version="$version" + export version="$chartVersion" + + export release="$release" ls -ltra /repo/ - /repo/$path + /repo/upgrade/isd-generate-yamls.sh command: - /bin/bash - +x - '-c' envFrom: - configMapRef: - name: upgradecm + name: upgrade-inputcm image: 'quay.io/opsmxpublic/helm-bash:v4' - name: script + name: gen-yamls volumeMounts: - mountPath: /repo name: repo-volume @@ -44,13 +46,15 @@ spec: yq e '.data.gittoken' - | base64 -d) git clone https://"$username":"$gittoken"@"$url" -b - "$srcbranch" /repo + "$branch" /repo echo "export namespace=$namespace" > /repo/environment echo "export gittoken=$gittoken" >> /repo/environment - echo "export version=$version" >> /repo/environment + echo "export version=$chartVersion" >> /repo/environment + + echo "export release=$release" >> /repo/environment ls -ltra /repo command: @@ -59,14 +63,14 @@ spec: - '-c' envFrom: - configMapRef: - name: upgradecm + name: upgrade-inputcm image: quay.io/opsmxpublic/helm-bash:v4-yq-jq - name: kube + name: git-clone volumeMounts: - mountPath: /repo name: repo-volume restartPolicy: Never - serviceAccountName: byos + serviceAccountName: isd-install volumes: - emptyDir: {} - name: repo-volume + name: repo-volume \ No newline at end of file diff --git a/upgrade/README.md b/upgrade/README.md new file mode 100644 index 0000000..0bf3fad --- /dev/null +++ b/upgrade/README.md @@ -0,0 +1,42 @@ +TODO: TEST +TODO: Add trouble shooting steps +TODO: Move changes from standard-gitops-repo 3.12 to gitops-repo: What are they? Any critical changes? + +# Upgrade Instructions + +Please follow these instructions if you are upgrading from 3.10 to 3.11. The previous installtion (3.10) could have been installed using helm (Scenario A) +or using the gitops installer (Scenario B). Please follow the steps as per your current scenario + +## Scenario A +Use this set if instructions if: +- You have a 3.10 installed using the helm installer (installated prio to Feb 2022) and +- Already have a gitops-repo for Spinnaker Configuration + +## Scenario B +Use this set if instructions if: +a) You have a 3.10 installed using gitops installer +b) Already have a gitops-repo for ISD (AP and Spinnaker) Configuration + +## Common Steps +Upgrade sequence: (3.10 to 3.11) +A) Copy url, username and gitmeail from input/inputcm.yaml to upgrade/inputcm.yaml +B) Values.yaml from 3.11: add gitea.enabled=false, ensure atuoinstall-sample-app - set to false if you don't want to override your pipelines +c) Upgrade DB - Run pipeline? + Cd upgrade +d) kubectl -n opsmx-isd apply -f inputcm.yaml +D) kubectl -n opsmx-isd replace --force -f ISD-Generate-yamls-job.yaml + Wait for isd-generate-yamls-* pod to complete +E) Compare and merge branch +F) kubectl -n opsmx-isd apply -f ISD-Apply-yamls-job.yaml + Wait for isd-yaml-update-* pod to complete, and all pods to stabilize +g) isd-spinnaker-halyard-0 pod should restart automatically. If not, execute this: kubectl -n opsmx-isd delete po isd-spinnaker-halyard-0 +H) Go to ISD UI and check that version number has changed in the bottom-left corner + +If things go wrong: +[Make changes to ineputcm, values.yaml as required] +a) kubectl -n opsmx-isd delete sts isd-spinnaker-halyard +b) kubectl -n opsmx-isd delete deploy --all +c) kubectl -n opsmx-isd delete svc --all +c) DELETE ALL DB INFO: Note that pipelines data may be lost: kubectl -n opsmx-isd delete pvc --all +c) kubectl -n opsmx-isd replace --force -f ISD-Apply-yamls-job.yaml +e) Wait for all the pods to come up: How do we KNOW if it has ended? diff --git a/upgrade/inputcm.yaml b/upgrade/inputcm.yaml new file mode 100644 index 0000000..4c2fd63 --- /dev/null +++ b/upgrade/inputcm.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +data: + url: github.com/ORGANIZATION_OR_USERNAME/GIT-REPO ## github url without the leading "https://", the "git-repo" in the documentation + username: YOUR_USERNAME # Please enter the github userid + gitemail: YOUR_EMAIL@COMPANY.COM # Please enter the github email id + + ##################################################################################################### + # Typically, there is no need to change the values below this line + ##################################################################################################### + branch: main # Gitrepo branch, MUST be the default branch + version: 3.12.6 # ISD version + namespace: opsmx-isd # Namespace to install ISD, best not to change + path: upgrade/isd-generate-yamls.sh # Script to execute for installation, should not be changed + # Comma separated list of kubernetes secrets, without spaces + secrets: gittoken,ldappassword,dbpassword,keystorepassword,rabbitmqpassword,saporpassword,redispassword,miniopassword,ldapconfigpassword +kind: ConfigMap +metadata: + name: inputcm diff --git a/byos-reinstall.sh b/upgrade/isd-apply-yamls.sh similarity index 100% rename from byos-reinstall.sh rename to upgrade/isd-apply-yamls.sh diff --git a/byosupgrade.sh b/upgrade/isd-generate-yamls.sh similarity index 89% rename from byosupgrade.sh rename to upgrade/isd-generate-yamls.sh index b1bd3bf..541d173 100755 --- a/byosupgrade.sh +++ b/upgrade/isd-generate-yamls.sh @@ -7,9 +7,10 @@ helm repo add isd https://helmcharts.opsmx.com/ helm repo list helm repo update helm search repo --versions -chartversion=$(helm search repo isd/oes --versions | awk '{print $2,$3}' | grep "${version}" | head -1 | awk -F ' ' '{print $1}') -helm pull isd/oes --version="$chartversion" -tar -xf oes-"$chartversion".tgz +#chartVersion=$(helm search repo isd/oes --versions | awk '{print $2,$3}' | grep "${version}" | head -1 | awk -F ' ' '{print $1}') +version=$chartVersion +helm pull isd/oes --version="$chartVersion" +tar -xf oes-"$chartVersion".tgz if [ $? -eq 0 ]; then echo "#################################Sucessfully downloaded the helm chart#################################" else @@ -29,7 +30,7 @@ sed -i 's/| *b64enc *//' /repo/oes/templates/sapor-gate/sapor-gate-secret.yaml sed -i 's/^data:/stringData:/' /repo/oes/templates/sapor-gate/sapor-gate-secret.yaml sed -i 's/{{ .Values.saporgate.config.password }}/encrypted:saporpassword:saporpassword/' /repo/oes/config/sapor-gate/gate-local.yml #################################################################################################################### -helm template isd /repo/oes/ -f values.yaml --output-dir=/tmp/isd +helm template ${release} /repo/oes/ -f values.yaml --output-dir=/tmp/isd if [ $? -eq 0 ]; then echo "#################################Helm template is sucessfull into isd directory#################################" else @@ -41,7 +42,7 @@ ls -l /tmp/isd/oes/templates/ rm -rf /tmp/isd/oes/charts/spinnaker/templates/hooks/ rm -rf /tmp/isd/oes/templates/hooks/cleanup.yaml rm -rf /repo/oes/ -rm -rf oes-"$chartversion".tgz +rm -rf oes-"$chartVersion".tgz #####################################committing tempates to github repo################################ git branch "$version" if [ $? -eq 0 ]; then diff --git a/upgrade/serviceaccount.yaml b/upgrade/serviceaccount.yaml index ffbfe2b..8f4b0fb 100644 --- a/upgrade/serviceaccount.yaml +++ b/upgrade/serviceaccount.yaml @@ -1,17 +1,18 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: byos + name: isd-install --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: byos + name: isd-install roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount - name: byos - namespace: opsmx-isd #Please update the namespace accordingly + name: isd-install + namespace: oes #Please update the namespace accordingly + diff --git a/upgrade/upgrade-inputcm.yaml b/upgrade/upgrade-inputcm.yaml new file mode 100644 index 0000000..09ab33a --- /dev/null +++ b/upgrade/upgrade-inputcm.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +data: + url: github.com/ORGANIZATION_OR_USERNAME/GIT-REPO ## github url without the leading "https://", the "git-repo" in the documentation + username: YOUR_USERNAME + gitemail: YOUR_EMAIL@COMPANY.COM + + ##################################################################################################### + # Typically, there is no need to change the values below this line + ##################################################################################################### + branch: master # Gitrepo branch, MUST be the default branch + chartVersion: 3.11.4 # Helm Chart Version + release: oes # ISD helm-release version, default is ISD + currentISDVersion: "3.10" + namespace: oes # Namespace to install ISD, best not to change + path: upgrade/isd-generate-yamls.sh # Script to execute for installation, should not be changed + secrets: gittoken,ldappassword,dbpassword,keystorepassword,rabbitmqpassword,saporpassword,redispassword,miniopassword,ldapconfigpassword +kind: ConfigMap +metadata: + name: upgrade-inputcm diff --git a/upgrade/upgradecm.yaml b/upgrade/upgradecm.yaml deleted file mode 100644 index 86527dd..0000000 --- a/upgrade/upgradecm.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -data: - version: isdversion #Here the version implies ISD version - gitemail: test@opsmx.io ## Please enter the github email id - namespace: opsmx-isd ## Please enter the namespace where you wanted to install ISD - path: byosupgrade.sh - srcbranch: master - secrets: gittoken ## Please enter comma(,) separated kubernetes secret names required to install ISD - url: github.com/gitsuername/gitrepo ## Please enter the github url of your organization without https from where your script needs to be pulledin sample: github.com/saitejaopsmx/jul18byos - username: gitusername ## Please enter the github userid -kind: ConfigMap -metadata: - name: upgradecm diff --git a/values.yaml b/values.yaml index 3d235be..283e1ba 100644 --- a/values.yaml +++ b/values.yaml @@ -2,8 +2,23 @@ global: ## URL that will be used to access ISD. MUST BE CHANGED ## Ensure that this URL is reachable from your browser. Either DNS name server record must exist or "hosts" file must be updated + spinDeck: + # Custom Images registry where all the OSS and customized images used in the helm chart are stored + protocol: http + host: spin.dev.example.com #Update the correct spin-deck url + + spinGate: + protocol: http + host: oes-gate.dev.example.com #Update the correct spin-gate url + oesUI: - host: isd.dev.example.com + protocol: http + host: oes.dev.example.com #Update the correct oesui url + + oesGate: + protocol: http + host: oes-gate.dev.example.com #Update the correct oes-gate url + ssl: enabled: false # Set to true if using "httpS" urls. TLS certificates must be generated for the above URL @@ -15,9 +30,13 @@ global: ## The cluster MUST have nginx ingress controller already installed createIngress: true - #Only for trial purposes, pod-baesd git is installed and automatically configured - gitea: - enabled: false # Set to true for trial-install only + # Only update this is using a private repo such as ACR, ECR, GCR, JFrog, etc. + customImages: + registry: quay.io/opsmxpublic + + # Common gate for both spin and oes services. Change ONLY if required + commonGate: + enabled: true ############################################################################### # A trial LDAP is installed by default, with users: admin, user1,2,3 with user1password, user2pa...