changing init_GitOps shell script to reflect recent changed in the he…

…lm chart openshift-gitops
tjungbauer · Apr 4, 2024 · 2508950 · 2508950
1 parent 2069654
commit 2508950
Show file tree

Hide file tree

Showing 5 changed files with 155 additions and 125 deletions.
diff --git a/clusters/management-cluster/applications-gitops/Chart.yaml b/clusters/management-cluster/applications-gitops/Chart.yaml
@@ -6,13 +6,5 @@ dependencies:
   - name: openshift-gitops
     version: ~1.0.5
     repository: https://charts.stderr.at
-  - name: helper-operator
-    version: ~1.0.0
-    repository: https://charts.stderr.at
-    condition: helper-operator.enabled
-  - name: helper-status-checker
-    version: ~3.0.0
-    repository: https://charts.stderr.at
-    condition: helper-status-checker.enabled
 maintainers:
   - name: tjungbauer
diff --git a/clusters/management-cluster/applications-gitops/values.yaml b/clusters/management-cluster/applications-gitops/values.yaml
@@ -1,64 +1,48 @@
 ---
-hostname: &hostname gitops.apps.prod.ocp.local
+hostname: &hostname gitops.apps.prod.ocp.cluster
 
 openshift-gitops:
   gitopsinstances:
     gitops_application:
       enabled: true
       namespace: gitops-application
-      syncwave: 10
+      clusterAdmin: enabled
 
       server:
         host: *hostname
+        route: 
+          enabled: true
 
       generic_config:
-        #  The metadata.label key name where Argo CD injects the app name as a tracking label.
-        #  Argo CD identifies resources it manages by setting the application instance label
-        #  to the name of the managing Application on all resources that are managed
-        #  Default: argocd.argoproj.io/<<name of the gitopsinstance>>
-        #
-        #  applicationInstanceLabelKey: argocd.argoproj.io/application-instance
-
-        #  Object tracking method. This could either be:
-        #    label - Argo CD uses the app.kubernetes.io/instance label
-        #    annotation+label - Argo CD uses the app.kubernetes.io/instance label but only for informational purposes.
-        #      The label is not used for tracking purposes, and the value is still truncated if longer than 63 characters.
-        #      The annotation argocd.argoproj.io/tracking-id is used instead to track application resources.
-        #      Use this for resources that you manage with Argo CD, but still need compatibility with other tools that require the instance label.
-        #    annotation - Argo CD uses the argocd.argoproj.io/tracking-id annotation to track application resources.
-        #      Use this when you don't need to maintain both the label and the annotation.
-        #  Default: label
-        #
+        disableAdmin: true
         resourceTrackingMethod: annotation
-
-        #  The build options and parameters to use with kustomize build.
-        #  Default: empty
         kustomizeBuildOptions: "--enable-helm"
 
+      controller: {}
+      ha: {}
+      redis: {}
+      repo: {}
+      appset: {}
+      sso:
+        dex:
+          openShiftOAuth: true
+
       rbac:
         defaultRole: 'role:none'
+
         policy: |-
             # Access Control
             g, system:cluster-admins, role:admin
-            g, cluster-admins, role:admin
+            g, cluster-admin, role:admin
             p, role:none, applications, get, */*, deny
             p, role:none, certificates, get, *, deny
             p, role:none, clusters, get, *, deny
             p, role:none, repositories, get, *, deny
             p, role:none, projects, get, *, deny
             p, role:none, accounts, get, *, deny
             p, role:none, gpgkeys, get, *, deny
-
-            # Adding Roles for specific group, i.e. Developers
-            p, role:application-1-dev, applications, get, application-1/*, allow
-            p, role:application-1-dev, clusters, get, https://kubernetes.default.svc, allow
-            g, application-1-dev, role:application-1-dev
-
-            p, role:application-1-ops, applications, get, application-1-prod/*, allow
-            p, role:application-1-ops, clusters, get, *, allow
-            g, application-1-ops, role:application-1-ops
-
         scopes: '[groups]'
+
       resourceExclusions: |-
         # resources to be excluded
         - apiGroups:
@@ -69,55 +53,7 @@ openshift-gitops:
           - TaskRun
           - PipelineRun
 
-###################################################################
-# Operator installation is not required on the management cluster
-# However, when you deploy the application-gitops on other
-# clusters, you might need to deploy the operator.
-###################################################################
-
-# Subchart helper-operator
-# Simply installs the operator
-# Install Operator RHACS
-# Deploys Operator --> Subscription and Operatorgroup
-# Syncwave: 0
-helper-operator:
-  enabled: false
-  operators:
-    openshift-gitops-operator:
-      enabled: true
-      syncwave: '0'
-      namespace:
-        name: openshift-gitops-operators
-        create: true
-      subscription:
-        channel: latest
-        approval: Automatic
-        operatorName: openshift-gitops-operator
-        source: redhat-operators
-        sourceNamespace: openshift-marketplace
-        config:
-          env:
-            - name: DISABLE_DEFAULT_ARGOCD_INSTANCE
-              value: 'true'
-      operatorgroup:
-        create: true
-        # rhacs does not support to monitor own namespace,
-        # therefor the spec in the OperatorGroup must be empty
-        notownnamespace: true
-
-
-# Subchart helper-status-checker
-# checks if ACS operator is ready
-helper-status-checker:
-  enabled: false
-
-  # use the value of the currentCSV (packagemanifest) but WITHOUT the version !!
-  operatorName: openshift-gitops-operator
-
-  # where operator is installed
-  namespace:
-    name: openshift-gitops-operators
-
-  serviceAccount:
-    create: true
-    name: "status-checker-gitops"
+      # This will create some default health checks I usually add.
+      # * ClusterLogging, * Application (Argo CD), * Lokistack, * Subcription, * Central (ACS), InstallPlan
+      # @default -- false
+      default_resourceHealthChecks: true
diff --git a/delete_GitOps.sh b/delete_GitOps.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+#set -euf -o pipefail
+oc delete Application.argoproj.io -n openshift-gitops --all
+oc delete Applicationset.argoproj.io -n openshift-gitops --all 
+oc delete Application.argoproj.io -n openshift-gitops --all
+sleep 5
+oc delete Appproject -A --all
+oc delete subscription openshift-gitops-operator -n openshift-gitops-operator
+oc delete operatorgroup openshift-gitops-operator -n openshift-gitops-operator
+for i in `oc get crd | grep argoproj.io | awk -F" " '{print $1}'`; do oc delete crd $i; done
+
+oc delete project openshift-gitops 
+oc delete project openshift-gitops-operator
diff --git a/init_GitOps.sh b/init_GitOps.sh
@@ -25,9 +25,10 @@ function add_helm_repo() {
 
 # check if operator is already installed
 function check_op_status() {
-  get_status=`oc get subscription.operators.coreos.com/openshift-gitops-operator -n openshift-operators -o jsonpath='{.status.conditions[0].reason}'`
+  get_status=`oc get subscription.operators.coreos.com/openshift-gitops-operator -n openshift-gitops-operator -o jsonpath='{.status.conditions[0].reason}'`
 
-  if [ $get_status == "AllCatalogSourcesHealthy" ]; then
+  if [[ "$get_status" == "AllCatalogSourcesHealthy" ]]; then
+      printf "\nSubscription does not exist already\n"
       return 0
   else
       return 1
@@ -44,50 +45,58 @@ function deploy() {
   local res=$?
   if [ $res -eq "0" ]; then
       printf "Operator is already installed. Verifying if Pods are running \n"
+
+      waiting_for_argocd_pods
   else
 
     printf "\n%bDeploying OpenShift GitOps Operator%b\n" "${RED}" "${NC}"
 
     add_helm_repo
 
-    oc adm new-project openshift-gitops-operator
-    $HELM upgrade --install \
-        --set 'gitops.subscription.channel='$1 \
-        --set 'gitops.enabled=true' \
-        --set 'gitops.clusterAdmin=true' \
-        --set 'gitops.namespace.name=openshift-gitops-operator' \
-        --create-namespace openshift-gitops-operator tjungbauer/openshift-gitops
+    oc adm new-project openshift-gitops-operator 1>/dev/null 2>&1
+    printf "\n"
+    $HELM template --set 'helper-operator.enabled=true' --set 'helper-status-checker.enabled=true' --set 'gitopsinstances.openshift_gitops.clusterAdmin=disabled' --verify -f values-openshift-gitops.yaml tjungbauer/openshift-gitops | oc create -f -
 
     printf "\nGive the gitops-operator some time to be installed. %bWaiting for %s seconds...%b\n" "${RED}" "${TIMER}" "${NC}"
     TIMER_TMP=0
     while [[ $TIMER_TMP -le $TIMER ]]
       do 
-        echo -n "."
+        printf "."
         sleep 1
         let "TIMER_TMP=TIMER_TMP+1"
       done
     printf "\nLet's continue\n"
 
+    printf "\n%bWaiting for openshift-gitops operator to be deployed ... %b\n" "${RED}" "${NC}"
+    until oc get crd argocds.argoproj.io -o name 1>/dev/null 2>&1
+    do
+      printf "."
+      sleep 1
+    done
+    printf "\n%bopenshift-gitops operator has been successfully deployed%b\n" "${GREEN}" "${NC}"
+
     printf "\n%bWaiting for openshift-gitops namespace to be created. Checking every %s seconds.%b\n" "${RED}" "${RECHECK_TIMER}" "${NC}"
     until oc get ns openshift-gitops
     do
       sleep $RECHECK_TIMER;
     done
+    printf "\n%bopenshift-gitops namespace found%b\n" "${GREEN}" "${NC}"
 
     printf "\n%bWaiting for deployments to start. Checking every %s seconds.%b\n" "${RED}" "${RECHECK_TIMER}" "${NC}"
     until oc get deployment cluster -n openshift-gitops
     do
       sleep $RECHECK_TIMER;
     done
+    printf "\n%bAll initial deployments are running%b\n" "${GREEN}" "${NC}"
 
-  fi
+    waiting_for_argocd_pods
 
-  printf "\nWaiting for all pods to be created"
-  waiting_for_argocd_pods
+    # additonal sleep
+    sleep 10
 
-  printf "%bGitOps Operator ready%b\n" "${GREEN}" "${NC}"
+    configure_argocd
 
-  patch_argocd
+  fi
 
   deploy_app_of_apps
 
@@ -98,40 +107,36 @@ function deploy() {
 # Be sure that all Deployments are ready
 function waiting_for_argocd_pods() {
 
-  deployments=(cluster kam openshift-gitops-applicationset-controller openshift-gitops-redis openshift-gitops-repo-server openshift-gitops-server)
+  # deployments=(openshift-gitops-applicationset-controller openshift-gitops-redis openshift-gitops-repo-server openshift-gitops-server)
+  deployments=(openshift-gitops-server)
   for i in "${deployments[@]}";
   do
     printf "\n%bWaiting for deployment $i %b\n" "${CYAN_BG}" "${NC}"
     oc rollout status deployment "$i" -n openshift-gitops
   done
 }
 
-# PATCH the ArgoCD Operator CRD
-function patch_argocd() {
+# Configure the Argo CD Operator CRD
+function configure_argocd() {
 
-  printf "\nLets use our patched ArgoCD CRD\n"
+  printf "\n%bLets configure ArgoCD CRD%b\n" "${RED}" "${NC}"
 
-  patch_argo=`oc apply -f https://raw.githubusercontent.com/tjungbauer/helm-charts/main/charts/openshift-gitops/PATCH_openshift-gitops.yaml`
-  add_crb=`oc apply -f https://raw.githubusercontent.com/tjungbauer/helm-charts/main/charts/openshift-gitops/PATCH_openshift-gitops-crb.yaml`
-
-  if [[ "$patch_argo" == *"unchanged"* ]] && [[ "$add_crb" == *"unchanged"* ]]; then
-    echo "ArgoCD already patched"
-  else
-
-    oc delete pods --all -n openshift-gitops
-
-    sleep $RECHECK_TIMER
-    waiting_for_argocd_pods
+  $HELM template --set 'gitopsinstances.openshift_gitops.enabled=true' --set 'gitopsinstances.openshift_gitops.clusterAdmin=enabled' --verify -f values-openshift-gitops.yaml tjungbauer/openshift-gitops | oc replace -f -
+
+  printf "\n%bRestarting all ArgoCD CRD pods%b\n" "${RED}" "${NC}"
+  oc delete pods --all -n openshift-gitops 1>/dev/null 2>&1
 
-    printf "%bGitOps Operator ready... again%b\n" "${GREEN}" "${NC}\n"
+  sleep $RECHECK_TIMER
+  waiting_for_argocd_pods
 
-  fi
+  printf "%bGitOps Operator ready... again%b\n" "${GREEN}" "${NC}\n"
 
 }
 
 # Deploy the Application of Applications
 function deploy_app_of_apps() {
 
+  printf "\n"
   $HELM upgrade --install --values ./base/init_app_of_apps/values.yaml --namespace=openshift-gitops app-of-apps ./base/init_app_of_apps
 
 }

diff --git a/values-openshift-gitops.yaml b/values-openshift-gitops.yaml
@@ -0,0 +1,84 @@
+---
+# Configure openshift-gitops operator. This will be enabled via init_GitOps.sh script
+gitopsinstances:
+  openshift_gitops:
+    enabled: false
+    namespace: openshift-gitops
+    clusterAdmin: disabled
+    syncwave: 10
+    server:
+      route:
+        enabled: true
+    generic_config:
+      disableAdmin: true
+      resourceTrackingMethod: annotation
+      kustomizeBuildOptions: "--enable-helm"
+    appset: {}
+    repo: {}
+    controller: {}
+    sso:
+      dex:
+        openShiftOAuth: true
+    ha: {}
+    redis: {}
+    rbac:
+      defaultRole: 'role:none'
+      policy: |-
+          # Access Control
+          g, system:cluster-admins, role:admin
+          g, cluster-admin, role:admin
+          p, role:none, applications, get, */*, deny
+          p, role:none, certificates, get, *, deny
+          p, role:none, clusters, get, *, deny
+          p, role:none, repositories, get, *, deny
+          p, role:none, projects, get, *, deny
+          p, role:none, accounts, get, *, deny
+          p, role:none, gpgkeys, get, *, deny
+      scopes: '[groups]'
+    resourceExclusions: |-
+      # resources to be excluded
+      - apiGroups:
+        - tekton.dev
+        clusters:
+        - '*'
+        kinds:
+        - TaskRun
+        - PipelineRun
+    # Enable default health checks.
+    # This will create some default health checks I usually add.
+    # * ClusterLogging, * Application (Argo CD), * Lokistack, * Subcription, * Central (ACS), InstallPlan
+    default_resourceHealthChecks: true  
+
+# Deploy openshift-gitops operator. This will be enabled via init_GitOps.sh script
+helper-operator:
+  enabled: false
+  operators:
+    openshift-gitops-operator:
+      enabled: true
+      syncwave: '0'
+      namespace:
+        name: openshift-gitops-operator
+        create: true
+      subscription:
+        channel: latest
+        approval: Automatic
+        operatorName: openshift-gitops-operator
+        source: redhat-operators
+        sourceNamespace: openshift-marketplace
+      operatorgroup:
+        create: true
+        notownnamespace: true
+
+# Deploy openshift-gitops operator. This will be enabled via init_GitOps.sh script
+helper-status-checker:
+  enabled: false
+
+  checks:
+
+    - operatorName:  openshift-gitops-operator
+      namespace:
+        name:  openshift-gitops-operator
+      syncwave: 3
+
+      serviceAccount:
+        name: "status-checker-gitops"