From 2eefac4f88bd827bdc4ac432eb70f3582e14e0b8 Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Thu, 14 Nov 2024 09:57:54 +0100 Subject: [PATCH 1/5] Switch argo to a certified recent image and drop unneeded argocd-version overrides --- .../pipelines/build-and-test-iot-anomaly-detection.yaml | 2 -- .../templates/pipelines/build-and-test-iot-consumer.yaml | 2 -- .../pipelines/templates/pipelines/build-and-test.yaml | 2 -- charts/datacenter/pipelines/templates/pipelines/just-pr.yaml | 2 -- .../pipelines/templates/tasks/argocd-sync-and-wait.yaml | 4 ++-- 5 files changed, 2 insertions(+), 10 deletions(-) diff --git a/charts/datacenter/pipelines/templates/pipelines/build-and-test-iot-anomaly-detection.yaml b/charts/datacenter/pipelines/templates/pipelines/build-and-test-iot-anomaly-detection.yaml index 7ab374aa5..f9365a11a 100644 --- a/charts/datacenter/pipelines/templates/pipelines/build-and-test-iot-anomaly-detection.yaml +++ b/charts/datacenter/pipelines/templates/pipelines/build-and-test-iot-anomaly-detection.yaml @@ -179,8 +179,6 @@ spec: value: manuela-test - name: flags value: --insecure - - name: argocd-version - value: "v1.5.2" - name: revision value: $(params.OPS_REVISION) - name: argocd-server diff --git a/charts/datacenter/pipelines/templates/pipelines/build-and-test-iot-consumer.yaml b/charts/datacenter/pipelines/templates/pipelines/build-and-test-iot-consumer.yaml index ad66a8e7e..929532228 100644 --- a/charts/datacenter/pipelines/templates/pipelines/build-and-test-iot-consumer.yaml +++ b/charts/datacenter/pipelines/templates/pipelines/build-and-test-iot-consumer.yaml @@ -180,8 +180,6 @@ spec: value: manuela-test - name: flags value: --insecure - - name: argocd-version - value: "v1.5.2" - name: revision value: $(params.OPS_REVISION) - name: argocd-server diff --git a/charts/datacenter/pipelines/templates/pipelines/build-and-test.yaml b/charts/datacenter/pipelines/templates/pipelines/build-and-test.yaml index 6cc9a3041..fa72db1bc 100644 --- a/charts/datacenter/pipelines/templates/pipelines/build-and-test.yaml +++ b/charts/datacenter/pipelines/templates/pipelines/build-and-test.yaml @@ -273,8 +273,6 @@ spec: value: manuela-test - name: flags value: --insecure - - name: argocd-version - value: "v1.5.2" - name: revision value: $(params.OPS_REVISION) - name: argocd-server diff --git a/charts/datacenter/pipelines/templates/pipelines/just-pr.yaml b/charts/datacenter/pipelines/templates/pipelines/just-pr.yaml index 42b232444..f41f8a0f1 100644 --- a/charts/datacenter/pipelines/templates/pipelines/just-pr.yaml +++ b/charts/datacenter/pipelines/templates/pipelines/just-pr.yaml @@ -165,8 +165,6 @@ spec: value: manuela-test - name: flags value: --insecure - - name: argocd-version - value: "v1.5.2" - name: revision value: $(params.OPS_REVISION) - name: argocd-server diff --git a/charts/datacenter/pipelines/templates/tasks/argocd-sync-and-wait.yaml b/charts/datacenter/pipelines/templates/tasks/argocd-sync-and-wait.yaml index e8124ea67..61635e2be 100644 --- a/charts/datacenter/pipelines/templates/tasks/argocd-sync-and-wait.yaml +++ b/charts/datacenter/pipelines/templates/tasks/argocd-sync-and-wait.yaml @@ -18,13 +18,13 @@ spec: default: -- - name: argocd-version type: string - default: v1.5.2 + default: v1.14.1 - name: argocd-server type: string default: openshift-gitops-server.openshift-gitops.svc steps: - name: login-sync-wait - image: argoproj/argocd:$(params.argocd-version) + image: registry.redhat.io/openshift-gitops-1/argocd-rhel8:$(params.argocd-version) command: ["/bin/bash", "-c"] args: - if [ -z $ARGOCD_AUTH_TOKEN ]; then From d6dd6e0a1d5e2badc777d926089b64563221234b Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Thu, 14 Nov 2024 10:31:21 +0100 Subject: [PATCH 2/5] Make the lookuppolicy consistent across all imagestreams --- .../manuela-tst/templates/messaging/messaging-is.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/datacenter/manuela-tst/templates/messaging/messaging-is.yaml b/charts/datacenter/manuela-tst/templates/messaging/messaging-is.yaml index a900bebf8..dc0f2bcc3 100644 --- a/charts/datacenter/manuela-tst/templates/messaging/messaging-is.yaml +++ b/charts/datacenter/manuela-tst/templates/messaging/messaging-is.yaml @@ -3,6 +3,8 @@ kind: ImageStream metadata: name: messaging spec: + lookupPolicy: + local: true tags: - name: {{ .Values.iot_consumer.bootstrap_tag }} from: From 53b077279978df08ebbc3bdea32982681fa43af9 Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Thu, 14 Nov 2024 13:42:51 +0100 Subject: [PATCH 3/5] Push all the branches that we have locally We push all the things to gitea, because sometimes it seems git is pushing the current working branch back to main instead of the current branch in gitea. This fixes a bunch of oddities we were observing. Co-Authored-By: Akos Eros --- .../pipelines/build-and-test-iot-anomaly-detection.yaml | 2 ++ .../templates/pipelines/build-and-test-iot-consumer.yaml | 2 ++ .../pipelines/templates/pipelines/build-and-test.yaml | 2 ++ .../templates/pipelines/build-iot-anomaly-detection.yaml | 2 ++ .../pipelines/templates/pipelines/build-iot-consumer.yaml | 2 ++ .../pipelines/templates/pipelines/build-iot-frontend.yaml | 2 ++ .../templates/pipelines/build-iot-software-sensor.yaml | 2 ++ .../templates/pipelines/seed-iot-anomaly-detection.yaml | 2 ++ .../pipelines/templates/pipelines/seed-iot-consumer.yaml | 2 ++ .../pipelines/templates/pipelines/seed-iot-frontend.yaml | 2 ++ .../templates/pipelines/seed-iot-software-sensor.yaml | 2 ++ charts/datacenter/pipelines/templates/tasks/github-push.yaml | 3 +-- 12 files changed, 23 insertions(+), 2 deletions(-) diff --git a/charts/datacenter/pipelines/templates/pipelines/build-and-test-iot-anomaly-detection.yaml b/charts/datacenter/pipelines/templates/pipelines/build-and-test-iot-anomaly-detection.yaml index f9365a11a..0829b0f31 100644 --- a/charts/datacenter/pipelines/templates/pipelines/build-and-test-iot-anomaly-detection.yaml +++ b/charts/datacenter/pipelines/templates/pipelines/build-and-test-iot-anomaly-detection.yaml @@ -164,6 +164,8 @@ spec: params: - name: subdirectory value: ops + - name: PUSH_FLAGS + value: --all - name: argocd-sync-application taskRef: diff --git a/charts/datacenter/pipelines/templates/pipelines/build-and-test-iot-consumer.yaml b/charts/datacenter/pipelines/templates/pipelines/build-and-test-iot-consumer.yaml index 929532228..3e7abe052 100644 --- a/charts/datacenter/pipelines/templates/pipelines/build-and-test-iot-consumer.yaml +++ b/charts/datacenter/pipelines/templates/pipelines/build-and-test-iot-consumer.yaml @@ -165,6 +165,8 @@ spec: params: - name: subdirectory value: ops + - name: PUSH_FLAGS + value: --all - name: argocd-sync-application taskRef: diff --git a/charts/datacenter/pipelines/templates/pipelines/build-and-test.yaml b/charts/datacenter/pipelines/templates/pipelines/build-and-test.yaml index fa72db1bc..b067acc88 100644 --- a/charts/datacenter/pipelines/templates/pipelines/build-and-test.yaml +++ b/charts/datacenter/pipelines/templates/pipelines/build-and-test.yaml @@ -258,6 +258,8 @@ spec: params: - name: subdirectory value: ops + - name: PUSH_FLAGS + value: --all - name: argocd-sync-application taskRef: diff --git a/charts/datacenter/pipelines/templates/pipelines/build-iot-anomaly-detection.yaml b/charts/datacenter/pipelines/templates/pipelines/build-iot-anomaly-detection.yaml index f064d8959..855380c38 100644 --- a/charts/datacenter/pipelines/templates/pipelines/build-iot-anomaly-detection.yaml +++ b/charts/datacenter/pipelines/templates/pipelines/build-iot-anomaly-detection.yaml @@ -156,3 +156,5 @@ spec: params: - name: subdirectory value: ops + - name: PUSH_FLAGS + value: --all diff --git a/charts/datacenter/pipelines/templates/pipelines/build-iot-consumer.yaml b/charts/datacenter/pipelines/templates/pipelines/build-iot-consumer.yaml index 8aa133394..8353413fe 100644 --- a/charts/datacenter/pipelines/templates/pipelines/build-iot-consumer.yaml +++ b/charts/datacenter/pipelines/templates/pipelines/build-iot-consumer.yaml @@ -157,3 +157,5 @@ spec: params: - name: subdirectory value: ops + - name: PUSH_FLAGS + value: --all diff --git a/charts/datacenter/pipelines/templates/pipelines/build-iot-frontend.yaml b/charts/datacenter/pipelines/templates/pipelines/build-iot-frontend.yaml index 3b58cb8f5..0da302d16 100644 --- a/charts/datacenter/pipelines/templates/pipelines/build-iot-frontend.yaml +++ b/charts/datacenter/pipelines/templates/pipelines/build-iot-frontend.yaml @@ -159,3 +159,5 @@ spec: params: - name: subdirectory value: ops + - name: PUSH_FLAGS + value: --all diff --git a/charts/datacenter/pipelines/templates/pipelines/build-iot-software-sensor.yaml b/charts/datacenter/pipelines/templates/pipelines/build-iot-software-sensor.yaml index fe119f857..3171a53f6 100644 --- a/charts/datacenter/pipelines/templates/pipelines/build-iot-software-sensor.yaml +++ b/charts/datacenter/pipelines/templates/pipelines/build-iot-software-sensor.yaml @@ -156,3 +156,5 @@ spec: params: - name: subdirectory value: ops + - name: PUSH_FLAGS + value: --all diff --git a/charts/datacenter/pipelines/templates/pipelines/seed-iot-anomaly-detection.yaml b/charts/datacenter/pipelines/templates/pipelines/seed-iot-anomaly-detection.yaml index e2f5374e6..575f76b28 100644 --- a/charts/datacenter/pipelines/templates/pipelines/seed-iot-anomaly-detection.yaml +++ b/charts/datacenter/pipelines/templates/pipelines/seed-iot-anomaly-detection.yaml @@ -176,3 +176,5 @@ spec: params: - name: subdirectory value: ops + - name: PUSH_FLAGS + value: --all diff --git a/charts/datacenter/pipelines/templates/pipelines/seed-iot-consumer.yaml b/charts/datacenter/pipelines/templates/pipelines/seed-iot-consumer.yaml index 5516dd128..a59801a4f 100644 --- a/charts/datacenter/pipelines/templates/pipelines/seed-iot-consumer.yaml +++ b/charts/datacenter/pipelines/templates/pipelines/seed-iot-consumer.yaml @@ -177,3 +177,5 @@ spec: params: - name: subdirectory value: ops + - name: PUSH_FLAGS + value: --all diff --git a/charts/datacenter/pipelines/templates/pipelines/seed-iot-frontend.yaml b/charts/datacenter/pipelines/templates/pipelines/seed-iot-frontend.yaml index 0ad39b250..108063a99 100644 --- a/charts/datacenter/pipelines/templates/pipelines/seed-iot-frontend.yaml +++ b/charts/datacenter/pipelines/templates/pipelines/seed-iot-frontend.yaml @@ -179,3 +179,5 @@ spec: params: - name: subdirectory value: ops + - name: PUSH_FLAGS + value: --all diff --git a/charts/datacenter/pipelines/templates/pipelines/seed-iot-software-sensor.yaml b/charts/datacenter/pipelines/templates/pipelines/seed-iot-software-sensor.yaml index 116827d02..c57a14d96 100644 --- a/charts/datacenter/pipelines/templates/pipelines/seed-iot-software-sensor.yaml +++ b/charts/datacenter/pipelines/templates/pipelines/seed-iot-software-sensor.yaml @@ -176,3 +176,5 @@ spec: params: - name: subdirectory value: ops + - name: PUSH_FLAGS + value: --all diff --git a/charts/datacenter/pipelines/templates/tasks/github-push.yaml b/charts/datacenter/pipelines/templates/tasks/github-push.yaml index 36e91f429..6c49cedf4 100644 --- a/charts/datacenter/pipelines/templates/tasks/github-push.yaml +++ b/charts/datacenter/pipelines/templates/tasks/github-push.yaml @@ -1,5 +1,3 @@ -{{- $giturl := coalesce .Values.global.git.hostname (printf "gitea-route-vp-gitea.%s" .Values.global.localClusterDomain) }} -{{- $full_giturl := printf "https://%s/%s/manuela-dev.git" $giturl .Values.global.git.account }} --- apiVersion: tekton.dev/v1beta1 kind: Task @@ -24,6 +22,7 @@ spec: - name: push image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.44.5 script: | + set -x git remote -v git branch git branch -r | grep -q origin/$(git rev-parse --abbrev-ref HEAD) && git -c http.sslVerify=$(params.sslVerify) pull --ff-only --no-edit From 85e9f98f7ad829327521c909c2a5d8671a310791 Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Thu, 14 Nov 2024 14:30:34 +0100 Subject: [PATCH 4/5] Have the branch in the secret for datascience project --- .../templates/dev-project.yaml | 2 +- .../templates/gitea-admin-secret.yaml | 41 ++++++++++++++++--- 2 files changed, 36 insertions(+), 7 deletions(-) diff --git a/charts/datacenter/data-science-project/templates/dev-project.yaml b/charts/datacenter/data-science-project/templates/dev-project.yaml index cd731ef0f..0fa72a2e7 100644 --- a/charts/datacenter/data-science-project/templates/dev-project.yaml +++ b/charts/datacenter/data-science-project/templates/dev-project.yaml @@ -146,7 +146,7 @@ spec: timeoutSeconds: 1 envFrom: - secretRef: - name: gitea-admin-secret + name: gitea-admin-secret-and-branch - secretRef: name: aws-connection-user-bucket env: diff --git a/charts/datacenter/pipelines/templates/gitea-admin-secret.yaml b/charts/datacenter/pipelines/templates/gitea-admin-secret.yaml index 75d1f1921..70db88ae2 100644 --- a/charts/datacenter/pipelines/templates/gitea-admin-secret.yaml +++ b/charts/datacenter/pipelines/templates/gitea-admin-secret.yaml @@ -35,13 +35,12 @@ spec: secret: name: gitea-admin-secret updatePolicy: Replace -{{- range $i := list "manuela-ci" "ml-development" }} --- apiVersion: "external-secrets.io/v1beta1" kind: ExternalSecret metadata: name: gitea-admin-external-secret - namespace: {{ $i }} + namespace: manuela-ci spec: refreshInterval: 15s secretStoreRef: @@ -69,9 +68,39 @@ spec: remoteRef: key: "pushsecrets/gitea_admin" property: "password" -{{- end }}{{/* range $i := list manuela-ci ml-development */}} +--- +apiVersion: "external-secrets.io/v1beta1" +kind: ExternalSecret +metadata: + name: gitea-admin-external-secret + namespace: ml-development +spec: + refreshInterval: 15s + secretStoreRef: + name: {{ $.Values.secretStore.name }} + kind: {{ $.Values.secretStore.kind }} + target: + name: gitea-admin-secret-and-branch + template: + metadata: + annotations: + # Tekton magic, see https://tekton.dev/vault/pipelines-v0.15.2/auth/ + tekton.dev/git-0: {{ $full_giturl }} + type: Opaque + engineVersion: v2 + data: + username: "{{ `{{ .gitea_admin_user }}` }}" + password: "{{ `{{ .gitea_admin_password }}` }}" + branch: {{ $.Values.global.targetRevision }} + data: + - secretKey: gitea_admin_user + remoteRef: + key: "pushsecrets/gitea_admin" + property: "username" + + - secretKey: gitea_admin_password + remoteRef: + key: "pushsecrets/gitea_admin" + property: "password" {{- end }} {{- end }} - -# TODO: We used to have a branch field we need to circle back and expose that differently -# branch: From c207e3440cce009d34d754b278aa1db55c6b0f6c Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Thu, 14 Nov 2024 14:43:52 +0100 Subject: [PATCH 5/5] Drop mistakenly pushed bit --- values-global.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values-global.yaml b/values-global.yaml index 14f66e2d8..975878e22 100644 --- a/values-global.yaml +++ b/values-global.yaml @@ -15,7 +15,7 @@ global: installPlanApproval: Automatic imageregistry: - account: rhn_support_mbaldess + account: PLAINTEXT hostname: quay.io type: quay