diff --git a/instance-applications/130-ibm-mas-app-config/Chart.yaml b/instance-applications/130-ibm-mas-app-config/Chart.yaml new file mode 100644 index 000000000..8609897fc --- /dev/null +++ b/instance-applications/130-ibm-mas-app-config/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: ibm-mas-app-config +description: App Config for MAS Core Platform Suite +type: application +version: 1.0.0 + +dependencies: +- name: junitreporter + version: 1.0.0 + repository: "file://../../sub-charts/junitreporter/" + condition: junitreporter.devops_mongo_uri != "" \ No newline at end of file diff --git a/instance-applications/130-ibm-mas-app-config/README.md b/instance-applications/130-ibm-mas-app-config/README.md new file mode 100644 index 000000000..8e636a2e8 --- /dev/null +++ b/instance-applications/130-ibm-mas-app-config/README.md @@ -0,0 +1,5 @@ +App Configuration for MAS Core Platform +=============================================================================== +Create a AppCfg CR instance and associated credentials secret for use by MAS. + +Contains a post-delete hook (`postdelete-delete-cr.yaml`) that will ensure the config CR is deleted when the ArgoCD application managing this chart is deleted (this will not happen by default as the config CR is asserted to be owned by the `Suite` CR by the MAS entity managers). \ No newline at end of file diff --git a/instance-applications/130-ibm-mas-app-config/templates/01-appcfg.yaml b/instance-applications/130-ibm-mas-app-config/templates/01-appcfg.yaml new file mode 100644 index 000000000..40c1a264d --- /dev/null +++ b/instance-applications/130-ibm-mas-app-config/templates/01-appcfg.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: config.mas.ibm.com/v1 +kind: AppCfg +metadata: + name: "{{ .Values.mas_config_name }}" + namespace: mas-{{ .Values.instance_id }}-core + annotations: + argocd.argoproj.io/sync-wave: "131" + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + labels: +{{- if eq .Values.mas_config_scope "system" }} +{{ .Values.system_appcfg_labels | toYaml | indent 4 }} +{{ end }} +{{- if .Values.custom_labels }} +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +spec: + displayName: Application configuration {{ .Values.instance_id }} + config: + enabled: {{ .Values.maf_enabled }} + persistentVolume: + name: "{{ .Values.persistentVolume.name }}" + size: "{{ .Values.persistentVolume.size }}" + storageClassName: "{{ .Values.persistentVolume.storageClassName }}" +{{- if not (empty .Values.mas_appcfg_pod_templates) }} + podTemplates: +{{ .Values.mas_appcfg_pod_templates | toYaml | indent 4 }} +{{- end }} diff --git a/instance-applications/130-ibm-mas-app-config/templates/postdelete-delete-cr.yaml b/instance-applications/130-ibm-mas-app-config/templates/postdelete-delete-cr.yaml new file mode 100644 index 000000000..9b6e46b3c --- /dev/null +++ b/instance-applications/130-ibm-mas-app-config/templates/postdelete-delete-cr.yaml @@ -0,0 +1,129 @@ +{{- if .Values.use_postdelete_hooks }} + +{{- /* +Use the build/bin/set-cli-image-digest.sh script to update this value across all charts. +*/}} +{{- $_cli_image_digest := "sha256:1b88f88a1a719d006ea1f4b8dcfd1c2625fa7ecc529c3267e7b4b6afaa1c8da0" }} + +{{ $cr_name := .Values.mas_config_name }} +{{ $cr_kind := .Values.mas_config_kind }} +{{ $cr_api_version := .Values.mas_config_api_version }} + +{{ $job_name := printf "postdelete-delete-cr-job-%s" $cr_name }} + +# NOTE: depends on resources created in ibm-mas-suite chart (01-postdelete-crs-resources) +# The values below must align with the values in that file +{{ $role_name := "postdelete-delete-cr-r" }} +{{ $sa_name := "postdelete-delete-cr-sa" }} +{{ $rb_name := "postdelete-delete-cr-rb" }} +{{ $np_name := "postdelete-delete-cr-np" }} +{{ $job_label := "postdelete-delete-cr-job" }} +{{ $ns := printf "mas-%s-core" .Values.instance_id }} + + +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ $job_name }} + namespace: {{ $ns }} + annotations: + argocd.argoproj.io/hook: PostDelete + argocd.argoproj.io/hook-delete-policy: HookSucceeded,BeforeHookCreation +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +spec: + template: + metadata: + labels: + app: {{ $job_label }} +{{- if .Values.custom_labels }} +{{ .Values.custom_labels | toYaml | indent 8 }} +{{- end }} + spec: + containers: + - name: run + # TODO: use a dedicated image with a smaller footprint for this sort of thing? + # Just using cli for now since it has all the deps we need to talk with AWS SM + image: quay.io/ibmmas/cli@{{ $_cli_image_digest }} + imagePullPolicy: IfNotPresent + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 10m + memory: 64Mi + env: + - name: CR_NAMESPACE + value: {{ $ns }} + - name: CR_NAME + value: {{ $cr_name }} + + - name: CR_API_VERSION + value: {{ $cr_api_version }} + + - name: CR_KIND + value: {{ $cr_kind }} + + volumeMounts: [] + command: + - /bin/sh + - -c + - | + + set -e + + function delete_oc_resource(){ + RESOURCE=$1 + NAMESPACE=$2 + echo + echo "------------------------------------------------------------------" + echo "Check if resource $RESOURCE is present in namespace $NAMESPACE " + + # don't want a non-zero rc from oc delete to cause the job to fail + # so, temporarily set +e + set +e + RESOURCE_NAME=$(oc get $RESOURCE -n $NAMESPACE -o=jsonpath="{.metadata.name}") + set -e + if [[ -z "${RESOURCE_NAME}" ]]; then + echo "$RESOURCE not found, skipping" + return 0 + fi + + echo "oc delete resource $RESOURCE in namespace $NAMESPACE " + + # don't want a non-zero rc from oc delete to cause the job to fail (since we then want to try patching out the finalizers) + # so, temporarily set +e + set +e + oc delete $RESOURCE -n $NAMESPACE --timeout=300s --wait=true + return_code=$? + set -e + + echo "Verify that resource $RESOURCE is now absent in namespace $NAMESPACE " + # don't want a non-zero rc from oc delete to cause the job to fail + # so, temporarily set +e + set +e + RESOURCE_NAME=$(oc get $RESOURCE -n $NAMESPACE -o=jsonpath="{.metadata.name}") + set -e + if [[ -n "${RESOURCE_NAME}" ]]; then + echo "$RESOURCE still present, failing job" + exit 1 + fi + + echo "... verified" + return 0 + + } + + + delete_oc_resource "${CR_KIND}.${CR_API_VERSION}/${CR_NAME}" "${CR_NAMESPACE}" + + + restartPolicy: Never + serviceAccountName: {{ $sa_name }} + volumes: [] + backoffLimit: 4 +{{- end }} diff --git a/instance-applications/130-ibm-mas-app-config/values.yaml b/instance-applications/130-ibm-mas-app-config/values.yaml new file mode 100644 index 000000000..b2747afe4 --- /dev/null +++ b/instance-applications/130-ibm-mas-app-config/values.yaml @@ -0,0 +1,25 @@ +--- +instance_id: xxx + +maf: + enabled: true # <— single source of truth for ON/OFF + +image: + repository: docker-na-proxy-rtp.artifactory.swg-devops.com/wiotp-docker-local/mas/graphite-configuration + tag: 1.7.35-pre.maxuif-3049-amd64 + pullPolicy: Always + +resources: + limits: + cpu: "5" # requirement from sizing (orderable) + memory: 8Gi + requests: + cpu: 10m + memory: 256Mi + +persistentVolume: + name: app-config + size: 2Gi + storageClassName: nfs-client + +serviceAccount: ibm-mas-config-reader \ No newline at end of file diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-application-configuration-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-application-configuration-cr.yaml new file mode 100644 index 000000000..0c2aeb4bd --- /dev/null +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-application-configuration-cr.yaml @@ -0,0 +1,23 @@ +{{- if .Values.application_configuration }} +--- +apiVersion: addons.mas.ibm.com/v1 +kind: GenericAddon +metadata: + name: "{{ .Values.instance_id }}-addons-application-configuration" + namespace: mas-{{ .Values.instance_id }}-core + annotations: + argocd.argoproj.io/sync-wave: "552" + labels: + mas.ibm.com/configScope: system + mas.ibm.com/instanceId: {{ .Values.instance_id }} +{{- if .Values.custom_labels }} +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +spec: + displayName: "{{ .Values.instance_id }}-application-configuration" + addonType: application-configuration + config: + addonIdentifier: {{ .Values.instance_id }} + instances: + - name: "{{ .Values.instance_id }}-application-configuration" +{{- end }} diff --git a/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml b/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml index 0ebe136be..c971cbc6c 100644 --- a/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml +++ b/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml @@ -1,4 +1,4 @@ -{{ if or (not (empty .Values.allow_list)) (.Values.enhanced_dr) (.Values.extensions) (.Values.additional_vpn) (not (empty .Values.ibm_db2u_databases)) (.Values.cluster_nonshared) }} +{{ if or (not (empty .Values.allow_list)) (.Values.enhanced_dr) (.Values.extensions) (.Values.additional_vpn) (.Values.application_configuration) (not (empty .Values.ibm_db2u_databases)) (.Values.cluster_nonshared) }} --- # IBM Maximo Operator Catalog apiVersion: argoproj.io/v1alpha1 @@ -43,6 +43,7 @@ spec: extensions: {{ .Values.extensions }} additional_vpn: {{ .Values.additional_vpn }} cluster_nonshared: {{ .Values.cluster_nonshared }} + application_configuration: {{ .Values.application_configuration }} databases: {{- range $val := .Values.ibm_db2u_databases }} {{- if and (contains "sdb" $val.db2_instance_name) ($val.replica_db) }}