Skip to content

Commit

Permalink
sync: rc-2023-11-07.1 to stage (#1443)
Browse files Browse the repository at this point in the history
sync-branches: New code has just landed in rc-2023-11-07.1, so let's
bring stage up to speed!
  • Loading branch information
kovayur authored Nov 7, 2023
2 parents eed811e + c88fef3 commit 2d2e88a
Show file tree
Hide file tree
Showing 118 changed files with 9,557 additions and 4,860 deletions.
26 changes: 13 additions & 13 deletions .secrets.baseline
Original file line number Diff line number Diff line change
Expand Up @@ -349,7 +349,7 @@
"filename": "internal/dinosaur/pkg/api/public/api/openapi.yaml",
"hashed_secret": "5b455797b93de5b6a19633ba22127c8a610f5c1b",
"is_verified": false,
"line_number": 1663
"line_number": 1531
}
],
"pkg/client/iam/client_moq.go": [
Expand Down Expand Up @@ -462,78 +462,78 @@
"filename": "templates/service-template.yml",
"hashed_secret": "13032f402fed753c2248419ea4f69f99931f6dbc",
"is_verified": false,
"line_number": 574
"line_number": 514
},
{
"type": "Base64 High Entropy String",
"filename": "templates/service-template.yml",
"hashed_secret": "30025f80f6e22cdafb85db387d50f90ea884576a",
"is_verified": false,
"line_number": 574
"line_number": 514
},
{
"type": "Base64 High Entropy String",
"filename": "templates/service-template.yml",
"hashed_secret": "355f24fd038bcaf85617abdcaa64af51ed19bbcf",
"is_verified": false,
"line_number": 574
"line_number": 514
},
{
"type": "Base64 High Entropy String",
"filename": "templates/service-template.yml",
"hashed_secret": "3d8a1dcd2c3c765ce35c9a9552d23273cc4ddace",
"is_verified": false,
"line_number": 574
"line_number": 514
},
{
"type": "Base64 High Entropy String",
"filename": "templates/service-template.yml",
"hashed_secret": "4ac7b0522761eba972467942cd5cd7499dd2c361",
"is_verified": false,
"line_number": 574
"line_number": 514
},
{
"type": "Base64 High Entropy String",
"filename": "templates/service-template.yml",
"hashed_secret": "7639ab2a6bcf2ea30a055a99468c9cd844d4c22a",
"is_verified": false,
"line_number": 574
"line_number": 514
},
{
"type": "Base64 High Entropy String",
"filename": "templates/service-template.yml",
"hashed_secret": "b56360daf4793d2a74991a972b34d95bc00fb2da",
"is_verified": false,
"line_number": 574
"line_number": 514
},
{
"type": "Base64 High Entropy String",
"filename": "templates/service-template.yml",
"hashed_secret": "c9a73ef9ee8ce9f38437227801c70bcc6740d1a1",
"is_verified": false,
"line_number": 574
"line_number": 514
},
{
"type": "Base64 High Entropy String",
"filename": "templates/service-template.yml",
"hashed_secret": "14736999d9940728c5294277831a702f7882dece",
"is_verified": false,
"line_number": 611
"line_number": 551
},
{
"type": "Secret Keyword",
"filename": "templates/service-template.yml",
"hashed_secret": "4e199b4a1c40b497a95fcd1cd896351733849949",
"is_verified": false,
"line_number": 698,
"line_number": 638,
"is_secret": false
},
{
"type": "Secret Keyword",
"filename": "templates/service-template.yml",
"hashed_secret": "9d51dabe59aa776bef2909d3689374ebb93ab2be",
"is_verified": false,
"line_number": 742
"line_number": 681
}
],
"test/support/certs.json": [
Expand Down Expand Up @@ -564,5 +564,5 @@
}
]
},
"generated_at": "2023-10-23T12:42:41Z"
"generated_at": "2023-11-06T14:09:00Z"
}
4 changes: 1 addition & 3 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ $(TOOLS_VENV_DIR): $(TOOLS_DIR)/requirements.txt
trap "rm -rf $(TOOLS_VENV_DIR)" ERR; \
python3 -m venv $(TOOLS_VENV_DIR); \
. $(TOOLS_VENV_DIR)/bin/activate; \
pip install --upgrade pip==22.3.1; \
pip install --upgrade pip==23.3.1; \
pip install -r $(TOOLS_DIR)/requirements.txt; \
touch $(TOOLS_VENV_DIR) # update directory modification timestamp even if no changes were made by pip. This will allow to skip this target if the directory is up-to-date

Expand Down Expand Up @@ -604,7 +604,6 @@ secrets/touch:
secrets/central-tls.crt \
secrets/central-tls.key \
secrets/central.idp-client-secret \
secrets/image-pull.dockerconfigjson \
secrets/observability-config-access.token \
secrets/ocm-service.clientId \
secrets/ocm-service.clientSecret \
Expand Down Expand Up @@ -717,7 +716,6 @@ deploy/secrets:
-p CENTRAL_TLS_CERT="$(shell ([ -s './secrets/central-tls.crt' ] && [ -z '${CENTRAL_TLS_CERT}' ]) && cat ./secrets/central-tls.crt || echo '${CENTRAL_TLS_CERT}')" \
-p CENTRAL_TLS_KEY="$(shell ([ -s './secrets/central-tls.key' ] && [ -z '${CENTRAL_TLS_KEY}' ]) && cat ./secrets/central-tls.key || echo '${CENTRAL_TLS_KEY}')" \
-p OBSERVABILITY_CONFIG_ACCESS_TOKEN="$(shell ([ -s './secrets/observability-config-access.token' ] && [ -z '${OBSERVABILITY_CONFIG_ACCESS_TOKEN}' ]) && cat ./secrets/observability-config-access.token || echo '${OBSERVABILITY_CONFIG_ACCESS_TOKEN}')" \
-p IMAGE_PULL_DOCKER_CONFIG="$(shell ([ -s './secrets/image-pull.dockerconfigjson' ] && [ -z '${IMAGE_PULL_DOCKER_CONFIG}' ]) && cat ./secrets/image-pull.dockerconfigjson || echo '${IMAGE_PULL_DOCKER_CONFIG}')" \
-p KUBE_CONFIG="${KUBE_CONFIG}" \
-p OBSERVABILITY_RHSSO_LOGS_CLIENT_ID="$(shell ([ -s './secrets/rhsso-logs.clientId' ] && [ -z '${OBSERVABILITY_RHSSO_LOGS_CLIENT_ID}' ]) && cat ./secrets/rhsso-logs.clientId || echo '${OBSERVABILITY_RHSSO_LOGS_CLIENT_ID}')" \
-p OBSERVABILITY_RHSSO_LOGS_SECRET="$(shell ([ -s './secrets/rhsso-logs.clientSecret' ] && [ -z '${OBSERVABILITY_RHSSO_LOGS_SECRET}' ]) && cat ./secrets/rhsso-logs.clientSecret || echo '${OBSERVABILITY_RHSSO_LOGS_SECRET}')" \
Expand Down
2 changes: 1 addition & 1 deletion cmd/fleet-manager/main_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ func TestInjections(t *testing.T) {

var bootList []environments.BootService
env.MustResolve(&bootList)
Expect(len(bootList)).To(Equal(7))
Expect(len(bootList)).To(Equal(6))

_, ok := bootList[0].(*server.APIServer)
Expect(ok).To(Equal(true))
Expand Down
1 change: 0 additions & 1 deletion dev/env/defaults/00-defaults.env
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,6 @@ export OSD_IDP_SSO_CLIENT_SECRET_DEFAULT=""
export ROUTE53_ACCESS_KEY_DEFAULT=""
export ROUTE53_SECRET_ACCESS_KEY_DEFAULT=""
export OBSERVABILITY_CONFIG_ACCESS_TOKEN_DEFAULT=""
export IMAGE_PULL_DOCKER_CONFIG_DEFAULT=""
export SPAWN_LOGGER_DEFAULT="false"
export DUMP_LOGS_DEFAULT="false"
export OPERATOR_SOURCE_DEFAULT=""
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@ stringData:
aws.route53accesskey: "${ROUTE53_ACCESS_KEY}"
aws.route53secretaccesskey: "${ROUTE53_SECRET_ACCESS_KEY}"
observability-config-access.token: "${OBSERVABILITY_CONFIG_ACCESS_TOKEN}"
image-pull.dockerconfigjson: "${IMAGE_PULL_DOCKER_CONFIG}"
rhsso-logs.clientId: ""
rhsso-logs.clientSecret: ""
rhsso-metrics.clientId: ""
Expand Down
2 changes: 0 additions & 2 deletions dev/env/scripts/lib.sh
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,6 @@ init() {
export ROUTE53_ACCESS_KEY=${ROUTE53_ACCESS_KEY:-$ROUTE53_ACCESS_KEY_DEFAULT}
export ROUTE53_SECRET_ACCESS_KEY=${ROUTE53_SECRET_ACCESS_KEY:-$ROUTE53_SECRET_ACCESS_KEY_DEFAULT}
export OBSERVABILITY_CONFIG_ACCESS_TOKEN=${OBSERVABILITY_CONFIG_ACCESS_TOKEN:-$OBSERVABILITY_CONFIG_ACCESS_TOKEN_DEFAULT}
export IMAGE_PULL_DOCKER_CONFIG=${IMAGE_PULL_DOCKER_CONFIG:-$IMAGE_PULL_DOCKER_CONFIG_DEFAULT}
export INHERIT_IMAGEPULLSECRETS=${INHERIT_IMAGEPULLSECRETS:-$INHERIT_IMAGEPULLSECRETS_DEFAULT}
export SPAWN_LOGGER=${SPAWN_LOGGER:-$SPAWN_LOGGER_DEFAULT}
export DUMP_LOGS=${DUMP_LOGS:-$DUMP_LOGS_DEFAULT}
Expand Down Expand Up @@ -213,7 +212,6 @@ OSD_IDP_SSO_CLIENT_SECRET: ********
ROUTE53_ACCESS_KEY: ********
ROUTE53_SECRET_ACCESS_KEY: ********
OBSERVABILITY_CONFIG_ACCESS_TOKEN: ********
IMAGE_PULL_DOCKER_CONFIG: ${IMAGE_PULL_DOCKER_CONFIG}
INHERIT_IMAGEPULLSECRETS: ${INHERIT_IMAGEPULLSECRETS}
SPAWN_LOGGER: ${SPAWN_LOGGER}
DUMP_LOGS: ${DUMP_LOGS}
Expand Down
16 changes: 0 additions & 16 deletions docs/development/populating-configuration.md
Original file line number Diff line number Diff line change
Expand Up @@ -115,22 +115,6 @@ In the Data Plane cluster, the Central Operator and the FleetShard Deployments
might reference container images that are located in authenticated container
image registries.

Fleet Manager can be configured to send this authenticated
container image registry information as a K8s Secret in [`kubernetes.io/.dockerconfigjson` format](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#registry-secret-existing-credentials).

In order for the Fleet Manager to be able to start, create the following file:
```
touch secrets/image-pull.dockerconfigjson
```

If you don't need to make use of this functionality you can skip this section.
Otherwise, keep reading below.

To configure the Fleet Manager with this authenticated registry information so
the previously mentioned Data Plane elements can pull container images from it:
* Base-64 encode your [Docker configuration file](https://docs.docker.com/engine/reference/commandline/cli/#docker-cli-configuration-file-configjson-properties).
* Copy the contents generated from the previous point into the `secrets/image-pull.dockerconfigjson` file

## Setup the Observability stack secrets
See [Obsevability](./observability/README.md) to learn more about Observatorium and the observability stack.
The following command is used to setup the various secrets needed by the Observability stack.
Expand Down
7 changes: 5 additions & 2 deletions dp-terraform/helm/rhacs-terraform/Chart.lock
Original file line number Diff line number Diff line change
Expand Up @@ -14,5 +14,8 @@ dependencies:
- name: secured-cluster
repository: ""
version: 0.1.0
digest: sha256:4b3301d2cdd6907207fb21ad741b6fa1e5302aaff1ce6fe5315cab8519908d61
generated: "2023-07-06T21:15:28.778426+02:00"
- name: external-secrets
repository: https://charts.external-secrets.io/
version: 0.9.5
digest: sha256:4d1257d43daeda9d4f956f141edaba7f708838cbd2de86048f37261e9627f9cc
generated: "2023-10-30T11:48:03.686258+01:00"
4 changes: 3 additions & 1 deletion dp-terraform/helm/rhacs-terraform/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -36,8 +36,10 @@ dependencies:
condition: logging.enabled
- name: audit-logs
version: "0.1.0"
repository: ""
condition: audit-logs.enabled
- name: secured-cluster
version: "0.1.0"
condition: secured-cluster.enabled
- name: external-secrets
version: "0.9.5"
repository: https://charts.external-secrets.io/
Original file line number Diff line number Diff line change
Expand Up @@ -50,35 +50,30 @@ spec:
cpu: {{ .Values.alertManager.resources.requests.cpu | quote }}
memory: {{ .Values.alertManager.resources.requests.memory | quote }}
limits:
cpu: {{ .Values.alertManager.resources.limits.cpu | quote }}
memory: {{ .Values.alertManager.resources.limits.memory | quote }}
prometheusResourceRequirement:
requests:
cpu: {{ .Values.prometheus.resources.requests.cpu | quote }}
memory: {{ .Values.prometheus.resources.requests.memory | quote }}
limits:
cpu: {{ .Values.prometheus.resources.limits.cpu | quote }}
memory: {{ .Values.prometheus.resources.limits.memory | quote }}
prometheusOperatorResourceRequirement:
requests:
cpu: {{ .Values.prometheusOperator.resources.requests.cpu | quote }}
memory: {{ .Values.prometheusOperator.resources.requests.memory | quote }}
limits:
cpu: {{ .Values.prometheusOperator.resources.limits.cpu | quote }}
memory: {{ .Values.prometheusOperator.resources.limits.memory | quote }}
grafanaResourceRequirement:
requests:
cpu: {{ .Values.grafana.resources.requests.cpu | quote }}
memory: {{ .Values.grafana.resources.requests.memory | quote }}
limits:
cpu: {{ .Values.grafana.resources.limits.cpu | quote }}
memory: {{ .Values.grafana.resources.limits.memory | quote }}
grafanaOperatorResourceRequirement:
requests:
cpu: {{ .Values.grafanaOperator.resources.requests.cpu | quote }}
memory: {{ .Values.grafanaOperator.resources.requests.memory | quote }}
limits:
cpu: {{ .Values.grafanaOperator.resources.limits.cpu | quote }}
memory: {{ .Values.grafanaOperator.resources.limits.memory | quote }}
storage:
prometheus:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -43,25 +43,22 @@ observabilityOperator:
cpu: "500m"
memory: "2048Mi"
limits:
cpu: "500m"
memory: "2048Mi"

prometheus:
resources:
requests:
cpu: 1500m
memory: 18Gi
memory: 20Gi
limits:
cpu: 1500m
memory: 18Gi
memory: 20Gi

prometheusOperator:
resources:
requests:
cpu: 200m
memory: 256Mi
limits:
cpu: 200m
memory: 256Mi

grafana:
Expand All @@ -70,7 +67,6 @@ grafana:
cpu: 500m
memory: 1024Mi
limits:
cpu: 500m
memory: 1024Mi

grafanaOperator:
Expand All @@ -79,7 +75,6 @@ grafanaOperator:
cpu: 200m
memory: 256Mi
limits:
cpu: 200m
memory: 256Mi

alertManager:
Expand All @@ -88,5 +83,4 @@ alertManager:
cpu: 200m
memory: 256Mi
limits:
cpu: 200m
memory: 256Mi
Loading

0 comments on commit 2d2e88a

Please sign in to comment.