sync: stage to production (#1642)

sync-branches: New code has just landed in stage, so let's bring
production up to speed!

.github/workflows/deploy-dev.yaml

@@ -17,6 +17,6 @@ jobs:
     with:
       acs_environment: dev
       github_environment: development
-      deploy_clusters: "acs-dev-dp-01"
+      deploy_clusters: ""
       probe_clusters: "acs-dev-dp-01"
       dry_run: true

.github/workflows/deploy-integration.yaml

@@ -12,5 +12,5 @@ jobs:
     with:
       acs_environment: integration
       github_environment: integration
-      deploy_clusters: "acs-int-us-01"
+      deploy_clusters: ""
       probe_clusters: "acs-int-us-01"

.secrets.baseline

@@ -333,7 +333,7 @@
         "filename": "e2e/e2e_test.go",
         "hashed_secret": "7f38822bc2b03e97325ff310099f457f6f788daf",
         "is_verified": false,
-        "line_number": 268
+        "line_number": 290
       }
     ],
     "fleetshard/pkg/central/cloudprovider/dbclient_moq.go": [
@@ -586,5 +586,5 @@
       }
     ]
   },
-  "generated_at": "2024-01-25T17:36:32Z"
+  "generated_at": "2024-02-05T19:02:34Z"
 }

dp-terraform/helm/Dockerfile

@@ -29,6 +29,7 @@ RUN yq -i ".fleetshardSync.image.tag = strenv(FLEETSHARD_SYNC_IMAGE_TAG)" rhacs-
 FROM quay.io/operator-framework/helm-operator:v1.33.0
 
 ENV HOME=/opt/helm
+ENV ADDON_NAME=acs-fleetshard
 COPY watches.yaml ${HOME}/watches.yaml
 COPY --from=build ${HOME}/rhacs-terraform ${HOME}/rhacs-terraform
 WORKDIR ${HOME}

dp-terraform/helm/rhacs-terraform/templates/fleetshard-sync.yaml

@@ -124,6 +124,8 @@ spec:
           value: {{ .Values.fleetshardSync.targetedOperatorUpgrades.enabled | quote }}
         - name: RHACS_ADDON_AUTO_UPGRADE
           value: {{ .Values.fleetshardSync.addonAutoUpgradeEnabled | quote }}
+        - name: FLEETSHARD_ADDON_NAME
+          value: {{ .Values.fleetshardSync.addonName | quote }}
         volumeMounts:
           - mountPath: /var/run/secrets/tokens
             name: aws-token

dp-terraform/helm/rhacs-terraform/terraform_cluster.sh

@@ -11,7 +11,7 @@ source "$ROOT_DIR/scripts/lib/helm.sh"
 
 if [[ $# -ne 2 ]]; then
     echo "Usage: $0 [environment] [cluster]" >&2
-    echo "Known environments: integration stage prod"
+    echo "Known environments: stage prod"
     echo "Cluster typically looks like: acs-{env}-dp-01"
     exit 2
 fi
@@ -31,44 +31,8 @@ PROMETHEUS_MEMORY_LIMIT=${PROMETHEUS_MEMORY_LIMIT:-"20Gi"}
 PROMETHEUS_MEMORY_REQUEST=${PROMETHEUS_MEMORY_REQUEST:-"20Gi"}
 
 case $ENVIRONMENT in
-  dev)
-    FM_ENDPOINT="https://nonexistent.api.stage.openshift.com"
-    OBSERVABILITY_GITHUB_TAG="master"
-    OBSERVABILITY_OBSERVATORIUM_GATEWAY="https://observatorium-mst.api.nonexistent.openshift.com"
-    OBSERVABILITY_OPERATOR_VERSION="v4.2.1"
-    OPERATOR_ENABLED="false"
-    OPERATOR_USE_UPSTREAM="false"
-    OPERATOR_CHANNEL="stable"
-    OPERATOR_VERSION="v4.0.2"
-    FLEETSHARD_SYNC_CPU_REQUEST="${FLEETSHARD_SYNC_CPU_REQUEST:-"200m"}"
-    FLEETSHARD_SYNC_MEMORY_REQUEST="${FLEETSHARD_SYNC_MEMORY_REQUEST:-"512Mi"}"
-    FLEETSHARD_SYNC_CPU_LIMIT="${FLEETSHARD_SYNC_CPU_LIMIT:-"500m"}"
-    FLEETSHARD_SYNC_MEMORY_LIMIT="${FLEETSHARD_SYNC_MEMORY_LIMIT:-"512Mi"}"
-    SECURED_CLUSTER_ENABLED="true"
-    RHACS_GITOPS_ENABLED="true"
-    RHACS_TARGETED_OPERATOR_UPGRADES="true"
-    ;;
-
-  integration)
-    FM_ENDPOINT="https://romndkjdq62p7sr.api.integration.openshift.com"
-    OBSERVABILITY_GITHUB_TAG="master"
-    OBSERVABILITY_OBSERVATORIUM_GATEWAY="https://observatorium-mst.api.stage.openshift.com"
-    OBSERVABILITY_OPERATOR_VERSION="v4.2.1"
-    OPERATOR_ENABLED="false"
-    OPERATOR_USE_UPSTREAM="false"
-    OPERATOR_CHANNEL="stable"
-    OPERATOR_VERSION="v4.1.0"
-    FLEETSHARD_SYNC_CPU_REQUEST="${FLEETSHARD_SYNC_CPU_REQUEST:-"200m"}"
-    FLEETSHARD_SYNC_MEMORY_REQUEST="${FLEETSHARD_SYNC_MEMORY_REQUEST:-"1024Mi"}"
-    FLEETSHARD_SYNC_CPU_LIMIT="${FLEETSHARD_SYNC_CPU_LIMIT:-"1000m"}"
-    FLEETSHARD_SYNC_MEMORY_LIMIT="${FLEETSHARD_SYNC_MEMORY_LIMIT:-"1024Mi"}"
-    SECURED_CLUSTER_ENABLED="true"
-    RHACS_GITOPS_ENABLED="true"
-    RHACS_TARGETED_OPERATOR_UPGRADES="true"
-    ;;
-
   stage)
-    FM_ENDPOINT="https://xtr6hh3mg6zc80v.api.stage.openshift.com"
+    FM_ENDPOINT="https://gbrh0yv9ebhqegl.api.stage.openshift.com"
     OBSERVABILITY_GITHUB_TAG="stage"
     OBSERVABILITY_OBSERVATORIUM_GATEWAY="https://observatorium-mst.api.stage.openshift.com"
     OBSERVABILITY_OPERATOR_VERSION="v4.2.1"
@@ -86,7 +50,7 @@ case $ENVIRONMENT in
     ;;
 
   prod)
-    FM_ENDPOINT="https://api.openshift.com"
+    FM_ENDPOINT="https://ixi6srehbv5uxsa.api.openshift.com"
     OBSERVABILITY_GITHUB_TAG="production"
     OBSERVABILITY_OBSERVATORIUM_GATEWAY="https://observatorium-mst.api.openshift.com"
     OBSERVABILITY_OPERATOR_VERSION="v4.2.1"

dp-terraform/helm/rhacs-terraform/values.yaml

@@ -62,6 +62,7 @@ fleetshardSync:
       operator: Exists
       effect: NoSchedule
   addonAutoUpgradeEnabled: true
+  addonName: acs-fleetshard
 
 acsOperator:
   enabled: false

dp-terraform/helm/watches.yaml

@@ -2,3 +2,5 @@
   version: v1alpha1
   kind: Fleetshard
   chart: rhacs-terraform
+  overrideValues:
+    fleetshardSync.addonName: $ADDON_NAME

e2e/e2e_test.go

@@ -258,6 +258,28 @@ var _ = Describe("Central", Ordered, func() {
 			assertEqualSecrets(actualSecrets, expectedSecrets)
 		})
 
+		It("should set central-tls OwnerReference after restore", func() {
+			centralTLSSecret := &corev1.Secret{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      k8s.CentralTLSSecretName,
+					Namespace: namespaceName,
+				},
+			}
+
+			Eventually(func() (err error) {
+				if err := k8sClient.Get(ctx, ctrlClient.ObjectKeyFromObject(centralTLSSecret), centralTLSSecret); err != nil {
+					return err
+				}
+
+				if len(centralTLSSecret.GetObjectMeta().GetOwnerReferences()) == 0 {
+					return fmt.Errorf("OwnerReference for %s is empty", k8s.CentralTLSSecretName)
+				}
+
+				return nil
+			}).WithPolling(time.Second * 10).WithTimeout(defaultTimeout).Should(Succeed())
+
+		})
+
 		It("should delete and recreate secret backup for admin reset API", func() {
 			secretBackup := k8s.NewSecretBackup(k8sClient, false)
 			oldSecrets, err := secretBackup.CollectSecrets(ctx, namespaceName)