Merge branch 'main' into 100-argocd-tls

IBM · May 19, 2023 · 7a5f619 · 7a5f619
2 parents 36ca4c1 + 5dd9859
commit 7a5f619
Show file tree

Hide file tree

Showing 8 changed files with 96 additions and 13 deletions.
diff --git a/config/argocd/templates/0300-app-project-rhacm-control-plane.yaml b/config/argocd/templates/0300-app-project-rhacm-control-plane.yaml
@@ -13,6 +13,8 @@ spec:
   clusterResourceWhitelist:
     - group: ''
       kind: Namespace
+    - group: cluster.open-cluster-management.io
+      kind: ManagedClusterSet
     - group: rbac.authorization.k8s.io
       kind: ClusterRole
     - group: rbac.authorization.k8s.io
@@ -37,6 +39,8 @@ spec:
       kind: Application
     - group: apps.open-cluster-management.io
       kind: '*'
+    - group: cluster.open-cluster-management.io
+      kind: '*'
     - group: policy.open-cluster-management.io
       kind: '*'
     - group: operator.open-cluster-management.io

diff --git a/config/rhacm/seeds/Chart.yaml b/config/rhacm/seeds/Chart.yaml
@@ -16,9 +16,9 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.9.0
+version: 0.10.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 0.17.0
+appVersion: 0.18.0
diff --git a/config/rhacm/seeds/templates/0020-argocd-roles.yaml b/config/rhacm/seeds/templates/0020-argocd-roles.yaml
@@ -49,3 +49,9 @@ rules:
   - apiGroups: ["multicluster.openshift.io"]
     resources: ["multiclusterengines"]
     verbs: ["*"]
+  - apiGroups: ["apps.open-cluster-management.io"]
+    resources: ["gitopsclusters"]
+    verbs: ["*"]
+  - apiGroups: ["cluster.open-cluster-management.io"]
+    resources: ["managedclustersets", "managedclustersets/bind", "managedclustersetbindings", "placements"]
+    verbs: ["*"]
diff --git a/config/rhacm/seeds/templates/0200-gitops-managed-cluster-set.yaml b/config/rhacm/seeds/templates/0200-gitops-managed-cluster-set.yaml
@@ -0,0 +1,12 @@
+# https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/applications/managing-applications#gitops-config
+---
+apiVersion: cluster.open-cluster-management.io/v1beta2
+kind: ManagedClusterSet
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+    argocd.argoproj.io/sync-wave: "200"
+  name: gitops-clusters
+spec:
+  clusterSelector:
+    selectorType: ExclusiveClusterSetLabel
diff --git a/config/rhacm/seeds/templates/0300-gitops-cluster.yaml b/config/rhacm/seeds/templates/0300-gitops-cluster.yaml
@@ -0,0 +1,25 @@
+# Creates a gitopscluster resource
+#
+# Requires:
+#  Openshift-GitOps operator be installed in the project "openshift-gitops"
+#  Placement resource "all-gitops-clusters" exists
+#  A clusterSet is bound to the openshift-gitops namespace
+---
+apiVersion: apps.open-cluster-management.io/v1beta1
+kind: GitOpsCluster
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+    argocd.argoproj.io/sync-wave: "300"
+  name: argo-acm-importer
+  namespace: openshift-gitops
+spec:
+  # createBlankClusterSecrets: true
+  argoServer:
+    cluster: notused
+    argoNamespace: openshift-gitops
+  placementRef:
+    kind: Placement
+    apiVersion: cluster.open-cluster-management.io/v1beta1
+    name: all-gitops-clusters
+    namespace: openshift-gitops
diff --git a/config/rhacm/seeds/templates/0301-managed-cluster-set-bindings.yaml b/config/rhacm/seeds/templates/0301-managed-cluster-set-bindings.yaml
@@ -0,0 +1,12 @@
+# Creates a ManagedClusterSetBinding to the openshift-gitops project
+---
+apiVersion: cluster.open-cluster-management.io/v1beta1
+kind: ManagedClusterSetBinding
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+    argocd.argoproj.io/sync-wave: "301"
+  name: gitops-clusters
+  namespace: openshift-gitops
+spec:
+  clusterSet: gitops-clusters
diff --git a/config/rhacm/seeds/templates/0302-gitops-cluster-placement-binding.yaml b/config/rhacm/seeds/templates/0302-gitops-cluster-placement-binding.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: cluster.open-cluster-management.io/v1beta1
+kind: Placement
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+    argocd.argoproj.io/sync-wave: "302"
+  name: all-gitops-clusters
+  namespace: openshift-gitops
+spec:
+  tolerations:
+    - key: cluster.open-cluster-management.io/unreachable
+      operator: Exists
+    - key: cluster.open-cluster-management.io/unavailable
+      operator: Exists
+  predicates:
+    - requiredClusterSelector:
+        labelSelector:
+          matchLabels:
+            gitops-remote: "true"
diff --git a/docs/rhacm.md b/docs/rhacm.md
@@ -2,16 +2,18 @@
 
 ## Contents
 
-- [Overview](#overview)
-- [Installation](#installation)
-  * [Install RHACM on OCP cluster via Argo](#install-rhacm-on-ocp-cluster-via-argo)
-- [Using the policies](#using-the-policies)
-  * [Policies](#policies)
-  * [Label your clusters](#label-your-clusters)
-  * [Examples](#examples)
-- [The "rhacm-users" group](#the--rhacm-users--group)
-- [Contributing](#contributing)
-- [References](#references)
+- [Red Hat Advanced Cluster Management for Kubernetes](#red-hat-advanced-cluster-management-for-kubernetes)
+  - [Contents](#contents)
+  - [Overview](#overview)
+  - [Installation](#installation)
+    - [Install RHACM on OCP cluster via Argo](#install-rhacm-on-ocp-cluster-via-argo)
+  - [Using the policies](#using-the-policies)
+    - [Policies](#policies)
+    - [Label your clusters](#label-your-clusters)
+    - [Examples](#examples)
+  - [The "rhacm-users" group](#the-rhacm-users-group)
+  - [Contributing](#contributing)
+  - [References](#references)
 
 ---
 
@@ -90,9 +92,11 @@ Once Argo completes synchronizing the applications, your cluster will have polic
 Labels:
 
 - `gitops-branch` + `cp4a`: Placement for Cloud Pak for Business Automation.
-- `gitops-branch` + `cp4waiops`: Placement for Cloud Pak  for Cloud Pak for Watson AIOps.
 - `gitops-branch` + `cp4d`: Placement for Cloud Pak for Data.
 - `gitops-branch` + `cp4i`: Placement for Cloud Pak for Integration.
+- `gitops-branch` + `cp4s`: Placement for Cloud Pak for Security.
+- `gitops-branch` + `cp4waiops`: Placement for Cloud Pak for Watson AIOps.
+- `gitops-remote` + `true`: Assign cluster to the `gitops-cluster` cluster-set, registering it to the [GitOps Cluster](https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/applications/managing-applications#gitops-config).
 
 Values for each label: