diff --git a/README.md b/README.md index 6f2bd07a..7e234a5e 100644 --- a/README.md +++ b/README.md @@ -1,25 +1,18 @@ # IBM Cloud Paks - GitOps Demo - -## Contents + - [IBM Cloud Paks - GitOps Demo](#ibm-cloud-paks---gitops-demo) - - [Contents](#contents) - - [Overview](#overview) - - [IBM Cloud Paks](#ibm-cloud-paks) - - [Shared cluster](#shared-cluster) - - [GitOps](#gitops) - - [Governance Policies](#governance-policies) - - [Storage](#storage) - - [Installation](#installation) - - [Individual clusters](#individual-clusters) - - [Fleet of clusters with governance](#fleet-of-clusters-with-governance) - - [Contributing](#contributing) - ---- - -## Overview - -This repository contains Argo CD `Application` resources representing sample deployments of IBM Cloud Paks, and, as such, they are meant for inclusion in an Argo CD cluster. Different Cloud Paks are represented with different `Application` resources and grouped by a resource label tied to each Cloud Pak. + - [IBM Cloud Paks](#ibm-cloud-paks) + - [Shared cluster](#shared-cluster) + - [GitOps](#gitops) + - [Governance Policies](#governance-policies) + - [Storage](#storage) + - [Installation](#installation) + - [Individual clusters](#individual-clusters) + - [Fleet of clusters with governance](#fleet-of-clusters-with-governance) + - [Contributing](#contributing) + +ry contains Argo CD `Application` resources representing sample deployments of IBM Cloud Paks, and, as such, they are meant for inclusion in an Argo CD cluster. Different Cloud Paks are represented with different `Application` resources and grouped by a resource label tied to each Cloud Pak. **Important**: This repository is meant as a demonstration of how Cloud Pak deployments can be deployed and managed with GitOps practices. Adoption in a production environment can start from a repository fork, followed by customization of folders and files to match the desired configuration. @@ -36,7 +29,7 @@ Supported versions: | Cloud Pak | Version | Installation mode | | ----------|---------|-------------------| | Cloud Pak for Business Automation | [23.0.1](https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/23.0.1) | Multi-pattern starter deployment | -| Cloud Pak for Data | [4.7.2](https://www.ibm.com/docs/en/cloud-paks/cp-data/4.7.x?topic=overview) | Online, specialized installation | +| Cloud Pak for Data | [4.8.0](https://www.ibm.com/docs/en/cloud-paks/cp-data/4.8.x?topic=overview) | Online, specialized installation | | Cloud Pak for Integration | [2023.2](https://www.ibm.com/docs/en/cloud-paks/cp-integration/2023.2) | Online installation | | Cloud Pak for Security | [1.10.15](https://www.ibm.com/docs/en/cloud-paks/cp-security/1.10) | Online installation | | Cloud Pak for AIOps\* | [4.2.1](https://www.ibm.com/docs/en/cloud-paks/cloud-pak-watson-aiops/4.2.1) | Starter Installation | diff --git a/config/argocd-cloudpaks/cp4d/values.yaml b/config/argocd-cloudpaks/cp4d/values.yaml index 0875fd46..ff420e3b 100644 --- a/config/argocd-cloudpaks/cp4d/values.yaml +++ b/config/argocd-cloudpaks/cp4d/values.yaml @@ -9,7 +9,7 @@ metadata: operators_namespace: cp4d operands_namespace: cp4d-operands -# https://www.ibm.com/docs/en/cloud-paks/cp-data/4.7.x?topic=information-determining-which-components-install +# https://www.ibm.com/docs/en/cloud-paks/cp-data/4.8.x?topic=information-determining-which-components-install components: ibm-cert-manager,ibm-licensing,cpfs,cpd_platform,rstudio,wml,ws storageclass: @@ -20,4 +20,4 @@ iam_integration: true image_arch: amd64 -version: 4.7.2 +version: 4.8.0 diff --git a/config/cloudpaks/cp4d/Chart.yaml b/config/cloudpaks/cp4d/Chart.yaml index 10430ae0..3452f0de 100644 --- a/config/cloudpaks/cp4d/Chart.yaml +++ b/config/cloudpaks/cp4d/Chart.yaml @@ -16,9 +16,9 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.7.1 +version: 0.8.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 4.7.2 +appVersion: 4.8.0 diff --git a/config/cloudpaks/cp4d/templates/0090-sync-cluster-setup.yaml b/config/cloudpaks/cp4d/templates/0090-sync-cluster-setup.yaml index 7fa65f1e..8b19621a 100644 --- a/config/cloudpaks/cp4d/templates/0090-sync-cluster-setup.yaml +++ b/config/cloudpaks/cp4d/templates/0090-sync-cluster-setup.yaml @@ -1,5 +1,5 @@ --- -# https://www.ibm.com/docs/en/cloud-paks/cp-data/4.7.x?topic=information-setting-up-installation-environment-variables +# https://www.ibm.com/docs/en/cloud-paks/cp-data/4.8.x?topic=information-setting-up-installation-environment-variables apiVersion: batch/v1 kind: Job metadata: @@ -13,7 +13,6 @@ spec: spec: containers: - name: configure-cluster - # Image associated with CPD CLI v13.0.1 @ https://github.com/IBM/cpd-cli/releases/tag/v13.0.1 image: "icr.io/cpopen/cpd/olm-utils-v2:{{.Values.version}}" env: - name: PROJECT_CERT_MANAGER @@ -35,9 +34,17 @@ spec: set -eo pipefail set -x + export KUBECONFIG=/tmp/kubeconfig + api_url=$(oc get Infrastructure cluster -o jsonpath='{.status.apiServerURL}') + oc login "${api_url}" --token="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" --insecure-skip-tls-verify \ + || { + echo "WARNING: Unable to login to the cluster." + exit 1 + } + result=0 - # https://www.ibm.com/docs/en/cloud-paks/cp-data/4.7.x?topic=cluster-installing-shared-components + # https://www.ibm.com/docs/en/cloud-paks/cp-data/4.8.x?topic=cluster-installing-shared-components bin/apply-cluster-components \ --release=${VERSION:?} \ --license_acceptance=true \ @@ -52,109 +59,32 @@ spec: || result=1 if [[ ${COMPONENTS:?} =~ cognos_analytics ]] \ - || [[ ${COMPONENTS} =~ dv ]] \ || [[ ${COMPONENTS} =~ db2 ]] \ || [[ ${COMPONENTS} =~ bigsql ]] \ || [[ ${COMPONENTS} =~ watson_discovery ]] \ || [[ ${COMPONENTS} =~ wkc ]] \ || [[ ${COMPONENTS} =~ ws ]] \ || [[ ${COMPONENTS} =~ wml_accelerator ]]; then - echo "INFO: Must update CRI-O container settings depending on the target env." + echo "INFO: Must update process IDs limit settings depending on the target env." else - echo "INFO: None of the components to be installed require crio-changes" + echo "INFO: None of the components to be installed require process IDs limit changes" exit 0 fi - OPENSHIFT_TYPE=self-managed - platform=$(oc get Infrastructure cluster -o jsonpath={.status.platform}) - case "${platform}" in - Azure) - oc get Infrastructure cluster -o jsonpath={.status.platformStatus} \ - | grep red-hat-managed \ - && OPENSHIFT_TYPE=aro - ;; - AWS) - oc get Infrastructure cluster -o jsonpath={.status.platformStatus} \ - | grep red-hat-managed \ - && OPENSHIFT_TYPE=rosa - ;; - IBMCloud) - OPENSHIFT_TYPE=roks - ;; - *) - OPENSHIFT_TYPE=self-managed - esac - - ocp_version=$(oc get ClusterVersion version -o jsonpath='{.status.desired.version}' | cut -d "." -f 1,2) - if [ -z "${ocp_version}" ]; then - echo "ERROR: Unable to determine cluster version for ${cluster_name}" - exit 1 - fi - - hypershift_deployment=$(oc get Infrastructure cluster \ - -o jsonpath='{.metadata.labels.hypershift\.openshift\.io/managed}') - - # https://www.ibm.com/docs/en/cloud-paks/cp-data/4.7.x?topic=settings-changing-cri-o-container - crio="none" - if [ -n "${hypershift_deployment}" ]; then - crio="none" - elif [ "${OPENSHIFT_TYPE}" == "roks" ]; then - crio="none" - elif [ "${platform}" == "Azure" ]; then - crio="azure" - elif [ "${OPENSHIFT_TYPE}" == "self-managed" ] && [ "${ocp_version}" == "4.10" ]; then - crio="pid" - elif [ "${OPENSHIFT_TYPE}" == "self-managed" ] && [ "${ocp_version}" == "4.12" ]; then - crio="kubelet" - fi - - if [ "${crio}" == "pid" ]; then - echo "INFO: Changing CRI-O container settings" - bin/apply-crio --openshift-type=${OPENSHIFT_TYPE} \ - || result=1 - elif [ "${crio}" == "kubelet" ]; then - oc label machineconfigpool worker custom-crio=pid-limit --overwrite \ - && oc apply -f - << EOF + # https://www.ibm.com/docs/en/cloud-paks/cp-data/4.8.x?topic=settings-changing-process-ids-limit + oc apply -f - << EOF apiVersion: machineconfiguration.openshift.io/v1 kind: KubeletConfig metadata: - name: cpd-crio-kubeletconfig + name: cpd-pidslimit-kubeletconfig spec: kubeletConfig: podPidsLimit: 16384 - machineConfigPoolSelector: - matchLabels: - custom-crio: pid-limit - EOF - oc get kubeletconfig.machineconfiguration.openshift.io/cpd-crio-kubeletconfig -o yaml - - oc wait kubeletconfig.machineconfiguration.openshift.io/cpd-crio-kubeletconfig \ - --for=condition=Success=true \ - --timeout=20s \ - || result=1 - elif [ "${crio}" == "azure" ]; then - oc apply -f - << EOF - apiVersion: machineconfiguration.openshift.io/v1 - kind: ContainerRuntimeConfig - metadata: - name: new-large-pidlimit - spec: - containerRuntimeConfig: - pidsLimit: 16384 machineConfigPoolSelector: matchExpressions: - key: pools.operator.machineconfiguration.openshift.io/worker operator: Exists EOF - oc get no -o name \ - | grep compute \ - | awk '{system("oc debug " $1 " -- bash -lc \"chroot /host sudo crio-status config | grep pids_limit\" ")}' - - oc wait ContainerRuntimeConfig.machineconfiguration.openshift.io/new-large-pidlimit \ - --for=condition=Success=true \ - --timeout=20s \ - || result=1 - fi # Not attempting to set the IBM entitlement key because it is # already a prerequisite for this repository. diff --git a/config/cloudpaks/cp4d/templates/0100-sync-install-olm.yaml b/config/cloudpaks/cp4d/templates/0100-sync-install-olm.yaml index a2fa851d..cdcc2253 100644 --- a/config/cloudpaks/cp4d/templates/0100-sync-install-olm.yaml +++ b/config/cloudpaks/cp4d/templates/0100-sync-install-olm.yaml @@ -1,5 +1,5 @@ --- -# https://www.ibm.com/docs/en/cloud-paks/cp-data/4.7.x?topic=installing +# https://www.ibm.com/docs/en/cloud-paks/cp-data/4.8.x?topic=installing apiVersion: batch/v1 kind: Job metadata: @@ -20,6 +20,8 @@ spec: value: {{.Values.metadata.operators_namespace}} - name: PROJECT_CPD_INST_OPERANDS value: {{.Values.metadata.operands_namespace}} + - name: STG_CLASS_BLOCK + value: {{.Values.storageclass.rwo}} - name: VERSION value: {{.Values.version}} - name: COMPONENTS @@ -35,7 +37,15 @@ spec: result=0 - # https://www.ibm.com/docs/en/cloud-paks/cp-data/4.7.x?topic=services-creating-informix-scc + export KUBECONFIG=/tmp/kubeconfig + api_url=$(oc get Infrastructure cluster -o jsonpath='{.status.apiServerURL}') + oc login "${api_url}" --token="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" --insecure-skip-tls-verify \ + || { + echo "WARNING: Unable to login to the cluster." + exit 1 + } + + # https://www.ibm.com/docs/en/cloud-paks/cp-data/4.8.x?topic=services-creating-informix-scc echo "INFO: Creating custom security context constraints for services." if [[ ${COMPONENTS} =~ informix ]]; then bin/apply-scc \ @@ -47,7 +57,7 @@ spec: } fi - # https://www.ibm.com/docs/en/cloud-paks/cp-data/4.7.x?topic=data-installing-cloud-pak-foundational-services + # https://www.ibm.com/docs/en/cloud-paks/cp-data/4.8.x?topic=data-installing-cloud-pak-foundational-services echo "INFO: Installing foundational services" \ && bin/authorize-instance-topology \ --cpd_operator_ns=${PROJECT_CPD_INST_OPERATORS:?} \ @@ -57,6 +67,7 @@ spec: --cpd_operator_ns=${PROJECT_CPD_INST_OPERATORS:?} \ --cpd_instance_ns=${PROJECT_CPD_INST_OPERANDS:?} \ --license_acceptance=true \ + --block_storage_class=${STG_CLASS_BLOCK} && bin/get-license \ --release=${VERSION} \ --license-type=SE \ @@ -67,7 +78,7 @@ spec: --cpd_operator_ns=${PROJECT_CPD_INST_OPERATORS} \ || result=1 - # https://www.ibm.com/docs/en/cloud-paks/cp-data/4.7.x?topic=data-specifying-privileges-that-db2u-runs + # https://www.ibm.com/docs/en/cloud-paks/cp-data/4.8.x?topic=data-specifying-privileges-that-db2u-runs oc apply -f - <