fix: Only apply Cert Manager with BA install

Signed-off-by: Denilson Nastacio <[email protected]>
IBM · Sep 18, 2023 · cd303ac · cd303ac
1 parent 57c51d5
commit cd303ac
Show file tree

Hide file tree

Showing 9 changed files with 103 additions and 37 deletions.
diff --git a/config/argocd-cloudpaks/cp-shared/Chart.yaml b/config/argocd-cloudpaks/cp-shared/Chart.yaml
@@ -16,9 +16,9 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.6.2
+version: 0.6.3
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: "1.3.2"
+appVersion: "1.3.3"
diff --git a/config/argocd-cloudpaks/cp-shared/templates/0050-sync-common-config-map.yaml b/config/argocd-cloudpaks/cp-shared/templates/0050-sync-common-config-map.yaml
@@ -45,6 +45,14 @@ spec:
               else
                 storage_class_rwo=$(oc get StorageClasses rook-ceph-block -o name 2> /dev/null | cut -d "/" -f 2) || true
                 storage_class_rwx=$(oc get StorageClasses rook-cephfs -o name 2> /dev/null | cut -d "/" -f 2) || true
+
+                # If the cluster does not have the dedicated block storage class, the NFS
+                # driver can address most use cases with the exception of "block" volume
+                # mode, which is not needed for Cloud Paks
+                if [ -z "${storage_class_rwo}" ] && [ -n "${storage_class_rwx}" ]; then
+                    storage_class_rwo=${storage_class_rwx}
+                fi
+
                 if [ -n "${storage_class_rwo}" ] && [ -n "${storage_class_rwx}" ]; then
                   echo "INFO: Cluster has Ceph installed, using Ceph storage classes."
                 fi

diff --git a/config/argocd-cloudpaks/cp-shared/templates/0050-sync-cp4a-config-map.yaml b/config/argocd-cloudpaks/cp-shared/templates/0050-sync-cp4a-config-map.yaml
@@ -51,6 +51,14 @@ spec:
               else
                 storage_class_rwo=$(oc get StorageClasses rook-ceph-block -o name 2> /dev/null | cut -d "/" -f 2) || true
                 storage_class_rwx=$(oc get StorageClasses rook-cephfs -o name 2> /dev/null | cut -d "/" -f 2) || true
+
+                # If the cluster does not have the dedicated block storage class, the NFS
+                # driver can address most use cases with the exception of "block" volume
+                # mode, which is not needed for Cloud Paks
+                if [ -z "${storage_class_rwo}" ] && [ -n "${storage_class_rwx}" ]; then
+                    storage_class_rwo=${storage_class_rwx}
+                fi
+
                 if [ -n "${storage_class_rwo}" ] && [ -n "${storage_class_rwx}" ]; then
                   echo "INFO: Cluster has Ceph installed, using Ceph storage classes."
                 fi

diff --git a/config/cloudpaks/cp-shared/operators/templates/0000-cert-manager-namespace.yaml b/config/cloudpaks/cp-shared/operators/templates/0000-cert-manager-namespace.yaml
diff --git a/config/cloudpaks/cp-shared/operators/templates/0100-cert-manager-operator-group.yaml b/config/cloudpaks/cp-shared/operators/templates/0100-cert-manager-operator-group.yaml
diff --git a/config/cloudpaks/cp-shared/operators/templates/0100-cert-manager-subscription.yaml b/config/cloudpaks/cp-shared/operators/templates/0100-cert-manager-subscription.yaml
diff --git a/config/cloudpaks/cp-shared/operators/values.yaml b/config/cloudpaks/cp-shared/operators/values.yaml
@@ -1,7 +1,6 @@
 ---
 metadata:
   argocd_namespace: openshift-gitops
-  cert_manager_namespace: ibm-cert-manager
 serviceaccount:
   argocd_application_controller: openshift-gitops-argocd-application-controller
 online_catalog_source_priority: -1
diff --git a/config/cloudpaks/cp4a/operators/templates/0050-sync-cluster-scoper-operators.yaml b/config/cloudpaks/cp4a/operators/templates/0050-sync-cluster-scoper-operators.yaml
@@ -0,0 +1,83 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: sync-cluster-scoper-operators
+  annotations:
+    argocd.argoproj.io/hook: Sync
+    argocd.argoproj.io/sync-wave: "50"
+  namespace: openshift-gitops
+spec:
+  template:
+    spec:
+      containers:
+        - name: config
+          image: quay.io/openshift/origin-cli:latest
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: ARGOCD_NAMESPACE
+              value: "openshift-gitops"
+            - name: IBM_CERT_MANAGER
+              value: {{.Values.metadata.cert_manager_namespace}}
+            - name: IBM_CERT_MANAGER_CHANNEL
+              value: {{.Values.metadata.cert_manager_channel}}
+          command:
+            - /bin/sh
+            - -c
+            - |
+              set -eo pipefail
+              set -x
+
+              result=0
+              ibm_cert_manager_count=$(oc get Subscription.operators.coreos.com \
+                    -l operators.coreos.com/ibm-cert-manager-operator.ibm-cert-manager \
+                    -A \
+                    -o name | wc -l || result=1)
+              if [ "${result}" == 0 ]; then
+                  if [ "${ibm_cert_manager_count}" == "0" ]; then
+                      echo "INFO: Installing IBM Cert Manager."
+                      cat << EOF > oc apply -f -
+              ---
+              apiVersion: operators.coreos.com/v1
+              kind: OperatorGroup
+              metadata:
+                name: ibm-cert-manager
+                namespace: ${IBM_CERT_MANAGER:?}
+              spec:
+                upgradeStrategy: Default
+              ---
+              apiVersion: operators.coreos.com/v1alpha1
+              kind: Subscription
+              metadata:
+                name: ibm-cert-manager-operator
+                namespace: ${IBM_CERT_MANAGER:?}
+              spec:
+                channel: ${IBM_CERT_MANAGER_CHANNEL:?}
+                installPlanApproval: Automatic
+                name: ibm-cert-manager-operator
+                source: ibm-operator-catalog
+                sourceNamespace: openshift-marketplace
+              EOF
+                      oc wait Subscription.operators.coreos.com ibm-cert-manager-operator -n ${IBM_CERT_MANAGER:?} --for=CatalogSourcesUnhealthy=False \
+                      && oc wait Subscription.operators.coreos.com ibm-cert-manager-operator -n ${IBM_CERT_MANAGER:?} --for=jsonpath='state'="AtLatestKnown" \
+                      && echo "INFO: Successfully install IBM Cert Manager." \
+                      || result=1
+                  else
+                      echo "INFO: IBM Cert Manager already installed."
+                      oc get Subscription.operators.coreos.com \
+                          -l operators.coreos.com/ibm-cert-manager-operator.ibm-cert-manager \
+                          -A
+                  fi
+              else
+                  echo "ERROR: Unable to ascertain status of cert managers in the cluster."
+              fi
+
+              if [ "${result}" -eq 1 ] ; then
+                echo "ERROR: Unable to locate a running IBM Cert Manager and to install one afterwards."
+              fi
+
+              exit "${result}"
+
+      restartPolicy: Never
+      serviceAccountName: {{.Values.serviceaccount.ibm_cloudpaks_installer}}
+  backoffLimit: 2
diff --git a/config/cloudpaks/cp4a/operators/values.yaml b/config/cloudpaks/cp4a/operators/values.yaml
@@ -1,6 +1,8 @@
 ---
 metadata:
   argocd_app_namespace: ibm-cloudpaks
+  cert_manager_namespace: ibm-cert-manager
+  cert_manager_channel: v4.1
 serviceaccount:
   argocd_application_controller: openshift-gitops-argocd-application-controller
 storageclass: