From 0235f6b4de2d7f8ec3776aa3e092af862c4ceeaa Mon Sep 17 00:00:00 2001 From: Martin Jackson Date: Thu, 21 Nov 2024 08:14:44 -0600 Subject: [PATCH] Initial commit --- .github/linters/.checkov.yaml | 12 ++ .github/linters/.jscpd.json | 10 ++ .github/linters/.textlintrc | 10 ++ .github/workflows/helm-lint.yml | 29 ++++ .github/workflows/helm-unittest.yml | 25 +++ .github/workflows/jsonschema.yaml | 31 ++++ .github/workflows/superlinter.yml | 36 ++++ .github/workflows/update-helm-repo.yml | 30 ++++ Chart.yaml | 7 + LICENSE | 202 +++++++++++++++++++++++ Makefile | 48 ++++++ README.md | 19 +++ README.md.gotmpl | 20 +++ templates/.keep | 0 templates/aap.yaml | 15 ++ templates/argocd-clusterbindingrole.yaml | 20 +++ templates/console-link.yaml | 16 ++ templates/rbac.yaml | 14 ++ values.yaml | 8 + 19 files changed, 552 insertions(+) create mode 100644 .github/linters/.checkov.yaml create mode 100644 .github/linters/.jscpd.json create mode 100644 .github/linters/.textlintrc create mode 100644 .github/workflows/helm-lint.yml create mode 100644 .github/workflows/helm-unittest.yml create mode 100644 .github/workflows/jsonschema.yaml create mode 100644 .github/workflows/superlinter.yml create mode 100644 .github/workflows/update-helm-repo.yml create mode 100644 Chart.yaml create mode 100644 LICENSE create mode 100644 Makefile create mode 100644 README.md create mode 100644 README.md.gotmpl create mode 100644 templates/.keep create mode 100644 templates/aap.yaml create mode 100644 templates/argocd-clusterbindingrole.yaml create mode 100644 templates/console-link.yaml create mode 100644 templates/rbac.yaml create mode 100644 values.yaml diff --git a/.github/linters/.checkov.yaml b/.github/linters/.checkov.yaml new file mode 100644 index 0000000..fe4590f --- /dev/null +++ b/.github/linters/.checkov.yaml @@ -0,0 +1,12 @@ +--- +compact: true +directory: + - . +skip-path: + - tests +skip-check: + - CKV_K8S_49 # Minimize wildcard use in Roles and ClusterRoles + - CKV_K8S_155 # Minimize ClusterRoles that grant control over validating or mutating admission webhook configurations + - CKV_K8S_156 # Minimize ClusterRoles that grant permissions to approve CertificateSigningRequests + - CKV_K8S_157 # Minimize Roles and ClusterRoles that grant permissions to bind RoleBindings or ClusterRoleBindings + - CKV_K8S_158 # Minimize Roles and ClusterRoles that grant permissions to escalate Roles or ClusterRoles diff --git a/.github/linters/.jscpd.json b/.github/linters/.jscpd.json new file mode 100644 index 0000000..f771907 --- /dev/null +++ b/.github/linters/.jscpd.json @@ -0,0 +1,10 @@ +{ + "ignore": [ + "templates/plumbing/applications.yaml", + "templates/imperative/_helpers.tpl", + "templates/core/subscriptions.yaml", + "templates/core/namespaces.yaml", + "templates/core/nodes.yaml", + "templates/_helpers.tpl" + ] +} diff --git a/.github/linters/.textlintrc b/.github/linters/.textlintrc new file mode 100644 index 0000000..7ab7e5f --- /dev/null +++ b/.github/linters/.textlintrc @@ -0,0 +1,10 @@ +{ + "rules": { + "terminology": { + // Excludes terms + "exclude": [ + "URL" + ] + } + } +} diff --git a/.github/workflows/helm-lint.yml b/.github/workflows/helm-lint.yml new file mode 100644 index 0000000..3377308 --- /dev/null +++ b/.github/workflows/helm-lint.yml @@ -0,0 +1,29 @@ +--- +name: Helm lint + +# +# Documentation: +# https://help.github.com/en/articles/workflow-syntax-for-github-actions +# + +permissions: read-all + +on: [push, pull_request] + +jobs: + build: + name: Run helm lint over the chart + runs-on: ubuntu-latest + + steps: + - name: Checkout Code + uses: actions/checkout@v4 + + - name: Setup helm + uses: azure/setup-helm@v4 + with: + version: 'v3.14.0' + + - name: Run make helmlint + run: | + make helm-lint diff --git a/.github/workflows/helm-unittest.yml b/.github/workflows/helm-unittest.yml new file mode 100644 index 0000000..9540437 --- /dev/null +++ b/.github/workflows/helm-unittest.yml @@ -0,0 +1,25 @@ +--- +name: Helm Unit Test + +# +# Documentation: +# https://help.github.com/en/articles/workflow-syntax-for-github-actions +# + +permissions: read-all + +on: [push, pull_request] + +jobs: + build: + name: Run helm lint over the chart + # It has to be 24.04 because -latest has a podman version that is too old + runs-on: ubuntu-24.04 + + steps: + - name: Checkout Code + uses: actions/checkout@v4 + + - name: Run make helmlint + run: | + make helm-unittest diff --git a/.github/workflows/jsonschema.yaml b/.github/workflows/jsonschema.yaml new file mode 100644 index 0000000..3ed8d1d --- /dev/null +++ b/.github/workflows/jsonschema.yaml @@ -0,0 +1,31 @@ +--- +name: Verify json schema +on: [push, pull_request] + +permissions: read-all + +jobs: + jsonschema_tests: + name: Json Schema tests + strategy: + matrix: + python-version: [3.11.3] + runs-on: ubuntu-latest + + steps: + - name: Checkout Code + uses: actions/checkout@v4 + + - name: Set up Python ${{ matrix.python-version }} + uses: actions/setup-python@v5 + with: + python-version: ${{ matrix.python-version }} + + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install check-jsonschema + + - name: Verify ClusterGroup values.schema.json + run: | + check-jsonschema --schemafile ./values.schema.json "values.yaml" diff --git a/.github/workflows/superlinter.yml b/.github/workflows/superlinter.yml new file mode 100644 index 0000000..8043a1c --- /dev/null +++ b/.github/workflows/superlinter.yml @@ -0,0 +1,36 @@ +--- +name: Super linter + +on: [push, pull_request] +permissions: read-all + +jobs: + build: + # Name the Job + name: Super linter + # Set the agent to run on + runs-on: ubuntu-latest + + steps: + - name: Checkout Code + uses: actions/checkout@v4 + with: + # Full git history is needed to get a proper list of changed files within `super-linter` + fetch-depth: 0 + + ################################ + # Run Linter against code base # + ################################ + - name: Lint Code Base + uses: super-linter/super-linter/slim@v7 + env: + VALIDATE_ALL_CODEBASE: true + DEFAULT_BRANCH: main + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # These are the validation we disable atm + VALIDATE_JSON_PRETTIER: false + VALIDATE_KUBERNETES_KUBECONFORM: false + VALIDATE_MARKDOWN: false + VALIDATE_MARKDOWN_PRETTIER: false + VALIDATE_YAML: false + VALIDATE_YAML_PRETTIER: false diff --git a/.github/workflows/update-helm-repo.yml b/.github/workflows/update-helm-repo.yml new file mode 100644 index 0000000..fa1d624 --- /dev/null +++ b/.github/workflows/update-helm-repo.yml @@ -0,0 +1,30 @@ +# This invokes the workflow named 'publish-charts' in the umbrella repo +# It expects to have a secret called CHARTS_REPOS_TOKEN which contains +# the GitHub token that has permissions to invoke workflows and commit code +# inside the umbrella-repo. +# The following fine-grained permissions were used in testing and were limited +# to the umbrella repo only: +# - Actions: r/w +# - Commit statuses: r/w +# - Contents: r/w +# - Deployments: r/w +# - Pages: r/w +# + +name: vp-patterns/update-helm-repo +on: + push: + tags: + - 'v[0-9]+.[0-9]+.[0-9]+' + +jobs: + helmlint: + uses: validatedpatterns/helm-charts/.github/workflows/helmlint.yml@985ba37e0eb50b1b35ec194fc999eae2d0ae1486 + permissions: + contents: read + + update-helm-repo: + needs: [helmlint] + uses: validatedpatterns/helm-charts/.github/workflows/update-helm-repo.yml@985ba37e0eb50b1b35ec194fc999eae2d0ae1486 + permissions: read-all + secrets: inherit diff --git a/Chart.yaml b/Chart.yaml new file mode 100644 index 0000000..427fbba --- /dev/null +++ b/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +description: A Helm chart to configure ansible-automation-platform +keywords: +- pattern +name: ansible-automation-platform +version: 0.1.0 +dependencies: diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..d645695 --- /dev/null +++ b/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..e2f3ffa --- /dev/null +++ b/Makefile @@ -0,0 +1,48 @@ +# https://hub.docker.com/r/helmunittest/helm-unittest/tags/ +HELM_UNITTEST_IMAGE ?= docker.io/helmunittest/helm-unittest:3.14.4-0.5.0 +HELM_DOCS_IMAGE ?= docker.io/jnorwood/helm-docs:latest + +PWD=$(shell pwd) +MYNAME=$(shell id -n -u) +MYUID=$(shell id -u) +MYGID=$(shell id -g) +PODMAN_ARGS := --security-opt label=disable --net=host --rm --passwd-entry "$(MYNAME):x:$(MYUID):$(MYGID)::/apps:/bin/bash" --user $(MYUID):$(MYGID) --userns keep-id:uid=$(MYUID),gid=$(MYGID) +##@ Common Tasks + +.PHONY: help +help: ## This help message + @echo "Pattern: $(NAME)" + @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^(\s|[a-zA-Z_0-9-])+:.*?##/ { printf " \033[36m%-35s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) + +.PHONY: helm-lint +helm-lint: ## Runs helm lint against the chart + helm lint . + +.PHONY: helm-unittest +helm-unittest: ## Runs the helm unit tests + podman run $(PODMAN_ARGS) -v $(PWD):/apps:rw $(HELM_UNITTEST_IMAGE) . + +.PHONY: helm-docs +helm-docs: ## Generates README.md from values.yaml + # First make sure all values.yaml entries are documented. This can only be enabled once + # https://www.github.com/norwoodj/helm-docs/issues/228 is fixed + # podman run $(PODMAN_ARGS) -v $(PWD):/helm-docs:rw $(HELM_DOCS_IMAGE) -x + # Then render the README.md file + podman run $(PODMAN_ARGS) -v $(PWD):/helm-docs:rw $(HELM_DOCS_IMAGE) + +.PHONY: test +test: helm-lint helm-unittest ## Runs helm lint and unit tests + +.PHONY: super-linter +super-linter: ## Runs super linter locally + rm -rf .mypy_cache + podman run -e RUN_LOCAL=true -e USE_FIND_ALGORITHM=true \ + -e VALIDATE_JSON_PRETTIER=false \ + -e VALIDATE_KUBERNETES_KUBECONFORM=false \ + -e VALIDATE_MARKDOWN=false \ + -e VALIDATE_MARKDOWN_PRETTIER=false \ + -e VALIDATE_YAML_PRETTIER=false \ + -e VALIDATE_YAML=false \ + -v $(PWD):/tmp/lint:rw,z \ + -w /tmp/lint \ + ghcr.io/super-linter/super-linter:slim-v7 diff --git a/README.md b/README.md new file mode 100644 index 0000000..5edf986 --- /dev/null +++ b/README.md @@ -0,0 +1,19 @@ +# ansible-automation-platform + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) + +A Helm chart to configure ansible-automation-platform + +This chart is used to set up the Ansible Automation Platform Operator version 2.5. + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| aap.eda_disabled | bool | `false` | | +| aap.hub_disabled | bool | `true` | | +| aap.lightspeed_disabled | bool | `true` | | +| global.hubClusterDomain | string | `"example.com"` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/README.md.gotmpl b/README.md.gotmpl new file mode 100644 index 0000000..a2ac04d --- /dev/null +++ b/README.md.gotmpl @@ -0,0 +1,20 @@ +{{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.badgesSection" . }} + +{{ template "chart.description" . }} + +This chart is used to set up the Ansible Automation Platform Operator version 2.5. + +{{ template "chart.homepageLine" . }} + +{{ template "chart.maintainersSection" . }} + +{{ template "chart.sourcesSection" . }} + +{{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesSection" . }} + +{{ template "helm-docs.versionFooter" . }} diff --git a/templates/.keep b/templates/.keep new file mode 100644 index 0000000..e69de29 diff --git a/templates/aap.yaml b/templates/aap.yaml new file mode 100644 index 0000000..0fee9b7 --- /dev/null +++ b/templates/aap.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: aap.ansible.com/v1alpha1 +kind: AnsibleAutomationPlatform +metadata: + name: aap + namespace: ansible-automation-platform +spec: + controller: + disabled: false + eda: + disabled: {{ coalesce .Values.aap.eda_disabled "false" }} + hub: + disabled: {{ coalesce .Values.aap.hub_disabled "false" }} + lightspeed: + disabled: {{ coalesce .Values.aap.lightspeed_disabled "false" }} diff --git a/templates/argocd-clusterbindingrole.yaml b/templates/argocd-clusterbindingrole.yaml new file mode 100644 index 0000000..d91c4c1 --- /dev/null +++ b/templates/argocd-clusterbindingrole.yaml @@ -0,0 +1,20 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: openshift-gitops-cluster-admin + annotations: + argocd.argoproj.io/sync-wave: "-1" +subjects: + - kind: ServiceAccount + name: openshift-gitops-argocd-application-controller + namespace: openshift-gitops + - kind: ServiceAccount + name: openshift-gitops-applicationset-controller + namespace: openshift-gitops + - kind: ServiceAccount + name: openshift-gitops-argocd-server + namespace: openshift-gitops +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin diff --git a/templates/console-link.yaml b/templates/console-link.yaml new file mode 100644 index 0000000..a14757a --- /dev/null +++ b/templates/console-link.yaml @@ -0,0 +1,16 @@ +apiVersion: console.openshift.io/v1 +kind: ConsoleLink +metadata: +{{- if eq .Values.aap.release "2.5" }} + name: controller +{{- else }} + name: aap +{{- end }} + namespace: ansible-automation-platform +spec: + applicationMenu: + section: Red Hat applications + imageURL: data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAADICAIAAAAiOjnJAAAc1klEQVR42u2deXAUZfrH++3uuTP3JCFAEnJBQBSQQ1jW6LIJAkYMRwgG5IgskUWMFVJsbYm4/sBdZSFldBVhFQrQaOIVMIAhuFJZEeQQEA8gdzhCJjOTzEzm7uP3By6FSN5M0nN0J++39g/LHSfT7/vp933e530OwLIshoQUaOFoCJAQWEgILCQEFhISAgsJgYWEwEJCQmAhIbCQEFhISAgsJAQWEgILCQmBhYTAQkJgISEhsJAQWEgDTCQagruIZVmKYmkaoyiWYTCWxW4P4AYAAwDgOEaSgCAASWIAoDFDYP0aIIZhvV6qvZ1qb/e1tHjq671Xr1JmM2U202Yz7XAwPh9L0yzD3EwOAAAAHAcEgYtEhEJB6PWkXk/q9eKhQyVJSaK4ODIykoyMBGIxwPGBDNzAA4thGKfTZzK5L150XrzoPn3a3dDga2ykOzsZnw+j6b5/803aNBpRQoI0MVE6YYI8NVWamioyGHC5HMMHltUBBkiWDktR3uZm5/Hj9pMnXWfPupua6LY21ucL7uCKRER0tHTYMNm4ccpJk+RTpojj4wFJIrAEv9MxTqfrp5/sNTXW/fvdFy5QVivGMGE6JuGkWi2991717NnKtDTZqFG4XN6P98r+CRZL055LlzoqKmzV1a7z5+mODl79PEKrlY0Zo8rI0GZlSUaMAASBwOK7/eQzGm3V1eZ33uk6cYLxevm8ILAYhovFEZMn61esUGVkiKKi+pMd1k/AYinK09Bg2rmzs6LCW1/PUpSQ5oAkxUlJmqwsQ16eJDGxfxhhggeL9Xgcp061v/GG9cgR2mIR9LMQOp06PT1yzRrFxIlAIkFghQkpr9f53XdtxcW2gwdph6PfbCKEQqGaNSu6sFB+//1ALEZghdSWcp4501ZSYq2spK3WfnmqItRqdWZmdEGBfPx4IdpeQgOLZT3Nze3btpm2b++vSN2BlyE/P3LVKkl8vLB8E0ICi3G5LKWlNzZv9tTWYgOn+hIAkpSUQevW6XJzcZkMgRXQdYqmXefOXSsqstfUsOHycIZ3nnBcmZY2ZMsW2dixgvB7CQAsxuEwbttmLC72tbZiA1uimJiowsKoVatwhQKBxclId124cGX1avuxYxjS/6ScOjX2zTdl997LZ6Oev7+M9fnMe/fWzZmDqLpD9mPH6ubMMe/dG+xL9H64YlHt7dc3bDDt3Ml6vYiku8+cWGzIyxv8f/9HRkYisPxyKLjr6ppXruyqqcEGpJ3em/0Gj0hLi9+xQ5qczDdnBM43qmyHD9dnZnYdPYqo8scG7Tp6tD4z03b4MN/8LzxasVifz1JWdqWgQOhXfqEXodPFlpTocnKASIRWrDupMpaUXHnmGURVH0RbLFeeecZYUsIfc54XKxbjdLZu3Ni2ZYuwwl14Zy+TZHRRUcwLL+Byedh/TPhDfxiH4/rLLxuLixFVXFd9imorLmYBGPz882H3oIZ5xWKczisFBaZduzilxyD9yuAiDMuXx5aUhHfdwsNL1fVNmxBVgTa4aNOuXdc3bWKczoEIFuvztW7caNy6FVEVDLaMW7e2btwYRlseDxdVxpKSti1bkGM9WCPs9bZt2RLGc2I4wGJZS1lZ66ZNyFoPti3fummTpawsLL7TkBvvLGs7fLgxN5dC/qrQHPt1uoTSUtX06SG+8wk1WO7a2vrMTPfly2jKQybp8OFJlZXSlJR+uxVS7e3NK1ciqkIs9+XLzStXUu3t/RMs1uu9vmFDV00NmunQq6um5vqGDaE8KoVqK2QY0549Lfn5Qj0GAkBotaLBgzGCoG7coIxGwWVzALE4bvt2w5IloYk7DRFYru+/r8vK8jY2ChEqQqOJeu45zdy54sGDMRynTCZrVZXx73/3Ci0GX5yQkFxRIbvvvn4CFuNw1D3yiEAjjEXR0fHvvqueOfNXLzrLOk6caFiwwHv1qrAeRzl1anJVVQhuEoO+KrI0bdy2Tahx6wQx6KWX7qQKwzAAFJMnD/7nP4FUKqwHsh87Zty2jQ3+bUfQwXKdO2csLhaozSsZMUI3d+7djRIANDNmyO6/X3APZSwudp07J2ywGJfralGRUPMBAdDNm0caDBDbS5+bK7iqfL7W1mtFRYzLJViwWNZSWipc/wKh0Wizs+HcaGbPJnU6wT2avabGUloa1INtEMHyNDff2LxZuBnxqsxM6ahRPZyzYmO1CxcK7tFYhrmxebOnuVmAYDFM+7ZtntpagVKFy2T6RYv8qZKgW7SI0GgE94Ce2tr2bduClwoVLLCcZ86Ytm8Xbk0Y2YQJEVOm+PNJ+dixCv8+ybNVizVt3+48c0ZIYLFeb1tJiYDrVwGgmzePUKn8XduWLRPiU9JWa1tJSZDuQoIClvPsWWtlJSZYkXq9Zu7cXlhj6eniuDghPqm1stJ59qwwwGI9nratWwVdbk8zf744NrYXIGq1+qVLhbpobd3KejwCAMtx6pTt4EHhUkWo1fonn+zt1qnJzhai3wHDMNvBg45Tp/gOFktR7W+8Iegaxorf/14+dmyvjf3UVNWjjwpy0XI42t94I+Bh4gEGy9PQYD1yBBOydLm5fcjIAyKRLjcXCLO1hPXIEU9DA4/BYhjTzp2CLr4gjo3VzJjRt/82YupU2bhxgly0LBbTzp2B9WkFEiyf0dhZUSHo5Uq7eDGh1Xa/07OQ0SciIrQLFgi0oVdnRYXPaOQpWLbqam99vYC9DDqd7oknIGR4GhutX3wBMeG1OTmimBghPru3vt5WXc1LsGja9M47gk4VVE6fLhsxAvZaf/ZZ2yuvQDyK4qFDNVlZQnx2lqJM77wTwKz0gIHlvnTJceKEcKkCJKlbsgTSu4alKPOOHY4TJ5zdH84BQegWLeJ/rey7ynHihPvSJZ6BxbIdFRWMkPPlpffdp5w6FfKBruPHXZcvMz6f+cMPIQuzfOxYBfR7eCvG6+2oqAjU9W5gwGIcDlt1taDb0OrmzSOUSshyZfngg19MyS++8LW1dTugMplu3jwhmvAAw2zV1UyAfJCBAcv188+u8+eFS5UoJka3eDHMbG9qsh448Ms/19VZP/8cYsJrsrMlwrw6dJ0/7/r5Zx6BZa+p4Vvf5V5J/dhjoiFDYAfeQ4d8tyXkdJSWQkJ7SY1Gk5MjxHGgOzrsAYr4DQBYLEVZ9+0TLlV4RIR+6VJITB/jcpn//e/bPViOU6dgJxUAdIsXk1FRQhwN6759ATnaBwAsb3Oz+4cfhAuWYtIk+ZgxsOPSsWN3bBCM22354ANIEpU0JSVi2jQhjob7hx+8gQhZDgBYzuPHKeEGyeC47oknIJeDLEWZy8p++xJbDx3yXbvW7bdKpYZFi4RowlNWq/P4cR6AxTD2kyeF20VCPGSIJisLQoC3pcVWVfXbf++7erUTGh2kTE+XDhsmQK9DYCaUK1iM0+kKTghiaKSdP5/U62E2x8GD3a1MHe+/DwkQwqVS/YoVQly0XGfPci+MyxUsn8nkbmoSKFVkVJRu2TLI3NNdXZY9e7p7fZ1nzji++QZG7cKFYgEuWu6mJp/JFGaw3Bcv0t17C/lutj/4ILzOnePbb53ffw85LVrefx+ya4hjY5V9DcIJp9Ohrc198WJYwWJZ588/87kdI0wAROblQdp3sxRl2b0bHg/eWVnpbWnp9i+IRJHLlgGSFNbAsD6f8+JFjnc7nMBiGcZ9+rRAlyvJkCHKhx+GuVGuXbP95z89vNxmcyc0H0k+ZoxcgNF/7tOnOaawcwPL63ULs5YahuOGVavgIcjWzz+HOBRuyVJaCklJAhKJYcUKwS1a7oYGjvmGnMCi2tt9wgRLNHSoJjsbthR1dVk+/NCvM9T5813QeCF1ZqY4OVlY4+NrbORYDJcbWEYj3dkpRLBUM2dKoOc1x8mTfrpRGKfTvHs37Ow5aBAcYj7a752dFLdIZU5g+VpaGAGGjAKCMCxdCmtGyjDmnTv99+XYDhyAZLkAHNcvWEAIKuuQoShf94eSoIPlaWjABAiW7L77FNBKfN7r122HD/fi/bbbO6EhctLhwyMmTRLSGFEUx4QwTmAJrrTrzeUq8umngUQC+UzHvn29szBY1vLBB1T3VgEQiwVnwnOcXA5gsSxlNgsOLHFSkmrWLLjZ3lle3utj1E8/OU6ehHwgYto0yejRQlqzzGYurqy+g8VSlBDB0mRniwcPhpnt337bh6pRjNNp2rkTEkhDajR66PURD8HiEpjFCSxaaGDhWq0uOxvemsGyd2/f4r7tR454IFkuAGgyM+Fxqvw6GJrNXKp2c9gKaVpwxT+UkyfLRo6EGxZ9TuamOzo6yssh24ckPl71yCOCAcvhwMKzYjEMI6hbQkCSemjmIIZhjN2O+1fI765GZ8f+/VT3sf+AJPW5ufAfwCOPg8/H5VaHk/HOCqqds2TkSOX06fDPSFNTkz79VDF5ct/+hPvHH7ug4ZeKKVPk48cLYrhYmg6P8Y6xrJBKbQOgW76chBT8+N/HFBMmJFdW6p96qg/tTFiv17x7N+SWDZfJDPn5/hRjDj9YDBMmsDCMFU5RZHLQIM2jj/p5KCP1+riSksEbN+K9Z8v+5ZduaBFyVXq6ODFRAGCFMWxGQFLPmiXtzXTiCsWgtWuT9u+XQI39u9i8Fotlxw7Iuy6OiRHc1WGowQIC8coAkUiXnd1rxzcAqvT0pI8/hodt/VadVVWw2r44rl+4kP+7IcfJxTn9ZYFURpRPmBCRlta3Z5SNGpW0b1/k00+D7mNN7zTh6+utX30F+YDsnnuUvM86BDjOxZ3LDSwhGKEYjuuWLcP9xuK3IlSqocXFcW++SfhZm5SiLO+/z7jdkJ9kyM+H31eGHyyCCA9YAMdxSOQJbyROTtZALwf9GiaZzLBsWeL+/TL/7vu6jh51//QT5APKP/yhxw5QYX4fRSIuOxKHFYskCSFUGNM+/ji8fKPPaPT4E3sEgGratOQDB9SzZ/c44rTZbNm9G2LCk1qtjt9twwiFAuMQjsFhxSIIAprqyZP1XJebC9+yzW+/XT9nTtfRoz27bQAQx8Ul7N4dVVTUo5fLUl5O2+2Qr9LMncvnAST0ei6mDgewSJLkPVgRDz0khzZtp+12y0cfub77rm7uXNN77/nT/IPQaIa8/HL8u++KoG1RfDdudB46BPmAJCFBw+OsQ1KvB2FZsTAAeA4WEIn0K1bAYxkcp0+7L1/GMIzu6LjyzDPXXnzRn562gCT1CxcmfvSRDFqmxlJeDvk2QBDaJ5/kbbtyUq8P06kQw8RDh/IZLOk996ih0QSs12vas+fWDQxjs7W9+mrD4sUef4oG4HjEAw+kVFVpFy7sLnzeceQIJJEawzDlgw8q+Hp1yHFyOYElSUzEeBxuq5k/H3456Glq6vpNgxbrZ581ZGU5vvvOn5syUXR0/I4dMS+9dNeYBdpm64C2Xsblct3SpXyM/iNJSVJS2MASxcXhfAWL0Ol0PfWJ6Cwru0tKKss6z5+vf+wx83vv+RNCSSiVMX/5S8Lu3eKEhN/+vx2lpRS0B4x61ixxfDzvfA0kKeJWRpUTWGRUFG/bIavS0yV3m+lbYlwu89693S0nvuvXW55+uvUf/4Cd7G7bFrU5OUn79yvS0u5A2Wc2wxN4RIMGaR5/nHevpUZDRkaGD6zISBF08sL2wkkk+qVL4YearhMn4GEIjNN5Y+PGllWrfNev+3OUkY8enVRWpl+8+FfbIstaPv4YkqIICEL3xBM4z0x4UUJCOMECYrGUlxEgsjFj4JeDrNdr3ru3x+9hfT5LaWndjBnOc+f8KXInGjQobseOoVu33t7pyfHNN3ATXj5uHN+uDqWJiRwjXbmBhePSCRN4CJZuyRIiIgJmtre02P3sq8iyzgsXGrKzO/fv98ecx6XSyFWrhu3Zc6vkGmOzdXz4IYRLIBbrelpfQw3WhAkcIwy4hScAIE9NBTy7MRTHx/dotXSWl/t6k5DpqatrmDfvxiuv0F1dPY8KQWgyM0ccPapMT7/pvO4oK/PeuAGzCKdNk0JdYqEUEInkqalY2MJmbqKdmkpER/PLbJ85E345yLjdlj17eht3yzLM9b/97cpzz/mZTSmOj0/84IPI1asBjvuMRtu+fbCrQ51OM3MmXyz36GhpaipXM5erlWcw8Ko2MC6VGp58En7JZf/yS3ddXR++nPV6ze++WzdzpvP77/3hkjQYhm7dGvuvf5HR0ab334elK+K4Pi+PJ23DpMOGiQyGMIOFy+W86lermDpVBvVlsz6f5eOPueQXOU6dasjOtlZV+fMlgCQj8/MTy8rYri64CS+Oj1fzY9GSjRvXh67YAQYLw3HlpEkYP0JJAUkannoKhwbQeZqa7JzboXsuX27MyTG+/ro/F4sYjivT0hI/+YS2WCDrHMBxw5/+xCUgMUBrfmAmNABAyKdMIdVqPoAlGTWqx3N7p38FIHsUbbNd++tfrzz3HOVfc3VJUpKqpwVJ8cAD8ilTwjuGpFodkN8QALDE8fFSftRR0Tz2GNytxzgcHd1723ttcnk8ph07GhctcvvXiq3HYF9CpdKGu22YdPTogFwxBQAsQJJqHlxK4DKZfulSuPfF/uWXrkD3k7J98UXt9Om2r74KQF44ALo5c3rOqg2m1I8/HhCPWmBsI2VaGhHW4cAwTPXHP0qg1wAsRXV88kkw2qF7r15tzM017drF/ctJg0Hz2GNhczRotcq+pTMFCSzZyJGysPr3gExmWL0a7mXwNDZa79ZuKSCibtxoyc/33+SCLFqGZ54J11sqGzNG1ssE3eCChSsUqoyMMObby8aPVzzwAPwz1kOHqKB2Z2GY9rffblqxwlNfz+lZ7rknLO3KWQxTZWQEypcWIDcBANqsLDx8BXr0ubkkNICHttstftw6cz4r0tbPPqubOdP+3//2uTMbLpfr8/JCH0GJi8VaaIe9cICFYdIRI/pc/YerZaBUaufMgY9I19dfh6wNrLu2tmH+fC4ml+qhhyQhDxuJmDxZOmJEwDAN3PQS4SoMrH38cRH0vpKlact778FSkwNuchmNLatXX9+wge5T71lSq9XOnh3KkGVAkvoVK7DApbYH0mOuysgQcwuU7gvPKpU+Px8+B96WFhtnb3uvTRaPp+3VVxsXLfJeudJrz9nNal7cQu16JXFSkiojI5AbawC/SxQVpcnKCvH8yX/3ux7ba3UeOMCxgUcf2WIY64ED9fPnO06d6rVpkZKiDOhMw6XJyhJFRfEULAzHDXl5oeztAQjC0FNQAG21dpSWhtEV4jx5sm76dHilv7s8mkhkWL4ccL4M9mvV1+kMeXmBvfAN8OWxJDFRnZ4esjkTxcWpeipe5ThzxnX+PBZWUVZry7PPtm7e7Nel9a3FeNw4SUhSCtTp6QE/KwQYLECSkWvWhKhYCAC6rCyyp8gh09tvc2+dzV2Mzdb6wguN8+Z5/b4CJzQaeU/OuQAsVwpF5Jo1AT91BT7cRTFxoopz2SC/RkSr1T75ZA9m+9WrvWq3FGx1HjrUsHCh07+GdQCAEIR9q2bNUkycGPCvDTxYQCKJXruWCH4gjXL69B6qVbFs56efUn068AdPjq+/rp0xo/PTT3v0cjEulweaoBaAl1Otjl67Nhgl4IISoCcfN06dmRncbVAq1S9ZAn+habvdUl7OwzKplNHYlJd3o7gYvke7Ll1yQYNOA2BdZWYGqWV1UMACYnF0QUFQFy3Z6NHKnuLRHKdPh91sh5xVrz//fMuf/+zrJnuHtlpbX3yRNpmCu1wVFASpU0awQorl48cbevJbcvK7zJiBAUDbbJD/mXftYvzI1grfwkWZ9+ypy8qyf/MNe3vzGIbxNDc35+VZKyuDevQx5OcHr00GCF4TAE9TU+0jj3guXw7GoEhTUvCeVkT3jz/y4TzYo0idTj13rjojQxQbS1ss9qNHOz//HNZILBCSDB+eUlUlCVqGVRDBwljWtHNny8qVQuqMEkYBwAKAsSwIfr8PgONxO3YY8vKCt6XgQR0pXW5uoCIS+79YFjAMCEkXGWVami43N6iX3MFN28JlsiFbtsDzkpFCLFFMzJAtW4KdZxb0fEDZ2LFRhYVoOvmjqMJC2dixQd9tQ9DBi3E46h55xH7sGJrUsEs5dWpyVVUIcvlDkcGMKxSxb70l5mWJtgElcUJC7FtvhaZCRIhS42WjR8ds2CCUrrX989ApFsds2CALVWpxqGou4Lg+NzfgQT9I/o+/IS9Pv2hRyMYfhLJLKtXeXr9gQdfRo2iiQ6yIhx9OKi8PZawzCHH7XXdtbX1mpjsY7nikbiQdPjypslKakhLSJTLUD5mcHPv662QIw5cHuEidLvb116XJyaHee0NuQwLV9OlDS0oIflQ+6t8i1OqhJSWq6dND3/wiHKY0ALqcnJj16wGP26X0h2MgScasX6/LyQlLS5XwnNGASBRVUBBdVIQcEMFzLkQXFUUVFISrpnXYDv9AJIp54YWotWsxQTSWFtgWSEStXRvzwgthrJQe6lPhHWKczisFBaZduzDuVcuQ/keVYfny2JISPCQ5ibxbsX7583J57GuvRa9bh/bEgO2A69bFvvZaeKkKP1gYhuEKxeD166MLC5Etz91ajy4sHLx+PR/qxYd5K7wl1uczlpS0btpE8yxbS0CehZj168NorfMUrJtsWcrKrhQU0ByrLQ5AqnS62JISXU4Of/oa8QgsDMMwlrUdPnzl2WfRnY//kg4fHvv662HxggoHLAzDWNZdV9e8cmVXTQ2GsjB6sE/xiLS0+B07pMnJfGsszb8gFgCkKSlJ5eWRK1eioyL8ABi5cmVSebk0JYWH7cr5t2LdbnKVll5/6SVvYyPC6A6JExIGv/iiLjeXb80iBQAWhmEYw7guXLiyejWKl79dyqlTY998U3bvvXyOmuQ3WDfpcjiM27YZi4t9ra0DHClRTExUYWHUqlU86WwobLAwDGNp2nXu3NWioq6amoGZVw1wPCItbeiWLbKxY4EQbleFAdYvS5fLZSktvbF5s6e2FhPOz+Z+mpGkpAxat06Xmxv+bob9EqybzghPc3P7tm2m7dsHgo+eUKsN+fmRq1ZJ4uN5ePTrR2D9z6h3njnTVlJirazsr3gRarU6MzO6oEA+frwQU5uECdbNxcvrdX73XVtxse3gQRrSx1twSCkUqlmzogsL5fffL1xPnoDB+gUvj8dx6lT7G29YjxwR+iUjodOp09Mj16xRTJwYjLqgCKze40VRnoYG086dnRUV3vr6YHS7DOIckKQ4KUmTlWXIy5MkJvaP8KF+AtYt28tnNNqqq03vvOM4cYLxevls7rIYhovFismTDStWqDIyRFFR/SlNvH+BdWvOaNpz6VJHRYWtutp1/jzd0cGvLU+rlY0Zo8rI0GZlSUaMAP0x6r9/gnXLN8E4na6ffrLX1Fj373dfuEBZrWGLmMBxUq2W3nuvevZsZVqabNQoXC4XlgcBgXV3I8zb3Ow8ftx+8qTr7Fl3UxPd1varWsXBGFyRiIiOlg4bJhs3TjlpknzKFHF8/ACJwB4oYN1uhzFOp89kcl+86Pz5Z/fp0+7GRl9jI93ZyVAUxsXqJ0mcJAmNRpSQIE1IkE6YIB85UpqaKjIYcLl8oJXZGXhg/XqvZBmG9Xqp9nbKaPS1tHgaGrxXr1JmM2U202Yz7XAwPh9L0yzD3BwoAADAcUAQuEhEKBSEXk/q9aReLx46VJKYKIqLI6OiyMhIIBYDHO/HOx0Cq6/AURRLURhNswyDseyvriYBwAAAOI4RBCBJQJIDGSAEFlJozypoCJAQWEgILCQEFhISAgsJgYWEwEJCQmAhIbCQEFhISAgsJAQWEgILCQmBhYTAQkJgISEhsJAQWEgDTP8PYtUOifNZCQcAAAAASUVORK5CYII= + href: 'https://aap-ansible-automation-platform.{{ .Values.global.hubClusterDomain }}' + text: Ansible Automation Platform + location: ApplicationMenu diff --git a/templates/rbac.yaml b/templates/rbac.yaml new file mode 100644 index 0000000..d363083 --- /dev/null +++ b/templates/rbac.yaml @@ -0,0 +1,14 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: "openshift-config-default-cluster-admin" + annotations: + argocd.argoproj.io/sync-wave: "-1" +subjects: + - kind: ServiceAccount + name: default + namespace: openshift-config +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: "cluster-admin" diff --git a/values.yaml b/values.yaml new file mode 100644 index 0000000..9c27535 --- /dev/null +++ b/values.yaml @@ -0,0 +1,8 @@ +--- +global: + hubClusterDomain: example.com + +aap: + eda_disabled: false + hub_disabled: true + lightspeed_disabled: true