diff --git a/.cspell.json b/.cspell.json
index 1f3ba777d1986bcbdeb0c3b067a06f761f906153..d063a527642396940ed8f29e65ec1bf3705ddbf2 100644
--- a/.cspell.json
+++ b/.cspell.json
@@ -98,6 +98,7 @@
"kubectl",
"kubernetes",
"millicores",
+ "minikube",
"modsecurity",
"msteams",
"mtls",
diff --git a/.values/env/teams/apps.admin.yaml b/.values/env/teams/apps.admin.yaml
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..c442633d4e0051e6540c24d8ba373bca1a46d774 100644
--- a/.values/env/teams/apps.admin.yaml
+++ b/.values/env/teams/apps.admin.yaml
@@ -0,0 +1,3 @@
+teamConfig:
+ admin:
+ apps: []
diff --git a/.values/env/teams/external-secrets.admin.yaml b/.values/env/teams/external-secrets.admin.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..d0c71f0f1be98835c8e5ef5318b437a9313bb837
--- /dev/null
+++ b/.values/env/teams/external-secrets.admin.yaml
@@ -0,0 +1,3 @@
+teamConfig:
+ admin:
+ secrets: []
diff --git a/.values/env/teams/jobs.admin.yaml b/.values/env/teams/jobs.admin.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..9fe4d2a33199b0b67c8241e08a61b60a5a499c74
--- /dev/null
+++ b/.values/env/teams/jobs.admin.yaml
@@ -0,0 +1,3 @@
+teamConfig:
+ admin:
+ jobs: []
diff --git a/.values/env/teams/services.admin.yaml b/.values/env/teams/services.admin.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..9b47310086a96c81d157a2951057895caa2b2713
--- /dev/null
+++ b/.values/env/teams/services.admin.yaml
@@ -0,0 +1,3 @@
+teamConfig:
+ admin:
+ services: []
diff --git a/chart/otomi/values-localhost.yaml b/chart/otomi/values-localhost.yaml
index 8e11f3e2490e060cb945878f15a1d2e9311d95b6..899c60a3c461dd73b4385e2257f4a4d49efe732d 100644
--- a/chart/otomi/values-localhost.yaml
+++ b/chart/otomi/values-localhost.yaml
@@ -1,6 +1,7 @@
# These values are intended for use to demo Otomi on a server/laptop.
# Minimal recommended specs: 32GB+ RAM, 12+ (v)CPU
cluster:
- provider: custom
- domainSuffix: 127.0.0.1.nip.io
+ provider: local
+ # set the below nip.io ip to your metal LB ip when using minikube:
+ domainSuffix: 192.168.64.16.nip.io
# k8sContext: minikube # if using minikube
diff --git a/chart/otomi/values.yaml b/chart/otomi/values.yaml
index 35516b6361bf1abd13c01ee7653ecb9fcf249980..4132ff389259d1e36c37a2604fd240e5e15142e0 100644
--- a/chart/otomi/values.yaml
+++ b/chart/otomi/values.yaml
@@ -2,7 +2,9 @@ cluster:
# domainSuffix: '' # Needs to be set when hasExternalDNS is set to true
k8sVersion: '1.21'
name: 'dev'
- provider: 'aws' # provider can be one of aws|azure|google|custom
+ # Provider can be one of aws|azure|google|custom|local
+ # (choose 'local' for laptop install (minikube, kind), and 'custom' for onprem clusters.)
+ provider: 'local'
# owner: '' # will be set to 'otomi' if left empty
otomi: {}
# adminPassword: '' # Will be automatically generated if not filled-in
diff --git a/charts/team-ns/templates/external-secrets.yaml b/charts/team-ns/templates/external-secrets.yaml
index 61fc674350836ffb183387387034ccf933314bc5..50ceabd9e670a6434164b51d7b94f31d03451456 100644
--- a/charts/team-ns/templates/external-secrets.yaml
+++ b/charts/team-ns/templates/external-secrets.yaml
@@ -1,12 +1,14 @@
{{- $v := .Values }}
{{- $ := . }}
{{- range $s := $v.secrets }}
+{{- $ns := index $s "namespace" | default $.Release.Namespace }}
{{- $pathPrefix:=printf "/secret/data/teams/team-%s" $v.teamId }}
{{- $vaultPath:=printf "%s/%s" $pathPrefix $s.name | quote }}
apiVersion: kubernetes-client.io/v1
kind: ExternalSecret
metadata:
name: {{ $s.name }}
+ namespace: {{ $ns }}
labels: {{- include "team-ns.chart-labels" $ | nindent 4 }}
{{- with $s.labels }}
{{- . | toYaml | nindent 4 }}
diff --git a/charts/team-ns/templates/knative-services.yaml b/charts/team-ns/templates/knative-services.yaml
index 3cada58c47b8195536b434850c39eba72823afc4..5251d846d0f30c2287bff705ec24eeaa95260199 100644
--- a/charts/team-ns/templates/knative-services.yaml
+++ b/charts/team-ns/templates/knative-services.yaml
@@ -2,6 +2,7 @@
{{- $ := . }}
{{- $secrets := (include "itemsByName" ($v.secrets | default list) | fromYaml) }}
{{- range $s := $v.services }}
+{{- $ns := index $s "namespace" | default $.Release.Namespace }}
{{- $type := $s.type | default "public" }}
{{- if hasKey $s "ksvc" }}
{{- $k := $s.ksvc }}
@@ -11,6 +12,7 @@ apiVersion: serving.knative.dev/v1
kind: Service
metadata:
name: {{ $s.name }}
+ namespace: {{ $ns }}
labels: {{- include "team-ns.chart-labels" $ | nindent 4 }}
{{- with $k.labels }}
{{- . | toYaml | nindent 4 }}
diff --git a/helmfile.d/helmfile-15.ingress-core.yaml b/helmfile.d/helmfile-15.ingress-core.yaml
index 978d88dd282a8f136f6e717d80ba92c062f99079..08cce8064417a8b4ee6bc33e27820fa91587e007 100644
--- a/helmfile.d/helmfile-15.ingress-core.yaml
+++ b/helmfile.d/helmfile-15.ingress-core.yaml
@@ -37,5 +37,5 @@ releases:
cluster: {{- $v.cluster | toYaml | nindent 10 }}
otomi: {{- $v.otomi | toYaml | nindent 10 }}
domain: {{ $v.cluster | get "domainSuffix" nil }}
- services: {{- $coreAdminServices | toYaml | nindent 10 }}
- resourceQuota: null
+ services: {{- concat $coreAdminServices ($v.teamConfig | get "admin.services" list) | toYaml | nindent 10 }}
+ resourceQuota: null
\ No newline at end of file
diff --git a/helmfile.d/helmfile-60.teams.yaml b/helmfile.d/helmfile-60.teams.yaml
index 0b1b617de01b421653b3065769fe7b1bdbd6eeee..f5a8324319905451b914318de69d12504b377c19 100644
--- a/helmfile.d/helmfile-60.teams.yaml
+++ b/helmfile.d/helmfile-60.teams.yaml
@@ -25,7 +25,7 @@ bases:
{{- $opsgenieTpl := tpl (readFile "../helmfile.d/snippets/alertmanager/opsgenie.gotmpl") $v | toString }}
releases:
-{{- range $teamId, $team := omit $tc "admin" }}
+{{- range $teamId, $team := omit $tc "admin" }}
{{- $teamServices := ($team | get "services" list) }}
{{- $domain := printf "team-%s.%s" $teamId $v.cluster.domainSuffix }}
{{- $appsDomain := printf "apps.%s" $domain }}
diff --git a/helmfile.d/snippets/domains.gotmpl b/helmfile.d/snippets/domains.gotmpl
index 078815717419c9100ef3b53520fec72375468183..c908a343bc8230f21cb2bd84de523cc4702abcce 100644
--- a/helmfile.d/snippets/domains.gotmpl
+++ b/helmfile.d/snippets/domains.gotmpl
@@ -15,10 +15,9 @@
{{- end }}
{{- end }}
{{- $domains := dict }}
-{{- $_ := set $tc "admin" dict }}
{{- range $teamId, $team := $tc }}
{{- $baseDomain := printf "%s%s" (eq $teamId "admin" | ternary "" (printf "team-%s." $teamId)) $v.cluster.domainSuffix }}
- {{- $services := (eq $teamId "admin" | ternary $coreAdminServices (concat $coreTeamServices ($team | get "services" list))) }}
+ {{- $services := (eq $teamId "admin" | ternary (concat $coreAdminServices ($team | get "services" list)) (concat $coreTeamServices ($team | get "services" list))) }}
{{- range $s := $services }}
{{- $domain := printf "apps.%s" $baseDomain }}
{{- if hasKey $s "domain" }}
diff --git a/helmfile.d/snippets/env.gotmpl b/helmfile.d/snippets/env.gotmpl
index 443340dc9aeda2e830ce0344a4e39b3dff146417..b2b048aa296f8311533fb6144c4da141986ee74c 100644
--- a/helmfile.d/snippets/env.gotmpl
+++ b/helmfile.d/snippets/env.gotmpl
@@ -29,7 +29,6 @@ environments:
{{- range $app := $apps }}{{ if ne $app "" }}
- {{ $app }}
{{- end }}{{ end }}
- - {{ $ENV_DIR }}/env/teams/apps.admin.yaml
{{- range $team := $teams }}
{{- range $type := list "apps" "services" "external-secrets" "jobs" }}
{{- if eq (exec "bash" (list "-c" (printf "( test -f $ENV_DIR/env/teams/%s.%s.yaml && echo 'true' ) || echo 'false'" $type $team)) | trim) "true" }}
diff --git a/values-schema.yaml b/values-schema.yaml
index cf68caef493819e32cfabaa98c2fa6a8cf410514..44017b71ae3f06f510cd77a6f49af3e29970b499 100644
--- a/values-schema.yaml
+++ b/values-schema.yaml
@@ -619,6 +619,7 @@ definitions:
type: integer
provider:
type: string
+ description: Enter the cloud provider of this cluster. Choose 'local' for laptop install (minikube, kind), and 'custom' for onprem clusters.
enum:
- aws
- azure
diff --git a/values/keycloak/keycloak.gotmpl b/values/keycloak/keycloak.gotmpl
index 5c15e297b3157fa921c6fdcaf1a34dde95604620..4e62a66b6fdd6aeb695a2e1cb8f289c1775996e2 100644
--- a/values/keycloak/keycloak.gotmpl
+++ b/values/keycloak/keycloak.gotmpl
@@ -1,7 +1,7 @@
{{- $v := .Values }}
{{- $k := $v.apps.keycloak }}
{{- $dbVendor := ($k | get "persistence.dbVendor" "postgres") }}
-
+{{- $pinnedConsoleVersion := "v0.5.4" }}
image:
tag: 15.1.1
contextPath: ""
@@ -51,7 +51,7 @@ startupScripts:
cp -Rv /themes/* /opt/jboss/keycloak/themes/
extraInitContainers: |
- name: keycloak-otomi-branding
- image: otomi/console:v{{ $v.versions.console }}
+ image: otomi/console:v{{ $pinnedConsoleVersion }}
imagePullPolicy: IfNotPresent
securityContext:
runAsUser: 1000
diff --git a/values/kubeapps/kubeapps.gotmpl b/values/kubeapps/kubeapps.gotmpl
index ff0e84533deabd81bf714dd0018493f11dc63f0a..e7c66f560d138d089d2b0aa275874775e4705388 100644
--- a/values/kubeapps/kubeapps.gotmpl
+++ b/values/kubeapps/kubeapps.gotmpl
@@ -22,7 +22,8 @@ authProxy:
# provider: oidc
# clientID: {{ $kk.idp.clientID }}
# clientSecret: {{ $kk.idp.clientSecret }}
-
+featureFlags:
+ operators: true
dashboard:
replicaCount: {{ $k.autoscaling.dashboard.minReplicas }}
frontend:
@@ -34,15 +35,16 @@ apprepository:
containerSecurityContext:
enabled: true
runAsUser: 1001
-{{- if or (gt (len $initialRepos) 0) $v.apps.harbor.enabled }}
initialRepos:
- {{- range $repo := $initialRepos }}
+ - name: bitnami
+ url: https://charts.bitnami.com/bitnami
+{{- range $repo := $initialRepos }}
- {{- toYaml $repo | nindent 6 }}
containerSecurityContext:
enabled: true
runAsUser: 1001
- {{- end }}
- {{- if $v.apps.harbor.enabled }}
+{{- end }}
+{{- if $v.apps.harbor.enabled }}
- name: harbor
type: helm
description: Local cluster chart repository
@@ -55,10 +57,9 @@ apprepository:
# password: {{ $h.registry.credentials.password }}
# TODO: remove next line when CA is truly supported: https://github.com/kubeapps/kubeapps/issues/515
tlsInsecureSkipVerify: {{ $v._derived.untrustedCA }}
- {{- if $v._derived.untrustedCA }}
+ {{- if $v._derived.untrustedCA }}
caCert: |
{{- /*$v._derived.caCert | nindent 8 */}}
- {{- end }}
{{- end }}
{{- end }}
metrics:
diff --git a/versions.yaml b/versions.yaml
index a6f4fc3a71a274f873545b8cf9d06d1f0a6bf838..6f68d3fc3647bfa5749efac5247e4fa321879229 100644
--- a/versions.yaml
+++ b/versions.yaml
@@ -1,3 +1,3 @@
-api: 0.5.2
-console: 0.5.4
+api: master
+console: master
tasks: 0.2.25