diff --git a/Makefile b/Makefile index 038a7904a..e174bc185 100644 --- a/Makefile +++ b/Makefile @@ -3,24 +3,7 @@ include Makefile-common default: show .PHONY: help -# No need to add a comment here as help is described in common/ ##@ Pattern tasks - -help: - @make -f common/Makefile MAKEFILE_LIST="Makefile common/Makefile" help - -%: - make -f common/Makefile $* - -.PHONY: install -install: operator-deploy post-install ## installs the pattern, inits the vault and loads the secrets - @echo "Installed" - -.PHONY: post-install -post-install: ## Post-install tasks - make load-secrets - @echo "Done" - .PHONY: check-pipeline-resources check-pipeline-resources: ## wait for all seed resources to be present scripts/check-pipeline-resources.sh diff --git a/ansible/playbooks/clone_upstream_repos_gitea.yml b/ansible/playbooks/clone_upstream_repos_gitea.yml index 1078bdd55..73fb0650e 100644 --- a/ansible/playbooks/clone_upstream_repos_gitea.yml +++ b/ansible/playbooks/clone_upstream_repos_gitea.yml @@ -38,6 +38,7 @@ - name: Does repo already exist ansible.builtin.uri: + validate_certs: false url: "{{ gitea_repos_route }}" register: repo_exists failed_when: false @@ -48,6 +49,7 @@ - name: Migrate repository ansible.builtin.uri: + validate_certs: false url: "{{ gitea_migrate_route }}" user: "{{ gitea_username }}" password: "{{ gitea_password }}" diff --git a/charts/datacenter/data-science-project/templates/dev-project.yaml b/charts/datacenter/data-science-project/templates/dev-project.yaml index d71d96afb..1eb68078d 100644 --- a/charts/datacenter/data-science-project/templates/dev-project.yaml +++ b/charts/datacenter/data-science-project/templates/dev-project.yaml @@ -110,24 +110,6 @@ spec: - 'true' weight: 1 initContainers: - - name: fetch-ca - image: image-registry.openshift-image-registry.svc:5000/redhat-ods-applications/industrial-edge:industrial-edge-v0.1.0 - imagePullPolicy: Always - command: - - 'sh' - - '-c' - - >- - cat /var/run/kube-root-ca/ca.crt /var/run/trusted-ca/ca-bundle.crt /var/run/openshift-service-ca/service-ca.crt > /tmp/ca-bundles/ca-bundle.crt || true; - ls -l /tmp/ca-bundles/ - volumeMounts: - - mountPath: /var/run/kube-root-ca - name: kube-root-ca - - mountPath: /var/run/trusted-ca - name: trusted-ca-bundle - - mountPath: /var/run/openshift-service-ca - name: openshift-service-ca - - mountPath: /tmp/ca-bundles - name: ca-bundles - name: git-init image: image-registry.openshift-image-registry.svc:5000/redhat-ods-applications/industrial-edge:industrial-edge-v0.1.0 imagePullPolicy: Always @@ -135,18 +117,12 @@ spec: - 'sh' - '-c' - >- - if [ ! -d /opt/app-root/src/manuela-dev ]; then export GIT_SSL_CAINFO=/etc/pki/tls/custom-certs/ca-bundle.crt; git clone --single-branch -b {{ .Values.global.git.dev_revision }} {{ $full_giturl }} /opt/app-root/src/manuela-dev; fi + if [ ! -d /opt/app-root/src/manuela-dev ]; then export GIT_SSL_NO_VERIFY=true; git clone --single-branch -b {{ .Values.global.git.dev_revision }} {{ $full_giturl }} /opt/app-root/src/manuela-dev; fi volumeMounts: - mountPath: /opt/app-root/src name: jupyterlab - mountPath: /opt/app-root/runtimes name: elyra-dsp-details - - mountPath: /dev/shm - name: shm - - mountPath: /etc/pki/tls/custom-certs/ca-bundle.crt - name: ca-bundles - readOnly: true - subPath: ca-bundle.crt containers: - resources: limits: @@ -217,9 +193,11 @@ spec: - mountPath: /dev/shm name: shm - mountPath: /etc/pki/tls/custom-certs/ca-bundle.crt - name: ca-bundles + name: trusted-ca readOnly: true subPath: ca-bundle.crt + - mountPath: /opt/app-root/pipeline-runtimes/ + name: runtime-images image: image-registry.openshift-image-registry.svc:5000/redhat-ods-applications/industrial-edge:industrial-edge-v0.1.0 workingDir: /opt/app-root/src - resources: @@ -261,6 +239,8 @@ spec: protocol: TCP imagePullPolicy: Always volumeMounts: + - mountPath: /etc/oauth/client + name: oauth-client - mountPath: /etc/oauth/config name: oauth-config - mountPath: /etc/tls/private @@ -278,6 +258,9 @@ spec: - '--upstream-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt' - '--email-domain=*' - '--skip-provider-button' + - '--client-id=jupyterlab-ml-development-oauth-client' + - '--client-secret-file=/etc/oauth/client/secret' + - '--scope=user:info user:check-access' - >- --openshift-sar={"verb":"get","resource":"notebooks","resourceAPIGroup":"kubeflow.org","resourceName":"jupyterlab","namespace":"$(NAMESPACE)"} - >- @@ -316,6 +299,21 @@ spec: defaultMode: 420 - name: ca-bundles emptyDir: {} + - configMap: + items: + - key: ca-bundle.crt + path: ca-bundle.crt + name: workbench-trusted-ca-bundle + optional: true + name: trusted-ca + - configMap: + name: pipeline-runtime-images + optional: true + name: runtime-images + - name: oauth-client + secret: + defaultMode: 420 + secretName: jupyterlab-oauth-client --- apiVersion: objectbucket.io/v1alpha1 kind: ObjectBucketClaim @@ -480,6 +478,14 @@ spec: name: s3-browser - mountPath: /dev/shm name: shm + - mountPath: /etc/pki/tls/custom-certs/ca-bundle.crt + name: trusted-ca + readOnly: true + subPath: ca-bundle.crt + - mountPath: /opt/app-root/pipeline-runtimes/ + name: runtime-images + - mountPath: /opt/app-root/runtimes + name: elyra-dsp-details envFrom: - secretRef: name: aws-connection-user-bucket @@ -524,6 +530,8 @@ spec: protocol: TCP imagePullPolicy: Always volumeMounts: + - mountPath: /etc/oauth/client + name: oauth-client - mountPath: /etc/oauth/config name: oauth-config - mountPath: /etc/tls/private @@ -541,6 +549,9 @@ spec: - '--upstream-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt' - '--email-domain=*' - '--skip-provider-button' + - '--client-id=s3-browser-ml-development-oauth-client' + - '--client-secret-file=/etc/oauth/client/secret' + - '--scope=user:info user:check-access' - >- --openshift-sar={"verb":"get","resource":"notebooks","resourceAPIGroup":"kubeflow.org","resourceName":"s3-browser","namespace":"$(NAMESPACE)"} - >- @@ -576,6 +587,25 @@ spec: defaultMode: 420 - name: ca-bundles emptyDir: {} + - configMap: + items: + - key: ca-bundle.crt + path: ca-bundle.crt + name: workbench-trusted-ca-bundle + optional: true + name: trusted-ca + - configMap: + name: pipeline-runtime-images + optional: true + name: runtime-images + - name: elyra-dsp-details + secret: + optional: true + secretName: ds-pipeline-config + - name: oauth-client + secret: + defaultMode: 420 + secretName: s3-browser-oauth-client --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -587,6 +617,7 @@ metadata: subjects: - kind: ServiceAccount name: jupyterlab + namespace: ml-development roleRef: apiGroup: rbac.authorization.k8s.io kind: Role diff --git a/tests/interop/test_subscription_status_edge.py b/tests/interop/test_subscription_status_edge.py index a5ad2a014..3dc3c6293 100644 --- a/tests/interop/test_subscription_status_edge.py +++ b/tests/interop/test_subscription_status_edge.py @@ -12,7 +12,7 @@ def test_subscription_status_edge(openshift_dyn_client): # These are the operator subscriptions and their associated namespaces expected_subs = { - "openshift-gitops-operator": ["openshift-operators"], + "openshift-gitops-operator": ["openshift-gitops-operator"], "amq-broker-rhel8": ["manuela-stormshift-messaging"], "amq-streams": ["manuela-stormshift-messaging"], "red-hat-camel-k": ["manuela-stormshift-messaging"], diff --git a/tests/interop/test_subscription_status_hub.py b/tests/interop/test_subscription_status_hub.py index 0cd72b81d..5bc301851 100644 --- a/tests/interop/test_subscription_status_hub.py +++ b/tests/interop/test_subscription_status_hub.py @@ -19,7 +19,7 @@ def test_subscription_status_hub(openshift_dyn_client): # These are the operator subscriptions and their associated namespaces if ver == "4.18" or ver == "4.20" or ver == "4.21": expected_subs = { - "openshift-gitops-operator": ["openshift-operators"], + "openshift-gitops-operator": ["openshift-gitops-operator"], "advanced-cluster-management": ["open-cluster-management"], "openshift-pipelines-operator-rh": ["openshift-operators"], "amq-broker-rhel8": ["manuela-tst-all"], diff --git a/values-datacenter.yaml b/values-datacenter.yaml index f8be4f663..7e154a0b1 100644 --- a/values-datacenter.yaml +++ b/values-datacenter.yaml @@ -68,7 +68,7 @@ clusterGroup: ods: name: rhods-operator - channel: stable-2.16 + channel: stable-2.25 namespace: redhat-ods-operator projects: @@ -219,7 +219,7 @@ clusterGroup: - "upstream_repo_url=https://github.com/validatedpatterns-demos/manuela-dev" timeout: 180 - name: copy-initial-model-to-incluster-s3 - image: quay.io/hybridcloudpatterns/utility-container:latest + image: quay.io/validatedpatterns/utility-container:latest playbook: ./ansible/playbooks/copy_initial_object_to_incluster_s3.yml extravars: - "bucket_name=user-bucket" @@ -227,7 +227,7 @@ clusterGroup: - "object_name=initial_model.joblib" timeout: 180 - name: copy-initial-training-data-to-incluster-s3 - image: quay.io/hybridcloudpatterns/utility-container:latest + image: quay.io/validatedpatterns/utility-container:latest playbook: ./ansible/playbooks/copy_initial_object_to_incluster_s3.yml extravars: - "bucket_name=user-bucket" diff --git a/values-factory.yaml b/values-factory.yaml index 7719c31f3..3c4c82032 100644 --- a/values-factory.yaml +++ b/values-factory.yaml @@ -27,7 +27,7 @@ clusterGroup: namespace: manuela-stormshift-messaging - name: rhods-operator - channel: stable-2.16 + channel: stable-2.25 namespace: redhat-ods-operator projects: