Skip to content

validatedpatterns/aap-config-chart

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

47 Commits
.github
.github
 
 
templates
templates
 
 
.gitignore
.gitignore
 
 
Chart.yaml
Chart.yaml
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
README.md.gotmpl
README.md.gotmpl
 
 
values.yaml
values.yaml
 
 

Repository files navigation

aap-config

Version: 0.2.2

A Helm chart to build and deploy secrets using external-secrets for ansible-edge-gitops

This chart is used to set up the Ansible Automation Platform Operator version 2.5.

Notable changes

  • v0.1.2: Introduce EXTRA_PLAYBOOK_OPTS to config job, to allow for extra vars and -v options (usually -vvv) to be passed to playbook to help debug it

  • v0.1.3: Introduce "bootstrap" phase; this means that the config job will run until it succeeds, and only then proceed to create the cronjob to re-configure. It also means the cronjob scheduling is nowehere near as aggressive (every even hour at the 10-minute mark instead of every ten minutes as previously).

  • v0.1.4: Use vp-rbac subchart to configure RBACs instead of local code. Introduce external secrets validation job to prevent argo from proceeding past ES creation and erroring out early.

  • v0.1.5: Extend default deadline for external secret validation job. Remove namespaces from external secrets validation.

  • v0.2.0: Breaking External Secrets API Version updated to v1 from v1beta1. To use this version, you will also need to update your pattern to use the openshift-external-secrets-operator and openshift-external-secrets helm chart.

  • v0.2.1: Support credential (HTTPS or SSH) injection for git client in AGOF config jobs.

  • v0.2.2: Make agof-vault-file optional. Allow for skipping of the local Vault Hub instance integration if desired.

VP-Secrets-v2

---
# NEVER COMMIT THESE VALUES TO GIT
version: "2.0"
secrets:
  - name: aap-manifest
    fields:
    - name: b64content
      path: 'full pathname of file containing Satellite Manifest for entitling Ansible Automation Platform'
      base64: true

  - name: automation-hub-token
    fields:
    - name: token
      value: 'An automation hub token for retrieving Certified and Validated Ansible content'

  # Optional
  - name: agof-vault-file
    fields:
    - name: agof-vault-file
      path: 'full pathname of a valid agof_vault file for secrets to overlay the iac config'
      base64: true

  # Optional, if git auth is needed
  - name: git-auth-secret
    fields:
    # HTTPS auth
    - name: username
      value: "Username to authenticate with"
    - value: password
      value: "Password to authenticate with"
    # SSH auth
    - name: .git-credentials
      value: "git credentials"
    - name: ssh-privatekey
      value: "An ssh private key"
    - name: known_hosts
      value: "SSH known hosts for SSH authentication"

Homepage: https://github.com/validatedpatterns/aap-config-chart.git

Requirements

Repository Name Version
https://charts.validatedpatterns.io vp-rbac 0.1.*

Values

Key Type Default Description
aapManifest.key string "secret/data/hub/aap-manifest"
agof.agof_repo string "https://github.com/validatedpatterns/agof.git"
agof.agof_revision string "v2"
agof.automationHubTokenKey string "secret/data/hub/automation-hub-token"
agof.doAutoHubVaultConfig bool true
agof.extraPlaybookOpts string ""
agof.gitAuthHttpsStyle string "auto"
agof.gitAuthSecret string ""
agof.gitAuthVaultKey string ""
agof.iac_repo string "https://github.com/validatedpatterns-demos/ansible-edge-gitops-hmi-config-as-code.git"
agof.iac_revision string "main"
agof.vaultFileKey string ""
configJob.activeDeadlineSeconds int 3600
configJob.configTimeout int 1800
configJob.image string "quay.io/hybridcloudpatterns/imperative-container:v1"
configJob.imagePullPolicy string "Always"
configJob.schedule string "10 */2 * * *"
secretStore.kind string "ClusterSecretStore"
secretStore.name string "vault-backend"
serviceAccountName string "aap-config-sa"
serviceAccountNamespace string "aap-config"
validationJob.activeDeadlineSeconds int 3600
validationJob.disabled bool false
vp-rbac.clusterRoles.view-routes.rules[0].apiGroups[0] string "route.openshift.io"
vp-rbac.clusterRoles.view-routes.rules[0].resources[0] string "routes"
vp-rbac.clusterRoles.view-routes.rules[0].verbs[0] string "get"
vp-rbac.clusterRoles.view-routes.rules[0].verbs[1] string "list"
vp-rbac.clusterRoles.view-routes.rules[0].verbs[2] string "watch"
vp-rbac.clusterRoles.view-secrets-cms.rules[0].apiGroups[0] string ""
vp-rbac.clusterRoles.view-secrets-cms.rules[0].resources[0] string "secrets"
vp-rbac.clusterRoles.view-secrets-cms.rules[0].resources[1] string "configmaps"
vp-rbac.clusterRoles.view-secrets-cms.rules[0].verbs[0] string "get"
vp-rbac.clusterRoles.view-secrets-cms.rules[0].verbs[1] string "list"
vp-rbac.clusterRoles.view-secrets-cms.rules[0].verbs[2] string "watch"
vp-rbac.roles.external-secrets-validator.rules[0].apiGroups[0] string "external-secrets.io"
vp-rbac.roles.external-secrets-validator.rules[0].resources[0] string "externalsecrets"
vp-rbac.roles.external-secrets-validator.rules[0].verbs[0] string "get"
vp-rbac.roles.external-secrets-validator.rules[0].verbs[1] string "list"
vp-rbac.roles.external-secrets-validator.rules[0].verbs[2] string "watch"
vp-rbac.roles.external-secrets-validator.rules[1].apiGroups[0] string ""
vp-rbac.roles.external-secrets-validator.rules[1].resources[0] string "secrets"
vp-rbac.roles.external-secrets-validator.rules[1].verbs[0] string "get"
vp-rbac.roles.external-secrets-validator.rules[1].verbs[1] string "list"
vp-rbac.roles.external-secrets-validator.rules[1].verbs[2] string "watch"
vp-rbac.roles.external-secrets-validator.rules[2].apiGroups[0] string "authorization.k8s.io"
vp-rbac.roles.external-secrets-validator.rules[2].resources[0] string "selfsubjectrulesreviews"
vp-rbac.roles.external-secrets-validator.rules[2].verbs[0] string "create"
vp-rbac.roles.view-all.rules[0].apiGroups[0] string "*"
vp-rbac.roles.view-all.rules[0].resources[0] string "*"
vp-rbac.roles.view-all.rules[0].verbs[0] string "get"
vp-rbac.roles.view-all.rules[0].verbs[1] string "list"
vp-rbac.roles.view-all.rules[0].verbs[2] string "watch"
vp-rbac.serviceAccounts.aap-config-sa.namespace string "aap-config"
vp-rbac.serviceAccounts.aap-config-sa.roleBindings.clusterRoles[0] string "view-secrets-cms"
vp-rbac.serviceAccounts.aap-config-sa.roleBindings.clusterRoles[1] string "view-routes"
vp-rbac.serviceAccounts.aap-config-sa.roleBindings.roles[0] string "view-all"
vp-rbac.serviceAccounts.aap-config-sa.roleBindings.roles[1] string "external-secrets-validator"

Autogenerated from chart metadata using helm-docs v1.14.2

About

Ansible Automation Platform configuration chart for AAP >= 2.5

Topics

helm-chart

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

3 forks
Report repository

Releases

9 tags

Packages

 
 
 

Contributors

Languages