diff --git a/catalog/catalog.yaml b/catalog/catalog.yaml
index 1546fe7..a0b9ba4 100644
--- a/catalog/catalog.yaml
+++ b/catalog/catalog.yaml
@@ -1,10 +1,11 @@
-generated_at: "2026-03-13T15:39:18Z"
+generated_at: "2026-04-16T07:30:15Z"
generator_version: "1.0"
catalog_description: 'Additional patterns can be found here: validatedpatterns.io'
patterns:
- ansible-edge-gitops
- - industrial-edge
- - medical-diagnosis
+ - layered-zero-trust
+ - mlops-fraud-detection
- multicloud-gitops
- rag-llm-gitops
- - openshift-ai
+ - travelops
+ - hypershift
diff --git a/catalog/hypershift/pattern.yaml b/catalog/hypershift/pattern.yaml
new file mode 100644
index 0000000..54fac04
--- /dev/null
+++ b/catalog/hypershift/pattern.yaml
@@ -0,0 +1,42 @@
+metadata_version: "1.0"
+name: hypershift
+description: An infrastructure pattern for deploying and managing OpenShift clusters using HyperShift.
+pattern_version: "1.0"
+display_name: HyperShift
+repo_url: https://github.com/validatedpatterns-sandbox/hypershift
+docs_repo_url: https://github.com/validatedpatterns/docs
+issues_url: https://github.com/validatedpatterns-sandbox/hypershift/issues
+docs_url: https://validatedpatterns.io/patterns/hypershift/
+ci_url: https://validatedpatterns.io/ci/?pattern=hypershift
+tier: tested
+owners:
+ - day0hero
+requirements:
+ hub:
+ compute:
+ gcp:
+ replicas: 3
+ type: n1-standard-8
+ azure:
+ replicas: 3
+ type: Standard_D8s_v3
+ aws:
+ replicas: 3
+ type: m5.4xlarge
+ controlPlane:
+ gcp:
+ replicas: 3
+ type: n1-standard-4
+ azure:
+ replicas: 3
+ type: Standard_D4s_v3
+ aws:
+ replicas: 3
+ type: m5.2xlarge
+extra_features:
+ hypershift_support: true
+ spoke_support: false
+external_requirements:
+ s3_bucket: true
+org: validatedpatterns-sandbox
+spoke: null
diff --git a/catalog/hypershift/values-secret.yaml.template b/catalog/hypershift/values-secret.yaml.template
new file mode 100644
index 0000000..a2be8ec
--- /dev/null
+++ b/catalog/hypershift/values-secret.yaml.template
@@ -0,0 +1,52 @@
+# A more formal description of this format can be found here:
+# https://github.com/hybrid-cloud-patterns/common/tree/main/ansible/roles/vault_utils#values-secret-file-format
+
+version: "2.0"
+# Ideally you NEVER COMMIT THESE VALUES TO GIT (although if all passwords are
+# automatically generated inside the vault this should not really matter)
+
+secrets:
+ - name: aws
+ fields:
+ - name: AWS_ACCESS_KEY_ID
+ ini_file: ~/.aws/credentials
+ ini_section: default
+ ini_key: aws_access_key_id
+ - name: AWS_SECRET_ACCESS_KEY
+ ini_file: ~/.aws/credentials
+ ini_key: aws_secret_access_key
+ - name: awsCreds
+ fields:
+ - name: credentials
+ path: ~/.aws/credentials
+# Begin groupsync/oauth config
+# - name: oauthCreds
+# fields:
+# - name: content
+# path: ~/.oauth
+# - name: githubGroupSync
+# fields:
+# - name: appId
+# value: "gh-app-appId"
+# - name: installationId
+# value: "gh-app-installationID"
+# - name: privateKey
+# path: ~/.github-group-sync.pem
+#
+# End groupsync/oauth config
+ #- name: publickey
+ # fields:
+ # - name: content
+ # path: ~/.ssh/id_rsa.pub
+ #- name: privatekey
+ # fields:
+ # - name: content
+ # path: ~/.ssh/id_rsa
+ #- name: openshiftPullSecret
+ # fields:
+ # - name: content
+ # path: ~/.pullsecret.json
+
+# Examples:
+# ~/.oauth
+# 123456789abcdefghijklmnop123456789abcdef
diff --git a/catalog/industrial-edge/pattern.yaml b/catalog/industrial-edge/pattern.yaml
deleted file mode 100644
index 5ea3987..0000000
--- a/catalog/industrial-edge/pattern.yaml
+++ /dev/null
@@ -1,62 +0,0 @@
-metadata_version: "1.0"
-name: industrial-edge
-pattern_version: "2.0"
-display_name: Industrial Edge
-repo_url: https://github.com/validatedpatterns/industrial-edge
-docs_repo_url: https://github.com/validatedpatterns/docs
-issues_url: https://github.com/validatedpatterns/industrial-edge/issues
-docs_url: https://validatedpatterns.io/patterns/industrial-edge/
-ci_url: https://validatedpatterns.io/ci/?pattern=industrialedge
-tier: tested
-owners:
- - mbaldessari
- - darkdoc
-requirements:
- hub:
- compute:
- gcp:
- replicas: 5
- type: n1-standard-16
- azure:
- replicas: 5
- type: Standard_D16s_v5
- aws:
- replicas: 4
- type: m5.4xlarge
- controlPlane:
- gcp:
- replicas: 3
- type: n1-standard-16
- azure:
- replicas: 3
- type: Standard_D16s_v3
- aws:
- replicas: 3
- type: m5.4xlarge
- spoke:
- compute:
- gcp:
- replicas: 3
- type: n1-standard-16
- azure:
- replicas: 3
- type: Standard_D16s_v5
- aws:
- replicas: 3
- type: m5.2xlarge
- controlPlane:
- gcp:
- replicas: 3
- type: n1-standard-16
- azure:
- replicas: 3
- type: Standard_D16s_v5
- aws:
- replicas: 3
- type: m5.2xlarge
-extra_features:
- hypershift_support: false
- spoke_support: true
-external_requirements: null
-org: validatedpatterns
-spoke: null
diff --git a/catalog/industrial-edge/values-secret.yaml.template b/catalog/industrial-edge/values-secret.yaml.template
deleted file mode 100644
index a6d3417..0000000
--- a/catalog/industrial-edge/values-secret.yaml.template
+++ /dev/null
@@ -1,14 +0,0 @@
-version: "2.0"
-secrets:
-# uncomment this if global.imageregistry.type is quay
-# - name: imageregistry
-# fields:
-# # eg. Quay -> Robot Accounts -> Robot Login
-# - name: username
-# onMissingValue: prompt
-# value: null
-# prompt: "Insert Quay Username"
-# - name: password
-# onMissingValue: prompt
-# value: null
-# prompt: "Insert Quay Password"
diff --git a/catalog/layered-zero-trust/pattern.yaml b/catalog/layered-zero-trust/pattern.yaml
new file mode 100644
index 0000000..e681f8c
--- /dev/null
+++ b/catalog/layered-zero-trust/pattern.yaml
@@ -0,0 +1,63 @@
+metadata_version: "1.0"
+name: layered-zero-trust
+description: The Layered Zero Trust pattern shows how to implement zero trust in a Red Hat OpenShift environment.
+pattern_version: "1.0"
+display_name: Layered Zero Trust
+repo_url: https://github.com/validatedpatterns/layered-zero-trust
+docs_repo_url: https://github.com/validatedpatterns/docs
+issues_url: https://github.com/validatedpatterns/layered-zero-trust/issues
+docs_url: https://validatedpatterns.io/patterns/layered-zero-trust/
+ci_url: https://validatedpatterns.io/ci/?pattern=layeredzerotrust
+tier: tested
+owners:
+ - sabre1041
+ - michaelepley
+requirements:
+ hub:
+ compute:
+ gcp:
+ replicas: 3
+ type: n1-standard-8
+ azure:
+ replicas: 3
+ type: Standard_D8s_v3
+ aws:
+ replicas: 3
+ type: m5.2xlarge
+ controlPlane:
+ gcp:
+ replicas: 3
+ type: n1-standard-4
+ azure:
+ replicas: 3
+ type: Standard_D4s_v3
+ aws:
+ replicas: 3
+ type: m5.xlarge
+ spoke:
+ compute:
+ gcp:
+ replicas: 0
+ type: n1-standard-8
+ azure:
+ replicas: 0
+ type: Standard_D8s_v3
+ aws:
+ replicas: 0
+ type: m5.2xlarge
+ controlPlane:
+ gcp:
+ replicas: 3
+ type: n1-standard-8
+ azure:
+ replicas: 3
+ type: Standard_D8s_v3
+ aws:
+ replicas: 3
+ type: m5.2xlarge
+extra_features:
+ hypershift_support: true
+ spoke_support: true
+external_requirements: null
+org: validatedpatterns
+spoke: null
diff --git a/catalog/layered-zero-trust/values-secret.yaml.template b/catalog/layered-zero-trust/values-secret.yaml.template
new file mode 100644
index 0000000..9185fc4
--- /dev/null
+++ b/catalog/layered-zero-trust/values-secret.yaml.template
@@ -0,0 +1,372 @@
+# A more formal description of this format can be found here:
+# https://github.com/validatedpatterns/rhvp.cluster_utils/tree/main/roles/vault_utils#values-secret-file-format
+
+version: "2.0"
+# Ideally you NEVER COMMIT THESE VALUES TO GIT (although if all passwords are
+# automatically generated inside the vault this should not really matter)
+
+# Vault Secret Organization:
+# --------------------------
+# Secrets are organized for least-privilege access:
+#
+# Application Secrets (fine-grained isolation):
+# apps/qtodo/ - QTodo application secrets (app-level isolation)
+# apps// - Add your app here for isolated secrets
+#
+# Infrastructure Secrets (hub/infra/*):
+# hub/infra/keycloak/ - Keycloak infrastructure secrets
+# hub/infra/rhtpa/ - RHTPA infrastructure secrets
+# hub/infra/quay/ - Quay registry credentials
+# hub/infra/users/ - User credentials managed by IdP
+#
+# Framework Secrets:
+# global/ - VP framework default (config-demo, etc.)
+#
+# Each path has a corresponding Vault policy granting access ONLY to its
+# specific path (e.g., apps-qtodo-secret grants read to secret/data/apps/qtodo/*).
+
+vaultPolicies:
+ basicPolicy: |
+ length=10
+ rule "charset" { charset = "abcdefghijklmnopqrstuvwxyz" min-chars = 1 }
+ rule "charset" { charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" min-chars = 1 }
+ rule "charset" { charset = "0123456789" min-chars = 1 }
+
+ advancedPolicy: |
+ length=20
+ rule "charset" { charset = "abcdefghijklmnopqrstuvwxyz" min-chars = 1 }
+ rule "charset" { charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" min-chars = 1 }
+ rule "charset" { charset = "0123456789" min-chars = 1 }
+ rule "charset" { charset = "!@#^&*" min-chars = 1 }
+
+ alphaNumericPolicy: |
+ length=32
+ rule "charset" { charset = "abcdefghijklmnopqrstuvwxyz" min-chars = 1 }
+ rule "charset" { charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" min-chars = 1 }
+ rule "charset" { charset = "0123456789" min-chars = 1 }
+
+secrets:
+ # ===========================================================================
+ # GLOBAL SECRETS (global/)
+ # VP framework default path for demo/test secrets
+ # ===========================================================================
+ - name: config-demo
+ vaultPrefixes:
+ - global
+ fields:
+ - name: secret
+ onMissingValue: generate
+ vaultPolicy: validatedPatternDefaultPolicy
+
+ # ===========================================================================
+ # QTODO APPLICATION SECRETS (apps/qtodo/)
+ # Secrets specific to the QTodo application - isolated at app level
+ # Policy: apps-qtodo-secret (read access to apps/qtodo/*)
+ # ===========================================================================
+ - name: qtodo-db
+ vaultPrefixes:
+ - apps/qtodo
+ fields:
+ - name: admin-password
+ onMissingValue: generate
+ vaultPolicy: validatedPatternDefaultPolicy
+ - name: db-password
+ onMissingValue: generate
+ vaultPolicy: validatedPatternDefaultPolicy
+
+ # qtodo-oidc-client secret is no longer needed — qtodo now authenticates
+ # to Keycloak using SPIFFE JWT SVID (federated client assertion)
+ #- name: qtodo-oidc-client
+ # vaultPrefixes:
+ # - apps/qtodo
+ # fields:
+ # - name: client-secret
+ # onMissingValue: generate
+ # vaultPolicy: alphaNumericPolicy
+
+ - name: qtodo-truststore
+ vaultPrefixes:
+ - apps/qtodo
+ fields:
+ - name: truststore-password
+ onMissingValue: generate
+ vaultPolicy: alphaNumericPolicy
+
+ # ===========================================================================
+ # ACS Secrets (Uncomment to enable)
+ # ===========================================================================
+ - name: acs-central
+ vaultPrefixes:
+ - hub/infra/acs
+ fields:
+ - name: admin-password
+ onMissingValue: generate
+ vaultPolicy: validatedPatternDefaultPolicy
+
+ # NOTE: Init bundle is NOT needed for same-cluster deployments.
+ # The RHACS operator auto-generates authentication when Central and
+ # SecuredCluster are on the same cluster. Only uncomment for multi-cluster
+ # scenarios where you need to connect remote secured clusters.
+ #- name: acs-init-bundle
+ # vaultPrefixes:
+ # - hub/infra/acs
+ # fields:
+ # - name: init-bundle
+ # onMissingValue: ignore # Must be generated manually via roxctl
+
+ # ===========================================================================
+ # KEYCLOAK INFRASTRUCTURE SECRETS (hub/infra/keycloak/)
+ # Secrets for Keycloak infrastructure deployment
+ # Policy: hub-infra-keycloak-secret (read access to hub/infra/keycloak/*)
+ # ===========================================================================
+ - name: keycloak
+ vaultPrefixes:
+ - hub/infra/keycloak
+ fields:
+ - name: admin-password
+ onMissingValue: generate
+ vaultPolicy: validatedPatternDefaultPolicy
+ - name: db-password
+ onMissingValue: generate
+ vaultPolicy: validatedPatternDefaultPolicy
+
+ # ===========================================================================
+ # RHTPA INFRASTRUCTURE SECRETS (hub/infra/rhtpa/)
+ # Secrets for Red Hat Trusted Profile Analyzer infrastructure
+ # Policy: hub-infra-rhtpa-secret (read access to hub/infra/rhtpa/*)
+ # ===========================================================================
+ - name: rhtpa-db
+ vaultPrefixes:
+ - hub/infra/rhtpa
+ fields:
+ - name: db-password
+ onMissingValue: generate
+ vaultPolicy: alphaNumericPolicy
+
+ - name: rhtpa-oidc-cli
+ vaultPrefixes:
+ - hub/infra/rhtpa
+ fields:
+ - name: client-secret
+ onMissingValue: generate
+ vaultPolicy: alphaNumericPolicy
+
+ # ===========================================================================
+ # USER CREDENTIALS (hub/infra/users/)
+ # User passwords managed by Keycloak for application access
+ # Policy: hub-infra-users-secret (Keycloak needs to provision these)
+ # ===========================================================================
+ - name: keycloak-users
+ vaultPrefixes:
+ - hub/infra/users
+ fields:
+ - name: qtodo-admin-password
+ onMissingValue: generate
+ vaultPolicy: validatedPatternDefaultPolicy
+ - name: qtodo-user1-password
+ onMissingValue: generate
+ vaultPolicy: validatedPatternDefaultPolicy
+ - name: rhtas-user-password
+ onMissingValue: generate
+ vaultPolicy: validatedPatternDefaultPolicy
+ - name: rhtpa-user-password
+ onMissingValue: generate
+ vaultPolicy: alphaNumericPolicy
+
+ # ===========================================================================
+ # QUAY INFRASTRUCTURE SECRETS (hub/infra/quay/)
+ # Registry credentials for Quay
+ # Policy: hub-infra-quay-secret (read access to hub/infra/quay/*)
+ # ===========================================================================
+ - name: quay-users
+ vaultPrefixes:
+ - hub/infra/quay
+ fields:
+ - name: quay-admin-password
+ onMissingValue: generate
+ vaultPolicy: validatedPatternDefaultPolicy
+ - name: quay-user-password
+ onMissingValue: generate
+ vaultPolicy: validatedPatternDefaultPolicy
+
+ # External Registry Credentials (e.g., Quay.io, Docker Hub, GHCR)
+ # Reserved for future use with container signing workflows
+ # Uncomment and provide your credentials when needed
+ #- name: external-registry
+ # vaultPrefixes:
+ # - hub/infra
+ # fields:
+ # - name: username
+ # value: "your-registry-username" # Replace with your username
+ # onMissingValue: error
+ # - name: password
+ # value: "your-registry-token" # Replace with your token/password
+ # onMissingValue: error
+
+ # ===========================================================================
+ # COCO (CONFIDENTIAL CONTAINERS) SECRETS
+ # Uncomment the secrets below when deploying with CoCo support.
+ # Pre-deployment steps:
+ # 1. Run ./scripts/gen-secrets-coco.sh to generate KBS keypair
+ # 2. Run ./scripts/get-pcr.sh to retrieve PCR measurements
+ # ===========================================================================
+
+ # SSH keys for podvm debug access (optional).
+ # Note: dm-verity based podvm images do not support SSH key injection by design.
+ # This only works with non-dm-verity images built with SSH debug enabled.
+ #- name: sshKey
+ # vaultPrefixes:
+ # - global
+ # fields:
+ # - name: id_rsa.pub
+ # path: ~/.config/validated-patterns/id_rsa.pub
+ # - name: id_rsa
+ # path: ~/.config/validated-patterns/id_rsa
+
+ # Container Image Signature Verification Policy
+ # Controls which container images are allowed to run in confidential containers.
+ # The policy is fetched by the TEE via initdata using image_security_policy_uri.
+ #
+ # Three policy variants are provided:
+ # - insecure: Accept all images (for development/testing only)
+ # - reject: Reject all images (useful for testing policy enforcement)
+ # - signed: Only accept images signed with cosign (for production)
+ #
+ # Select policy in initdata:
+ # image_security_policy_uri = 'kbs:///default/security-policy/insecure'
+ #
+ # TODO: Rename to 'container-image-policy' in trustee-chart to better reflect
+ # that this is about container image signature verification, not general security policy.
+ #- name: securityPolicyConfig
+ # vaultPrefixes:
+ # - hub
+ # fields:
+ # # Accept all images without verification (INSECURE - dev/testing only)
+ # - name: insecure
+ # value: |
+ # {
+ # "default": [{"type": "insecureAcceptAnything"}],
+ # "transports": {}
+ # }
+ # # Reject all images (useful for testing policy enforcement)
+ # - name: reject
+ # value: |
+ # {
+ # "default": [{"type": "reject"}],
+ # "transports": {}
+ # }
+ # # Only accept signed images (production)
+ # # Edit the transports section to add your signed images.
+ # # Each image needs a corresponding cosign public key in cosign-keys secret.
+ # - name: signed
+ # value: |
+ # {
+ # "default": [{"type": "reject"}],
+ # "transports": {
+ # "docker": {
+ # "registry.example.com/my-image": [
+ # {
+ # "type": "sigstoreSigned",
+ # "keyPath": "kbs:///default/cosign-keys/key-0"
+ # }
+ # ]
+ # }
+ # }
+ # }
+
+ # PCR measurements for attestation.
+ # Required: run ./scripts/get-pcr.sh before deploying.
+ #- name: pcrStash
+ # vaultPrefixes:
+ # - hub
+ # fields:
+ # - name: json
+ # path: ~/.config/validated-patterns/trustee/measurements.json
+
+ # Attestation status resource accessible via KBS/CDH from inside the TEE.
+ # Workloads can fetch this to confirm they are running in an attested environment.
+ #- name: attestationStatus
+ # vaultPrefixes:
+ # - hub
+ # fields:
+ # - name: status
+ # value: 'attested'
+ # - name: random
+ # value: ''
+ # onMissingValue: generate
+ # vaultPolicy: validatedPatternDefaultPolicy
+
+ # Cosign public keys for image signature verification
+ # Required when using the "signed" policy above.
+ # Add your cosign public key files here.
+ # Generate a cosign key pair: cosign generate-key-pair
+ #- name: cosign-keys
+ # vaultPrefixes:
+ # - hub
+ # fields:
+ # - name: key-0
+ # path: ~/.config/validated-patterns/trustee/cosign-key-0.pub
+
+ # KBS authentication keys (Ed25519) for Trustee admin API
+ # Generate with:
+ # mkdir -p ~/.config/validated-patterns/trustee
+ # openssl genpkey -algorithm ed25519 > ~/.config/validated-patterns/trustee/kbsPrivateKey
+ # openssl pkey -in ~/.config/validated-patterns/trustee/kbsPrivateKey -pubout -out ~/.config/validated-patterns/trustee/kbsPublicKey
+ # chmod 600 ~/.config/validated-patterns/trustee/kbsPrivateKey
+ #- name: kbsPublicKey
+ # vaultPrefixes:
+ # - hub
+ # fields:
+ # - name: publicKey
+ # path: ~/.config/validated-patterns/trustee/kbsPublicKey
+
+ #- name: passphrase
+ # vaultPrefixes:
+ # - hub
+ # fields:
+ # - name: passphrase
+ # value: ''
+ # onMissingValue: generate
+ # vaultPolicy: validatedPatternDefaultPolicy
+
+ # ===========================================================================
+ # HUB-SPECIFIC SECRETS (hub/)
+ # Secrets for hub cluster management (spoke kubeconfigs, etc.)
+ # Policy: hub-secret (built-in VP policy)
+ # ===========================================================================
+ # If you use clusterPools you will need to uncomment the following lines
+ #- name: aws
+ # fields:
+ # - name: aws_access_key_id
+ # ini_file: ~/.aws/credentials
+ # ini_section: default
+ # ini_key: aws_access_key_id
+ # - name: aws_secret_access_key
+ # ini_file: ~/.aws/credentials
+ # ini_key: aws_secret_access_key
+ #- name: publickey
+ # fields:
+ # - name: content
+ # path: ~/.ssh/id_rsa.pub
+ #- name: privatekey
+ # fields:
+ # - name: content
+ # path: ~/.ssh/id_rsa
+ #- name: openshiftPullSecret
+ # fields:
+ # - name: content
+ # path: ~/.pullsecret.json
+
+ # If you are going to import spoke clusters, add here their kubeconfig entries
+ #- name: kubeconfig-spoke-1
+ # vaultPrefixes:
+ # - hub
+ # fields:
+ # - name: content
+ # path: ~/.kube/kubeconfig-ztvp-spoke
+ #- name: kubeconfig-spoke-2
+ # vaultPrefixes:
+ # - hub
+ # fields:
+ # - name: content
+ # path: ~/.kube/kubeconfig-ztvp-spoke-2
diff --git a/catalog/medical-diagnosis/pattern.yaml b/catalog/medical-diagnosis/pattern.yaml
deleted file mode 100644
index 8e34898..0000000
--- a/catalog/medical-diagnosis/pattern.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-metadata_version: "1.0"
-name: medical-diagnosis
-pattern_version: "1.0"
-display_name: Medical Diagnosis
-repo_url: https://github.com/validatedpatterns/medical-diagnosis
-docs_repo_url: https://github.com/validatedpatterns/docs
-issues_url: https://github.com/validatedpatterns/medical-diagnosis/issues
-docs_url: https://validatedpatterns.io/patterns/medical-diagnosis/
-ci_url: https://validatedpatterns.io/ci/?pattern=medicaldiag
-tier: maintained
-owners:
- - day0hero
-requirements:
- hub:
- compute:
- gcp:
- replicas: 5
- type: n1-standard-16
- azure:
- replicas: 5
- type: Standard_D16s_v3
- aws:
- replicas: 5
- type: m5.4xlarge
- controlPlane:
- gcp:
- replicas: 3
- type: n1-standard-4
- azure:
- replicas: 3
- type: Standard_D4s_v3
- aws:
- replicas: 3
- type: m5.xlarge
-extra_features:
- hypershift_support: false
- spoke_support: false
-external_requirements: null
-org: validatedpatterns
-spoke: null
diff --git a/catalog/medical-diagnosis/values-secret.yaml.template b/catalog/medical-diagnosis/values-secret.yaml.template
deleted file mode 100644
index 8e066f9..0000000
--- a/catalog/medical-diagnosis/values-secret.yaml.template
+++ /dev/null
@@ -1,45 +0,0 @@
----
-version: "2.0"
-
-# Due to some bug in one of the python container that we can't modify
-# the db password for the user can't contain special characters
-
-vaultPolicies:
- basicPolicy: |
- length=10
- rule "charset" { charset = "abcdefghijklmnopqrstuvwxyz" min-chars = 1 }
- rule "charset" { charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" min-chars = 1 }
- rule "charset" { charset = "0123456789" min-chars = 1 }
-
-secrets:
- # NEVER COMMIT THESE VALUES TO GIT
-
- # Database login credentials and configuration
- - name: xraylab
- fields:
- - name: database-user
- value: xraylab
- - name: database-host
- value: xraylabdb
- - name: database-db
- value: xraylabdb
- - name: database-master-user
- value: xraylab
- - name: database-password
- onMissingValue: generate
- vaultPolicy: basicPolicy
- - name: database-root-password
- onMissingValue: generate
- vaultPolicy: validatedPatternDefaultPolicy
- - name: database-master-password
- onMissingValue: generate
- vaultPolicy: validatedPatternDefaultPolicy
-
- # Grafana Dashboard admin user/password
- - name: grafana
- fields:
- - name: GF_SECURITY_ADMIN_USER
- value: root
- - name: GF_SECURITY_ADMIN_PASSWORD
- onMissingValue: generate
- vaultPolicy: validatedPatternDefaultPolicy
diff --git a/catalog/mlops-fraud-detection/pattern.yaml b/catalog/mlops-fraud-detection/pattern.yaml
new file mode 100644
index 0000000..fad1f7f
--- /dev/null
+++ b/catalog/mlops-fraud-detection/pattern.yaml
@@ -0,0 +1,41 @@
+metadata_version: "1.0"
+name: mlops-fraud-detection
+description: Build, train and serve models in RHOAI to detect credit card fraud using Kubeflow Pipelines, KServe and Minio
+pattern_version: "1.0"
+display_name: MLOps Fraud Detection
+repo_url: https://github.com/validatedpatterns/mlops-fraud-detection
+docs_repo_url: https://github.com/validatedpatterns/docs
+issues_url: https://github.com/validatedpatterns/mlops-fraud-detection/issues
+docs_url: https://validatedpatterns.io/patterns/mlops-fraud-detection/
+ci_url: https://validatedpatterns.io/ci/?pattern=mlopsfraud
+tier: sandbox
+owners:
+ - dminnear-rh
+requirements:
+ hub:
+ compute:
+ gcp:
+ replicas: 3
+ type: n1-standard-8
+ azure:
+ replicas: 3
+ type: Standard_D8s_v3
+ aws:
+ replicas: 3
+ type: m5.2xlarge
+ controlPlane:
+ gcp:
+ replicas: 3
+ type: n1-standard-4
+ azure:
+ replicas: 3
+ type: Standard_D4s_v3
+ aws:
+ replicas: 3
+ type: m5.xlarge
+extra_features:
+ hypershift_support: false
+ spoke_support: false
+external_requirements: null
+org: validatedpatterns
+spoke: null
diff --git a/catalog/openshift-ai/pattern.yaml b/catalog/openshift-ai/pattern.yaml
deleted file mode 100644
index 055d814..0000000
--- a/catalog/openshift-ai/pattern.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-metadata_version: "1.0"
-name: openshift-ai
-pattern_version: "1.0"
-display_name: OpenShift AI
-repo_url: https://github.com/validatedpatterns-sandbox/openshift-ai
-docs_repo_url: https://github.com/validatedpatterns/docs
-issues_url: https://github.com/validatedpatterns-sandbox/openshift-ai/issues
-docs_url: https://validatedpatterns.io/patterns/openshift-ai
-ci_url: https://validatedpatterns.io/ci/?pattern=openshiftai
-tier: sandbox
-owners:
- - day0hero
-requirements:
- hub:
- compute:
- gcp:
- replicas: 3
- type: n2-standard-16
- azure:
- replicas: 3
- type: Standard_D16as_v4
- aws:
- replicas: 3
- type: m5.4xlarge
- controlPlane:
- gcp:
- replicas: 1
- type: n1-standard-8
- azure:
- replicas: 1
- type: Standard_D8s_v3
- aws:
- replicas: 1
- type: m5.2xlarge
-extra_features:
- hypershift_support: false
- spoke_support: false
-external_requirements: null
-org: validatedpatterns-sandbox
-spoke: null
diff --git a/catalog/openshift-ai/values-secret.yaml.template b/catalog/openshift-ai/values-secret.yaml.template
deleted file mode 100644
index 8f40e0a..0000000
--- a/catalog/openshift-ai/values-secret.yaml.template
+++ /dev/null
@@ -1,38 +0,0 @@
-# A more formal description of this format can be found here:
-# https://github.com/hybrid-cloud-patterns/common/tree/main/ansible/roles/vault_utils#values-secret-file-format
-
-version: "2.0"
-# Ideally you NEVER COMMIT THESE VALUES TO GIT (although if all passwords are
-# automatically generated inside the vault this should not really matter)
-
-secrets:
- - name: config-demo
- vaultPrefixes:
- - global
- fields:
- - name: secret
- onMissingValue: generate
- vaultPolicy: validatedPatternDefaultPolicy
-
- # If you use clusterPools you will need to uncomment the following lines
- #- name: aws
- # fields:
- # - name: aws_access_key_id
- # ini_file: ~/.aws/credentials
- # ini_section: default
- # ini_key: aws_access_key_id
- # - name: aws_secret_access_key
- # ini_file: ~/.aws/credentials
- # ini_key: aws_secret_access_key
- #- name: publickey
- # fields:
- # - name: content
- # path: ~/.ssh/id_rsa.pub
- #- name: privatekey
- # fields:
- # - name: content
- # path: ~/.ssh/id_rsa
- #- name: openshiftPullSecret
- # fields:
- # - name: content
- # path: ~/.pullsecret.json
diff --git a/catalog/travelops/pattern.yaml b/catalog/travelops/pattern.yaml
new file mode 100644
index 0000000..f6b6856
--- /dev/null
+++ b/catalog/travelops/pattern.yaml
@@ -0,0 +1,42 @@
+metadata_version: "1.0"
+name: travelops
+description: A pattern deploying a demo travel-booking stack on OpenShift with Service Mesh (Istio), mTLS, distributed tracing, and observability
+pattern_version: "1.0"
+display_name: TravelOps
+repo_url: https://github.com/validatedpatterns/travelops
+docs_repo_url: https://github.com/validatedpatterns/docs
+issues_url: https://github.com/validatedpatterns/travelops/issues
+docs_url: https://validatedpatterns.io/patterns/travelops/
+ci_url: https://validatedpatterns.io/ci/?pattern=travelops
+tier: tested
+owners:
+ - dminnear-rh
+ - day0hero
+requirements:
+ hub:
+ compute:
+ gcp:
+ replicas: 3
+ type: n1-standard-8
+ azure:
+ replicas: 3
+ type: Standard_D8s_v3
+ aws:
+ replicas: 3
+ type: m5.2xlarge
+ controlPlane:
+ gcp:
+ replicas: 3
+ type: n1-standard-4
+ azure:
+ replicas: 3
+ type: Standard_D4s_v3
+ aws:
+ replicas: 3
+ type: m5.xlarge
+extra_features:
+ hypershift_support: false
+ spoke_support: false
+external_requirements: null
+org: validatedpatterns
+spoke: null
diff --git a/catalog/travelops/values-secret.yaml.template b/catalog/travelops/values-secret.yaml.template
new file mode 100644
index 0000000..4915f3d
--- /dev/null
+++ b/catalog/travelops/values-secret.yaml.template
@@ -0,0 +1,24 @@
+# A more formal description of this format can be found here:
+# https://github.com/hybrid-cloud-patterns/common/tree/main/ansible/roles/vault_utils#values-secret-file-format
+
+version: "2.0"
+# Ideally you NEVER COMMIT THESE VALUES TO GIT (although if all passwords are
+# automatically generated inside the vault this should not really matter)
+
+secrets:
+ - name: mysql-credentials
+ vaultPrefixes:
+ - global
+ fields:
+ - name: rootpasswd
+ onMissingValue: generate
+ vaultPolicy: validatedPatternDefaultPolicy
+ - name: minio-credentials
+ vaultPrefixes:
+ - global
+ fields:
+ - name: accessKey
+ value: minioAccessKey
+ - name: secretKey
+ onMissingValue: generate
+ vaultPolicy: validatedPatternDefaultPolicy
diff --git a/pattern.schema.json b/pattern.schema.json
index 052ed16..8c9db0a 100644
--- a/pattern.schema.json
+++ b/pattern.schema.json
@@ -123,7 +123,7 @@
"description": "Additional notes about cluster sizing"
}
},
- "additionalProperties": false
+ "additionalProperties": true
}
]
},