Merge pull request #391 from cloud-pi-native/refactor/argo-redis-open…

…shift

Refactor/argo redis openshift

roles/argocd/templates/ingress.yaml.j2

@@ -12,6 +12,7 @@ metadata:
     {{ key }}: {{ val }}
 {% endfor %}
 spec:
+  ingressClassName: {{ dsc.ingress.className | default('') }}
 {% if not dsc.ingress.tls.type == 'none' %}
   tls:
   - hosts:
@@ -49,6 +50,7 @@ metadata:
     {{ key }}: {{ val }}
 {% endfor %}
 spec:
+  ingressClassName: {{ dsc.ingress.className | default('') }}
 {% if not dsc.ingress.tls.type == 'none' %}
   tls:
   - hosts:

roles/argocd/templates/values/10-redis-openshift.j2

@@ -1,10 +1,7 @@
 {% if dsc.global.platform == "openshift" %}
 redis-ha:
-  containerSecurityContext:
-    runAsUser: null
-    runAsGroup: null
-  haproxy:
-    containerSecurityContext:
-      runAsUser: null
-      runAsGroup: null
+  global:
+    compatibility:
+      openshift:
+        adaptSecurityContext: auto
 {% endif %}

roles/vault/tasks/check.yml

@@ -7,6 +7,7 @@
     command: vault status -format=json
   register: vault_status
   ignore_errors: true
+  changed_when: false
 
 - name: Set vault_initialized fact
   ansible.builtin.set_fact:

roles/vault/tasks/post-install.yml

@@ -478,6 +478,18 @@
       "canonical_id": "{{ user_group.json.data.id }}"
     body_format: json
 
+- name: set oidc method as default
+  ansible.builtin.uri:
+    validate_certs: "{{ dsc.exposedCA.type == 'none' }}"
+    url: "https://{{ vault_domain }}/v1/sys/auth/oidc/tune"
+    method: POST
+    status_code: [204]
+    headers:
+      "X-Vault-Token": "{{ vault_token }}"
+    body:
+      "listing_visibility": "unauth"
+    body_format: json
+
 # AppRole
 - name: Get auth methods
   ansible.builtin.uri: