integrate velero and minio in tests #1055
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Changes Rendered Chartdiff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-16 17:14:07.375065692 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-16 17:13:39.198119257 +0000
@@ -24,9 +24,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-16 17:14:07.369065701 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-16 17:13:39.194119263 +0000
@@ -19,23 +19,57 @@
application.instanceLabelKey: argocd.argoproj.io/instance
application.resourceTrackingMethod: annotation
application.sync.impersonation.enabled: "false"
exec.enabled: "false"
- resource.customizations: |
- argoproj.io/Application:
- health.lua: |
- hs = {}
- hs.status = "Progressing"
- hs.message = ""
- if obj.status ~= nil then
- if obj.status.health ~= nil then
- hs.status = obj.status.health.status
- if obj.status.health.message ~= nil then
- hs.message = obj.status.health.message
- end
- end
- end
- return hs
+ resource.customizations: "argoproj.io/Application:\n health.lua: |\n hs = {}\n hs.status = \"Progressing\"\n
+ \ hs.message = \"\"\n if obj.status ~= nil then\n if obj.status.health
+ ~= nil then\n hs.status = obj.status.health.status\n if obj.status.health.message
+ ~= nil then\n hs.message = obj.status.health.message\n end\n end\n
+ \ end\n return hs\n\n\"*.upbound.io/*\":\n health.lua: |\n health_status
+ = {\n status = \"Progressing\",\n message = \"Provisioning ...\"\n }\n\n
+ \ local function contains (table, val)\n for i, v in ipairs(table) do\n if
+ v == val then\n return true\n end\n end\n return false\n
+ \ end\n\n local has_no_status = {\n \"ProviderConfig\",\n \"ProviderConfigUsage\"\n
+ \ }\n\n if obj.status == nil or next(obj.status) == nil and contains(has_no_status,
+ obj.kind) then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is up-to-date.\"\n return health_status\n end\n\n if obj.status
+ == nil or next(obj.status) == nil or obj.status.conditions == nil then\n if
+ obj.kind == \"ProviderConfig\" and obj.status.users ~= nil then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is in use.\"\n return
+ health_status\n end\n return health_status\n end\n\n for i, condition
+ in ipairs(obj.status.conditions) do\n if condition.type == \"LastAsyncOperation\"
+ then\n if condition.status == \"False\" then\n health_status.status
+ = \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Synced\" then\n
+ \ if condition.status == \"False\" then\n health_status.status =
+ \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Ready\" then\n
+ \ if condition.status == \"True\" then\n health_status.status = \"Healthy\"\n
+ \ health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status\n\n\"*.crossplane.io/*\":\n
+ \ health.lua: |\n health_status = {\n status = \"Progressing\",\n message
+ = \"Provisioning ...\"\n }\n\n local function contains (table, val)\n for
+ i, v in ipairs(table) do\n if v == val then\n return true\n end\n
+ \ end\n return false\n end\n\n local has_no_status = {\n \"Composition\",\n
+ \ \"CompositionRevision\",\n \"DeploymentRuntimeConfig\",\n \"ControllerConfig\",\n
+ \ \"ProviderConfig\",\n \"ProviderConfigUsage\"\n }\n if obj.status
+ == nil or next(obj.status) == nil and contains(has_no_status, obj.kind) then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n\n if obj.status == nil or next(obj.status) == nil or
+ obj.status.conditions == nil then\n if obj.kind == \"ProviderConfig\" and obj.status.users
+ ~= nil then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is in use.\"\n return health_status\n end\n return
+ health_status\n end\n\n for i, condition in ipairs(obj.status.conditions)
+ do\n if condition.type == \"LastAsyncOperation\" then\n if condition.status
+ == \"False\" then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if condition.type == \"Synced\" then\n if condition.status == \"False\"
+ then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if contains({\"Ready\", \"Healthy\", \"Offered\", \"Established\"}, condition.type)
+ then\n if condition.status == \"True\" then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status \n"
server.rbac.log.enforce.enable: "false"
statusbadge.enabled: "false"
timeout.hard.reconciliation: 0s
timeout.reconciliation: 20s
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-16 17:14:07.375065692 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-16 17:13:39.198119257 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-16 17:14:07.375065692 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-16 17:13:39.198119257 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-server
app.kubernetes.io/instance: release-name |
Changes Default Values |
Changes Rendered Chartdiff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-16 22:24:05.742678316 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-16 22:23:37.561614540 +0000
@@ -24,9 +24,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-16 22:24:05.738678308 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-16 22:23:37.556614532 +0000
@@ -19,23 +19,57 @@
application.instanceLabelKey: argocd.argoproj.io/instance
application.resourceTrackingMethod: annotation
application.sync.impersonation.enabled: "false"
exec.enabled: "false"
- resource.customizations: |
- argoproj.io/Application:
- health.lua: |
- hs = {}
- hs.status = "Progressing"
- hs.message = ""
- if obj.status ~= nil then
- if obj.status.health ~= nil then
- hs.status = obj.status.health.status
- if obj.status.health.message ~= nil then
- hs.message = obj.status.health.message
- end
- end
- end
- return hs
+ resource.customizations: "argoproj.io/Application:\n health.lua: |\n hs = {}\n hs.status = \"Progressing\"\n
+ \ hs.message = \"\"\n if obj.status ~= nil then\n if obj.status.health
+ ~= nil then\n hs.status = obj.status.health.status\n if obj.status.health.message
+ ~= nil then\n hs.message = obj.status.health.message\n end\n end\n
+ \ end\n return hs\n\n\"*.upbound.io/*\":\n health.lua: |\n health_status
+ = {\n status = \"Progressing\",\n message = \"Provisioning ...\"\n }\n\n
+ \ local function contains (table, val)\n for i, v in ipairs(table) do\n if
+ v == val then\n return true\n end\n end\n return false\n
+ \ end\n\n local has_no_status = {\n \"ProviderConfig\",\n \"ProviderConfigUsage\"\n
+ \ }\n\n if obj.status == nil or next(obj.status) == nil and contains(has_no_status,
+ obj.kind) then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is up-to-date.\"\n return health_status\n end\n\n if obj.status
+ == nil or next(obj.status) == nil or obj.status.conditions == nil then\n if
+ obj.kind == \"ProviderConfig\" and obj.status.users ~= nil then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is in use.\"\n return
+ health_status\n end\n return health_status\n end\n\n for i, condition
+ in ipairs(obj.status.conditions) do\n if condition.type == \"LastAsyncOperation\"
+ then\n if condition.status == \"False\" then\n health_status.status
+ = \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Synced\" then\n
+ \ if condition.status == \"False\" then\n health_status.status =
+ \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Ready\" then\n
+ \ if condition.status == \"True\" then\n health_status.status = \"Healthy\"\n
+ \ health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status\n\n\"*.crossplane.io/*\":\n
+ \ health.lua: |\n health_status = {\n status = \"Progressing\",\n message
+ = \"Provisioning ...\"\n }\n\n local function contains (table, val)\n for
+ i, v in ipairs(table) do\n if v == val then\n return true\n end\n
+ \ end\n return false\n end\n\n local has_no_status = {\n \"Composition\",\n
+ \ \"CompositionRevision\",\n \"DeploymentRuntimeConfig\",\n \"ControllerConfig\",\n
+ \ \"ProviderConfig\",\n \"ProviderConfigUsage\"\n }\n if obj.status
+ == nil or next(obj.status) == nil and contains(has_no_status, obj.kind) then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n\n if obj.status == nil or next(obj.status) == nil or
+ obj.status.conditions == nil then\n if obj.kind == \"ProviderConfig\" and obj.status.users
+ ~= nil then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is in use.\"\n return health_status\n end\n return
+ health_status\n end\n\n for i, condition in ipairs(obj.status.conditions)
+ do\n if condition.type == \"LastAsyncOperation\" then\n if condition.status
+ == \"False\" then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if condition.type == \"Synced\" then\n if condition.status == \"False\"
+ then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if contains({\"Ready\", \"Healthy\", \"Offered\", \"Established\"}, condition.type)
+ then\n if condition.status == \"True\" then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status \n"
server.rbac.log.enforce.enable: "false"
statusbadge.enabled: "false"
timeout.hard.reconciliation: 0s
timeout.reconciliation: 20s
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-16 22:24:05.742678316 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-16 22:23:37.560614539 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-16 22:24:05.742678316 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-16 22:23:37.560614539 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-16 22:24:17.670700813 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-16 22:23:50.881653177 +0000
@@ -6,8 +6,11 @@
name: keycloak-credentials-cp
namespace: crossplane
labels:
type: provider-credentials
+ annotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+ argocd.argoproj.io/sync-wave: "-1"
type: Opaque
stringData:
credentials: |
{
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-16 22:24:17.625700728 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-16 22:23:50.835653103 +0000
@@ -6,8 +6,11 @@
name: keycloak-credentials-cp
namespace: crossplane
labels:
type: provider-credentials
+ annotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+ argocd.argoproj.io/sync-wave: "-1"
type: Opaque
stringData:
credentials: |
{ |
Changes Default Values |
Changes Rendered Chartdiff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-16 22:53:20.179205904 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-16 22:52:51.914236295 +0000
@@ -24,9 +24,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-16 22:53:20.175205910 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-16 22:52:51.910236302 +0000
@@ -19,23 +19,57 @@
application.instanceLabelKey: argocd.argoproj.io/instance
application.resourceTrackingMethod: annotation
application.sync.impersonation.enabled: "false"
exec.enabled: "false"
- resource.customizations: |
- argoproj.io/Application:
- health.lua: |
- hs = {}
- hs.status = "Progressing"
- hs.message = ""
- if obj.status ~= nil then
- if obj.status.health ~= nil then
- hs.status = obj.status.health.status
- if obj.status.health.message ~= nil then
- hs.message = obj.status.health.message
- end
- end
- end
- return hs
+ resource.customizations: "argoproj.io/Application:\n health.lua: |\n hs = {}\n hs.status = \"Progressing\"\n
+ \ hs.message = \"\"\n if obj.status ~= nil then\n if obj.status.health
+ ~= nil then\n hs.status = obj.status.health.status\n if obj.status.health.message
+ ~= nil then\n hs.message = obj.status.health.message\n end\n end\n
+ \ end\n return hs\n\n\"*.upbound.io/*\":\n health.lua: |\n health_status
+ = {\n status = \"Progressing\",\n message = \"Provisioning ...\"\n }\n\n
+ \ local function contains (table, val)\n for i, v in ipairs(table) do\n if
+ v == val then\n return true\n end\n end\n return false\n
+ \ end\n\n local has_no_status = {\n \"ProviderConfig\",\n \"ProviderConfigUsage\"\n
+ \ }\n\n if obj.status == nil or next(obj.status) == nil and contains(has_no_status,
+ obj.kind) then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is up-to-date.\"\n return health_status\n end\n\n if obj.status
+ == nil or next(obj.status) == nil or obj.status.conditions == nil then\n if
+ obj.kind == \"ProviderConfig\" and obj.status.users ~= nil then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is in use.\"\n return
+ health_status\n end\n return health_status\n end\n\n for i, condition
+ in ipairs(obj.status.conditions) do\n if condition.type == \"LastAsyncOperation\"
+ then\n if condition.status == \"False\" then\n health_status.status
+ = \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Synced\" then\n
+ \ if condition.status == \"False\" then\n health_status.status =
+ \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Ready\" then\n
+ \ if condition.status == \"True\" then\n health_status.status = \"Healthy\"\n
+ \ health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status\n\n\"*.crossplane.io/*\":\n
+ \ health.lua: |\n health_status = {\n status = \"Progressing\",\n message
+ = \"Provisioning ...\"\n }\n\n local function contains (table, val)\n for
+ i, v in ipairs(table) do\n if v == val then\n return true\n end\n
+ \ end\n return false\n end\n\n local has_no_status = {\n \"Composition\",\n
+ \ \"CompositionRevision\",\n \"DeploymentRuntimeConfig\",\n \"ControllerConfig\",\n
+ \ \"ProviderConfig\",\n \"ProviderConfigUsage\"\n }\n if obj.status
+ == nil or next(obj.status) == nil and contains(has_no_status, obj.kind) then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n\n if obj.status == nil or next(obj.status) == nil or
+ obj.status.conditions == nil then\n if obj.kind == \"ProviderConfig\" and obj.status.users
+ ~= nil then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is in use.\"\n return health_status\n end\n return
+ health_status\n end\n\n for i, condition in ipairs(obj.status.conditions)
+ do\n if condition.type == \"LastAsyncOperation\" then\n if condition.status
+ == \"False\" then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if condition.type == \"Synced\" then\n if condition.status == \"False\"
+ then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if contains({\"Ready\", \"Healthy\", \"Offered\", \"Established\"}, condition.type)
+ then\n if condition.status == \"True\" then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status \n"
server.rbac.log.enforce.enable: "false"
statusbadge.enabled: "false"
timeout.hard.reconciliation: 0s
timeout.reconciliation: 20s
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-16 22:53:20.179205904 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-16 22:52:51.914236295 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-16 22:53:20.179205904 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-16 22:52:51.914236295 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-16 22:53:31.839187269 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-16 22:53:05.413228236 +0000
@@ -6,8 +6,11 @@
name: keycloak-credentials-cp
namespace: crossplane
labels:
type: provider-credentials
+ annotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+ argocd.argoproj.io/sync-wave: "-1"
type: Opaque
stringData:
credentials: |
{
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-02-16 22:53:31.842187264 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-02-16 22:53:05.415228232 +0000
@@ -30,9 +30,8 @@
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
providerSecretName: keycloak-credentials-cp
realm: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-16 22:53:31.792187347 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-16 22:53:05.366228326 +0000
@@ -6,8 +6,11 @@
name: keycloak-credentials-cp
namespace: crossplane
labels:
type: provider-credentials
+ annotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+ argocd.argoproj.io/sync-wave: "-1"
type: Opaque
stringData:
credentials: |
{
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-02-16 22:53:31.794187343 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-02-16 22:53:05.368228322 +0000
@@ -30,9 +30,8 @@
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
providerSecretName: keycloak-credentials-cp
realm: kubrix |
Changes Default Values |
Changes Default Values |
Changes Rendered Chartdiff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-16 23:23:36.458577890 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-16 23:22:57.986287155 +0000
@@ -24,9 +24,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-16 23:23:36.453577853 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-16 23:22:57.981287119 +0000
@@ -19,23 +19,57 @@
application.instanceLabelKey: argocd.argoproj.io/instance
application.resourceTrackingMethod: annotation
application.sync.impersonation.enabled: "false"
exec.enabled: "false"
- resource.customizations: |
- argoproj.io/Application:
- health.lua: |
- hs = {}
- hs.status = "Progressing"
- hs.message = ""
- if obj.status ~= nil then
- if obj.status.health ~= nil then
- hs.status = obj.status.health.status
- if obj.status.health.message ~= nil then
- hs.message = obj.status.health.message
- end
- end
- end
- return hs
+ resource.customizations: "argoproj.io/Application:\n health.lua: |\n hs = {}\n hs.status = \"Progressing\"\n
+ \ hs.message = \"\"\n if obj.status ~= nil then\n if obj.status.health
+ ~= nil then\n hs.status = obj.status.health.status\n if obj.status.health.message
+ ~= nil then\n hs.message = obj.status.health.message\n end\n end\n
+ \ end\n return hs\n\n\"*.upbound.io/*\":\n health.lua: |\n health_status
+ = {\n status = \"Progressing\",\n message = \"Provisioning ...\"\n }\n\n
+ \ local function contains (table, val)\n for i, v in ipairs(table) do\n if
+ v == val then\n return true\n end\n end\n return false\n
+ \ end\n\n local has_no_status = {\n \"ProviderConfig\",\n \"ProviderConfigUsage\"\n
+ \ }\n\n if obj.status == nil or next(obj.status) == nil and contains(has_no_status,
+ obj.kind) then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is up-to-date.\"\n return health_status\n end\n\n if obj.status
+ == nil or next(obj.status) == nil or obj.status.conditions == nil then\n if
+ obj.kind == \"ProviderConfig\" and obj.status.users ~= nil then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is in use.\"\n return
+ health_status\n end\n return health_status\n end\n\n for i, condition
+ in ipairs(obj.status.conditions) do\n if condition.type == \"LastAsyncOperation\"
+ then\n if condition.status == \"False\" then\n health_status.status
+ = \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Synced\" then\n
+ \ if condition.status == \"False\" then\n health_status.status =
+ \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Ready\" then\n
+ \ if condition.status == \"True\" then\n health_status.status = \"Healthy\"\n
+ \ health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status\n\n\"*.crossplane.io/*\":\n
+ \ health.lua: |\n health_status = {\n status = \"Progressing\",\n message
+ = \"Provisioning ...\"\n }\n\n local function contains (table, val)\n for
+ i, v in ipairs(table) do\n if v == val then\n return true\n end\n
+ \ end\n return false\n end\n\n local has_no_status = {\n \"Composition\",\n
+ \ \"CompositionRevision\",\n \"DeploymentRuntimeConfig\",\n \"ControllerConfig\",\n
+ \ \"ProviderConfig\",\n \"ProviderConfigUsage\"\n }\n if obj.status
+ == nil or next(obj.status) == nil and contains(has_no_status, obj.kind) then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n\n if obj.status == nil or next(obj.status) == nil or
+ obj.status.conditions == nil then\n if obj.kind == \"ProviderConfig\" and obj.status.users
+ ~= nil then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is in use.\"\n return health_status\n end\n return
+ health_status\n end\n\n for i, condition in ipairs(obj.status.conditions)
+ do\n if condition.type == \"LastAsyncOperation\" then\n if condition.status
+ == \"False\" then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if condition.type == \"Synced\" then\n if condition.status == \"False\"
+ then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if contains({\"Ready\", \"Healthy\", \"Offered\", \"Established\"}, condition.type)
+ then\n if condition.status == \"True\" then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status \n"
server.rbac.log.enforce.enable: "false"
statusbadge.enabled: "false"
timeout.hard.reconciliation: 0s
timeout.reconciliation: 20s
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-16 23:23:36.458577890 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-16 23:22:57.985287148 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-16 23:23:36.458577890 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-16 23:22:57.985287148 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-16 23:23:53.939702708 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-16 23:23:17.251438182 +0000
@@ -6,8 +6,11 @@
name: keycloak-credentials-cp
namespace: crossplane
labels:
type: provider-credentials
+ annotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+ argocd.argoproj.io/sync-wave: "-1"
type: Opaque
stringData:
credentials: |
{
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-16 23:23:53.941702723 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-16 23:23:17.253438197 +0000
@@ -8,9 +8,8 @@
platform-engineer.cloud/realm: kubrix
annotations:
link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-02-16 23:23:53.941702723 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-02-16 23:23:17.254438204 +0000
@@ -30,9 +30,8 @@
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
providerSecretName: keycloak-credentials-cp
realm: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-16 23:23:53.892702370 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-16 23:23:17.205437845 +0000
@@ -6,8 +6,11 @@
name: keycloak-credentials-cp
namespace: crossplane
labels:
type: provider-credentials
+ annotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+ argocd.argoproj.io/sync-wave: "-1"
type: Opaque
stringData:
credentials: |
{
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-16 23:23:53.894702384 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-16 23:23:17.207437860 +0000
@@ -8,9 +8,8 @@
platform-engineer.cloud/realm: kubrix
annotations:
link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-02-16 23:23:53.894702384 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-02-16 23:23:17.207437860 +0000
@@ -30,9 +30,8 @@
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
providerSecretName: keycloak-credentials-cp
realm: kubrix |
|
Problems related to #1069 |
Signed-off-by: Johannes Kleinlercher <johannes.kleinlercher@suxess-it.com>
Changes Default Values |
Changes Rendered Chartdiff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-21 20:29:56.964105066 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-21 20:29:28.761072257 +0000
@@ -24,9 +24,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-21 20:29:56.960105064 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-21 20:29:28.756072254 +0000
@@ -19,23 +19,57 @@
application.instanceLabelKey: argocd.argoproj.io/instance
application.resourceTrackingMethod: annotation
application.sync.impersonation.enabled: "false"
exec.enabled: "false"
- resource.customizations: |
- argoproj.io/Application:
- health.lua: |
- hs = {}
- hs.status = "Progressing"
- hs.message = ""
- if obj.status ~= nil then
- if obj.status.health ~= nil then
- hs.status = obj.status.health.status
- if obj.status.health.message ~= nil then
- hs.message = obj.status.health.message
- end
- end
- end
- return hs
+ resource.customizations: "argoproj.io/Application:\n health.lua: |\n hs = {}\n hs.status = \"Progressing\"\n
+ \ hs.message = \"\"\n if obj.status ~= nil then\n if obj.status.health
+ ~= nil then\n hs.status = obj.status.health.status\n if obj.status.health.message
+ ~= nil then\n hs.message = obj.status.health.message\n end\n end\n
+ \ end\n return hs\n\n\"*.upbound.io/*\":\n health.lua: |\n health_status
+ = {\n status = \"Progressing\",\n message = \"Provisioning ...\"\n }\n\n
+ \ local function contains (table, val)\n for i, v in ipairs(table) do\n if
+ v == val then\n return true\n end\n end\n return false\n
+ \ end\n\n local has_no_status = {\n \"ProviderConfig\",\n \"ProviderConfigUsage\"\n
+ \ }\n\n if obj.status == nil or next(obj.status) == nil and contains(has_no_status,
+ obj.kind) then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is up-to-date.\"\n return health_status\n end\n\n if obj.status
+ == nil or next(obj.status) == nil or obj.status.conditions == nil then\n if
+ obj.kind == \"ProviderConfig\" and obj.status.users ~= nil then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is in use.\"\n return
+ health_status\n end\n return health_status\n end\n\n for i, condition
+ in ipairs(obj.status.conditions) do\n if condition.type == \"LastAsyncOperation\"
+ then\n if condition.status == \"False\" then\n health_status.status
+ = \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Synced\" then\n
+ \ if condition.status == \"False\" then\n health_status.status =
+ \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Ready\" then\n
+ \ if condition.status == \"True\" then\n health_status.status = \"Healthy\"\n
+ \ health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status\n\n\"*.crossplane.io/*\":\n
+ \ health.lua: |\n health_status = {\n status = \"Progressing\",\n message
+ = \"Provisioning ...\"\n }\n\n local function contains (table, val)\n for
+ i, v in ipairs(table) do\n if v == val then\n return true\n end\n
+ \ end\n return false\n end\n\n local has_no_status = {\n \"Composition\",\n
+ \ \"CompositionRevision\",\n \"DeploymentRuntimeConfig\",\n \"ControllerConfig\",\n
+ \ \"ProviderConfig\",\n \"ProviderConfigUsage\"\n }\n if obj.status
+ == nil or next(obj.status) == nil and contains(has_no_status, obj.kind) then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n\n if obj.status == nil or next(obj.status) == nil or
+ obj.status.conditions == nil then\n if obj.kind == \"ProviderConfig\" and obj.status.users
+ ~= nil then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is in use.\"\n return health_status\n end\n return
+ health_status\n end\n\n for i, condition in ipairs(obj.status.conditions)
+ do\n if condition.type == \"LastAsyncOperation\" then\n if condition.status
+ == \"False\" then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if condition.type == \"Synced\" then\n if condition.status == \"False\"
+ then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if contains({\"Ready\", \"Healthy\", \"Offered\", \"Established\"}, condition.type)
+ then\n if condition.status == \"True\" then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status \n"
server.rbac.log.enforce.enable: "false"
statusbadge.enabled: "false"
timeout.hard.reconciliation: 0s
timeout.reconciliation: 20s
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-21 20:29:56.964105066 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-21 20:29:28.760072256 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-21 20:29:56.964105066 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-21 20:29:28.760072256 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-21 20:30:09.106109476 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-21 20:29:42.566081754 +0000
@@ -6,8 +6,11 @@
name: keycloak-credentials-cp
namespace: crossplane
labels:
type: provider-credentials
+ annotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+ argocd.argoproj.io/sync-wave: "-1"
type: Opaque
stringData:
credentials: |
{
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-21 20:30:09.109109478 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-21 20:29:42.568081755 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -27,23 +27,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
+ name: grafana-group-roles-team1-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: users
+ name: team1
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -52,18 +52,18 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team-a-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team1
+ name: team-a
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
@@ -77,23 +77,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-21 20:30:09.108109478 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-21 20:29:42.568081755 +0000
@@ -8,9 +8,8 @@
platform-engineer.cloud/realm: kubrix
annotations:
link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-02-21 20:30:09.109109478 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-02-21 20:29:42.568081755 +0000
@@ -30,9 +30,8 @@
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
providerSecretName: keycloak-credentials-cp
realm: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-21 20:30:09.059109443 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-21 20:29:42.520081715 +0000
@@ -6,8 +6,11 @@
name: keycloak-credentials-cp
namespace: crossplane
labels:
type: provider-credentials
+ annotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+ argocd.argoproj.io/sync-wave: "-1"
type: Opaque
stringData:
credentials: |
{
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-21 20:30:09.061109445 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-21 20:29:42.522081717 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -27,34 +27,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team1-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-21 20:30:09.061109445 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-21 20:29:42.522081717 +0000
@@ -8,9 +8,8 @@
platform-engineer.cloud/realm: kubrix
annotations:
link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-02-21 20:30:09.061109445 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-02-21 20:29:42.522081717 +0000
@@ -30,9 +30,8 @@
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
providerSecretName: keycloak-credentials-cp
realm: kubrix |
Signed-off-by: Johannes Kleinlercher <johannes.kleinlercher@suxess-it.com>
…/kubriX into feat/test-velero-minio
Changes Default Values |
Changes Rendered Chartdiff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-21 21:16:46.557269662 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-21 21:16:12.944444031 +0000
@@ -24,9 +24,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-21 21:16:46.552269688 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-21 21:16:12.940444046 +0000
@@ -19,23 +19,57 @@
application.instanceLabelKey: argocd.argoproj.io/instance
application.resourceTrackingMethod: annotation
application.sync.impersonation.enabled: "false"
exec.enabled: "false"
- resource.customizations: |
- argoproj.io/Application:
- health.lua: |
- hs = {}
- hs.status = "Progressing"
- hs.message = ""
- if obj.status ~= nil then
- if obj.status.health ~= nil then
- hs.status = obj.status.health.status
- if obj.status.health.message ~= nil then
- hs.message = obj.status.health.message
- end
- end
- end
- return hs
+ resource.customizations: "argoproj.io/Application:\n health.lua: |\n hs = {}\n hs.status = \"Progressing\"\n
+ \ hs.message = \"\"\n if obj.status ~= nil then\n if obj.status.health
+ ~= nil then\n hs.status = obj.status.health.status\n if obj.status.health.message
+ ~= nil then\n hs.message = obj.status.health.message\n end\n end\n
+ \ end\n return hs\n\n\"*.upbound.io/*\":\n health.lua: |\n health_status
+ = {\n status = \"Progressing\",\n message = \"Provisioning ...\"\n }\n\n
+ \ local function contains (table, val)\n for i, v in ipairs(table) do\n if
+ v == val then\n return true\n end\n end\n return false\n
+ \ end\n\n local has_no_status = {\n \"ProviderConfig\",\n \"ProviderConfigUsage\"\n
+ \ }\n\n if obj.status == nil or next(obj.status) == nil and contains(has_no_status,
+ obj.kind) then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is up-to-date.\"\n return health_status\n end\n\n if obj.status
+ == nil or next(obj.status) == nil or obj.status.conditions == nil then\n if
+ obj.kind == \"ProviderConfig\" and obj.status.users ~= nil then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is in use.\"\n return
+ health_status\n end\n return health_status\n end\n\n for i, condition
+ in ipairs(obj.status.conditions) do\n if condition.type == \"LastAsyncOperation\"
+ then\n if condition.status == \"False\" then\n health_status.status
+ = \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Synced\" then\n
+ \ if condition.status == \"False\" then\n health_status.status =
+ \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Ready\" then\n
+ \ if condition.status == \"True\" then\n health_status.status = \"Healthy\"\n
+ \ health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status\n\n\"*.crossplane.io/*\":\n
+ \ health.lua: |\n health_status = {\n status = \"Progressing\",\n message
+ = \"Provisioning ...\"\n }\n\n local function contains (table, val)\n for
+ i, v in ipairs(table) do\n if v == val then\n return true\n end\n
+ \ end\n return false\n end\n\n local has_no_status = {\n \"Composition\",\n
+ \ \"CompositionRevision\",\n \"DeploymentRuntimeConfig\",\n \"ControllerConfig\",\n
+ \ \"ProviderConfig\",\n \"ProviderConfigUsage\"\n }\n if obj.status
+ == nil or next(obj.status) == nil and contains(has_no_status, obj.kind) then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n\n if obj.status == nil or next(obj.status) == nil or
+ obj.status.conditions == nil then\n if obj.kind == \"ProviderConfig\" and obj.status.users
+ ~= nil then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is in use.\"\n return health_status\n end\n return
+ health_status\n end\n\n for i, condition in ipairs(obj.status.conditions)
+ do\n if condition.type == \"LastAsyncOperation\" then\n if condition.status
+ == \"False\" then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if condition.type == \"Synced\" then\n if condition.status == \"False\"
+ then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if contains({\"Ready\", \"Healthy\", \"Offered\", \"Established\"}, condition.type)
+ then\n if condition.status == \"True\" then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status \n"
server.rbac.log.enforce.enable: "false"
statusbadge.enabled: "false"
timeout.hard.reconciliation: 0s
timeout.reconciliation: 20s
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-21 21:16:46.556269667 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-21 21:16:12.944444031 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-21 21:16:46.556269667 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-21 21:16:12.944444031 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-21 21:17:01.153191141 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-21 21:16:30.271354859 +0000
@@ -6,8 +6,11 @@
name: keycloak-credentials-cp
namespace: crossplane
labels:
type: provider-credentials
+ annotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+ argocd.argoproj.io/sync-wave: "-1"
type: Opaque
stringData:
credentials: |
{
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-21 21:17:01.154191135 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-21 21:16:30.272354854 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-21 21:17:01.155191130 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-21 21:16:30.274354845 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,23 +27,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: users
+ name: team1
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -52,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team-a-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team1
+ name: team-a
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +77,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-21 21:17:01.155191130 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-21 21:16:30.273354850 +0000
@@ -8,9 +8,8 @@
platform-engineer.cloud/realm: kubrix
annotations:
link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-02-21 21:17:01.155191130 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-02-21 21:16:30.274354845 +0000
@@ -30,9 +30,8 @@
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
providerSecretName: keycloak-credentials-cp
realm: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-21 21:17:01.105191401 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-21 21:16:30.224355079 +0000
@@ -6,8 +6,11 @@
name: keycloak-credentials-cp
namespace: crossplane
labels:
type: provider-credentials
+ annotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+ argocd.argoproj.io/sync-wave: "-1"
type: Opaque
stringData:
credentials: |
{
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-21 21:17:01.106191396 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-21 21:16:30.224355079 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-21 21:17:01.107191390 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-21 21:16:30.226355069 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -27,34 +27,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team1-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-21 21:17:01.107191390 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-21 21:16:30.226355069 +0000
@@ -8,9 +8,8 @@
platform-engineer.cloud/realm: kubrix
annotations:
link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-02-21 21:17:01.107191390 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-02-21 21:16:30.226355069 +0000
@@ -30,9 +30,8 @@
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
providerSecretName: keycloak-credentials-cp
realm: kubrix |
Signed-off-by: Johannes Kleinlercher <johannes.kleinlercher@suxess-it.com>
Changes Default Values |
Changes Rendered Chartdiff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-21 22:15:52.388973459 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-21 22:15:24.353860508 +0000
@@ -24,9 +24,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-21 22:15:52.383973444 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-21 22:15:24.349860504 +0000
@@ -19,23 +19,57 @@
application.instanceLabelKey: argocd.argoproj.io/instance
application.resourceTrackingMethod: annotation
application.sync.impersonation.enabled: "false"
exec.enabled: "false"
- resource.customizations: |
- argoproj.io/Application:
- health.lua: |
- hs = {}
- hs.status = "Progressing"
- hs.message = ""
- if obj.status ~= nil then
- if obj.status.health ~= nil then
- hs.status = obj.status.health.status
- if obj.status.health.message ~= nil then
- hs.message = obj.status.health.message
- end
- end
- end
- return hs
+ resource.customizations: "argoproj.io/Application:\n health.lua: |\n hs = {}\n hs.status = \"Progressing\"\n
+ \ hs.message = \"\"\n if obj.status ~= nil then\n if obj.status.health
+ ~= nil then\n hs.status = obj.status.health.status\n if obj.status.health.message
+ ~= nil then\n hs.message = obj.status.health.message\n end\n end\n
+ \ end\n return hs\n\n\"*.upbound.io/*\":\n health.lua: |\n health_status
+ = {\n status = \"Progressing\",\n message = \"Provisioning ...\"\n }\n\n
+ \ local function contains (table, val)\n for i, v in ipairs(table) do\n if
+ v == val then\n return true\n end\n end\n return false\n
+ \ end\n\n local has_no_status = {\n \"ProviderConfig\",\n \"ProviderConfigUsage\"\n
+ \ }\n\n if obj.status == nil or next(obj.status) == nil and contains(has_no_status,
+ obj.kind) then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is up-to-date.\"\n return health_status\n end\n\n if obj.status
+ == nil or next(obj.status) == nil or obj.status.conditions == nil then\n if
+ obj.kind == \"ProviderConfig\" and obj.status.users ~= nil then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is in use.\"\n return
+ health_status\n end\n return health_status\n end\n\n for i, condition
+ in ipairs(obj.status.conditions) do\n if condition.type == \"LastAsyncOperation\"
+ then\n if condition.status == \"False\" then\n health_status.status
+ = \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Synced\" then\n
+ \ if condition.status == \"False\" then\n health_status.status =
+ \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Ready\" then\n
+ \ if condition.status == \"True\" then\n health_status.status = \"Healthy\"\n
+ \ health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status\n\n\"*.crossplane.io/*\":\n
+ \ health.lua: |\n health_status = {\n status = \"Progressing\",\n message
+ = \"Provisioning ...\"\n }\n\n local function contains (table, val)\n for
+ i, v in ipairs(table) do\n if v == val then\n return true\n end\n
+ \ end\n return false\n end\n\n local has_no_status = {\n \"Composition\",\n
+ \ \"CompositionRevision\",\n \"DeploymentRuntimeConfig\",\n \"ControllerConfig\",\n
+ \ \"ProviderConfig\",\n \"ProviderConfigUsage\"\n }\n if obj.status
+ == nil or next(obj.status) == nil and contains(has_no_status, obj.kind) then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n\n if obj.status == nil or next(obj.status) == nil or
+ obj.status.conditions == nil then\n if obj.kind == \"ProviderConfig\" and obj.status.users
+ ~= nil then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is in use.\"\n return health_status\n end\n return
+ health_status\n end\n\n for i, condition in ipairs(obj.status.conditions)
+ do\n if condition.type == \"LastAsyncOperation\" then\n if condition.status
+ == \"False\" then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if condition.type == \"Synced\" then\n if condition.status == \"False\"
+ then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if contains({\"Ready\", \"Healthy\", \"Offered\", \"Established\"}, condition.type)
+ then\n if condition.status == \"True\" then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status \n"
server.rbac.log.enforce.enable: "false"
statusbadge.enabled: "false"
timeout.hard.reconciliation: 0s
timeout.reconciliation: 20s
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-21 22:15:52.388973459 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-21 22:15:24.353860508 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-21 22:15:52.388973459 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-21 22:15:24.353860508 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-21 22:16:03.988005261 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-21 22:15:37.966882244 +0000
@@ -6,8 +6,11 @@
name: keycloak-credentials-cp
namespace: crossplane
labels:
type: provider-credentials
+ annotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+ argocd.argoproj.io/sync-wave: "-1"
type: Opaque
stringData:
credentials: |
{
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-21 22:16:03.988005261 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-21 22:15:37.967882247 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-21 22:16:03.990005266 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-21 22:15:37.968882249 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,23 +27,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: users
+ name: team1
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -52,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team-a-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team1
+ name: team-a
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +77,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-21 22:16:03.990005266 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-21 22:15:37.968882249 +0000
@@ -8,9 +8,8 @@
platform-engineer.cloud/realm: kubrix
annotations:
link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-02-21 22:16:03.990005266 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-02-21 22:15:37.969882252 +0000
@@ -30,9 +30,8 @@
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
providerSecretName: keycloak-credentials-cp
realm: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-21 22:16:03.941005139 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-21 22:15:37.916882122 +0000
@@ -6,8 +6,11 @@
name: keycloak-credentials-cp
namespace: crossplane
labels:
type: provider-credentials
+ annotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+ argocd.argoproj.io/sync-wave: "-1"
type: Opaque
stringData:
credentials: |
{
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-21 22:16:03.942005142 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-21 22:15:37.917882125 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-21 22:16:03.943005144 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-21 22:15:37.918882127 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -27,34 +27,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team1-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-21 22:16:03.943005144 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-21 22:15:37.918882127 +0000
@@ -8,9 +8,8 @@
platform-engineer.cloud/realm: kubrix
annotations:
link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-02-21 22:16:03.943005144 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-02-21 22:15:37.919882129 +0000
@@ -30,9 +30,8 @@
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
providerSecretName: keycloak-credentials-cp
realm: kubrix
diff -U 4 -r out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml
--- out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-21 22:16:14.751023319 +0000
+++ out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-21 22:15:49.382964723 +0000
@@ -44,9 +44,9 @@
metadata:
name: oidc-backend-role
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "4"
+ argocd.argoproj.io/sync-wave: "7"
spec:
providerConfigRef:
name: vault-crossplane-providerconfig
forProvider:
diff -U 4 -r out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml
--- out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-21 22:16:14.679023309 +0000
+++ out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-21 22:15:49.311964573 +0000
@@ -23,9 +23,9 @@
metadata:
name: oidc-backend-role
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "4"
+ argocd.argoproj.io/sync-wave: "7"
spec:
providerConfigRef:
name: vault-crossplane-providerconfig
forProvider: |
Signed-off-by: Johannes Kleinlercher <johannes.kleinlercher@suxess-it.com>
Changes Default Values |
Changes Rendered Chartdiff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-21 22:42:42.310382178 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-21 22:42:08.197349475 +0000
@@ -24,9 +24,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-21 22:42:42.306382176 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-21 22:42:08.193349472 +0000
@@ -19,23 +19,57 @@
application.instanceLabelKey: argocd.argoproj.io/instance
application.resourceTrackingMethod: annotation
application.sync.impersonation.enabled: "false"
exec.enabled: "false"
- resource.customizations: |
- argoproj.io/Application:
- health.lua: |
- hs = {}
- hs.status = "Progressing"
- hs.message = ""
- if obj.status ~= nil then
- if obj.status.health ~= nil then
- hs.status = obj.status.health.status
- if obj.status.health.message ~= nil then
- hs.message = obj.status.health.message
- end
- end
- end
- return hs
+ resource.customizations: "argoproj.io/Application:\n health.lua: |\n hs = {}\n hs.status = \"Progressing\"\n
+ \ hs.message = \"\"\n if obj.status ~= nil then\n if obj.status.health
+ ~= nil then\n hs.status = obj.status.health.status\n if obj.status.health.message
+ ~= nil then\n hs.message = obj.status.health.message\n end\n end\n
+ \ end\n return hs\n\n\"*.upbound.io/*\":\n health.lua: |\n health_status
+ = {\n status = \"Progressing\",\n message = \"Provisioning ...\"\n }\n\n
+ \ local function contains (table, val)\n for i, v in ipairs(table) do\n if
+ v == val then\n return true\n end\n end\n return false\n
+ \ end\n\n local has_no_status = {\n \"ProviderConfig\",\n \"ProviderConfigUsage\"\n
+ \ }\n\n if obj.status == nil or next(obj.status) == nil and contains(has_no_status,
+ obj.kind) then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is up-to-date.\"\n return health_status\n end\n\n if obj.status
+ == nil or next(obj.status) == nil or obj.status.conditions == nil then\n if
+ obj.kind == \"ProviderConfig\" and obj.status.users ~= nil then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is in use.\"\n return
+ health_status\n end\n return health_status\n end\n\n for i, condition
+ in ipairs(obj.status.conditions) do\n if condition.type == \"LastAsyncOperation\"
+ then\n if condition.status == \"False\" then\n health_status.status
+ = \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Synced\" then\n
+ \ if condition.status == \"False\" then\n health_status.status =
+ \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Ready\" then\n
+ \ if condition.status == \"True\" then\n health_status.status = \"Healthy\"\n
+ \ health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status\n\n\"*.crossplane.io/*\":\n
+ \ health.lua: |\n health_status = {\n status = \"Progressing\",\n message
+ = \"Provisioning ...\"\n }\n\n local function contains (table, val)\n for
+ i, v in ipairs(table) do\n if v == val then\n return true\n end\n
+ \ end\n return false\n end\n\n local has_no_status = {\n \"Composition\",\n
+ \ \"CompositionRevision\",\n \"DeploymentRuntimeConfig\",\n \"ControllerConfig\",\n
+ \ \"ProviderConfig\",\n \"ProviderConfigUsage\"\n }\n if obj.status
+ == nil or next(obj.status) == nil and contains(has_no_status, obj.kind) then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n\n if obj.status == nil or next(obj.status) == nil or
+ obj.status.conditions == nil then\n if obj.kind == \"ProviderConfig\" and obj.status.users
+ ~= nil then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is in use.\"\n return health_status\n end\n return
+ health_status\n end\n\n for i, condition in ipairs(obj.status.conditions)
+ do\n if condition.type == \"LastAsyncOperation\" then\n if condition.status
+ == \"False\" then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if condition.type == \"Synced\" then\n if condition.status == \"False\"
+ then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if contains({\"Ready\", \"Healthy\", \"Offered\", \"Established\"}, condition.type)
+ then\n if condition.status == \"True\" then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status \n"
server.rbac.log.enforce.enable: "false"
statusbadge.enabled: "false"
timeout.hard.reconciliation: 0s
timeout.reconciliation: 20s
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-21 22:42:42.310382178 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-21 22:42:08.197349475 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-21 22:42:42.310382178 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-21 22:42:08.197349475 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-21 22:42:57.150389224 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-21 22:42:25.550370208 +0000
@@ -6,8 +6,11 @@
name: keycloak-credentials-cp
namespace: crossplane
labels:
type: provider-credentials
+ annotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+ argocd.argoproj.io/sync-wave: "-1"
type: Opaque
stringData:
credentials: |
{
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-21 22:42:57.151389225 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-21 22:42:25.551370209 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-21 22:42:57.153389225 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-21 22:42:25.553370210 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,23 +27,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: users
+ name: team1
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -52,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team-a-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team1
+ name: team-a
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +77,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-21 22:42:57.153389225 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-21 22:42:25.553370210 +0000
@@ -8,9 +8,8 @@
platform-engineer.cloud/realm: kubrix
annotations:
link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-02-21 22:42:57.153389225 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-02-21 22:42:25.553370210 +0000
@@ -30,9 +30,8 @@
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
providerSecretName: keycloak-credentials-cp
realm: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-21 22:42:57.105389212 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-21 22:42:25.502370177 +0000
@@ -6,8 +6,11 @@
name: keycloak-credentials-cp
namespace: crossplane
labels:
type: provider-credentials
+ annotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+ argocd.argoproj.io/sync-wave: "-1"
type: Opaque
stringData:
credentials: |
{
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-21 22:42:57.106389212 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-21 22:42:25.502370177 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-21 22:42:57.107389212 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-21 22:42:25.503370178 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,34 +27,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-21 22:42:57.107389212 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-21 22:42:25.503370178 +0000
@@ -8,9 +8,8 @@
platform-engineer.cloud/realm: kubrix
annotations:
link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-02-21 22:42:57.107389212 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-02-21 22:42:25.503370178 +0000
@@ -30,9 +30,8 @@
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
providerSecretName: keycloak-credentials-cp
realm: kubrix
diff -U 4 -r out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml
--- out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-21 22:43:08.452390903 +0000
+++ out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-21 22:42:38.385379494 +0000
@@ -44,9 +44,9 @@
metadata:
name: oidc-backend-role
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "4"
+ argocd.argoproj.io/sync-wave: "7"
spec:
providerConfigRef:
name: vault-crossplane-providerconfig
forProvider:
diff -U 4 -r out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml
--- out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-21 22:43:08.379391570 +0000
+++ out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-21 22:42:38.312379445 +0000
@@ -23,9 +23,9 @@
metadata:
name: oidc-backend-role
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "4"
+ argocd.argoproj.io/sync-wave: "7"
spec:
providerConfigRef:
name: vault-crossplane-providerconfig
forProvider: |
Changes Default Values |
Changes Rendered Chartdiff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-24 15:30:12.238766882 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-24 15:29:36.310244062 +0000
@@ -24,9 +24,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-24 15:30:12.234766937 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-24 15:29:36.305244136 +0000
@@ -19,23 +19,57 @@
application.instanceLabelKey: argocd.argoproj.io/instance
application.resourceTrackingMethod: annotation
application.sync.impersonation.enabled: "false"
exec.enabled: "false"
- resource.customizations: |
- argoproj.io/Application:
- health.lua: |
- hs = {}
- hs.status = "Progressing"
- hs.message = ""
- if obj.status ~= nil then
- if obj.status.health ~= nil then
- hs.status = obj.status.health.status
- if obj.status.health.message ~= nil then
- hs.message = obj.status.health.message
- end
- end
- end
- return hs
+ resource.customizations: "argoproj.io/Application:\n health.lua: |\n hs = {}\n hs.status = \"Progressing\"\n
+ \ hs.message = \"\"\n if obj.status ~= nil then\n if obj.status.health
+ ~= nil then\n hs.status = obj.status.health.status\n if obj.status.health.message
+ ~= nil then\n hs.message = obj.status.health.message\n end\n end\n
+ \ end\n return hs\n\n\"*.upbound.io/*\":\n health.lua: |\n health_status
+ = {\n status = \"Progressing\",\n message = \"Provisioning ...\"\n }\n\n
+ \ local function contains (table, val)\n for i, v in ipairs(table) do\n if
+ v == val then\n return true\n end\n end\n return false\n
+ \ end\n\n local has_no_status = {\n \"ProviderConfig\",\n \"ProviderConfigUsage\"\n
+ \ }\n\n if obj.status == nil or next(obj.status) == nil and contains(has_no_status,
+ obj.kind) then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is up-to-date.\"\n return health_status\n end\n\n if obj.status
+ == nil or next(obj.status) == nil or obj.status.conditions == nil then\n if
+ obj.kind == \"ProviderConfig\" and obj.status.users ~= nil then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is in use.\"\n return
+ health_status\n end\n return health_status\n end\n\n for i, condition
+ in ipairs(obj.status.conditions) do\n if condition.type == \"LastAsyncOperation\"
+ then\n if condition.status == \"False\" then\n health_status.status
+ = \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Synced\" then\n
+ \ if condition.status == \"False\" then\n health_status.status =
+ \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Ready\" then\n
+ \ if condition.status == \"True\" then\n health_status.status = \"Healthy\"\n
+ \ health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status\n\n\"*.crossplane.io/*\":\n
+ \ health.lua: |\n health_status = {\n status = \"Progressing\",\n message
+ = \"Provisioning ...\"\n }\n\n local function contains (table, val)\n for
+ i, v in ipairs(table) do\n if v == val then\n return true\n end\n
+ \ end\n return false\n end\n\n local has_no_status = {\n \"Composition\",\n
+ \ \"CompositionRevision\",\n \"DeploymentRuntimeConfig\",\n \"ControllerConfig\",\n
+ \ \"ProviderConfig\",\n \"ProviderConfigUsage\"\n }\n if obj.status
+ == nil or next(obj.status) == nil and contains(has_no_status, obj.kind) then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n\n if obj.status == nil or next(obj.status) == nil or
+ obj.status.conditions == nil then\n if obj.kind == \"ProviderConfig\" and obj.status.users
+ ~= nil then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is in use.\"\n return health_status\n end\n return
+ health_status\n end\n\n for i, condition in ipairs(obj.status.conditions)
+ do\n if condition.type == \"LastAsyncOperation\" then\n if condition.status
+ == \"False\" then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if condition.type == \"Synced\" then\n if condition.status == \"False\"
+ then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if contains({\"Ready\", \"Healthy\", \"Offered\", \"Established\"}, condition.type)
+ then\n if condition.status == \"True\" then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status \n"
server.rbac.log.enforce.enable: "false"
statusbadge.enabled: "false"
timeout.hard.reconciliation: 0s
timeout.reconciliation: 20s
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-24 15:30:12.238766882 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-24 15:29:36.309244077 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-24 15:30:12.238766882 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-24 15:29:36.309244077 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-24 15:30:27.828553779 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-24 15:29:54.101995887 +0000
@@ -6,8 +6,11 @@
name: keycloak-credentials-cp
namespace: crossplane
labels:
type: provider-credentials
+ annotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+ argocd.argoproj.io/sync-wave: "-1"
type: Opaque
stringData:
credentials: |
{
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-24 15:30:27.829553766 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-24 15:29:54.102995873 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-24 15:30:27.830553753 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-24 15:29:54.103995859 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,23 +27,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: users
+ name: team1
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -52,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team-a-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team1
+ name: team-a
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +77,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-24 15:30:27.830553753 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-24 15:29:54.103995859 +0000
@@ -8,9 +8,8 @@
platform-engineer.cloud/realm: kubrix
annotations:
link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-02-24 15:30:27.831553740 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-02-24 15:29:54.104995844 +0000
@@ -30,9 +30,8 @@
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
providerSecretName: keycloak-credentials-cp
realm: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-24 15:30:27.781554401 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-24 15:29:54.055996553 +0000
@@ -6,8 +6,11 @@
name: keycloak-credentials-cp
namespace: crossplane
labels:
type: provider-credentials
+ annotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+ argocd.argoproj.io/sync-wave: "-1"
type: Opaque
stringData:
credentials: |
{
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-24 15:30:27.782554388 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-24 15:29:54.055996553 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-24 15:30:27.783554375 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-24 15:29:54.056996539 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,34 +27,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-24 15:30:27.783554375 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-24 15:29:54.056996539 +0000
@@ -8,9 +8,8 @@
platform-engineer.cloud/realm: kubrix
annotations:
link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-02-24 15:30:27.784554361 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-02-24 15:29:54.057996524 +0000
@@ -30,9 +30,8 @@
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
providerSecretName: keycloak-credentials-cp
realm: kubrix
diff -U 4 -r out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml
--- out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-24 15:30:40.622396126 +0000
+++ out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-24 15:30:07.650826340 +0000
@@ -44,9 +44,9 @@
metadata:
name: oidc-backend-role
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "4"
+ argocd.argoproj.io/sync-wave: "7"
spec:
providerConfigRef:
name: vault-crossplane-providerconfig
forProvider:
diff -U 4 -r out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml
--- out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-24 15:30:40.623396115 +0000
+++ out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-24 15:30:07.650826340 +0000
@@ -1,6 +1,25 @@
---
# Source: sx-vault/templates/crossplane/cp-provider.yaml
+apiVersion: pkg.crossplane.io/v1beta1
+kind: DeploymentRuntimeConfig
+metadata:
+ name: debug-config
+ annotations:
+ argocd.argoproj.io/sync-wave: "-10"
+spec:
+ deploymentTemplate:
+ spec:
+ selector: {}
+ template:
+ spec:
+ containers:
+ - name: package-runtime
+ args:
+ - --poll=1m
+ - --debug
+---
+# Source: sx-vault/templates/crossplane/cp-provider.yaml
# should move to crossplane ns, maybe?
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
@@ -8,4 +27,8 @@
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
package: xpkg.upbound.io/upbound/provider-vault:v1.0.0
+ runtimeConfigRef:
+ apiVersion: pkg.crossplane.io/v1beta1
+ kind: DeploymentRuntimeConfig
+ name: debug-config
diff -U 4 -r out/target/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml out/pr/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml
--- out/target/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml 2025-02-24 15:30:40.549396957 +0000
+++ out/pr/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml 2025-02-24 15:30:07.567827345 +0000
@@ -221,9 +221,9 @@
valueFrom:
secretKeyRef:
key: VAULT_ADDR
name: sx-vault-env-vars
- image: hashicorp/vault:1.17.2
+ image: hashicorp/vault:1.18.1
name: auto-initializer
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -251,9 +251,9 @@
valueFrom:
secretKeyRef:
key: VAULT_ADDR
name: sx-vault-env-vars
- image: hashicorp/vault:1.17.2
+ image: hashicorp/vault:1.18.1
name: auto-unsealer
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -280,26 +280,28 @@
\ /usr/local/libexec/vault/kubectl create secret generic crossplane-init
-n vault --from-literal=credentials='{\"token\":\"'${CROSSPLANETOKEN}'\"}' \n
\ vault write auth/kubernetes/role/crossplane bound_service_account_names=\"*\"
bound_service_account_namespaces=crossplane policies=crossplane ttl=24h \n\n
- \ else \n\n # due to #405\n if [ ! $(vault read auth/oidc/config)
- ]; then\n vault auth enable oidc\n vault write auth/oidc/config
- oidc_discovery_url=\"https://keycloak-127-0-0-1.nip.io/realms/kubrix\" oidc_client_id=\"vault\"
- oidc_client_secret=\"demosecret\" default_role=\"default\" oidc_discovery_ca_pem=@/vault/userconfig/vault-ca/ca.crt\n
- \ fi\n\n # workaround due to #422\n if [ ! $(vault list identity/group-alias/id)
- ]; then\n echo vault admins group configured, just updating group aliases\n
- \ vault list identity/group/name\n acc=$(vault auth list -format=json
- | /usr/local/libexec/vault/jq -r '.[\"oidc/\"].accessor')\n vault list
- identity/group/name |grep -A10 -- '----' |tail -n +2 | while read groupname ;
- do \n id=$(vault read \"/identity/group/name/$groupname\" -format=json
- | /usr/local/libexec/vault/jq -r .\"data.id\") \n vault write identity/group-alias
- name=\"$groupname\" mount_accessor=\"$acc\" canonical_id=\"$id\"\n echo
- group-alias created\n done\n fi\n # end #422\n echo
- creating accessor configmap\n accessor=$(vault auth list -detailed | grep
- kubernetes | awk '{print $3}')\n if /usr/local/libexec/vault/kubectl get
- configmap kubeauth-accessor -n vault; then\n /usr/local/libexec/vault/kubectl
- patch configmap kubeauth-accessor -n vault -p '{\"data\":{\"accessor\": \"'\"${accessor}\"'\"}}'\n
- \ else \n /usr/local/libexec/vault/kubectl create configmap kubeauth-accessor
+ \ else \n\n # due to https://github.com/suxess-it/kubriX/issues/405\n
+ \ if [ ! $(vault read auth/oidc/config) ]; then\n vault auth enable
+ oidc\n vault write auth/oidc/config oidc_discovery_url=\"https://keycloak-127-0-0-1.nip.io/realms/kubrix\"
+ oidc_client_id=\"vault\" oidc_client_secret=\"demosecret\" default_role=\"default\"
+ oidc_discovery_ca_pem=@/vault/userconfig/vault-ca/ca.crt\n fi\n\n #
+ workaround due to https://github.com/suxess-it/kubriX/issues/422\n if [
+ ! $(vault list identity/group-alias/id) ]; then\n echo vault admins group
+ configured, just updating group aliases\n vault list identity/group/name\n
+ \ acc=$(vault auth list -format=json | /usr/local/libexec/vault/jq -r
+ '.[\"oidc/\"].accessor')\n vault list identity/group/name |grep -A10
+ -- '----' |tail -n +2 | while read groupname ; do \n id=$(vault read
+ \"/identity/group/name/$groupname\" -format=json | /usr/local/libexec/vault/jq
+ -r .\"data.id\") \n vault write identity/group-alias name=\"$groupname\"
+ mount_accessor=\"$acc\" canonical_id=\"$id\"\n echo group-alias created\n
+ \ done\n fi\n # end #422\n echo creating accessor
+ configmap\n accessor=$(vault auth list -detailed | grep kubernetes | awk
+ '{print $3}')\n if /usr/local/libexec/vault/kubectl get configmap kubeauth-accessor
+ -n vault; then\n /usr/local/libexec/vault/kubectl patch configmap kubeauth-accessor
+ -n vault -p '{\"data\":{\"accessor\": \"'\"${accessor}\"'\"}}'\n else \n
+ \ /usr/local/libexec/vault/kubectl create configmap kubeauth-accessor
-n vault --from-literal=accessor=${accessor}\n fi \n echo setup
complete \n fi \n else\n echo vault still sealed\n fi \n
\ else \n echo root token not initialized yet \n fi \ndone \n"
env:
@@ -307,9 +309,9 @@
valueFrom:
secretKeyRef:
key: VAULT_ADDR
name: sx-vault-env-vars
- image: hashicorp/vault:1.17.2
+ image: hashicorp/vault:1.18.1
name: vault-initializer
securityContext:
allowPrivilegeEscalation: false
capabilities:
diff -U 4 -r out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml
--- out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-24 15:30:40.549396957 +0000
+++ out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-24 15:30:07.567827345 +0000
@@ -23,9 +23,9 @@
metadata:
name: oidc-backend-role
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "4"
+ argocd.argoproj.io/sync-wave: "7"
spec:
providerConfigRef:
name: vault-crossplane-providerconfig
forProvider:
diff -U 4 -r out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml
--- out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-24 15:30:40.550396945 +0000
+++ out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-24 15:30:07.568827333 +0000
@@ -1,6 +1,25 @@
---
# Source: sx-vault/templates/crossplane/cp-provider.yaml
+apiVersion: pkg.crossplane.io/v1beta1
+kind: DeploymentRuntimeConfig
+metadata:
+ name: debug-config
+ annotations:
+ argocd.argoproj.io/sync-wave: "-10"
+spec:
+ deploymentTemplate:
+ spec:
+ selector: {}
+ template:
+ spec:
+ containers:
+ - name: package-runtime
+ args:
+ - --poll=1m
+ - --debug
+---
+# Source: sx-vault/templates/crossplane/cp-provider.yaml
# should move to crossplane ns, maybe?
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
@@ -8,4 +27,8 @@
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
package: xpkg.upbound.io/upbound/provider-vault:v1.0.0
+ runtimeConfigRef:
+ apiVersion: pkg.crossplane.io/v1beta1
+ kind: DeploymentRuntimeConfig
+ name: debug-config |
Changes Rendered Chartdiff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-24 17:18:17.366285881 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-24 17:17:49.563250171 +0000
@@ -24,9 +24,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-24 17:18:17.361285892 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-24 17:17:49.559250142 +0000
@@ -19,23 +19,57 @@
application.instanceLabelKey: argocd.argoproj.io/instance
application.resourceTrackingMethod: annotation
application.sync.impersonation.enabled: "false"
exec.enabled: "false"
- resource.customizations: |
- argoproj.io/Application:
- health.lua: |
- hs = {}
- hs.status = "Progressing"
- hs.message = ""
- if obj.status ~= nil then
- if obj.status.health ~= nil then
- hs.status = obj.status.health.status
- if obj.status.health.message ~= nil then
- hs.message = obj.status.health.message
- end
- end
- end
- return hs
+ resource.customizations: "argoproj.io/Application:\n health.lua: |\n hs = {}\n hs.status = \"Progressing\"\n
+ \ hs.message = \"\"\n if obj.status ~= nil then\n if obj.status.health
+ ~= nil then\n hs.status = obj.status.health.status\n if obj.status.health.message
+ ~= nil then\n hs.message = obj.status.health.message\n end\n end\n
+ \ end\n return hs\n\n\"*.upbound.io/*\":\n health.lua: |\n health_status
+ = {\n status = \"Progressing\",\n message = \"Provisioning ...\"\n }\n\n
+ \ local function contains (table, val)\n for i, v in ipairs(table) do\n if
+ v == val then\n return true\n end\n end\n return false\n
+ \ end\n\n local has_no_status = {\n \"ProviderConfig\",\n \"ProviderConfigUsage\"\n
+ \ }\n\n if obj.status == nil or next(obj.status) == nil and contains(has_no_status,
+ obj.kind) then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is up-to-date.\"\n return health_status\n end\n\n if obj.status
+ == nil or next(obj.status) == nil or obj.status.conditions == nil then\n if
+ obj.kind == \"ProviderConfig\" and obj.status.users ~= nil then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is in use.\"\n return
+ health_status\n end\n return health_status\n end\n\n for i, condition
+ in ipairs(obj.status.conditions) do\n if condition.type == \"LastAsyncOperation\"
+ then\n if condition.status == \"False\" then\n health_status.status
+ = \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Synced\" then\n
+ \ if condition.status == \"False\" then\n health_status.status =
+ \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Ready\" then\n
+ \ if condition.status == \"True\" then\n health_status.status = \"Healthy\"\n
+ \ health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status\n\n\"*.crossplane.io/*\":\n
+ \ health.lua: |\n health_status = {\n status = \"Progressing\",\n message
+ = \"Provisioning ...\"\n }\n\n local function contains (table, val)\n for
+ i, v in ipairs(table) do\n if v == val then\n return true\n end\n
+ \ end\n return false\n end\n\n local has_no_status = {\n \"Composition\",\n
+ \ \"CompositionRevision\",\n \"DeploymentRuntimeConfig\",\n \"ControllerConfig\",\n
+ \ \"ProviderConfig\",\n \"ProviderConfigUsage\"\n }\n if obj.status
+ == nil or next(obj.status) == nil and contains(has_no_status, obj.kind) then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n\n if obj.status == nil or next(obj.status) == nil or
+ obj.status.conditions == nil then\n if obj.kind == \"ProviderConfig\" and obj.status.users
+ ~= nil then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is in use.\"\n return health_status\n end\n return
+ health_status\n end\n\n for i, condition in ipairs(obj.status.conditions)
+ do\n if condition.type == \"LastAsyncOperation\" then\n if condition.status
+ == \"False\" then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if condition.type == \"Synced\" then\n if condition.status == \"False\"
+ then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if contains({\"Ready\", \"Healthy\", \"Offered\", \"Established\"}, condition.type)
+ then\n if condition.status == \"True\" then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status \n"
server.rbac.log.enforce.enable: "false"
statusbadge.enabled: "false"
timeout.hard.reconciliation: 0s
timeout.reconciliation: 20s
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-24 17:18:17.366285881 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-24 17:17:49.563250171 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-24 17:18:17.366285881 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-24 17:17:49.563250171 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-24 17:18:30.439270354 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-24 17:18:02.915285683 +0000
@@ -6,8 +6,11 @@
name: keycloak-credentials-cp
namespace: crossplane
labels:
type: provider-credentials
+ annotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+ argocd.argoproj.io/sync-wave: "-1"
type: Opaque
stringData:
credentials: |
{
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-24 17:18:30.439270354 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-24 17:18:02.915285683 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-24 17:18:30.441270357 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-24 17:18:02.917285666 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,23 +27,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: users
+ name: team1
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -52,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team-a-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team1
+ name: team-a
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +77,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-24 17:18:30.441270357 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-24 17:18:02.917285666 +0000
@@ -8,9 +8,8 @@
platform-engineer.cloud/realm: kubrix
annotations:
link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-02-24 17:18:30.442270358 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-02-24 17:18:02.917285666 +0000
@@ -30,9 +30,8 @@
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
providerSecretName: keycloak-credentials-cp
realm: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-24 17:18:30.391270280 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-24 17:18:02.867286090 +0000
@@ -6,8 +6,11 @@
name: keycloak-credentials-cp
namespace: crossplane
labels:
type: provider-credentials
+ annotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+ argocd.argoproj.io/sync-wave: "-1"
type: Opaque
stringData:
credentials: |
{
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-24 17:18:30.391270280 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-24 17:18:02.867286090 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-24 17:18:30.393270283 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-24 17:18:02.868286081 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,34 +27,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-24 17:18:30.393270283 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-24 17:18:02.868286081 +0000
@@ -8,9 +8,8 @@
platform-engineer.cloud/realm: kubrix
annotations:
link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-02-24 17:18:30.393270283 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-02-24 17:18:02.869286073 +0000
@@ -30,9 +30,8 @@
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
providerSecretName: keycloak-credentials-cp
realm: kubrix
diff -U 4 -r out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml
--- out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-24 17:18:41.023261709 +0000
+++ out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-24 17:18:14.092275908 +0000
@@ -44,9 +44,9 @@
metadata:
name: oidc-backend-role
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "4"
+ argocd.argoproj.io/sync-wave: "7"
spec:
providerConfigRef:
name: vault-crossplane-providerconfig
forProvider:
diff -U 4 -r out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml
--- out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-24 17:18:41.024261710 +0000
+++ out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-24 17:18:14.092275908 +0000
@@ -1,6 +1,25 @@
---
# Source: sx-vault/templates/crossplane/cp-provider.yaml
+apiVersion: pkg.crossplane.io/v1beta1
+kind: DeploymentRuntimeConfig
+metadata:
+ name: debug-config
+ annotations:
+ argocd.argoproj.io/sync-wave: "-10"
+spec:
+ deploymentTemplate:
+ spec:
+ selector: {}
+ template:
+ spec:
+ containers:
+ - name: package-runtime
+ args:
+ - --poll=1m
+ - --debug
+---
+# Source: sx-vault/templates/crossplane/cp-provider.yaml
# should move to crossplane ns, maybe?
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
@@ -8,4 +27,8 @@
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
package: xpkg.upbound.io/upbound/provider-vault:v1.0.0
+ runtimeConfigRef:
+ apiVersion: pkg.crossplane.io/v1beta1
+ kind: DeploymentRuntimeConfig
+ name: debug-config
diff -U 4 -r out/target/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml out/pr/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml
--- out/target/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml 2025-02-24 17:18:40.951261643 +0000
+++ out/pr/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml 2025-02-24 17:18:14.019275669 +0000
@@ -221,9 +221,9 @@
valueFrom:
secretKeyRef:
key: VAULT_ADDR
name: sx-vault-env-vars
- image: hashicorp/vault:1.17.2
+ image: hashicorp/vault:1.18.1
name: auto-initializer
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -251,9 +251,9 @@
valueFrom:
secretKeyRef:
key: VAULT_ADDR
name: sx-vault-env-vars
- image: hashicorp/vault:1.17.2
+ image: hashicorp/vault:1.18.1
name: auto-unsealer
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -280,26 +280,28 @@
\ /usr/local/libexec/vault/kubectl create secret generic crossplane-init
-n vault --from-literal=credentials='{\"token\":\"'${CROSSPLANETOKEN}'\"}' \n
\ vault write auth/kubernetes/role/crossplane bound_service_account_names=\"*\"
bound_service_account_namespaces=crossplane policies=crossplane ttl=24h \n\n
- \ else \n\n # due to #405\n if [ ! $(vault read auth/oidc/config)
- ]; then\n vault auth enable oidc\n vault write auth/oidc/config
- oidc_discovery_url=\"https://keycloak-127-0-0-1.nip.io/realms/kubrix\" oidc_client_id=\"vault\"
- oidc_client_secret=\"demosecret\" default_role=\"default\" oidc_discovery_ca_pem=@/vault/userconfig/vault-ca/ca.crt\n
- \ fi\n\n # workaround due to #422\n if [ ! $(vault list identity/group-alias/id)
- ]; then\n echo vault admins group configured, just updating group aliases\n
- \ vault list identity/group/name\n acc=$(vault auth list -format=json
- | /usr/local/libexec/vault/jq -r '.[\"oidc/\"].accessor')\n vault list
- identity/group/name |grep -A10 -- '----' |tail -n +2 | while read groupname ;
- do \n id=$(vault read \"/identity/group/name/$groupname\" -format=json
- | /usr/local/libexec/vault/jq -r .\"data.id\") \n vault write identity/group-alias
- name=\"$groupname\" mount_accessor=\"$acc\" canonical_id=\"$id\"\n echo
- group-alias created\n done\n fi\n # end #422\n echo
- creating accessor configmap\n accessor=$(vault auth list -detailed | grep
- kubernetes | awk '{print $3}')\n if /usr/local/libexec/vault/kubectl get
- configmap kubeauth-accessor -n vault; then\n /usr/local/libexec/vault/kubectl
- patch configmap kubeauth-accessor -n vault -p '{\"data\":{\"accessor\": \"'\"${accessor}\"'\"}}'\n
- \ else \n /usr/local/libexec/vault/kubectl create configmap kubeauth-accessor
+ \ else \n\n # due to https://github.com/suxess-it/kubriX/issues/405\n
+ \ if [ ! $(vault read auth/oidc/config) ]; then\n vault auth enable
+ oidc\n vault write auth/oidc/config oidc_discovery_url=\"https://keycloak-127-0-0-1.nip.io/realms/kubrix\"
+ oidc_client_id=\"vault\" oidc_client_secret=\"demosecret\" default_role=\"default\"
+ oidc_discovery_ca_pem=@/vault/userconfig/vault-ca/ca.crt\n fi\n\n #
+ workaround due to https://github.com/suxess-it/kubriX/issues/422\n if [
+ ! $(vault list identity/group-alias/id) ]; then\n echo vault admins group
+ configured, just updating group aliases\n vault list identity/group/name\n
+ \ acc=$(vault auth list -format=json | /usr/local/libexec/vault/jq -r
+ '.[\"oidc/\"].accessor')\n vault list identity/group/name |grep -A10
+ -- '----' |tail -n +2 | while read groupname ; do \n id=$(vault read
+ \"/identity/group/name/$groupname\" -format=json | /usr/local/libexec/vault/jq
+ -r .\"data.id\") \n vault write identity/group-alias name=\"$groupname\"
+ mount_accessor=\"$acc\" canonical_id=\"$id\"\n echo group-alias created\n
+ \ done\n fi\n # end #422\n echo creating accessor
+ configmap\n accessor=$(vault auth list -detailed | grep kubernetes | awk
+ '{print $3}')\n if /usr/local/libexec/vault/kubectl get configmap kubeauth-accessor
+ -n vault; then\n /usr/local/libexec/vault/kubectl patch configmap kubeauth-accessor
+ -n vault -p '{\"data\":{\"accessor\": \"'\"${accessor}\"'\"}}'\n else \n
+ \ /usr/local/libexec/vault/kubectl create configmap kubeauth-accessor
-n vault --from-literal=accessor=${accessor}\n fi \n echo setup
complete \n fi \n else\n echo vault still sealed\n fi \n
\ else \n echo root token not initialized yet \n fi \ndone \n"
env:
@@ -307,9 +309,9 @@
valueFrom:
secretKeyRef:
key: VAULT_ADDR
name: sx-vault-env-vars
- image: hashicorp/vault:1.17.2
+ image: hashicorp/vault:1.18.1
name: vault-initializer
securityContext:
allowPrivilegeEscalation: false
capabilities:
diff -U 4 -r out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml
--- out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-24 17:18:40.951261643 +0000
+++ out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-24 17:18:14.020275672 +0000
@@ -23,9 +23,9 @@
metadata:
name: oidc-backend-role
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "4"
+ argocd.argoproj.io/sync-wave: "7"
spec:
providerConfigRef:
name: vault-crossplane-providerconfig
forProvider:
diff -U 4 -r out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml
--- out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-24 17:18:40.952261644 +0000
+++ out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-24 17:18:14.020275672 +0000
@@ -1,6 +1,25 @@
---
# Source: sx-vault/templates/crossplane/cp-provider.yaml
+apiVersion: pkg.crossplane.io/v1beta1
+kind: DeploymentRuntimeConfig
+metadata:
+ name: debug-config
+ annotations:
+ argocd.argoproj.io/sync-wave: "-10"
+spec:
+ deploymentTemplate:
+ spec:
+ selector: {}
+ template:
+ spec:
+ containers:
+ - name: package-runtime
+ args:
+ - --poll=1m
+ - --debug
+---
+# Source: sx-vault/templates/crossplane/cp-provider.yaml
# should move to crossplane ns, maybe?
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
@@ -8,4 +27,8 @@
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
package: xpkg.upbound.io/upbound/provider-vault:v1.0.0
+ runtimeConfigRef:
+ apiVersion: pkg.crossplane.io/v1beta1
+ kind: DeploymentRuntimeConfig
+ name: debug-config |
Changes Default Values |
… sync too many times
Changes Rendered Chartdiff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-24 17:23:33.351126316 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-24 17:23:08.014291279 +0000
@@ -24,9 +24,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-24 17:23:33.345126356 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-24 17:23:08.010291306 +0000
@@ -19,23 +19,57 @@
application.instanceLabelKey: argocd.argoproj.io/instance
application.resourceTrackingMethod: annotation
application.sync.impersonation.enabled: "false"
exec.enabled: "false"
- resource.customizations: |
- argoproj.io/Application:
- health.lua: |
- hs = {}
- hs.status = "Progressing"
- hs.message = ""
- if obj.status ~= nil then
- if obj.status.health ~= nil then
- hs.status = obj.status.health.status
- if obj.status.health.message ~= nil then
- hs.message = obj.status.health.message
- end
- end
- end
- return hs
+ resource.customizations: "argoproj.io/Application:\n health.lua: |\n hs = {}\n hs.status = \"Progressing\"\n
+ \ hs.message = \"\"\n if obj.status ~= nil then\n if obj.status.health
+ ~= nil then\n hs.status = obj.status.health.status\n if obj.status.health.message
+ ~= nil then\n hs.message = obj.status.health.message\n end\n end\n
+ \ end\n return hs\n\n\"*.upbound.io/*\":\n health.lua: |\n health_status
+ = {\n status = \"Progressing\",\n message = \"Provisioning ...\"\n }\n\n
+ \ local function contains (table, val)\n for i, v in ipairs(table) do\n if
+ v == val then\n return true\n end\n end\n return false\n
+ \ end\n\n local has_no_status = {\n \"ProviderConfig\",\n \"ProviderConfigUsage\"\n
+ \ }\n\n if obj.status == nil or next(obj.status) == nil and contains(has_no_status,
+ obj.kind) then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is up-to-date.\"\n return health_status\n end\n\n if obj.status
+ == nil or next(obj.status) == nil or obj.status.conditions == nil then\n if
+ obj.kind == \"ProviderConfig\" and obj.status.users ~= nil then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is in use.\"\n return
+ health_status\n end\n return health_status\n end\n\n for i, condition
+ in ipairs(obj.status.conditions) do\n if condition.type == \"LastAsyncOperation\"
+ then\n if condition.status == \"False\" then\n health_status.status
+ = \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Synced\" then\n
+ \ if condition.status == \"False\" then\n health_status.status =
+ \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Ready\" then\n
+ \ if condition.status == \"True\" then\n health_status.status = \"Healthy\"\n
+ \ health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status\n\n\"*.crossplane.io/*\":\n
+ \ health.lua: |\n health_status = {\n status = \"Progressing\",\n message
+ = \"Provisioning ...\"\n }\n\n local function contains (table, val)\n for
+ i, v in ipairs(table) do\n if v == val then\n return true\n end\n
+ \ end\n return false\n end\n\n local has_no_status = {\n \"Composition\",\n
+ \ \"CompositionRevision\",\n \"DeploymentRuntimeConfig\",\n \"ControllerConfig\",\n
+ \ \"ProviderConfig\",\n \"ProviderConfigUsage\"\n }\n if obj.status
+ == nil or next(obj.status) == nil and contains(has_no_status, obj.kind) then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n\n if obj.status == nil or next(obj.status) == nil or
+ obj.status.conditions == nil then\n if obj.kind == \"ProviderConfig\" and obj.status.users
+ ~= nil then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is in use.\"\n return health_status\n end\n return
+ health_status\n end\n\n for i, condition in ipairs(obj.status.conditions)
+ do\n if condition.type == \"LastAsyncOperation\" then\n if condition.status
+ == \"False\" then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if condition.type == \"Synced\" then\n if condition.status == \"False\"
+ then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if contains({\"Ready\", \"Healthy\", \"Offered\", \"Established\"}, condition.type)
+ then\n if condition.status == \"True\" then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status \n"
server.rbac.log.enforce.enable: "false"
statusbadge.enabled: "false"
timeout.hard.reconciliation: 0s
timeout.reconciliation: 20s
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-24 17:23:33.350126323 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-24 17:23:08.014291279 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-24 17:23:33.351126316 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-24 17:23:08.014291279 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-24 17:23:44.178056610 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-24 17:23:20.082213792 +0000
@@ -6,8 +6,11 @@
name: keycloak-credentials-cp
namespace: crossplane
labels:
type: provider-credentials
+ annotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+ argocd.argoproj.io/sync-wave: "-1"
type: Opaque
stringData:
credentials: |
{
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-24 17:23:44.178056610 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-24 17:23:20.082213792 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-24 17:23:44.180056596 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-24 17:23:20.084213779 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,23 +27,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: users
+ name: team1
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -52,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team-a-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team1
+ name: team-a
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +77,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-24 17:23:44.180056596 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-24 17:23:20.084213779 +0000
@@ -8,9 +8,8 @@
platform-engineer.cloud/realm: kubrix
annotations:
link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-02-24 17:23:44.180056596 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-02-24 17:23:20.084213779 +0000
@@ -30,9 +30,8 @@
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
providerSecretName: keycloak-credentials-cp
realm: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-24 17:23:44.130056942 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-24 17:23:20.035214097 +0000
@@ -6,8 +6,11 @@
name: keycloak-credentials-cp
namespace: crossplane
labels:
type: provider-credentials
+ annotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+ argocd.argoproj.io/sync-wave: "-1"
type: Opaque
stringData:
credentials: |
{
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-24 17:23:44.131056935 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-24 17:23:20.036214091 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-24 17:23:44.132056928 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-24 17:23:20.037214084 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,34 +27,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-24 17:23:44.132056928 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-24 17:23:20.037214084 +0000
@@ -8,9 +8,8 @@
platform-engineer.cloud/realm: kubrix
annotations:
link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-02-24 17:23:44.132056928 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-02-24 17:23:20.037214084 +0000
@@ -30,9 +30,8 @@
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
providerSecretName: keycloak-credentials-cp
realm: kubrix
diff -U 4 -r out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml
--- out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-24 17:23:54.305987230 +0000
+++ out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-24 17:23:30.682144189 +0000
@@ -44,9 +44,9 @@
metadata:
name: oidc-backend-role
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "4"
+ argocd.argoproj.io/sync-wave: "7"
spec:
providerConfigRef:
name: vault-crossplane-providerconfig
forProvider:
diff -U 4 -r out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml
--- out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-24 17:23:54.306987223 +0000
+++ out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-24 17:23:30.682144189 +0000
@@ -1,6 +1,25 @@
---
# Source: sx-vault/templates/crossplane/cp-provider.yaml
+apiVersion: pkg.crossplane.io/v1beta1
+kind: DeploymentRuntimeConfig
+metadata:
+ name: debug-config
+ annotations:
+ argocd.argoproj.io/sync-wave: "-10"
+spec:
+ deploymentTemplate:
+ spec:
+ selector: {}
+ template:
+ spec:
+ containers:
+ - name: package-runtime
+ args:
+ - --poll=1m
+ - --debug
+---
+# Source: sx-vault/templates/crossplane/cp-provider.yaml
# should move to crossplane ns, maybe?
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
@@ -8,4 +27,8 @@
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
package: xpkg.upbound.io/upbound/provider-vault:v1.0.0
+ runtimeConfigRef:
+ apiVersion: pkg.crossplane.io/v1beta1
+ kind: DeploymentRuntimeConfig
+ name: debug-config
diff -U 4 -r out/target/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml out/pr/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml
--- out/target/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml 2025-02-24 17:23:54.232987723 +0000
+++ out/pr/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml 2025-02-24 17:23:30.610144671 +0000
@@ -221,9 +221,9 @@
valueFrom:
secretKeyRef:
key: VAULT_ADDR
name: sx-vault-env-vars
- image: hashicorp/vault:1.17.2
+ image: hashicorp/vault:1.18.1
name: auto-initializer
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -251,9 +251,9 @@
valueFrom:
secretKeyRef:
key: VAULT_ADDR
name: sx-vault-env-vars
- image: hashicorp/vault:1.17.2
+ image: hashicorp/vault:1.18.1
name: auto-unsealer
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -280,26 +280,28 @@
\ /usr/local/libexec/vault/kubectl create secret generic crossplane-init
-n vault --from-literal=credentials='{\"token\":\"'${CROSSPLANETOKEN}'\"}' \n
\ vault write auth/kubernetes/role/crossplane bound_service_account_names=\"*\"
bound_service_account_namespaces=crossplane policies=crossplane ttl=24h \n\n
- \ else \n\n # due to #405\n if [ ! $(vault read auth/oidc/config)
- ]; then\n vault auth enable oidc\n vault write auth/oidc/config
- oidc_discovery_url=\"https://keycloak-127-0-0-1.nip.io/realms/kubrix\" oidc_client_id=\"vault\"
- oidc_client_secret=\"demosecret\" default_role=\"default\" oidc_discovery_ca_pem=@/vault/userconfig/vault-ca/ca.crt\n
- \ fi\n\n # workaround due to #422\n if [ ! $(vault list identity/group-alias/id)
- ]; then\n echo vault admins group configured, just updating group aliases\n
- \ vault list identity/group/name\n acc=$(vault auth list -format=json
- | /usr/local/libexec/vault/jq -r '.[\"oidc/\"].accessor')\n vault list
- identity/group/name |grep -A10 -- '----' |tail -n +2 | while read groupname ;
- do \n id=$(vault read \"/identity/group/name/$groupname\" -format=json
- | /usr/local/libexec/vault/jq -r .\"data.id\") \n vault write identity/group-alias
- name=\"$groupname\" mount_accessor=\"$acc\" canonical_id=\"$id\"\n echo
- group-alias created\n done\n fi\n # end #422\n echo
- creating accessor configmap\n accessor=$(vault auth list -detailed | grep
- kubernetes | awk '{print $3}')\n if /usr/local/libexec/vault/kubectl get
- configmap kubeauth-accessor -n vault; then\n /usr/local/libexec/vault/kubectl
- patch configmap kubeauth-accessor -n vault -p '{\"data\":{\"accessor\": \"'\"${accessor}\"'\"}}'\n
- \ else \n /usr/local/libexec/vault/kubectl create configmap kubeauth-accessor
+ \ else \n\n # due to https://github.com/suxess-it/kubriX/issues/405\n
+ \ if [ ! $(vault read auth/oidc/config) ]; then\n vault auth enable
+ oidc\n vault write auth/oidc/config oidc_discovery_url=\"https://keycloak-127-0-0-1.nip.io/realms/kubrix\"
+ oidc_client_id=\"vault\" oidc_client_secret=\"demosecret\" default_role=\"default\"
+ oidc_discovery_ca_pem=@/vault/userconfig/vault-ca/ca.crt\n fi\n\n #
+ workaround due to https://github.com/suxess-it/kubriX/issues/422\n if [
+ ! $(vault list identity/group-alias/id) ]; then\n echo vault admins group
+ configured, just updating group aliases\n vault list identity/group/name\n
+ \ acc=$(vault auth list -format=json | /usr/local/libexec/vault/jq -r
+ '.[\"oidc/\"].accessor')\n vault list identity/group/name |grep -A10
+ -- '----' |tail -n +2 | while read groupname ; do \n id=$(vault read
+ \"/identity/group/name/$groupname\" -format=json | /usr/local/libexec/vault/jq
+ -r .\"data.id\") \n vault write identity/group-alias name=\"$groupname\"
+ mount_accessor=\"$acc\" canonical_id=\"$id\"\n echo group-alias created\n
+ \ done\n fi\n # end #422\n echo creating accessor
+ configmap\n accessor=$(vault auth list -detailed | grep kubernetes | awk
+ '{print $3}')\n if /usr/local/libexec/vault/kubectl get configmap kubeauth-accessor
+ -n vault; then\n /usr/local/libexec/vault/kubectl patch configmap kubeauth-accessor
+ -n vault -p '{\"data\":{\"accessor\": \"'\"${accessor}\"'\"}}'\n else \n
+ \ /usr/local/libexec/vault/kubectl create configmap kubeauth-accessor
-n vault --from-literal=accessor=${accessor}\n fi \n echo setup
complete \n fi \n else\n echo vault still sealed\n fi \n
\ else \n echo root token not initialized yet \n fi \ndone \n"
env:
@@ -307,9 +309,9 @@
valueFrom:
secretKeyRef:
key: VAULT_ADDR
name: sx-vault-env-vars
- image: hashicorp/vault:1.17.2
+ image: hashicorp/vault:1.18.1
name: vault-initializer
securityContext:
allowPrivilegeEscalation: false
capabilities:
diff -U 4 -r out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml
--- out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-24 17:23:54.232987723 +0000
+++ out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-24 17:23:30.610144671 +0000
@@ -23,9 +23,9 @@
metadata:
name: oidc-backend-role
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "4"
+ argocd.argoproj.io/sync-wave: "7"
spec:
providerConfigRef:
name: vault-crossplane-providerconfig
forProvider:
diff -U 4 -r out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml
--- out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-24 17:23:54.232987723 +0000
+++ out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-24 17:23:30.611144665 +0000
@@ -1,6 +1,25 @@
---
# Source: sx-vault/templates/crossplane/cp-provider.yaml
+apiVersion: pkg.crossplane.io/v1beta1
+kind: DeploymentRuntimeConfig
+metadata:
+ name: debug-config
+ annotations:
+ argocd.argoproj.io/sync-wave: "-10"
+spec:
+ deploymentTemplate:
+ spec:
+ selector: {}
+ template:
+ spec:
+ containers:
+ - name: package-runtime
+ args:
+ - --poll=1m
+ - --debug
+---
+# Source: sx-vault/templates/crossplane/cp-provider.yaml
# should move to crossplane ns, maybe?
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
@@ -8,4 +27,8 @@
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
package: xpkg.upbound.io/upbound/provider-vault:v1.0.0
+ runtimeConfigRef:
+ apiVersion: pkg.crossplane.io/v1beta1
+ kind: DeploymentRuntimeConfig
+ name: debug-config |
Changes Default Values |
Changes Default Values |
Changes Rendered Chartdiff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-24 19:51:27.022211400 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-24 19:51:00.806010463 +0000
@@ -24,9 +24,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-24 19:51:27.018211296 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-24 19:51:00.801010432 +0000
@@ -19,23 +19,57 @@
application.instanceLabelKey: argocd.argoproj.io/instance
application.resourceTrackingMethod: annotation
application.sync.impersonation.enabled: "false"
exec.enabled: "false"
- resource.customizations: |
- argoproj.io/Application:
- health.lua: |
- hs = {}
- hs.status = "Progressing"
- hs.message = ""
- if obj.status ~= nil then
- if obj.status.health ~= nil then
- hs.status = obj.status.health.status
- if obj.status.health.message ~= nil then
- hs.message = obj.status.health.message
- end
- end
- end
- return hs
+ resource.customizations: "argoproj.io/Application:\n health.lua: |\n hs = {}\n hs.status = \"Progressing\"\n
+ \ hs.message = \"\"\n if obj.status ~= nil then\n if obj.status.health
+ ~= nil then\n hs.status = obj.status.health.status\n if obj.status.health.message
+ ~= nil then\n hs.message = obj.status.health.message\n end\n end\n
+ \ end\n return hs\n\n\"*.upbound.io/*\":\n health.lua: |\n health_status
+ = {\n status = \"Progressing\",\n message = \"Provisioning ...\"\n }\n\n
+ \ local function contains (table, val)\n for i, v in ipairs(table) do\n if
+ v == val then\n return true\n end\n end\n return false\n
+ \ end\n\n local has_no_status = {\n \"ProviderConfig\",\n \"ProviderConfigUsage\"\n
+ \ }\n\n if obj.status == nil or next(obj.status) == nil and contains(has_no_status,
+ obj.kind) then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is up-to-date.\"\n return health_status\n end\n\n if obj.status
+ == nil or next(obj.status) == nil or obj.status.conditions == nil then\n if
+ obj.kind == \"ProviderConfig\" and obj.status.users ~= nil then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is in use.\"\n return
+ health_status\n end\n return health_status\n end\n\n for i, condition
+ in ipairs(obj.status.conditions) do\n if condition.type == \"LastAsyncOperation\"
+ then\n if condition.status == \"False\" then\n health_status.status
+ = \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Synced\" then\n
+ \ if condition.status == \"False\" then\n health_status.status =
+ \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Ready\" then\n
+ \ if condition.status == \"True\" then\n health_status.status = \"Healthy\"\n
+ \ health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status\n\n\"*.crossplane.io/*\":\n
+ \ health.lua: |\n health_status = {\n status = \"Progressing\",\n message
+ = \"Provisioning ...\"\n }\n\n local function contains (table, val)\n for
+ i, v in ipairs(table) do\n if v == val then\n return true\n end\n
+ \ end\n return false\n end\n\n local has_no_status = {\n \"Composition\",\n
+ \ \"CompositionRevision\",\n \"DeploymentRuntimeConfig\",\n \"ControllerConfig\",\n
+ \ \"ProviderConfig\",\n \"ProviderConfigUsage\"\n }\n if obj.status
+ == nil or next(obj.status) == nil and contains(has_no_status, obj.kind) then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n\n if obj.status == nil or next(obj.status) == nil or
+ obj.status.conditions == nil then\n if obj.kind == \"ProviderConfig\" and obj.status.users
+ ~= nil then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is in use.\"\n return health_status\n end\n return
+ health_status\n end\n\n for i, condition in ipairs(obj.status.conditions)
+ do\n if condition.type == \"LastAsyncOperation\" then\n if condition.status
+ == \"False\" then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if condition.type == \"Synced\" then\n if condition.status == \"False\"
+ then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if contains({\"Ready\", \"Healthy\", \"Offered\", \"Established\"}, condition.type)
+ then\n if condition.status == \"True\" then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status \n"
server.rbac.log.enforce.enable: "false"
statusbadge.enabled: "false"
timeout.hard.reconciliation: 0s
timeout.reconciliation: 20s
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-24 19:51:27.022211400 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-24 19:51:00.806010463 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-24 19:51:27.022211400 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-24 19:51:00.806010463 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-24 19:51:37.601372932 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-24 19:51:13.500105440 +0000
@@ -6,8 +6,11 @@
name: keycloak-credentials-cp
namespace: crossplane
labels:
type: provider-credentials
+ annotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+ argocd.argoproj.io/sync-wave: "-1"
type: Opaque
stringData:
credentials: |
{
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-24 19:51:37.601372932 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-24 19:51:13.500105440 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-24 19:51:37.603372944 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-24 19:51:13.502105451 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,23 +27,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: users
+ name: team1
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -52,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team-a-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team1
+ name: team-a
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +77,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-24 19:51:37.603372944 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-24 19:51:13.502105451 +0000
@@ -8,9 +8,8 @@
platform-engineer.cloud/realm: kubrix
annotations:
link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/keycloak.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/keycloak.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/keycloak.yaml 2025-02-24 19:51:37.602372938 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/keycloak.yaml 2025-02-24 19:51:13.500105440 +0000
@@ -108,9 +108,9 @@
memory: 2048Mi
cpu: "2"
requests:
memory: 1024Mi
- cpu: "0.6"
+ cpu: "0.3"
volumeMounts:
- mountPath: /opt/keycloak/bin/poststart.sh
name: keycloak-hookvolume
subPath: poststart.sh
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-02-24 19:51:37.603372944 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-02-24 19:51:13.502105451 +0000
@@ -30,9 +30,8 @@
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
providerSecretName: keycloak-credentials-cp
realm: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-24 19:51:37.552372625 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-24 19:51:13.452105154 +0000
@@ -6,8 +6,11 @@
name: keycloak-credentials-cp
namespace: crossplane
labels:
type: provider-credentials
+ annotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+ argocd.argoproj.io/sync-wave: "-1"
type: Opaque
stringData:
credentials: |
{
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-24 19:51:37.553372631 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-24 19:51:13.453105160 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-24 19:51:37.554372638 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-24 19:51:13.454105166 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,34 +27,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-24 19:51:37.554372638 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-24 19:51:13.454105166 +0000
@@ -8,9 +8,8 @@
platform-engineer.cloud/realm: kubrix
annotations:
link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/keycloak.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/keycloak.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/keycloak.yaml 2025-02-24 19:51:37.553372631 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/keycloak.yaml 2025-02-24 19:51:13.453105160 +0000
@@ -108,9 +108,9 @@
memory: 2048Mi
cpu: "2"
requests:
memory: 1024Mi
- cpu: "0.6"
+ cpu: "0.3"
volumeMounts:
- mountPath: /opt/keycloak/bin/poststart.sh
name: keycloak-hookvolume
subPath: poststart.sh
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-02-24 19:51:37.555372644 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-02-24 19:51:13.454105166 +0000
@@ -30,9 +30,8 @@
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
providerSecretName: keycloak-credentials-cp
realm: kubrix
diff -U 4 -r out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml
--- out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-24 19:51:47.916506695 +0000
+++ out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-24 19:51:24.232170892 +0000
@@ -44,9 +44,9 @@
metadata:
name: oidc-backend-role
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "4"
+ argocd.argoproj.io/sync-wave: "7"
spec:
providerConfigRef:
name: vault-crossplane-providerconfig
forProvider:
diff -U 4 -r out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml
--- out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-24 19:51:47.917506703 +0000
+++ out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-24 19:51:24.233170898 +0000
@@ -1,6 +1,25 @@
---
# Source: sx-vault/templates/crossplane/cp-provider.yaml
+apiVersion: pkg.crossplane.io/v1beta1
+kind: DeploymentRuntimeConfig
+metadata:
+ name: debug-config
+ annotations:
+ argocd.argoproj.io/sync-wave: "-10"
+spec:
+ deploymentTemplate:
+ spec:
+ selector: {}
+ template:
+ spec:
+ containers:
+ - name: package-runtime
+ args:
+ - --poll=1m
+ - --debug
+---
+# Source: sx-vault/templates/crossplane/cp-provider.yaml
# should move to crossplane ns, maybe?
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
@@ -8,4 +27,8 @@
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
package: xpkg.upbound.io/upbound/provider-vault:v1.0.0
+ runtimeConfigRef:
+ apiVersion: pkg.crossplane.io/v1beta1
+ kind: DeploymentRuntimeConfig
+ name: debug-config
diff -U 4 -r out/target/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml out/pr/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml
--- out/target/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml 2025-02-24 19:51:47.842506044 +0000
+++ out/pr/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml 2025-02-24 19:51:24.159170439 +0000
@@ -221,9 +221,9 @@
valueFrom:
secretKeyRef:
key: VAULT_ADDR
name: sx-vault-env-vars
- image: hashicorp/vault:1.17.2
+ image: hashicorp/vault:1.18.1
name: auto-initializer
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -251,9 +251,9 @@
valueFrom:
secretKeyRef:
key: VAULT_ADDR
name: sx-vault-env-vars
- image: hashicorp/vault:1.17.2
+ image: hashicorp/vault:1.18.1
name: auto-unsealer
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -280,26 +280,28 @@
\ /usr/local/libexec/vault/kubectl create secret generic crossplane-init
-n vault --from-literal=credentials='{\"token\":\"'${CROSSPLANETOKEN}'\"}' \n
\ vault write auth/kubernetes/role/crossplane bound_service_account_names=\"*\"
bound_service_account_namespaces=crossplane policies=crossplane ttl=24h \n\n
- \ else \n\n # due to #405\n if [ ! $(vault read auth/oidc/config)
- ]; then\n vault auth enable oidc\n vault write auth/oidc/config
- oidc_discovery_url=\"https://keycloak-127-0-0-1.nip.io/realms/kubrix\" oidc_client_id=\"vault\"
- oidc_client_secret=\"demosecret\" default_role=\"default\" oidc_discovery_ca_pem=@/vault/userconfig/vault-ca/ca.crt\n
- \ fi\n\n # workaround due to #422\n if [ ! $(vault list identity/group-alias/id)
- ]; then\n echo vault admins group configured, just updating group aliases\n
- \ vault list identity/group/name\n acc=$(vault auth list -format=json
- | /usr/local/libexec/vault/jq -r '.[\"oidc/\"].accessor')\n vault list
- identity/group/name |grep -A10 -- '----' |tail -n +2 | while read groupname ;
- do \n id=$(vault read \"/identity/group/name/$groupname\" -format=json
- | /usr/local/libexec/vault/jq -r .\"data.id\") \n vault write identity/group-alias
- name=\"$groupname\" mount_accessor=\"$acc\" canonical_id=\"$id\"\n echo
- group-alias created\n done\n fi\n # end #422\n echo
- creating accessor configmap\n accessor=$(vault auth list -detailed | grep
- kubernetes | awk '{print $3}')\n if /usr/local/libexec/vault/kubectl get
- configmap kubeauth-accessor -n vault; then\n /usr/local/libexec/vault/kubectl
- patch configmap kubeauth-accessor -n vault -p '{\"data\":{\"accessor\": \"'\"${accessor}\"'\"}}'\n
- \ else \n /usr/local/libexec/vault/kubectl create configmap kubeauth-accessor
+ \ else \n\n # due to https://github.com/suxess-it/kubriX/issues/405\n
+ \ if [ ! $(vault read auth/oidc/config) ]; then\n vault auth enable
+ oidc\n vault write auth/oidc/config oidc_discovery_url=\"https://keycloak-127-0-0-1.nip.io/realms/kubrix\"
+ oidc_client_id=\"vault\" oidc_client_secret=\"demosecret\" default_role=\"default\"
+ oidc_discovery_ca_pem=@/vault/userconfig/vault-ca/ca.crt\n fi\n\n #
+ workaround due to https://github.com/suxess-it/kubriX/issues/422\n if [
+ ! $(vault list identity/group-alias/id) ]; then\n echo vault admins group
+ configured, just updating group aliases\n vault list identity/group/name\n
+ \ acc=$(vault auth list -format=json | /usr/local/libexec/vault/jq -r
+ '.[\"oidc/\"].accessor')\n vault list identity/group/name |grep -A10
+ -- '----' |tail -n +2 | while read groupname ; do \n id=$(vault read
+ \"/identity/group/name/$groupname\" -format=json | /usr/local/libexec/vault/jq
+ -r .\"data.id\") \n vault write identity/group-alias name=\"$groupname\"
+ mount_accessor=\"$acc\" canonical_id=\"$id\"\n echo group-alias created\n
+ \ done\n fi\n # end #422\n echo creating accessor
+ configmap\n accessor=$(vault auth list -detailed | grep kubernetes | awk
+ '{print $3}')\n if /usr/local/libexec/vault/kubectl get configmap kubeauth-accessor
+ -n vault; then\n /usr/local/libexec/vault/kubectl patch configmap kubeauth-accessor
+ -n vault -p '{\"data\":{\"accessor\": \"'\"${accessor}\"'\"}}'\n else \n
+ \ /usr/local/libexec/vault/kubectl create configmap kubeauth-accessor
-n vault --from-literal=accessor=${accessor}\n fi \n echo setup
complete \n fi \n else\n echo vault still sealed\n fi \n
\ else \n echo root token not initialized yet \n fi \ndone \n"
env:
@@ -307,9 +309,9 @@
valueFrom:
secretKeyRef:
key: VAULT_ADDR
name: sx-vault-env-vars
- image: hashicorp/vault:1.17.2
+ image: hashicorp/vault:1.18.1
name: vault-initializer
securityContext:
allowPrivilegeEscalation: false
capabilities:
diff -U 4 -r out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml
--- out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-24 19:51:47.843506053 +0000
+++ out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-24 19:51:24.159170439 +0000
@@ -23,9 +23,9 @@
metadata:
name: oidc-backend-role
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "4"
+ argocd.argoproj.io/sync-wave: "7"
spec:
providerConfigRef:
name: vault-crossplane-providerconfig
forProvider:
diff -U 4 -r out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml
--- out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-24 19:51:47.843506053 +0000
+++ out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-24 19:51:24.160170445 +0000
@@ -1,6 +1,25 @@
---
# Source: sx-vault/templates/crossplane/cp-provider.yaml
+apiVersion: pkg.crossplane.io/v1beta1
+kind: DeploymentRuntimeConfig
+metadata:
+ name: debug-config
+ annotations:
+ argocd.argoproj.io/sync-wave: "-10"
+spec:
+ deploymentTemplate:
+ spec:
+ selector: {}
+ template:
+ spec:
+ containers:
+ - name: package-runtime
+ args:
+ - --poll=1m
+ - --debug
+---
+# Source: sx-vault/templates/crossplane/cp-provider.yaml
# should move to crossplane ns, maybe?
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
@@ -8,4 +27,8 @@
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
package: xpkg.upbound.io/upbound/provider-vault:v1.0.0
+ runtimeConfigRef:
+ apiVersion: pkg.crossplane.io/v1beta1
+ kind: DeploymentRuntimeConfig
+ name: debug-config |
Changes Rendered Chartdiff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-24 20:31:02.325735137 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-24 20:30:36.779510952 +0000
@@ -24,9 +24,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-24 20:31:02.320735096 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-24 20:30:36.775510918 +0000
@@ -19,23 +19,57 @@
application.instanceLabelKey: argocd.argoproj.io/instance
application.resourceTrackingMethod: annotation
application.sync.impersonation.enabled: "false"
exec.enabled: "false"
- resource.customizations: |
- argoproj.io/Application:
- health.lua: |
- hs = {}
- hs.status = "Progressing"
- hs.message = ""
- if obj.status ~= nil then
- if obj.status.health ~= nil then
- hs.status = obj.status.health.status
- if obj.status.health.message ~= nil then
- hs.message = obj.status.health.message
- end
- end
- end
- return hs
+ resource.customizations: "argoproj.io/Application:\n health.lua: |\n hs = {}\n hs.status = \"Progressing\"\n
+ \ hs.message = \"\"\n if obj.status ~= nil then\n if obj.status.health
+ ~= nil then\n hs.status = obj.status.health.status\n if obj.status.health.message
+ ~= nil then\n hs.message = obj.status.health.message\n end\n end\n
+ \ end\n return hs\n\n\"*.upbound.io/*\":\n health.lua: |\n health_status
+ = {\n status = \"Progressing\",\n message = \"Provisioning ...\"\n }\n\n
+ \ local function contains (table, val)\n for i, v in ipairs(table) do\n if
+ v == val then\n return true\n end\n end\n return false\n
+ \ end\n\n local has_no_status = {\n \"ProviderConfig\",\n \"ProviderConfigUsage\"\n
+ \ }\n\n if obj.status == nil or next(obj.status) == nil and contains(has_no_status,
+ obj.kind) then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is up-to-date.\"\n return health_status\n end\n\n if obj.status
+ == nil or next(obj.status) == nil or obj.status.conditions == nil then\n if
+ obj.kind == \"ProviderConfig\" and obj.status.users ~= nil then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is in use.\"\n return
+ health_status\n end\n return health_status\n end\n\n for i, condition
+ in ipairs(obj.status.conditions) do\n if condition.type == \"LastAsyncOperation\"
+ then\n if condition.status == \"False\" then\n health_status.status
+ = \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Synced\" then\n
+ \ if condition.status == \"False\" then\n health_status.status =
+ \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Ready\" then\n
+ \ if condition.status == \"True\" then\n health_status.status = \"Healthy\"\n
+ \ health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status\n\n\"*.crossplane.io/*\":\n
+ \ health.lua: |\n health_status = {\n status = \"Progressing\",\n message
+ = \"Provisioning ...\"\n }\n\n local function contains (table, val)\n for
+ i, v in ipairs(table) do\n if v == val then\n return true\n end\n
+ \ end\n return false\n end\n\n local has_no_status = {\n \"Composition\",\n
+ \ \"CompositionRevision\",\n \"DeploymentRuntimeConfig\",\n \"ControllerConfig\",\n
+ \ \"ProviderConfig\",\n \"ProviderConfigUsage\"\n }\n if obj.status
+ == nil or next(obj.status) == nil and contains(has_no_status, obj.kind) then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n\n if obj.status == nil or next(obj.status) == nil or
+ obj.status.conditions == nil then\n if obj.kind == \"ProviderConfig\" and obj.status.users
+ ~= nil then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is in use.\"\n return health_status\n end\n return
+ health_status\n end\n\n for i, condition in ipairs(obj.status.conditions)
+ do\n if condition.type == \"LastAsyncOperation\" then\n if condition.status
+ == \"False\" then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if condition.type == \"Synced\" then\n if condition.status == \"False\"
+ then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if contains({\"Ready\", \"Healthy\", \"Offered\", \"Established\"}, condition.type)
+ then\n if condition.status == \"True\" then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status \n"
server.rbac.log.enforce.enable: "false"
statusbadge.enabled: "false"
timeout.hard.reconciliation: 0s
timeout.reconciliation: 20s
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-24 20:31:02.325735137 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-24 20:30:36.779510952 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-24 20:31:02.325735137 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-24 20:30:36.779510952 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-24 20:31:13.735828115 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-24 20:30:48.946610418 +0000
@@ -6,8 +6,11 @@
name: keycloak-credentials-cp
namespace: crossplane
labels:
type: provider-credentials
+ annotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+ argocd.argoproj.io/sync-wave: "-1"
type: Opaque
stringData:
credentials: |
{
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-24 20:31:13.736828124 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-24 20:30:48.946610418 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-24 20:31:13.738828140 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-24 20:30:48.948610434 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,23 +27,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: users
+ name: team1
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -52,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team-a-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team1
+ name: team-a
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +77,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-24 20:31:13.738828140 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-24 20:30:48.948610434 +0000
@@ -8,9 +8,8 @@
platform-engineer.cloud/realm: kubrix
annotations:
link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/keycloak.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/keycloak.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/keycloak.yaml 2025-02-24 20:31:13.736828124 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/keycloak.yaml 2025-02-24 20:30:48.946610418 +0000
@@ -108,9 +108,9 @@
memory: 2048Mi
cpu: "2"
requests:
memory: 1024Mi
- cpu: "0.6"
+ cpu: "0.3"
volumeMounts:
- mountPath: /opt/keycloak/bin/poststart.sh
name: keycloak-hookvolume
subPath: poststart.sh
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-02-24 20:31:13.738828140 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-02-24 20:30:48.948610434 +0000
@@ -30,9 +30,8 @@
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
providerSecretName: keycloak-credentials-cp
realm: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-24 20:31:13.688827730 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-24 20:30:48.896610004 +0000
@@ -6,8 +6,11 @@
name: keycloak-credentials-cp
namespace: crossplane
labels:
type: provider-credentials
+ annotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+ argocd.argoproj.io/sync-wave: "-1"
type: Opaque
stringData:
credentials: |
{
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-24 20:31:13.689827738 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-24 20:30:48.897610012 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-24 20:31:13.690827747 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-24 20:30:48.898610020 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,34 +27,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-24 20:31:13.690827747 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-24 20:30:48.898610020 +0000
@@ -8,9 +8,8 @@
platform-engineer.cloud/realm: kubrix
annotations:
link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/keycloak.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/keycloak.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/keycloak.yaml 2025-02-24 20:31:13.689827738 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/keycloak.yaml 2025-02-24 20:30:48.897610012 +0000
@@ -108,9 +108,9 @@
memory: 2048Mi
cpu: "2"
requests:
memory: 1024Mi
- cpu: "0.6"
+ cpu: "0.3"
volumeMounts:
- mountPath: /opt/keycloak/bin/poststart.sh
name: keycloak-hookvolume
subPath: poststart.sh
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-02-24 20:31:13.690827747 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-02-24 20:30:48.899610028 +0000
@@ -30,9 +30,8 @@
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
providerSecretName: keycloak-credentials-cp
realm: kubrix
diff -U 4 -r out/target/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/ingester/ingester-statefulset.yaml out/pr/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/ingester/ingester-statefulset.yaml
--- out/target/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/ingester/ingester-statefulset.yaml 2025-02-24 20:31:20.554883855 +0000
+++ out/pr/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/ingester/ingester-statefulset.yaml 2025-02-24 20:30:56.138684879 +0000
@@ -128,9 +128,9 @@
limits:
cpu: 5
memory: 12Gi
requests:
- cpu: 100m
+ cpu: 50m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -273,9 +273,9 @@
limits:
cpu: 5
memory: 12Gi
requests:
- cpu: 100m
+ cpu: 50m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -418,9 +418,9 @@
limits:
cpu: 5
memory: 12Gi
requests:
- cpu: 100m
+ cpu: 50m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
diff -U 4 -r out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml
--- out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-24 20:31:23.636908984 +0000
+++ out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-24 20:30:59.553712633 +0000
@@ -44,9 +44,9 @@
metadata:
name: oidc-backend-role
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "4"
+ argocd.argoproj.io/sync-wave: "7"
spec:
providerConfigRef:
name: vault-crossplane-providerconfig
forProvider:
diff -U 4 -r out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml
--- out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-24 20:31:23.636908984 +0000
+++ out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-24 20:30:59.554712641 +0000
@@ -1,6 +1,25 @@
---
# Source: sx-vault/templates/crossplane/cp-provider.yaml
+apiVersion: pkg.crossplane.io/v1beta1
+kind: DeploymentRuntimeConfig
+metadata:
+ name: debug-config
+ annotations:
+ argocd.argoproj.io/sync-wave: "-10"
+spec:
+ deploymentTemplate:
+ spec:
+ selector: {}
+ template:
+ spec:
+ containers:
+ - name: package-runtime
+ args:
+ - --poll=1m
+ - --debug
+---
+# Source: sx-vault/templates/crossplane/cp-provider.yaml
# should move to crossplane ns, maybe?
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
@@ -8,4 +27,8 @@
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
package: xpkg.upbound.io/upbound/provider-vault:v1.0.0
+ runtimeConfigRef:
+ apiVersion: pkg.crossplane.io/v1beta1
+ kind: DeploymentRuntimeConfig
+ name: debug-config
diff -U 4 -r out/target/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml out/pr/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml
--- out/target/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml 2025-02-24 20:31:23.565908406 +0000
+++ out/pr/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml 2025-02-24 20:30:59.480712039 +0000
@@ -221,9 +221,9 @@
valueFrom:
secretKeyRef:
key: VAULT_ADDR
name: sx-vault-env-vars
- image: hashicorp/vault:1.17.2
+ image: hashicorp/vault:1.18.1
name: auto-initializer
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -251,9 +251,9 @@
valueFrom:
secretKeyRef:
key: VAULT_ADDR
name: sx-vault-env-vars
- image: hashicorp/vault:1.17.2
+ image: hashicorp/vault:1.18.1
name: auto-unsealer
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -280,26 +280,28 @@
\ /usr/local/libexec/vault/kubectl create secret generic crossplane-init
-n vault --from-literal=credentials='{\"token\":\"'${CROSSPLANETOKEN}'\"}' \n
\ vault write auth/kubernetes/role/crossplane bound_service_account_names=\"*\"
bound_service_account_namespaces=crossplane policies=crossplane ttl=24h \n\n
- \ else \n\n # due to #405\n if [ ! $(vault read auth/oidc/config)
- ]; then\n vault auth enable oidc\n vault write auth/oidc/config
- oidc_discovery_url=\"https://keycloak-127-0-0-1.nip.io/realms/kubrix\" oidc_client_id=\"vault\"
- oidc_client_secret=\"demosecret\" default_role=\"default\" oidc_discovery_ca_pem=@/vault/userconfig/vault-ca/ca.crt\n
- \ fi\n\n # workaround due to #422\n if [ ! $(vault list identity/group-alias/id)
- ]; then\n echo vault admins group configured, just updating group aliases\n
- \ vault list identity/group/name\n acc=$(vault auth list -format=json
- | /usr/local/libexec/vault/jq -r '.[\"oidc/\"].accessor')\n vault list
- identity/group/name |grep -A10 -- '----' |tail -n +2 | while read groupname ;
- do \n id=$(vault read \"/identity/group/name/$groupname\" -format=json
- | /usr/local/libexec/vault/jq -r .\"data.id\") \n vault write identity/group-alias
- name=\"$groupname\" mount_accessor=\"$acc\" canonical_id=\"$id\"\n echo
- group-alias created\n done\n fi\n # end #422\n echo
- creating accessor configmap\n accessor=$(vault auth list -detailed | grep
- kubernetes | awk '{print $3}')\n if /usr/local/libexec/vault/kubectl get
- configmap kubeauth-accessor -n vault; then\n /usr/local/libexec/vault/kubectl
- patch configmap kubeauth-accessor -n vault -p '{\"data\":{\"accessor\": \"'\"${accessor}\"'\"}}'\n
- \ else \n /usr/local/libexec/vault/kubectl create configmap kubeauth-accessor
+ \ else \n\n # due to https://github.com/suxess-it/kubriX/issues/405\n
+ \ if [ ! $(vault read auth/oidc/config) ]; then\n vault auth enable
+ oidc\n vault write auth/oidc/config oidc_discovery_url=\"https://keycloak-127-0-0-1.nip.io/realms/kubrix\"
+ oidc_client_id=\"vault\" oidc_client_secret=\"demosecret\" default_role=\"default\"
+ oidc_discovery_ca_pem=@/vault/userconfig/vault-ca/ca.crt\n fi\n\n #
+ workaround due to https://github.com/suxess-it/kubriX/issues/422\n if [
+ ! $(vault list identity/group-alias/id) ]; then\n echo vault admins group
+ configured, just updating group aliases\n vault list identity/group/name\n
+ \ acc=$(vault auth list -format=json | /usr/local/libexec/vault/jq -r
+ '.[\"oidc/\"].accessor')\n vault list identity/group/name |grep -A10
+ -- '----' |tail -n +2 | while read groupname ; do \n id=$(vault read
+ \"/identity/group/name/$groupname\" -format=json | /usr/local/libexec/vault/jq
+ -r .\"data.id\") \n vault write identity/group-alias name=\"$groupname\"
+ mount_accessor=\"$acc\" canonical_id=\"$id\"\n echo group-alias created\n
+ \ done\n fi\n # end #422\n echo creating accessor
+ configmap\n accessor=$(vault auth list -detailed | grep kubernetes | awk
+ '{print $3}')\n if /usr/local/libexec/vault/kubectl get configmap kubeauth-accessor
+ -n vault; then\n /usr/local/libexec/vault/kubectl patch configmap kubeauth-accessor
+ -n vault -p '{\"data\":{\"accessor\": \"'\"${accessor}\"'\"}}'\n else \n
+ \ /usr/local/libexec/vault/kubectl create configmap kubeauth-accessor
-n vault --from-literal=accessor=${accessor}\n fi \n echo setup
complete \n fi \n else\n echo vault still sealed\n fi \n
\ else \n echo root token not initialized yet \n fi \ndone \n"
env:
@@ -307,9 +309,9 @@
valueFrom:
secretKeyRef:
key: VAULT_ADDR
name: sx-vault-env-vars
- image: hashicorp/vault:1.17.2
+ image: hashicorp/vault:1.18.1
name: vault-initializer
securityContext:
allowPrivilegeEscalation: false
capabilities:
diff -U 4 -r out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml
--- out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-24 20:31:23.566908414 +0000
+++ out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-24 20:30:59.480712039 +0000
@@ -23,9 +23,9 @@
metadata:
name: oidc-backend-role
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "4"
+ argocd.argoproj.io/sync-wave: "7"
spec:
providerConfigRef:
name: vault-crossplane-providerconfig
forProvider:
diff -U 4 -r out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml
--- out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-24 20:31:23.566908414 +0000
+++ out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-24 20:30:59.481712047 +0000
@@ -1,6 +1,25 @@
---
# Source: sx-vault/templates/crossplane/cp-provider.yaml
+apiVersion: pkg.crossplane.io/v1beta1
+kind: DeploymentRuntimeConfig
+metadata:
+ name: debug-config
+ annotations:
+ argocd.argoproj.io/sync-wave: "-10"
+spec:
+ deploymentTemplate:
+ spec:
+ selector: {}
+ template:
+ spec:
+ containers:
+ - name: package-runtime
+ args:
+ - --poll=1m
+ - --debug
+---
+# Source: sx-vault/templates/crossplane/cp-provider.yaml
# should move to crossplane ns, maybe?
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
@@ -8,4 +27,8 @@
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
package: xpkg.upbound.io/upbound/provider-vault:v1.0.0
+ runtimeConfigRef:
+ apiVersion: pkg.crossplane.io/v1beta1
+ kind: DeploymentRuntimeConfig
+ name: debug-config |
Changes Default Values |
Changes Rendered Chartdiff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-24 21:10:37.994335081 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-24 21:10:09.779207870 +0000
@@ -24,9 +24,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-24 21:10:37.989335060 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-24 21:10:09.775207852 +0000
@@ -19,23 +19,57 @@
application.instanceLabelKey: argocd.argoproj.io/instance
application.resourceTrackingMethod: annotation
application.sync.impersonation.enabled: "false"
exec.enabled: "false"
- resource.customizations: |
- argoproj.io/Application:
- health.lua: |
- hs = {}
- hs.status = "Progressing"
- hs.message = ""
- if obj.status ~= nil then
- if obj.status.health ~= nil then
- hs.status = obj.status.health.status
- if obj.status.health.message ~= nil then
- hs.message = obj.status.health.message
- end
- end
- end
- return hs
+ resource.customizations: "argoproj.io/Application:\n health.lua: |\n hs = {}\n hs.status = \"Progressing\"\n
+ \ hs.message = \"\"\n if obj.status ~= nil then\n if obj.status.health
+ ~= nil then\n hs.status = obj.status.health.status\n if obj.status.health.message
+ ~= nil then\n hs.message = obj.status.health.message\n end\n end\n
+ \ end\n return hs\n\n\"*.upbound.io/*\":\n health.lua: |\n health_status
+ = {\n status = \"Progressing\",\n message = \"Provisioning ...\"\n }\n\n
+ \ local function contains (table, val)\n for i, v in ipairs(table) do\n if
+ v == val then\n return true\n end\n end\n return false\n
+ \ end\n\n local has_no_status = {\n \"ProviderConfig\",\n \"ProviderConfigUsage\"\n
+ \ }\n\n if obj.status == nil or next(obj.status) == nil and contains(has_no_status,
+ obj.kind) then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is up-to-date.\"\n return health_status\n end\n\n if obj.status
+ == nil or next(obj.status) == nil or obj.status.conditions == nil then\n if
+ obj.kind == \"ProviderConfig\" and obj.status.users ~= nil then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is in use.\"\n return
+ health_status\n end\n return health_status\n end\n\n for i, condition
+ in ipairs(obj.status.conditions) do\n if condition.type == \"LastAsyncOperation\"
+ then\n if condition.status == \"False\" then\n health_status.status
+ = \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Synced\" then\n
+ \ if condition.status == \"False\" then\n health_status.status =
+ \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Ready\" then\n
+ \ if condition.status == \"True\" then\n health_status.status = \"Healthy\"\n
+ \ health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status\n\n\"*.crossplane.io/*\":\n
+ \ health.lua: |\n health_status = {\n status = \"Progressing\",\n message
+ = \"Provisioning ...\"\n }\n\n local function contains (table, val)\n for
+ i, v in ipairs(table) do\n if v == val then\n return true\n end\n
+ \ end\n return false\n end\n\n local has_no_status = {\n \"Composition\",\n
+ \ \"CompositionRevision\",\n \"DeploymentRuntimeConfig\",\n \"ControllerConfig\",\n
+ \ \"ProviderConfig\",\n \"ProviderConfigUsage\"\n }\n if obj.status
+ == nil or next(obj.status) == nil and contains(has_no_status, obj.kind) then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n\n if obj.status == nil or next(obj.status) == nil or
+ obj.status.conditions == nil then\n if obj.kind == \"ProviderConfig\" and obj.status.users
+ ~= nil then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is in use.\"\n return health_status\n end\n return
+ health_status\n end\n\n for i, condition in ipairs(obj.status.conditions)
+ do\n if condition.type == \"LastAsyncOperation\" then\n if condition.status
+ == \"False\" then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if condition.type == \"Synced\" then\n if condition.status == \"False\"
+ then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if contains({\"Ready\", \"Healthy\", \"Offered\", \"Established\"}, condition.type)
+ then\n if condition.status == \"True\" then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status \n"
server.rbac.log.enforce.enable: "false"
statusbadge.enabled: "false"
timeout.hard.reconciliation: 0s
timeout.reconciliation: 20s
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-24 21:10:37.993335077 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-24 21:10:09.779207870 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-24 21:10:37.993335077 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-24 21:10:09.779207870 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-24 21:10:49.740382230 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-24 21:10:23.272273394 +0000
@@ -6,8 +6,11 @@
name: keycloak-credentials-cp
namespace: crossplane
labels:
type: provider-credentials
+ annotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+ argocd.argoproj.io/sync-wave: "-1"
type: Opaque
stringData:
credentials: |
{
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-24 21:10:49.741382234 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-24 21:10:23.273273399 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-24 21:10:49.742382238 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-24 21:10:23.274273403 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,23 +27,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: users
+ name: team1
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -52,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team-a-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team1
+ name: team-a
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +77,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-24 21:10:49.742382238 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-24 21:10:23.274273403 +0000
@@ -8,9 +8,8 @@
platform-engineer.cloud/realm: kubrix
annotations:
link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/keycloak.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/keycloak.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/keycloak.yaml 2025-02-24 21:10:49.741382234 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/keycloak.yaml 2025-02-24 21:10:23.273273399 +0000
@@ -108,9 +108,9 @@
memory: 2048Mi
cpu: "2"
requests:
memory: 1024Mi
- cpu: "0.6"
+ cpu: "0.3"
volumeMounts:
- mountPath: /opt/keycloak/bin/poststart.sh
name: keycloak-hookvolume
subPath: poststart.sh
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-02-24 21:10:49.742382238 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-02-24 21:10:23.275273407 +0000
@@ -30,9 +30,8 @@
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
providerSecretName: keycloak-credentials-cp
realm: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-24 21:10:49.693382042 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-24 21:10:23.226273202 +0000
@@ -6,8 +6,11 @@
name: keycloak-credentials-cp
namespace: crossplane
labels:
type: provider-credentials
+ annotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+ argocd.argoproj.io/sync-wave: "-1"
type: Opaque
stringData:
credentials: |
{
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-24 21:10:49.694382046 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-24 21:10:23.226273202 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-24 21:10:49.695382050 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-24 21:10:23.228273211 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,34 +27,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-24 21:10:49.695382050 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-24 21:10:23.228273211 +0000
@@ -8,9 +8,8 @@
platform-engineer.cloud/realm: kubrix
annotations:
link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/keycloak.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/keycloak.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/keycloak.yaml 2025-02-24 21:10:49.694382046 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/keycloak.yaml 2025-02-24 21:10:23.226273202 +0000
@@ -108,9 +108,9 @@
memory: 2048Mi
cpu: "2"
requests:
memory: 1024Mi
- cpu: "0.6"
+ cpu: "0.3"
volumeMounts:
- mountPath: /opt/keycloak/bin/poststart.sh
name: keycloak-hookvolume
subPath: poststart.sh
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-02-24 21:10:49.696382054 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-02-24 21:10:23.228273211 +0000
@@ -30,9 +30,8 @@
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
providerSecretName: keycloak-credentials-cp
realm: kubrix
diff -U 4 -r out/target/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/ingester/ingester-statefulset.yaml out/pr/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/ingester/ingester-statefulset.yaml
--- out/target/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/ingester/ingester-statefulset.yaml 2025-02-24 21:10:57.086411574 +0000
+++ out/pr/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/ingester/ingester-statefulset.yaml 2025-02-24 21:10:30.924305792 +0000
@@ -128,9 +128,9 @@
limits:
cpu: 5
memory: 12Gi
requests:
- cpu: 100m
+ cpu: 50m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -273,9 +273,9 @@
limits:
cpu: 5
memory: 12Gi
requests:
- cpu: 100m
+ cpu: 50m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -418,9 +418,9 @@
limits:
cpu: 5
memory: 12Gi
requests:
- cpu: 100m
+ cpu: 50m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
diff -U 4 -r out/target/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/store-gateway/store-gateway-statefulset.yaml out/pr/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/store-gateway/store-gateway-statefulset.yaml
--- out/target/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/store-gateway/store-gateway-statefulset.yaml 2025-02-24 21:10:57.086411574 +0000
+++ out/pr/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/store-gateway/store-gateway-statefulset.yaml 2025-02-24 21:10:30.924305792 +0000
@@ -125,9 +125,9 @@
port: http-metrics
initialDelaySeconds: 60
resources:
requests:
- cpu: 100m
+ cpu: 50m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -268,9 +268,9 @@
port: http-metrics
initialDelaySeconds: 60
resources:
requests:
- cpu: 100m
+ cpu: 50m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -411,9 +411,9 @@
port: http-metrics
initialDelaySeconds: 60
resources:
requests:
- cpu: 100m
+ cpu: 50m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
diff -U 4 -r out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml
--- out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-24 21:11:00.683425653 +0000
+++ out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-24 21:10:34.977322605 +0000
@@ -44,9 +44,9 @@
metadata:
name: oidc-backend-role
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "4"
+ argocd.argoproj.io/sync-wave: "7"
spec:
providerConfigRef:
name: vault-crossplane-providerconfig
forProvider:
diff -U 4 -r out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml
--- out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-24 21:11:00.683425653 +0000
+++ out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-24 21:10:34.977322605 +0000
@@ -1,6 +1,25 @@
---
# Source: sx-vault/templates/crossplane/cp-provider.yaml
+apiVersion: pkg.crossplane.io/v1beta1
+kind: DeploymentRuntimeConfig
+metadata:
+ name: debug-config
+ annotations:
+ argocd.argoproj.io/sync-wave: "-10"
+spec:
+ deploymentTemplate:
+ spec:
+ selector: {}
+ template:
+ spec:
+ containers:
+ - name: package-runtime
+ args:
+ - --poll=1m
+ - --debug
+---
+# Source: sx-vault/templates/crossplane/cp-provider.yaml
# should move to crossplane ns, maybe?
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
@@ -8,4 +27,8 @@
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
package: xpkg.upbound.io/upbound/provider-vault:v1.0.0
+ runtimeConfigRef:
+ apiVersion: pkg.crossplane.io/v1beta1
+ kind: DeploymentRuntimeConfig
+ name: debug-config
diff -U 4 -r out/target/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml out/pr/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml
--- out/target/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml 2025-02-24 21:11:00.613425379 +0000
+++ out/pr/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml 2025-02-24 21:10:34.889322241 +0000
@@ -221,9 +221,9 @@
valueFrom:
secretKeyRef:
key: VAULT_ADDR
name: sx-vault-env-vars
- image: hashicorp/vault:1.17.2
+ image: hashicorp/vault:1.18.1
name: auto-initializer
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -251,9 +251,9 @@
valueFrom:
secretKeyRef:
key: VAULT_ADDR
name: sx-vault-env-vars
- image: hashicorp/vault:1.17.2
+ image: hashicorp/vault:1.18.1
name: auto-unsealer
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -280,26 +280,28 @@
\ /usr/local/libexec/vault/kubectl create secret generic crossplane-init
-n vault --from-literal=credentials='{\"token\":\"'${CROSSPLANETOKEN}'\"}' \n
\ vault write auth/kubernetes/role/crossplane bound_service_account_names=\"*\"
bound_service_account_namespaces=crossplane policies=crossplane ttl=24h \n\n
- \ else \n\n # due to #405\n if [ ! $(vault read auth/oidc/config)
- ]; then\n vault auth enable oidc\n vault write auth/oidc/config
- oidc_discovery_url=\"https://keycloak-127-0-0-1.nip.io/realms/kubrix\" oidc_client_id=\"vault\"
- oidc_client_secret=\"demosecret\" default_role=\"default\" oidc_discovery_ca_pem=@/vault/userconfig/vault-ca/ca.crt\n
- \ fi\n\n # workaround due to #422\n if [ ! $(vault list identity/group-alias/id)
- ]; then\n echo vault admins group configured, just updating group aliases\n
- \ vault list identity/group/name\n acc=$(vault auth list -format=json
- | /usr/local/libexec/vault/jq -r '.[\"oidc/\"].accessor')\n vault list
- identity/group/name |grep -A10 -- '----' |tail -n +2 | while read groupname ;
- do \n id=$(vault read \"/identity/group/name/$groupname\" -format=json
- | /usr/local/libexec/vault/jq -r .\"data.id\") \n vault write identity/group-alias
- name=\"$groupname\" mount_accessor=\"$acc\" canonical_id=\"$id\"\n echo
- group-alias created\n done\n fi\n # end #422\n echo
- creating accessor configmap\n accessor=$(vault auth list -detailed | grep
- kubernetes | awk '{print $3}')\n if /usr/local/libexec/vault/kubectl get
- configmap kubeauth-accessor -n vault; then\n /usr/local/libexec/vault/kubectl
- patch configmap kubeauth-accessor -n vault -p '{\"data\":{\"accessor\": \"'\"${accessor}\"'\"}}'\n
- \ else \n /usr/local/libexec/vault/kubectl create configmap kubeauth-accessor
+ \ else \n\n # due to https://github.com/suxess-it/kubriX/issues/405\n
+ \ if [ ! $(vault read auth/oidc/config) ]; then\n vault auth enable
+ oidc\n vault write auth/oidc/config oidc_discovery_url=\"https://keycloak-127-0-0-1.nip.io/realms/kubrix\"
+ oidc_client_id=\"vault\" oidc_client_secret=\"demosecret\" default_role=\"default\"
+ oidc_discovery_ca_pem=@/vault/userconfig/vault-ca/ca.crt\n fi\n\n #
+ workaround due to https://github.com/suxess-it/kubriX/issues/422\n if [
+ ! $(vault list identity/group-alias/id) ]; then\n echo vault admins group
+ configured, just updating group aliases\n vault list identity/group/name\n
+ \ acc=$(vault auth list -format=json | /usr/local/libexec/vault/jq -r
+ '.[\"oidc/\"].accessor')\n vault list identity/group/name |grep -A10
+ -- '----' |tail -n +2 | while read groupname ; do \n id=$(vault read
+ \"/identity/group/name/$groupname\" -format=json | /usr/local/libexec/vault/jq
+ -r .\"data.id\") \n vault write identity/group-alias name=\"$groupname\"
+ mount_accessor=\"$acc\" canonical_id=\"$id\"\n echo group-alias created\n
+ \ done\n fi\n # end #422\n echo creating accessor
+ configmap\n accessor=$(vault auth list -detailed | grep kubernetes | awk
+ '{print $3}')\n if /usr/local/libexec/vault/kubectl get configmap kubeauth-accessor
+ -n vault; then\n /usr/local/libexec/vault/kubectl patch configmap kubeauth-accessor
+ -n vault -p '{\"data\":{\"accessor\": \"'\"${accessor}\"'\"}}'\n else \n
+ \ /usr/local/libexec/vault/kubectl create configmap kubeauth-accessor
-n vault --from-literal=accessor=${accessor}\n fi \n echo setup
complete \n fi \n else\n echo vault still sealed\n fi \n
\ else \n echo root token not initialized yet \n fi \ndone \n"
env:
@@ -307,9 +309,9 @@
valueFrom:
secretKeyRef:
key: VAULT_ADDR
name: sx-vault-env-vars
- image: hashicorp/vault:1.17.2
+ image: hashicorp/vault:1.18.1
name: vault-initializer
securityContext:
allowPrivilegeEscalation: false
capabilities:
diff -U 4 -r out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml
--- out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-24 21:11:00.613425379 +0000
+++ out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-24 21:10:34.889322241 +0000
@@ -23,9 +23,9 @@
metadata:
name: oidc-backend-role
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "4"
+ argocd.argoproj.io/sync-wave: "7"
spec:
providerConfigRef:
name: vault-crossplane-providerconfig
forProvider:
diff -U 4 -r out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml
--- out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-24 21:11:00.613425379 +0000
+++ out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-24 21:10:34.889322241 +0000
@@ -1,6 +1,25 @@
---
# Source: sx-vault/templates/crossplane/cp-provider.yaml
+apiVersion: pkg.crossplane.io/v1beta1
+kind: DeploymentRuntimeConfig
+metadata:
+ name: debug-config
+ annotations:
+ argocd.argoproj.io/sync-wave: "-10"
+spec:
+ deploymentTemplate:
+ spec:
+ selector: {}
+ template:
+ spec:
+ containers:
+ - name: package-runtime
+ args:
+ - --poll=1m
+ - --debug
+---
+# Source: sx-vault/templates/crossplane/cp-provider.yaml
# should move to crossplane ns, maybe?
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
@@ -8,4 +27,8 @@
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
package: xpkg.upbound.io/upbound/provider-vault:v1.0.0
+ runtimeConfigRef:
+ apiVersion: pkg.crossplane.io/v1beta1
+ kind: DeploymentRuntimeConfig
+ name: debug-config |
Changes Default Values |
Changes Rendered Chartdiff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-24 21:39:45.229482329 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-24 21:39:17.083410038 +0000
@@ -24,9 +24,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-24 21:39:45.225482319 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-24 21:39:17.078410026 +0000
@@ -19,23 +19,57 @@
application.instanceLabelKey: argocd.argoproj.io/instance
application.resourceTrackingMethod: annotation
application.sync.impersonation.enabled: "false"
exec.enabled: "false"
- resource.customizations: |
- argoproj.io/Application:
- health.lua: |
- hs = {}
- hs.status = "Progressing"
- hs.message = ""
- if obj.status ~= nil then
- if obj.status.health ~= nil then
- hs.status = obj.status.health.status
- if obj.status.health.message ~= nil then
- hs.message = obj.status.health.message
- end
- end
- end
- return hs
+ resource.customizations: "argoproj.io/Application:\n health.lua: |\n hs = {}\n hs.status = \"Progressing\"\n
+ \ hs.message = \"\"\n if obj.status ~= nil then\n if obj.status.health
+ ~= nil then\n hs.status = obj.status.health.status\n if obj.status.health.message
+ ~= nil then\n hs.message = obj.status.health.message\n end\n end\n
+ \ end\n return hs\n\n\"*.upbound.io/*\":\n health.lua: |\n health_status
+ = {\n status = \"Progressing\",\n message = \"Provisioning ...\"\n }\n\n
+ \ local function contains (table, val)\n for i, v in ipairs(table) do\n if
+ v == val then\n return true\n end\n end\n return false\n
+ \ end\n\n local has_no_status = {\n \"ProviderConfig\",\n \"ProviderConfigUsage\"\n
+ \ }\n\n if obj.status == nil or next(obj.status) == nil and contains(has_no_status,
+ obj.kind) then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is up-to-date.\"\n return health_status\n end\n\n if obj.status
+ == nil or next(obj.status) == nil or obj.status.conditions == nil then\n if
+ obj.kind == \"ProviderConfig\" and obj.status.users ~= nil then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is in use.\"\n return
+ health_status\n end\n return health_status\n end\n\n for i, condition
+ in ipairs(obj.status.conditions) do\n if condition.type == \"LastAsyncOperation\"
+ then\n if condition.status == \"False\" then\n health_status.status
+ = \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Synced\" then\n
+ \ if condition.status == \"False\" then\n health_status.status =
+ \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Ready\" then\n
+ \ if condition.status == \"True\" then\n health_status.status = \"Healthy\"\n
+ \ health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status\n\n\"*.crossplane.io/*\":\n
+ \ health.lua: |\n health_status = {\n status = \"Progressing\",\n message
+ = \"Provisioning ...\"\n }\n\n local function contains (table, val)\n for
+ i, v in ipairs(table) do\n if v == val then\n return true\n end\n
+ \ end\n return false\n end\n\n local has_no_status = {\n \"Composition\",\n
+ \ \"CompositionRevision\",\n \"DeploymentRuntimeConfig\",\n \"ControllerConfig\",\n
+ \ \"ProviderConfig\",\n \"ProviderConfigUsage\"\n }\n if obj.status
+ == nil or next(obj.status) == nil and contains(has_no_status, obj.kind) then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n\n if obj.status == nil or next(obj.status) == nil or
+ obj.status.conditions == nil then\n if obj.kind == \"ProviderConfig\" and obj.status.users
+ ~= nil then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is in use.\"\n return health_status\n end\n return
+ health_status\n end\n\n for i, condition in ipairs(obj.status.conditions)
+ do\n if condition.type == \"LastAsyncOperation\" then\n if condition.status
+ == \"False\" then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if condition.type == \"Synced\" then\n if condition.status == \"False\"
+ then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if contains({\"Ready\", \"Healthy\", \"Offered\", \"Established\"}, condition.type)
+ then\n if condition.status == \"True\" then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status \n"
server.rbac.log.enforce.enable: "false"
statusbadge.enabled: "false"
timeout.hard.reconciliation: 0s
timeout.reconciliation: 20s
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-24 21:39:45.229482329 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-24 21:39:17.082410035 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-24 21:39:45.229482329 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-24 21:39:17.082410035 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-24 21:39:57.214509211 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-24 21:39:30.734443388 +0000
@@ -6,8 +6,11 @@
name: keycloak-credentials-cp
namespace: crossplane
labels:
type: provider-credentials
+ annotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+ argocd.argoproj.io/sync-wave: "-1"
type: Opaque
stringData:
credentials: |
{
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-24 21:39:57.214509211 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-24 21:39:30.734443388 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-24 21:39:57.216509216 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-24 21:39:30.736443393 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,23 +27,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: users
+ name: team1
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -52,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team-a-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team1
+ name: team-a
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +77,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-24 21:39:57.216509216 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-24 21:39:30.736443393 +0000
@@ -8,9 +8,8 @@
platform-engineer.cloud/realm: kubrix
annotations:
link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/keycloak.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/keycloak.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/keycloak.yaml 2025-02-24 21:39:57.214509211 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/keycloak.yaml 2025-02-24 21:39:30.734443388 +0000
@@ -108,9 +108,9 @@
memory: 2048Mi
cpu: "2"
requests:
memory: 1024Mi
- cpu: "0.6"
+ cpu: "0.3"
volumeMounts:
- mountPath: /opt/keycloak/bin/poststart.sh
name: keycloak-hookvolume
subPath: poststart.sh
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-02-24 21:39:57.216509216 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-02-24 21:39:30.736443393 +0000
@@ -30,9 +30,8 @@
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
providerSecretName: keycloak-credentials-cp
realm: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-24 21:39:57.167509098 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-24 21:39:30.688443274 +0000
@@ -6,8 +6,11 @@
name: keycloak-credentials-cp
namespace: crossplane
labels:
type: provider-credentials
+ annotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+ argocd.argoproj.io/sync-wave: "-1"
type: Opaque
stringData:
credentials: |
{
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-24 21:39:57.168509100 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-24 21:39:30.688443274 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-24 21:39:57.169509103 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-24 21:39:30.690443279 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,34 +27,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-24 21:39:57.169509103 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-24 21:39:30.690443279 +0000
@@ -8,9 +8,8 @@
platform-engineer.cloud/realm: kubrix
annotations:
link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/keycloak.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/keycloak.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/keycloak.yaml 2025-02-24 21:39:57.168509100 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/keycloak.yaml 2025-02-24 21:39:30.688443274 +0000
@@ -108,9 +108,9 @@
memory: 2048Mi
cpu: "2"
requests:
memory: 1024Mi
- cpu: "0.6"
+ cpu: "0.3"
volumeMounts:
- mountPath: /opt/keycloak/bin/poststart.sh
name: keycloak-hookvolume
subPath: poststart.sh
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-02-24 21:39:57.169509103 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-02-24 21:39:30.690443279 +0000
@@ -30,9 +30,8 @@
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
providerSecretName: keycloak-credentials-cp
realm: kubrix
diff -U 4 -r out/target/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/ingester/ingester-statefulset.yaml out/pr/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/ingester/ingester-statefulset.yaml
--- out/target/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/ingester/ingester-statefulset.yaml 2025-02-24 21:40:04.304526297 +0000
+++ out/pr/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/ingester/ingester-statefulset.yaml 2025-02-24 21:39:38.228464088 +0000
@@ -128,9 +128,9 @@
limits:
cpu: 5
memory: 12Gi
requests:
- cpu: 100m
+ cpu: 50m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -273,9 +273,9 @@
limits:
cpu: 5
memory: 12Gi
requests:
- cpu: 100m
+ cpu: 50m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -418,9 +418,9 @@
limits:
cpu: 5
memory: 12Gi
requests:
- cpu: 100m
+ cpu: 50m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
diff -U 4 -r out/target/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/store-gateway/store-gateway-statefulset.yaml out/pr/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/store-gateway/store-gateway-statefulset.yaml
--- out/target/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/store-gateway/store-gateway-statefulset.yaml 2025-02-24 21:40:04.304526297 +0000
+++ out/pr/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/store-gateway/store-gateway-statefulset.yaml 2025-02-24 21:39:38.228464088 +0000
@@ -125,9 +125,9 @@
port: http-metrics
initialDelaySeconds: 60
resources:
requests:
- cpu: 100m
+ cpu: 50m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -268,9 +268,9 @@
port: http-metrics
initialDelaySeconds: 60
resources:
requests:
- cpu: 100m
+ cpu: 50m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -411,9 +411,9 @@
port: http-metrics
initialDelaySeconds: 60
resources:
requests:
- cpu: 100m
+ cpu: 50m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
diff -U 4 -r out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml
--- out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-24 21:40:07.629528162 +0000
+++ out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-24 21:39:42.144474327 +0000
@@ -44,9 +44,9 @@
metadata:
name: oidc-backend-role
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "4"
+ argocd.argoproj.io/sync-wave: "7"
spec:
providerConfigRef:
name: vault-crossplane-providerconfig
forProvider:
diff -U 4 -r out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml
--- out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-24 21:40:07.630528162 +0000
+++ out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-24 21:39:42.144474327 +0000
@@ -1,6 +1,25 @@
---
# Source: sx-vault/templates/crossplane/cp-provider.yaml
+apiVersion: pkg.crossplane.io/v1beta1
+kind: DeploymentRuntimeConfig
+metadata:
+ name: debug-config
+ annotations:
+ argocd.argoproj.io/sync-wave: "-10"
+spec:
+ deploymentTemplate:
+ spec:
+ selector: {}
+ template:
+ spec:
+ containers:
+ - name: package-runtime
+ args:
+ - --poll=1m
+ - --debug
+---
+# Source: sx-vault/templates/crossplane/cp-provider.yaml
# should move to crossplane ns, maybe?
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
@@ -8,4 +27,8 @@
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
package: xpkg.upbound.io/upbound/provider-vault:v1.0.0
+ runtimeConfigRef:
+ apiVersion: pkg.crossplane.io/v1beta1
+ kind: DeploymentRuntimeConfig
+ name: debug-config
diff -U 4 -r out/target/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml out/pr/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml
--- out/target/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml 2025-02-24 21:40:07.558528145 +0000
+++ out/pr/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml 2025-02-24 21:39:42.069474132 +0000
@@ -221,9 +221,9 @@
valueFrom:
secretKeyRef:
key: VAULT_ADDR
name: sx-vault-env-vars
- image: hashicorp/vault:1.17.2
+ image: hashicorp/vault:1.18.1
name: auto-initializer
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -251,9 +251,9 @@
valueFrom:
secretKeyRef:
key: VAULT_ADDR
name: sx-vault-env-vars
- image: hashicorp/vault:1.17.2
+ image: hashicorp/vault:1.18.1
name: auto-unsealer
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -280,26 +280,28 @@
\ /usr/local/libexec/vault/kubectl create secret generic crossplane-init
-n vault --from-literal=credentials='{\"token\":\"'${CROSSPLANETOKEN}'\"}' \n
\ vault write auth/kubernetes/role/crossplane bound_service_account_names=\"*\"
bound_service_account_namespaces=crossplane policies=crossplane ttl=24h \n\n
- \ else \n\n # due to #405\n if [ ! $(vault read auth/oidc/config)
- ]; then\n vault auth enable oidc\n vault write auth/oidc/config
- oidc_discovery_url=\"https://keycloak-127-0-0-1.nip.io/realms/kubrix\" oidc_client_id=\"vault\"
- oidc_client_secret=\"demosecret\" default_role=\"default\" oidc_discovery_ca_pem=@/vault/userconfig/vault-ca/ca.crt\n
- \ fi\n\n # workaround due to #422\n if [ ! $(vault list identity/group-alias/id)
- ]; then\n echo vault admins group configured, just updating group aliases\n
- \ vault list identity/group/name\n acc=$(vault auth list -format=json
- | /usr/local/libexec/vault/jq -r '.[\"oidc/\"].accessor')\n vault list
- identity/group/name |grep -A10 -- '----' |tail -n +2 | while read groupname ;
- do \n id=$(vault read \"/identity/group/name/$groupname\" -format=json
- | /usr/local/libexec/vault/jq -r .\"data.id\") \n vault write identity/group-alias
- name=\"$groupname\" mount_accessor=\"$acc\" canonical_id=\"$id\"\n echo
- group-alias created\n done\n fi\n # end #422\n echo
- creating accessor configmap\n accessor=$(vault auth list -detailed | grep
- kubernetes | awk '{print $3}')\n if /usr/local/libexec/vault/kubectl get
- configmap kubeauth-accessor -n vault; then\n /usr/local/libexec/vault/kubectl
- patch configmap kubeauth-accessor -n vault -p '{\"data\":{\"accessor\": \"'\"${accessor}\"'\"}}'\n
- \ else \n /usr/local/libexec/vault/kubectl create configmap kubeauth-accessor
+ \ else \n\n # due to https://github.com/suxess-it/kubriX/issues/405\n
+ \ if [ ! $(vault read auth/oidc/config) ]; then\n vault auth enable
+ oidc\n vault write auth/oidc/config oidc_discovery_url=\"https://keycloak-127-0-0-1.nip.io/realms/kubrix\"
+ oidc_client_id=\"vault\" oidc_client_secret=\"demosecret\" default_role=\"default\"
+ oidc_discovery_ca_pem=@/vault/userconfig/vault-ca/ca.crt\n fi\n\n #
+ workaround due to https://github.com/suxess-it/kubriX/issues/422\n if [
+ ! $(vault list identity/group-alias/id) ]; then\n echo vault admins group
+ configured, just updating group aliases\n vault list identity/group/name\n
+ \ acc=$(vault auth list -format=json | /usr/local/libexec/vault/jq -r
+ '.[\"oidc/\"].accessor')\n vault list identity/group/name |grep -A10
+ -- '----' |tail -n +2 | while read groupname ; do \n id=$(vault read
+ \"/identity/group/name/$groupname\" -format=json | /usr/local/libexec/vault/jq
+ -r .\"data.id\") \n vault write identity/group-alias name=\"$groupname\"
+ mount_accessor=\"$acc\" canonical_id=\"$id\"\n echo group-alias created\n
+ \ done\n fi\n # end #422\n echo creating accessor
+ configmap\n accessor=$(vault auth list -detailed | grep kubernetes | awk
+ '{print $3}')\n if /usr/local/libexec/vault/kubectl get configmap kubeauth-accessor
+ -n vault; then\n /usr/local/libexec/vault/kubectl patch configmap kubeauth-accessor
+ -n vault -p '{\"data\":{\"accessor\": \"'\"${accessor}\"'\"}}'\n else \n
+ \ /usr/local/libexec/vault/kubectl create configmap kubeauth-accessor
-n vault --from-literal=accessor=${accessor}\n fi \n echo setup
complete \n fi \n else\n echo vault still sealed\n fi \n
\ else \n echo root token not initialized yet \n fi \ndone \n"
env:
@@ -307,9 +309,9 @@
valueFrom:
secretKeyRef:
key: VAULT_ADDR
name: sx-vault-env-vars
- image: hashicorp/vault:1.17.2
+ image: hashicorp/vault:1.18.1
name: vault-initializer
securityContext:
allowPrivilegeEscalation: false
capabilities:
diff -U 4 -r out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml
--- out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-24 21:40:07.558528145 +0000
+++ out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-24 21:39:42.070474135 +0000
@@ -23,9 +23,9 @@
metadata:
name: oidc-backend-role
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "4"
+ argocd.argoproj.io/sync-wave: "7"
spec:
providerConfigRef:
name: vault-crossplane-providerconfig
forProvider:
diff -U 4 -r out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml
--- out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-24 21:40:07.559528145 +0000
+++ out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-24 21:39:42.070474135 +0000
@@ -1,6 +1,25 @@
---
# Source: sx-vault/templates/crossplane/cp-provider.yaml
+apiVersion: pkg.crossplane.io/v1beta1
+kind: DeploymentRuntimeConfig
+metadata:
+ name: debug-config
+ annotations:
+ argocd.argoproj.io/sync-wave: "-10"
+spec:
+ deploymentTemplate:
+ spec:
+ selector: {}
+ template:
+ spec:
+ containers:
+ - name: package-runtime
+ args:
+ - --poll=1m
+ - --debug
+---
+# Source: sx-vault/templates/crossplane/cp-provider.yaml
# should move to crossplane ns, maybe?
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
@@ -8,4 +27,8 @@
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
package: xpkg.upbound.io/upbound/provider-vault:v1.0.0
+ runtimeConfigRef:
+ apiVersion: pkg.crossplane.io/v1beta1
+ kind: DeploymentRuntimeConfig
+ name: debug-config |
Changes Default Values |
… permissiondenied
Changes Default Values |
Changes Rendered Chartdiff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-25 16:21:16.676503084 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-25 16:20:50.252672635 +0000
@@ -24,9 +24,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-25 16:21:16.671503111 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-25 16:20:50.247672655 +0000
@@ -19,23 +19,57 @@
application.instanceLabelKey: argocd.argoproj.io/instance
application.resourceTrackingMethod: annotation
application.sync.impersonation.enabled: "false"
exec.enabled: "false"
- resource.customizations: |
- argoproj.io/Application:
- health.lua: |
- hs = {}
- hs.status = "Progressing"
- hs.message = ""
- if obj.status ~= nil then
- if obj.status.health ~= nil then
- hs.status = obj.status.health.status
- if obj.status.health.message ~= nil then
- hs.message = obj.status.health.message
- end
- end
- end
- return hs
+ resource.customizations: "argoproj.io/Application:\n health.lua: |\n hs = {}\n hs.status = \"Progressing\"\n
+ \ hs.message = \"\"\n if obj.status ~= nil then\n if obj.status.health
+ ~= nil then\n hs.status = obj.status.health.status\n if obj.status.health.message
+ ~= nil then\n hs.message = obj.status.health.message\n end\n end\n
+ \ end\n return hs\n\n\"*.upbound.io/*\":\n health.lua: |\n health_status
+ = {\n status = \"Progressing\",\n message = \"Provisioning ...\"\n }\n\n
+ \ local function contains (table, val)\n for i, v in ipairs(table) do\n if
+ v == val then\n return true\n end\n end\n return false\n
+ \ end\n\n local has_no_status = {\n \"ProviderConfig\",\n \"ProviderConfigUsage\"\n
+ \ }\n\n if obj.status == nil or next(obj.status) == nil and contains(has_no_status,
+ obj.kind) then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is up-to-date.\"\n return health_status\n end\n\n if obj.status
+ == nil or next(obj.status) == nil or obj.status.conditions == nil then\n if
+ obj.kind == \"ProviderConfig\" and obj.status.users ~= nil then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is in use.\"\n return
+ health_status\n end\n return health_status\n end\n\n for i, condition
+ in ipairs(obj.status.conditions) do\n if condition.type == \"LastAsyncOperation\"
+ then\n if condition.status == \"False\" then\n health_status.status
+ = \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Synced\" then\n
+ \ if condition.status == \"False\" then\n health_status.status =
+ \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Ready\" then\n
+ \ if condition.status == \"True\" then\n health_status.status = \"Healthy\"\n
+ \ health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status\n\n\"*.crossplane.io/*\":\n
+ \ health.lua: |\n health_status = {\n status = \"Progressing\",\n message
+ = \"Provisioning ...\"\n }\n\n local function contains (table, val)\n for
+ i, v in ipairs(table) do\n if v == val then\n return true\n end\n
+ \ end\n return false\n end\n\n local has_no_status = {\n \"Composition\",\n
+ \ \"CompositionRevision\",\n \"DeploymentRuntimeConfig\",\n \"ControllerConfig\",\n
+ \ \"ProviderConfig\",\n \"ProviderConfigUsage\"\n }\n if obj.status
+ == nil or next(obj.status) == nil and contains(has_no_status, obj.kind) then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n\n if obj.status == nil or next(obj.status) == nil or
+ obj.status.conditions == nil then\n if obj.kind == \"ProviderConfig\" and obj.status.users
+ ~= nil then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is in use.\"\n return health_status\n end\n return
+ health_status\n end\n\n for i, condition in ipairs(obj.status.conditions)
+ do\n if condition.type == \"LastAsyncOperation\" then\n if condition.status
+ == \"False\" then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if condition.type == \"Synced\" then\n if condition.status == \"False\"
+ then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if contains({\"Ready\", \"Healthy\", \"Offered\", \"Established\"}, condition.type)
+ then\n if condition.status == \"True\" then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status \n"
server.rbac.log.enforce.enable: "false"
statusbadge.enabled: "false"
timeout.hard.reconciliation: 0s
timeout.reconciliation: 20s
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-25 16:21:16.676503084 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-25 16:20:50.252672635 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-25 16:21:16.676503084 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-25 16:20:50.252672635 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: f61e0dc821cc4cc3e3fae497489442d5999eb15370dff24033e0f2384ea6c294
- checksum/cm: 9f99ec9c74b3170e7bfc376ee781926f99d6b1160931189035b17adeaffd782d
+ checksum/cm: b6d8f9cd5c6b1c06f5c0ff9a4f300fb3a3fbfdf2a3c1085c7460002c265d13d0
labels:
helm.sh/chart: argo-cd-7.8.2
app.kubernetes.io/name: argocd-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-25 16:21:28.076427349 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-25 16:21:02.623589299 +0000
@@ -6,8 +6,11 @@
name: keycloak-credentials-cp
namespace: crossplane
labels:
type: provider-credentials
+ annotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+ argocd.argoproj.io/sync-wave: "-1"
type: Opaque
stringData:
credentials: |
{
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-25 16:21:28.076427349 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-25 16:21:02.624589292 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-25 16:21:28.078427336 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-25 16:21:02.626589277 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,23 +27,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: users
+ name: team1
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -52,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team-a-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team1
+ name: team-a
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +77,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-25 16:21:28.078427336 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-25 16:21:02.626589277 +0000
@@ -8,9 +8,8 @@
platform-engineer.cloud/realm: kubrix
annotations:
link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/keycloak.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/keycloak.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/keycloak.yaml 2025-02-25 16:21:28.077427342 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/keycloak.yaml 2025-02-25 16:21:02.624589292 +0000
@@ -108,9 +108,9 @@
memory: 2048Mi
cpu: "2"
requests:
memory: 1024Mi
- cpu: "0.6"
+ cpu: "0.3"
volumeMounts:
- mountPath: /opt/keycloak/bin/poststart.sh
name: keycloak-hookvolume
subPath: poststart.sh
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-02-25 16:21:28.078427336 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-02-25 16:21:02.626589277 +0000
@@ -30,9 +30,8 @@
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
providerSecretName: keycloak-credentials-cp
realm: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-25 16:21:28.024427692 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-25 16:21:02.576589642 +0000
@@ -6,8 +6,11 @@
name: keycloak-credentials-cp
namespace: crossplane
labels:
type: provider-credentials
+ annotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+ argocd.argoproj.io/sync-wave: "-1"
type: Opaque
stringData:
credentials: |
{
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-25 16:21:28.025427685 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-25 16:21:02.576589642 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-25 16:21:28.026427679 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-25 16:21:02.578589627 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,34 +27,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-25 16:21:28.026427679 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-25 16:21:02.578589627 +0000
@@ -8,9 +8,8 @@
platform-engineer.cloud/realm: kubrix
annotations:
link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/keycloak.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/keycloak.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/keycloak.yaml 2025-02-25 16:21:28.025427685 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/keycloak.yaml 2025-02-25 16:21:02.577589635 +0000
@@ -108,9 +108,9 @@
memory: 2048Mi
cpu: "2"
requests:
memory: 1024Mi
- cpu: "0.6"
+ cpu: "0.3"
volumeMounts:
- mountPath: /opt/keycloak/bin/poststart.sh
name: keycloak-hookvolume
subPath: poststart.sh
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-02-25 16:21:28.026427679 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-02-25 16:21:02.578589627 +0000
@@ -30,9 +30,8 @@
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
providerSecretName: keycloak-credentials-cp
realm: kubrix
diff -U 4 -r out/target/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/ingester/ingester-statefulset.yaml out/pr/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/ingester/ingester-statefulset.yaml
--- out/target/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/ingester/ingester-statefulset.yaml 2025-02-25 16:21:35.261379912 +0000
+++ out/pr/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/ingester/ingester-statefulset.yaml 2025-02-25 16:21:10.135539855 +0000
@@ -128,9 +128,9 @@
limits:
cpu: 5
memory: 12Gi
requests:
- cpu: 100m
+ cpu: 50m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -273,9 +273,9 @@
limits:
cpu: 5
memory: 12Gi
requests:
- cpu: 100m
+ cpu: 50m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -418,9 +418,9 @@
limits:
cpu: 5
memory: 12Gi
requests:
- cpu: 100m
+ cpu: 50m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
diff -U 4 -r out/target/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/store-gateway/store-gateway-statefulset.yaml out/pr/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/store-gateway/store-gateway-statefulset.yaml
--- out/target/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/store-gateway/store-gateway-statefulset.yaml 2025-02-25 16:21:35.261379912 +0000
+++ out/pr/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/store-gateway/store-gateway-statefulset.yaml 2025-02-25 16:21:10.135539855 +0000
@@ -125,9 +125,9 @@
port: http-metrics
initialDelaySeconds: 60
resources:
requests:
- cpu: 100m
+ cpu: 50m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -268,9 +268,9 @@
port: http-metrics
initialDelaySeconds: 60
resources:
requests:
- cpu: 100m
+ cpu: 50m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -411,9 +411,9 @@
port: http-metrics
initialDelaySeconds: 60
resources:
requests:
- cpu: 100m
+ cpu: 50m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
diff -U 4 -r out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml
--- out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-25 16:21:38.526357426 +0000
+++ out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-25 16:21:13.790518695 +0000
@@ -44,9 +44,9 @@
metadata:
name: oidc-backend-role
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "4"
+ argocd.argoproj.io/sync-wave: "7"
spec:
providerConfigRef:
name: vault-crossplane-providerconfig
forProvider:
diff -U 4 -r out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml
--- out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-25 16:21:38.526357426 +0000
+++ out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-25 16:21:13.790518695 +0000
@@ -1,6 +1,25 @@
---
# Source: sx-vault/templates/crossplane/cp-provider.yaml
+apiVersion: pkg.crossplane.io/v1beta1
+kind: DeploymentRuntimeConfig
+metadata:
+ name: debug-config
+ annotations:
+ argocd.argoproj.io/sync-wave: "-10"
+spec:
+ deploymentTemplate:
+ spec:
+ selector: {}
+ template:
+ spec:
+ containers:
+ - name: package-runtime
+ args:
+ - --poll=1m
+ - --debug
+---
+# Source: sx-vault/templates/crossplane/cp-provider.yaml
# should move to crossplane ns, maybe?
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
@@ -8,4 +27,8 @@
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
package: xpkg.upbound.io/upbound/provider-vault:v1.0.0
+ runtimeConfigRef:
+ apiVersion: pkg.crossplane.io/v1beta1
+ kind: DeploymentRuntimeConfig
+ name: debug-config
diff -U 4 -r out/target/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml out/pr/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml
--- out/target/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml 2025-02-25 16:21:38.446357978 +0000
+++ out/pr/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml 2025-02-25 16:21:13.712519117 +0000
@@ -221,9 +221,9 @@
valueFrom:
secretKeyRef:
key: VAULT_ADDR
name: sx-vault-env-vars
- image: hashicorp/vault:1.17.2
+ image: hashicorp/vault:1.18.1
name: auto-initializer
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -251,9 +251,9 @@
valueFrom:
secretKeyRef:
key: VAULT_ADDR
name: sx-vault-env-vars
- image: hashicorp/vault:1.17.2
+ image: hashicorp/vault:1.18.1
name: auto-unsealer
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -280,26 +280,28 @@
\ /usr/local/libexec/vault/kubectl create secret generic crossplane-init
-n vault --from-literal=credentials='{\"token\":\"'${CROSSPLANETOKEN}'\"}' \n
\ vault write auth/kubernetes/role/crossplane bound_service_account_names=\"*\"
bound_service_account_namespaces=crossplane policies=crossplane ttl=24h \n\n
- \ else \n\n # due to #405\n if [ ! $(vault read auth/oidc/config)
- ]; then\n vault auth enable oidc\n vault write auth/oidc/config
- oidc_discovery_url=\"https://keycloak-127-0-0-1.nip.io/realms/kubrix\" oidc_client_id=\"vault\"
- oidc_client_secret=\"demosecret\" default_role=\"default\" oidc_discovery_ca_pem=@/vault/userconfig/vault-ca/ca.crt\n
- \ fi\n\n # workaround due to #422\n if [ ! $(vault list identity/group-alias/id)
- ]; then\n echo vault admins group configured, just updating group aliases\n
- \ vault list identity/group/name\n acc=$(vault auth list -format=json
- | /usr/local/libexec/vault/jq -r '.[\"oidc/\"].accessor')\n vault list
- identity/group/name |grep -A10 -- '----' |tail -n +2 | while read groupname ;
- do \n id=$(vault read \"/identity/group/name/$groupname\" -format=json
- | /usr/local/libexec/vault/jq -r .\"data.id\") \n vault write identity/group-alias
- name=\"$groupname\" mount_accessor=\"$acc\" canonical_id=\"$id\"\n echo
- group-alias created\n done\n fi\n # end #422\n echo
- creating accessor configmap\n accessor=$(vault auth list -detailed | grep
- kubernetes | awk '{print $3}')\n if /usr/local/libexec/vault/kubectl get
- configmap kubeauth-accessor -n vault; then\n /usr/local/libexec/vault/kubectl
- patch configmap kubeauth-accessor -n vault -p '{\"data\":{\"accessor\": \"'\"${accessor}\"'\"}}'\n
- \ else \n /usr/local/libexec/vault/kubectl create configmap kubeauth-accessor
+ \ else \n\n # due to https://github.com/suxess-it/kubriX/issues/405\n
+ \ if [ ! $(vault read auth/oidc/config) ]; then\n vault auth enable
+ oidc\n vault write auth/oidc/config oidc_discovery_url=\"https://keycloak-127-0-0-1.nip.io/realms/kubrix\"
+ oidc_client_id=\"vault\" oidc_client_secret=\"demosecret\" default_role=\"default\"
+ oidc_discovery_ca_pem=@/vault/userconfig/vault-ca/ca.crt\n fi\n\n #
+ workaround due to https://github.com/suxess-it/kubriX/issues/422\n if [
+ ! $(vault list identity/group-alias/id) ]; then\n echo vault admins group
+ configured, just updating group aliases\n vault list identity/group/name\n
+ \ acc=$(vault auth list -format=json | /usr/local/libexec/vault/jq -r
+ '.[\"oidc/\"].accessor')\n vault list identity/group/name |grep -A10
+ -- '----' |tail -n +2 | while read groupname ; do \n id=$(vault read
+ \"/identity/group/name/$groupname\" -format=json | /usr/local/libexec/vault/jq
+ -r .\"data.id\") \n vault write identity/group-alias name=\"$groupname\"
+ mount_accessor=\"$acc\" canonical_id=\"$id\"\n echo group-alias created\n
+ \ done\n fi\n # end #422\n echo creating accessor
+ configmap\n accessor=$(vault auth list -detailed | grep kubernetes | awk
+ '{print $3}')\n if /usr/local/libexec/vault/kubectl get configmap kubeauth-accessor
+ -n vault; then\n /usr/local/libexec/vault/kubectl patch configmap kubeauth-accessor
+ -n vault -p '{\"data\":{\"accessor\": \"'\"${accessor}\"'\"}}'\n else \n
+ \ /usr/local/libexec/vault/kubectl create configmap kubeauth-accessor
-n vault --from-literal=accessor=${accessor}\n fi \n echo setup
complete \n fi \n else\n echo vault still sealed\n fi \n
\ else \n echo root token not initialized yet \n fi \ndone \n"
env:
@@ -307,9 +309,9 @@
valueFrom:
secretKeyRef:
key: VAULT_ADDR
name: sx-vault-env-vars
- image: hashicorp/vault:1.17.2
+ image: hashicorp/vault:1.18.1
name: vault-initializer
securityContext:
allowPrivilegeEscalation: false
capabilities:
diff -U 4 -r out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml
--- out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-25 16:21:38.447357971 +0000
+++ out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-25 16:21:13.712519117 +0000
@@ -23,9 +23,9 @@
metadata:
name: oidc-backend-role
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "4"
+ argocd.argoproj.io/sync-wave: "7"
spec:
providerConfigRef:
name: vault-crossplane-providerconfig
forProvider:
diff -U 4 -r out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml
--- out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-25 16:21:38.447357971 +0000
+++ out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-25 16:21:13.713519112 +0000
@@ -1,6 +1,25 @@
---
# Source: sx-vault/templates/crossplane/cp-provider.yaml
+apiVersion: pkg.crossplane.io/v1beta1
+kind: DeploymentRuntimeConfig
+metadata:
+ name: debug-config
+ annotations:
+ argocd.argoproj.io/sync-wave: "-10"
+spec:
+ deploymentTemplate:
+ spec:
+ selector: {}
+ template:
+ spec:
+ containers:
+ - name: package-runtime
+ args:
+ - --poll=1m
+ - --debug
+---
+# Source: sx-vault/templates/crossplane/cp-provider.yaml
# should move to crossplane ns, maybe?
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
@@ -8,4 +27,8 @@
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
package: xpkg.upbound.io/upbound/provider-vault:v1.0.0
+ runtimeConfigRef:
+ apiVersion: pkg.crossplane.io/v1beta1
+ kind: DeploymentRuntimeConfig
+ name: debug-config |
Changes Default Values |
Changes Rendered Chartdiff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-26 21:38:59.135763503 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-26 21:38:31.426522020 +0000
@@ -24,9 +24,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 1041b0b8cd51bb3276f77673247eccc6792cf1a2fbd7e9ab833b7daceef859a1
- checksum/cm: 6358497659f64f9fbe1d0a9bb61d23575b72de50ccb43ed3d65b7ced3b5483fb
+ checksum/cm: cd189f71df8591a6626f41a695ab5684e6dbd08cc455153fd0b35da5be603052
labels:
helm.sh/chart: argo-cd-7.8.4
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-26 21:38:59.131763472 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-26 21:38:31.422521985 +0000
@@ -19,23 +19,57 @@
application.instanceLabelKey: argocd.argoproj.io/instance
application.resourceTrackingMethod: annotation
application.sync.impersonation.enabled: "false"
exec.enabled: "false"
- resource.customizations: |
- argoproj.io/Application:
- health.lua: |
- hs = {}
- hs.status = "Progressing"
- hs.message = ""
- if obj.status ~= nil then
- if obj.status.health ~= nil then
- hs.status = obj.status.health.status
- if obj.status.health.message ~= nil then
- hs.message = obj.status.health.message
- end
- end
- end
- return hs
+ resource.customizations: "argoproj.io/Application:\n health.lua: |\n hs = {}\n hs.status = \"Progressing\"\n
+ \ hs.message = \"\"\n if obj.status ~= nil then\n if obj.status.health
+ ~= nil then\n hs.status = obj.status.health.status\n if obj.status.health.message
+ ~= nil then\n hs.message = obj.status.health.message\n end\n end\n
+ \ end\n return hs\n\n\"*.upbound.io/*\":\n health.lua: |\n health_status
+ = {\n status = \"Progressing\",\n message = \"Provisioning ...\"\n }\n\n
+ \ local function contains (table, val)\n for i, v in ipairs(table) do\n if
+ v == val then\n return true\n end\n end\n return false\n
+ \ end\n\n local has_no_status = {\n \"ProviderConfig\",\n \"ProviderConfigUsage\"\n
+ \ }\n\n if obj.status == nil or next(obj.status) == nil and contains(has_no_status,
+ obj.kind) then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is up-to-date.\"\n return health_status\n end\n\n if obj.status
+ == nil or next(obj.status) == nil or obj.status.conditions == nil then\n if
+ obj.kind == \"ProviderConfig\" and obj.status.users ~= nil then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is in use.\"\n return
+ health_status\n end\n return health_status\n end\n\n for i, condition
+ in ipairs(obj.status.conditions) do\n if condition.type == \"LastAsyncOperation\"
+ then\n if condition.status == \"False\" then\n health_status.status
+ = \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Synced\" then\n
+ \ if condition.status == \"False\" then\n health_status.status =
+ \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Ready\" then\n
+ \ if condition.status == \"True\" then\n health_status.status = \"Healthy\"\n
+ \ health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status\n\n\"*.crossplane.io/*\":\n
+ \ health.lua: |\n health_status = {\n status = \"Progressing\",\n message
+ = \"Provisioning ...\"\n }\n\n local function contains (table, val)\n for
+ i, v in ipairs(table) do\n if v == val then\n return true\n end\n
+ \ end\n return false\n end\n\n local has_no_status = {\n \"Composition\",\n
+ \ \"CompositionRevision\",\n \"DeploymentRuntimeConfig\",\n \"ControllerConfig\",\n
+ \ \"ProviderConfig\",\n \"ProviderConfigUsage\"\n }\n if obj.status
+ == nil or next(obj.status) == nil and contains(has_no_status, obj.kind) then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n\n if obj.status == nil or next(obj.status) == nil or
+ obj.status.conditions == nil then\n if obj.kind == \"ProviderConfig\" and obj.status.users
+ ~= nil then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is in use.\"\n return health_status\n end\n return
+ health_status\n end\n\n for i, condition in ipairs(obj.status.conditions)
+ do\n if condition.type == \"LastAsyncOperation\" then\n if condition.status
+ == \"False\" then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if condition.type == \"Synced\" then\n if condition.status == \"False\"
+ then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if contains({\"Ready\", \"Healthy\", \"Offered\", \"Established\"}, condition.type)
+ then\n if condition.status == \"True\" then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status \n"
server.rbac.log.enforce.enable: "false"
statusbadge.enabled: "false"
timeout.hard.reconciliation: 0s
timeout.reconciliation: 20s
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-26 21:38:59.135763503 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-26 21:38:31.426522020 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 1041b0b8cd51bb3276f77673247eccc6792cf1a2fbd7e9ab833b7daceef859a1
- checksum/cm: 6358497659f64f9fbe1d0a9bb61d23575b72de50ccb43ed3d65b7ced3b5483fb
+ checksum/cm: cd189f71df8591a6626f41a695ab5684e6dbd08cc455153fd0b35da5be603052
labels:
helm.sh/chart: argo-cd-7.8.4
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-26 21:38:59.135763503 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-26 21:38:31.426522020 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 1041b0b8cd51bb3276f77673247eccc6792cf1a2fbd7e9ab833b7daceef859a1
- checksum/cm: 6358497659f64f9fbe1d0a9bb61d23575b72de50ccb43ed3d65b7ced3b5483fb
+ checksum/cm: cd189f71df8591a6626f41a695ab5684e6dbd08cc455153fd0b35da5be603052
labels:
helm.sh/chart: argo-cd-7.8.4
app.kubernetes.io/name: argocd-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-26 21:39:11.007854026 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-26 21:38:45.204648208 +0000
@@ -6,8 +6,11 @@
name: keycloak-credentials-cp
namespace: crossplane
labels:
type: provider-credentials
+ annotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+ argocd.argoproj.io/sync-wave: "-1"
type: Opaque
stringData:
credentials: |
{
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-26 21:39:11.007854026 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-26 21:38:45.204648208 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-26 21:39:11.009854043 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-26 21:38:45.206648225 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,23 +27,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: users
+ name: team1
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -52,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team-a-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team1
+ name: team-a
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +77,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-26 21:39:11.009854043 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-26 21:38:45.206648225 +0000
@@ -8,9 +8,8 @@
platform-engineer.cloud/realm: kubrix
annotations:
link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/keycloak.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/keycloak.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/keycloak.yaml 2025-02-26 21:39:11.008854035 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/keycloak.yaml 2025-02-26 21:38:45.205648216 +0000
@@ -108,9 +108,9 @@
memory: 2048Mi
cpu: "2"
requests:
memory: 1024Mi
- cpu: "0.6"
+ cpu: "0.3"
volumeMounts:
- mountPath: /opt/keycloak/bin/poststart.sh
name: keycloak-hookvolume
subPath: poststart.sh
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-02-26 21:39:11.009854043 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-02-26 21:38:45.207648234 +0000
@@ -30,9 +30,8 @@
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
providerSecretName: keycloak-credentials-cp
realm: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-26 21:39:10.961853636 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-26 21:38:45.157647797 +0000
@@ -6,8 +6,11 @@
name: keycloak-credentials-cp
namespace: crossplane
labels:
type: provider-credentials
+ annotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+ argocd.argoproj.io/sync-wave: "-1"
type: Opaque
stringData:
credentials: |
{
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-26 21:39:10.962853644 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-26 21:38:45.157647797 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-26 21:39:10.963853653 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-26 21:38:45.159647814 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,34 +27,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-26 21:39:10.963853653 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-26 21:38:45.159647814 +0000
@@ -8,9 +8,8 @@
platform-engineer.cloud/realm: kubrix
annotations:
link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/keycloak.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/keycloak.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/keycloak.yaml 2025-02-26 21:39:10.962853644 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/keycloak.yaml 2025-02-26 21:38:45.157647797 +0000
@@ -108,9 +108,9 @@
memory: 2048Mi
cpu: "2"
requests:
memory: 1024Mi
- cpu: "0.6"
+ cpu: "0.3"
volumeMounts:
- mountPath: /opt/keycloak/bin/poststart.sh
name: keycloak-hookvolume
subPath: poststart.sh
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-02-26 21:39:10.964853661 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-02-26 21:38:45.159647814 +0000
@@ -30,9 +30,8 @@
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
providerSecretName: keycloak-credentials-cp
realm: kubrix
diff -U 4 -r out/target/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/ingester/ingester-statefulset.yaml out/pr/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/ingester/ingester-statefulset.yaml
--- out/target/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/ingester/ingester-statefulset.yaml 2025-02-26 21:39:17.788905147 +0000
+++ out/pr/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/ingester/ingester-statefulset.yaml 2025-02-26 21:38:52.306708605 +0000
@@ -128,9 +128,9 @@
limits:
cpu: 5
memory: 12Gi
requests:
- cpu: 100m
+ cpu: 50m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -273,9 +273,9 @@
limits:
cpu: 5
memory: 12Gi
requests:
- cpu: 100m
+ cpu: 50m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -418,9 +418,9 @@
limits:
cpu: 5
memory: 12Gi
requests:
- cpu: 100m
+ cpu: 50m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
diff -U 4 -r out/target/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/store-gateway/store-gateway-statefulset.yaml out/pr/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/store-gateway/store-gateway-statefulset.yaml
--- out/target/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/store-gateway/store-gateway-statefulset.yaml 2025-02-26 21:39:17.789905154 +0000
+++ out/pr/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/store-gateway/store-gateway-statefulset.yaml 2025-02-26 21:38:52.306708605 +0000
@@ -125,9 +125,9 @@
port: http-metrics
initialDelaySeconds: 60
resources:
requests:
- cpu: 100m
+ cpu: 50m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -268,9 +268,9 @@
port: http-metrics
initialDelaySeconds: 60
resources:
requests:
- cpu: 100m
+ cpu: 50m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -411,9 +411,9 @@
port: http-metrics
initialDelaySeconds: 60
resources:
requests:
- cpu: 100m
+ cpu: 50m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
diff -U 4 -r out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml
--- out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-26 21:39:21.577933323 +0000
+++ out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-26 21:38:56.401742550 +0000
@@ -44,9 +44,9 @@
metadata:
name: oidc-backend-role
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "4"
+ argocd.argoproj.io/sync-wave: "7"
spec:
providerConfigRef:
name: vault-crossplane-providerconfig
forProvider:
diff -U 4 -r out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml
--- out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-26 21:39:21.578933330 +0000
+++ out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-26 21:38:56.402742558 +0000
@@ -1,11 +1,34 @@
---
# Source: sx-vault/templates/crossplane/cp-provider.yaml
+apiVersion: pkg.crossplane.io/v1beta1
+kind: DeploymentRuntimeConfig
+metadata:
+ name: debug-config
+ annotations:
+ argocd.argoproj.io/sync-wave: "-10"
+spec:
+ deploymentTemplate:
+ spec:
+ selector: {}
+ template:
+ spec:
+ containers:
+ - name: package-runtime
+ args:
+ - --poll=1m
+ - --debug
+---
+# Source: sx-vault/templates/crossplane/cp-provider.yaml
# should move to crossplane ns, maybe?
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
name: provider-vault
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
- package: xpkg.upbound.io/upbound/provider-vault:v1.0.0
+ package: xpkg.upbound.io/upbound/provider-vault:v2.1.1
+ runtimeConfigRef:
+ apiVersion: pkg.crossplane.io/v1beta1
+ kind: DeploymentRuntimeConfig
+ name: debug-config
diff -U 4 -r out/target/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml out/pr/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml
--- out/target/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml 2025-02-26 21:39:21.507932830 +0000
+++ out/pr/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml 2025-02-26 21:38:56.330742006 +0000
@@ -221,9 +221,9 @@
valueFrom:
secretKeyRef:
key: VAULT_ADDR
name: sx-vault-env-vars
- image: hashicorp/vault:1.17.2
+ image: hashicorp/vault:1.18.1
name: auto-initializer
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -251,9 +251,9 @@
valueFrom:
secretKeyRef:
key: VAULT_ADDR
name: sx-vault-env-vars
- image: hashicorp/vault:1.17.2
+ image: hashicorp/vault:1.18.1
name: auto-unsealer
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -280,26 +280,28 @@
\ /usr/local/libexec/vault/kubectl create secret generic crossplane-init
-n vault --from-literal=credentials='{\"token\":\"'${CROSSPLANETOKEN}'\"}' \n
\ vault write auth/kubernetes/role/crossplane bound_service_account_names=\"*\"
bound_service_account_namespaces=crossplane policies=crossplane ttl=24h \n\n
- \ else \n\n # due to #405\n if [ ! $(vault read auth/oidc/config)
- ]; then\n vault auth enable oidc\n vault write auth/oidc/config
- oidc_discovery_url=\"https://keycloak-127-0-0-1.nip.io/realms/kubrix\" oidc_client_id=\"vault\"
- oidc_client_secret=\"demosecret\" default_role=\"default\" oidc_discovery_ca_pem=@/vault/userconfig/vault-ca/ca.crt\n
- \ fi\n\n # workaround due to #422\n if [ ! $(vault list identity/group-alias/id)
- ]; then\n echo vault admins group configured, just updating group aliases\n
- \ vault list identity/group/name\n acc=$(vault auth list -format=json
- | /usr/local/libexec/vault/jq -r '.[\"oidc/\"].accessor')\n vault list
- identity/group/name |grep -A10 -- '----' |tail -n +2 | while read groupname ;
- do \n id=$(vault read \"/identity/group/name/$groupname\" -format=json
- | /usr/local/libexec/vault/jq -r .\"data.id\") \n vault write identity/group-alias
- name=\"$groupname\" mount_accessor=\"$acc\" canonical_id=\"$id\"\n echo
- group-alias created\n done\n fi\n # end #422\n echo
- creating accessor configmap\n accessor=$(vault auth list -detailed | grep
- kubernetes | awk '{print $3}')\n if /usr/local/libexec/vault/kubectl get
- configmap kubeauth-accessor -n vault; then\n /usr/local/libexec/vault/kubectl
- patch configmap kubeauth-accessor -n vault -p '{\"data\":{\"accessor\": \"'\"${accessor}\"'\"}}'\n
- \ else \n /usr/local/libexec/vault/kubectl create configmap kubeauth-accessor
+ \ else \n\n # due to https://github.com/suxess-it/kubriX/issues/405\n
+ \ if [ ! $(vault read auth/oidc/config) ]; then\n vault auth enable
+ oidc\n vault write auth/oidc/config oidc_discovery_url=\"https://keycloak-127-0-0-1.nip.io/realms/kubrix\"
+ oidc_client_id=\"vault\" oidc_client_secret=\"demosecret\" default_role=\"default\"
+ oidc_discovery_ca_pem=@/vault/userconfig/vault-ca/ca.crt\n fi\n\n #
+ workaround due to https://github.com/suxess-it/kubriX/issues/422\n if [
+ ! $(vault list identity/group-alias/id) ]; then\n echo vault admins group
+ configured, just updating group aliases\n vault list identity/group/name\n
+ \ acc=$(vault auth list -format=json | /usr/local/libexec/vault/jq -r
+ '.[\"oidc/\"].accessor')\n vault list identity/group/name |grep -A10
+ -- '----' |tail -n +2 | while read groupname ; do \n id=$(vault read
+ \"/identity/group/name/$groupname\" -format=json | /usr/local/libexec/vault/jq
+ -r .\"data.id\") \n vault write identity/group-alias name=\"$groupname\"
+ mount_accessor=\"$acc\" canonical_id=\"$id\"\n echo group-alias created\n
+ \ done\n fi\n # end #422\n echo creating accessor
+ configmap\n accessor=$(vault auth list -detailed | grep kubernetes | awk
+ '{print $3}')\n if /usr/local/libexec/vault/kubectl get configmap kubeauth-accessor
+ -n vault; then\n /usr/local/libexec/vault/kubectl patch configmap kubeauth-accessor
+ -n vault -p '{\"data\":{\"accessor\": \"'\"${accessor}\"'\"}}'\n else \n
+ \ /usr/local/libexec/vault/kubectl create configmap kubeauth-accessor
-n vault --from-literal=accessor=${accessor}\n fi \n echo setup
complete \n fi \n else\n echo vault still sealed\n fi \n
\ else \n echo root token not initialized yet \n fi \ndone \n"
env:
@@ -307,9 +309,9 @@
valueFrom:
secretKeyRef:
key: VAULT_ADDR
name: sx-vault-env-vars
- image: hashicorp/vault:1.17.2
+ image: hashicorp/vault:1.18.1
name: vault-initializer
securityContext:
allowPrivilegeEscalation: false
capabilities:
diff -U 4 -r out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml
--- out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-26 21:39:21.507932830 +0000
+++ out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-26 21:38:56.330742006 +0000
@@ -23,9 +23,9 @@
metadata:
name: oidc-backend-role
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "4"
+ argocd.argoproj.io/sync-wave: "7"
spec:
providerConfigRef:
name: vault-crossplane-providerconfig
forProvider:
diff -U 4 -r out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml
--- out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-26 21:39:21.507932830 +0000
+++ out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-26 21:38:56.330742006 +0000
@@ -1,11 +1,34 @@
---
# Source: sx-vault/templates/crossplane/cp-provider.yaml
+apiVersion: pkg.crossplane.io/v1beta1
+kind: DeploymentRuntimeConfig
+metadata:
+ name: debug-config
+ annotations:
+ argocd.argoproj.io/sync-wave: "-10"
+spec:
+ deploymentTemplate:
+ spec:
+ selector: {}
+ template:
+ spec:
+ containers:
+ - name: package-runtime
+ args:
+ - --poll=1m
+ - --debug
+---
+# Source: sx-vault/templates/crossplane/cp-provider.yaml
# should move to crossplane ns, maybe?
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
name: provider-vault
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
- package: xpkg.upbound.io/upbound/provider-vault:v1.0.0
+ package: xpkg.upbound.io/upbound/provider-vault:v2.1.1
+ runtimeConfigRef:
+ apiVersion: pkg.crossplane.io/v1beta1
+ kind: DeploymentRuntimeConfig
+ name: debug-config |
Changes Default Values |
Changes Rendered Chartdiff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-26 22:22:59.691375375 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-02-26 22:22:34.340342621 +0000
@@ -24,9 +24,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 1041b0b8cd51bb3276f77673247eccc6792cf1a2fbd7e9ab833b7daceef859a1
- checksum/cm: 6358497659f64f9fbe1d0a9bb61d23575b72de50ccb43ed3d65b7ced3b5483fb
+ checksum/cm: cd189f71df8591a6626f41a695ab5684e6dbd08cc455153fd0b35da5be603052
labels:
helm.sh/chart: argo-cd-7.8.4
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-26 22:22:59.686375367 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-02-26 22:22:34.335342615 +0000
@@ -19,23 +19,57 @@
application.instanceLabelKey: argocd.argoproj.io/instance
application.resourceTrackingMethod: annotation
application.sync.impersonation.enabled: "false"
exec.enabled: "false"
- resource.customizations: |
- argoproj.io/Application:
- health.lua: |
- hs = {}
- hs.status = "Progressing"
- hs.message = ""
- if obj.status ~= nil then
- if obj.status.health ~= nil then
- hs.status = obj.status.health.status
- if obj.status.health.message ~= nil then
- hs.message = obj.status.health.message
- end
- end
- end
- return hs
+ resource.customizations: "argoproj.io/Application:\n health.lua: |\n hs = {}\n hs.status = \"Progressing\"\n
+ \ hs.message = \"\"\n if obj.status ~= nil then\n if obj.status.health
+ ~= nil then\n hs.status = obj.status.health.status\n if obj.status.health.message
+ ~= nil then\n hs.message = obj.status.health.message\n end\n end\n
+ \ end\n return hs\n\n\"*.upbound.io/*\":\n health.lua: |\n health_status
+ = {\n status = \"Progressing\",\n message = \"Provisioning ...\"\n }\n\n
+ \ local function contains (table, val)\n for i, v in ipairs(table) do\n if
+ v == val then\n return true\n end\n end\n return false\n
+ \ end\n\n local has_no_status = {\n \"ProviderConfig\",\n \"ProviderConfigUsage\"\n
+ \ }\n\n if obj.status == nil or next(obj.status) == nil and contains(has_no_status,
+ obj.kind) then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is up-to-date.\"\n return health_status\n end\n\n if obj.status
+ == nil or next(obj.status) == nil or obj.status.conditions == nil then\n if
+ obj.kind == \"ProviderConfig\" and obj.status.users ~= nil then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is in use.\"\n return
+ health_status\n end\n return health_status\n end\n\n for i, condition
+ in ipairs(obj.status.conditions) do\n if condition.type == \"LastAsyncOperation\"
+ then\n if condition.status == \"False\" then\n health_status.status
+ = \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Synced\" then\n
+ \ if condition.status == \"False\" then\n health_status.status =
+ \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n\n if condition.type == \"Ready\" then\n
+ \ if condition.status == \"True\" then\n health_status.status = \"Healthy\"\n
+ \ health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status\n\n\"*.crossplane.io/*\":\n
+ \ health.lua: |\n health_status = {\n status = \"Progressing\",\n message
+ = \"Provisioning ...\"\n }\n\n local function contains (table, val)\n for
+ i, v in ipairs(table) do\n if v == val then\n return true\n end\n
+ \ end\n return false\n end\n\n local has_no_status = {\n \"Composition\",\n
+ \ \"CompositionRevision\",\n \"DeploymentRuntimeConfig\",\n \"ControllerConfig\",\n
+ \ \"ProviderConfig\",\n \"ProviderConfigUsage\"\n }\n if obj.status
+ == nil or next(obj.status) == nil and contains(has_no_status, obj.kind) then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n\n if obj.status == nil or next(obj.status) == nil or
+ obj.status.conditions == nil then\n if obj.kind == \"ProviderConfig\" and obj.status.users
+ ~= nil then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is in use.\"\n return health_status\n end\n return
+ health_status\n end\n\n for i, condition in ipairs(obj.status.conditions)
+ do\n if condition.type == \"LastAsyncOperation\" then\n if condition.status
+ == \"False\" then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if condition.type == \"Synced\" then\n if condition.status == \"False\"
+ then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n\n
+ \ if contains({\"Ready\", \"Healthy\", \"Offered\", \"Established\"}, condition.type)
+ then\n if condition.status == \"True\" then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n\n return health_status \n"
server.rbac.log.enforce.enable: "false"
statusbadge.enabled: "false"
timeout.hard.reconciliation: 0s
timeout.reconciliation: 20s
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-26 22:22:59.690375373 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-02-26 22:22:34.340342621 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 1041b0b8cd51bb3276f77673247eccc6792cf1a2fbd7e9ab833b7daceef859a1
- checksum/cm: 6358497659f64f9fbe1d0a9bb61d23575b72de50ccb43ed3d65b7ced3b5483fb
+ checksum/cm: cd189f71df8591a6626f41a695ab5684e6dbd08cc455153fd0b35da5be603052
labels:
helm.sh/chart: argo-cd-7.8.4
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-26 22:22:59.690375373 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-02-26 22:22:34.340342621 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 1041b0b8cd51bb3276f77673247eccc6792cf1a2fbd7e9ab833b7daceef859a1
- checksum/cm: 6358497659f64f9fbe1d0a9bb61d23575b72de50ccb43ed3d65b7ced3b5483fb
+ checksum/cm: cd189f71df8591a6626f41a695ab5684e6dbd08cc455153fd0b35da5be603052
labels:
helm.sh/chart: argo-cd-7.8.4
app.kubernetes.io/name: argocd-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-26 22:23:10.285387261 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-26 22:22:46.763357025 +0000
@@ -6,8 +6,11 @@
name: keycloak-credentials-cp
namespace: crossplane
labels:
type: provider-credentials
+ annotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+ argocd.argoproj.io/sync-wave: "-1"
type: Opaque
stringData:
credentials: |
{
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-26 22:23:10.285387261 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-26 22:22:46.764357026 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-26 22:23:10.287387263 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-26 22:22:46.765357027 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,23 +27,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: users
+ name: team1
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -52,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team-a-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team1
+ name: team-a
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +77,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-26 22:23:10.287387263 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-26 22:22:46.765357027 +0000
@@ -8,9 +8,8 @@
platform-engineer.cloud/realm: kubrix
annotations:
link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/keycloak.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/keycloak.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/keycloak.yaml 2025-02-26 22:23:10.285387261 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/keycloak.yaml 2025-02-26 22:22:46.764357026 +0000
@@ -108,9 +108,9 @@
memory: 2048Mi
cpu: "2"
requests:
memory: 1024Mi
- cpu: "0.6"
+ cpu: "0.3"
volumeMounts:
- mountPath: /opt/keycloak/bin/poststart.sh
name: keycloak-hookvolume
subPath: poststart.sh
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-02-26 22:23:10.287387263 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-02-26 22:22:46.766357028 +0000
@@ -30,9 +30,8 @@
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
providerSecretName: keycloak-credentials-cp
realm: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-26 22:23:10.236387211 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-cp-secret.yaml 2025-02-26 22:22:46.715356966 +0000
@@ -6,8 +6,11 @@
name: keycloak-credentials-cp
namespace: crossplane
labels:
type: provider-credentials
+ annotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+ argocd.argoproj.io/sync-wave: "-1"
type: Opaque
stringData:
credentials: |
{
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-26 22:23:10.236387211 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-02-26 22:22:46.716356968 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-26 22:23:10.238387214 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-02-26 22:22:46.717356969 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,34 +27,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-26 22:23:10.238387214 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-02-26 22:22:46.717356969 +0000
@@ -8,9 +8,8 @@
platform-engineer.cloud/realm: kubrix
annotations:
link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/keycloak.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/keycloak.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/keycloak.yaml 2025-02-26 22:23:10.237387213 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/keycloak.yaml 2025-02-26 22:22:46.716356968 +0000
@@ -108,9 +108,9 @@
memory: 2048Mi
cpu: "2"
requests:
memory: 1024Mi
- cpu: "0.6"
+ cpu: "0.3"
volumeMounts:
- mountPath: /opt/keycloak/bin/poststart.sh
name: keycloak-hookvolume
subPath: poststart.sh
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-02-26 22:23:10.238387214 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-02-26 22:22:46.717356969 +0000
@@ -30,9 +30,8 @@
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
providerSecretName: keycloak-credentials-cp
realm: kubrix
diff -U 4 -r out/target/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/ingester/ingester-statefulset.yaml out/pr/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/ingester/ingester-statefulset.yaml
--- out/target/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/ingester/ingester-statefulset.yaml 2025-02-26 22:23:16.646393720 +0000
+++ out/pr/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/ingester/ingester-statefulset.yaml 2025-02-26 22:22:53.373365109 +0000
@@ -128,9 +128,9 @@
limits:
cpu: 5
memory: 12Gi
requests:
- cpu: 100m
+ cpu: 50m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -273,9 +273,9 @@
limits:
cpu: 5
memory: 12Gi
requests:
- cpu: 100m
+ cpu: 50m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -418,9 +418,9 @@
limits:
cpu: 5
memory: 12Gi
requests:
- cpu: 100m
+ cpu: 50m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
diff -U 4 -r out/target/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/store-gateway/store-gateway-statefulset.yaml out/pr/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/store-gateway/store-gateway-statefulset.yaml
--- out/target/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/store-gateway/store-gateway-statefulset.yaml 2025-02-26 22:23:16.647393721 +0000
+++ out/pr/mimir/values-k3d.yaml/sx-mimir/charts/mimir/templates/store-gateway/store-gateway-statefulset.yaml 2025-02-26 22:22:53.373365109 +0000
@@ -125,9 +125,9 @@
port: http-metrics
initialDelaySeconds: 60
resources:
requests:
- cpu: 100m
+ cpu: 50m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -268,9 +268,9 @@
port: http-metrics
initialDelaySeconds: 60
resources:
requests:
- cpu: 100m
+ cpu: 50m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -411,9 +411,9 @@
port: http-metrics
initialDelaySeconds: 60
resources:
requests:
- cpu: 100m
+ cpu: 50m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
diff -U 4 -r out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml
--- out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-26 22:23:20.258396942 +0000
+++ out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-26 22:22:57.241371394 +0000
@@ -44,9 +44,9 @@
metadata:
name: oidc-backend-role
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "4"
+ argocd.argoproj.io/sync-wave: "7"
spec:
providerConfigRef:
name: vault-crossplane-providerconfig
forProvider:
diff -U 4 -r out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml
--- out/target/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-26 22:23:20.259396943 +0000
+++ out/pr/vault/values-demo-metalstack.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-26 22:22:57.241371394 +0000
@@ -1,6 +1,25 @@
---
# Source: sx-vault/templates/crossplane/cp-provider.yaml
+apiVersion: pkg.crossplane.io/v1beta1
+kind: DeploymentRuntimeConfig
+metadata:
+ name: debug-config
+ annotations:
+ argocd.argoproj.io/sync-wave: "-10"
+spec:
+ deploymentTemplate:
+ spec:
+ selector: {}
+ template:
+ spec:
+ containers:
+ - name: package-runtime
+ args:
+ - --poll=1m
+ - --debug
+---
+# Source: sx-vault/templates/crossplane/cp-provider.yaml
# should move to crossplane ns, maybe?
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
@@ -8,4 +27,8 @@
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
package: xpkg.upbound.io/upbound/provider-vault:v1.0.0
+ runtimeConfigRef:
+ apiVersion: pkg.crossplane.io/v1beta1
+ kind: DeploymentRuntimeConfig
+ name: debug-config
diff -U 4 -r out/target/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml out/pr/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml
--- out/target/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml 2025-02-26 22:23:20.187396881 +0000
+++ out/pr/vault/values-k3d.yaml/sx-vault/charts/vault/templates/server-statefulset.yaml 2025-02-26 22:22:57.165371271 +0000
@@ -221,9 +221,9 @@
valueFrom:
secretKeyRef:
key: VAULT_ADDR
name: sx-vault-env-vars
- image: hashicorp/vault:1.17.2
+ image: hashicorp/vault:1.18.1
name: auto-initializer
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -251,9 +251,9 @@
valueFrom:
secretKeyRef:
key: VAULT_ADDR
name: sx-vault-env-vars
- image: hashicorp/vault:1.17.2
+ image: hashicorp/vault:1.18.1
name: auto-unsealer
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -280,26 +280,28 @@
\ /usr/local/libexec/vault/kubectl create secret generic crossplane-init
-n vault --from-literal=credentials='{\"token\":\"'${CROSSPLANETOKEN}'\"}' \n
\ vault write auth/kubernetes/role/crossplane bound_service_account_names=\"*\"
bound_service_account_namespaces=crossplane policies=crossplane ttl=24h \n\n
- \ else \n\n # due to #405\n if [ ! $(vault read auth/oidc/config)
- ]; then\n vault auth enable oidc\n vault write auth/oidc/config
- oidc_discovery_url=\"https://keycloak-127-0-0-1.nip.io/realms/kubrix\" oidc_client_id=\"vault\"
- oidc_client_secret=\"demosecret\" default_role=\"default\" oidc_discovery_ca_pem=@/vault/userconfig/vault-ca/ca.crt\n
- \ fi\n\n # workaround due to #422\n if [ ! $(vault list identity/group-alias/id)
- ]; then\n echo vault admins group configured, just updating group aliases\n
- \ vault list identity/group/name\n acc=$(vault auth list -format=json
- | /usr/local/libexec/vault/jq -r '.[\"oidc/\"].accessor')\n vault list
- identity/group/name |grep -A10 -- '----' |tail -n +2 | while read groupname ;
- do \n id=$(vault read \"/identity/group/name/$groupname\" -format=json
- | /usr/local/libexec/vault/jq -r .\"data.id\") \n vault write identity/group-alias
- name=\"$groupname\" mount_accessor=\"$acc\" canonical_id=\"$id\"\n echo
- group-alias created\n done\n fi\n # end #422\n echo
- creating accessor configmap\n accessor=$(vault auth list -detailed | grep
- kubernetes | awk '{print $3}')\n if /usr/local/libexec/vault/kubectl get
- configmap kubeauth-accessor -n vault; then\n /usr/local/libexec/vault/kubectl
- patch configmap kubeauth-accessor -n vault -p '{\"data\":{\"accessor\": \"'\"${accessor}\"'\"}}'\n
- \ else \n /usr/local/libexec/vault/kubectl create configmap kubeauth-accessor
+ \ else \n\n # due to https://github.com/suxess-it/kubriX/issues/405\n
+ \ if [ ! $(vault read auth/oidc/config) ]; then\n vault auth enable
+ oidc\n vault write auth/oidc/config oidc_discovery_url=\"https://keycloak-127-0-0-1.nip.io/realms/kubrix\"
+ oidc_client_id=\"vault\" oidc_client_secret=\"demosecret\" default_role=\"default\"
+ oidc_discovery_ca_pem=@/vault/userconfig/vault-ca/ca.crt\n fi\n\n #
+ workaround due to https://github.com/suxess-it/kubriX/issues/422\n if [
+ ! $(vault list identity/group-alias/id) ]; then\n echo vault admins group
+ configured, just updating group aliases\n vault list identity/group/name\n
+ \ acc=$(vault auth list -format=json | /usr/local/libexec/vault/jq -r
+ '.[\"oidc/\"].accessor')\n vault list identity/group/name |grep -A10
+ -- '----' |tail -n +2 | while read groupname ; do \n id=$(vault read
+ \"/identity/group/name/$groupname\" -format=json | /usr/local/libexec/vault/jq
+ -r .\"data.id\") \n vault write identity/group-alias name=\"$groupname\"
+ mount_accessor=\"$acc\" canonical_id=\"$id\"\n echo group-alias created\n
+ \ done\n fi\n # end #422\n echo creating accessor
+ configmap\n accessor=$(vault auth list -detailed | grep kubernetes | awk
+ '{print $3}')\n if /usr/local/libexec/vault/kubectl get configmap kubeauth-accessor
+ -n vault; then\n /usr/local/libexec/vault/kubectl patch configmap kubeauth-accessor
+ -n vault -p '{\"data\":{\"accessor\": \"'\"${accessor}\"'\"}}'\n else \n
+ \ /usr/local/libexec/vault/kubectl create configmap kubeauth-accessor
-n vault --from-literal=accessor=${accessor}\n fi \n echo setup
complete \n fi \n else\n echo vault still sealed\n fi \n
\ else \n echo root token not initialized yet \n fi \ndone \n"
env:
@@ -307,9 +309,9 @@
valueFrom:
secretKeyRef:
key: VAULT_ADDR
name: sx-vault-env-vars
- image: hashicorp/vault:1.17.2
+ image: hashicorp/vault:1.18.1
name: vault-initializer
securityContext:
allowPrivilegeEscalation: false
capabilities:
diff -U 4 -r out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml
--- out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-26 22:23:20.187396881 +0000
+++ out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-authbackend-oidc.yaml 2025-02-26 22:22:57.165371271 +0000
@@ -23,9 +23,9 @@
metadata:
name: oidc-backend-role
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "4"
+ argocd.argoproj.io/sync-wave: "7"
spec:
providerConfigRef:
name: vault-crossplane-providerconfig
forProvider:
diff -U 4 -r out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml
--- out/target/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-26 22:23:20.187396881 +0000
+++ out/pr/vault/values-k3d.yaml/sx-vault/templates/crossplane/cp-provider.yaml 2025-02-26 22:22:57.166371272 +0000
@@ -1,6 +1,25 @@
---
# Source: sx-vault/templates/crossplane/cp-provider.yaml
+apiVersion: pkg.crossplane.io/v1beta1
+kind: DeploymentRuntimeConfig
+metadata:
+ name: debug-config
+ annotations:
+ argocd.argoproj.io/sync-wave: "-10"
+spec:
+ deploymentTemplate:
+ spec:
+ selector: {}
+ template:
+ spec:
+ containers:
+ - name: package-runtime
+ args:
+ - --poll=1m
+ - --debug
+---
+# Source: sx-vault/templates/crossplane/cp-provider.yaml
# should move to crossplane ns, maybe?
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
@@ -8,4 +27,8 @@
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
package: xpkg.upbound.io/upbound/provider-vault:v1.0.0
+ runtimeConfigRef:
+ apiVersion: pkg.crossplane.io/v1beta1
+ kind: DeploymentRuntimeConfig
+ name: debug-config |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.