diff --git a/acrpull/Makefile b/acrpull/Makefile index 28b8e7e1d..0725be220 100644 --- a/acrpull/Makefile +++ b/acrpull/Makefile @@ -6,7 +6,7 @@ deploy: kubectl create namespace acrpull --dry-run=client -o json | kubectl apply -f - && \ ${HELM_CMD} acrpull \ deploy/helm/acrpull/ \ - --set image=mcr.microsoft.com/aks/msi-acrpull@${ACRPULL_DIGEST} \ + --set image=${ACRPULL_REGISTRY}/${ACRPULL_REPO}@${ACRPULL_DIGEST} \ --namespace acrpull .PHONY: deploy diff --git a/acrpull/pipeline.yaml b/acrpull/pipeline.yaml index c6abeb45a..417f28344 100644 --- a/acrpull/pipeline.yaml +++ b/acrpull/pipeline.yaml @@ -15,7 +15,11 @@ resourceGroups: value: "true" variables: - name: ACRPULL_DIGEST - configRef: acrPullImageDigest + configRef: acrPull.image.digest + - name: ACRPULL_REPO + configRef: acrPull.image.repository + - name: ACRPULL_REGISTRY + configRef: acrPull.image.registry - name: {{ .mgmt.rg }} subscription: {{ .mgmt.subscription }} aksCluster: {{ .mgmt.aks.name }} @@ -29,4 +33,8 @@ resourceGroups: value: "true" variables: - name: ACRPULL_DIGEST - configRef: acrPullImageDigest + configRef: acrPull.image.digest + - name: ACRPULL_REPO + configRef: acrPull.image.repository + - name: ACRPULL_REGISTRY + configRef: acrPull.image.registry diff --git a/config/config.msft.yaml b/config/config.msft.yaml index dc412175c..d0d3b81c3 100644 --- a/config/config.msft.yaml +++ b/config/config.msft.yaml @@ -16,7 +16,12 @@ defaults: ocpAcrZoneRedundantMode: Enabled # ACR Pull - acrPullImageDigest: sha256:51dd1a7c217b554d7925e67008caf747c8bec17b641830160e08b6836a8aa589 #v0.1.12 + acrPull: + image: + registry: mcr.microsoft.com + repository: aks/msi-acrpull + digest: sha256:51dd1a7c217b554d7925e67008caf747c8bec17b641830160e08b6836a8aa589 #v0.1.12 + # Hypershift hypershift: @@ -142,13 +147,15 @@ defaults: environmentName: global-shared-resources componentSync: enabled: true - imageRepo: image-sync/component-sync + image: + repository: image-sync/component-sync repositories: quay.io/redhat-user-workloads/maestro-rhtap-tenant/maestro/maestro,arohcpsvcdev.azurecr.io/image-sync/component-sync,arohcpsvcdev.azurecr.io/arohcpfrontend,arohcpsvcdev.azurecr.io/arohcpbackend,quay.io/acm-d/rhtap-hypershift-operator,arohcpsvcdev.azurecr.io/image-sync/oc-mirror,quay.io/app-sre/uhc-clusters-service,quay.io/package-operator/package-operator-package secrets: 'quay.io:quay-io-bearer,arohcpsvcdev.azurecr.io:arohcpsvcdev-bearer' pullSecretName: component-sync-pull-secret ocMirror: enabled: true - imageRepo: image-sync/oc-mirror + image: + repository: image-sync/oc-mirror pullSecretName: ocp-pull-secret keyVault: name: arohcp-imagesync-int @@ -208,12 +215,16 @@ clouds: image: digest: sha256:aaa14dad6c01f06f2c380e0333db56097aa7b1dd8e696d9b3a8848d7d5362be0 hypershiftOperator: - imageTag: 1bb8b1a + image: + repository: acm-d/rhtap-hypershift-operator + digest: sha256:c802cd5c71b279926ed3f02871d5a414d0b852dd276406046fc4e893404d468f imageSync: componentSync: - imageTag: d1021e2 + image: + digest: sha256:d838c4910bc53a5583dd501ed7e3ab08aa7c08b45b5997c90764c65ceef01a8f ocMirror: - imageTag: d1021e2 + image: + digest: sha256:4affed9ff6397a5c44e9d1451fd58667f56e826b122819ccb6e1e8e045803c18 frontend: imageTag: 8dab517 backend: diff --git a/config/config.schema.json b/config/config.schema.json index 5a2c382fd..6774208d7 100644 --- a/config/config.schema.json +++ b/config/config.schema.json @@ -1,995 +1,1005 @@ { - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Generated schema for Root", - "type": "object", - "definitions": { - "operatorConfig": { - "type": "object", - "properties": { - "roleName": { - "type": "string" - } - }, - "additionalProperties": false, - "required": [ - "roleName" - ] + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "Generated schema for Root", + "type": "object", + "definitions": { + "operatorConfig": { + "type": "object", + "properties": { + "roleName": { + "type": "string" + } }, - "aksAgentPool": { - "type": "object", - "properties": { - "maxCount": { - "type": "number" - }, - "minCount": { - "type": "number" - }, - "osDiskSizeGB": { - "type": "number" - }, - "vmSize": { - "type": "string" - }, - "azCount": { - "type": "number" - } - }, - "additionalProperties": false, - "required": [ - "maxCount", - "minCount", - "osDiskSizeGB", - "vmSize" - ] + "additionalProperties": false, + "required": [ + "roleName" + ] + }, + "aksAgentPool": { + "type": "object", + "properties": { + "maxCount": { + "type": "number" + }, + "minCount": { + "type": "number" + }, + "osDiskSizeGB": { + "type": "number" + }, + "vmSize": { + "type": "string" + }, + "azCount": { + "type": "number" + } }, - "aksConfig": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "vnetAddressPrefix": { - "type": "string" - }, - "subnetPrefix": { - "type": "string" - }, - "podSubnetPrefix": { - "type": "string" - }, - "kubernetesVersion": { - "type": "string" - }, - "etcd": { - "type": "object", - "properties": { - "kvName": { - "type": "string" - }, - "kvSoftDelete": { - "type": "boolean" - } + "additionalProperties": false, + "required": [ + "maxCount", + "minCount", + "osDiskSizeGB", + "vmSize" + ] + }, + "aksConfig": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "vnetAddressPrefix": { + "type": "string" + }, + "subnetPrefix": { + "type": "string" + }, + "podSubnetPrefix": { + "type": "string" + }, + "kubernetesVersion": { + "type": "string" + }, + "etcd": { + "type": "object", + "properties": { + "kvName": { + "type": "string" }, - "additionalProperties": false, - "required": [ - "kvName", - "kvSoftDelete" - ] - }, - "userAgentPool": { - "$ref": "#/definitions/aksAgentPool" - }, - "systemAgentPool": { - "$ref": "#/definitions/aksAgentPool" - }, - "clusterOutboundIPAddressIPTags": { - "$ref": "#/definitions/keyColonValueCSV" - } - }, - "required": [ - "name", - "vnetAddressPrefix", - "subnetPrefix", - "podSubnetPrefix", - "kubernetesVersion", - "etcd", - "userAgentPool", - "systemAgentPool" - ] - }, - "containerImage": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "digest": { - "type": "string" - } + "kvSoftDelete": { + "type": "boolean" + } + }, + "additionalProperties": false, + "required": [ + "kvName", + "kvSoftDelete" + ] }, - "required": [ - "repository" - ] - }, - "keyColonValueCSV": { - "type": "string", - "pattern": "^$|^[\\w-\\.]+:[\\w\\/-]+(,[\\w-\\.]+:[\\w\\/-]+)*$" - }, - "certificateIssuer": { - "type": "string", - "enum": [ - "Self", - "OneCertV2-PublicCA", - "OneCertV2-PrivateCA" - ] - }, - "zoneRedundantMode": { - "type": "string", - "enum": [ - "Enabled", - "Disabled", - "Auto" - ] - } - }, - "properties": { - "aroDevopsMsiId": { - "type": "string" + "userAgentPool": { + "$ref": "#/definitions/aksAgentPool" + }, + "systemAgentPool": { + "$ref": "#/definitions/aksAgentPool" + }, + "clusterOutboundIPAddressIPTags": { + "$ref": "#/definitions/keyColonValueCSV" + } }, - "kvCertOfficerPrincipalId": { - "type": "string", - "description": "The principal ID of the cert officer that will be used to manage KV certificate issuers" + "required": [ + "name", + "vnetAddressPrefix", + "subnetPrefix", + "podSubnetPrefix", + "kubernetesVersion", + "etcd", + "userAgentPool", + "systemAgentPool" + ] + }, + "containerImage": { + "type": "object", + "properties": { + "registry": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "digest": { + "type": "string" + } }, - "dns": { - "type": "object", - "properties": { - "baseDnsZoneRG": { - "type": "string", - "description": "The Azure RG that holds the parent DNS zones" - }, - "cxParentZoneName": { - "type": "string", - "description": "The parent DNS zone name for regional HCP cluster DNS zones" - }, - "svcParentZoneName": { - "type": "string", - "description": "The parent DNS zone name for regional ARO-HCP infrastructure, e.g. the RP" - }, - "regionalSubdomain": { - "type": "string", - "description": "The regional subdomain to be used to construct the regional hcp and svc zones under their respective parents, e.g. regionalSubdomain.svcParentZoneName" - }, - "parentZoneName": { - "type": "string", - "description": "The global parent DNS zone name" - } - }, - "additionalProperties": false, - "required": [ - "baseDnsZoneRG", - "cxParentZoneName", - "svcParentZoneName", - "regionalSubdomain" - ] + "required": [ + "repository" + ] + }, + "keyColonValueCSV": { + "type": "string", + "pattern": "^$|^[\\w-\\.]+:[\\w\\/-]+(,[\\w-\\.]+:[\\w\\/-]+)*$" + }, + "certificateIssuer": { + "type": "string", + "enum": [ + "Self", + "OneCertV2-PublicCA", + "OneCertV2-PrivateCA" + ] + }, + "zoneRedundantMode": { + "type": "string", + "enum": [ + "Enabled", + "Disabled", + "Auto" + ] + } + }, + "properties": { + "aroDevopsMsiId": { + "type": "string" + }, + "kvCertOfficerPrincipalId": { + "type": "string", + "description": "The principal ID of the cert officer that will be used to manage KV certificate issuers" + }, + "dns": { + "type": "object", + "properties": { + "baseDnsZoneRG": { + "type": "string", + "description": "The Azure RG that holds the parent DNS zones" + }, + "cxParentZoneName": { + "type": "string", + "description": "The parent DNS zone name for regional HCP cluster DNS zones" + }, + "svcParentZoneName": { + "type": "string", + "description": "The parent DNS zone name for regional ARO-HCP infrastructure, e.g. the RP" + }, + "regionalSubdomain": { + "type": "string", + "description": "The regional subdomain to be used to construct the regional hcp and svc zones under their respective parents, e.g. regionalSubdomain.svcParentZoneName" + }, + "parentZoneName": { + "type": "string", + "description": "The global parent DNS zone name" + } }, - "pko": { - "type": "object", - "properties": { - "image": { - "type": "string" - }, - "imageManager": { - "type": "string" - }, - "imageTag": { - "type": "string" - } - }, - "additionalProperties": false, - "required": [ - "image", - "imageManager", - "imageTag" - ] + "additionalProperties": false, + "required": [ + "baseDnsZoneRG", + "cxParentZoneName", + "svcParentZoneName", + "regionalSubdomain" + ] + }, + "pko": { + "type": "object", + "properties": { + "image": { + "type": "string" + }, + "imageManager": { + "type": "string" + }, + "imageTag": { + "type": "string" + } }, - "clusterService": { - "type": "object", - "properties": { - "environment" :{ - "type": "string", - "minLength": 1, - "maxLength": 10 - }, - "image": { - "$ref": "#/definitions/containerImage" - }, - "managedIdentityName": { - "type": "string", - "description": "The name of the MSI that will be used by CS to interact with Azure" - }, - "k8s": { - "type": "object", - "properties": { - "namespace": { - "type": "string" - }, - "serviceAccountName": { - "type": "string" - } + "additionalProperties": false, + "required": [ + "image", + "imageManager", + "imageTag" + ] + }, + "clusterService": { + "type": "object", + "properties": { + "environment": { + "type": "string", + "minLength": 1, + "maxLength": 10 + }, + "image": { + "$ref": "#/definitions/containerImage" + }, + "managedIdentityName": { + "type": "string", + "description": "The name of the MSI that will be used by CS to interact with Azure" + }, + "k8s": { + "type": "object", + "properties": { + "namespace": { + "type": "string" }, - "additionalProperties": false, - "required": [ - "namespace", - "serviceAccountName" - ] - }, - "postgres": { - "type": "object", - "properties": { - "deploy": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "private": { - "type": "boolean" - }, - "minTLSVersion": { - "type": "string", - "enum": ["TLSV1.2", "TLSV1.3"] - } + "serviceAccountName": { + "type": "string" + } + }, + "additionalProperties": false, + "required": [ + "namespace", + "serviceAccountName" + ] + }, + "postgres": { + "type": "object", + "properties": { + "deploy": { + "type": "boolean" }, - "required": [ - "deploy", - "name", - "private", - "minTLSVersion" - ] - }, - "azureOperatorsManagedIdentities": { - "type": "object", - "properties": { - "clusterApiAzure": { - "$ref": "#/definitions/operatorConfig" - }, - "controlPlane": { - "$ref": "#/definitions/operatorConfig" - }, - "cloudControllerManager": { - "$ref": "#/definitions/operatorConfig" - }, - "ingress": { - "$ref": "#/definitions/operatorConfig" - }, - "diskCsiDriver": { - "$ref": "#/definitions/operatorConfig" - }, - "fileCsiDriver": { - "$ref": "#/definitions/operatorConfig" - }, - "imageRegistry": { - "$ref": "#/definitions/operatorConfig" - }, - "cloudNetworkConfig": { - "$ref": "#/definitions/operatorConfig" - }, - "kms": { - "$ref": "#/definitions/operatorConfig" - } + "name": { + "type": "string" }, - "additionalProperties": false, - "required": [ - "clusterApiAzure", - "controlPlane", - "cloudControllerManager", - "ingress", - "diskCsiDriver", - "fileCsiDriver", - "imageRegistry", - "cloudNetworkConfig", - "kms" - ] - } - }, - "additionalProperties": false, - "required": [ - "environment", - "image", - "managedIdentityName", - "k8s", - "azureOperatorsManagedIdentities", - "postgres" - ] - }, - "cxKeyVault": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "private": { - "type": "boolean" - }, - "softDelete": { - "type": "boolean" - } - }, - "additionalProperties": false, - "required": [ - "name", - "private", - "softDelete" - ] - }, - "extraVars": { - "type": "object", - "properties": {}, - "required": [] - }, - "firstPartyAppClientId": { - "type": "string" - }, - "firstPartyAppCertName": { - "type": "string" - }, - "miMockClientId": { - "type": "string" - }, - "miMockPrincipalId": { - "type": "string" - }, - "miMockCertName": { - "type": "string" - }, - "armHelperClientId": { - "type": "string" - }, - "armHelperFPAPrincipalId": { - "type": "string" + "private": { + "type": "boolean" + }, + "minTLSVersion": { + "type": "string", + "enum": [ + "TLSV1.2", + "TLSV1.3" + ] + } + }, + "required": [ + "deploy", + "name", + "private", + "minTLSVersion" + ] + }, + "azureOperatorsManagedIdentities": { + "type": "object", + "properties": { + "clusterApiAzure": { + "$ref": "#/definitions/operatorConfig" + }, + "controlPlane": { + "$ref": "#/definitions/operatorConfig" + }, + "cloudControllerManager": { + "$ref": "#/definitions/operatorConfig" + }, + "ingress": { + "$ref": "#/definitions/operatorConfig" + }, + "diskCsiDriver": { + "$ref": "#/definitions/operatorConfig" + }, + "fileCsiDriver": { + "$ref": "#/definitions/operatorConfig" + }, + "imageRegistry": { + "$ref": "#/definitions/operatorConfig" + }, + "cloudNetworkConfig": { + "$ref": "#/definitions/operatorConfig" + }, + "kms": { + "$ref": "#/definitions/operatorConfig" + } + }, + "additionalProperties": false, + "required": [ + "clusterApiAzure", + "controlPlane", + "cloudControllerManager", + "ingress", + "diskCsiDriver", + "fileCsiDriver", + "imageRegistry", + "cloudNetworkConfig", + "kms" + ] + } }, - "armHelperCertName": { - "type": "string" + "additionalProperties": false, + "required": [ + "environment", + "image", + "managedIdentityName", + "k8s", + "azureOperatorsManagedIdentities", + "postgres" + ] + }, + "cxKeyVault": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "private": { + "type": "boolean" + }, + "softDelete": { + "type": "boolean" + } }, - "backend": { - "type": "object", - "properties": { - "imageTag": { - "type": "string" - } - }, - "additionalProperties": false, - "required": [ - "imageTag" - ] + "additionalProperties": false, + "required": [ + "name", + "private", + "softDelete" + ] + }, + "extraVars": { + "type": "object", + "properties": {}, + "required": [] + }, + "firstPartyAppClientId": { + "type": "string" + }, + "firstPartyAppCertName": { + "type": "string" + }, + "miMockClientId": { + "type": "string" + }, + "miMockPrincipalId": { + "type": "string" + }, + "miMockCertName": { + "type": "string" + }, + "armHelperClientId": { + "type": "string" + }, + "armHelperFPAPrincipalId": { + "type": "string" + }, + "armHelperCertName": { + "type": "string" + }, + "backend": { + "type": "object", + "properties": { + "imageTag": { + "type": "string" + } }, - "frontend": { - "type": "object", - "properties": { - "imageTag": { - "type": "string" - }, - "cosmosDB": { - "type": "object", - "properties": { - "deploy": { - "type": "boolean" - }, - "disableLocalAuth": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "private": { - "type": "boolean" - }, - "zoneRedundantMode": { - "$ref": "#/definitions/zoneRedundantMode" - } + "additionalProperties": false, + "required": [ + "imageTag" + ] + }, + "frontend": { + "type": "object", + "properties": { + "imageTag": { + "type": "string" + }, + "cosmosDB": { + "type": "object", + "properties": { + "deploy": { + "type": "boolean" }, - "additionalProperties": false, - "required": [ - "deploy", - "disableLocalAuth", - "name", - "private" - ] - }, - "cert": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "issuer": { - "$ref": "#/definitions/certificateIssuer" - } + "disableLocalAuth": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "private": { + "type": "boolean" + }, + "zoneRedundantMode": { + "$ref": "#/definitions/zoneRedundantMode" + } + }, + "additionalProperties": false, + "required": [ + "deploy", + "disableLocalAuth", + "name", + "private" + ] + }, + "cert": { + "type": "object", + "properties": { + "name": { + "type": "string" }, - "additionalProperties": false, - "required": [ - "name", - "issuer" - ] - } - }, - "additionalProperties": false, - "required": [ - "imageTag", - "cosmosDB", - "cert" - ] + "issuer": { + "$ref": "#/definitions/certificateIssuer" + } + }, + "additionalProperties": false, + "required": [ + "name", + "issuer" + ] + } }, - "global": { - "type": "object", - "properties": { - "rg": { - "type": "string" - }, - "subscription": { - "type": "string" - }, - "region": { - "type": "string" - }, - "globalMSIName": { - "type": "string", - "description": "The name of the MSI that will be used for ev2" - }, - "safeDnsIntAppObjectId": { - "type": "string", - "description": "SafeDnsIntApplication object ID use to delegate child DNS" - } - }, - "required": [ - "rg", - "subscription", - "region" - ] + "additionalProperties": false, + "required": [ + "imageTag", + "cosmosDB", + "cert" + ] + }, + "global": { + "type": "object", + "properties": { + "rg": { + "type": "string" + }, + "subscription": { + "type": "string" + }, + "region": { + "type": "string" + }, + "globalMSIName": { + "type": "string", + "description": "The name of the MSI that will be used for ev2" + }, + "safeDnsIntAppObjectId": { + "type": "string", + "description": "SafeDnsIntApplication object ID use to delegate child DNS" + } }, - "hypershift": { - "type": "object", - "properties": { - "additionalInstallArg": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "additionalProperties": false, - "required": [ - "additionalInstallArg", - "namespace" - ] + "required": [ + "rg", + "subscription", + "region" + ] + }, + "hypershift": { + "type": "object", + "properties": { + "additionalInstallArg": { + "type": "string" + }, + "namespace": { + "type": "string" + } }, - "hypershiftOperator": { - "type": "object", - "properties": { - "imageTag": { - "type": "string" - } - }, - "additionalProperties": false, - "required": [ - "imageTag" - ] + "additionalProperties": false, + "required": [ + "additionalInstallArg", + "namespace" + ] + }, + "hypershiftOperator": { + "type": "object", + "properties": { + "image": { + "$ref": "#/definitions/containerImage" + } }, - "imageSync": { - "type": "object", - "properties": { - "acrRG": { - "type": "string" - }, - "environmentName": { - "type": "string" - }, - "componentSync": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "imageRepo": { - "type": "string" - }, - "imageTag": { - "type": "string" - }, - "repositories": { - "type": "string" - }, - "secrets": { - "$ref": "#/definitions/keyColonValueCSV" - }, - "pullSecretName": { - "type": "string" - } + "additionalProperties": false, + "required": [ + "image" + ] + }, + "imageSync": { + "type": "object", + "properties": { + "acrRG": { + "type": "string" + }, + "environmentName": { + "type": "string" + }, + "componentSync": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" }, - "additionalProperties": false, - "required": [ - "enabled", - "imageRepo", - "imageTag", - "repositories", - "secrets", - "pullSecretName" - ] - }, - "ocMirror": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "imageRepo": { - "type": "string" - }, - "imageTag": { - "type": "string" - }, - "pullSecretName": { - "type": "string" - } + "image": { + "$ref": "#/definitions/containerImage" }, - "additionalProperties": false, - "required": [ - "enabled", - "imageRepo", - "imageTag", - "pullSecretName" - ] - }, - "keyVault": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "private": { - "type": "boolean" - }, - "softDelete": { - "type": "boolean" - } + "repositories": { + "type": "string" }, - "additionalProperties": false, - "required": [ - "name", - "private", - "softDelete" - ] - }, - "rg": { - "type": "string" - } - }, - "additionalProperties": false, - "required": [ - "acrRG", - "environmentName", - "componentSync", - "ocMirror", - "keyVault", - "rg" - ] + "secrets": { + "$ref": "#/definitions/keyColonValueCSV" + }, + "pullSecretName": { + "type": "string" + } + }, + "additionalProperties": false, + "required": [ + "enabled", + "image", + "repositories", + "secrets", + "pullSecretName" + ] + }, + "ocMirror": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "image": { + "$ref": "#/definitions/containerImage" + }, + "pullSecretName": { + "type": "string" + } + }, + "additionalProperties": false, + "required": [ + "enabled", + "image", + "pullSecretName" + ] + }, + "keyVault": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "private": { + "type": "boolean" + }, + "softDelete": { + "type": "boolean" + } + }, + "additionalProperties": false, + "required": [ + "name", + "private", + "softDelete" + ] + }, + "rg": { + "type": "string" + } }, - "acrPullImageDigest": { - "type": "string" + "additionalProperties": false, + "required": [ + "acrRG", + "environmentName", + "componentSync", + "ocMirror", + "keyVault", + "rg" + ] + }, + "acrPull": { + "type": "object", + "properties": { + "image": { + "$ref": "#/definitions/containerImage" + } }, - "maestro": { - "type": "object", - "properties": { - "certDomain": { - "type": "string", - "description": "Optional SAN base domain for Maestro Eventgrid certificates. If missing, defaults to maestro.${dns.regionalSubdomain}.${dns.svcParentZoneName}" - }, - "certIssuer": { - "$ref": "#/definitions/certificateIssuer" - }, - "server": { - "type": "object", - "properties": { - "mqttClientName": { - "type": "string" - }, - "managedIdentityName": { - "type": "string" - }, - "loglevel": { - "type": "integer" - }, - "k8s": { - "type": "object", - "properties": { - "namespace": { - "type": "string" - }, - "serviceAccountName": { - "type": "string" - } - }, - "additionalProperties": false, - "required": [ - "namespace", - "serviceAccountName" - ] - } + "additionalProperties": false, + "required": [ + "image" + ] + }, + "maestro": { + "type": "object", + "properties": { + "certDomain": { + "type": "string", + "description": "Optional SAN base domain for Maestro Eventgrid certificates. If missing, defaults to maestro.${dns.regionalSubdomain}.${dns.svcParentZoneName}" + }, + "certIssuer": { + "$ref": "#/definitions/certificateIssuer" + }, + "server": { + "type": "object", + "properties": { + "mqttClientName": { + "type": "string" }, - "additionalProperties": false, - "required": [ - "mqttClientName", - "managedIdentityName", - "loglevel", - "k8s" - ] - }, - "agent": { - "type": "object", - "properties": { - "consumerName": { - "type": "string" - }, - "loglevel": { - "type": "integer" + "managedIdentityName": { + "type": "string" + }, + "loglevel": { + "type": "integer" + }, + "k8s": { + "type": "object", + "properties": { + "namespace": { + "type": "string" + }, + "serviceAccountName": { + "type": "string" + } }, - "sidecar":{ - "type:": "object", - "properties": { - "imageBase":{ - "type": "string" - }, - "imageTag":{ - "type": "string" - } + "additionalProperties": false, + "required": [ + "namespace", + "serviceAccountName" + ] + } + }, + "additionalProperties": false, + "required": [ + "mqttClientName", + "managedIdentityName", + "loglevel", + "k8s" + ] + }, + "agent": { + "type": "object", + "properties": { + "consumerName": { + "type": "string" + }, + "loglevel": { + "type": "integer" + }, + "sidecar": { + "type:": "object", + "properties": { + "imageBase": { + "type": "string" + }, + "imageTag": { + "type": "string" } } + } + }, + "additionalProperties": false, + "required": [ + "consumerName", + "loglevel", + "sidecar" + ] + }, + "eventGrid": { + "type": "object", + "properties": { + "maxClientSessionsPerAuthName": { + "type": "integer" }, - "additionalProperties": false, - "required": [ - "consumerName", - "loglevel", - "sidecar" - ] - }, - "eventGrid": { - "type": "object", - "properties": { - "maxClientSessionsPerAuthName": { - "type": "integer" - }, - "name": { - "type": "string" - }, - "private": { - "type": "boolean" - } + "name": { + "type": "string" }, - "additionalProperties": false, - "required": [ - "maxClientSessionsPerAuthName", - "name", - "private" - ] - }, - "imageRepo": { - "type": "string" - }, - "imageTag": { - "type": "string" - }, - "postgres": { - "type": "object", - "properties": { - "deploy": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "private": { - "type": "boolean" - }, - "serverStorageSizeGB": { - "type": "integer" - }, - "serverVersion": { - "type": "string" - }, - "minTLSVersion": { - "type": "string", - "enum": ["TLSV1.2", "TLSV1.3"] - }, - "databaseName": { - "type": "string" - } + "private": { + "type": "boolean" + } + }, + "additionalProperties": false, + "required": [ + "maxClientSessionsPerAuthName", + "name", + "private" + ] + }, + "imageRepo": { + "type": "string" + }, + "imageTag": { + "type": "string" + }, + "postgres": { + "type": "object", + "properties": { + "deploy": { + "type": "boolean" }, - "additionalProperties": false, - "required": [ - "deploy", - "name", - "private", - "serverStorageSizeGB", - "serverVersion", - "minTLSVersion", - "databaseName" - ] - }, - "restrictIstioIngress": { - "type": "boolean" - } - }, - "additionalProperties": false, - "required": [ - "certIssuer", - "agent", - "server", - "eventGrid", - "imageRepo", - "imageTag", - "postgres", - "restrictIstioIngress" - ] - }, - "mce": { - "type": "object", - "properties": { - "clcStateMetrics": { - "type": "object", - "properties": { - "imageDigest": { - "type": "string" - } + "name": { + "type": "string" + }, + "private": { + "type": "boolean" }, - "required": [ - "imageDigest" - ] - } + "serverStorageSizeGB": { + "type": "integer" + }, + "serverVersion": { + "type": "string" + }, + "minTLSVersion": { + "type": "string", + "enum": [ + "TLSV1.2", + "TLSV1.3" + ] + }, + "databaseName": { + "type": "string" + } + }, + "additionalProperties": false, + "required": [ + "deploy", + "name", + "private", + "serverStorageSizeGB", + "serverVersion", + "minTLSVersion", + "databaseName" + ] }, - "required": [ - "clcStateMetrics" - ] - }, - "mgmt": { - "type": "object", - "properties": { - "aks": { - "$ref": "#/definitions/aksConfig" - }, - "rg": { - "type": "string" - }, - "subscription": { - "type": "string" - } - }, - "additionalProperties": false, - "required": [ - "aks", - "rg", - "subscription" - ] - }, - "mgmtKeyVault": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "private": { - "type": "boolean" - }, - "softDelete": { - "type": "boolean" - } - }, - "additionalProperties": false, - "required": [ - "name", - "private", - "softDelete" - ] - }, - "monitoring": { - "type": "object", - "properties": { - "grafanaAdminGroupPrincipalId": { - "type": "string" - }, - "grafanaName": { - "type": "string" - }, - "grafanaZoneRedundantMode": { - "$ref": "#/definitions/zoneRedundantMode" - }, - "workspaceName": { - "type": "string" - } - }, - "additionalProperties": false, - "required": [ - "grafanaAdminGroupPrincipalId", - "grafanaName", - "grafanaZoneRedundantMode", - "workspaceName" - ] - }, - "logs": { - "type": "object", - "properties": { - "namespace": { - "type": "string" - }, - "msiName": { - "type": "string" - }, - "serviceAccountName": { - "type": "string" - } - }, - "additionalProperties": false, - "required": [ - "namespace", - "msiName", - "serviceAccountName" - ] - }, - "msiKeyVault": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "private": { - "type": "boolean" - }, - "softDelete": { - "type": "boolean" - } - }, - "additionalProperties": false, - "required": [ - "name", - "private", - "softDelete" - ] + "restrictIstioIngress": { + "type": "boolean" + } }, - "ocpAcrName": { - "type": "string" + "additionalProperties": false, + "required": [ + "certIssuer", + "agent", + "server", + "eventGrid", + "imageRepo", + "imageTag", + "postgres", + "restrictIstioIngress" + ] + }, + "mce": { + "type": "object", + "properties": { + "clcStateMetrics": { + "type": "object", + "properties": { + "imageDigest": { + "type": "string" + } + }, + "required": [ + "imageDigest" + ] + } }, - "ocpAcrZoneRedundantMode": { - "$ref": "#/definitions/zoneRedundantMode" + "required": [ + "clcStateMetrics" + ] + }, + "mgmt": { + "type": "object", + "properties": { + "aks": { + "$ref": "#/definitions/aksConfig" + }, + "rg": { + "type": "string" + }, + "subscription": { + "type": "string" + } }, - "oidcStorageAccountName": { - "type": "string" + "additionalProperties": false, + "required": [ + "aks", + "rg", + "subscription" + ] + }, + "mgmtKeyVault": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "private": { + "type": "boolean" + }, + "softDelete": { + "type": "boolean" + } }, - "oidcZoneRedundantMode": { - "$ref": "#/definitions/zoneRedundantMode" + "additionalProperties": false, + "required": [ + "name", + "private", + "softDelete" + ] + }, + "monitoring": { + "type": "object", + "properties": { + "grafanaAdminGroupPrincipalId": { + "type": "string" + }, + "grafanaName": { + "type": "string" + }, + "grafanaZoneRedundantMode": { + "$ref": "#/definitions/zoneRedundantMode" + }, + "workspaceName": { + "type": "string" + } }, - "region": { - "type": "string" + "additionalProperties": false, + "required": [ + "grafanaAdminGroupPrincipalId", + "grafanaName", + "grafanaZoneRedundantMode", + "workspaceName" + ] + }, + "logs": { + "type": "object", + "properties": { + "namespace": { + "type": "string" + }, + "msiName": { + "type": "string" + }, + "serviceAccountName": { + "type": "string" + } }, - "regionRG": { - "type": "string" + "additionalProperties": false, + "required": [ + "namespace", + "msiName", + "serviceAccountName" + ] + }, + "msiKeyVault": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "private": { + "type": "boolean" + }, + "softDelete": { + "type": "boolean" + } }, - "serviceKeyVault": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "private": { - "type": "boolean" - }, - "region": { - "type": "string" - }, - "rg": { - "type": "string" - }, - "softDelete": { - "type": "boolean" - } - }, - "additionalProperties": false, - "required": [ - "name", - "private", - "region", - "rg", - "softDelete" - ] + "additionalProperties": false, + "required": [ + "name", + "private", + "softDelete" + ] + }, + "ocpAcrName": { + "type": "string" + }, + "ocpAcrZoneRedundantMode": { + "$ref": "#/definitions/zoneRedundantMode" + }, + "oidcStorageAccountName": { + "type": "string" + }, + "oidcZoneRedundantMode": { + "$ref": "#/definitions/zoneRedundantMode" + }, + "region": { + "type": "string" + }, + "regionRG": { + "type": "string" + }, + "serviceKeyVault": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "private": { + "type": "boolean" + }, + "region": { + "type": "string" + }, + "rg": { + "type": "string" + }, + "softDelete": { + "type": "boolean" + } }, - "svc": { - "type": "object", - "properties": { - "aks": { - "$ref": "#/definitions/aksConfig" - }, - "rg": { - "type": "string" - }, - "subscription": { - "type": "string" - }, - "istio": { - "type": "object", - "properties": { - "istioctlVersion": { - "description": "Latest version of istioctl. This is used to download the istioctl", - "type": "string" - }, - "tag": { - "description": "The revision tag used in istioctl", - "type": "string" - }, - "versions": { - "description": "The current istio version in the AKS cluster as CSV, will need to change to array once tooling is ready", - "type": "string", - "pattern": "^[a-zA-Z0-9-]+(,[a-zA-Z0-9-]+)*$" - }, - "targetVersion": { - "description": "The target istio version that will be updated to", - "type": "string", - "pattern": "^[a-zA-Z0-9-]+$" - }, - "ingressGatewayIPAddressName": { - "type": "string" - }, - "ingressGatewayIPAddressIPTags": { - "$ref": "#/definitions/keyColonValueCSV" - } + "additionalProperties": false, + "required": [ + "name", + "private", + "region", + "rg", + "softDelete" + ] + }, + "svc": { + "type": "object", + "properties": { + "aks": { + "$ref": "#/definitions/aksConfig" + }, + "rg": { + "type": "string" + }, + "subscription": { + "type": "string" + }, + "istio": { + "type": "object", + "properties": { + "istioctlVersion": { + "description": "Latest version of istioctl. This is used to download the istioctl", + "type": "string" + }, + "tag": { + "description": "The revision tag used in istioctl", + "type": "string" + }, + "versions": { + "description": "The current istio version in the AKS cluster as CSV, will need to change to array once tooling is ready", + "type": "string", + "pattern": "^[a-zA-Z0-9-]+(,[a-zA-Z0-9-]+)*$" + }, + "targetVersion": { + "description": "The target istio version that will be updated to", + "type": "string", + "pattern": "^[a-zA-Z0-9-]+$" + }, + "ingressGatewayIPAddressName": { + "type": "string" }, - "additionalProperties": false, - "required": [ - "ingressGatewayIPAddressName" - ] + "ingressGatewayIPAddressIPTags": { + "$ref": "#/definitions/keyColonValueCSV" + } + }, + "additionalProperties": false, + "required": [ + "ingressGatewayIPAddressName" + ] } - }, - "additionalProperties": false, - "required": [ - "rg", - "subscription", - "aks", - "istio" - ] - }, - "svcAcrName": { - "type": "string" }, - "svcAcrZoneRedundantMode": { - "$ref": "#/definitions/zoneRedundantMode" - } - }, - "additionalProperties": false, - "required": [ - "aroDevopsMsiId", - "kvCertOfficerPrincipalId", - "clusterService", - "cxKeyVault", - "firstPartyAppClientId", - "firstPartyAppCertName", - "frontend", - "global", - "hypershift", - "hypershiftOperator", - "imageSync", - "acrPullImageDigest", - "maestro", - "mgmt", - "mgmtKeyVault", - "mce", - "monitoring", - "msiKeyVault", - "ocpAcrName", - "ocpAcrZoneRedundantMode", - "oidcStorageAccountName", - "oidcZoneRedundantMode", - "region", - "regionRG", - "serviceKeyVault", - "svc", - "svcAcrName", - "svcAcrZoneRedundantMode" - ] - } + "additionalProperties": false, + "required": [ + "rg", + "subscription", + "aks", + "istio" + ] + }, + "svcAcrName": { + "type": "string" + }, + "svcAcrZoneRedundantMode": { + "$ref": "#/definitions/zoneRedundantMode" + } + }, + "additionalProperties": false, + "required": [ + "aroDevopsMsiId", + "kvCertOfficerPrincipalId", + "clusterService", + "cxKeyVault", + "firstPartyAppClientId", + "firstPartyAppCertName", + "frontend", + "global", + "hypershift", + "hypershiftOperator", + "imageSync", + "acrPull", + "maestro", + "mgmt", + "mgmtKeyVault", + "mce", + "monitoring", + "msiKeyVault", + "ocpAcrName", + "ocpAcrZoneRedundantMode", + "oidcStorageAccountName", + "oidcZoneRedundantMode", + "region", + "regionRG", + "serviceKeyVault", + "svc", + "svcAcrName", + "svcAcrZoneRedundantMode" + ] +} \ No newline at end of file diff --git a/config/config.yaml b/config/config.yaml index 9b7fe5303..c7af7c52f 100644 --- a/config/config.yaml +++ b/config/config.yaml @@ -11,7 +11,11 @@ defaults: safeDnsIntAppObjectId: "c54b6bce-1cd3-4d37-bebe-aa22f4ce4fbc" # ACR Pull - acrPullImageDigest: sha256:51dd1a7c217b554d7925e67008caf747c8bec17b641830160e08b6836a8aa589 #v0.1.12 + acrPull: + image: + registry: mcr.microsoft.com + repository: aks/msi-acrpull + digest: sha256:51dd1a7c217b554d7925e67008caf747c8bec17b641830160e08b6836a8aa589 #v0.1.12 # Hypershift hypershift: @@ -126,15 +130,17 @@ defaults: environmentName: aro-hcp-image-sync componentSync: enabled: true - imageRepo: image-sync/component-sync - imageTag: d1021e2 + image: + repository: image-sync/component-sync + digest: sha256:d838c4910bc53a5583dd501ed7e3ab08aa7c08b45b5997c90764c65ceef01a8f repositories: quay.io/redhat-user-workloads/maestro-rhtap-tenant/maestro/maestro,quay.io/acm-d/rhtap-hypershift-operator,quay.io/app-sre/uhc-clusters-service,quay.io/package-operator/package-operator-package,quay.io/package-operator/package-operator-manager secrets: 'quay.io:bearer-secret' pullSecretName: component-sync-pull-secret ocMirror: enabled: true - imageRepo: image-sync/oc-mirror - imageTag: d1021e2 + image: + repository: image-sync/oc-mirror + digest: sha256:4affed9ff6397a5c44e9d1451fd58667f56e826b122819ccb6e1e8e045803c18 pullSecretName: pull-secret keyVault: name: arohcp-imagesync-dev @@ -217,7 +223,9 @@ clouds: roleName: Azure Red Hat OpenShift KMS Plugin - Dev # Hypershift Operator hypershiftOperator: - imageTag: 1bb8b1a + image: + repository: acm-d/rhtap-hypershift-operator + digest: sha256:c802cd5c71b279926ed3f02871d5a414d0b852dd276406046fc4e893404d468f # Frontend frontend: imageTag: '' # if empty uses commit sha of repo diff --git a/config/public-cloud-cs-pr.json b/config/public-cloud-cs-pr.json index f5f34436d..28a514207 100644 --- a/config/public-cloud-cs-pr.json +++ b/config/public-cloud-cs-pr.json @@ -1,5 +1,11 @@ { - "acrPullImageDigest": "sha256:51dd1a7c217b554d7925e67008caf747c8bec17b641830160e08b6836a8aa589", + "acrPull": { + "image": { + "digest": "sha256:51dd1a7c217b554d7925e67008caf747c8bec17b641830160e08b6836a8aa589", + "registry": "mcr.microsoft.com", + "repository": "aks/msi-acrpull" + } + }, "armHelperCertName": "armHelperCert2", "armHelperClientId": "3331e670-0804-48e8-a086-6241671ddc93", "armHelperFPAPrincipalId": "47f69502-0065-4d9a-b19b-d403e183d2f4", @@ -95,14 +101,19 @@ "namespace": "hypershift" }, "hypershiftOperator": { - "imageTag": "1bb8b1a" + "image": { + "digest": "sha256:c802cd5c71b279926ed3f02871d5a414d0b852dd276406046fc4e893404d468f", + "repository": "acm-d/rhtap-hypershift-operator" + } }, "imageSync": { "acrRG": "global", "componentSync": { "enabled": true, - "imageRepo": "image-sync/component-sync", - "imageTag": "d1021e2", + "image": { + "digest": "sha256:d838c4910bc53a5583dd501ed7e3ab08aa7c08b45b5997c90764c65ceef01a8f", + "repository": "image-sync/component-sync" + }, "pullSecretName": "component-sync-pull-secret", "repositories": "quay.io/redhat-user-workloads/maestro-rhtap-tenant/maestro/maestro,quay.io/acm-d/rhtap-hypershift-operator,quay.io/app-sre/uhc-clusters-service,quay.io/package-operator/package-operator-package,quay.io/package-operator/package-operator-manager", "secrets": "quay.io:bearer-secret" @@ -115,8 +126,10 @@ }, "ocMirror": { "enabled": true, - "imageRepo": "image-sync/oc-mirror", - "imageTag": "d1021e2", + "image": { + "digest": "sha256:4affed9ff6397a5c44e9d1451fd58667f56e826b122819ccb6e1e8e045803c18", + "repository": "image-sync/oc-mirror" + }, "pullSecretName": "pull-secret" }, "rg": "hcp-underlay-westus3-imagesync-dev" diff --git a/config/public-cloud-dev.json b/config/public-cloud-dev.json index 52a1d43b8..673f2585f 100644 --- a/config/public-cloud-dev.json +++ b/config/public-cloud-dev.json @@ -1,5 +1,11 @@ { - "acrPullImageDigest": "sha256:51dd1a7c217b554d7925e67008caf747c8bec17b641830160e08b6836a8aa589", + "acrPull": { + "image": { + "digest": "sha256:51dd1a7c217b554d7925e67008caf747c8bec17b641830160e08b6836a8aa589", + "registry": "mcr.microsoft.com", + "repository": "aks/msi-acrpull" + } + }, "armHelperCertName": "armHelperCert2", "armHelperClientId": "3331e670-0804-48e8-a086-6241671ddc93", "armHelperFPAPrincipalId": "47f69502-0065-4d9a-b19b-d403e183d2f4", @@ -95,14 +101,19 @@ "namespace": "hypershift" }, "hypershiftOperator": { - "imageTag": "1bb8b1a" + "image": { + "digest": "sha256:c802cd5c71b279926ed3f02871d5a414d0b852dd276406046fc4e893404d468f", + "repository": "acm-d/rhtap-hypershift-operator" + } }, "imageSync": { "acrRG": "global", "componentSync": { "enabled": true, - "imageRepo": "image-sync/component-sync", - "imageTag": "d1021e2", + "image": { + "digest": "sha256:d838c4910bc53a5583dd501ed7e3ab08aa7c08b45b5997c90764c65ceef01a8f", + "repository": "image-sync/component-sync" + }, "pullSecretName": "component-sync-pull-secret", "repositories": "quay.io/redhat-user-workloads/maestro-rhtap-tenant/maestro/maestro,quay.io/acm-d/rhtap-hypershift-operator,quay.io/app-sre/uhc-clusters-service,quay.io/package-operator/package-operator-package,quay.io/package-operator/package-operator-manager", "secrets": "quay.io:bearer-secret" @@ -115,8 +126,10 @@ }, "ocMirror": { "enabled": true, - "imageRepo": "image-sync/oc-mirror", - "imageTag": "d1021e2", + "image": { + "digest": "sha256:4affed9ff6397a5c44e9d1451fd58667f56e826b122819ccb6e1e8e045803c18", + "repository": "image-sync/oc-mirror" + }, "pullSecretName": "pull-secret" }, "rg": "hcp-underlay-westus3-imagesync-dev" diff --git a/config/public-cloud-msft-int.json b/config/public-cloud-msft-int.json index 3455fb808..388f41016 100644 --- a/config/public-cloud-msft-int.json +++ b/config/public-cloud-msft-int.json @@ -1,5 +1,11 @@ { - "acrPullImageDigest": "sha256:51dd1a7c217b554d7925e67008caf747c8bec17b641830160e08b6836a8aa589", + "acrPull": { + "image": { + "digest": "sha256:51dd1a7c217b554d7925e67008caf747c8bec17b641830160e08b6836a8aa589", + "registry": "mcr.microsoft.com", + "repository": "aks/msi-acrpull" + } + }, "armHelperCertName": "armHelperCert2", "armHelperClientId": "3331e670-0804-48e8-a086-6241671ddc93", "armHelperFPAPrincipalId": "47f69502-0065-4d9a-b19b-d403e183d2f4", @@ -95,14 +101,19 @@ "namespace": "hypershift" }, "hypershiftOperator": { - "imageTag": "1bb8b1a" + "image": { + "digest": "sha256:c802cd5c71b279926ed3f02871d5a414d0b852dd276406046fc4e893404d468f", + "repository": "acm-d/rhtap-hypershift-operator" + } }, "imageSync": { "acrRG": "global-shared-resources", "componentSync": { "enabled": true, - "imageRepo": "image-sync/component-sync", - "imageTag": "d1021e2", + "image": { + "digest": "sha256:d838c4910bc53a5583dd501ed7e3ab08aa7c08b45b5997c90764c65ceef01a8f", + "repository": "image-sync/component-sync" + }, "pullSecretName": "component-sync-pull-secret", "repositories": "quay.io/redhat-user-workloads/maestro-rhtap-tenant/maestro/maestro,arohcpsvcdev.azurecr.io/image-sync/component-sync,arohcpsvcdev.azurecr.io/arohcpfrontend,arohcpsvcdev.azurecr.io/arohcpbackend,quay.io/acm-d/rhtap-hypershift-operator,arohcpsvcdev.azurecr.io/image-sync/oc-mirror,quay.io/app-sre/uhc-clusters-service,quay.io/package-operator/package-operator-package", "secrets": "quay.io:quay-io-bearer,arohcpsvcdev.azurecr.io:arohcpsvcdev-bearer" @@ -115,8 +126,10 @@ }, "ocMirror": { "enabled": true, - "imageRepo": "image-sync/oc-mirror", - "imageTag": "d1021e2", + "image": { + "digest": "sha256:4affed9ff6397a5c44e9d1451fd58667f56e826b122819ccb6e1e8e045803c18", + "repository": "image-sync/oc-mirror" + }, "pullSecretName": "ocp-pull-secret" }, "rg": "global-shared-resources" diff --git a/config/public-cloud-personal-dev.json b/config/public-cloud-personal-dev.json index 2cd5d60a5..1ce1580eb 100644 --- a/config/public-cloud-personal-dev.json +++ b/config/public-cloud-personal-dev.json @@ -1,5 +1,11 @@ { - "acrPullImageDigest": "sha256:51dd1a7c217b554d7925e67008caf747c8bec17b641830160e08b6836a8aa589", + "acrPull": { + "image": { + "digest": "sha256:51dd1a7c217b554d7925e67008caf747c8bec17b641830160e08b6836a8aa589", + "registry": "mcr.microsoft.com", + "repository": "aks/msi-acrpull" + } + }, "armHelperCertName": "armHelperCert2", "armHelperClientId": "3331e670-0804-48e8-a086-6241671ddc93", "armHelperFPAPrincipalId": "47f69502-0065-4d9a-b19b-d403e183d2f4", @@ -95,14 +101,19 @@ "namespace": "hypershift" }, "hypershiftOperator": { - "imageTag": "1bb8b1a" + "image": { + "digest": "sha256:c802cd5c71b279926ed3f02871d5a414d0b852dd276406046fc4e893404d468f", + "repository": "acm-d/rhtap-hypershift-operator" + } }, "imageSync": { "acrRG": "global", "componentSync": { "enabled": true, - "imageRepo": "image-sync/component-sync", - "imageTag": "d1021e2", + "image": { + "digest": "sha256:d838c4910bc53a5583dd501ed7e3ab08aa7c08b45b5997c90764c65ceef01a8f", + "repository": "image-sync/component-sync" + }, "pullSecretName": "component-sync-pull-secret", "repositories": "quay.io/redhat-user-workloads/maestro-rhtap-tenant/maestro/maestro,quay.io/acm-d/rhtap-hypershift-operator,quay.io/app-sre/uhc-clusters-service,quay.io/package-operator/package-operator-package,quay.io/package-operator/package-operator-manager", "secrets": "quay.io:bearer-secret" @@ -115,8 +126,10 @@ }, "ocMirror": { "enabled": true, - "imageRepo": "image-sync/oc-mirror", - "imageTag": "d1021e2", + "image": { + "digest": "sha256:4affed9ff6397a5c44e9d1451fd58667f56e826b122819ccb6e1e8e045803c18", + "repository": "image-sync/oc-mirror" + }, "pullSecretName": "pull-secret" }, "rg": "hcp-underlay-westus3-imagesync-dev" diff --git a/dev-infrastructure/configurations/image-sync.tmpl.bicepparam b/dev-infrastructure/configurations/image-sync.tmpl.bicepparam index c32fe8c33..1efa8b9c4 100644 --- a/dev-infrastructure/configurations/image-sync.tmpl.bicepparam +++ b/dev-infrastructure/configurations/image-sync.tmpl.bicepparam @@ -8,7 +8,7 @@ param keyVaultPrivate = {{ .imageSync.keyVault.private }} param keyVaultSoftDelete = {{ .imageSync.keyVault.softDelete }} param componentSyncPullSecretName = '{{ .imageSync.componentSync.pullSecretName }}' -param componentSyncImage = '{{ .svcAcrName }}.azurecr.io/{{ .imageSync.componentSync.imageRepo }}:{{ .imageSync.componentSync.imageTag }}' +param componentSyncImage = '{{ .svcAcrName }}.azurecr.io/{{ .imageSync.componentSync.image.repository }}@{{ .imageSync.componentSync.image.digest }}' param componentSyncEnabed = {{ .imageSync.componentSync.enabled }} param componentSyncSecrets = '{{ .imageSync.componentSync.secrets }}' @@ -17,7 +17,7 @@ param svcAcrName = '{{ .svcAcrName }}' param ocpAcrName = '{{ .ocpAcrName }}' param ocpPullSecretName = '{{ .imageSync.ocMirror.pullSecretName }}' param repositoriesToSync = '{{ .imageSync.componentSync.repositories }}' -param ocMirrorImage = '{{ .svcAcrName }}.azurecr.io/{{ .imageSync.ocMirror.imageRepo }}:{{ .imageSync.ocMirror.imageTag }}' +param ocMirrorImage = '{{ .svcAcrName }}.azurecr.io/{{ .imageSync.ocMirror.image.repository }}@{{ .imageSync.ocMirror.image.digest }}' param ocMirrorEnabled = {{ .imageSync.ocMirror.enabled }} param numberOfTags = 10 diff --git a/dev-infrastructure/mgmt-pipeline.yaml b/dev-infrastructure/mgmt-pipeline.yaml index 9622ae3f2..f8b9c5993 100644 --- a/dev-infrastructure/mgmt-pipeline.yaml +++ b/dev-infrastructure/mgmt-pipeline.yaml @@ -117,7 +117,11 @@ resourceGroups: - name: DRY_RUN value: "true" variables: - - name: ACRPULL_DIGEST - configRef: acrPullImageDigest + - name: ACRPULL_DIGEST + configRef: acrPull.image.digest + - name: ACRPULL_REPO + configRef: acrPull.image.repository + - name: ACRPULL_REGISTRY + configRef: acrPull.image.registry dependsOn: - mgmt-cluster diff --git a/dev-infrastructure/svc-pipeline.yaml b/dev-infrastructure/svc-pipeline.yaml index f518845d0..1b05edcc1 100644 --- a/dev-infrastructure/svc-pipeline.yaml +++ b/dev-infrastructure/svc-pipeline.yaml @@ -129,6 +129,10 @@ resourceGroups: value: "true" variables: - name: ACRPULL_DIGEST - configRef: acrPullImageDigest + configRef: acrPull.image.digest + - name: ACRPULL_REPO + configRef: acrPull.image.repository + - name: ACRPULL_REGISTRY + configRef: acrPull.image.registry dependsOn: - svc diff --git a/hypershiftoperator/Makefile b/hypershiftoperator/Makefile index c9a1b915d..6c5398eaa 100644 --- a/hypershiftoperator/Makefile +++ b/hypershiftoperator/Makefile @@ -9,8 +9,8 @@ deploy: CSI_SECRET_STORE_CLIENT_ID=$(shell az aks show -n ${AKS_NAME} -g ${RESOURCEGROUP} --query 'addonProfiles.azureKeyvaultSecretsProvider.identity.clientId' -o tsv) && \ ${HELM_CMD} hypershift deploy/helm \ --namespace ${HYPERSHIFT_NAMESPACE} \ - --set image=${ARO_HCP_SVC_ACR}.azurecr.io/acm-d/rhtap-hypershift-operator \ - --set imageTag=${HO_IMAGE_TAG} \ + --set image=${ARO_HCP_SVC_ACR}.azurecr.io/${HO_IMAGE_REPOSITORY} \ + --set imageDigest=${HO_IMAGE_DIGEST} \ --set registryOverrides="quay.io/openshift-release-dev/ocp-v4.0-art-dev=${ARO_HCP_OCP_ACR}.azurecr.io/openshift/release\,quay.io/openshift-release-dev/ocp-release=${ARO_HCP_OCP_ACR}.azurecr.io/openshift/release-images\,registry.redhat.io/redhat=${ARO_HCP_OCP_ACR}.azurecr.io/redhat" \ --set additionalArgs="${HO_ADDITIONAL_INSTALL_ARG}" \ --set azureKeyVaultClientId=$${CSI_SECRET_STORE_CLIENT_ID} diff --git a/hypershiftoperator/deploy/helm/templates/installer.job.yaml b/hypershiftoperator/deploy/helm/templates/installer.job.yaml index 186772ab5..38634810d 100644 --- a/hypershiftoperator/deploy/helm/templates/installer.job.yaml +++ b/hypershiftoperator/deploy/helm/templates/installer.job.yaml @@ -15,7 +15,7 @@ spec: spec: containers: - name: install - image: "{{ .Values.image }}:{{ .Values.imageTag }}" + image: "{{ .Values.image }}@{{ .Values.imageDigest }}" command: - /bin/sh - -c @@ -25,7 +25,7 @@ spec: --managed-service ARO-HCP \ --aro-hcp-key-vault-users-client-id {{ .Values.azureKeyVaultClientId }} \ --registry-overrides "{{ .Values.registryOverrides }}" \ - --hypershift-image {{ .Values.image }}:{{ .Values.imageTag }} \ + --hypershift-image {{ .Values.image }}@{{ .Values.imageDigest }} \ --platform-monitoring=None \ {{ .Values.additionalArgs }} restartPolicy: Never diff --git a/hypershiftoperator/deploy/helm/values.yaml b/hypershiftoperator/deploy/helm/values.yaml index 178844fd8..4a1059c89 100644 --- a/hypershiftoperator/deploy/helm/values.yaml +++ b/hypershiftoperator/deploy/helm/values.yaml @@ -4,7 +4,7 @@ description: A Helm chart to manage Hypershift Operator and dependencies for ARO name: aro-hcp-hypershift-operator image: "" -imageTag: "" +imageDigest: "" registryOverrides: "" azureKeyVaultClientId: "" additionalArgs: "" diff --git a/hypershiftoperator/pipeline.yaml b/hypershiftoperator/pipeline.yaml index 6b223c8f0..28b033d88 100644 --- a/hypershiftoperator/pipeline.yaml +++ b/hypershiftoperator/pipeline.yaml @@ -18,8 +18,10 @@ resourceGroups: configRef: svcAcrName - name: ARO_HCP_OCP_ACR configRef: ocpAcrName - - name: HO_IMAGE_TAG - configRef: hypershiftOperator.imageTag + - name: HO_IMAGE_DIGEST + configRef: hypershiftOperator.image.digest + - name: HO_IMAGE_REPOSITORY + configRef: hypershiftOperator.image.repository - name: RESOURCEGROUP configRef: mgmt.rg - name: AKS_NAME diff --git a/image-sync/oc-mirror/config.tmpl.mk b/image-sync/oc-mirror/config.tmpl.mk index bb9899248..143427997 100644 --- a/image-sync/oc-mirror/config.tmpl.mk +++ b/image-sync/oc-mirror/config.tmpl.mk @@ -1,6 +1,6 @@ ARO_HCP_IMAGE_ACR ?= {{ .svcAcrName }} ARO_HCP_IMAGE_ACR_URL ?= ${ARO_HCP_IMAGE_ACR}.azurecr.io -OC_MIRROR_IMAGE ?= $(ARO_HCP_IMAGE_ACR_URL)/{{ .imageSync.ocMirror.imageRepo }} +OC_MIRROR_IMAGE ?= $(ARO_HCP_IMAGE_ACR_URL)/{{ .imageSync.ocMirror.image.repository }} OC_MIRROR_IMAGE_TAGGED ?= $(OC_MIRROR_IMAGE):$(COMMIT) ARO_HCP_OCP_IMAGE_ACR ?= {{ .ocpAcrName }} diff --git a/tooling/image-sync/config.tmpl.mk b/tooling/image-sync/config.tmpl.mk index e82b4c19d..8b9405a09 100644 --- a/tooling/image-sync/config.tmpl.mk +++ b/tooling/image-sync/config.tmpl.mk @@ -1,3 +1,3 @@ ARO_HCP_IMAGE_ACR ?= {{ .svcAcrName }} ARO_HCP_BASE_IMAGE ?= ${ARO_HCP_IMAGE_ACR}.azurecr.io -ARO_HCP_IMAGE_SYNC_IMAGE ?= $(ARO_HCP_BASE_IMAGE)/{{ .imageSync.componentSync.imageRepo }} +ARO_HCP_IMAGE_SYNC_IMAGE ?= $(ARO_HCP_BASE_IMAGE)/{{ .imageSync.componentSync.image.repository }}