Add overlay for albany

cluster-scope/overlays/albany/certificates/default-api-certificate.yaml

@@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: default-api-certificate
+  namespace: openshift-config
+spec:
+  issuerRef:
+    name: letsencrypt-production-dns01
+    kind: Issuer
+  secretName: default-api-certificate
+  duration: 2160h0m0s
+  renewBefore: 360h0m0s
+  dnsNames:
+    - "api.albany.nerc.mghpcc.org"

cluster-scope/overlays/albany/certificates/default-ingress-certificate.yaml

@@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: default-ingress-certificate
+  namespace: openshift-ingress
+spec:
+  issuerRef:
+    name: letsencrypt-production-dns01
+    kind: Issuer
+  secretName: default-ingress-certificate
+  duration: 2160h0m0s
+  renewBefore: 360h0m0s
+  dnsNames:
+    - "*.apps.albany.nerc.mghpcc.org"

cluster-scope/overlays/albany/certificates/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- default-api-certificate.yaml
+- default-ingress-certificate.yaml

cluster-scope/overlays/albany/externalsecrets/github-group-sync.yaml

@@ -0,0 +1,20 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: github-group-sync
+  namespace: group-sync-operator
+spec:
+  secretStoreRef:
+    name: nerc-secret-store
+    kind: SecretStore
+  target:
+    name: github-group-sync
+  data:
+  - secretKey: appId
+    remoteRef:
+      key: nerc/albany/group-sync-operator/github-group-sync-token
+      property: appId
+  - secretKey: privateKey
+    remoteRef:
+      key: nerc/albany/group-sync-operator/github-group-sync-token
+      property: privateKey

cluster-scope/overlays/albany/externalsecrets/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- github-group-sync.yaml

cluster-scope/overlays/albany/feature/odf/externalsecrets/rook-ceph-external-cluster-details.yaml

@@ -0,0 +1,16 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: rook-ceph-external-cluster-details
+  namespace: openshift-storage
+spec:
+  secretStoreRef:
+    name: nerc-secret-store
+    kind: SecretStore
+  target:
+    name: rook-ceph-external-cluster-details
+  data:
+  - secretKey: external_cluster_details
+    remoteRef:
+      key: nerc/albany/openshift-storage/rook-ceph-external-cluster-details
+      property: external_cluster_details

cluster-scope/overlays/albany/feature/odf/kustomization.yaml

@@ -0,0 +1,15 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: openshift-storage
+
+components:
+  - ../../../../components/nerc-secret-store
+
+resources:
+  - ../../../../bundles/odf-external
+  - externalsecrets/rook-ceph-external-cluster-details.yaml
+  - redhatcop.redhat.io/odf-node-patcher.yaml
+
+patches:
+  - path: storageclasses/ocs-external-storagecluster-ceph-rbd_patch.yaml
+  - path: subscriptions/subscription_patch.yaml

cluster-scope/overlays/albany/feature/odf/redhatcop.redhat.io/odf-node-patcher.yaml

@@ -0,0 +1,21 @@
+apiVersion: redhatcop.redhat.io/v1alpha1
+kind: Patch
+metadata:
+  name: odf-node-label-workers
+  namespace: openshift-storage
+spec:
+  serviceAccountRef:
+    name: patcher
+  patches:
+    odf-node-label-workers:
+      targetObjectRef:
+        apiVersion: v1
+        kind: Node
+        labelSelector:
+          matchLabels:
+            node-role.kubernetes.io/worker: ""
+      patchType: application/strategic-merge-patch+json
+      patchTemplate: |
+        metadata:
+          labels:
+            "cluster.ocs.openshift.io/openshift-storage": ""

cluster-scope/overlays/albany/feature/odf/storageclasses/ocs-external-storagecluster-ceph-rbd_patch.yaml

@@ -0,0 +1,17 @@
+allowVolumeExpansion: true
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: ocs-external-storagecluster-ceph-rbd
+parameters:
+  clusterID: openshift-storage
+  csi.storage.k8s.io/controller-expand-secret-name: rook-csi-rbd-provisioner
+  csi.storage.k8s.io/controller-expand-secret-namespace: openshift-storage
+  csi.storage.k8s.io/fstype: ext4
+  csi.storage.k8s.io/node-stage-secret-name: rook-csi-rbd-node
+  csi.storage.k8s.io/node-stage-secret-namespace: openshift-storage
+  csi.storage.k8s.io/provisioner-secret-name: rook-csi-rbd-provisioner
+  csi.storage.k8s.io/provisioner-secret-namespace: openshift-storage
+  imageFeatures: layering
+  imageFormat: "2"
+  pool: moc-rbd-rhoai-beta-test

cluster-scope/overlays/albany/feature/odf/subscriptions/subscription_patch.yaml

@@ -0,0 +1,6 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+    name: odf-operator
+spec:
+    channel: stable-4.16

cluster-scope/overlays/albany/issuers/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- openshift-config
+- openshift-ingress

cluster-scope/overlays/albany/issuers/openshift-config/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: openshift-config
+components:
+  - ../../../../components/nerc-certificate-issuer

cluster-scope/overlays/albany/issuers/openshift-ingress/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: openshift-ingress
+components:
+  - ../../../../components/nerc-certificate-issuer

cluster-scope/overlays/albany/kustomization.yaml

@@ -0,0 +1,77 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+commonLabels:
+  nerc.mghpcc.org/kustomized: "true"
+
+resources:
+- ../common
+- ../../bundles/node-feature-discovery
+- ../../bundles/patch-operator
+- ../../bundles/clusterissuer-http01
+- ../../base/rbac.authorization.k8s.io/clusterroles/allow-edit-rbac
+- ../../base/core/namespaces/openshift-gitops
+- externalsecrets
+- issuers
+- feature/odf
+- machineconfigs
+- certificates
+- secretstores
+
+components:
+  - ../../components/nerc-oauth-github
+
+  # this must come last in order to apply
+  # to all resources.
+  - ../../components/argocd-skip-dryrun
+
+generatorOptions:
+  disableNameSuffixHash: true
+
+patches:
+
+- patch: |
+    apiVersion: config.openshift.io/v1
+    kind: OAuth
+    metadata:
+      name: cluster
+    spec:
+      identityProviders:
+      - name: github
+        github:
+          clientID: Ov23liezggam3Edgcsfs
+- target:
+    kind: ExternalSecret
+    name: github-client-secret
+  patch: |
+    - op: replace
+      path: /spec/data/0/remoteRef/key
+      value: nerc/albany/openshift-config/github-client-secret
+
+- target:
+    kind: SecretStore
+  patch: |
+    - op: replace
+      path: /spec/provider/vault/auth/kubernetes/mountPath
+      value: kubernetes/albany
+- target:
+    kind: ExternalSecret
+    name: aws-route53-credentials
+  patch: |
+    - op: replace
+      path: /spec/dataFrom/0/extract/key
+      value: nerc/albany/aws-route53-credentials
+- target:
+    kind: APIServer
+    name: cluster
+  patch: |
+    - op: replace
+      path: /spec/servingCerts/namedCertificates/0/names/0
+      value: api.albany.nerc.mghpcc.org
+- target:
+    kind: Issuer
+    name: letsencrypt-.*-dns01
+  patch: |
+    - op: replace
+      path: /spec/acme/solvers/0/selector/dnsZones
+      value:
+        - albany.nerc.mghpcc.org

cluster-scope/overlays/albany/machineconfigs/configure-sysctl-ip-forward/Makefile

@@ -0,0 +1,10 @@
+MACHINECONFIGS = \
+	machineconfig.yaml
+
+%.yaml: src/%.bu $(wildcard src/*.nmconnection)
+	butane -o $@ -d src $<
+
+all: $(MACHINECONFIGS)
+
+clean:
+	rm -f $(MACHINECONFIGS)

cluster-scope/overlays/albany/machineconfigs/configure-sysctl-ip-forward/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- machineconfig.yaml

cluster-scope/overlays/albany/machineconfigs/configure-sysctl-ip-forward/machineconfig.yaml

@@ -0,0 +1,18 @@
+# Generated by Butane; do not edit
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+metadata:
+  labels:
+    machineconfiguration.openshift.io/role: worker
+  name: configure-sysctl-ip-forward
+spec:
+  config:
+    ignition:
+      version: 3.4.0
+    storage:
+      files:
+        - contents:
+            compression: ""
+            source: data:,%23%20This%20is%20required%20to%20interact%20with%20NESE%20storage%0Anet.ipv4.ip_forward%3D1%0A
+          mode: 420
+          path: /etc/sysctl.d/ip_forward.conf

cluster-scope/overlays/albany/machineconfigs/configure-sysctl-ip-forward/src/ip_forward.conf

@@ -0,0 +1,2 @@
+# This is required to interact with NESE storage
+net.ipv4.ip_forward=1

cluster-scope/overlays/albany/machineconfigs/configure-sysctl-ip-forward/src/machineconfig.bu

@@ -0,0 +1,12 @@
+variant: openshift
+version: 4.15.0
+metadata:
+  name: configure-sysctl-ip-forward
+  labels:
+    machineconfiguration.openshift.io/role: worker
+storage:
+  files:
+    - path: /etc/sysctl.d/ip_forward.conf
+      mode: 0644
+      contents:
+        local: ip_forward.conf

cluster-scope/overlays/albany/machineconfigs/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- configure-sysctl-ip-forward/

cluster-scope/overlays/albany/secretstores/group-sync-operator/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: group-sync-operator
+components:
+  - ../../../../components/nerc-secret-store

cluster-scope/overlays/albany/secretstores/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- openshift-config
+- openshift-ingress
+- openshift-logging
+- group-sync-operator

cluster-scope/overlays/albany/secretstores/openshift-config/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: openshift-config
+components:
+  - ../../../../components/nerc-secret-store

cluster-scope/overlays/albany/secretstores/openshift-ingress/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: openshift-ingress
+components:
+  - ../../../../components/nerc-secret-store

cluster-scope/overlays/albany/secretstores/openshift-logging/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: openshift-logging
+components:
+  - ../../../../components/nerc-secret-store