diff --git a/CHANGELOG.md b/CHANGELOG.md index 7b65e117..a77a1a53 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -261,11 +261,11 @@ for tbl in `psql -U postgres -qAt -c "select tablename from pg_tables where sche psql -U postgres -c "alter table \"$tbl\" owner to harbor" registry done -for tbl in `psql -U postgres -qAt -c "select sequence_name from information_schema.sequences where sequence_schema = 'public';" registry`; do +for tbl in `psql -U postgres -qAt -c "select sequence_name from information_schema.sequences where sequence_schema = 'public';" registry`; do psql -U postgres -c "alter sequence \"$tbl\" owner to harbor" registry done -for tbl in `psql -U postgres -qAt -c "select table_name from information_schema.views where table_schema = 'public';" registry`; do +for tbl in `psql -U postgres -qAt -c "select table_name from information_schema.views where table_schema = 'public';" registry`; do psql -U postgres -c "alter view \"$tbl\" owner to harbor" registry done ``` @@ -472,7 +472,7 @@ If the Vault cluster finds itself in a state where none of the nodes is a leader ### Features * :sparkles: Enable directAccessGrants for argo-client ([be0843f](https://github.com/cloud-pi-native/socle/commit/be0843f3871a937e45c42c5b5645eead7f86abd0)) -* :sparkles: Enable postgres super user (as we might need it) ([08a64ad](https://github.com/cloud-pi-native/socle/commit/08a64ad836d39448c1516a70215dfaa3a434a9e6)) +* :sparkles: Enable postgres superuser (as we might need it) ([08a64ad](https://github.com/cloud-pi-native/socle/commit/08a64ad836d39448c1516a70215dfaa3a434a9e6)) * :sparkles: Enabling brute force detection ([c3d8f50](https://github.com/cloud-pi-native/socle/commit/c3d8f50bc67204ac578a57e9f838e0d2019cfe99)) * :sparkles: Set failureFactor for brute force protection ([dbe7b20](https://github.com/cloud-pi-native/socle/commit/dbe7b2034878ca8e1efdfd7ef1ba767d908b8709)) @@ -544,7 +544,7 @@ If the Vault cluster finds itself in a state where none of the nodes is a leader * :sparkles: ([9487622](https://github.com/cloud-pi-native/socle/commit/94876223048655cf4420842a1fc2db8f3714c6c7)) * :sparkles: Activate keycloak basic metrics ([e7630fd](https://github.com/cloud-pi-native/socle/commit/e7630fd158fb4e12e9f8f98bc4724cef91645cb2)) * :sparkles: Activate metrics when dsc.global.metric.enabled ([49e91f8](https://github.com/cloud-pi-native/socle/commit/49e91f82a1447e1b38e8f633bab669f8cda8f7a1)) -* :sparkles: Activate monitoring for additionnal resources + refactor ([9c9f979](https://github.com/cloud-pi-native/socle/commit/9c9f979b05e23a0130371cecc02d216570664de5)) +* :sparkles: Activate monitoring for additional resources + refactor ([9c9f979](https://github.com/cloud-pi-native/socle/commit/9c9f979b05e23a0130371cecc02d216570664de5)) * :sparkles: Activate monitoring + small refactor ([255bb56](https://github.com/cloud-pi-native/socle/commit/255bb5657ad3dded213e8aa055c42f5b03b65f22)) * :sparkles: Activate Nexus metrics scraping ([0e53610](https://github.com/cloud-pi-native/socle/commit/0e53610ce121caa244e868154a67a5f8db3eaa28)) * :sparkles: Activate Vault metrics ([63ade45](https://github.com/cloud-pi-native/socle/commit/63ade457c10c5553df35ed08c097d87d01c7c5fb)) @@ -632,7 +632,7 @@ If the Vault cluster finds itself in a state where none of the nodes is a leader ### Bug Fixes -* :adhesive_bandage: Ajout du user dso admin dans les bons groupes ([14f9ee4](https://github.com/cloud-pi-native/socle/commit/14f9ee405abd921d8467c80588496a7959f705c5)) +* :adhesive_bandage: Ajout de l'user dso admin dans les bons groupes ([14f9ee4](https://github.com/cloud-pi-native/socle/commit/14f9ee405abd921d8467c80588496a7959f705c5)) * :ambulance: Correctif cert-manager sur récupération des CRDS ([c77e78b](https://github.com/cloud-pi-native/socle/commit/c77e78bc57aa31d791e5042060b4d0ef7335cd6b)) * :ambulance: correctif du role nexus ([6763075](https://github.com/cloud-pi-native/socle/commit/67630759cd1e46f1c245f8b5784d5ed243c8e767)) * :bug: Correctif désinstallation GitLab ([d233e61](https://github.com/cloud-pi-native/socle/commit/d233e6179177ad3c415a136240dba57579eed9d2)) diff --git a/README.md b/README.md index 780f31ff..4d022a26 100644 --- a/README.md +++ b/README.md @@ -101,7 +101,7 @@ Toujours sur votre environnement de déploiement, vous devrez : L'installation de la suite des prérequis **sur l'environnement de déploiement** s'effectue à l'aide du playbook nommé `install-requirements.yaml`. Il est mis à disposition dans le répertoire `admin-tools` du dépôt socle que vous aurez clôné. -Si l'utilisateur avec lequel vous exécutez ce playbook dispose des droits sudo sans mot de passe (option `NOPASSWD` du fichier sudoers), vous pourrez le lancer directement sans options : +Si l'utilisateur avec lequel vous exécutez ce playbook dispose des droits sudo sans mots de passe (option `NOPASSWD` du fichier sudoers), vous pourrez le lancer directement sans options : ```bash ansible-playbook admin-tools/install-requirements.yaml @@ -136,7 +136,7 @@ Pour information, le playbook `install-requirements.yaml` vous installera les é - Commandes installées avec Homebrew : - [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/) - [helm](https://helm.sh/docs/intro/install/) - - [yq](https://github.com/mikefarah/yq/#install) (Facultative mais utile pour debug.) + - [yq](https://github.com/mikefarah/yq/#install) (Facultative, mais utile pour debug) ## Configuration @@ -146,7 +146,7 @@ Lorsque vous avez cloné le présent dépôt socle, lancez une première fois la ansible-playbook install.yaml ``` -Elle vous signalera que vous n'avez encore jamais installé le socle sur votre cluster, puis vous invitera à modifier la ressource de scope cluster et de type **dsc** nommée **conf-dso** via la commande suivante : +Elle vous signalera que vous n'avez encore jamais installé le socle sur votre cluster, puis vous invitera à modifier la ressource de scope cluster et de type `dsc` nommée `conf-dso` via la commande suivante : ```bash kubectl edit dsc conf-dso @@ -202,7 +202,7 @@ S'agissant du gel des versions de charts ou d'images pour les outils en question ### Lancement -Dès que votre [configuration](#configuration) est prête, c'est-à-dire que la ressource `dsc` par défaut `conf-dso` a bien été mise à jour avec les éléments nécessaires et souhaités, relancez la commande suivante : +Dès que votre [configuration](#configuration) est prête, c'est-à-dire que la ressource `dsc` par défaut `conf-dso` a bien été mise à jour avec les éléments nécessaires et souhaités, relancez la commande suivante : ```bash ansible-playbook install.yaml @@ -253,7 +253,7 @@ Lorsque votre nouvelle configuration est prête, et déclarée par exemple dans kubectl apply -f ma-conf-perso.yaml ``` -Vous pourrer ensuite la retrouver via la commande : +Vous pourrez ensuite la retrouver via la commande : ```bash kubectl get dsc @@ -535,8 +535,8 @@ Les sections suivantes détaillent comment procéder, outil par outil. **Remarques importantes** : -- Comme vu dans la section d'installation (sous-section [Déploiement de plusieurs forges DSO dans un même cluster](#déploiement-de-plusieurs-forges-dso-dans-un-même-cluster )), si vous utilisez votre propre ressource `dsc` de configuration, distincte de `conf-dso`, alors toutes les commandes `ansible-playbook` indiquées ci-dessous devront être complétées par l'[extra variable](https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_variables.html#defining-variables-at-runtime) `dsc_cr` appropriée. -- Pour le gel des versions d'images, il est recommandé, si possible, de positionner un **tag d'image en adéquation avec la version du chart Helm utilisé**, c'est-à-dire d'utiliser le numéro "APP VERSION" retourné par la commande `helm search repo`. +- Comme vu dans la section d'installation (sous-section [Déploiement de plusieurs forges DSO dans un même cluster](#déploiement-de-plusieurs-forges-dso-dans-un-même-cluster )), si vous utilisez votre propre ressource `dsc` de configuration, distincte de `conf-dso`, alors toutes les commandes `ansible-playbook` indiquées ci-dessous devront être complétées par la [variable supplémentaire](https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_variables.html#defining-variables-at-runtime) `dsc_cr` appropriée (avec `--extra-vars` ou `-e`). +- Pour le gel des versions d'images, il est recommandé, si possible, de positionner un **tag d'image en adéquation avec la version du chart Helm utilisé**, c'est-à-dire d'utiliser le numéro `APP VERSION` retourné par la commande `helm search repo`. ### Modification des versions de charts @@ -544,11 +544,11 @@ Techniquement, la modification des versions de charts utilisés est possible, ma Ceci parce que la version de la Console Cloud π Native déployée par le socle, composant central qui s'interface avec tous les outils de la chaîne, a été testée et développée avec les versions d'outils telles qu'elles sont fixées au moment de la publication. -Aussi, **nous ne pouvons garantir le bon fonctionnement** de la forge DSO dans un contexte où les versions de charts seraient modifiées. +Aussi, **nous ne pouvons garantir le bon fonctionnement** de la forge DSO dans un contexte avec lequel les versions de charts seraient modifiées. De plus, et comme indiqué plus haut, les outils cert-manager, CloudNativePG, GitLab Operator, Grafana Operator et Kyverno seront communs à toutes les instances de la chaine DSO ou à toute autre application déployée dans le cluster. En modifier la version n'est donc pas anodin. -Si vous souhaitez malgré tout tenter une modification de version d'un chart en particulier, Vous devrez **avoir au moins installé le socle DSO une première fois**. En effet, le playbook et les roles associés installeront les dépôts Helm de chaque outil. Ceci vous permettra ensuite d'utiliser la commande `helm` pour rechercher plus facilement les versions de charts disponibles. +Si vous souhaitez malgré tout tenter une modification de version d'un chart en particulier, vous devrez **avoir au moins installé le socle DSO une première fois**. En effet, le playbook et les roles associés installeront les dépôts Helm de chaque outil. Ceci vous permettra ensuite d'utiliser la commande `helm` pour rechercher plus facilement les versions de charts disponibles. Pensez également à effectuer au moins un backup du namespace et des ressources cluster scoped associées. @@ -644,7 +644,7 @@ Il est recommandé de ne pas modifier cette version de chart, sauf si vous savez #### CloudNativePG -Comme avec cert-manager, il existe une correspondance biunivoque entre la version de chart utilisée et la version d'application ("APP VERSION") de l'opérateur. +Comme avec cert-manager, il existe une correspondance biunivoque entre la version de chart utilisée et la version d'application (`APP VERSION`) de l'opérateur. Ainsi, spécifier une version de chart est suffisant pour geler la version d'image au niveau de l'opérateur. @@ -652,7 +652,7 @@ Il est recommandé de ne pas modifier cette version de chart, sauf si vous savez Comme indiqué dans sa [documentation officielle](https://cloudnative-pg.io/documentation/1.20/quickstart/#part-3-deploy-a-postgresql-cluster), par défaut CloudNativePG installera la dernière version mineure disponible de la dernière version majeure de PostgreSQL au moment de la publication de l'opérateur. -De plus, comme l'indique la [FAQ officielle](https://cloudnative-pg.io/documentation/1.20/faq/), CloudNativePG utilise des conteneurs d'application immutables. Cela signifie que le conteneur ne sera pas modifié durant tout son cycle de vie (aucun patch, aucune mise à jour ni changement de configuration). +De plus, comme l'indique la [FAQ officielle](https://cloudnative-pg.io/documentation/1.20/faq/), CloudNativePG utilise des conteneurs d'application immuables. Cela signifie que le conteneur ne sera pas modifié durant tout son cycle de vie (aucun patch, aucune mise à jour ni changement de configuration). #### Console Cloud π Native @@ -682,7 +682,7 @@ Il est donc recommandé de ne pas modifier les versions de charts déjà fixées #### GitLab CI pipelines exporter -La version d'image utilisée par GitLab CI pipelines exporter est directement liée à la version de chart déployée. Elle est donc déjà gelée par défaut. +La version d'image utilisée par _GitLab CI pipelines exporter_ est directement liée à la version de chart déployée. Elle est donc déjà gelée par défaut. Il est recommandé de ne pas modifier cette version de chart, sauf si vous savez ce que vous faites. @@ -698,7 +698,7 @@ https://docs.gitlab.com/runner/#gitlab-runner-versions #### Harbor -Fixer le numéro de version du chart Helm sera normalement suffisant pour fixer aussi le numéro de version des images associées. Le numéro de version de ces images sera celui visible dans la colonne "APP VERSION" de la commande `helm search repo -l harbor/harbor`. +Fixer le numéro de version du chart Helm sera normalement suffisant pour fixer aussi le numéro de version des images associées. Le numéro de version de ces images sera celui visible dans la colonne `APP VERSION` de la commande `helm search repo -l harbor/harbor`. Il est toutefois possible de fixer les versions d'images pour Harbor de façon plus fine (**recommandé en production**). @@ -719,7 +719,7 @@ Les différents tags utilisables sont disponibles ici : - redis : - exporter : -**Rappel** : Il est néanmoins recommandé de positionner des tags d'images en adéquation avec la version du chart Helm utilisée et documentée dans le fichier [versions.md](versions.md), situé à la racine du socle, c'est-à-dire d'utiliser le numéro "APP VERSION" retourné par la commande `helm search repo -l harbor/harbor --version numero-de-version-de-chart`. +**Rappel** : Il est néanmoins recommandé de positionner des tags d'images en adéquation avec la version du chart Helm utilisée et documentée dans le fichier [versions.md](versions.md), situé à la racine du socle, c'est-à-dire d'utiliser le numéro `APP VERSION` retourné par la commande `helm search repo -l harbor/harbor --version numero-de-version-de-chart`. Pour spécifier nos tags, il nous suffira d'éditer la ressource `dsc` de configuration (par défaut, ce sera la `dsc` nommée `conf-dso`) et de surcharger les "values" correspondantes du chart Helm, en ajoutant celles dont nous avons besoin. Exemple, pour la version 1.14.1 du chart : @@ -809,7 +809,7 @@ Nous utiliserons un tag dit "[immutable](https://docs.bitnami.com/kubernetes/app Les différents tags utilisables pour l'image de Keycloak sont disponibles ici : -Les tags dits "immutables" sont ceux qui possèdent un suffixe de type rXX, lequel correspond au numéro de révision. Ils pointent toujours vers la même image. Par exemple le tag "19.0.3-debian-11-r22" est un tag immutable. +Les _immutable tags_ sont ceux qui possèdent un suffixe de type rXX, lequel correspond au numéro de révision. Ils pointent toujours vers la même image. Par exemple, `19.0.3-debian-11-r22` est un _immutable tag_. Pour spécifier un tel tag, il nous suffira d'éditer la ressource `dsc` de configuration (par défaut, ce sera la `dsc` nommée `conf-dso`) et de surcharger les "values" correspondantes du chart Helm, en ajoutant celles dont nous avons besoin. Exemple : @@ -854,13 +854,13 @@ nexus: Le composant SonarQube est installé via son [chart Helm officiel](https://github.com/SonarSource/helm-chart-sonarqube/tree/master/charts/sonarqube). -Les tags d'images utilisables sont ceux retournés par la commande suivante, au niveau de la colonne "APP VERSION" : +Les tags d'images utilisables sont ceux retournés par la commande suivante, au niveau de la colonne `APP VERSION` : ```bash helm search repo -l sonarqube/sonarqube ``` -Il faudra juste leur ajouter le suffixe "-community" qui correspond à l'édition utilisée, ou bien le suffixe `-{{ .Values.edition }}` si nous précisons aussi l'édition dans nos values. +Il faudra juste leur ajouter le suffixe `-community` qui correspond à l'édition utilisée, ou bien le suffixe `-{{ .Values.edition }}` si nous précisons aussi l'édition dans nos values. Pour spécifier un tel tag, il nous suffira d'éditer la ressource `dsc` de configuration (par défaut, ce sera la `dsc` nommée `conf-dso`) et de surcharger les "values" correspondantes du chart Helm, en ajoutant celles dont nous avons besoin. Exemple : @@ -982,7 +982,7 @@ k create secret docker-registry docker-hub-creds \ Notez que du fait de l'utilisation de l'option `dry-run`, le secret n'est pas véritablement créé. La partie qui nous intéresse, encodée en base64, est simplement affichée sur la sortie standard. -Copiez cette sortie, et collez-la dans la section `spec.global.imagePullSecretsData` de votre resource dsc (par défaut conf-dso), exemple : +Copiez cette sortie, et collez-la dans la section `spec.global.imagePullSecretsData` de votre resource dsc (par défaut `conf-dso`), exemple : ```yaml global: @@ -1019,7 +1019,7 @@ Puis relancez l'installation de l'outil voulu ou de la chaîne complète. # Lancer la vérification syntaxique pnpm install && pnpm run lint -# Lancer le formattage du code +# Lancer le formatage du code pnpm install && pnpm run format ``` diff --git a/admin-tools/get-credentials.yaml b/admin-tools/get-credentials.yaml index 001acb52..085b5143 100644 --- a/admin-tools/get-credentials.yaml +++ b/admin-tools/get-credentials.yaml @@ -60,7 +60,7 @@ - "" - "Puis relancez le playbook avec une resource dsc existante." - "" - - "Rappel : le présent playbook lancé seul, sans extra vars, founira les credentials associés à la configuration dsc par défaut (conf-dso)" + - "Rappel : le présent playbook lancé seul, sans extra vars, fournira les credentials associés à la configuration dsc par défaut (conf-dso)" - name: Exit playbook ansible.builtin.meta: end_play diff --git a/admin-tools/get-versions.yaml b/admin-tools/get-versions.yaml index 2cd21e84..e2d74e1d 100644 --- a/admin-tools/get-versions.yaml +++ b/admin-tools/get-versions.yaml @@ -69,7 +69,7 @@ - "" - "Puis relancez le playbook avec une resource dsc existante." - "" - - "Rappel : le présent playbook lancé seul, sans extra vars, founira les credentials associés à la configuration dsc par défaut (conf-dso)" + - "Rappel : le présent playbook lancé seul, sans extra vars, fournira les credentials associés à la configuration dsc par défaut (conf-dso)" - name: Exit playbook ansible.builtin.meta: end_play diff --git a/admin-tools/install-requirements.yaml b/admin-tools/install-requirements.yaml index ad9abf4e..c4ebf6ed 100644 --- a/admin-tools/install-requirements.yaml +++ b/admin-tools/install-requirements.yaml @@ -26,7 +26,7 @@ ansible.builtin.package: name: "{{ item }}" state: present - loop: "{{ packages }}" + loop: "{{ packages }}" - name: "Install Python modules" ansible.builtin.pip: diff --git a/filter_plugins/debug.py b/filter_plugins/debug.py index 5cb00b28..2f0e4afe 100644 --- a/filter_plugins/debug.py +++ b/filter_plugins/debug.py @@ -2,12 +2,12 @@ def get_debug_messages(dsc): messages = [] if dsc['proxy']['enabled']: messages.append("--- Proxy ---") - messages.append("Nexus Proxy paramaters cannot be set via API, please configure it with local admin account") + messages.append("Nexus Proxy parameters cannot be set via API, please configure it with local admin account") messages.append("(Parameter Icon) => HTTP => Proxy Settings") return messages -class FilterModule(object): - def filters(self): +class FilterModule(object): + def filters(self): return { 'get_debug_messages': get_debug_messages, } \ No newline at end of file diff --git a/observability/files/rules/metrics/kyverno-alerts.yaml.tpl b/observability/files/rules/metrics/kyverno-alerts.yaml.tpl index ccbb9cfe..f060ec02 100644 --- a/observability/files/rules/metrics/kyverno-alerts.yaml.tpl +++ b/observability/files/rules/metrics/kyverno-alerts.yaml.tpl @@ -1,10 +1,10 @@ groups: - name: DSO_Kyverno rules: - - alert: Kyverno admission controler not available + - alert: Kyverno admission controller not available annotations: - message: Kyverno admission controler in namespace {{`{{`}} $labels.namespace {{`}}`}} has not been available for the last 5 minutes. - summary: Kyverno admission controler down (no ready pod)" + message: Kyverno admission controller in namespace {{`{{`}} $labels.namespace {{`}}`}} has not been available for the last 5 minutes. + summary: Kyverno admission controller down (no ready pod)" expr: | sum(kube_pod_status_ready{ pod=~"kyverno-admission-controller-.*", @@ -13,10 +13,10 @@ groups: for: 5m labels: severity: critical - - alert: Kyverno background controler not available + - alert: Kyverno background controller not available annotations: - message: Kyverno background controler in namespace {{`{{`}} $labels.namespace {{`}}`}} has not been available for the last 5 minutes. - summary: Kyverno background controler down (no ready pod)" + message: Kyverno background controller in namespace {{`{{`}} $labels.namespace {{`}}`}} has not been available for the last 5 minutes. + summary: Kyverno background controller down (no ready pod)" expr: | sum(kube_pod_status_ready{ pod=~"kyverno-background-controller-.*", diff --git a/roles/argocd/templates/values/10-alerting.j2 b/roles/argocd/templates/values/10-alerting.j2 index 19542d60..2b28b351 100644 --- a/roles/argocd/templates/values/10-alerting.j2 +++ b/roles/argocd/templates/values/10-alerting.j2 @@ -15,7 +15,7 @@ controller: summary: "[Argo CD] No reported applications" description: | Argo CD has not reported any applications data for the past 15 minutes which - means that it must be down or not functioning properly. This needs to be + means that it must be down or not functioning properly. This needs to be resolved for this cloud to continue to maintain state. - alert: Argo CD App Not Synced expr: | diff --git a/roles/argocd/templates/values/10-registry.j2 b/roles/argocd/templates/values/10-registry.j2 index 93aec52e..0e8bfedd 100644 --- a/roles/argocd/templates/values/10-registry.j2 +++ b/roles/argocd/templates/values/10-registry.j2 @@ -9,6 +9,6 @@ redis: {% if use_image_pull_secrets %} global: - imagePullSecrets: + imagePullSecrets: - dso-config-pull-secret {% endif %} \ No newline at end of file diff --git a/roles/ca/tasks/additionals_ca.yaml b/roles/ca/tasks/additionals_ca.yaml index be6c3bab..85602f05 100644 --- a/roles/ca/tasks/additionals_ca.yaml +++ b/roles/ca/tasks/additionals_ca.yaml @@ -1,9 +1,9 @@ --- -- name: Set empty ca fact +- name: Set empty CA fact ansible.builtin.set_fact: additionals_ca_pem_array: [] -- name: Get a ca resource +- name: Get a CA resource ansible.builtin.include_tasks: file: get-ca.yaml with_items: "{{ dsc.additionalsCA }}" diff --git a/roles/cloudnativepg/templates/values/10-velero.j2 b/roles/cloudnativepg/templates/values/10-velero.j2 index d55798c9..261b82d0 100644 --- a/roles/cloudnativepg/templates/values/10-velero.j2 +++ b/roles/cloudnativepg/templates/values/10-velero.j2 @@ -1,5 +1,5 @@ {% if dsc.global.backup.velero.enabled %} config: data: - INHERITED_ANNOTATIONS: "pre.hook.backup.velero.io/command, pre.hook.backup.velero.io/container, post.hook.backup.velero.io/command, post.hook.backup.velero.io/container, pre.hook.backup.velero.io/timeout, pre.hook.backup.velero.io/on-error, post.hook.backup.velero.io/timeout, post.hook.backup.velero.io/on-error" + INHERITED_ANNOTATIONS: "pre.hook.backup.velero.io/command, pre.hook.backup.velero.io/container, post.hook.backup.velero.io/command, post.hook.backup.velero.io/container, pre.hook.backup.velero.io/timeout, pre.hook.backup.velero.io/on-error, post.hook.backup.velero.io/timeout, post.hook.backup.velero.io/on-error" {% endif %} \ No newline at end of file diff --git a/roles/console-dso/tasks/main.yaml b/roles/console-dso/tasks/main.yaml index 503f3071..5517ec96 100644 --- a/roles/console-dso/tasks/main.yaml +++ b/roles/console-dso/tasks/main.yaml @@ -126,7 +126,7 @@ combine_user_values: "{{ dsc.console['values'] }}" combine_dest_var: "console_values" -- name: Apply app +- name: Apply app (argoCD project) kubernetes.core.k8s: template: app.yaml.j2 @@ -155,7 +155,7 @@ combine_user_values: "{{ dsc.console['values'] }}" combine_dest_var: "console_values" - - name: Apply app + - name: Apply app (argoCD project) kubernetes.core.k8s: template: app.yaml.j2 when: first_console_deployment is defined diff --git a/roles/console-dso/templates/app.yaml.j2 b/roles/console-dso/templates/app.yaml.j2 index c7e3142b..8caa2358 100644 --- a/roles/console-dso/templates/app.yaml.j2 +++ b/roles/console-dso/templates/app.yaml.j2 @@ -10,7 +10,7 @@ spec: namespace: {{ dsc.console.namespace }} server: https://kubernetes.default.svc project: console-pi-native - source: + source: chart: cpn-console repoURL: "{{ dsc.console.helmRepoUrl }}" targetRevision: {{ dsc.console.release }} diff --git a/roles/console-dso/templates/values/10-registry.j2 b/roles/console-dso/templates/values/10-registry.j2 index 3bd1db7b..8ce0a418 100644 --- a/roles/console-dso/templates/values/10-registry.j2 +++ b/roles/console-dso/templates/values/10-registry.j2 @@ -15,6 +15,6 @@ postgres: {% if use_image_pull_secrets %} global: - imagePullSecrets: + imagePullSecrets: - dso-config-pull-secret {% endif %} \ No newline at end of file diff --git a/roles/gitlab-ci-pipelines-exporter/tasks/main.yaml b/roles/gitlab-ci-pipelines-exporter/tasks/main.yaml index f4ead55c..ed1199b9 100644 --- a/roles/gitlab-ci-pipelines-exporter/tasks/main.yaml +++ b/roles/gitlab-ci-pipelines-exporter/tasks/main.yaml @@ -43,7 +43,7 @@ combine_user_values: "{{ dsc.gitlabCiPipelinesExporter['values'] }}" combine_dest_var: "gl_ci_pipelines_exporter_values" - - name: Deploy GitLab CI Pilelines helm + - name: Deploy GitLab CI Pipelines helm kubernetes.core.helm: name: gitlab-ci-pipelines-exporter chart_ref: mvisonneau/gitlab-ci-pipelines-exporter diff --git a/roles/gitlab-ci-pipelines-exporter/templates/values/00-main.j2 b/roles/gitlab-ci-pipelines-exporter/templates/values/00-main.j2 index 5d41d9ab..14619b12 100644 --- a/roles/gitlab-ci-pipelines-exporter/templates/values/00-main.j2 +++ b/roles/gitlab-ci-pipelines-exporter/templates/values/00-main.j2 @@ -3,7 +3,7 @@ config: url: https://{{ dsc.gitlab.subDomain }}{{ dsc.global.rootDomain }} token: {{ gitlab_token }} redis: - url: null + url: null wildcards: - {} serviceMonitor : diff --git a/roles/gitlab-runner/templates/values/00-main.j2 b/roles/gitlab-runner/templates/values/00-main.j2 index e4782594..3dc21e41 100644 --- a/roles/gitlab-runner/templates/values/00-main.j2 +++ b/roles/gitlab-runner/templates/values/00-main.j2 @@ -74,7 +74,7 @@ runners: {% endif %} {% if dsc.gitlabRunner.resources.overwrite.limits != 'none' %} memory_limit_overwrite_max_allowed = "{{ dsc.gitlabRunner.resources.overwrite.limits.cpu }}" - cpu_limit_overwrite_max_allowed = "{{ dsc.gitlabRunner.resources.overwrite.limits.memory }}" + cpu_limit_overwrite_max_allowed = "{{ dsc.gitlabRunner.resources.overwrite.limits.memory }}" {% endif %} {% endif %} {% endif %} diff --git a/roles/gitlab/tasks/add-servicemonitors.yaml b/roles/gitlab/tasks/add-servicemonitors.yaml index 82f7abc6..a798e7aa 100644 --- a/roles/gitlab/tasks/add-servicemonitors.yaml +++ b/roles/gitlab/tasks/add-servicemonitors.yaml @@ -1,6 +1,6 @@ -- name: Get additionnal metrics endpoint port name +- name: Get additional metrics endpoint port name ansible.builtin.set_fact: - additionnal_metrics_port_name: "{{ endpoints.resources + additional_metrics_port_name: "{{ endpoints.resources | selectattr('metadata.name', 'contains', item.name) | selectattr('metadata.name', 'contains', item.metrics_endpoint_name | default(item.name)) | map(attribute='subsets') | first diff --git a/roles/gitlab/tasks/main.yaml b/roles/gitlab/tasks/main.yaml index 570a8d6b..715e327e 100644 --- a/roles/gitlab/tasks/main.yaml +++ b/roles/gitlab/tasks/main.yaml @@ -423,7 +423,7 @@ namespace: "{{ dsc.gitlab.namespace }}" register: endpoints - - name: Declare some additionnal ServiceMonitors + - name: Declare some additional ServiceMonitors ansible.builtin.include_tasks: file: add-servicemonitors.yaml loop: "{{ gitlab_additional_service_monitors }}" diff --git a/roles/gitlab/templates/npm_file.j2 b/roles/gitlab/templates/npm_file.j2 index 5e7715f4..213098c1 100644 --- a/roles/gitlab/templates/npm_file.j2 +++ b/roles/gitlab/templates/npm_file.j2 @@ -1,4 +1,4 @@ -registry=https://registry.npmjs.org +registry=https://registry.npmjs.org registry=$${NEXUS_HOST_URL}/$${NEXUS_USERNAME}-npm //$${NEXUS_HOSTNAME}:username=$${NEXUS_USERNAME} //$${NEXUS_HOSTNAME}:_password="$${NEXUS_PASSWORD_B64}" \ No newline at end of file diff --git a/roles/gitlab/templates/pg-cluster-gitlab.yaml.j2 b/roles/gitlab/templates/pg-cluster-gitlab.yaml.j2 index 51a5117a..6c9014a8 100644 --- a/roles/gitlab/templates/pg-cluster-gitlab.yaml.j2 +++ b/roles/gitlab/templates/pg-cluster-gitlab.yaml.j2 @@ -6,7 +6,7 @@ metadata: namespace: {{ dsc.gitlab.namespace }} {% if dsc.global.backup.velero.enabled %} annotations: - pre.hook.backup.velero.io/command: '["/bin/bash", "-c", "(( $(date +%d) %2 == 0 )) && index=0 || index=1; pg_dump -U postgres -Fc -d gitlabhq_production > /var/lib/postgresql/data/app.dump-${index}"]' + pre.hook.backup.velero.io/command: '["/bin/bash", "-c", "(( $(date +%d) %2 == 0 )) && index=0 || index=1; pg_dump -U postgres -Fc -d gitlabhq_production > /var/lib/postgresql/data/app.dump-${index}"]' pre.hook.backup.velero.io/container: postgres pre.hook.backup.velero.io/on-error: Fail pre.hook.backup.velero.io/timeout: 90s diff --git a/roles/gitlab/templates/podmonitor.yml.j2 b/roles/gitlab/templates/podmonitor.yml.j2 index 17ee7800..08f57024 100644 --- a/roles/gitlab/templates/podmonitor.yml.j2 +++ b/roles/gitlab/templates/podmonitor.yml.j2 @@ -14,7 +14,7 @@ spec: key: "" interval: 30s path: {{ item.path }} - port: {{ additionnal_metrics_port_name }} + port: {{ additional_metrics_port_name }} selector: matchLabels: app: {{ item.name }} diff --git a/roles/gitlab/templates/servicemonitor.yml.j2 b/roles/gitlab/templates/servicemonitor.yml.j2 index 55e15a87..14abb497 100644 --- a/roles/gitlab/templates/servicemonitor.yml.j2 +++ b/roles/gitlab/templates/servicemonitor.yml.j2 @@ -9,7 +9,7 @@ spec: key: "" interval: 30s path: {{ item.path }} - port: {{ additionnal_metrics_port_name }} + port: {{ additional_metrics_port_name }} namespaceSelector: {} selector: matchLabels: diff --git a/roles/gitlab/templates/values/10-registry.j2 b/roles/gitlab/templates/values/10-registry.j2 index 4b25fe24..1808b7b8 100644 --- a/roles/gitlab/templates/values/10-registry.j2 +++ b/roles/gitlab/templates/values/10-registry.j2 @@ -79,6 +79,6 @@ redis: {% if use_image_pull_secrets %} global: image: - pullSecrets: + pullSecrets: - name: dso-config-pull-secret {% endif %} \ No newline at end of file diff --git a/roles/grafana-dashboards/templates/gitlab-ci-pipelines-dashboard.yaml.j2 b/roles/grafana-dashboards/templates/gitlab-ci-pipelines-dashboard.yaml.j2 index 2b0b0def..a49eaaa0 100644 --- a/roles/grafana-dashboards/templates/gitlab-ci-pipelines-dashboard.yaml.j2 +++ b/roles/grafana-dashboards/templates/gitlab-ci-pipelines-dashboard.yaml.j2 @@ -504,7 +504,7 @@ spec: "instant": true, "interval": "", "intervalFactor": 1, - "legendFormat": " {{project}} - {{ref}}", + "legendFormat": "{{project}} - {{ref}}", "refId": "A" } ], diff --git a/roles/grafana-dashboards/templates/harbor-dashboard.yaml.j2 b/roles/grafana-dashboards/templates/harbor-dashboard.yaml.j2 index 3fb96d48..e98f6955 100644 --- a/roles/grafana-dashboards/templates/harbor-dashboard.yaml.j2 +++ b/roles/grafana-dashboards/templates/harbor-dashboard.yaml.j2 @@ -1323,7 +1323,7 @@ spec: "refId": "A" } ], - "title": "go allocated memory", + "title": "go allocated memory", "type": "timeseries" }, { diff --git a/roles/grafana-dashboards/templates/keycloak-dashboard.yaml.j2 b/roles/grafana-dashboards/templates/keycloak-dashboard.yaml.j2 index d90be5b3..b05ee6de 100644 --- a/roles/grafana-dashboards/templates/keycloak-dashboard.yaml.j2 +++ b/roles/grafana-dashboards/templates/keycloak-dashboard.yaml.j2 @@ -1,7 +1,7 @@ apiVersion: grafana.integreatly.org/v1beta1 kind: GrafanaDashboard metadata: - name: {{dsc_name}}-keycloak + name: {{ dsc_name }}-keycloak namespace: {{ dsc.grafana.namespace }} spec: datasources: @@ -208,7 +208,7 @@ spec: "type": "datasource", "uid": "-- Mixed --" }, - "description": "Displays the \"recent cpu usage\" for the Java Virtual Machine process. This value is a double in the [0.0,1.0] interval. A value of 0.0 means that none of the CPUs were running threads from the JVM process during the recent period of time observed, while a value of 1.0 means that all CPUs were actively running threads from the JVM 100% of the time during the recent period being observed. Threads from the JVM include the application threads as well as the JVM internal threads. All values betweens 0.0 and 1.0 are possible depending of the activities going on in the JVM process and the whole system. If the Java Virtual Machine recent CPU usage is not available, the method returns a negative value.", + "description": "Displays the \"recent cpu usage\" for the Java Virtual Machine process. This value is a double in the [0.0,1.0] interval. A value of 0.0 means that none of the CPUs were running threads from the JVM process during the recent period of time observed, while a value of 1.0 means that all CPUs were actively running threads from the JVM 100% of the time during the recent period being observed. Threads from the JVM include the application threads as well as the JVM internal threads. All values betweens 0.0 and 1.0 are possible depending of the activities going on in the JVM process and the whole system. If the Java Virtual Machine recent CPU usage is not available, the method returns a negative value.", "fieldConfig": { "defaults": { "mappings": [], diff --git a/roles/grafana-datasource/tasks/main.yaml b/roles/grafana-datasource/tasks/main.yaml index 3dadfecf..154dc5b1 100644 --- a/roles/grafana-datasource/tasks/main.yaml +++ b/roles/grafana-datasource/tasks/main.yaml @@ -22,7 +22,7 @@ ansible.builtin.fail: msg: "Missing Grafana instance. Please execute 'ansible-playbook install.yaml -t grafana' before trying to install the default datasource." -- name: Manage missing defaut datasource URL +- name: Manage missing default datasource URL when: dsc.grafanaDatasource.defaultPrometheusDatasourceUrl is not defined block: - name: Disclaimer when missing datasource URL in dsc diff --git a/roles/grafana-operator/templates/values/00-main.j2 b/roles/grafana-operator/templates/values/00-main.j2 index e84ca85e..173fb0e4 100644 --- a/roles/grafana-operator/templates/values/00-main.j2 +++ b/roles/grafana-operator/templates/values/00-main.j2 @@ -28,7 +28,7 @@ image: # -- image pull secrets {% if use_image_pull_secrets %} -imagePullSecrets: +imagePullSecrets: - name: dso-config-pull-secret {% else %} imagePullSecrets: [] diff --git a/roles/grafana/templates/grafana.yaml.j2 b/roles/grafana/templates/grafana.yaml.j2 index af20ea3d..dd04f06e 100644 --- a/roles/grafana/templates/grafana.yaml.j2 +++ b/roles/grafana/templates/grafana.yaml.j2 @@ -35,7 +35,7 @@ spec: - image: grafana/grafana:{{ dsc.grafana.imageVersion }} name: grafana {% if dsc.proxy.enabled %} - env: + env: - name: HTTP_PROXY value: "{{ dsc.proxy.http_proxy }}" - name: HTTPS_PROXY @@ -44,6 +44,6 @@ spec: value: "{{ dsc.proxy.no_proxy }}" {% endif %} {% if use_image_pull_secrets %} - imagePullSecrets: + imagePullSecrets: - name: dso-config-pull-secret {% endif %} diff --git a/roles/harbor/tasks/create_proxy_cache.yaml b/roles/harbor/tasks/create_proxy_cache.yaml index 4b0f2e35..6db78088 100644 --- a/roles/harbor/tasks/create_proxy_cache.yaml +++ b/roles/harbor/tasks/create_proxy_cache.yaml @@ -17,8 +17,8 @@ - name: Create or Update registry vars: x_total_count_test: "{{ (result_registry.x_total_count | int) == 0 }}" - method: "{{ x_total_count_test | ternary('POST', 'PUT') }}" - url_id_param: "{{ x_total_count_test | ternary('', result_registry.json[0].id) }}" + method: "{{ x_total_count_test | ternary('POST', 'PUT') }}" + url_id_param: "{{ x_total_count_test | ternary('', result_registry.json[0].id) }}" # Harbor n'attend pas la même structure de paramètre pour une création ou une modification body_post: @@ -38,11 +38,11 @@ name: "{{ proxy_cache.name }}" type: "{{ proxy_cache.registry.provider }}" url: "{{ proxy_cache.registry.endpointUrl }}" - body: "{{ x_total_count_test | ternary(body_post, body_put) }}" + body: "{{ x_total_count_test | ternary(body_post, body_put) }}" ansible.builtin.uri: validate_certs: "{{ dsc.exposedCA.type == 'none' }}" method: "{{ method }}" - url: https://{{ harbor_domain }}/api/v2.0/registries/{{url_id_param}} + url: https://{{ harbor_domain }}/api/v2.0/registries/{{ url_id_param }} password: "{{ dsc.harbor.adminPassword }}" user: admin force_basic_auth: true @@ -88,8 +88,8 @@ vars: x_total_count_test: "{{ (result_project.x_total_count | int) == 0 }}" project_id: "{{ result_project.json[0].project_id | default('-1') }}" - method: "{{ x_total_count_test | ternary('POST', 'PUT') }}" - url_id_param: "{{ x_total_count_test | ternary('', project_id) }}" + method: "{{ x_total_count_test | ternary('POST', 'PUT') }}" + url_id_param: "{{ x_total_count_test | ternary('', project_id) }}" ansible.builtin.uri: validate_certs: "{{ dsc.exposedCA.type == 'none' }}" method: "{{ method }}" diff --git a/roles/harbor/templates/pg-cluster-harbor.yaml.j2 b/roles/harbor/templates/pg-cluster-harbor.yaml.j2 index 905c90bd..d9e5f457 100644 --- a/roles/harbor/templates/pg-cluster-harbor.yaml.j2 +++ b/roles/harbor/templates/pg-cluster-harbor.yaml.j2 @@ -6,7 +6,7 @@ metadata: namespace: {{ dsc.harbor.namespace }} {% if dsc.global.backup.velero.enabled %} annotations: - pre.hook.backup.velero.io/command: '["/bin/bash", "-c", "(( $(date +%d) %2 == 0 )) && index=0 || index=1; pg_dump -U postgres -Fc -d registry > /var/lib/postgresql/data/app.dump-${index}"]' + pre.hook.backup.velero.io/command: '["/bin/bash", "-c", "(( $(date +%d) %2 == 0 )) && index=0 || index=1; pg_dump -U postgres -Fc -d registry > /var/lib/postgresql/data/app.dump-${index}"]' pre.hook.backup.velero.io/container: postgres pre.hook.backup.velero.io/on-error: Fail pre.hook.backup.velero.io/timeout: 90s diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml index a07e1633..09c90e8f 100644 --- a/roles/keycloak/tasks/main.yml +++ b/roles/keycloak/tasks/main.yml @@ -373,7 +373,7 @@ state: present - name: ArgoCDAdmins state: present -# force: true ## Ne fontionne pas quand user supprimé via la GUI et tâche relancée. +# force: true # Ne fonctionne pas quand user supprimé via l'interface graphique et tâche relancée. - name: Get dso keycloak client scopes from API ansible.builtin.uri: diff --git a/roles/keycloak/templates/pg-cluster-keycloak.yaml.j2 b/roles/keycloak/templates/pg-cluster-keycloak.yaml.j2 index d1bdac55..e922871e 100644 --- a/roles/keycloak/templates/pg-cluster-keycloak.yaml.j2 +++ b/roles/keycloak/templates/pg-cluster-keycloak.yaml.j2 @@ -6,7 +6,7 @@ metadata: namespace: {{ dsc.keycloak.namespace }} {% if dsc.global.backup.velero.enabled %} annotations: - pre.hook.backup.velero.io/command: '["/bin/bash", "-c", "(( $(date +%d) %2 == 0 )) && index=0 || index=1; pg_dump -U postgres -Fc -d keycloak > /var/lib/postgresql/data/app.dump-${index}"]' + pre.hook.backup.velero.io/command: '["/bin/bash", "-c", "(( $(date +%d) %2 == 0 )) && index=0 || index=1; pg_dump -U postgres -Fc -d keycloak > /var/lib/postgresql/data/app.dump-${index}"]' pre.hook.backup.velero.io/container: postgres pre.hook.backup.velero.io/on-error: Fail pre.hook.backup.velero.io/timeout: 90s diff --git a/roles/keycloak/templates/values/00-main.j2 b/roles/keycloak/templates/values/00-main.j2 index 4cb0425a..991bdf52 100644 --- a/roles/keycloak/templates/values/00-main.j2 +++ b/roles/keycloak/templates/values/00-main.j2 @@ -75,16 +75,16 @@ service: http: "" https: "" sessionAffinity: "None" - sessionAffinityConfig: + sessionAffinityConfig: clusterIP: "" loadBalancerIP: "" loadBalancerSourceRanges: [] externalTrafficPolicy: "Cluster" - annotations: + annotations: extraPorts: [] extraHeadlessPorts: [] headless: - annotations: + annotations: extraPorts: [] ingress: @@ -100,7 +100,7 @@ ingress: {{ key }}: "{{ val }}" {% endfor %} route.openshift.io/termination: "edge" - labels: + labels: app: "keycloak" {% for key, val in dsc.ingress.labels.items() %} {{ key }}: "{{ val }}" diff --git a/roles/keycloak/templates/values/10-registry.j2 b/roles/keycloak/templates/values/10-registry.j2 index e5f3a7aa..916b6656 100644 --- a/roles/keycloak/templates/values/10-registry.j2 +++ b/roles/keycloak/templates/values/10-registry.j2 @@ -5,6 +5,6 @@ image: {% if use_image_pull_secrets %} global: - imagePullSecrets: + imagePullSecrets: - dso-config-pull-secret {% endif %} \ No newline at end of file diff --git a/roles/kyverno/templates/cis.yml.j2 b/roles/kyverno/templates/cis.yml.j2 index bc98fe48..88acf91d 100644 --- a/roles/kyverno/templates/cis.yml.j2 +++ b/roles/kyverno/templates/cis.yml.j2 @@ -31,7 +31,7 @@ spec: - Job namespaces: - "dso-*" - names: + names: - "pg-cluster-*" mutate: patchStrategicMerge: @@ -94,7 +94,7 @@ spec: - Job namespaces: - "{{ dsc.keycloak.namespace }}" - names: + names: - "pg-cluster-*" mutate: patchStrategicMerge: @@ -136,7 +136,7 @@ metadata: pod-policies.kyverno.io/autogen-controllers: none policies.kyverno.io/category: Prod policies.kyverno.io/severity: medium - policies.kyverno.io/subject: Pod + policies.kyverno.io/subject: Pod spec: validationFailureAction: Enforce spec: @@ -148,7 +148,7 @@ spec: - Pod namespaces: - "{{ dsc.gitlab.namespace }}" - names: + names: - "runner-*" mutate: patchStrategicMerge: @@ -222,7 +222,7 @@ spec: - Job namespaces: - "{{ dsc.gitlab.namespace }}" - names: + names: - "pg-cluster-*" - "gitlab-shared-secrets-*-selfsign" mutate: @@ -274,7 +274,7 @@ spec: - Job namespaces: - "{{ dsc.gitlab.namespace }}" - names: + names: - "gitlab-shared-secrets-*-selfsign" mutate: patchStrategicMerge: @@ -337,7 +337,7 @@ spec: - Job namespaces: - "dso-*" - names: + names: - "pg-cluster-*" mutate: patchStrategicMerge: @@ -400,7 +400,7 @@ spec: - Job namespaces: - "dso-*" - names: + names: - "pg-cluster-*" mutate: patchStrategicMerge: @@ -463,7 +463,7 @@ spec: - Job namespaces: - "dso-*" - names: + names: - "pg-cluster-*" preconditions: any: @@ -519,9 +519,9 @@ spec: resources: kinds: - Job - names: + names: - "gitlab-minio-create-buckets-*" - namespaces: + namespaces: - "{{ dsc.gitlab.namespace }}" mutate: patchStrategicMerge: diff --git a/roles/kyverno/templates/exposedCA.yml.j2 b/roles/kyverno/templates/exposedCA.yml.j2 index fe1cee67..015b0d69 100644 --- a/roles/kyverno/templates/exposedCA.yml.j2 +++ b/roles/kyverno/templates/exposedCA.yml.j2 @@ -7,7 +7,7 @@ metadata: pod-policies.kyverno.io/autogen-controllers: none policies.kyverno.io/category: Prod policies.kyverno.io/severity: medium - policies.kyverno.io/subject: Pod + policies.kyverno.io/subject: Pod spec: validationFailureAction: Enforce spec: @@ -19,7 +19,7 @@ spec: - Pod namespaces: - "{{ dsc.gitlab.namespace }}" - names: + names: - "runner-*" mutate: patchStrategicMerge: @@ -64,7 +64,7 @@ spec: - StatefulSet namespaces: - "{{ dsc.vault.namespace }}" - names: + names: - "conf-dso-vault" mutate: patchStrategicMerge: diff --git a/roles/kyverno/templates/prometheusrule.yml.j2 b/roles/kyverno/templates/prometheusrule.yml.j2 index 37cfc7be..6af2c32b 100644 --- a/roles/kyverno/templates/prometheusrule.yml.j2 +++ b/roles/kyverno/templates/prometheusrule.yml.j2 @@ -9,10 +9,10 @@ spec: groups: - name: Kyverno rules: - - alert: Kyverno admission controler not available + - alert: Kyverno admission controller not available annotations: - message: Kyverno admission controler in namespace {{ dsc.kyverno.namespace }} has not been available for the last 5 minutes. - summary: Kyverno admission controler down (no ready pod)" + message: Kyverno admission controller in namespace {{ dsc.kyverno.namespace }} has not been available for the last 5 minutes. + summary: Kyverno admission controller down (no ready pod)" expr: | sum(kube_pod_status_ready{ pod=~"kyverno-admission-controller-.*", @@ -21,10 +21,10 @@ spec: for: 1m labels: severity: critical - - alert: Kyverno background controler not available + - alert: Kyverno background controller not available annotations: - message: Kyverno background controler in namespace {{ dsc.kyverno.namespace }} has not been available for the last 5 minutes. - summary: Kyverno background controler down (no ready pod)" + message: Kyverno background controller in namespace {{ dsc.kyverno.namespace }} has not been available for the last 5 minutes. + summary: Kyverno background controller down (no ready pod)" expr: | sum(kube_pod_status_ready{ pod=~"kyverno-background-controller-.*", diff --git a/roles/kyverno/templates/replace-kubed.yml.j2 b/roles/kyverno/templates/replace-kubed.yml.j2 index ffce2294..03804fca 100644 --- a/roles/kyverno/templates/replace-kubed.yml.j2 +++ b/roles/kyverno/templates/replace-kubed.yml.j2 @@ -12,10 +12,10 @@ metadata: policies.kyverno.io/minversion: 1.10.0 kyverno.io/kubernetes-version: "1.23" policies.kyverno.io/description: >- - Secrets and Configmap like registry credentials, certificates often need - to exist in multiple Namespaces so Pods there have access. Manually - duplicating those Secrets and Configmap is time consuming and error prone. - This policy will copy a Secret and Configmap with label kyverno.io/sync. + Secrets and Configmap like registry credentials, certificates often need + to exist in multiple Namespaces so Pods there have access. Manually + duplicating those Secrets and Configmap is time consuming and error prone. + This policy will copy a Secret and Configmap with label kyverno.io/sync. spec: validationFailureAction: Enforce generateExisting: true @@ -40,7 +40,7 @@ spec: - {{ dsc.kyverno.namespace }} generate: {% raw %} - namespace: "{{request.object.metadata.name}}" + namespace: "{{ request.object.metadata.name }}" {% endraw %} synchronize: true # Cascading deletion form the parent cloneList: diff --git a/roles/metrics/grafana/change-prom-user.sh b/roles/metrics/grafana/change-prom-user.sh index 05ad1cc1..537f0a11 100644 --- a/roles/metrics/grafana/change-prom-user.sh +++ b/roles/metrics/grafana/change-prom-user.sh @@ -3,7 +3,7 @@ oc project openshift-monitoring oc get secret prometheus-k8s-htpasswd -o jsonpath='{.data.auth}' | base64 -d > /tmp/htpasswd-tmp echo "" >> /tmp/htpasswd-tmp -htpasswd -s -b /tmp/htpasswd-tmp grafana-user mysupersecretpasswd +htpasswd -s -b /tmp/htpasswd-tmp grafana-user mysupersecretpasswd oc patch secret prometheus-k8s-htpasswd -p "{\"data\":{\"auth\":\"$(base64 -w0 /tmp/htpasswd-tmp)\"}}" oc delete pods -l app=prometheus sleep 5 diff --git a/roles/metrics/grafana/install-metrics.sh b/roles/metrics/grafana/install-metrics.sh index 49cd7d29..28a4c611 100644 --- a/roles/metrics/grafana/install-metrics.sh +++ b/roles/metrics/grafana/install-metrics.sh @@ -7,7 +7,7 @@ kubectl apply -f 1-subscription.yaml oc project openshift-monitoring oc get secret prometheus-k8s-htpasswd -o jsonpath='{.data.auth}' | base64 -d > /tmp/htpasswd-tmp echo "" >> /tmp/htpasswd-tmp -htpasswd -s -b /tmp/htpasswd-tmp grafana-user mysupersecretpasswd +htpasswd -s -b /tmp/htpasswd-tmp grafana-user mysupersecretpasswd oc patch secret prometheus-k8s-htpasswd -p "{\"data\":{\"auth\":\"$(base64 -w0 /tmp/htpasswd-tmp)\"}}" oc delete pods -l app=prometheus sleep 5 diff --git a/roles/nexus/templates/nexus.yml.j2 b/roles/nexus/templates/nexus.yml.j2 index 36fd75ee..437efd67 100644 --- a/roles/nexus/templates/nexus.yml.j2 +++ b/roles/nexus/templates/nexus.yml.j2 @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: namespace: {{ dsc.nexus.namespace }} - name: nexus # Sets Deployment name + name: nexus # Sets Deployment name spec: replicas: 1 strategy: @@ -19,7 +19,7 @@ spec: {% if dsc.global.platform == "kubernetes" %} securityContext: runAsNonRoot: true - runAsGroup: 200 + runAsGroup: 200 runAsUser: 200 fsGroup: 200 {% endif %} @@ -36,8 +36,8 @@ spec: {% endif %} imagePullPolicy: "IfNotPresent" ports: - - containerPort: 8081 # Exposes container port - - containerPort: 5000 # Exposes container port + - containerPort: 8081 # Exposes container port + - containerPort: 5000 # Exposes container port volumeMounts: - mountPath: /nexus-data name: nexus-data-volume diff --git a/roles/socle-config/files/crd-conf-dso.yaml b/roles/socle-config/files/crd-conf-dso.yaml index 8816d802..434631f1 100644 --- a/roles/socle-config/files/crd-conf-dso.yaml +++ b/roles/socle-config/files/crd-conf-dso.yaml @@ -235,7 +235,7 @@ spec: type: object properties: mode: - description: Determines whether cnpg clusters should be deployed with as a primary cluster (initb from scratch) or replica cluster (initdb from external source). + description: Determines whether cnpg clusters should be deployed with as a primary cluster (initdb from scratch) or replica cluster (initdb from external source). default: primary type: string enum: @@ -243,7 +243,7 @@ spec: - replica - restore exposed: - description: Whether or not the cnpg cluster shoul be exposed via NodePort. + description: Whether or not the cnpg cluster should be exposed via NodePort. type: boolean default: false nodePort: @@ -325,7 +325,7 @@ spec: type: object properties: mode: - description: Determines whether cnpg clusters should be deployed with as a primary cluster (initb from scratch) or replica cluster (initdb from external source). + description: Determines whether cnpg clusters should be deployed with as a primary cluster (initdb from scratch) or replica cluster (initdb from external source). default: primary type: string enum: @@ -333,7 +333,7 @@ spec: - replica - restore exposed: - description: Whether or not the cnpg cluster shoul be exposed via NodePort. + description: Whether or not the cnpg cluster should be exposed via NodePort. type: boolean default: false nodePort: @@ -480,8 +480,8 @@ spec: minItems: 1 type: array rootDomain: - description: The top level of your domain. To expose Argo as "argo.mycompany.com", - the value should be ".mycompany.com" (notice the leading dot). + description: The top level of your domain. To expose Argo as "argo.example.com", + the value should be ".example.com" (notice the leading dot). type: string default: .example.com pattern: "^\\..*$" @@ -493,7 +493,7 @@ spec: description: Specifies whether metrics should be enabled. type: boolean additionalLabels: - description: Adds aditionnal labels if needed, when metrics are enabled + description: Adds additional labels if needed, when metrics are enabled type: object x-kubernetes-preserve-unknown-fields: true required: @@ -799,7 +799,7 @@ spec: type: object properties: mode: - description: Determines whether cnpg clusters should be deployed with as a primary cluster (initb from scratch) or replica cluster (initdb from external source). + description: Determines whether cnpg clusters should be deployed with as a primary cluster (initdb from scratch) or replica cluster (initdb from external source). default: primary type: string enum: @@ -807,7 +807,7 @@ spec: - replica - restore exposed: - description: Whether or not the cnpg cluster shoul be exposed via NodePort. + description: Whether or not the cnpg cluster should be exposed via NodePort. type: boolean default: false nodePort: @@ -826,7 +826,7 @@ spec: annotations: x-kubernetes-preserve-unknown-fields: true default: {} - description: Additionals annotations to add to all tools' ingresses + description: Additional annotations to add to all tools' ingresses type: object className: description: Ingress class name to use for all ingresses @@ -834,13 +834,13 @@ spec: labels: x-kubernetes-preserve-unknown-fields: true default: {} - description: Additionals labels to add to all tools' ingresses + description: Additional labels to add to all tools' ingresses type: object tls: description: TLS configuration for ingresses. properties: acme: - description: acme/let'sencrypt configuration, only http challenge + description: acme/Let'sEncrypt configuration, only http challenge properties: email: description: User email used for ACME @@ -953,7 +953,7 @@ spec: type: object properties: mode: - description: Determines whether cnpg clusters should be deployed with as a primary cluster (initb from scratch) or replica cluster (initdb from external source). + description: Determines whether cnpg clusters should be deployed with as a primary cluster (initdb from scratch) or replica cluster (initdb from external source). default: primary type: string enum: @@ -961,7 +961,7 @@ spec: - replica - restore exposed: - description: Whether or not the cnpg cluster shoul be exposed via NodePort. + description: Whether or not the cnpg cluster should be exposed via NodePort. type: boolean default: false nodePort: @@ -1061,7 +1061,7 @@ spec: so easy to configure. \nExample: .cluster.local,.svc,10.0.0.0/8,127.0.0.1,192.168.0.0/16,localhost,svc.cluster.local,localdomain\n" type: string port: - description: Distant proxy port listenning + description: Distant proxy port listening type: string required: - enabled @@ -1113,7 +1113,7 @@ spec: type: object properties: mode: - description: Determines whether cnpg clusters should be deployed with as a primary cluster (initb from scratch) or replica cluster (initdb from external source). + description: Determines whether cnpg clusters should be deployed with as a primary cluster (initdb from scratch) or replica cluster (initdb from external source). default: primary type: string enum: @@ -1121,7 +1121,7 @@ spec: - replica - restore exposed: - description: Whether or not the cnpg cluster shoul be exposed via NodePort. + description: Whether or not the cnpg cluster should be exposed via NodePort. type: boolean default: false nodePort: diff --git a/roles/sonarqube/templates/pg-cluster-sonar.yaml.j2 b/roles/sonarqube/templates/pg-cluster-sonar.yaml.j2 index df11b6b9..45e3cbea 100644 --- a/roles/sonarqube/templates/pg-cluster-sonar.yaml.j2 +++ b/roles/sonarqube/templates/pg-cluster-sonar.yaml.j2 @@ -6,7 +6,7 @@ metadata: namespace: {{ dsc.sonarqube.namespace }} {% if dsc.global.backup.velero.enabled %} annotations: - pre.hook.backup.velero.io/command: '["/bin/bash", "-c", "(( $(date +%d) %2 == 0 )) && index=0 || index=1; pg_dump -U postgres -Fc -d sonardb > /var/lib/postgresql/data/app.dump-${index}"]' + pre.hook.backup.velero.io/command: '["/bin/bash", "-c", "(( $(date +%d) %2 == 0 )) && index=0 || index=1; pg_dump -U postgres -Fc -d sonardb > /var/lib/postgresql/data/app.dump-${index}"]' pre.hook.backup.velero.io/container: postgres pre.hook.backup.velero.io/on-error: Fail pre.hook.backup.velero.io/timeout: 90s diff --git a/roles/sonarqube/templates/values/10-offline.j2 b/roles/sonarqube/templates/values/10-offline.j2 index e195318d..797d915c 100644 --- a/roles/sonarqube/templates/values/10-offline.j2 +++ b/roles/sonarqube/templates/values/10-offline.j2 @@ -1,8 +1,8 @@ -{% if dsc.global.offline %} +{% if dsc.global.offline %} prometheusExporter: version: {{ dsc.sonarqube.prometheusJavaagentVersion }} noCheckCertificate: true - downloadURL: {{ dsc.sonarqube.pluginDownloadUrl }}/jmx_prometheus_javaagent-{{ dsc.sonarqube.prometheusJavaagentVersion }}.jar + downloadURL: {{ dsc.sonarqube.pluginDownloadUrl }}/jmx_prometheus_javaagent-{{ dsc.sonarqube.prometheusJavaagentVersion }}.jar plugins: install: diff --git a/roles/sonarqube/templates/values/10-registry.j2 b/roles/sonarqube/templates/values/10-registry.j2 index 74d45df9..00c7cdce 100644 --- a/roles/sonarqube/templates/values/10-registry.j2 +++ b/roles/sonarqube/templates/values/10-registry.j2 @@ -5,6 +5,6 @@ image: {% if use_image_pull_secrets %} image: - pullSecrets: + pullSecrets: - name: dso-config-pull-secret {% endif %} \ No newline at end of file diff --git a/roles/vault/tasks/post-install.yml b/roles/vault/tasks/post-install.yml index 61b40620..cf6f4331 100644 --- a/roles/vault/tasks/post-install.yml +++ b/roles/vault/tasks/post-install.yml @@ -23,13 +23,13 @@ vars: vault_pod: "{{ dsc_name }}-vault-0" -- name: Check if vaul is coherent +- name: Check if vault is coherent ansible.builtin.assert: that: - ((vault_status in ['sealed', 'OK']) and (vaut_keys.resources | length > 0)) or ((vault_status == 'not init') and (vaut_keys.resources | length == 0)) fail_msg: - Attention ! Soit le vault n'est pas initialisé mais vous avez un secret {{ dsc_name }}-vault-keys dans {{ dsc.vault.namespace }} - - Veuillez le suppripmer et relancer si vous souhaitez lancer une initialisation + - Veuillez le supprimer et relancer si vous souhaitez lancer une initialisation - Soit le vault est initialisé mais vous n'avez pas de secret {{ dsc_name }}-vault-keys dans {{ dsc.vault.namespace }}, et c'est inquiétant ! # Init Vault - node 1 diff --git a/roles/vault/templates/values/10-platform.j2 b/roles/vault/templates/values/10-platform.j2 index adbcf81b..9d99c9d9 100644 --- a/roles/vault/templates/values/10-platform.j2 +++ b/roles/vault/templates/values/10-platform.j2 @@ -8,7 +8,7 @@ injector: securityContext: pod: runAsNonRoot: true - runAsGroup: 1000 + runAsGroup: 1000 runAsUser: 100 fsGroup: 1000 container: @@ -22,7 +22,7 @@ server: securityContext: pod: runAsNonRoot: true - runAsGroup: 1000 + runAsGroup: 1000 runAsUser: 100 fsGroup: 1000 container: diff --git a/roles/vault/templates/values/10-registry.j2 b/roles/vault/templates/values/10-registry.j2 index 742148f5..1d49f0e4 100644 --- a/roles/vault/templates/values/10-registry.j2 +++ b/roles/vault/templates/values/10-registry.j2 @@ -19,6 +19,6 @@ csi: {% if use_image_pull_secrets %} global: - imagePullSecrets: + imagePullSecrets: - name: dso-config-pull-secret {% endif %} \ No newline at end of file diff --git a/uninstall.yaml b/uninstall.yaml index f6a0617a..0ac46cd6 100644 --- a/uninstall.yaml +++ b/uninstall.yaml @@ -312,7 +312,7 @@ tags: - vault - - name: "Suppression de l'intance Argo CD" + - name: "Suppression de l'instance Argo CD" kubernetes.core.helm: name: "{{ dsc_name }}" release_namespace: "{{ dsc.argocd.namespace }}" diff --git a/versions.md b/versions.md index 3ee05e58..84897e38 100644 --- a/versions.md +++ b/versions.md @@ -1,18 +1,18 @@ -| Outil | Version | Chart version | Source | -| ------------------------- | ---------------- | ------------- | --------------------------------------------------------------------------------------- | -| argocd | 2.11.7 | 7.3.11 | [argocd](https://artifacthub.io/packages/helm/argo/argo-cd) | -| certmanager | 1.14.3 | 1.14.3 | [certmanager](https://github.com/cert-manager/cert-manager/releases) | -| cloudnativepg | 1.22.1 | 0.20.1 | [cloudnativepg](https://artifacthub.io/packages/helm/cloudnative-pg/cloudnative-pg) | -| console | 8.0.2 | 8.0.2 | [console](https://github.com/cloud-pi-native/console/releases) | -| gitlab | 17.4.2 | 8.4.2 | [gitlab](https://artifacthub.io/packages/helm/gitlab/gitlab) | -| gitlabCiPipelinesExporter | 0.5.8 | 0.3.4 | https://github.com/mvisonneau/helm-charts/tree/main/charts/gitlab-ci-pipelines-exporter | -| gitlabOperator | 1.4.2 | 1.4.2 | [gitlabOperator](https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/tags) | -| gitlabRunner | 17.4.0 | 0.69.0 | [gitlabRunner](https://gitlab.com/gitlab-org/charts/gitlab-runner/-/tags) | -| grafana | 10.4.3 | N/A | [grafana](https://github.com/grafana/grafana/tags) | -| grafanaOperator | 5.10.0 | 5.4.2 | [grafanaOperator](https://github.com/grafana/grafana-operator/tags) | -| harbor | 2.10.1 | 1.14.1 | [harbor](https://artifacthub.io/packages/helm/harbor/harbor) | -| keycloak | 23.0.7 | 19.3.4 | [keycloak](https://artifacthub.io/packages/helm/bitnami/keycloak) | -| kyverno | v1.11.4 | 3.1.4 | [kyverno](https://artifacthub.io/packages/helm/kyverno/kyverno) | -| nexus | 3.68.1 | N/A | [nexus](https://hub.docker.com/r/sonatype/nexus3/) | -| sonarqube | 10.6.1-community | 10.6.1+3163 | [sonarqube](https://artifacthub.io/packages/helm/sonarqube/sonarqube) | -| vault | 1.14.0 | 0.25.0 | [vault](https://artifacthub.io/packages/helm/hashicorp/vault) | +| Outil | Version | Chart version | Source | +| ------------------------- | ---------------- | ------------- |----------------------------------------------------------------------------------------------------------------------| +| argocd | 2.11.7 | 7.3.11 | [argocd](https://artifacthub.io/packages/helm/argo/argo-cd) | +| certmanager | 1.14.3 | 1.14.3 | [certmanager](https://github.com/cert-manager/cert-manager/releases) | +| cloudnativepg | 1.22.1 | 0.20.1 | [cloudnativepg](https://artifacthub.io/packages/helm/cloudnative-pg/cloudnative-pg) | +| console | 8.0.2 | 8.0.2 | [console](https://github.com/cloud-pi-native/console/releases) | +| gitlab | 17.4.2 | 8.4.2 | [gitlab](https://artifacthub.io/packages/helm/gitlab/gitlab) | +| gitlabCiPipelinesExporter | 0.5.8 | 0.3.4 | [gitlabCiPipelinesExporter](https://github.com/mvisonneau/helm-charts/tree/main/charts/gitlab-ci-pipelines-exporter) | +| gitlabOperator | 1.4.2 | 1.4.2 | [gitlabOperator](https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/tags) | +| gitlabRunner | 17.4.0 | 0.69.0 | [gitlabRunner](https://gitlab.com/gitlab-org/charts/gitlab-runner/-/tags) | +| grafana | 10.4.3 | N/A | [grafana](https://github.com/grafana/grafana/tags) | +| grafanaOperator | 5.10.0 | 5.4.2 | [grafanaOperator](https://github.com/grafana/grafana-operator/tags) | +| harbor | 2.10.1 | 1.14.1 | [harbor](https://artifacthub.io/packages/helm/harbor/harbor) | +| keycloak | 23.0.7 | 19.3.4 | [keycloak](https://artifacthub.io/packages/helm/bitnami/keycloak) | +| kyverno | v1.11.4 | 3.1.4 | [kyverno](https://artifacthub.io/packages/helm/kyverno/kyverno) | +| nexus | 3.68.1 | N/A | [nexus](https://hub.docker.com/r/sonatype/nexus3/) | +| sonarqube | 10.6.1-community | 10.6.1+3163 | [sonarqube](https://artifacthub.io/packages/helm/sonarqube/sonarqube) | +| vault | 1.14.0 | 0.25.0 | [vault](https://artifacthub.io/packages/helm/hashicorp/vault) |