chore: Adjust AIOps SA for sync jobs

config/argocd-cloudpaks/cp-shared/templates/0100-cp-shared-app.yaml

@@ -14,6 +14,7 @@ spec:
   ignoreDifferences:
     - group: argoproj.io
       jsonPointers:
+        - /spec/project
         - /spec/source/repoURL
         - /spec/source/targetRevision
         - /status

config/argocd-cloudpaks/cp-shared/templates/0100-cp-shared-operators-app.yaml

@@ -9,11 +9,12 @@ metadata:
     argocd.argoproj.io/sync-wave: "100"
 spec:
   destination:
-    namespace: {{.Values.argocd_app_namespace}}
+    namespace: "{{.Values.metadata.argocd_app_namespace}}"
     server: https://kubernetes.default.svc
   ignoreDifferences:
     - group: argoproj.io
       jsonPointers:
+        - /spec/project
         - /spec/source/repoURL
         - /spec/source/targetRevision
         - /status

config/argocd-cloudpaks/cp4aiops/Chart.yaml

@@ -16,9 +16,9 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.4.1
+version: 0.4.3
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: "0.6.0"
+appVersion: "0.8.0"

config/argocd-cloudpaks/cp4aiops/templates/020-cloudpaks-aimgr-role.yaml

@@ -0,0 +1,40 @@
+{{- $aimgr := .Values.modules.aimgr }}
+{{- if eq ( default false $aimgr ) true  }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "20"
+  creationTimestamp: null
+  name: ibm-aiops-aimgr-role
+  namespace: "{{.Values.metadata.argocd_app_namespace}}"
+rules:
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["get", "list"]
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "list", "create", "delete", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["serviceaccounts"]
+    verbs: ["get", "list", "create", "update", "patch"]
+  - apiGroups: ["base.automation.ibm.com"]
+    resources: ["automationbases"]
+    verbs: ["get", "list"]
+  - apiGroups: ["core.automation.ibm.com"]
+    resources: ["automationuiconfigs"]
+    verbs: ["get", "list"]
+  - apiGroups: ["project.openshift.io"]
+    resources: ["projects"]
+    verbs: ["get"]
+  - apiGroups: ["operator.openshift.io"]
+    resources: ["ingresscontrollers"]
+    verbs: ["get"]
+  - apiGroups: ["route.openshift.io"]
+    resources: ["routes"]
+    verbs: ["get"]
+  - apiGroups: ["apps"]
+    resources: ["deployments"]
+    verbs: ["get", "list", "patch"]
+{{- end }}

config/argocd-cloudpaks/cp4aiops/templates/020-cloudpaks-default-role.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "21"
+  creationTimestamp: null
+  name: ibm-aiops-role
+  namespace: default
+rules:
+  - apiGroups: [""]
+    resources: ["namespaces"]
+    verbs: ["get", "patch"]

config/argocd-cloudpaks/cp4aiops/templates/020-cloudpaks-emgr-role.yaml

@@ -0,0 +1,19 @@
+{{- $emgr := .Values.modules.emgr }}
+{{- if eq ( default false $emgr ) true  }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "20"
+  creationTimestamp: null
+  name: ibm-aiops-emgr-role
+  namespace: "{{.Values.metadata.argocd_app_namespace}}-emgr"
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "list", "create", "update", "patch", "delete"]
+  - apiGroups: ["cem.ibm.com"]
+    resources: ["cemformations"]
+    verbs: ["get"]
+{{- end }}

config/argocd-cloudpaks/cp4aiops/templates/020-cloudpaks-ingress-roles.yaml

@@ -0,0 +1,26 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "21"
+  creationTimestamp: null
+  name: ibm-aiops-ingress-operator-role
+  namespace: openshift-ingress-operator
+rules:
+  - apiGroups: ["operator.openshift.io"]
+    resources: ["ingresscontrollers"]
+    verbs: ["get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "21"
+  creationTimestamp: null
+  name: ibm-aiops-ingress-role
+  namespace: openshift-ingress
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get"]

config/argocd-cloudpaks/cp4aiops/templates/021-cloudpaks-aimgr-binding.yaml

@@ -0,0 +1,20 @@
+{{- $aimgr := .Values.modules.aimgr }}
+{{- if eq ( default false $aimgr ) true  }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "21"
+  creationTimestamp: null
+  name: ibm-aiops-aimgr-binding
+  namespace: "{{.Values.metadata.argocd_app_namespace}}"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: ibm-aiops-aimgr-role
+subjects:
+  - kind: ServiceAccount
+    name: "{{.Values.serviceaccount.ibm_cloudpaks_installer}}"
+    namespace: "{{.Values.metadata.argocd_namespace}}"
+{{- end }}

config/cloudpaks/cp4aiops/install-emgr/templates/subscriptions/021-cp4aiops-role-binding.yaml → config/argocd-cloudpaks/cp4aiops/templates/021-cloudpaks-default-binding.yaml

@@ -5,13 +5,13 @@ metadata:
   annotations:
     argocd.argoproj.io/sync-wave: "21"
   creationTimestamp: null
-  name: ibm-cp4aiops-emgr-role
-  namespace: "{{.Values.metadata.argocd_app_namespace}}-emgr"
+  name: ibm-aiops-binding
+  namespace: default
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: ibm-cp4aiops-emgr
+  name: ibm-aiops-role
 subjects:
   - kind: ServiceAccount
-    name: openshift-gitops-argocd-application-controller
-    namespace: openshift-gitops
+    name: "{{.Values.serviceaccount.ibm_cloudpaks_installer}}"
+    namespace: "{{.Values.metadata.argocd_namespace}}"

config/argocd-cloudpaks/cp4aiops/templates/021-cloudpaks-emgr-binding.yaml

@@ -0,0 +1,20 @@
+{{- $emgr := .Values.modules.emgr }}
+{{- if eq ( default false $emgr ) true  }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "21"
+  creationTimestamp: null
+  name: ibm-aiops-emgr-binding
+  namespace: "{{.Values.metadata.argocd_app_namespace}}-emgr"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: ibm-aiops-emgr-role
+subjects:
+  - kind: ServiceAccount
+    name: "{{.Values.serviceaccount.ibm_cloudpaks_installer}}"
+    namespace: "{{.Values.metadata.argocd_namespace}}"
+{{- end }}

config/argocd-cloudpaks/cp4aiops/templates/021-cloudpaks-ingress-bindings.yaml

@@ -0,0 +1,34 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "21"
+  creationTimestamp: null
+  name: ibm-aiops-ingress-operator-binding
+  namespace: openshift-ingress-operator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: ibm-aiops-ingress-operator-role
+subjects:
+  - kind: ServiceAccount
+    name: "{{.Values.serviceaccount.ibm_cloudpaks_installer}}"
+    namespace: "{{.Values.metadata.argocd_namespace}}"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "21"
+  creationTimestamp: null
+  name: ibm-aiops-ingress-binding
+  namespace: openshift-ingress
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: ibm-aiops-ingress-role
+subjects:
+  - kind: ServiceAccount
+    name: "{{.Values.serviceaccount.ibm_cloudpaks_installer}}"
+    namespace: "{{.Values.metadata.argocd_namespace}}"

config/argocd-cloudpaks/cp4aiops/templates/110-cp4aiops-aimgr-app.yaml

@@ -0,0 +1,71 @@
+{{- $aimgr := .Values.modules.aimgr }}
+{{- if eq ( default false $aimgr ) true  }}
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  creationTimestamp: null
+  name: cp4aiops-aimgr
+  namespace: openshift-gitops
+  annotations:
+    argocd.argoproj.io/sync-wave: "110"
+spec:
+  destination:
+    namespace: {{.Values.metadata.argocd_app_namespace}}
+    server: https://kubernetes.default.svc
+  ignoreDifferences:
+    - group: argoproj.io
+      jsonPointers:
+        - /spec/source/repoURL
+        - /spec/source/targetRevision
+        - /status
+      kind: Application
+    - group: noi.ibm.com
+      jsonPointers:
+        - /spec/clusterDomain
+      kind: noi
+    - group: v1
+      jsonPointers:
+        - /metadata/labels
+      kind: Namespace
+  project: default
+  source:
+    helm:
+      parameters:
+        - name: argocd_app_name
+          value: ${ARGOCD_APP_NAME}
+        - name: argocd_app_namespace
+          value: ${ARGOCD_APP_NAMESPACE}
+        - name: automation_base_instance_name
+          value: {{.Values.automation_base_instance_name}}
+        - name: automation_ui_config_instance_name
+          value: {{.Values.metadata.automation_ui_config_instance_name}}
+        - name: metadata.argocd_app_namespace
+          value: {{.Values.metadata.argocd_app_namespace}}
+        - name: repoURL
+          value: ${ARGOCD_APP_SOURCE_REPO_URL}
+        - name: serviceaccount.argocd_application_controller
+          value: {{.Values.serviceaccount.argocd_application_controller}}
+        - name: storageclass.rwo
+          value: {{.Values.storageclass.rwo}}
+        - name: storageclass.rwx
+          value: {{.Values.storageclass.rwx}}
+        - name: targetRevision
+          value: ${ARGOCD_APP_SOURCE_TARGET_REVISION}
+    path: config/cloudpaks/cp4aiops/install-aimgr
+    repoURL: {{.Values.repoURL}}
+    targetRevision: {{.Values.targetRevision}}
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+status:
+  health: {}
+  summary: {}
+  sync:
+    comparedTo:
+      destination: {}
+      source:
+        repoURL: ""
+    status: ""
+{{- end }}

config/argocd-cloudpaks/cp4aiops/templates/120-cp4aiops-emgr-app.yaml

@@ -0,0 +1,69 @@
+{{- $emgr := .Values.modules.emgr }}
+{{- if eq ( default false $emgr ) true  }}
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  creationTimestamp: null
+  name: cp4aiops-emgr
+  namespace: openshift-gitops
+  annotations:
+    argocd.argoproj.io/sync-wave: "120"
+spec:
+  destination:
+    namespace: "{{.Values.metadata.argocd_app_namespace}}-emgr"
+    server: https://kubernetes.default.svc
+  ignoreDifferences:
+    - group: argoproj.io
+      jsonPointers:
+        - /spec/source/repoURL
+        - /spec/source/targetRevision
+        - /status
+      kind: Application
+    - group: noi.ibm.com
+      jsonPointers:
+        - /spec/clusterDomain
+      kind: noi
+    - group: v1
+      jsonPointers:
+        - /metadata/labels
+      kind: Namespace
+  project: default
+  source:
+    helm:
+      parameters:
+        - name: argocd_app_name
+          value: ${ARGOCD_APP_NAME}
+        - name: argocd_app_namespace
+          value: ${ARGOCD_APP_NAMESPACE}
+        - name: cluster_domain
+          value: {{.Values.cluster_domain}}
+        - name: metadata.argocd_app_namespace
+          value: "{{.Values.metadata.argocd_app_namespace}}-emgr"
+        - name: repoURL
+          value: ${ARGOCD_APP_SOURCE_REPO_URL}
+        - name: serviceaccount.argocd_application_controller
+          value: {{.Values.serviceaccount.argocd_application_controller}}
+        - name: storageclass.rwo
+          value: {{.Values.storageclass.rwo}}
+        - name: storageclass.rwx
+          value: {{.Values.storageclass.rwx}}
+        - name: targetRevision
+          value: ${ARGOCD_APP_SOURCE_TARGET_REVISION}
+    path: config/cloudpaks/cp4aiops/install-emgr
+    repoURL: {{.Values.repoURL}}
+    targetRevision: {{.Values.targetRevision}}
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+status:
+  health: {}
+  summary: {}
+  sync:
+    comparedTo:
+      destination: {}
+      source:
+        repoURL: ""
+    status: ""
+{{- end }}