updating gitignore to filter out creds

Signed-off-by: greg pereira <[email protected]>

.gitignore

@@ -1,2 +1,3 @@
 argocd/.creds
 sealed-secrets/helper-scripts.md
+.creds

apex/overlays/rosa/kustomization.yaml

@@ -1,4 +1,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - sealed-secrets
+  - sealed-secrets

apex/overlays/rosa/sealed-secrets/apex-api-cert-sealed.yaml

@@ -23,4 +23,3 @@ spec:
       name: apex-api-cert
       namespace: apex
     type: kubernetes.io/tls
-

apex/overlays/rosa/sealed-secrets/apex-auth-cert-sealed.yaml

@@ -23,4 +23,3 @@ spec:
       name: apex-auth-cert
       namespace: apex
     type: kubernetes.io/tls
-

apex/overlays/rosa/sealed-secrets/apex-frontend-cert-sealed.yaml

@@ -23,4 +23,3 @@ spec:
       name: apex-frontend-cert
       namespace: apex
     type: kubernetes.io/tls
-

apex/overlays/rosa/sealed-secrets/kustomization.yaml

@@ -3,4 +3,4 @@ kind: Kustomization
 resources:
   - apex-api-cert-sealed.yaml
   - apex-frontend-cert-sealed.yaml
-  - apex-auth-cert-sealed.yaml
+  - apex-auth-cert-sealed.yaml

argocd/overlays/rosa/applications/app-of-apps/rosa-app-of-apps.yaml

@@ -15,4 +15,3 @@ spec:
     syncOptions:
     - Validate=false
     - ApplyOutOfSyncOnly=true
-

argocd/overlays/rosa/applications/envs/rosa/cluster-management/cert-manager.yaml

@@ -11,9 +11,9 @@ spec:
     repoURL: https://github.com/gregory-pereira/rosa-apps.git
     path: cert-manager/overlays/rosa
     targetRevision: migrate-op1st-argocd-to-rosa
-  # syncPolicy:
-  #   automated:
-  #     prune: true
-  #     selfHeal: true
-  #   syncOptions:
-  #     - Validate=false
+#   syncPolicy:
+#     automated:
+#       prune: true
+#       selfHeal: true
+#     syncOptions:
+#       - Validate=false

argocd/overlays/rosa/applications/envs/rosa/cluster-management/cluster-resources.yaml

@@ -11,10 +11,10 @@ spec:
     path: cluster-scope/overlays/rosa
     repoURL: https://github.com/gregory-pereira/rosa-apps.git
     targetRevision: migrate-op1st-argocd-to-rosa
-  # syncPolicy:
-  #   automated:
-  #     prune: true
-  #     selfHeal: true
-  #   syncOptions:
-  #   - Validate=false
-  #   - ApplyOutOfSyncOnly=true
+#   syncPolicy:
+#     automated:
+#       prune: true
+#       selfHeal: true
+#     syncOptions:
+#     - Validate=false
+#     - ApplyOutOfSyncOnly=true

argocd/overlays/rosa/applications/envs/rosa/cluster-management/dex.yaml

@@ -12,9 +12,9 @@ spec:
     path: dex/overlays/rosa
     repoURL: https://github.com/gregory-pereira/rosa-apps.git
     targetRevision: migrate-op1st-argocd-to-rosa
-  # syncPolicy:
-  #   automated:
-  #     prune: true
-  #     selfHeal: true
-  #   syncOptions:
-  #     - Validate=false
+#  syncPolicy:
+#    automated:
+#      prune: true
+#      selfHeal: true
+#    syncOptions:
+#      - Validate=false

argocd/overlays/rosa/applications/envs/rosa/cluster-management/sealed-secrets.yaml

@@ -11,10 +11,10 @@ spec:
     path: sealed-secrets/overlays/rosa
     repoURL: https://github.com/gregory-pereira/rosa-apps.git
     targetRevision: migrate-op1st-argocd-to-rosa
-  # syncPolicy:
-  #   automated:
-  #     prune: true
-  #     selfHeal: true
-  #   syncOptions:
-  #   - Validate=false
-  #   - ApplyOutOfSyncOnly=true
+#   syncPolicy:
+#     automated:
+#       prune: true
+#       selfHeal: true
+#     syncOptions:
+#     - Validate=false
+#     - ApplyOutOfSyncOnly=true

argocd/overlays/rosa/applications/envs/rosa/rosa/kustomization.yaml

@@ -3,4 +3,4 @@ kind: Kustomization
 resources:
   - acme-operator.yaml
   # - dex.yaml
-  # - tekton-chains.yaml
+  # - tekton-chains.yaml

argocd/overlays/rosa/applications/envs/rosa/rosa/tekton-chains.yaml

@@ -12,9 +12,9 @@ spec:
   destination:
     name: in-cluster
     namespace: tekton-chains
-  # syncPolicy:
-  #   automated:
-  #     prune: true
-  #     selfHeal: true
-  #   syncOptions:
-  #     - Validate=false
+#   syncPolicy:
+#     automated:
+#       prune: true
+#       selfHeal: true
+#     syncOptions:
+#       - Validate=false

argocd/overlays/rosa/configmaps/argocd-cm.yaml

@@ -12,4 +12,4 @@ metadata:
   labels:
     app.kubernetes.io/name: argocd-rbac-cm
     app.kubernetes.io/part-of: argocd
-  name: argocd-rbac-cm
+  name: argocd-rbac-cm

argocd/overlays/rosa/configmaps/kustomization.yaml

@@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: openshift-gitops
 resources:
-  - argocd-cm.yaml
+  - argocd-cm.yaml

argocd/overlays/rosa/externalsecrets/clusters/rosa.yaml

@@ -11,4 +11,4 @@ data:
     eyJiZWFyZXJUb2tlbiI6ICJleUpoYkdjaU9pSlNVekkxTmlJc0ltdHBaQ0k2SWxkeE4zWXRUMEZmTkhwaFVsWk1Vek15U1ZkemFFOXlYM1JMVFRaUVNHTmZXbTlHT0Zjd05rZHlVRTBpZlEuZXlKcGMzTWlPaUpyZFdKbGNtNWxkR1Z6TDNObGNuWnBZMlZoWTJOdmRXNTBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5dVlXMWxjM0JoWTJVaU9pSmhjbWR2WTJRaUxDSnJkV0psY201bGRHVnpMbWx2TDNObGNuWnBZMlZoWTJOdmRXNTBMM05sWTNKbGRDNXVZVzFsSWpvaVlYSm5iMk5rTFcxaGJtRm5aWEl0ZEc5clpXNHRibkp4Y1hNaUxDSnJkV0psY201bGRHVnpMbWx2TDNObGNuWnBZMlZoWTJOdmRXNTBMM05sY25acFkyVXRZV05qYjNWdWRDNXVZVzFsSWpvaVlYSm5iMk5rTFcxaGJtRm5aWElpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxjblpwWTJVdFlXTmpiM1Z1ZEM1MWFXUWlPaUl4WWpRME9HVmpNaTFtWmpZd0xUUmlNR0l0WVdJMVpTMDRZbVZpWTJNMlptUTNNbUVpTENKemRXSWlPaUp6ZVhOMFpXMDZjMlZ5ZG1salpXRmpZMjkxYm5RNllYSm5iMk5rT21GeVoyOWpaQzF0WVc1aFoyVnlJbjAubWFEaFYyYmU5UUlCeFhuN0hoTHpJUVFXWTdYeFo5cC1RWnJMMVRqOFBodzY4U0FaUTRRRzVsLWJwb2k4aW1xa29DQ2VrYTFvUEhOTUFKVkpramdjekNzTkdYbFhlTDJzc2hva0xrc1V4Um4zVkhDUGJibWtwemFJLU1yazU1X3czSDEydG1WTnMzS1VoRTF4aDhGU3BUbW9FRzRCaHkxWXF2MnZpVnhHV3hvbkRpZE4yN1ZWUF91cTNuWGlWV3ltVU1DUGNwUWp0ZmkyNld4Z0ZZZFhkcnpaSHBpTnI3Z2pMOUZvOWtNU0tmWG1nUzVIWmt6dC00WnZaU29qQ24zakNwZEtEWkZVZXBNRUJwaHZyVEM0T1cxelFhZjZDYWVZOVZPdzg2VVJLSUlnTFI4Q0M0cHMtZ1pkUFJtakNvWlFkazR1U0xaaGZvcDRMWl9FOGJMY1JnIiwgInRsc0NsaWVudENvbmZpZyI6IHsiaW5zZWN1cmUiOiB0cnVlfX0K
   name: bW9jLWluZnJh
   server: aHR0cHM6Ly9hcGkubW9jLWluZnJhLm1hc3NvcGVuLmNsb3VkOjY0NDM=
-type: Opaque
+type: Opaque

argocd/overlays/rosa/projects/kustomization.yaml

@@ -5,4 +5,4 @@ resources:
   - cluster-management.yaml
   - global_project.yaml
   - thoth.yaml
-  - rosa.yaml
+  - rosa.yaml

cert-manager/overlays/rosa/api/sealedsecrets/route53-credentials-sealed.yaml

@@ -15,4 +15,3 @@ spec:
       name: aws-route53-credentials
       namespace: openshift-config
     type: Opaque
-

cert-manager/overlays/rosa/ingress/sealedsecrets/route53-credentials-sealed.yaml

@@ -13,4 +13,3 @@ spec:
       name: aws-route53-credentials
       namespace: openshift-ingress
     type: Opaque
-

cluster-scope/base/apiextensions.k8s.io/customresourcedefinitions/cert-manager.io/certificaterequests.yaml

@@ -189,4 +189,4 @@ spec:
                   type: string
                   format: date-time
       served: true
-      storage: true
+      storage: true

cluster-scope/base/apiextensions.k8s.io/customresourcedefinitions/cert-manager.io/certificates.yaml

@@ -362,4 +362,4 @@ spec:
                   description: "The current 'revision' of the certificate as issued. \n When a CertificateRequest resource is created, it will have the `cert-manager.io/certificate-revision` set to one greater than the current value of this field. \n Upon issuance, this field will be set to the value of the annotation on the CertificateRequest resource used to issue the certificate. \n Persisting the value on the CertificateRequest resource allows the certificates controller to know whether a request is part of an old issuance or if it is part of the ongoing revision's issuance by checking if the revision value in the annotation is greater than this field."
                   type: integer
       served: true
-      storage: true
+      storage: true

cluster-scope/base/apiextensions.k8s.io/customresourcedefinitions/cert-manager.io/challenges.yaml

@@ -1065,4 +1065,4 @@ spec:
       served: true
       storage: true
       subresources:
-        status: {}
+        status: {}

cluster-scope/base/apiextensions.k8s.io/customresourcedefinitions/cert-manager.io/clusterissuers.yaml

@@ -1303,4 +1303,4 @@ spec:
                     - type
                   x-kubernetes-list-type: map
       served: true
-      storage: true
+      storage: true

cluster-scope/base/apiextensions.k8s.io/customresourcedefinitions/cert-manager.io/issuers.yaml

@@ -1303,4 +1303,4 @@ spec:
                     - type
                   x-kubernetes-list-type: map
       served: true
-      storage: true
+      storage: true

cluster-scope/base/apiextensions.k8s.io/customresourcedefinitions/cert-manager.io/kustomization.yaml

@@ -6,4 +6,4 @@ resources:
   - challenges.yaml
   - clusterissuers.yaml
   - issuers.yaml
-  - orders.yaml
+  - orders.yaml

cluster-scope/base/apiextensions.k8s.io/customresourcedefinitions/cert-manager.io/orders.yaml

@@ -171,4 +171,4 @@ spec:
                   description: URL of the Order. This will initially be empty when the resource is first created. The Order controller will populate this field when the Order is first processed. This field will be immutable after it is initially set.
                   type: string
       served: true
-      storage: true
+      storage: true

cluster-scope/base/apiextensions.k8s.io/customresourcedefinitions/sealedsecrets.bitnami.com/customresourcedefinition.yaml

@@ -118,4 +118,4 @@ spec:
     served: true
     storage: true
     subresources:
-      status: {}
+      status: {}

cluster-scope/base/core/namespaces/openshift-gitops/kustomization.yaml

@@ -6,4 +6,4 @@ resources:
 namespace: openshift-gitops
 components:
 - ../../../../components/limitranges/default
-- ../../../../components/resourcequotas/large # may not need
+- ../../../../components/resourcequotas/large

cluster-scope/base/rbac.authorization.k8s.io/clusterroles/argocd-application-controller/clusterrole.yaml

@@ -16,4 +16,4 @@ rules:
 - nonResourceURLs:
   - '*'
   verbs:
-  - '*'
+  - '*'

cluster-scope/base/rbac.authorization.k8s.io/rolebindings/sealed-secrets/rolebinding.yaml

@@ -30,4 +30,4 @@ roleRef:
 subjects:
 - apiGroup: rbac.authorization.k8s.io
   kind: Group
-  name: system:authenticated
+  name: system:authenticated

cluster-scope/base/user.openshift.io/rosa/group.yaml

@@ -5,4 +5,3 @@ metadata:
 users:
   - cooktheryan
   - Gregory-Pereira
-

cluster-scope/overlays/rosa/apiserver/api_server_cert.yaml

@@ -14,4 +14,4 @@ spec:
       - names:
           - rh-api.open-svc-sts.k1wl.p1.openshiftapps.com
         servingCertificate:
-          name: open-svc-sts-primary-cert-bundle-secret
+          name: open-svc-sts-primary-cert-bundle-secret

cluster-scope/overlays/rosa/kustomization.yaml

@@ -1,8 +1,9 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ../../../apex/overlays/rosa
+  # -------------------------------------------------------------------------------------
   # API Extensions (listed individually so new clusters get what they want not everyhitng)
+  # --------------------------------------------------------------------------------------
   - ../../base/apiextensions.k8s.io/customresourcedefinitions/applications.argoproj.io
   - ../../base/apiextensions.k8s.io/customresourcedefinitions/applicationsets.argoproj.io
   - ../../base/apiextensions.k8s.io/customresourcedefinitions/appprojects.argoproj.io
@@ -12,37 +13,31 @@ resources:
   - ../../base/apiextensions.k8s.io/customresourcedefinitions/sealedsecrets.bitnami.com
   - ../../base/apiextensions.k8s.io/customresourcedefinitions/workflow.argoproj.io
   - ../../base/apiextensions.k8s.io/customresourcedefinitions/workflowtemplate.argoproj.io
+  # --------------------------------------------------------------------------------------
   # Namespaces
+  # --------------------------------------------------------------------------------------
   - ../../base/core/namespaces/apex
   - ../../base/core/namespaces/apex-monitoring
   - ../../base/core/namespaces/apex-qa
   - ../../base/core/namespaces/copilot-ops
   - ../../base/core/namespaces/dex
   - ../../base/core/namespaces/ipfs
-#  - ../../base/core/namespaces/janus-idp
-#  - ../../base/core/namespaces/robozome
-#  - ../../base/core/namespaces/sigstore-aas
-#  - ../../base/core/namespaces/tekton-pipelines
-#  - ../../base/core/namespaces/thoth-amun-api-prod
-#  - ../../base/core/namespaces/thoth-amun-inspection-prod
-#  - ../../base/core/namespaces/thoth-backend-prod
-#  - ../../base/core/namespaces/thoth-bots-prod
-#  - ../../base/core/namespaces/thoth-cre-integration
-#  - ../../base/core/namespaces/thoth-deployment-examples
-#  - ../../base/core/namespaces/thoth-frontend-prod
-#  - ../../base/core/namespaces/thoth-graph-prod
-#  - ../../base/core/namespaces/thoth-infra-prod
-#  - ../../base/core/namespaces/thoth-middletier-prod
+  # --------------------------------------------------------------------------------------
   # Operatorgroups and subscriptions
+  # --------------------------------------------------------------------------------------
   - ../../base/operators.coreos.com/operatorgroups/apex
   - ../../base/operators.coreos.com/subscriptions/crunchy-postgres
+  # --------------------------------------------------------------------------------------
   # Premade bundles (some may include CRDs)
+  # --------------------------------------------------------------------------------------
   - ../../bundles/acme-operator
   - ../../bundles/cert-manager
   - ../../bundles/jaeger-operator
   - ../../bundles/opentelemetry-collector-operator
   - ../../bundles/tekton-chains
+  # --------------------------------------------------------------------------------------
   # Cluster Specific Cluster-scoped resources
+  # --------------------------------------------------------------------------------------
   - apiserver/api_server_cert.yaml
   - clusterversion.yaml
   - ingresscontrollers/default.yaml

dex/base/configmaps/files/config.yaml

@@ -16,24 +16,24 @@ oauth2:
   skipApprovalScreen: true
 
 staticClients:
-  # - id: argo
-  #   name: Argo
-  #   redirectURIs:
-  #     - http://URL/oauth2/callback
-  #   secretEnv: ARGO_SECRET
-
-  # - id: grafana
-  #   name: Grafana
-  #   redirectURIs:
-  #     - https://URL/login/generic_oauth
-  #   secretEnv: GRAFANA_SECRET
-
-  # - id: hue
-  #   name: Hue
-  #   redirectURIs:
-  #     - https://URL/oidc/callback
-  #     - https://URL/hue/oidc_failed
-  #   secretEnv: HUE_SECRET
+#   - id: argo
+#     name: Argo
+#     redirectURIs:
+#       - http://URL/oauth2/callback
+#     secretEnv: ARGO_SECRET
+
+#   - id: grafana
+#     name: Grafana
+#     redirectURIs:
+#       - https://URL/login/generic_oauth
+#     secretEnv: GRAFANA_SECRET
+
+#   - id: hue
+#     name: Hue
+#     redirectURIs:
+#       - https://URL/oidc/callback
+#       - https://URL/hue/oidc_failed
+#     secretEnv: HUE_SECRET
 
 connectors:
   - type: openshift

sealed-secrets/base/kustomization.yaml

@@ -7,4 +7,4 @@ resources:
   - ../../cluster-scope/base/rbac.authorization.k8s.io/clusterroles/sealed-secrets
   - ../../cluster-scope/base/rbac.authorization.k8s.io/rolebindings/sealed-secrets
   - ../../cluster-scope/base/rbac.authorization.k8s.io/roles/sealed-secrets
-  - service.yaml
+  - service.yaml

sealed-secrets/overlays/rosa/kustomization.yaml

@@ -1,4 +1,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ../../base
+  - ../../base