Riv25 evolution of the repository #252
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Pankaj Walke <[email protected]>
Signed-off-by: Pankaj Walke <[email protected]>
Signed-off-by: Pankaj Walke <[email protected]>
Signed-off-by: Pankaj Walke <[email protected]>
…sters Signed-off-by: Pankaj Walke <[email protected]>
Signed-off-by: Pankaj Walke <[email protected]>
Signed-off-by: Pankaj Walke <[email protected]>
Signed-off-by: Pankaj Walke <[email protected]>
Signed-off-by: Pankaj Walke <[email protected]>
Signed-off-by: Pankaj Walke <[email protected]>
…ity-accelerator Signed-off-by: Pankaj Walke <[email protected]>
Signed-off-by: Pankaj Walke <[email protected]>
Signed-off-by: Pankaj Walke <[email protected]>
* clean argo resources vs kro Signed-off-by: Workshop User <[email protected]> * Fix CI/CD pipeline templates for GitLab integration - Add ArgoCD tracking configuration to Kro resources - Remove namespace creation from Kro (handled by ArgoCD) - Fix sensor parameter operation: override -> overwrite - Update git URL structure from Gitea to GitLab format - Change credentials from gitea-credentials to gitlab-credentials * update kro cicd-pipeline Signed-off-by: Workshop User <[email protected]> * update sensor repo Signed-off-by: Workshop User <[email protected]> * update sensor repo2 Signed-off-by: Workshop User <[email protected]> * use more generic kro-manifest application Signed-off-by: Workshop User <[email protected]> * Fix kro-manifests ApplicationSet selector * Remove exclude syntax from kro-manifests config * Remove type: manifest from kro-manifests config * Configure kro-manifests with multiple source paths for GitOps * fix kro-manifests Signed-off-by: Workshop User <[email protected]> * Fix kro-manifests template error - use single path * Simplify kro-manifests config - remove unnecessary chartRepository and targetRevision * Add type: manifest to prevent Helm rendering for kro-manifests * Add directory exclude pattern to avoid deploying test files * fix kro ResourceGraphDefinition Signed-off-by: Workshop User <[email protected]> * update to kro v0.4.1 Signed-off-by: Workshop User <[email protected]> * Fix status section variable reference from schema to spec * Fix status section to reference resource properties instead of spec * Replace schema.kind with literal CICDPipeline in ownerReferences * Fix readyWhen to use proper status checks instead of metadata.name * Remove readyWhen for Argo Events resources due to unclear status schema * Fix ACK resource readyWhen to use proper ACK.ResourceSynced condition * Fix: Update CICDPipeline template to use argocd namespace * use argocd namespace Signed-off-by: Workshop User <[email protected]> * move event bus object out of kro, issue with cross-namespace ownerreference Signed-off-by: Workshop User <[email protected]> * Update aws-resource-validation.integration.test.js codeQL to regex * Update aws-resource-validation.integration.test.js * add test suite for backstage and kro Signed-off-by: Sébastien Allamand <[email protected]> * add RGD owner in kro eks cluster Signed-off-by: Workshop User <[email protected]> * Update Backstage Templates * Update Backstage Templates * add cluster namespace ack Signed-off-by: Workshop User <[email protected]> * clean kro cicd-pipeline Signed-off-by: Workshop User <[email protected]> * fix indent Signed-off-by: Workshop User <[email protected]> * fix indent 2 Signed-off-by: Workshop User <[email protected]> * remove problematic field Signed-off-by: Workshop User <[email protected]> * remove problematic field 2 Signed-off-by: Workshop User <[email protected]> * remove problematic field 3 Signed-off-by: Workshop User <[email protected]> * use default namespace for event bus Signed-off-by: Workshop User <[email protected]> * watch the events from appplication.name git repository Signed-off-by: Workshop User <[email protected]> * add forece-delete for ecr repo Signed-off-by: Workshop User <[email protected]> * update worksflow Signed-off-by: Workshop User <[email protected]> * add ingress priority for argo-events over kargo catchall Signed-off-by: Workshop User <[email protected]> * update tests Signed-off-by: Sébastien Allamand <[email protected]> * update tests Signed-off-by: Sébastien Allamand <[email protected]> * Fix CI/CD pipeline webhook configuration - Add hub.hostname to CICDPipeline schema - Update ingress to use hub hostname instead of gitlab hostname - Fix webhook endpoint URL configuration - Add ingress priority to override Kargo catch-all route - Fix Sensor filters to use body.object_kind and body.ref - Install kubectl in webhook setup workflow - Fix jq syntax error in webhook validation - Remove unnecessary IAM role validation - Update Backstage template to include hub.hostname parameter * Add new EKS cluster * Fix workflow secretKeyRef issue - Remove invalid secretKeyRef from Sensor trigger parameters - Add gitlab-credentials secret to workflow envFrom - Use GITLAB_TOKEN environment variable instead of workflow parameter * Fix Sensor parameter mapping - Remove commit ID prepend to git-url parameter - Only use body.ref for git-revision parameter - Prevents commit ID from corrupting git-url * Fix webhook endpoint URL in ConfigMap - Use schema.spec.name instead of application.name for webhook path - Fixes webhook URL from /argo-events/rust to /argo-events/rust-cicd * Fix GitLab webhook API format - Change from Gitea API format to GitLab API format - Fix API URL: /gitea/api/v1/ -> /api/v4/projects/ - Fix webhook payload format for GitLab - Use PUT instead of PATCH for updates * Add debugging to GitLab webhook setup - Add HTTP status code checking - Use Bearer token instead of token prefix - Fix webhook field reference (url vs config.url) - Add detailed error logging * Fix CEL parsing error in webhook script - Use 935255 prefix for bash substring syntax to avoid CEL interpretation - Fixes gitlab_token:0:10 syntax error * Remove debug line causing CEL parsing error - Remove gitlab_token substring echo that was causing CEL validation to fail - Keep essential debugging for API URL and webhook URL * Fix HTTP code parsing in workflow script - Use newline separator instead of inline HTTP_CODE - Use tail/head instead of grep/sed for more reliable parsing - Add -s flag to curl to suppress progress output - Fix jq argument reference * Fix ingress routing for webhook EventSource - Point to correct EventSource service name - Use /webhook rewrite target instead of regex capture - Change to Exact path matching - Ensures future deployments work without manual fixes * Fix git checkout error handling - Add exit 1 on git clone failure - Add exit 1 on cd failure - Add fallback to create branch if checkout fails - Ensures workflow fails fast on git errors * Add GitLab token authentication to git checkout - Mount gitlab-credentials secret in git-checkout container - Use token in HTTPS URL for authentication - Handle refs/heads/ branch format properly - Fixes git clone authentication errors * Add shared persistent volume for workflow steps - Add volumeClaimTemplates with gp3 storage class - Update git-checkout to use /workdir/source path - Update run-unit-tests to use shared workdir volume - Remove individual emptyDir volumes - Enables data sharing between workflow steps like old implementation * Fix Kaniko build context and add workdir volume - Use local context /workdir/source instead of malformed git:// URL - Add workdir volume mount to Kaniko container - Fixes 'https://https///' URL resolution error * Fix ArgoCD garbage collection issue for VPC resources - Add missing argocd.argoproj.io/tracking-id annotation to VPC resource - Prevents ArgoCD from garbage collecting KRO-managed VPC resources - Fixes VPC limit error caused by deletion/recreation cycle - CICD pipeline template already has proper tracking annotations * Add ArgoCD tracking annotations to Kubernetes RBAC resources - Add tracking annotation to RBAC Role and RoleBinding - Ensures all KRO-managed resources appear in ArgoCD UI - Enables proper sync status tracking and health checks - ServiceAccount already had tracking annotation * Add ownerReferences to RBAC Role and RoleBinding - Add complete KRO ownerReferences as per documentation - Ensures proper resource lifecycle management - Completes ArgoCD integration with both tracking-id and ownerReferences - Follows KRO best practices for ArgoCD compatibility * Fix ArgoCD integration for all EKS template resources - Add argocd.argoproj.io/tracking-id annotations to all AWS resources - Add ownerReferences to establish proper KRO resource ownership - Remove inappropriate sync-wave annotations from resource templates - Keep sync-wave only on ResourceGraphDefinition metadata - Ensures all KRO-managed resources appear in ArgoCD UI - Prevents ArgoCD garbage collection of AWS resources - Fixes VPC deletion/recreation cycle issue * Fix Backstage template variable mismatch for git username - Change gituser to git_username in ArgoCD application templates - Add .git extension to repository URLs - Fixes malformed repoURL causing ArgoCD sync failures - Template defines git_username but skeleton used gituser * Add KubeVela components chart and ApplicationSet - Create kubevela-components chart with components, traits, and compositions - Migrate YAML components from rust repo (appmod-service, dp-service-account, etc.) - Convert missing CUE components to YAML (external-database-secret, ingress trait) - Add RDS Crossplane compositions (postgres-aurora, rds-postgres) - Add ApplicationSet with enable_kubevela_components selector - Enable on dev cluster with proper sync-wave ordering * Enable kubevela-components in control-plane environment - Add kubevela-components: enabled: true to control-plane addons.yaml - This will create the ApplicationSet for KubeVela components deployment * fix backstage build Signed-off-by: Workshop User <[email protected]> * Add IAM and EKS providers to Crossplane AWS chart - Add provider-aws-iam and provider-aws-eks to providers.yaml - Required for KubeVela dp-service-account component to work - Fixes rust application service account creation issues * Fix ProviderConfig references in KubeVela components - Update dp-service-account, dynamodb-table, and component-iam-policy - Change from default ProviderConfig to provider-aws-config - Fixes Crossplane resource creation issues * Add pod identity configuration for Crossplane providers - Add IAM role and pod identity association for provider-aws service account - Add cluster name to crossplane-aws valuesObject - Fixes AWS credentials issue for Crossplane providers * Add Crossplane pod identity configuration to Terraform - Add crossplane_provider_aws_pod_identity module to pod-identity.tf - Add enable_crossplane to aws_addons local in main.tf - Enable crossplane in dev.tfvars - Creates IAM role and pod identity association for Crossplane providers - Fixes AWS credentials issue for Crossplane providers * Remove conflicting ACK pod identity modules - Remove ack_s3_pod_identity and ack_dynamodb_pod_identity modules - These controllers already have pod identities from the old approach in main.tf - Fixes ResourceInUseException conflicts during Terraform apply - Keeps only crossplane_provider_aws_pod_identity module * Remove Crossplane-managed pod identity resources - Remove pod-identity.yaml from crossplane-aws chart - Use only Terraform-managed pod identity association - Fixes circular dependency issue where Crossplane tries to create its own pod identity * Update Crossplane pod identity to use AdministratorAccess - Change from PowerUserAccess to AdministratorAccess policy - PowerUserAccess excludes IAM management permissions - Crossplane needs full IAM permissions to create roles and policies * Fix cluster name in rust application - Change from modernengg-dev to peeks-spoke-dev - Fixes pod identity association creation error - ResourceNotFoundException: No cluster found for name: modernengg-dev * Add aws-secrets-manager ClusterSecretStore for dev environment - Create ClusterSecretStore with consistent naming (matches hub cluster) - Uses external-secrets-sa service account with pod identity - Fixes ExternalSecret connectivity to AWS Secrets Manager - Applied at environment level for all dev clusters * Add platform-manifests chart for ClusterSecretStore - Create platform-manifests Helm chart with ClusterSecretStore template - Add platform-manifests section to addons.yaml with metadata annotations - Enable platform-manifests in control-plane environment - Creates aws-secrets-manager ClusterSecretStore for external-secrets * Enable platform-manifests addon in Terraform - Add enable_platform_manifests to addons_metadata in main.tf - Enable platform_manifests in dev.tfvars - This will create the ArgoCD application for platform-manifests * Enable platform-manifests in fleet dev cluster configuration - Add enable_platform_manifests: 'true' to fleet-spoke-dev labels - This will trigger ApplicationSet to create platform-manifests application - Creates aws-secrets-manager ClusterSecretStore for external-secrets * Fix platform-manifests configuration to use path instead of chartRepository - Use path pattern like other local charts (gitlab example) - Remove chartName and releaseName fields - Fixes template execution error for addonChartRepository * remove kubevela-components Signed-off-by: Workshop User <[email protected]> * Fix external-database-secret ComponentDefinition workload spec - Add workload.type: autodetects for non-workload resources - Fixes 'spec.workload: Required value' validation error * Add duplicate ClusterSecretStore with expected name - Create both aws-secrets-manager and secrets-manager-cs - Ensures compatibility with existing ExternalSecrets * clean Signed-off-by: Workshop User <[email protected]> * enable ack IAM: Signed-off-by: Pankaj Walke <[email protected]> * wip decouple the deployment Signed-off-by: Pankaj Walke <[email protected]> * make gitlab nlb private and use vpc origin Signed-off-by: Pankaj Walke <[email protected]> * combine resource creation in terraform Signed-off-by: Pankaj Walke <[email protected]> * enable keycloak argocd and eso for hub Signed-off-by: Pankaj Walke <[email protected]> * reset default addons.yaml Signed-off-by: Pankaj Walke <[email protected]> * fix ack workload roles Signed-off-by: Pankaj Walke <[email protected]> * configure argocd for PKCE Signed-off-by: Pankaj Walke <[email protected]> * fix keycloak-config job Signed-off-by: Pankaj Walke <[email protected]> * fix keycloak-config job Signed-off-by: Pankaj Walke <[email protected]> * fix keycloak-config job cluster-name Signed-off-by: Pankaj Walke <[email protected]> * remove refresh interval from keycloak-config externalsecret Signed-off-by: Pankaj Walke <[email protected]> * fix keycloak-config job json payload Signed-off-by: Pankaj Walke <[email protected]> * make argocd keycloak client public Signed-off-by: Pankaj Walke <[email protected]> * try refreshPolicy: OnChange for keycloak externalsecret Signed-off-by: Pankaj Walke <[email protected]> * try spec.refreshPolicy: OnChange for keycloak externalsecret Signed-off-by: Pankaj Walke <[email protected]> * bum external secret to 0.19.2 Signed-off-by: Pankaj Walke <[email protected]> * disable external-secrets Signed-off-by: Pankaj Walke <[email protected]> * enable external-secrets Signed-off-by: Pankaj Walke <[email protected]> * bump external secret resources to v1 Signed-off-by: Pankaj Walke <[email protected]> * remove CAProvider.namespace from SecretStore Signed-off-by: Pankaj Walke <[email protected]> * make keycloak admin and db password predictable Signed-off-by: Pankaj Walke <[email protected]> * remove refreshPolicy: OnChange from keycloak external secrets Signed-off-by: Pankaj Walke <[email protected]> * try PushSecret for keycloak-clients Signed-off-by: Pankaj Walke <[email protected]> * add forceDeleteWithoutRecovery: true to secret manager ClusterSecretStore Signed-off-by: Pankaj Walke <[email protected]> * fix data template in push secret Signed-off-by: Pankaj Walke <[email protected]> * merge and simplify keycloak client configuration Signed-off-by: Pankaj Walke <[email protected]> * fix keycloak-config helm template Signed-off-by: Pankaj Walke <[email protected]> * fix keycloak-config script Signed-off-by: Pankaj Walke <[email protected]> * fix keycloak-config script grafana roles Signed-off-by: Pankaj Walke <[email protected]> * fix keycloak-config script to add grafana client Signed-off-by: Pankaj Walke <[email protected]> * enable argo-workflows on hub Signed-off-by: Pankaj Walke <[email protected]> * enable kargo on hub cluster Signed-off-by: Pankaj Walke <[email protected]> * enable kargo on hub cluster Signed-off-by: Pankaj Walke <[email protected]> * fix kargo addon config Signed-off-by: Pankaj Walke <[email protected]> * fix kargo addon extra object Signed-off-by: Pankaj Walke <[email protected]> * fix kargo addon extra object escape chars Signed-off-by: Pankaj Walke <[email protected]> * fix kargo addon extra object escape ticks Signed-off-by: Pankaj Walke <[email protected]> * fix kargo addon extra object Signed-off-by: Pankaj Walke <[email protected]> * fix kargo addon extra object indentation Signed-off-by: Pankaj Walke <[email protected]> * bump kargo addon version Signed-off-by: Pankaj Walke <[email protected]> * fix kargo addon extra object escape ticks Signed-off-by: Pankaj Walke <[email protected]> * fix kargo addon extra object chars Signed-off-by: Pankaj Walke <[email protected]> * fix kargo addon extra object escape ticks Signed-off-by: Pankaj Walke <[email protected]> * fix kargo addon extra object escape chars Signed-off-by: Pankaj Walke <[email protected]> * fix kargo addon extra object escape ticks Signed-off-by: Pankaj Walke <[email protected]> * fix kargo addon helm values Signed-off-by: Pankaj Walke <[email protected]> * fix kargo addon helm values object Signed-off-by: Pankaj Walke <[email protected]> * enable cert manager Signed-off-by: Pankaj Walke <[email protected]> * update hub-config.yaml Signed-off-by: Pankaj Walke <[email protected]> * move keycloak config job from hook and add backoffLimit logic Signed-off-by: Pankaj Walke <[email protected]> * add wait before creating keycloak users Signed-off-by: Pankaj Walke <[email protected]> * add logic to associate realm roles with users in keycloak Signed-off-by: Pankaj Walke <[email protected]> * add grafana-admin realmrole to user1 Signed-off-by: Pankaj Walke <[email protected]> * add sync hooks to keycloak Push Secret and config job Signed-off-by: Pankaj Walke <[email protected]> * add sync hooks to keycloak Push Secret and config job Signed-off-by: Pankaj Walke <[email protected]> * modify fleet secret config and add control-plane secret Signed-off-by: Pankaj Walke <[email protected]> * updater cluster secret chart Signed-off-by: Pankaj Walke <[email protected]> * remove hub cluster fleet secret Signed-off-by: Pankaj Walke <[email protected]> * fix tlsClientConfig.insecure error Signed-off-by: Pankaj Walke <[email protected]> * fix tlsClientConfig.insecure string error Signed-off-by: Pankaj Walke <[email protected]> * rename cluster secret Signed-off-by: Pankaj Walke <[email protected]> * remove hub cluster secret Signed-off-by: Pankaj Walke <[email protected]> * seperate gitlab infra deployment from resources Signed-off-by: Pankaj Walke <[email protected]> * revert fleet secret chart template Signed-off-by: Pankaj Walke <[email protected]> * enable all addons like riv25 except backstage Signed-off-by: Pankaj Walke <[email protected]> * make addon configuration dynamic Signed-off-by: Pankaj Walke <[email protected]> * seperate cluster creation from bootstrap Signed-off-by: Pankaj Walke <[email protected]> * try cluster creation Signed-off-by: Pankaj Walke <[email protected]> * fix utils.sh Signed-off-by: Pankaj Walke <[email protected]> * fix utils.sh Signed-off-by: Pankaj Walke <[email protected]> * fix cluster deploy.sh Signed-off-by: Pankaj Walke <[email protected]> * fix SCRIPTDIR in deploy.sh Signed-off-by: Pankaj Walke <[email protected]> * fix SCRIPTDIR in deploy.sh Signed-off-by: Pankaj Walke <[email protected]> * fix kubernetes_version Signed-off-by: Pankaj Walke <[email protected]> * fix destroy.sh Signed-off-by: Pankaj Walke <[email protected]> * fix cluster destroy Signed-off-by: Pankaj Walke <[email protected]> * add gitlab and boostrap stack Signed-off-by: Pankaj Walke <[email protected]> * add IDE VPC CIDR block in hub cluster sg Signed-off-by: Pankaj Walke <[email protected]> * fix utils.sh Signed-off-by: Pankaj Walke <[email protected]> * fix destroy.sh of boostrap Signed-off-by: Pankaj Walke <[email protected]> * fix destroy.sh of boostrap Signed-off-by: Pankaj Walke <[email protected]> * fix destroy.sh of boostrap Signed-off-by: Pankaj Walke <[email protected]> * enable ns creation for argocd gitops bridge Signed-off-by: Pankaj Walke <[email protected]> * update utils.sh Signed-off-by: Pankaj Walke <[email protected]> * Update region in locals.tf * fix workshop region issue * Update scripts * fix init.sh * Fix backstage build.sh * enable backstage * enable backstage * enable backstage * fix 2-tools-urls.sh * fix backstage password * fix url.sh * Add Argo CD cleanup script * fix delete_argocd_apps * fix delete_argocd_apps * fix delete_argocd_apps * add cleanup logic Signed-off-by: Pankaj Walke <[email protected]> * add webhook cleanup logic Signed-off-by: Pankaj Walke <[email protected]> * fix destroy.sh of boostrap Signed-off-by: Pankaj Walke <[email protected]> * fix destroy.sh of boostrap Signed-off-by: Pankaj Walke <[email protected]> * refactor scripts Signed-off-by: Pankaj Walke <[email protected]> * refactor scripts Signed-off-by: Pankaj Walke <[email protected]> * refactor scripts Signed-off-by: Pankaj Walke <[email protected]> * refactor scripts Signed-off-by: Pankaj Walke <[email protected]> * address review comments Signed-off-by: Pankaj Walke <[email protected]> * generate spoke cluster secrets during bootstrap Signed-off-by: Pankaj Walke <[email protected]> * Restore gitops/fleet/members folder that was deleted during cherry-pick * Keep gitops/fleet/members as empty folders with .gitkeep files * generate spoke cluster secrets during bootstrap Signed-off-by: Pankaj Walke <[email protected]> * address review comments Signed-off-by: Pankaj Walke <[email protected]> * revert rebase values Signed-off-by: Pankaj Walke <[email protected]> * revert rebase outputs Signed-off-by: Pankaj Walke <[email protected]> * unused code cleanup Signed-off-by: Pankaj Walke <[email protected]> * unused code cleanup Signed-off-by: Pankaj Walke <[email protected]> * adding retry for deploy.sh Signed-off-by: Pankaj Walke <[email protected]> * add check for backstae image in ecr Signed-off-by: Pankaj Walke <[email protected]> * return actual status from check_backstage_build_status Signed-off-by: Pankaj Walke <[email protected]> * return actual status from check_backstage_build_status Signed-off-by: Pankaj Walke <[email protected]> * return actual status from check_backstage_build_status Signed-off-by: Pankaj Walke <[email protected]> * return actual status from check_backstage_build_status Signed-off-by: Pankaj Walke <[email protected]> * revert: return actual status from check_backstage_build_status Signed-off-by: Pankaj Walke <[email protected]> * add ArgoCD namespace deletion logic during destroy Signed-off-by: Pankaj Walke <[email protected]> * add ArgoCD namespace deletion logic during destroy Signed-off-by: Pankaj Walke <[email protected]> * remove kyverno apps first Signed-off-by: Pankaj Walke <[email protected]> * fix script build wait on backstage Signed-off-by: Workshop User <[email protected]> * add git username Signed-off-by: Workshop User <[email protected]> * add AMP endpoint secret for Kubevela service Signed-off-by: Pankaj Walke <[email protected]> * add terraform-aws-observability-accelerator module Signed-off-by: Pankaj Walke <[email protected]> * fix terraform-aws-observability-accelerator module Signed-off-by: Pankaj Walke <[email protected]> * fix terraform-aws-observability-accelerator kubectl and helm provider Signed-off-by: Pankaj Walke <[email protected]> * seperate terraform-aws-observability-accelerator module for spoke clusters Signed-off-by: Pankaj Walke <[email protected]> * enable fluxcd on spoke clusters Signed-off-by: Pankaj Walke <[email protected]> * fix flux chart secrets Signed-off-by: Pankaj Walke <[email protected]> * add argocd bootstrap terraform-aws-observability-accelerator module Signed-off-by: Pankaj Walke <[email protected]> * add resource prefix to argorollouts_secret Signed-off-by: Pankaj Walke <[email protected]> * add fluxcd crd data resource for terraform-aws-observability-accelerator Signed-off-by: Pankaj Walke <[email protected]> * Updated bootstrap values in Backstag template and Created spoke cluster secret files * Updated bootstrap values in Backstag template and Created spoke cluster secret files * Updated bootstrap values in Backstag template and Created spoke cluster secret files * Updated bootstrap values in Backstag template and Created spoke cluster secret files * Updated bootstrap values in Backstag template and Created spoke cluster secret files * Updated bootstrap values in Backstag template and Created spoke cluster secret files * Updated bootstrap values in Backstag template and Created spoke cluster secret files * Updated bootstrap values in Backstag template and Created spoke cluster secret files * Updated bootstrap values in Backstag template and Created spoke cluster secret files * update gitlab domain Signed-off-by: user1 <[email protected]> * Updated bootstrap values in Backstag template and Created spoke cluster secret files * Fix region and domain configuration issues - Fixed ClusterSecretStore region configuration - Updated catalog-info.yaml with correct domain values - Moved update_workshop_var calls to 6-tools-urls.sh - Added WORKSHOP_CLUSTERS=true to enable region override - Fixed YAML syntax error in catalog-info.yaml * clean Signed-off-by: user1 <[email protected]> * clean Signed-off-by: user1 <[email protected]> * clean Signed-off-by: user1 <[email protected]> * clean backstage * sync addons Signed-off-by: user1 <[email protected]> * clean cicd old Signed-off-by: user1 <[email protected]> * fix rebase Signed-off-by: user1 <[email protected]> * forgot pipeline Signed-off-by: user1 <[email protected]> --------- Signed-off-by: Workshop User <[email protected]> Signed-off-by: Sébastien Allamand <[email protected]> Signed-off-by: Pankaj Walke <[email protected]> Signed-off-by: user1 <[email protected]> Co-authored-by: Workshop User <[email protected]> Co-authored-by: Hari Muthusamy <[email protected]> Co-authored-by: user1 <[email protected]> Co-authored-by: Pankaj Walke <[email protected]> Co-authored-by: user1 <[email protected]>
Signed-off-by: Pankaj Walke <[email protected]>
Signed-off-by: Pankaj Walke <[email protected]>
Signed-off-by: Pankaj Walke <[email protected]>
Signed-off-by: Pankaj Walke <[email protected]>
Signed-off-by: Pankaj Walke <[email protected]>
Signed-off-by: Pankaj Walke <[email protected]>
Signed-off-by: Pankaj Walke <[email protected]>
Signed-off-by: Pankaj Walke <[email protected]>
Signed-off-by: Pankaj Walke <[email protected]>
Signed-off-by: Pankaj Walke <[email protected]>
Signed-off-by: Pankaj Walke <[email protected]>
Signed-off-by: Pankaj Walke <[email protected]>
* update template Signed-off-by: Workshop User <[email protected]> * Updated bootstrap values in Backstag template and Created spoke cluster secret files * add ecr Signed-off-by: user1 <[email protected]> * Updated bootstrap values in Backstag template and Created spoke cluster secret files * Updated bootstrap values in Backstag template and Created spoke cluster secret files * update external-secret to v1 Signed-off-by: user1 <[email protected]> * update pipeline ot use new secret format Signed-off-by: user1 <[email protected]> * clean repo Signed-off-by: user1 <[email protected]> * add ecr in prod Signed-off-by: user1 <[email protected]> --------- Signed-off-by: Workshop User <[email protected]> Signed-off-by: user1 <[email protected]> Co-authored-by: Workshop User <[email protected]> Co-authored-by: user1 <[email protected]>
Signed-off-by: Pankaj Walke <[email protected]>
…e prefix Signed-off-by: Pankaj Walke <[email protected]>
Fix/devlake
Signed-off-by: Workshop User <[email protected]> Co-authored-by: Workshop User <[email protected]>
Signed-off-by: user1 <[email protected]>
Signed-off-by: user1 <[email protected]>
Signed-off-by: user1 <[email protected]>
Signed-off-by: user1 <[email protected]>
Fix/kyverno
Signed-off-by: Workshop User <[email protected]> Co-authored-by: Workshop User <[email protected]>
Signed-off-by: Workshop User <[email protected]>
…tical platform addons - Add HA documentation covering GitOps-managed architecture patterns - Configure ArgoCD with Redis HA, sticky sessions, and multi-replica deployment - Implement External Secrets HA with 2 replicas and Pod Disruption Budgets - Add Cert-Manager HA configuration with multi-replica controllers - Configure resource limits following memory-protection best practices - Replace ACK controllers with dedicated chart-based implementations - Add Keycloak with Infinispan clustering for session sharing - Implement topology spread constraints for multi-AZ distribution - Add comprehensive resilience features and automatic recovery patterns This ensures critical platform services maintain availability during node failures, rolling updates, and maintenance operations while following cloud-native best practices.
- Update Backstage install template - Modify Keycloak install and config templates - Update CICD pipeline resource group manifest
- Enhanced resource allocation and HA configuration - Added Redis HA with HAProxy for session management - Configured topology spread constraints and PDB - Updated ingress with session affinity - Added comprehensive health checks for AWS resources
Signed-off-by: Sébastien Allamand <[email protected]>
Signed-off-by: Workshop User <[email protected]>
added on addon timout
Signed-off-by: Workshop User <[email protected]>
keycloack in sts for handle HA
Signed-off-by: Workshop User <[email protected]>
Signed-off-by: Workshop User <[email protected]>
donot wait for best effort apps
fixed timeout for operator
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is Macro PR that will be used as a target for any changes needed to update workshop structure, with our RIV25 target.
When all work will be done, this PR could be then merged