From cbe638525ef884a10500ca4d2e29fcc92cb7845c Mon Sep 17 00:00:00 2001 From: Gavin Jefferies Date: Mon, 28 Aug 2023 16:19:17 -0700 Subject: [PATCH 01/12] A new key for GKE provisioning --- chart/infra-server/templates/gke/secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chart/infra-server/templates/gke/secrets.yaml b/chart/infra-server/templates/gke/secrets.yaml index 5b97699db..0cf1dda7b 100644 --- a/chart/infra-server/templates/gke/secrets.yaml +++ b/chart/infra-server/templates/gke/secrets.yaml @@ -10,6 +10,6 @@ metadata: data: google-credentials.json: |- - {{ required ".Values.gke__gke_credentials_json is undefined" .Values.gke__gke_credentials_json }} + {{ required ".Values.gke__gke_provisioner_json is undefined" .Values.gke__gke_provisioner_json }} --- From c57096712cfe7d98689b055e71ffdb532a5508b9 Mon Sep 17 00:00:00 2001 From: Gavin Jefferies Date: Mon, 28 Aug 2023 16:28:35 -0700 Subject: [PATCH 02/12] srox-temp-dev-test -> acs-team-temp-dev --- chart/infra-server/static/flavors.yaml | 2 +- chart/infra-server/static/workflow-gke-default.yaml | 4 ++-- flavor/testdata/missing-parameter-descriptions.yaml | 4 ++-- flavor/testdata/test-gke-lite.yaml | 4 ++-- scripts/add-PR-comment-for-deploy-to-dev.sh | 10 +++++----- workflows/gke-lite.yaml | 4 ++-- 6 files changed, 14 insertions(+), 14 deletions(-) diff --git a/chart/infra-server/static/flavors.yaml b/chart/infra-server/static/flavors.yaml index 48eb76155..d38fe4a55 100644 --- a/chart/infra-server/static/flavors.yaml +++ b/chart/infra-server/static/flavors.yaml @@ -139,7 +139,7 @@ value: "" kind: optional help: | - e.g. 1.19.12-gke.2100. Use 'gcloud container get-server-config --zone=us-central1 --project srox-temp-dev-test' to see all versions. + e.g. 1.19.12-gke.2100. Use 'gcloud container get-server-config --zone=us-central1 --project acs-team-temp-dev' to see all versions. - name: pod-security-policy description: Enable pod security policy diff --git a/chart/infra-server/static/workflow-gke-default.yaml b/chart/infra-server/static/workflow-gke-default.yaml index e656408c2..367ec62a5 100644 --- a/chart/infra-server/static/workflow-gke-default.yaml +++ b/chart/infra-server/static/workflow-gke-default.yaml @@ -69,7 +69,7 @@ spec: - "--name={{workflow.parameters.name}}" - "--nodes={{workflow.parameters.nodes}}" - "--machine-type={{workflow.parameters.machine-type}}" - - --gcp-project=srox-temp-dev-test + - --gcp-project=acs-team-temp-dev - --creation-source=infra - --k8s-version={{workflow.parameters.k8s-version}} - --pod-security-policy={{workflow.parameters.pod-security-policy}} @@ -92,7 +92,7 @@ spec: args: - destroy - "--name={{workflow.parameters.name}}" - - --gcp-project=srox-temp-dev-test + - --gcp-project=acs-team-temp-dev - --gcp-zone={{workflow.parameters.gcp-zone}} volumeMounts: - name: credentials diff --git a/flavor/testdata/missing-parameter-descriptions.yaml b/flavor/testdata/missing-parameter-descriptions.yaml index d97d06a68..fb1fa3588 100644 --- a/flavor/testdata/missing-parameter-descriptions.yaml +++ b/flavor/testdata/missing-parameter-descriptions.yaml @@ -75,7 +75,7 @@ spec: - "--name={{workflow.parameters.name}}" - "--nodes={{workflow.parameters.nodes}}" - "--machine-type={{workflow.parameters.machine-type}}" - - --gcp-project=srox-temp-dev-test + - --gcp-project=acs-team-temp-dev - --creation-source=infra - --k8s-version={{workflow.parameters.k8s-version}} - --pod-security-policy={{workflow.parameters.pod-security-policy}} @@ -98,7 +98,7 @@ spec: args: - destroy - "--name={{workflow.parameters.name}}" - - --gcp-project=srox-temp-dev-test + - --gcp-project=acs-team-temp-dev - --gcp-zone={{workflow.parameters.gcp-zone}} volumeMounts: - name: credentials diff --git a/flavor/testdata/test-gke-lite.yaml b/flavor/testdata/test-gke-lite.yaml index 86beb20c2..593b64a43 100644 --- a/flavor/testdata/test-gke-lite.yaml +++ b/flavor/testdata/test-gke-lite.yaml @@ -78,7 +78,7 @@ spec: - "--name={{workflow.parameters.name}}" - "--nodes={{workflow.parameters.nodes}}" - "--machine-type={{workflow.parameters.machine-type}}" - - --gcp-project=srox-temp-dev-test + - --gcp-project=acs-team-temp-dev - --creation-source=infra - --k8s-version={{workflow.parameters.k8s-version}} - --pod-security-policy={{workflow.parameters.pod-security-policy}} @@ -101,7 +101,7 @@ spec: args: - destroy - "--name={{workflow.parameters.name}}" - - --gcp-project=srox-temp-dev-test + - --gcp-project=acs-team-temp-dev - --gcp-zone={{workflow.parameters.gcp-zone}} volumeMounts: - name: credentials diff --git a/scripts/add-PR-comment-for-deploy-to-dev.sh b/scripts/add-PR-comment-for-deploy-to-dev.sh index f72020b38..ffcfa23d2 100755 --- a/scripts/add-PR-comment-for-deploy-to-dev.sh +++ b/scripts/add-PR-comment-for-deploy-to-dev.sh @@ -28,7 +28,7 @@ CI will attempt to deploy {{.Env.IMAGE_NAME}} to it. :electric_plug: You can **connect** to this cluster with: \`\`\` -gcloud container clusters get-credentials {{.Env.DEV_CLUSTER_NAME}} --zone us-central1-a --project srox-temp-dev-test +gcloud container clusters get-credentials {{.Env.DEV_CLUSTER_NAME}} --zone us-central1-a --project acs-team-temp-dev \`\`\` :hammer_and_wrench: And pull **infractl** from the deployed dev infra-server with: @@ -56,10 +56,10 @@ make install-local ### Logs -Logs for the development infra depending on your @stackrox.com authuser: -- [authuser=0](https://console.cloud.google.com/logs/query;query=resource.labels.cluster_name%3D%22{{.Env.DEV_CLUSTER_NAME}}%22%0Aresource.labels.container_name%3D%22infra-server%22?project=srox-temp-dev-test&authuser=0) -- [authuser=1](https://console.cloud.google.com/logs/query;query=resource.labels.cluster_name%3D%22{{.Env.DEV_CLUSTER_NAME}}%22%0Aresource.labels.container_name%3D%22infra-server%22?project=srox-temp-dev-test&authuser=1) -- [authuser=2](https://console.cloud.google.com/logs/query;query=resource.labels.cluster_name%3D%22{{.Env.DEV_CLUSTER_NAME}}%22%0Aresource.labels.container_name%3D%22infra-server%22?project=srox-temp-dev-test&authuser=2) +Logs for the development infra depending on your @redhat.com authuser: +- [authuser=0](https://console.cloud.google.com/logs/query;query=resource.labels.cluster_name%3D%22{{.Env.DEV_CLUSTER_NAME}}%22%0Aresource.labels.container_name%3D%22infra-server%22?project=acs-team-temp-dev&authuser=0) +- [authuser=1](https://console.cloud.google.com/logs/query;query=resource.labels.cluster_name%3D%22{{.Env.DEV_CLUSTER_NAME}}%22%0Aresource.labels.container_name%3D%22infra-server%22?project=acs-team-temp-dev&authuser=1) +- [authuser=2](https://console.cloud.google.com/logs/query;query=resource.labels.cluster_name%3D%22{{.Env.DEV_CLUSTER_NAME}}%22%0Aresource.labels.container_name%3D%22infra-server%22?project=acs-team-temp-dev&authuser=2) Or: \`\`\` diff --git a/workflows/gke-lite.yaml b/workflows/gke-lite.yaml index b432368be..099878d59 100644 --- a/workflows/gke-lite.yaml +++ b/workflows/gke-lite.yaml @@ -86,7 +86,7 @@ spec: - "--name={{workflow.parameters.name}}" - "--nodes={{workflow.parameters.nodes}}" - "--machine-type={{workflow.parameters.machine-type}}" - - --gcp-project=srox-temp-dev-test + - --gcp-project=acs-team-temp-dev - --creation-source=infra - --k8s-version={{workflow.parameters.k8s-version}} - --pod-security-policy={{workflow.parameters.pod-security-policy}} @@ -109,7 +109,7 @@ spec: args: - destroy - "--name={{workflow.parameters.name}}" - - --gcp-project=srox-temp-dev-test + - --gcp-project=acs-team-temp-dev - --gcp-zone={{workflow.parameters.gcp-zone}} volumeMounts: - name: credentials From 7fc4f9ac200901472ffb1df590fcd139aae75e72 Mon Sep 17 00:00:00 2001 From: Gavin Jefferies Date: Thu, 31 Aug 2023 18:42:21 -0700 Subject: [PATCH 03/12] update secrets and config for GKE demos --- chart/infra-server/static/workflow-demo.yaml | 8 ++++---- .../infra-server/static/workflow-qa-demo.yaml | 10 +++++----- chart/infra-server/templates/demo/secrets.yaml | 6 +++++- .../templates/qa-demo/secrets.yaml | 18 ------------------ 4 files changed, 14 insertions(+), 28 deletions(-) delete mode 100644 chart/infra-server/templates/qa-demo/secrets.yaml diff --git a/chart/infra-server/static/workflow-demo.yaml b/chart/infra-server/static/workflow-demo.yaml index 476f81c65..9699afea8 100644 --- a/chart/infra-server/static/workflow-demo.yaml +++ b/chart/infra-server/static/workflow-demo.yaml @@ -78,10 +78,10 @@ spec: path: /certs/cert.pem gcs: bucket: sr-demo-files - key: certs/demo.stackrox.com/privkey-plus-fullchain.pem + key: certs/demos.rox.systems/privkey-plus-fullchain.pem serviceAccountKeySecret: name: google-credentials-demo - key: google-credentials.json + key: read-certs-google-credentials.json outputs: artifacts: - name: kubeconfig @@ -170,9 +170,9 @@ spec: name: demo-secrets key: SLACK_WEBHOOK - name: GCP_CLOUD_DNS_ZONE_NAME - value: "demo-stackrox-com" + value: "demos-rox-systems" - name: DOMAIN_NAME - value: "demo.stackrox.com" + value: "demos.rox.systems" - name: wait suspend: {} diff --git a/chart/infra-server/static/workflow-qa-demo.yaml b/chart/infra-server/static/workflow-qa-demo.yaml index d31b870db..11e4f6726 100644 --- a/chart/infra-server/static/workflow-qa-demo.yaml +++ b/chart/infra-server/static/workflow-qa-demo.yaml @@ -29,7 +29,7 @@ spec: volumes: - name: credentials secret: - secretName: google-credentials-qa-demo + secretName: google-credentials-demo templates: - name: start @@ -85,10 +85,10 @@ spec: path: /certs/cert.pem gcs: bucket: sr-demo-files - key: certs/demo.stackrox.com/privkey-plus-fullchain.pem + key: certs/demos.rox.systems/privkey-plus-fullchain.pem serviceAccountKeySecret: name: google-credentials-demo - key: google-credentials.json + key: read-certs-google-credentials.json outputs: artifacts: @@ -176,9 +176,9 @@ spec: name: demo-secrets key: SLACK_WEBHOOK - name: GCP_CLOUD_DNS_ZONE_NAME - value: "demo-stackrox-com" + value: "demos-rox-systems" - name: DOMAIN_NAME - value: "demo.stackrox.com" + value: "demos.rox.systems" - name: wait suspend: {} diff --git a/chart/infra-server/templates/demo/secrets.yaml b/chart/infra-server/templates/demo/secrets.yaml index 9c0e30042..c52429806 100644 --- a/chart/infra-server/templates/demo/secrets.yaml +++ b/chart/infra-server/templates/demo/secrets.yaml @@ -11,12 +11,16 @@ metadata: data: # Service account used for provisioning demo infrastructure. google-credentials.json: |- - {{ required ".Values.demo__demo_provisioner_json is undefined" .Values.demo__demo_provisioner_json }} + {{ required ".Values.demo__gke_demo_provisioner_json is undefined" .Values.demo__gke_demo_provisioner_json }} # Service account used for demo GCR integration. google-scanner-credentials.json: |- {{ required ".Values.demo__google_scanner_credentials_json is undefined" .Values.demo__google_scanner_credentials_json }} + # Service account used for providing certs from the certifier sr-demo-files bucket. + read-certs-google-credentials.json: |- + {{ required ".Values.demo__demo_provisioner_json is undefined" .Values.demo__demo_provisioner_json }} + --- apiVersion: v1 diff --git a/chart/infra-server/templates/qa-demo/secrets.yaml b/chart/infra-server/templates/qa-demo/secrets.yaml deleted file mode 100644 index f70d5edef..000000000 --- a/chart/infra-server/templates/qa-demo/secrets.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -apiVersion: v1 -kind: Secret -type: Opaque - -metadata: - name: google-credentials-qa-demo - namespace: default - -data: - # Service account used for provisioning demo infrastructure. - google-credentials.json: |- - {{ required ".Values.qa_demo__qa_demo_provisioner_json is undefined" .Values.qa_demo__qa_demo_provisioner_json }} - - # Service account used for demo GCR integration. - google-scanner-credentials.json: |- - {{ required ".Values.demo__google_scanner_credentials_json is undefined" .Values.demo__google_scanner_credentials_json }} From bc186e6143101a4d9ec00e4c9e36d591a9f767f6 Mon Sep 17 00:00:00 2001 From: Gavin Jefferies Date: Thu, 31 Aug 2023 18:45:28 -0700 Subject: [PATCH 04/12] update projects --- chart/infra-server/static/workflow-demo.yaml | 4 ++-- chart/infra-server/static/workflow-qa-demo.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/chart/infra-server/static/workflow-demo.yaml b/chart/infra-server/static/workflow-demo.yaml index 9699afea8..59c7b4478 100644 --- a/chart/infra-server/static/workflow-demo.yaml +++ b/chart/infra-server/static/workflow-demo.yaml @@ -121,8 +121,8 @@ spec: - "--name={{workflow.parameters.name}}" - "--main-image={{workflow.parameters.main-image}}" - "--central-db-image={{workflow.parameters.central-db-image}}" - - --gcp-project=srox-temp-sales-demos - - --dns-gcp-project=ultra-current-825 + - --gcp-project=acs-team-temp-dev + - --dns-gcp-project=acs-team-temp-dev - --creation-source=infra - --k8s-version={{workflow.parameters.k8s-version}} - --enable-psps={{workflow.parameters.enable-psps}} diff --git a/chart/infra-server/static/workflow-qa-demo.yaml b/chart/infra-server/static/workflow-qa-demo.yaml index 11e4f6726..355de962e 100644 --- a/chart/infra-server/static/workflow-qa-demo.yaml +++ b/chart/infra-server/static/workflow-qa-demo.yaml @@ -127,8 +127,8 @@ spec: - "--scanner-image={{workflow.parameters.scanner-image}}" - "--scanner-db-image={{workflow.parameters.scanner-db-image}}" - "--central-db-image={{workflow.parameters.central-db-image}}" - - --gcp-project=srox-temp-dev-test - - --dns-gcp-project=ultra-current-825 + - --gcp-project=acs-team-temp-dev + - --dns-gcp-project=acs-team-temp-dev - --creation-source=infra - --k8s-version={{workflow.parameters.k8s-version}} - --enable-psps={{workflow.parameters.enable-psps}} From 706911c80a3c5c1ee227b1799a311e86add2f740 Mon Sep 17 00:00:00 2001 From: Gavin Jefferies Date: Fri, 1 Sep 2023 13:55:46 -0700 Subject: [PATCH 05/12] use demo with RH housed images --- chart/infra-server/static/workflow-demo.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chart/infra-server/static/workflow-demo.yaml b/chart/infra-server/static/workflow-demo.yaml index 59c7b4478..fc867be16 100644 --- a/chart/infra-server/static/workflow-demo.yaml +++ b/chart/infra-server/static/workflow-demo.yaml @@ -112,7 +112,7 @@ spec: none: {} container: - image: quay.io/stackrox-io/ci:automation-flavors-demo-0.7.11 + image: quay.io/stackrox-io/ci:automation-flavors-demo-0.7.11-1-g03bfbaf15e-snapshot imagePullPolicy: Always command: - /usr/bin/entrypoint From a2f7a682d9ce8f8f349243b6c4259a24bffd8134 Mon Sep 17 00:00:00 2001 From: Gavin Jefferies Date: Fri, 1 Sep 2023 17:30:17 -0700 Subject: [PATCH 06/12] separate SA for image scanner --- chart/infra-server/static/workflow-demo.yaml | 4 ++-- chart/infra-server/static/workflow-qa-demo.yaml | 4 ++-- chart/infra-server/templates/demo/secrets.yaml | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/chart/infra-server/static/workflow-demo.yaml b/chart/infra-server/static/workflow-demo.yaml index fc867be16..72f312b70 100644 --- a/chart/infra-server/static/workflow-demo.yaml +++ b/chart/infra-server/static/workflow-demo.yaml @@ -131,8 +131,8 @@ spec: mountPath: /tmp/google-credentials.json subPath: google-credentials.json - name: credentials - mountPath: /tmp/google-scanner-credentials.json - subPath: google-scanner-credentials.json + mountPath: /tmp/image-read-google-credentials.json + subPath: image-read-google-credentials.json env: - name: QUAY_RHACS_ENG_RO_USERNAME valueFrom: diff --git a/chart/infra-server/static/workflow-qa-demo.yaml b/chart/infra-server/static/workflow-qa-demo.yaml index 355de962e..f8bf20342 100644 --- a/chart/infra-server/static/workflow-qa-demo.yaml +++ b/chart/infra-server/static/workflow-qa-demo.yaml @@ -137,8 +137,8 @@ spec: mountPath: /tmp/google-credentials.json subPath: google-credentials.json - name: credentials - mountPath: /tmp/google-scanner-credentials.json - subPath: google-scanner-credentials.json + mountPath: /tmp/image-read-google-credentials.json + subPath: image-read-google-credentials.json env: - name: QUAY_RHACS_ENG_RO_USERNAME valueFrom: diff --git a/chart/infra-server/templates/demo/secrets.yaml b/chart/infra-server/templates/demo/secrets.yaml index c52429806..99441e7db 100644 --- a/chart/infra-server/templates/demo/secrets.yaml +++ b/chart/infra-server/templates/demo/secrets.yaml @@ -13,9 +13,9 @@ data: google-credentials.json: |- {{ required ".Values.demo__gke_demo_provisioner_json is undefined" .Values.demo__gke_demo_provisioner_json }} - # Service account used for demo GCR integration. - google-scanner-credentials.json: |- - {{ required ".Values.demo__google_scanner_credentials_json is undefined" .Values.demo__google_scanner_credentials_json }} + # Service account used for demo Artifact Registry access. + image-read-google-credentials.json: |- + {{ required ".Values.demo__gke_demo_scanner_json is undefined" .Values.demo__gke_demo_scanner_json }} # Service account used for providing certs from the certifier sr-demo-files bucket. read-certs-google-credentials.json: |- From d648e140dfbbe973dc8b695c848e4c0447cd3c48 Mon Sep 17 00:00:00 2001 From: Gavin Jefferies Date: Fri, 1 Sep 2023 17:31:57 -0700 Subject: [PATCH 07/12] test --- chart/infra-server/static/workflow-demo.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chart/infra-server/static/workflow-demo.yaml b/chart/infra-server/static/workflow-demo.yaml index 72f312b70..011834006 100644 --- a/chart/infra-server/static/workflow-demo.yaml +++ b/chart/infra-server/static/workflow-demo.yaml @@ -112,7 +112,7 @@ spec: none: {} container: - image: quay.io/stackrox-io/ci:automation-flavors-demo-0.7.11-1-g03bfbaf15e-snapshot + image: quay.io/stackrox-io/ci:automation-flavors-demo-0.7.11-2-ga6724532a3-snapshot imagePullPolicy: Always command: - /usr/bin/entrypoint From 4bbf1fc83a5bc1a270099c8782c2e745a0a0a21a Mon Sep 17 00:00:00 2001 From: Gavin Jefferies Date: Mon, 11 Sep 2023 20:38:53 -0700 Subject: [PATCH 08/12] latest demo fixes --- chart/infra-server/static/workflow-demo.yaml | 4 ++-- chart/infra-server/static/workflow-qa-demo.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/chart/infra-server/static/workflow-demo.yaml b/chart/infra-server/static/workflow-demo.yaml index 011834006..d9d87b78a 100644 --- a/chart/infra-server/static/workflow-demo.yaml +++ b/chart/infra-server/static/workflow-demo.yaml @@ -112,7 +112,7 @@ spec: none: {} container: - image: quay.io/stackrox-io/ci:automation-flavors-demo-0.7.11-2-ga6724532a3-snapshot + image: quay.io/stackrox-io/ci:automation-flavors-demo-0.7.11-3-g0ce5aa7da8-snapshot imagePullPolicy: Always command: - /usr/bin/entrypoint @@ -188,7 +188,7 @@ spec: path: /data/tfvars optional: true container: - image: quay.io/stackrox-io/ci:automation-flavors-demo-0.7.11 + image: quay.io/stackrox-io/ci:automation-flavors-demo-0.7.11-3-g0ce5aa7da8-snapshot imagePullPolicy: Always command: - /usr/bin/entrypoint diff --git a/chart/infra-server/static/workflow-qa-demo.yaml b/chart/infra-server/static/workflow-qa-demo.yaml index f8bf20342..cb5275f8e 100644 --- a/chart/infra-server/static/workflow-qa-demo.yaml +++ b/chart/infra-server/static/workflow-qa-demo.yaml @@ -116,7 +116,7 @@ spec: none: {} container: - image: quay.io/stackrox-io/ci:automation-flavors-demo-0.7.11 + image: quay.io/stackrox-io/ci:automation-flavors-demo-0.7.11-3-g0ce5aa7da8-snapshot imagePullPolicy: Always command: - /usr/bin/entrypoint @@ -194,7 +194,7 @@ spec: path: /data/tfvars optional: true container: - image: quay.io/stackrox-io/ci:automation-flavors-demo-0.7.11 + image: quay.io/stackrox-io/ci:automation-flavors-demo-0.7.11-3-g0ce5aa7da8-snapshot imagePullPolicy: Always command: - /usr/bin/entrypoint From a36dfe2771e1510ce4e4a7cdafde540050e12eca Mon Sep 17 00:00:00 2001 From: Gavin Jefferies Date: Tue, 12 Sep 2023 10:10:08 -0700 Subject: [PATCH 09/12] remove auth0, get admin password --- chart/infra-server/static/workflow-demo.yaml | 16 ++++++---------- chart/infra-server/static/workflow-qa-demo.yaml | 16 ++++++---------- chart/infra-server/templates/demo/secrets.yaml | 5 ----- 3 files changed, 12 insertions(+), 25 deletions(-) diff --git a/chart/infra-server/static/workflow-demo.yaml b/chart/infra-server/static/workflow-demo.yaml index d9d87b78a..bac6a6528 100644 --- a/chart/infra-server/static/workflow-demo.yaml +++ b/chart/infra-server/static/workflow-demo.yaml @@ -106,6 +106,12 @@ spec: archive: none: {} + - name: admin-password + path: /data/admin_password + optional: true + archive: + none: {} + - name: SSH_ACCESS path: /data/SSH_ACCESS.md archive: @@ -154,16 +160,6 @@ spec: secretKeyRef: name: demo-secrets key: STACKROX_IO_PASSWORD - - name: AUTH_CLIENT_ID - valueFrom: - secretKeyRef: - name: demo-secrets - key: AUTH_CLIENT_ID - - name: AUTH_DOMAIN - valueFrom: - secretKeyRef: - name: demo-secrets - key: AUTH_DOMAIN - name: SLACK_WEBHOOK valueFrom: secretKeyRef: diff --git a/chart/infra-server/static/workflow-qa-demo.yaml b/chart/infra-server/static/workflow-qa-demo.yaml index cb5275f8e..d5f1772d2 100644 --- a/chart/infra-server/static/workflow-qa-demo.yaml +++ b/chart/infra-server/static/workflow-qa-demo.yaml @@ -110,6 +110,12 @@ spec: path: /data/url optional: true + - name: admin-password + path: /data/admin_password + optional: true + archive: + none: {} + - name: SSH_ACCESS path: /data/SSH_ACCESS.md archive: @@ -160,16 +166,6 @@ spec: secretKeyRef: name: demo-secrets key: STACKROX_IO_PASSWORD - - name: AUTH_CLIENT_ID - valueFrom: - secretKeyRef: - name: demo-secrets - key: AUTH_CLIENT_ID - - name: AUTH_DOMAIN - valueFrom: - secretKeyRef: - name: demo-secrets - key: AUTH_DOMAIN - name: SLACK_WEBHOOK valueFrom: secretKeyRef: diff --git a/chart/infra-server/templates/demo/secrets.yaml b/chart/infra-server/templates/demo/secrets.yaml index 99441e7db..db96794ec 100644 --- a/chart/infra-server/templates/demo/secrets.yaml +++ b/chart/infra-server/templates/demo/secrets.yaml @@ -47,11 +47,6 @@ data: STACKROX_IO_PASSWORD: |- {{ .Values.pullSecrets.stackrox.password | b64enc }} - AUTH_CLIENT_ID: |- - {{ .Values.auth0.clientID | b64enc }} - AUTH_DOMAIN: |- - {{ .Values.auth0.tenant | b64enc }} - SLACK_WEBHOOK: |- {{ .Values.slackWebhook | b64enc }} From 581cc9d5c725fd82e4032256b7c1557ad65710d5 Mon Sep 17 00:00:00 2001 From: Gavin Jefferies Date: Tue, 12 Sep 2023 10:54:46 -0700 Subject: [PATCH 10/12] get password --- chart/infra-server/static/workflow-demo.yaml | 6 +++--- chart/infra-server/static/workflow-qa-demo.yaml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/chart/infra-server/static/workflow-demo.yaml b/chart/infra-server/static/workflow-demo.yaml index bac6a6528..5befde711 100644 --- a/chart/infra-server/static/workflow-demo.yaml +++ b/chart/infra-server/static/workflow-demo.yaml @@ -107,7 +107,7 @@ spec: none: {} - name: admin-password - path: /data/admin_password + path: /data/central/password optional: true archive: none: {} @@ -118,7 +118,7 @@ spec: none: {} container: - image: quay.io/stackrox-io/ci:automation-flavors-demo-0.7.11-3-g0ce5aa7da8-snapshot + image: quay.io/stackrox-io/ci:automation-flavors-demo-0.7.12-4-g934d698e3f-snapshot imagePullPolicy: Always command: - /usr/bin/entrypoint @@ -184,7 +184,7 @@ spec: path: /data/tfvars optional: true container: - image: quay.io/stackrox-io/ci:automation-flavors-demo-0.7.11-3-g0ce5aa7da8-snapshot + image: quay.io/stackrox-io/ci:automation-flavors-demo-0.7.12-4-g934d698e3f-snapshot imagePullPolicy: Always command: - /usr/bin/entrypoint diff --git a/chart/infra-server/static/workflow-qa-demo.yaml b/chart/infra-server/static/workflow-qa-demo.yaml index d5f1772d2..233ea066d 100644 --- a/chart/infra-server/static/workflow-qa-demo.yaml +++ b/chart/infra-server/static/workflow-qa-demo.yaml @@ -111,7 +111,7 @@ spec: optional: true - name: admin-password - path: /data/admin_password + path: /data/central/password optional: true archive: none: {} @@ -122,7 +122,7 @@ spec: none: {} container: - image: quay.io/stackrox-io/ci:automation-flavors-demo-0.7.11-3-g0ce5aa7da8-snapshot + image: quay.io/stackrox-io/ci:automation-flavors-demo-0.7.12-4-g934d698e3f-snapshot imagePullPolicy: Always command: - /usr/bin/entrypoint @@ -190,7 +190,7 @@ spec: path: /data/tfvars optional: true container: - image: quay.io/stackrox-io/ci:automation-flavors-demo-0.7.11-3-g0ce5aa7da8-snapshot + image: quay.io/stackrox-io/ci:automation-flavors-demo-0.7.12-4-g934d698e3f-snapshot imagePullPolicy: Always command: - /usr/bin/entrypoint From 6e990082c656b820ba0565a7dd637339759a65a9 Mon Sep 17 00:00:00 2001 From: Gavin Jefferies Date: Thu, 21 Sep 2023 08:18:32 -0700 Subject: [PATCH 11/12] use released automation-flavors --- chart/infra-server/static/workflow-demo.yaml | 4 ++-- chart/infra-server/static/workflow-qa-demo.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/chart/infra-server/static/workflow-demo.yaml b/chart/infra-server/static/workflow-demo.yaml index 5befde711..d4af60acb 100644 --- a/chart/infra-server/static/workflow-demo.yaml +++ b/chart/infra-server/static/workflow-demo.yaml @@ -118,7 +118,7 @@ spec: none: {} container: - image: quay.io/stackrox-io/ci:automation-flavors-demo-0.7.12-4-g934d698e3f-snapshot + image: quay.io/stackrox-io/ci:automation-flavors-demo-0.8.0 imagePullPolicy: Always command: - /usr/bin/entrypoint @@ -184,7 +184,7 @@ spec: path: /data/tfvars optional: true container: - image: quay.io/stackrox-io/ci:automation-flavors-demo-0.7.12-4-g934d698e3f-snapshot + image: quay.io/stackrox-io/ci:automation-flavors-demo-0.8.0 imagePullPolicy: Always command: - /usr/bin/entrypoint diff --git a/chart/infra-server/static/workflow-qa-demo.yaml b/chart/infra-server/static/workflow-qa-demo.yaml index 233ea066d..a40f29771 100644 --- a/chart/infra-server/static/workflow-qa-demo.yaml +++ b/chart/infra-server/static/workflow-qa-demo.yaml @@ -122,7 +122,7 @@ spec: none: {} container: - image: quay.io/stackrox-io/ci:automation-flavors-demo-0.7.12-4-g934d698e3f-snapshot + image: quay.io/stackrox-io/ci:automation-flavors-demo-0.8.0 imagePullPolicy: Always command: - /usr/bin/entrypoint @@ -190,7 +190,7 @@ spec: path: /data/tfvars optional: true container: - image: quay.io/stackrox-io/ci:automation-flavors-demo-0.7.12-4-g934d698e3f-snapshot + image: quay.io/stackrox-io/ci:automation-flavors-demo-0.8.0 imagePullPolicy: Always command: - /usr/bin/entrypoint From 7e77d4088b159f2ef12647094c4142369eea0ad7 Mon Sep 17 00:00:00 2001 From: Gavin Jefferies Date: Thu, 21 Sep 2023 08:20:52 -0700 Subject: [PATCH 12/12] update CHANGELOG --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 18bc73691..b11a96ddd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,8 +8,9 @@ Please avoid adding duplicate information across this changelog and JIRA/doc inp ## [NEXT RELEASE] -## [0.7.12] +## [0.8.0] +- Switch GKE based flavors (gke-default, demo, qa-demo) to use a RH project (ROX-17123,ROX-19217) - CLI: Add client-side cluster name validation - Bump demo flavors to 4.2.0