update sync chart from ACM operotar repo

Makefile

@@ -1,4 +1,12 @@
 export ACM_VERSION?=2.12
+export MCE_VERSION?=2.7
+
+SED_CMD:=sed
+ifeq ($(GOHOSTOS),darwin)
+	SED_CMD:=gsed
+endif
+
+export SED=$(SED_CMD)
 
 HELM?=_output/bin/helm
 HELM_VERSION?=v3.14.0

e2e/mce-chart/crds/multicluster.openshift.io_multiclusterengines.yaml

@@ -1,9 +1,9 @@
+---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.15.0
-  creationTimestamp: null
   name: multiclusterengines.multicluster.openshift.io
 spec:
   group: multicluster.openshift.io
@@ -284,9 +284,3 @@ spec:
     storage: true
     subresources:
       status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: null
-  storedVersions: null

e2e/mce-chart/templates/clusterrole.yaml

@@ -1,3 +1,4 @@
+---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:

hack/e2e.sh

@@ -29,7 +29,7 @@ function waitForReady() {
             break
         fi
 
-        echo "failed, expected $rst, but got $result, re-try after 5 seconds."
+        echo "expected $rst, but got $result, re-try after 5 seconds..."
         sleep 5
         (( SECOND = SECOND + 5 ))
     done

hack/update.sh

@@ -4,6 +4,12 @@ set -o errexit
 set -o nounset
 set -o pipefail
 
+rm -rf multiclusterhub-operator
+
+git clone --depth 1 --branch "release-$ACM_VERSION" https://github.com/stolostron/multiclusterhub-operator.git
+
+
+# update CRDs
 CRD_FILES="./multiclusterhub-operator/pkg/templates/crds/grc/policy.open-cluster-management.io_placementbindings.yaml
 ./multiclusterhub-operator/pkg/templates/crds/grc/policy.open-cluster-management.io_policies.yaml
 ./multiclusterhub-operator/pkg/templates/crds/grc/policy.open-cluster-management.io_policyautomations.yaml
@@ -12,25 +18,62 @@ CRD_FILES="./multiclusterhub-operator/pkg/templates/crds/grc/policy.open-cluster
 ./multiclusterhub-operator/pkg/templates/crds/multicloud-operators-subscription/apps.open-cluster-management.io_placementrules_crd_v1.yaml
 "
 
-GRC_CMA_FILES="./multiclusterhub-operator/pkg/templates/charts/toggle/grc/templates/config-policy-clustermanagementaddon.yaml
+for f in $CRD_FILES
+do
+    cp $f ./policy/crds/
+done
+
+
+# update grc sub-chart
+#cp ./multiclusterhub-operator/pkg/templates/charts/toggle/grc/Chart.yaml ./policy/charts/grc/
+#cp ./multiclusterhub-operator/pkg/templates/charts/toggle/grc/values.yaml ./policy/charts/grc/
+
+GRC_FILES="./multiclusterhub-operator/pkg/templates/charts/toggle/grc/templates/config-policy-clustermanagementaddon.yaml
 ./multiclusterhub-operator/pkg/templates/charts/toggle/grc/templates/governance-policy-framework-clustermanagementaddon.yaml
 "
+# ./multiclusterhub-operator/pkg/templates/charts/toggle/grc/templates/grc-clusterrole.yaml
+# ./multiclusterhub-operator/pkg/templates/charts/toggle/grc/templates/grc-clusterrolebinding.yaml
+# ./multiclusterhub-operator/pkg/templates/charts/toggle/grc/templates/grc-policy-addon-role.yaml
+# ./multiclusterhub-operator/pkg/templates/charts/toggle/grc/templates/grc-policy-addon-rolebinding.yaml
+# ./multiclusterhub-operator/pkg/templates/charts/toggle/grc/templates/grc-policy-addon-clusterrole.yaml
+# ./multiclusterhub-operator/pkg/templates/charts/toggle/grc/templates/grc-policy-addon-clusterrolebinding.yaml
+# ./multiclusterhub-operator/pkg/templates/charts/toggle/grc/templates/grc-policy-addon-sa.yaml
+# ./multiclusterhub-operator/pkg/templates/charts/toggle/grc/templates/grc-role.yaml
+# ./multiclusterhub-operator/pkg/templates/charts/toggle/grc/templates/grc-rolebinding.yaml
+# ./multiclusterhub-operator/pkg/templates/charts/toggle/grc/templates/grc-sa.yaml
+# "
 
-rm -rf multiclusterhub-operator
 
-git clone --depth 1 --branch "release-$ACM_VERSION" https://github.com/stolostron/multiclusterhub-operator.git
+for f in $GRC_FILES
+do 
+    cp $f ./policy/charts/grc/templates/
+done
 
+# update cluster-lifecycle sub-chart
+#cp ./multiclusterhub-operator/pkg/templates/charts/toggle/cluster-lifecycle/Chart.yaml ./policy/charts/cluster-lifecycle/
+#cp ./multiclusterhub-operator/pkg/templates/charts/toggle/cluster-lifecycle/values.yaml ./policy/charts/cluster-lifecycle/
 
-for f in $CRD_FILES
-do
-    cp $f ./acm-addons/crds/
-done
+CLUSTER_LIFECYCLE_FILES="./multiclusterhub-operator/pkg/templates/charts/toggle/cluster-lifecycle/templates/klusterlet-addon-role.yaml
+./multiclusterhub-operator/pkg/templates/charts/toggle/cluster-lifecycle/templates/klusterlet-addon-role_binding.yaml
+./multiclusterhub-operator/pkg/templates/charts/toggle/cluster-lifecycle/templates/klusterlet-addon-deployment.yaml"
 
-for f in $GRC_CMA_FILES
+for f in $CLUSTER_LIFECYCLE_FILES
 do 
-    cp $f ./acm-addons/charts/grc/templates/
+    cp $f ./policy/charts/cluster-lifecycle/templates/
 done
 
-
 rm -rf multiclusterhub-operator
 
+
+# update e2e mce chart
+
+rm -rf backplane-operator
+
+git clone --depth 1 --branch "backplane-$MCE_VERSION" https://github.com/stolostron/backplane-operator.git
+
+cp ./backplane-operator/config/crd/bases/multicluster.openshift.io_multiclusterengines.yaml ./e2e/mce-chart/crds/
+cp ./backplane-operator/config/rbac/role.yaml ./e2e/mce-chart/templates/clusterrole.yaml
+
+$SED -i 's/multicluster-engine-operator-role/multicluster-engine-operator/' ./e2e/mce-chart/templates/clusterrole.yaml
+
+rm -rf backplane-operator

policy/charts/cluster-lifecycle/Chart.yaml

@@ -1,6 +1,9 @@
+# Copyright (c) 2024 Red Hat, Inc.
+# Copyright Contributors to the Open Cluster Management project
+
 apiVersion: v1
 appVersion: 2.12.0
-version: 2.12.0
 description: Helm chart for deploying the cluster lifecycle
 kubeVersion: ">=1.11.0-0"
 name: cluster-lifecycle
+version: 2.12.0

policy/charts/cluster-lifecycle/templates/deployment.yaml → policy/charts/cluster-lifecycle/templates/klusterlet-addon-deployment.yaml

@@ -1,27 +1,40 @@
+# Copyright Contributors to the Open Cluster Management project
+
 apiVersion: apps/v1
 kind: Deployment
 metadata:
+  name: klusterlet-addon-controller-v2
+  namespace: {{ .Values.global.namespace }}
   labels:
     app: klusterlet-addon-controller-v2
-    app.kubernetes.io/name: klusterlet-addon-controller
     component: klusterlet-addon-controller
-  name: klusterlet-addon-controller-v2
-  namespace: {{ .Values.global.namespace }}
+    app.kubernetes.io/name: klusterlet-addon-controller
 spec:
+  minReadySeconds: 0
   replicas: {{ .Values.hubconfig.replicaCount }}
   selector:
     matchLabels:
       app: klusterlet-addon-controller-v2
       component: klusterlet-addon-controller
   template:
     metadata:
-      creationTimestamp: null
       labels:
         app: klusterlet-addon-controller-v2
-        app.kubernetes.io/name: klusterlet-addon-controller
+        ocm-antiaffinity-selector: "klusterletaddon"
         component: klusterlet-addon-controller
-        ocm-antiaffinity-selector: klusterletaddon
+        app.kubernetes.io/name: klusterlet-addon-controller
     spec:
+      {{- if .Values.global.pullSecret }}
+      imagePullSecrets:
+        - name: {{ .Values.global.pullSecret }}
+      {{- end }}
+      serviceAccountName: klusterlet-addon-controller-v2
+      hostNetwork: false
+      hostPID: false
+      hostIPC: false
+      terminationGracePeriodSeconds: 60
+      securityContext:
+        runAsNonRoot: true
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
@@ -36,66 +49,75 @@ spec:
                 - arm64
         podAntiAffinity:
           preferredDuringSchedulingIgnoredDuringExecution:
-          - podAffinityTerm:
+          - weight: 70
+            podAffinityTerm:
+              topologyKey: topology.kubernetes.io/zone
               labelSelector:
                 matchExpressions:
                 - key: ocm-antiaffinity-selector
                   operator: In
                   values:
                   - klusterletaddon
-              topologyKey: topology.kubernetes.io/zone
-            weight: 70
-          - podAffinityTerm:
+          - weight: 35
+            podAffinityTerm:
+              topologyKey: kubernetes.io/hostname
               labelSelector:
                 matchExpressions:
                 - key: ocm-antiaffinity-selector
                   operator: In
                   values:
                   - klusterletaddon
-              topologyKey: kubernetes.io/hostname
-            weight: 35
+      {{- with .Values.hubconfig.tolerations }}
+      tolerations:
+      {{- range . }}
+      - {{ if .Key }} key: {{ .Key }} {{- end }}
+        {{ if .Operator }} operator: {{ .Operator }} {{- end }}
+        {{ if .Value }} value: {{ .Value }} {{- end }}
+        {{ if .Effect }} effect: {{ .Effect }} {{- end }}
+        {{ if .TolerationSeconds }} tolerationSeconds: {{ .TolerationSeconds }} {{- end }}
+        {{- end }}
+      {{- end }}
       containers:
-      - env:
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.name
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
+      - name: klusterlet-addon-controller
         image: "{{ .Values.global.imageOverrides.klusterlet_addon_controller }}"
-        imagePullPolicy: IfNotPresent
-        name: klusterlet-addon-controller
-        resources:
-          limits:
-            cpu: 500m
-            memory: 2Gi
-          requests:
-            cpu: 50m
-            memory: 96Mi
+        imagePullPolicy: {{ .Values.global.pullPolicy }}
         securityContext:
           allowPrivilegeEscalation: false
           capabilities:
             drop:
             - ALL
           privileged: false
           readOnlyRootFilesystem: true
-        terminationMessagePath: /dev/termination-log
-        terminationMessagePolicy: File
-      dnsPolicy: ClusterFirst
-      imagePullSecrets:
-      - name: open-cluster-management-image-pull-credentials
-      restartPolicy: Always
-      schedulerName: default-scheduler
-      securityContext:
-        runAsNonRoot: true
-      serviceAccount: klusterlet-addon-controller-v2
-      serviceAccountName: klusterlet-addon-controller-v2
-      terminationGracePeriodSeconds: 60
-      tolerations:
-      - effect: NoSchedule
-        key: node-role.kubernetes.io/infra
-        operator: Exists
+        resources:
+          requests:
+            memory: "96Mi"
+            cpu: "50m"
+          limits:
+            memory: "2Gi"
+            cpu: "500m"
+        env:
+          - name: WATCH_NAMESPACE
+          - name: POD_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.name
+          - name: OPERATOR_NAME
+            value: klusterlet-addon-controller
+          - name: HUB_VERSION
+            value: {{ .Values.hubconfig.hubVersion }}
+          - name: USE_SHA_MANIFEST
+            value: "true"
+          - name: DEFAULT_IMAGE_PULL_SECRET
+            value: {{ .Values.global.pullSecret }}
+          - name: DEFAULT_IMAGE_REGISTRY
+            value: {{ .Values.global.imageRepository }}
+          - name: ADDON_CLUSTERROLE_PREFIX
+            value: "open-cluster-management:addons:"
+          - name: POD_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+      {{- with .Values.hubconfig.nodeSelector }}
+      nodeSelector:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}

policy/charts/cluster-lifecycle/templates/clusterrole.yaml → policy/charts/cluster-lifecycle/templates/klusterlet-addon-role.yaml

@@ -1,3 +1,5 @@
+# Copyright Contributors to the Open Cluster Management project
+
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:

policy/charts/cluster-lifecycle/templates/clusterrolebinding.yaml → policy/charts/cluster-lifecycle/templates/klusterlet-addon-role_binding.yaml

@@ -1,3 +1,5 @@
+# Copyright Contributors to the Open Cluster Management project
+
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
@@ -9,7 +11,7 @@ metadata:
 subjects:
 - kind: ServiceAccount
   name: klusterlet-addon-controller-v2
-  namespace: {{ .Values.global.namespace }}
+  namespace: '{{ .Values.global.namespace }}'
 roleRef:
   kind: ClusterRole
   name: open-cluster-management:klusterlet-addon-controller-v2

policy/charts/cluster-lifecycle/values.yaml

@@ -1,8 +1,14 @@
 global:
   imageOverrides:
-    klusterlet_addon_controller: ""
-
-  namespace: multicluster-engine
-
+    klusterlet_addon_controller: ''
+  templateOverrides: {}
+  namespace: ''
+  pullSecret: null
+  imageRepository: ''
+  hubSize: Small
 hubconfig:
+  nodeSelector: null
+  proxyConfigs: {}
   replicaCount: 1
+  tolerations: []
+org: open-cluster-management

policy/charts/grc/Chart.yaml

@@ -1,5 +1,13 @@
+# Copyright (c) 2024 Red Hat, Inc.
+# Copyright Contributors to the Open Cluster Management project
+
 apiVersion: v1
 appVersion: 2.12.0
-version: 2.12.0
-description: A Helm chart for multicloud policy
+description: A Helm chart for multicloud grc
+category: "Development"
+keywords:
+  - acm
+  - grc
 name: grc
+verified: "RHACM"
+version: 2.12.0