Skip to content

Commit 334bc31

Browse files
bluzarragabluzarraga
authored
update labeling script for consolidated charts, add cert manager helm… (#2524)
* update labeling script for consolidated charts, add cert manager helm chart Signed-off-by: Ben Luzarraga <[email protected]> * ensure cm resources included in backup, create restore resource Signed-off-by: Ben Luzarraga <[email protected]> * correct licensing label Signed-off-by: Ben Luzarraga <[email protected]> * zen does not specify namespace for cluster resources, add cm rolebinding Signed-off-by: Ben Luzarraga <[email protected]> * nss does use operator namespace in cluster chart Signed-off-by: Ben Luzarraga <[email protected]> * cleanup Signed-off-by: Ben Luzarraga <[email protected]> * add tethered namespace as a constant Signed-off-by: Ben Luzarraga <[email protected]> * include nss cluster resources in restore nss --------- Signed-off-by: Ben Luzarraga <[email protected]>
1 parent dc6a544 commit 334bc31

File tree

4 files changed

+64
-21
lines changed

4 files changed

+64
-21
lines changed

velero/backup/common-service/label-common-service.sh

Lines changed: 34 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@ OC=oc
2020
OPERATOR_NS=""
2121
SERVICES_NS=""
2222
CONTROL_NS=""
23+
TETHERED_NS=""
2324
CERT_MANAGER_NAMESPACE="ibm-cert-manager"
2425
LICENSING_NAMESPACE="ibm-licensing"
2526
LSR_NAMESPACE="ibm-lsr"
@@ -59,6 +60,9 @@ function main() {
5960
else
6061
label_helm_cluster_scope
6162
label_helm_namespace_scope
63+
if [[ $ENABLE_CERT_MANAGER -eq 1 ]]; then
64+
label_helm_cert_manager
65+
fi
6266
if [[ $ENABLE_LICENSING -eq 1 ]]; then
6367
label_helm_licensing
6468
fi
@@ -411,8 +415,8 @@ function label_nss(){
411415
${OC} label customresourcedefinition namespacescopes.operator.ibm.com foundationservices.cloudpak.ibm.com=crd --overwrite=true 2>/dev/null
412416
else
413417
#cluster scoped resources
414-
${OC} label clusterrole ibm-namespace-scope-operator foundationservices.cloudpak.ibm.com=nss-cluster --overwrite=true 2>/dev/null
415-
${OC} label clusterrolebinding ibm-namespace-scope-operator foundationservices.cloudpak.ibm.com=nss-cluster --overwrite=true 2>/dev/null
418+
${OC} label clusterrole ibm-namespace-scope-operator-$OPERATOR_NS foundationservices.cloudpak.ibm.com=nss-cluster --overwrite=true 2>/dev/null
419+
${OC} label clusterrolebinding ibm-namespace-scope-operator-$OPERATOR_NS foundationservices.cloudpak.ibm.com=nss-cluster --overwrite=true 2>/dev/null
416420
${OC} label customresourcedefinition namespacescopes.operator.ibm.com foundationservices.cloudpak.ibm.com=nss-cluster --overwrite=true 2>/dev/null
417421
nss_cluster_release_name=$(${OC} get crd namespacescopes.operator.ibm.com -o jsonpath='{.metadata.annotations.meta\.helm\.sh/release-name}' --ignore-not-found)
418422
nss_cluster_release_namespace=$(${OC} get crd namespacescopes.operator.ibm.com -o jsonpath='{.metadata.annotations.meta\.helm\.sh/release-namespace}' --ignore-not-found)
@@ -452,7 +456,7 @@ function label_mcsp(){
452456

453457
function label_helm_cluster_scope(){
454458
title "Begin labeling cluster scoped resources installed via helm..."
455-
#TODO get name of helm secret for each chart
459+
456460
#odlm cluster resources (crds)
457461
${OC} label crd operandbindinfos.operator.ibm.com operandconfigs.operator.ibm.com operandregistries.operator.ibm.com operandrequests.operator.ibm.com operatorconfigs.operator.ibm.com foundationservices.cloudpak.ibm.com=odlm-cluster --overwrite=true 2>/dev/null
458462
#helm secret
@@ -482,22 +486,22 @@ function label_helm_cluster_scope(){
482486
${OC} label secret sh.helm.release.v1.$ui_release_name.v1 -n $ui_release_namespace foundationservices.cloudpak.ibm.com=ui-cluster --overwrite=true 2>/dev/null
483487

484488
#edb (crds, clusterrole, clusterrolebinding, webhooks)
485-
#TODO verify none of this info changes
486489
${OC} label crd backups.postgresql.k8s.enterprisedb.io clusters.postgresql.k8s.enterprisedb.io poolers.postgresql.k8s.enterprisedb.io scheduledbackups.postgresql.k8s.enterprisedb.io clusterimagecatalogs.postgresql.k8s.enterprisedb.io imagecatalogs.postgresql.k8s.enterprisedb.io publications.postgresql.k8s.enterprisedb.io subscriptions.postgresql.k8s.enterprisedb.io databases.postgresql.k8s.enterprisedb.io foundationservices.cloudpak.ibm.com=edb-cluster --overwrite=true 2>/dev/null
487490
#still need the final name value for these items, will likely match the deployment name
488491
${OC} label clusterrole postgresql-operator-controller-manager-$OPERATOR_NS foundationservices.cloudpak.ibm.com=edb-cluster --overwrite=true 2>/dev/null
489492
${OC} label clusterrolebinding postgresql-operator-controller-manager-$OPERATOR_NS foundationservices.cloudpak.ibm.com=edb-cluster --overwrite=true 2>/dev/null
490-
${OC} label validatingwebhookconfiguration postgresql-operator-validating-webhook-configuration-$OPERATOR_NS foundationservices.cloudpak.ibm.com=edb-cluster --overwrite=true 2>/dev/null
491-
${OC} label mutatingwebhookconfiguration postgresql-operator-mutating-webhook-configuration-$OPERATOR_NS foundationservices.cloudpak.ibm.com=edb-cluster --overwrite=true 2>/dev/null
493+
#EDB currently does not support multiple instances of the webhook, only the default config can exist
494+
${OC} label validatingwebhookconfiguration postgresql-operator-validating-webhook-configuration foundationservices.cloudpak.ibm.com=edb-cluster --overwrite=true 2>/dev/null
495+
${OC} label mutatingwebhookconfiguration postgresql-operator-mutating-webhook-configuration foundationservices.cloudpak.ibm.com=edb-cluster --overwrite=true 2>/dev/null
492496
edb_release_name=$(${OC} get crd clusters.postgresql.k8s.enterprisedb.io -o jsonpath='{.metadata.annotations.meta\.helm\.sh/release-name}' --ignore-not-found)
493497
edb_release_namespace=$(${OC} get crd clusters.postgresql.k8s.enterprisedb.io -o jsonpath='{.metadata.annotations.meta\.helm\.sh/release-namespace}' --ignore-not-found)
494498
${OC} label secret sh.helm.release.v1.$edb_release_name.v1 -n $edb_release_namespace foundationservices.cloudpak.ibm.com=edb-cluster --overwrite=true 2>/dev/null
495499

496500
#zen? (crds, clusterrole, clusterrolebinding)
497501
#assuming we are still responsible for zen
498502
#CRD covered in label_ns_and_related function
499-
${OC} label clusterrole ibm-zen-operator-cluster-role-$OPERATOR_NS foundationservices.cloudpak.ibm.com=zen-cluster --overwrite=true 2>/dev/null
500-
${OC} label clusterrolebinding ibm-zen-operator-cluster-role-binding-$OPERATOR_NS foundationservices.cloudpak.ibm.com=zen-cluster --overwrite=true 2>/dev/null
503+
${OC} label clusterrole ibm-zen-operator-cluster-role foundationservices.cloudpak.ibm.com=zen-cluster --overwrite=true 2>/dev/null
504+
${OC} label clusterrolebinding ibm-zen-operator-cluster-role-binding foundationservices.cloudpak.ibm.com=zen-cluster --overwrite=true 2>/dev/null
501505
zen_release_name=$(${OC} get clusterrole ibm-zen-operator-cluster-role -o jsonpath='{.metadata.annotations.meta\.helm\.sh/release-name}' --ignore-not-found)
502506
zen_release_namespace=$(${OC} get clusterrole ibm-zen-operator-cluster-role -o jsonpath='{.metadata.annotations.meta\.helm\.sh/release-namespace}' --ignore-not-found)
503507
${OC} label secret sh.helm.release.v1.$zen_release_name.v1 -n $zen_release_namespace foundationservices.cloudpak.ibm.com=zen-cluster --overwrite=true 2>/dev/null
@@ -515,10 +519,7 @@ function label_helm_namespace_scope(){
515519
${OC} label rolebinding operand-deployment-lifecycle-manager foundationservices.cloudpak.ibm.com=odlm-chart -n $OPERATOR_NS --overwrite=true 2>/dev/null
516520
${OC} label role operand-deployment-lifecycle-manager foundationservices.cloudpak.ibm.com=odlm-chart -n $SERVICES_NS --overwrite=true 2>/dev/null
517521
${OC} label rolebinding operand-deployment-lifecycle-manager foundationservices.cloudpak.ibm.com=odlm-chart -n $SERVICES_NS --overwrite=true 2>/dev/null
518-
odlm_release_name=$(${OC} get deploy operand-deployment-lifecycle-manager -n $OPERATOR_NS -o jsonpath='{.metadata.annotations.meta\.helm\.sh/release-name}' --ignore-not-found)
519-
odlm_release_namespace=$(${OC} get deploy operand-deployment-lifecycle-manager -n $OPERATOR_NS -o jsonpath='{.metadata.annotations.meta\.helm\.sh/release-namespace}' --ignore-not-found)
520-
${OC} label secret sh.helm.release.v1.$odlm_release_name.v1 -n $odlm_release_namespace foundationservices.cloudpak.ibm.com=odlm-chart --overwrite=true 2>/dev/null
521-
522+
522523
#cs operator
523524
#cs CR handled in label_cs
524525
${OC} label deployment ibm-common-service-operator foundationservices.cloudpak.ibm.com=cs-chart -n $OPERATOR_NS --overwrite=true 2>/dev/null
@@ -549,10 +550,7 @@ function label_helm_namespace_scope(){
549550
${OC} label role ibm-commonui-operator foundationservices.cloudpak.ibm.com=ui-chart -n $SERVICES_NS --overwrite=true 2>/dev/null
550551
${OC} label rolebinding ibm-commonui-operator foundationservices.cloudpak.ibm.com=ui-chart -n $OPERATOR_NS --overwrite=true 2>/dev/null
551552
${OC} label rolebinding ibm-commonui-operator foundationservices.cloudpak.ibm.com=ui-chart -n $SERVICES_NS --overwrite=true 2>/dev/null
552-
ui_release_name=$(${OC} get deploy ibm-commonui-operator -n $OPERATOR_NS -o jsonpath='{.metadata.annotations.meta\.helm\.sh/release-name}' --ignore-not-found)
553-
ui_release_namespace=$(${OC} get deploy ibm-commonui-operator -n $OPERATOR_NS -o jsonpath='{.metadata.annotations.meta\.helm\.sh/release-namespace}' --ignore-not-found)
554-
${OC} label secret sh.helm.release.v1.$ui_release_name.v1 -n $ui_release_namespace foundationservices.cloudpak.ibm.com=ui-chart --overwrite=true 2>/dev/null
555-
553+
556554
#edb
557555
deploy=$(${OC} get deploy -n $OPERATOR_NS | grep postgresql-operator-controller-manager | awk '{print $1}')
558556
${OC} label deployment $deploy foundationservices.cloudpak.ibm.com=edb-chart -n $OPERATOR_NS --overwrite=true 2>/dev/null
@@ -651,6 +649,26 @@ function label_helm_lsr() {
651649
success "LSR resources labeled"
652650
}
653651

652+
function label_helm_cert_manager() {
653+
title "Labeling IBM Cert Manager cluster and namespace resources..."
654+
#cluster resources
655+
${OC} label clusterrole ibm-cert-manager-operator foundationservices.cloudpak.ibm.com=ibm-cm-chart --overwrite=true 2>/dev/null
656+
${OC} label clusterrolebinding ibm-cert-manager-operator foundationservices.cloudpak.ibm.com=ibm-cm-chart --overwrite=true 2>/dev/null
657+
${OC} label customresourcedefinition challenges.acme.cert-manager.io orders.acme.cert-manager.io certificaterequests.cert-manager.io certificates.cert-manager.io clusterissuers.cert-manager.io issuers.cert-manager.io certmanagerconfigs.operator.ibm.com foundationservices.cloudpak.ibm.com=ibm-cm-chart --overwrite=true 2>/dev/null
658+
659+
#namespace resources
660+
${OC} label deployment -n $CERT_MANAGER_NAMESPACE ibm-cert-manager-operator foundationservices.cloudpak.ibm.com=ibm-cm-chart --overwrite=true 2>/dev/null
661+
#rbac
662+
${OC} label serviceaccount -n $CERT_MANAGER_NAMESPACE ibm-cert-manager-operator foundationservices.cloudpak.ibm.com=ibm-cm-chart --overwrite=true 2>/dev/null
663+
${OC} label role -n $CERT_MANAGER_NAMESPACE ibm-cert-manager-operator-leader-election-role foundationservices.cloudpak.ibm.com=ibm-cm-chart --overwrite=true 2>/dev/null
664+
${OC} label rolebinding -n $CERT_MANAGER_NAMESPACE ibm-cert-manager-operator-leader-election-rolebinding foundationservices.cloudpak.ibm.com=ibm-cm-chart --overwrite=true 2>/dev/null
665+
666+
ibm_cm_release_name=$(${OC} get deploy -n $CERT_MANAGER_NAMESPACE ibm-cert-manager-operator -o jsonpath='{.metadata.annotations.meta\.helm\.sh/release-name}' --ignore-not-found)
667+
ibm_cm_release_namespace=$(${OC} get deploy -n $CERT_MANAGER_NAMESPACE ibm-cert-manager-operator -o jsonpath='{.metadata.annotations.meta\.helm\.sh/release-namespace}' --ignore-not-found)
668+
${OC} label secret sh.helm.release.v1.$ibm_cm_release_name.v1 -n $ibm_cm_release_namespace foundationservices.cloudpak.ibm.com=ibm-cm-chart --overwrite=true 2>/dev/null
669+
success "IBM Cert Manager resources labeled"
670+
}
671+
654672
# ---------- Info functions ----------#
655673

656674
function msg() {

velero/restore/no-olm/restore-ibm-cm-chart.yaml

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
apiVersion: velero.io/v1
2+
kind: Restore
3+
metadata:
4+
name: restore-ibm-cm-chart
5+
namespace: velero
6+
spec:
7+
backupName: __BACKUP_NAME__
8+
excludedResources:
9+
- nodes
10+
- events
11+
- events.events.k8s.io
12+
- backups.velero.io
13+
- restores.velero.io
14+
- resticrepositories.velero.io
15+
hooks: {}
16+
includedNamespaces:
17+
- '*'
18+
labelSelector:
19+
matchLabels:
20+
foundationservices.cloudpak.ibm.com: ibm-cm-chart

velero/restore/restore-nss.yaml

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,10 @@ spec:
1515
hooks: {}
1616
includedNamespaces:
1717
- '*'
18-
labelSelector:
19-
matchLabels:
20-
foundationservices.cloudpak.ibm.com: nss
18+
orLabelSelectors:
19+
- matchExpressions:
20+
- key: foundationservices.cloudpak.ibm.com
21+
operator: In
22+
values:
23+
- nss-cluster
24+
- nss

velero/schedule/schedule-common-services.yaml

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,8 @@ spec:
5858
- iam-chart
5959
- iam-cluster
6060
- nss-cluster
61-
- licensing-cluster
62-
- licensing-chart
61+
- ls-cluster
62+
- ls-chart
6363
- lsr-cluster
6464
- lsr-chart
65+
- ibm-cm-chart

0 commit comments

Comments
 (0)