Script updates for BR of no olm install (#2394)

* add common-web-ui-config cm to labeling script

Signed-off-by: Ben Luzarraga <luzarragaben@gmail.com>

* update for helm chart BR

Signed-off-by: Ben Luzarraga <luzarragaben@gmail.com>

* add nss

Signed-off-by: Ben Luzarraga <luzarragaben@gmail.com>

* add restore objects

Signed-off-by: Ben Luzarraga <luzarragaben@gmail.com>

* add labels to schedule resource

Signed-off-by: Ben Luzarraga <luzarragaben@gmail.com>

* add log line

Signed-off-by: Ben Luzarraga <luzarragaben@gmail.com>

* add nss restore yaml

Signed-off-by: Ben Luzarraga <luzarragaben@gmail.com>

* name nss file

Signed-off-by: Ben Luzarraga <luzarragaben@gmail.com>

* ensure nss labeling runs

Signed-off-by: Ben Luzarraga <luzarragaben@gmail.com>

* ensure nss is covered properly

Signed-off-by: Ben Luzarraga <luzarragaben@gmail.com>

* include csv created role and rolebinding for nss

Signed-off-by: Ben Luzarraga <luzarragaben@gmail.com>

* correct label for cs operator cluster rbac

Signed-off-by: Ben Luzarraga <luzarragaben@gmail.com>

* remove excessive labeling

Signed-off-by: Ben Luzarraga <luzarragaben@gmail.com>

* label operandrequest crd

Signed-off-by: Ben Luzarraga <luzarragaben@gmail.com>

* add in image list configmap from edb

Signed-off-by: Ben Luzarraga <luzarragaben@gmail.com>

* include extra configmap

Signed-off-by: Ben Luzarraga <luzarragaben@gmail.com>

* split ns chart restore files

Signed-off-by: Ben Luzarraga <luzarragaben@gmail.com>

* change name of im restore file

Signed-off-by: Ben Luzarraga <luzarragaben@gmail.com>

* add odlm file

Signed-off-by: Ben Luzarraga <luzarragaben@gmail.com>

* update script to use correct edb deployment name

Signed-off-by: Ben Luzarraga <luzarragaben@gmail.com>

* label fifth and final odlm crd

Signed-off-by: Ben Luzarraga <luzarragaben@gmail.com>

* update for zen chart inclusion

Signed-off-by: Ben Luzarraga <luzarragaben@gmail.com>

* update zen br script for changes to minio

Signed-off-by: Ben Luzarraga <luzarragaben@gmail.com>

* correct labeling oversight

Signed-off-by: Ben Luzarraga <luzarragaben@gmail.com>

* change zenservice check condition to be more robust

Signed-off-by: Ben Luzarraga <luzarragaben@gmail.com>

* increase sleep time for checking dpeloyments are scaled down

Signed-off-by: Ben Luzarraga <luzarragaben@gmail.com>

* test using pgrestore instead

Signed-off-by: Ben Luzarraga <luzarragaben@gmail.com>

* rerun iam config job

Signed-off-by: Ben Luzarraga <luzarragaben@gmail.com>

* use yq to re run iam config job the way cs db reruns oidc job

Signed-off-by: Ben Luzarraga <luzarragaben@gmail.com>

---------

Signed-off-by: Ben Luzarraga <luzarragaben@gmail.com>

Author: bluzarraga

velero/backup/common-service/label-common-service.sh

@@ -313,9 +313,9 @@ function label_ns_and_related() {
 
         # Label the Zen Service
         if [[ $NO_OLM == "false" ]]; then
-            ${OC} label customresourcedefinition zenservices.zen.cpd.ibm.com foundationservices.cloudpak.ibm.com=zen --overwrite=true 2>/dev/null
+            ${OC} label customresourcedefinition zenservices.zen.cpd.ibm.com zenextensions.zen.cpd.ibm.com foundationservices.cloudpak.ibm.com=zen --overwrite=true 2>/dev/null
         else
-            ${OC} label customresourcedefinition zenservices.zen.cpd.ibm.com foundationservices.cloudpak.ibm.com=zen-chart --overwrite=true 2>/dev/null
+            ${OC} label customresourcedefinition zenservices.zen.cpd.ibm.com zenextensions.zen.cpd.ibm.com foundationservices.cloudpak.ibm.com=zen-cluster --overwrite=true 2>/dev/null
         fi
         zen_services=$(${OC} get zenservice -n "$namespace" -o custom-columns=NAME:.metadata.name --no-headers)
         while IFS= read -r zen_service; do
@@ -414,14 +414,22 @@ function label_nss(){
         ${OC} label subscriptions.operators.coreos.com $nss_pm foundationservices.cloudpak.ibm.com=subscription -n $OPERATOR_NS --overwrite=true 2>/dev/null
         ${OC} label customresourcedefinition namespacescopes.operator.ibm.com foundationservices.cloudpak.ibm.com=crd --overwrite=true 2>/dev/null
     else
-        #TODO label the cluster scoped resources, label them denoting cluster scoped somehow
-        #clusterrolebinding
-        #clusterrole
-        #crd
+        #cluster scoped resources
+        ${OC} label clusterrole ibm-namespace-scope-operator foundationservices.cloudpak.ibm.com=nss-cluster --overwrite=true 2>/dev/null
+        ${OC} label clusterrolebinding ibm-namespace-scope-operator foundationservices.cloudpak.ibm.com=nss-cluster --overwrite=true 2>/dev/null
         ${OC} label customresourcedefinition namespacescopes.operator.ibm.com foundationservices.cloudpak.ibm.com=nss-cluster --overwrite=true 2>/dev/null
-        #TODO get and label helm secret 
-        #Label deployment
+        nss_cluster_release_name=$(${OC} get crd namespacescopes.operator.ibm.com -o jsonpath='{.metadata.annotations.meta\.helm\.sh/release-name}' --ignore-not-found)
+        nss_cluster_release_namespace=$(${OC} get crd namespacescopes.operator.ibm.com -o jsonpath='{.metadata.annotations.meta\.helm\.sh/release-namespace}' --ignore-not-found)
+        ${OC} label secret sh.helm.release.v1.$nss_cluster_release_name.v1 -n $nss_cluster_release_namespace foundationservices.cloudpak.ibm.com=nss-cluster  --overwrite=true 2>/dev/null
+        #namespace scoped resources
+        ${OC} label deployment ibm-namespace-scope-operator foundationservices.cloudpak.ibm.com=nss -n $OPERATOR_NS --overwrite=true 2>/dev/null
+        nss_release_name=$(${OC} get deploy ibm-namespace-scope-operator -n $OPERATOR_NS -o jsonpath='{.metadata.annotations.meta\.helm\.sh/release-name}' --ignore-not-found)
+        nss_release_namespace=$(${OC} get deploy ibm-namespace-scope-operator -n $OPERATOR_NS -o jsonpath='{.metadata.annotations.meta\.helm\.sh/release-namespace}' --ignore-not-found)
+        ${OC} label secret sh.helm.release.v1.$nss_release_name.v1 -n $nss_release_namespace foundationservices.cloudpak.ibm.com=nss  --overwrite=true 2>/dev/null
+        ${OC} label role ibm-namespace-scope-operator -n $OPERATOR_NS foundationservices.cloudpak.ibm.com=nss  --overwrite=true 2>/dev/null
+        ${OC} label rolebinding ibm-namespace-scope-operator -n $OPERATOR_NS foundationservices.cloudpak.ibm.com=nss  --overwrite=true 2>/dev/null
     fi
+
     # The following resources are labeled with 'nss' are bundled together for backup
     ${OC} label namespacescopes.operator.ibm.com common-service foundationservices.cloudpak.ibm.com=nss -n $OPERATOR_NS --overwrite=true 2>/dev/null
     ${OC} label serviceaccount ibm-namespace-scope-operator foundationservices.cloudpak.ibm.com=nss -n $OPERATOR_NS --overwrite=true 2>/dev/null
@@ -450,16 +458,15 @@ function label_helm_cluster_scope(){
     title "Begin labeling cluster scoped resources installed via helm..."
     #TODO get name of helm secret for each chart
     #odlm cluster resources (crds)
-    ${OC} label crd operandbindinfos.operator.ibm.com operandconfigs.operator.ibm.com operandregistries.operator.ibm.com foundationservices.cloudpak.ibm.com=odlm-cluster  --overwrite=true 2>/dev/null
+    ${OC} label crd operandbindinfos.operator.ibm.com operandconfigs.operator.ibm.com operandregistries.operator.ibm.com operandrequests.operator.ibm.com operatorconfigs.operator.ibm.com foundationservices.cloudpak.ibm.com=odlm-cluster  --overwrite=true 2>/dev/null
     #helm secret
     odlm_release_name=$(${OC} get crd operandbindinfos.operator.ibm.com -o jsonpath='{.metadata.annotations.meta\.helm\.sh/release-name}' --ignore-not-found)
     odlm_release_namespace=$(${OC} get crd operandbindinfos.operator.ibm.com -o jsonpath='{.metadata.annotations.meta\.helm\.sh/release-namespace}' --ignore-not-found)
     ${OC} label secret sh.helm.release.v1.$odlm_release_name.v1 -n $odlm_release_namespace foundationservices.cloudpak.ibm.com=odlm-cluster  --overwrite=true 2>/dev/null
 
-    #cs operator cluster resources (crds, clusterrole, clusterrolebinding)
-    ${OC} label crd commonservices.operator.ibm.com foundationservices.cloudpak.ibm.com=cs-op-cluster  --overwrite=true 2>/dev/null
-    ${OC} label clusterrole ibm-common-service-operator foundationservices.cloudpak.ibm.com=cs-op-cluster  --overwrite=true 2>/dev/null
-    ${OC} label clusterrolebinding ibm-common-service-operator foundationservices.cloudpak.ibm.com=cs-op-cluster  --overwrite=true 2>/dev/null
+    #cs operator cluster resources (crds, clusterrole, clusterrolebinding), crd covered elsewhere in script
+    ${OC} label clusterrole ibm-common-service-operator foundationservices.cloudpak.ibm.com=cs-cluster  --overwrite=true 2>/dev/null
+    ${OC} label clusterrolebinding ibm-common-service-operator foundationservices.cloudpak.ibm.com=cs-cluster  --overwrite=true 2>/dev/null
     cs_release_name=$(${OC} get crd commonservices.operator.ibm.com -o jsonpath='{.metadata.annotations.meta\.helm\.sh/release-name}' --ignore-not-found)
     cs_release_namespace=$(${OC} get crd commonservices.operator.ibm.com -o jsonpath='{.metadata.annotations.meta\.helm\.sh/release-namespace}' --ignore-not-found)
     ${OC} label secret sh.helm.release.v1.$cs_release_name.v1 -n $cs_release_namespace foundationservices.cloudpak.ibm.com=cs-cluster  --overwrite=true 2>/dev/null
@@ -504,9 +511,7 @@ function label_helm_cluster_scope(){
 
 function label_helm_namespace_scope(){
     title "Begin labeling namespace scoped resources installed via helm..."
-    #probably best to label going through the namespaces from the start
     #label rbac and resources in operator and services namespace first
-    #TODO get name of helm secret for each chart
     #odlm
     ${OC} label deploy operand-deployment-lifecycle-manager foundationservices.cloudpak.ibm.com=odlm-chart -n $OPERATOR_NS --overwrite=true 2>/dev/null
     ${OC} label serviceaccount operand-deployment-lifecycle-manager foundationservices.cloudpak.ibm.com=odlm-chart -n $OPERATOR_NS --overwrite=true 2>/dev/null
@@ -555,23 +560,25 @@ function label_helm_namespace_scope(){
     #edb
     deploy=$(${OC} get deploy -n $OPERATOR_NS | grep postgresql-operator-controller-manager | awk '{print $1}')
     ${OC} label deployment $deploy foundationservices.cloudpak.ibm.com=edb-chart -n $OPERATOR_NS --overwrite=true 2>/dev/null
+    ${OC} label configmap cloud-native-postgresql-image-list postgresql-operator-default-monitoring foundationservices.cloudpak.ibm.com=edb-chart -n $OPERATOR_NS --overwrite=true 2>/dev/null
+    ${OC} label service postgresql-operator-webhook-service foundationservices.cloudpak.ibm.com=edb-chart -n $OPERATOR_NS --overwrite=true 2>/dev/null
     ${OC} label serviceaccount postgresql-operator-manager foundationservices.cloudpak.ibm.com=edb-chart -n $OPERATOR_NS --overwrite=true 2>/dev/null
     ${OC} label role postgresql-operator-controller-manager foundationservices.cloudpak.ibm.com=edb-chart -n $OPERATOR_NS --overwrite=true 2>/dev/null
     ${OC} label rolebinding postgresql-operator-controller-manager foundationservices.cloudpak.ibm.com=edb-chart -n $OPERATOR_NS --overwrite=true 2>/dev/null
     ${OC} label role postgresql-operator-controller-manager foundationservices.cloudpak.ibm.com=edb-chart -n $SERVICES_NS --overwrite=true 2>/dev/null
     ${OC} label rolebinding postgresql-operator-controller-manager foundationservices.cloudpak.ibm.com=edb-chart -n $SERVICES_NS --overwrite=true 2>/dev/null
-    edb_release_name=$(${OC} get deploy postgresql-operator-controller-manager -n $OPERATOR_NS -o jsonpath='{.metadata.annotations.meta\.helm\.sh/release-name}' --ignore-not-found)
-    edb_release_namespace=$(${OC} get deploy postgresql-operator-controller-manager -n $OPERATOR_NS -o jsonpath='{.metadata.annotations.meta\.helm\.sh/release-namespace}' --ignore-not-found)
+    edb_release_name=$(${OC} get deploy $deploy -n $OPERATOR_NS -o jsonpath='{.metadata.annotations.meta\.helm\.sh/release-name}' --ignore-not-found)
+    edb_release_namespace=$(${OC} get deploy $deploy -n $OPERATOR_NS -o jsonpath='{.metadata.annotations.meta\.helm\.sh/release-namespace}' --ignore-not-found)
     ${OC} label secret sh.helm.release.v1.$edb_release_name.v1 -n $edb_release_namespace foundationservices.cloudpak.ibm.com=edb-chart  --overwrite=true 2>/dev/null
 
     #zen
     ${OC} label deploy ibm-zen-operator foundationservices.cloudpak.ibm.com=zen-chart -n $OPERATOR_NS --overwrite=true 2>/dev/null
     #zenservice covered in label_ns_and_related function
     ${OC} label role ibm-zen-operator-role foundationservices.cloudpak.ibm.com=zen-chart -n $OPERATOR_NS --overwrite=true 2>/dev/null
-    ${OC} label role ibm-zen-operator-rolebinding foundationservices.cloudpak.ibm.com=zen-chart -n $OPERATOR_NS --overwrite=true 2>/dev/null
+    ${OC} label rolebinding ibm-zen-operator-rolebinding foundationservices.cloudpak.ibm.com=zen-chart -n $OPERATOR_NS --overwrite=true 2>/dev/null
     ${OC} label serviceaccount ibm-zen-operator-serviceaccount foundationservices.cloudpak.ibm.com=zen-chart -n $OPERATOR_NS --overwrite=true 2>/dev/null
     ${OC} label role ibm-zen-operator-role foundationservices.cloudpak.ibm.com=zen-chart  -n $SERVICES_NS --overwrite=true 2>/dev/null
-    ${OC} label role ibm-zen-operator-rolebinding foundationservices.cloudpak.ibm.com=zen-chart  -n $SERVICES_NS --overwrite=true 2>/dev/null
+    ${OC} label rolebinding ibm-zen-operator-rolebinding foundationservices.cloudpak.ibm.com=zen-chart  -n $SERVICES_NS --overwrite=true 2>/dev/null
     zen_release_name=$(${OC} get deploy ibm-zen-operator -n $OPERATOR_NS -o jsonpath='{.metadata.annotations.meta\.helm\.sh/release-name}' --ignore-not-found)
     zen_release_namespace=$(${OC} get deploy ibm-zen-operator -n $OPERATOR_NS -o jsonpath='{.metadata.annotations.meta\.helm\.sh/release-namespace}' --ignore-not-found)
     ${OC} label secret sh.helm.release.v1.$zen_release_name.v1 -n $zen_release_namespace foundationservices.cloudpak.ibm.com=zen-chart  --overwrite=true 2>/dev/null
@@ -595,14 +602,18 @@ function label_helm_namespace_scope(){
             #ui
             ${OC} label role ibm-commonui-operator foundationservices.cloudpak.ibm.com=ui-chart -n $namespace --overwrite=true 2>/dev/null
             ${OC} label rolebinding ibm-commonui-operator foundationservices.cloudpak.ibm.com=ui-chart -n $namespace --overwrite=true 2>/dev/null
-    
 
+            #edb
+            ${OC} label role postgresql-operator-controller-manager foundationservices.cloudpak.ibm.com=edb-chart -n $namespace --overwrite=true 2>/dev/null
+            ${OC} label rolebinding postgresql-operator-controller-manager foundationservices.cloudpak.ibm.com=edb-chart -n $namespace --overwrite=true 2>/dev/null
+            
             #zen
             ${OC} label role ibm-zen-operator-role foundationservices.cloudpak.ibm.com=zen-chart -n $namespace --overwrite=true 2>/dev/null
             ${OC} label rolebinding ibm-zen-operator-rolebinding foundationservices.cloudpak.ibm.com=zen-chart -n $namespace --overwrite=true 2>/dev/null
         done
     fi
 
+    success "Namespace scoped charts labeled."
 }
 
 # ---------- Info functions ----------#

velero/restore/no-olm/restore-cluster-scope.yaml

@@ -0,0 +1,31 @@
+apiVersion: velero.io/v1
+kind: Restore
+metadata:
+  name: restore-cluster-charts
+  namespace: velero
+spec:
+  backupName: __BACKUP_NAME__
+  excludedResources:
+  - nodes
+  - events
+  - events.events.k8s.io
+  - backups.velero.io
+  - restores.velero.io
+  - resticrepositories.velero.io
+  hooks: {}
+  includedNamespaces:
+  - '*'
+  includedResources:
+  - '*'
+  orLabelSelectors:
+  - matchExpressions:
+    - key: foundationservices.cloudpak.ibm.com
+      operator: In
+      values:
+      - cs-cluster
+      - odlm-cluster
+      - ui-cluster
+      - zen-cluster
+      - edb-cluster
+      - iam-cluster
+      - nss-cluster

velero/restore/no-olm/restore-im-ns-charts.yaml

@@ -0,0 +1,27 @@
+apiVersion: velero.io/v1
+kind: Restore
+metadata:
+  name: restore-im-charts
+  namespace: velero
+spec:
+  backupName: __BACKUP_NAME__
+  excludedResources:
+  - nodes
+  - events
+  - events.events.k8s.io
+  - backups.velero.io
+  - restores.velero.io
+  - resticrepositories.velero.io
+  hooks: {}
+  includedNamespaces:
+  - '*'
+  includedResources:
+  - '*'
+  orLabelSelectors:
+  - matchExpressions:
+    - key: foundationservices.cloudpak.ibm.com
+      operator: In
+      values:
+      - ui-chart
+      - edb-chart
+      - iam-chart

velero/restore/no-olm/restore-installer-ns-charts.yaml

@@ -0,0 +1,27 @@
+apiVersion: velero.io/v1
+kind: Restore
+metadata:
+  name: restore-installer-charts
+  namespace: velero
+spec:
+  backupName: __BACKUP_NAME__
+  excludedResources:
+  - nodes
+  - events
+  - events.events.k8s.io
+  - backups.velero.io
+  - restores.velero.io
+  - resticrepositories.velero.io
+  hooks: {}
+  includedNamespaces:
+  - '*'
+  includedResources:
+  - '*'
+  orLabelSelectors:
+  - matchExpressions:
+    - key: foundationservices.cloudpak.ibm.com
+      operator: In
+      values:
+      - cs-chart
+      - odlm-chart
+      - nss

velero/restore/no-olm/restore-namespace-scope.yaml

@@ -0,0 +1,31 @@
+apiVersion: velero.io/v1
+kind: Restore
+metadata:
+  name: restore-namespace-charts
+  namespace: velero
+spec:
+  backupName: __BACKUP_NAME__
+  excludedResources:
+  - nodes
+  - events
+  - events.events.k8s.io
+  - backups.velero.io
+  - restores.velero.io
+  - resticrepositories.velero.io
+  hooks: {}
+  includedNamespaces:
+  - '*'
+  includedResources:
+  - '*'
+  orLabelSelectors:
+  - matchExpressions:
+    - key: foundationservices.cloudpak.ibm.com
+      operator: In
+      values:
+      - cs-chart
+      - odlm-chart
+      - ui-chart
+      - zen-chart
+      - edb-chart
+      - iam-chart
+      - nss

velero/restore/no-olm/restore-zen-ns-chart.yaml

@@ -0,0 +1,20 @@
+apiVersion: velero.io/v1
+kind: Restore
+metadata:
+  name: restore-zen-chart
+  namespace: velero
+spec:
+  backupName: __BACKUP_NAME__
+  excludedResources:
+  - nodes
+  - events
+  - events.events.k8s.io
+  - backups.velero.io
+  - restores.velero.io
+  - resticrepositories.velero.io
+  hooks: {}
+  includedNamespaces:
+  - '*'
+  labelSelector:
+    matchLabels:
+      foundationservices.cloudpak.ibm.com: zen-chart

velero/schedule/schedule-common-services.yaml

@@ -45,3 +45,16 @@ spec:
         - keycloak #velero plugin approach to BR keycloak data
         - user-mgmt #non-data user-management operator resources
         - nss
+        - cs-chart
+        - cs-cluster
+        - odlm-chart
+        - odlm-cluster
+        - ui-chart
+        - ui-cluster
+        - zen-chart
+        - zen-cluster
+        - edb-chart
+        - edb-cluster
+        - iam-chart
+        - iam-cluster
+        - nss-cluster