diff --git a/Dockerfile b/Dockerfile index 096b5b00..21cdb76d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -34,7 +34,8 @@ RUN apt-get update && apt-get install --no-install-recommends -y gzip wget git j && curl -ksLO https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 && chmod 755 get-helm-3 \ && ./get-helm-3 --version v$helm_version --no-sudo \ # AWS - && curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-${aws_cli_version}.zip" -o "awscliv2.zip" \ + && architecture=$(uname -m) \ + && curl "https://awscli.amazonaws.com/awscli-exe-linux-${architecture}-${aws_cli_version}.zip" -o "awscliv2.zip" \ && unzip awscliv2.zip \ && ./aws/install \ # AZURE @@ -42,7 +43,7 @@ RUN apt-get update && apt-get install --no-install-recommends -y gzip wget git j # GCP && echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list \ && curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key --keyring /usr/share/keyrings/cloud.google.gpg add - \ - && apt-get update && apt-get install --no-install-recommends -y google-cloud-cli:amd64=${gcp_cli_version} \ + && apt-get update && apt-get install --no-install-recommends -y google-cloud-cli:*=${gcp_cli_version} \ && apt-get install --no-install-recommends -y google-cloud-sdk-gke-gcloud-auth-plugin \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* diff --git a/README.md b/README.md index edca0cf4..5e9a6b50 100644 --- a/README.md +++ b/README.md @@ -185,7 +185,7 @@ The SAS Viya platform customizations that are managed by viya4-deployment are lo #### Base kustomization.yaml ConfigMap and Secret Generators -In some scenarios, a README or the deployment documentation instructs you to add a `configMapGenerator` or `secretGenerator` entry to the base `kustomization.yaml` (also known as `$deploy/kustomization.yaml`). For example: +In some scenarios, a README or the deployment documentation instructs you to add a `configMapGenerator` or `secretGenerator` entry to the base `kustomization.yaml` (`$deploy/kustomization.yaml`). For example: ```yaml configMapGenerator: @@ -221,6 +221,26 @@ envs: - site-config/sas-risk-cirrus-rcc/configuration.env ``` +#### Base kustomization.yaml additions from sas-bases/overlays + +In some scenarios, a README or the deployment documentation instructs you to add an entry to the base `kustomization.yaml` (`$deploy/kustomization.yaml`). For example: + +```yaml +transformers: +... +- sas-bases/overlays/backup/sas-scheduled-backup-incr-job-enable.yaml +... +``` + +In that scenario, create an `inject-sas-bases-overlays.yaml` file in a subdirectory under site-config. In the file, create the necessary category and add the entry to it: + +```yaml +transformers: +- sas-bases/overlays/backup/sas-scheduled-backup-incr-job-enable.yaml +``` + +Supported categories are `resources`, `components`, `transformers`, `generators`, and `configurations`. Multiple categories may appear in the file, and multiple entries may appear for each category. + #### OpenLDAP Customizations The OpenLDAP setup that is described here is a temporary solution that enables you to add users and groups and to start using SAS Viya platform applications. The OpenLDAP server that is created using these instructions does not persist. It is created and destroyed within the SAS Viya platform namespace where it is created. To add users or groups that persist, follow the SAS documentation that describes how to [Configure an LDAP Identity Provider](https://documentation.sas.com/?cdcId=sasadmincdc&cdcVersion=default&docsetId=calids&docsetTarget=n1aw4xnkvwcddnn1mv8lxr2e4tu7.htm#p0spae4p1qoto3n1qpuzafcecxhh). diff --git a/docs/CONFIG-VARS.md b/docs/CONFIG-VARS.md index 8b53fe44..8852b988 100644 --- a/docs/CONFIG-VARS.md +++ b/docs/CONFIG-VARS.md @@ -414,7 +414,7 @@ By default, two block storage StorageClasses are created using the driver, one f | INGRESS_NGINX_NAMESPACE | NGINX Ingress Helm installation namespace | string | ingress-nginx | false | | baseline | | INGRESS_NGINX_CHART_URL | NGINX Ingress Helm chart URL | string | See [this document](https://kubernetes.github.io/ingress-nginx) for more information. | false | | baseline | | INGRESS_NGINX_CHART_NAME | NGINX Ingress Helm chart name | string | ingress-nginx | false | | baseline | -| INGRESS_NGINX_CHART_VERSION | NGINX Ingress Helm chart version | string | "" | false | If left as "" (empty string), version `4.12.0` is used for Kubernetes clusters whose version is >= 1.28.X, for Kubernetes clusters whose version is <= 1.27.X you must set this variable to avoid errors. See [Supported Versions table](https://github.com/kubernetes/ingress-nginx/?tab=readme-ov-file#supported-versions-table) for the supported versions list. | baseline | +| INGRESS_NGINX_CHART_VERSION | NGINX Ingress Helm chart version | string | "" | false | If left as "" (empty string), version `4.12.1` is used for Kubernetes clusters whose version is >= 1.28.X, for Kubernetes clusters whose version is <= 1.27.X you must set this variable to avoid errors. See [Supported Versions table](https://github.com/kubernetes/ingress-nginx/?tab=readme-ov-file#supported-versions-table) for the supported versions list. | baseline | | INGRESS_NGINX_CONFIG | NGINX Ingress Helm values | string | See [this file](../roles/baseline/defaults/main.yml) for more information. Altering this value will affect the cluster. | false | | baseline | ### Metrics Server diff --git a/roles/baseline/defaults/main.yml b/roles/baseline/defaults/main.yml index 340a5fb4..739290fe 100644 --- a/roles/baseline/defaults/main.yml +++ b/roles/baseline/defaults/main.yml @@ -36,7 +36,8 @@ ingressVersions: k8sMinorVersion: value: 28 api: - chartVersion: 4.12.0 + chartVersion: 4.12.1 + chartVersionMin: 4.0.17 ## Ingress-nginx - Ingress ## diff --git a/roles/baseline/tasks/ingress-nginx.yaml b/roles/baseline/tasks/ingress-nginx.yaml index 45a51f80..45840d7c 100644 --- a/roles/baseline/tasks/ingress-nginx.yaml +++ b/roles/baseline/tasks/ingress-nginx.yaml @@ -78,9 +78,7 @@ set_fact: INGRESS_NGINX_CONFIG: "{{ INGRESS_NGINX_CONFIG | combine(INGRESS_NGINX_CVE_2021_25742_PATCH, recursive=True) }}" when: - - cluster_info.version.server.kubernetes.minor is version(ingressVersions.k8sMinorVersion.value, 'ge') - - INGRESS_NGINX_CHART_VERSION is version('4.0.10', ">=") or (INGRESS_NGINX_CHART_VERSION is version('3.40.0', ">=") and INGRESS_NGINX_CHART_VERSION is version('4.0.0', - "<")) + - INGRESS_NGINX_CHART_VERSION is version(ingressVersions.k8sMinorVersion.api.chartVersionMin, ">=") - name: Disable strict_validate_path_type in INGRESS_NGINX_CONFIG set_fact: diff --git a/roles/vdm/library/siteconfig_info.py b/roles/vdm/library/siteconfig_info.py index 01304793..8ebc9dbd 100644 --- a/roles/vdm/library/siteconfig_info.py +++ b/roles/vdm/library/siteconfig_info.py @@ -1,5 +1,5 @@ # -# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2025, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 # from ansible.module_utils.basic import * @@ -55,8 +55,30 @@ def addResource(self, yamlfile): elif "nameReference" in yamlblocks[0]: self.add_overlays(Overlay.CONFIGURATION, yamlfile) + def processSasBasesOverlays(self, folder): + sasBasesOverlaysPath = os.path.join(folder, "inject-sas-bases-overlays.yaml") + if os.path.exists(sasBasesOverlaysPath): + with open(sasBasesOverlaysPath) as file: + try: + yamlblock = yaml.safe_load(file) + for blockName, entries in yamlblock.items(): + if isinstance(entries, list): + try: + overlay = Overlay(blockName) + except ValueError: + continue + requiredPrefix = "sas-bases/overlays/" + for entry in entries: + if entry.startswith(requiredPrefix): + self.add_overlays(overlay, entry) + else: + raise ValueError(f"Invalid {blockName} entry in {sasBasesOverlaysPath}: '{entry}'. Valid entries must start with '{requiredPrefix}'") + except yaml.YAMLError as exc: + raise RuntimeError(f"Error parsing {sasBasesOverlaysPath} as yaml") from exc def traverse(self, folder): + self.processSasBasesOverlays(folder) + if os.path.exists(os.path.join(folder, "kustomization.yaml")) or os.path.exists(os.path.join(folder, "kustomization.yml")): kustomizefile = "kustomization.yaml" if os.path.exists(os.path.join(folder, "kustomization.yaml")) else "kustomization.yml" kustomizefilefullpath = os.path.join(folder, kustomizefile)