8.1.0 - April 7, 2025

Dockerfile

@@ -34,15 +34,16 @@ RUN apt-get update && apt-get install --no-install-recommends -y gzip wget git j
   && curl -ksLO https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 && chmod 755 get-helm-3 \
   && ./get-helm-3 --version v$helm_version --no-sudo \
   # AWS
-  && curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-${aws_cli_version}.zip" -o "awscliv2.zip" \
+  && architecture=$(uname -m) \
+  && curl "https://awscli.amazonaws.com/awscli-exe-linux-${architecture}-${aws_cli_version}.zip" -o "awscliv2.zip" \
   && unzip awscliv2.zip \
   && ./aws/install \
   # AZURE
   && curl -sL https://aka.ms/InstallAzureCLIDeb | bash \
   # GCP
   && echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list \
   && curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key --keyring /usr/share/keyrings/cloud.google.gpg add - \
-  && apt-get update && apt-get install --no-install-recommends -y google-cloud-cli:amd64=${gcp_cli_version} \
+  && apt-get update && apt-get install --no-install-recommends -y google-cloud-cli:*=${gcp_cli_version} \
   && apt-get install --no-install-recommends -y google-cloud-sdk-gke-gcloud-auth-plugin \
   && apt-get clean \
   && rm -rf /var/lib/apt/lists/*

README.md

@@ -185,7 +185,7 @@ The SAS Viya platform customizations that are managed by viya4-deployment are lo
 
 #### Base kustomization.yaml ConfigMap and Secret Generators
 
-In some scenarios, a README or the deployment documentation instructs you to add a `configMapGenerator` or `secretGenerator` entry to the base `kustomization.yaml` (also known as `$deploy/kustomization.yaml`). For example:
+In some scenarios, a README or the deployment documentation instructs you to add a `configMapGenerator` or `secretGenerator` entry to the base `kustomization.yaml` (`$deploy/kustomization.yaml`). For example:
 
 ```yaml
 configMapGenerator:
@@ -221,6 +221,26 @@ envs:
   - site-config/sas-risk-cirrus-rcc/configuration.env 
 ```
 
+#### Base kustomization.yaml additions from sas-bases/overlays
+
+In some scenarios, a README or the deployment documentation instructs you to add an entry to the base `kustomization.yaml` (`$deploy/kustomization.yaml`). For example:
+
+```yaml
+transformers:
+...
+- sas-bases/overlays/backup/sas-scheduled-backup-incr-job-enable.yaml
+...
+```
+
+In that scenario, create an `inject-sas-bases-overlays.yaml` file in a subdirectory under site-config. In the file, create the necessary category and add the entry to it:
+
+```yaml
+transformers:
+- sas-bases/overlays/backup/sas-scheduled-backup-incr-job-enable.yaml
+```
+
+Supported categories are `resources`, `components`, `transformers`, `generators`, and `configurations`. Multiple categories may appear in the file, and multiple entries may appear for each category.
+
 #### OpenLDAP Customizations
 
 The OpenLDAP setup that is described here is a temporary solution that enables you to add users and groups and to start using SAS Viya platform applications. The OpenLDAP server that is created using these instructions does not persist. It is created and destroyed within the SAS Viya platform namespace where it is created. To add users or groups that persist, follow the SAS documentation that describes how to [Configure an LDAP Identity Provider](https://documentation.sas.com/?cdcId=sasadmincdc&cdcVersion=default&docsetId=calids&docsetTarget=n1aw4xnkvwcddnn1mv8lxr2e4tu7.htm#p0spae4p1qoto3n1qpuzafcecxhh).

docs/CONFIG-VARS.md

@@ -414,7 +414,7 @@ By default, two block storage StorageClasses are created using the driver, one f
 | INGRESS_NGINX_NAMESPACE | NGINX Ingress Helm installation namespace | string | ingress-nginx | false | | baseline |
 | INGRESS_NGINX_CHART_URL | NGINX Ingress Helm chart URL | string | See [this document](https://kubernetes.github.io/ingress-nginx) for more information. | false | | baseline |
 | INGRESS_NGINX_CHART_NAME | NGINX Ingress Helm chart name | string | ingress-nginx | false | | baseline |
-| INGRESS_NGINX_CHART_VERSION | NGINX Ingress Helm chart version | string | "" | false | If left as "" (empty string), version `4.12.0` is used for Kubernetes clusters whose version is >= 1.28.X, for Kubernetes clusters whose version is <= 1.27.X you must set this variable to avoid errors. See [Supported Versions table](https://github.com/kubernetes/ingress-nginx/?tab=readme-ov-file#supported-versions-table) for the supported versions list. | baseline |
+| INGRESS_NGINX_CHART_VERSION | NGINX Ingress Helm chart version | string | "" | false | If left as "" (empty string), version `4.12.1` is used for Kubernetes clusters whose version is >= 1.28.X, for Kubernetes clusters whose version is <= 1.27.X you must set this variable to avoid errors. See [Supported Versions table](https://github.com/kubernetes/ingress-nginx/?tab=readme-ov-file#supported-versions-table) for the supported versions list. | baseline |
 | INGRESS_NGINX_CONFIG | NGINX Ingress Helm values | string | See [this file](../roles/baseline/defaults/main.yml) for more information. Altering this value will affect the cluster. | false | | baseline |
 
 ### Metrics Server

roles/baseline/defaults/main.yml

@@ -36,7 +36,8 @@ ingressVersions:
   k8sMinorVersion:
     value: 28
     api:
-      chartVersion: 4.12.0
+      chartVersion: 4.12.1
+      chartVersionMin: 4.0.17
 
 ## Ingress-nginx - Ingress
 ##

roles/baseline/tasks/ingress-nginx.yaml

@@ -78,9 +78,7 @@
       set_fact:
         INGRESS_NGINX_CONFIG: "{{ INGRESS_NGINX_CONFIG | combine(INGRESS_NGINX_CVE_2021_25742_PATCH, recursive=True) }}"
       when:
-        - cluster_info.version.server.kubernetes.minor is version(ingressVersions.k8sMinorVersion.value, 'ge')
-        - INGRESS_NGINX_CHART_VERSION is version('4.0.10', ">=") or (INGRESS_NGINX_CHART_VERSION is version('3.40.0', ">=") and INGRESS_NGINX_CHART_VERSION is version('4.0.0',
-          "<"))
+        - INGRESS_NGINX_CHART_VERSION is version(ingressVersions.k8sMinorVersion.api.chartVersionMin, ">=")
 
 - name: Disable strict_validate_path_type in INGRESS_NGINX_CONFIG
   set_fact:

roles/vdm/library/siteconfig_info.py

@@ -1,5 +1,5 @@
 #
-# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# Copyright © 2020-2025, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 #
 from ansible.module_utils.basic import *
@@ -55,8 +55,30 @@ def addResource(self, yamlfile):
       elif "nameReference" in yamlblocks[0]:
         self.add_overlays(Overlay.CONFIGURATION, yamlfile)
 
+  def processSasBasesOverlays(self, folder):
+    sasBasesOverlaysPath = os.path.join(folder, "inject-sas-bases-overlays.yaml")
+    if os.path.exists(sasBasesOverlaysPath):
+      with open(sasBasesOverlaysPath) as file:
+        try:
+          yamlblock = yaml.safe_load(file)
+          for blockName, entries in yamlblock.items():
+            if isinstance(entries, list):
+              try:
+                overlay = Overlay(blockName)
+              except ValueError:
+                continue
+              requiredPrefix = "sas-bases/overlays/"
+              for entry in entries:
+                if entry.startswith(requiredPrefix):
+                  self.add_overlays(overlay, entry)
+                else:
+                  raise ValueError(f"Invalid {blockName} entry in {sasBasesOverlaysPath}: '{entry}'. Valid entries must start with '{requiredPrefix}'")
+        except yaml.YAMLError as exc:
+          raise RuntimeError(f"Error parsing {sasBasesOverlaysPath} as yaml") from exc
 
   def traverse(self, folder):
+    self.processSasBasesOverlays(folder)
+
     if os.path.exists(os.path.join(folder, "kustomization.yaml")) or os.path.exists(os.path.join(folder, "kustomization.yml")):
       kustomizefile = "kustomization.yaml" if os.path.exists(os.path.join(folder, "kustomization.yaml")) else "kustomization.yml"
       kustomizefilefullpath = os.path.join(folder, kustomizefile)